Proyecto en colaboración con OPASO

opaso.php 88KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309
  1. <?php
  2. /* Authors : Carlos C. Corrada-Bravo
  3. David J. Ortiz-Rivera
  4. Organization : Centro de Desarrollo y Consultoria Computacional
  5. Project : OPASO Material Registry
  6. File : opaso.php
  7. Description : Handle API requests for OPASO */
  8. /* display errors */
  9. error_reporting(E_ALL);
  10. ini_set("display_errors",1);
  11. /* opaso() - handle api requests for opaso */
  12. function opaso(){
  13. /* import database */
  14. require "../config/database.php";
  15. /* verify api call */
  16. if(isset($_POST["query"])){
  17. $error = false;
  18. $expired = false;
  19. $response = array();
  20. $q = $_POST["query"];
  21. /* verify user session */
  22. if($q != 1){
  23. if(session_expired()){
  24. $expired = true;
  25. $response["status"] = "expired";
  26. }
  27. }
  28. /* handle request */
  29. if(!$expired){
  30. switch($q){
  31. case 0: /* register user */
  32. /* verify args */
  33. if(isset($_POST["person_name"]) and isset($_POST["email"]) and isset($_POST["phone_number"])){
  34. $password = "n/a";
  35. $email = $_POST["email"];
  36. $person_name = $_POST["person_name"];
  37. $phone_number = $_POST["phone_number"];
  38. /* register user */
  39. if($_SESSION["access_level"] === "admin" or $_SESSION["access_level"] === "investigator"){
  40. $register = $db->prepare("INSERT INTO Person(person_name,email,password,phone) VALUES (?,?,?,?)");
  41. $register->bind_param("ssss",$person_name,$email,$password,$phone_number);
  42. /* extract id */
  43. if($register->execute()){
  44. $person_id = $db->insert_id;
  45. $response["status"] = "success";
  46. $response["person_id"] = $person_id;
  47. $response["message"] = "Person registered successfully";
  48. }
  49. /* query failed */
  50. else{
  51. $error = true;
  52. $message = "Registration failed, possible duplicate";
  53. }
  54. $register->close();
  55. }
  56. /* restricted access level */
  57. else{
  58. $error = true;
  59. $message = "Access not allowed";
  60. }
  61. }
  62. /* missing args */
  63. else{
  64. $error = true;
  65. $message = "One or more arguments missing";
  66. }
  67. break;
  68. case 1: /* log in user */
  69. /* verify args */
  70. if(isset($_POST["email"]) and isset($_POST["password"])){
  71. /* fetch hashed password and user data */
  72. $email = $_POST["email"];
  73. $password = $_POST["password"];
  74. $login = $db->prepare("SELECT person_id,person_name,password FROM Person WHERE email=?");
  75. $login->bind_param("s",$email);
  76. $login->execute();
  77. $login->bind_result($person_id,$person_name,$hashed_password);
  78. $login->store_result();
  79. $login->fetch();
  80. /* match password with hash */
  81. if(password_verify($password,$hashed_password)){
  82. /* fetch authorized laboratories */
  83. $authorized = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC");
  84. $authorized->bind_param("i",$person_id);
  85. $authorized->execute();
  86. $authorized->bind_result($lab_id,$lab_room,$access_level);
  87. /* initialize authorized array */
  88. start_session();
  89. $_SESSION["authorized"] = array();
  90. $access_level = "technician";
  91. $pi_flag = false;
  92. $admin_flag = false;
  93. /* fetch entries */
  94. while($authorized->fetch()){
  95. if($access_level == "investigator"){
  96. $pi_flag = true;
  97. }
  98. elseif($access_level == "admin"){
  99. $admin_flag = true;
  100. }
  101. $_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level);
  102. }
  103. /* set user data */
  104. $_SESSION["person_id"] = $person_id;
  105. $_SESSION["person_name"] = explode(" ",$person_name)[0];
  106. /* set highest access level */
  107. if($pi_flag){
  108. $access_level = "investigator";
  109. }
  110. elseif($admin_flag){
  111. $access_level = "admin";
  112. }
  113. $_SESSION["access_level"] = $access_level;
  114. $_SESSION["created"] = time();
  115. $_SESSION["last_activity"] = time();
  116. $login->close();
  117. $authorized->close();
  118. $response["status"] = "success";
  119. }
  120. /* passwords don't match */
  121. else{
  122. $error = true;
  123. $message = "Login failed";
  124. }
  125. }
  126. /* missing args */
  127. else{
  128. $error = true;
  129. $message = "One or more arguments missing";
  130. }
  131. break;
  132. case 2: /* get laboratories */
  133. /* fetch authorized laboratories */
  134. $auth = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC");
  135. $auth->bind_param("i",$_SESSION["person_id"]);
  136. $auth->execute();
  137. $auth->bind_result($lab_id,$lab_room,$access_level);
  138. /* initialize authorized array */
  139. start_session();
  140. $_SESSION["authorized"] = array();
  141. $pi_flag = false;
  142. $admin_flag = false;
  143. $access_level = "technician";
  144. $response["authorized"] = array();
  145. /* fetch entries */
  146. while($auth->fetch()){
  147. if($access_level == "investigator"){
  148. $pi_flag = true;
  149. }
  150. elseif($access_level == "admin"){
  151. $admin_flag = true;
  152. }
  153. $_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level);
  154. array_push($response["authorized"],array("lab_id" => $lab_id,"lab_room" => $lab_room, "access_level" => $access_level));
  155. }
  156. $auth->close();
  157. /* determine highest access level */
  158. if($pi_flag){
  159. $access_level = "investigator";
  160. }
  161. elseif($admin_flag){
  162. $access_level = "admin";
  163. }
  164. $_SESSION["access_level"] = $access_level;
  165. $response["status"] = "success";
  166. break;
  167. case 3: /* get laboratory inventory */
  168. /* verify args */
  169. if(isset($_POST["lab_id"])){
  170. /* match lab id with authorized labs */
  171. $lab_id = $_POST["lab_id"];
  172. if(array_key_exists($lab_id,$_SESSION["authorized"])){
  173. /* fetch lab inventory */
  174. $laboratory = $db->prepare("SELECT Material.mat_id,Manufacturer.man_id,Material.mat_name,Manufacturer.man_name,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location FROM Lab_Material INNER JOIN Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Lab_Material.man_id=Manufacturer.man_id WHERE Lab_Material.lab_id=? ORDER BY Material.mat_name,Lab_Material.capacity ASC");
  175. $laboratory->bind_param("i",$lab_id);
  176. $laboratory->execute();
  177. $laboratory->bind_result($mat_id,$man_id,$mat_name,$man_name,$capacity,$quantity,$total,$uom,$location);
  178. $laboratory->store_result();
  179. $response["lab"] = array();
  180. $response["lab"]["inventory"] = array();
  181. while($laboratory->fetch()){
  182. array_push($response["lab"]["inventory"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom,"location" => $location));
  183. }
  184. /* fetch lab personnel */
  185. $personnel = $db->prepare("SELECT Person.person_name,Authorized.access_level FROM Authorized INNER JOIN Person ON Person.person_id=Authorized.person_id WHERE Authorized.lab_id=? AND Authorized.access_level!='none' ORDER BY Authorized.access_level ASC");
  186. $personnel->bind_param("i",$lab_id);
  187. $personnel->execute();
  188. $personnel->bind_result($person_name,$access_level);
  189. $personnel->store_result();
  190. $response["lab"]["personnel"] = array();
  191. while($personnel->fetch()){
  192. array_push($response["lab"]["personnel"],array("person_name" => $person_name,"access_level" => $access_level));
  193. }
  194. $personnel->close();
  195. $laboratory->close();
  196. $response["status"] = "success";
  197. }
  198. /* lab not authorized */
  199. else{
  200. $error = true;
  201. $message = "Laboratory not authorized";
  202. }
  203. }
  204. /* missing args */
  205. else{
  206. $error = true;
  207. $message = "One or more arguments missing";
  208. }
  209. break;
  210. case 4: /* get lab inventory */
  211. /* verify args */
  212. if(isset($_POST["lab_id"])){
  213. /* match lab id with authorized labs */
  214. $lab_id = $_POST["lab_id"];
  215. if(array_key_exists($lab_id,$_SESSION["authorized"])){
  216. /* fetch lab inventory */
  217. $inventory = $db->prepare("SELECT Material.mat_id,Manufacturer.man_id,Material.mat_name,Material.cas,Manufacturer.man_name,Material_Manufacturer.sds,Material.state,Material.type,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location FROM (Lab_Material INNER JOIN Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Lab_Material.man_id=Manufacturer.man_id INNER JOIN Material_Manufacturer ON Lab_Material.mat_id=Material_Manufacturer.mat_id AND Lab_Material.man_id=Material_Manufacturer.man_id) WHERE Lab_Material.lab_id=? ORDER BY Material.mat_name,Lab_Material.capacity ASC");
  218. $inventory->bind_param("i",$lab_id);
  219. $inventory->execute();
  220. $inventory->bind_result($mat_id,$man_id,$mat_name,$cas,$man_name,$sds,$state,$type,$capacity,$quantity,$total,$uom,$location);
  221. $inventory->store_result();
  222. $response["lab"] = array();
  223. $response["lab"]["inventory"] = array();
  224. $hazard = $db->prepare("SELECT Material_Hazard.code,Hazard.description FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.lab_id=? AND Lab_Material.man_id=? GROUP BY Material_Hazard.code,Hazard.description ORDER BY Material_Hazard.code ASC");
  225. /* fetch hazard data */
  226. while($inventory->fetch()){
  227. $hazard->bind_param("idii",$mat_id,$capacity,$lab_id,$man_id);
  228. $hazard->execute();
  229. $hazard->bind_result($ghs,$description);
  230. $hazard->store_result();
  231. $full_ghs = array();
  232. $full_description = array();
  233. /* fetch hazard details */
  234. while($hazard->fetch()){
  235. if(!(array_search($ghs,$full_ghs))){
  236. array_push($full_ghs,$ghs);
  237. array_push($full_description,$description);
  238. }
  239. }
  240. array_push($response["lab"]["inventory"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"cas" => $cas,"sds" => urlencode($sds),"ghs" => implode(",",$full_ghs),"state" => $state,"type" => $type,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom,"location" => $location));
  241. }
  242. $inventory->close();
  243. $response["status"] = "success";
  244. }
  245. /* lab not authorized */
  246. else{
  247. $error = true;
  248. $message = "Laboratory not authorized";
  249. }
  250. }
  251. /* missing args */
  252. else{
  253. $error = true;
  254. $message = "One or more arguments missing";
  255. }
  256. break;
  257. case 5: /* edit cell*/
  258. /* verify args */
  259. if(isset($_POST["lab_id"]) and isset($_POST["field"]) and isset($_POST["data"])){
  260. $amount = 0;
  261. $field = $_POST["field"];
  262. $lab_id = $_POST["lab_id"];
  263. $data = json_decode($_POST["data"],true);
  264. if($field === "man_name"){
  265. $transaction = "edit manufacturer";
  266. }
  267. elseif($field === "mat_name"){
  268. $transaction = "edit material";
  269. }
  270. else{
  271. $transaction = "edit " . $field;
  272. }
  273. /* match lab id with authorized labs */
  274. if(array_key_exists($lab_id,$_SESSION["authorized"])){
  275. switch($field){
  276. case "mat_name": /* update material name */
  277. $update = $db->prepare("UPDATE Material SET mat_name=? WHERE mat_id=?");
  278. $update->bind_param("si",$data["mat_name"],$data["mat_id"]);
  279. if(!$update->execute()){
  280. $error = true;
  281. $message = "Update failed";
  282. }
  283. $update->close();
  284. break;
  285. case "man_name": /* update manufacturer name */
  286. $update = $db->prepare("UPDATE Manufacturer SET man_name=? WHERE man_id=?");
  287. $update->bind_param("si",$data["man_name"],$data["man_id"]);
  288. if(!$update->execute()){
  289. $error = true;
  290. $message = "Update failed";
  291. }
  292. $update->close();
  293. break;
  294. case "cas": /* update material cas num */
  295. $update = $db->prepare("UPDATE Material SET cas=? WHERE mat_id=?");
  296. $update->bind_param("si",$data["cas"],$data["mat_id"]);
  297. if(!$update->execute()){
  298. $error = true;
  299. $message = "Update failed";
  300. }
  301. $update->close();
  302. break;
  303. case "sds": /* update material sds */
  304. $update = $db->prepare("UPDATE Material_Manufacturer SET sds=? WHERE mat_id=? AND man_id=?");
  305. $update->bind_param("sii",$data["sds"],$data["mat_id"],$data["man_id"]);
  306. if(!$update->execute()){
  307. $error = true;
  308. $message = "Update failed";
  309. }
  310. $update->close();
  311. break;
  312. case "ghs": /* update ghs */
  313. $delete = $db->prepare("DELETE FROM Material_Hazard WHERE mat_id=?");
  314. $delete->bind_param("i",$data["mat_id"]);
  315. if(!$delete->execute()){
  316. $error = true;
  317. $message = "Update failed";
  318. }
  319. else{
  320. $insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");
  321. $ghs = explode(",",$data["ghs"]);
  322. for($i = 0; $i < sizeof($ghs); $i++){
  323. if($ghs[$i]){
  324. $insert->bind_param("is",$data["mat_id"],$ghs[$i]);
  325. if(!$insert->execute()){
  326. $insert_ghs = $db->prepare("INSERT INTO Hazard(code) VALUES(?)");
  327. $insert_ghs->bind_param("s",$ghs[$i]);
  328. if(!$insert_ghs->execute()){
  329. $error = true;
  330. $message = "Update failed";
  331. break;
  332. }
  333. else{
  334. $insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");
  335. $insert->bind_param("is",$data["mat_id"],$ghs[$i]);
  336. if(!$insert->execute()){
  337. $error = true;
  338. $message = "Update failed";
  339. break;
  340. }
  341. }
  342. }
  343. }
  344. }
  345. $insert->close();
  346. }
  347. $delete->close();
  348. break;
  349. case "state":
  350. $update = $db->prepare("UPDATE Material SET state=? WHERE mat_id=?");
  351. $update->bind_param("si",$data["state"],$data["mat_id"]);
  352. if(!$update->execute()){
  353. $error = true;
  354. $message = "Update failed";
  355. }
  356. $update->close();
  357. break;
  358. case "location":
  359. $update = $db->prepare("UPDATE Lab_Material SET location=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
  360. $update->bind_param("siiids",$data["location"],$data["mat_id"],$lab_id,$data["man_id"],$data["capacity"],$data["uom"]);
  361. if(!$update->execute()){
  362. $error = true;
  363. $message = "Update failed";
  364. }
  365. $update->close();
  366. break;
  367. case "type":
  368. $update = $db->prepare("UPDATE Material SET type=? WHERE mat_id=?");
  369. $update->bind_param("si",$data["type"],$data["mat_id"]);
  370. if(!$update->execute()){
  371. $error = true;
  372. $message = "Update failed";
  373. }
  374. $update->close();
  375. break;
  376. case "capacity":
  377. $update = $db->prepare("UPDATE Lab_Material SET capacity=?,quantity=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
  378. $update->bind_param("diiiids",$data["new_capacity"],$data["quantity"],$data["mat_id"],$lab_id,$data["man_id"],$data["prev_capacity"],$data["uom"]);
  379. if(!$update->execute()){
  380. $error = true;
  381. $message = "Update failed";
  382. }
  383. $update->close();
  384. break;
  385. case "quantity": /* update quantity */
  386. case "total": /* update total */
  387. $update = $db->prepare("UPDATE Lab_Material SET total=?,quantity=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
  388. $update->bind_param("diiiids",$data["total"],$data["quantity"],$data["mat_id"],$lab_id,$data["man_id"],$data["capacity"],$data["uom"]);
  389. $amount = $data["total"];
  390. if(!$update->execute()){
  391. $error = true;
  392. $message = "Update failed";
  393. }
  394. $update->close();
  395. break;
  396. case "uom": /* update uom */
  397. $update = $db->prepare("UPDATE Material SET uom=? WHERE mat_id=? AND uom=?");
  398. $update->bind_param("sis",$data["new_uom"],$data["mat_id"],$data["prev_uom"]);
  399. if(!$update->execute()){
  400. $error = true;
  401. $message = $update->error;
  402. }
  403. else{
  404. $update = $db->prepare("UPDATE Lab_Material SET uom=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
  405. $update->bind_param("siiids",$data["new_uom"],$data["mat_id"],$lab_id,$data["man_id"],$data["capacity"],$data["prev_uom"]);
  406. if(!$update->execute()){
  407. $error = true;
  408. $message = "Material update failed";
  409. }
  410. }
  411. $update->close();
  412. break;
  413. default:
  414. $error = true;
  415. $message = "Incorrect field query";
  416. break;
  417. }
  418. /* record transaction */
  419. if(!$error){
  420. $timestamp = date("Y-m-d H:i:s");
  421. $insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");
  422. $insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$data["mat_id"],$data["man_id"],$data["capacity"],$lab_id,$amount,$data["uom"]);
  423. if($insert->execute()){
  424. $response["status"] = "success";
  425. $response["message"] = "Field updated successfully";
  426. }
  427. /* transaction failed */
  428. else{
  429. $error = true;
  430. $message = "Field update failed";;
  431. }
  432. $insert->close();
  433. }
  434. }
  435. /* lab not authorized */
  436. else{
  437. $error = true;
  438. $message = "Laboratory not authorized";
  439. }
  440. }
  441. /* missing args */
  442. else{
  443. $error = true;
  444. $message = "One or more arguments missing";
  445. }
  446. break;
  447. case 6: /* edit row */
  448. /* verify args */
  449. if(isset($_POST["lab_id"]) and isset($_POST["mat_id"]) and isset($_POST["man_id"]) and isset($_POST["uom"]) and isset($_POST["capacity"]) and isset($_POST["data"])){
  450. $lab_id = $_POST["lab_id"];
  451. $mat_id = $_POST["mat_id"];
  452. $man_id = $_POST["man_id"];
  453. $uom = $_POST["uom"];
  454. $transaction = "edit";
  455. $capacity = $_POST["capacity"];
  456. $data = json_decode($_POST["data"],true);
  457. $total = $data["capacity"] * $data["quantity"];
  458. /* match lab id with authorized labs */
  459. if(array_key_exists($lab_id,$_SESSION["authorized"])){
  460. $material = $db->prepare("UPDATE Material SET mat_name=?,cas=?,state=?,type=?,uom=? WHERE mat_id=? AND uom=?");
  461. $material->bind_param("sssssis",$data["mat_name"],$data["cas"],$data["state"],$data["type"],$data["uom"],$mat_id,$uom);
  462. if(!$material->execute()){
  463. $error = true;
  464. $message = "Material update failed";
  465. }
  466. $material->close();
  467. $manufacturer = $db->prepare("UPDATE Manufacturer SET man_name=? WHERE man_id=?");
  468. $manufacturer->bind_param("si",$data["man_name"],$man_id);
  469. if(!$manufacturer->execute() and !$error){
  470. $error = true;
  471. $message = "Manufacturer update failed";
  472. }
  473. $manufacturer->close();
  474. $update = $db->prepare("UPDATE Material_Manufacturer SET sds=? WHERE mat_id=? AND man_id=?");
  475. $update->bind_param("sii",$data["sds"],$mat_id,$man_id);
  476. if(!$update->execute() and !$error){
  477. $error = true;
  478. $message = "Update failed";
  479. }
  480. $update->close();
  481. $delete = $db->prepare("DELETE FROM Material_Hazard WHERE mat_id=?");
  482. $delete->bind_param("i",$mat_id);
  483. if(!$delete->execute() and !$error){
  484. $error = true;
  485. $message = "GHS update failed";
  486. }
  487. else{
  488. $insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");
  489. $ghs = explode(",",$data["ghs"]);
  490. for($i = 0; $i < sizeof($ghs); $i++){
  491. if($ghs[$i]){
  492. $insert->bind_param("is",$mat_id,$ghs[$i]);
  493. if(!$insert->execute() and !$error){
  494. $insert_ghs = $db->prepare("INSERT INTO Hazard(code) VALUES(?)");
  495. $insert_ghs->bind_param("s",$ghs[$i]);
  496. if(!$insert_ghs->execute() and !$error){
  497. $error = true;
  498. $message = "GHS update failed";
  499. break;
  500. }
  501. else{
  502. $insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");
  503. $insert->bind_param("is",$mat_id,$ghs[$i]);
  504. if(!$insert->execute()){
  505. $error = true;
  506. $message = "GHS update failed";
  507. break;
  508. }
  509. }
  510. }
  511. }
  512. }
  513. }
  514. $delete->close();
  515. $insert->close();
  516. $update = $db->prepare("UPDATE Lab_Material SET capacity=?,quantity=?,total=?,location=?,uom=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
  517. $update->bind_param("didssiiids",$data["capacity"],$data["quantity"],$total,$data["location"],$data["uom"],$mat_id,$lab_id,$man_id,$capacity,$uom);
  518. if(!$update->execute() and !$error){
  519. $error = true;
  520. $message = "Material update failed";
  521. }
  522. $update->close();
  523. /* record transaction */
  524. if(!$error){
  525. $timestamp = date("Y-m-d H:i:s");
  526. $insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");
  527. $insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$total,$uom);
  528. if($insert->execute()){
  529. $response["status"] = "success";
  530. $response["message"] = "Entry updated successfully";
  531. }
  532. /* transaction failed */
  533. else{
  534. $error = true;
  535. $message = "Entry update failed";;
  536. }
  537. $insert->close();
  538. }
  539. }
  540. /* lab not authorized */
  541. else{
  542. $error = true;
  543. $message = "Laboratory not authorized";
  544. }
  545. }
  546. /* missing args */
  547. else{
  548. $error = true;
  549. $message = "One or more arguments missing";
  550. }
  551. break;
  552. case 8: /* delete row */
  553. /* verify args */
  554. if(isset($_POST["lab_id"]) and isset($_POST["data"])){
  555. $lab_id = $_POST["lab_id"];
  556. $data = json_decode($_POST["data"],true);
  557. $uom = $data["uom"];
  558. $amount = $data["total"];
  559. $transaction = "delete";
  560. $capacity = $data["capacity"];
  561. $mat_id = $data["material"]["mat_id"];
  562. $man_id = $data["manufacturer"]["man_id"];
  563. /* match lab id with authorized labs */
  564. if(array_key_exists($lab_id,$_SESSION["authorized"])){
  565. $delete = $db->prepare("DELETE FROM Lab_Material WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
  566. $delete->bind_param("iiids",$mat_id,$lab_id,$man_id,$capacity,$uom);
  567. /* record transaction */
  568. if($delete->execute()){
  569. $timestamp = date("Y-m-d H:i:s");
  570. $insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");
  571. $insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$amount,$uom);
  572. if($insert->execute()){
  573. $response["status"] = "success";
  574. $response["message"] = "Entry deleted successfully";
  575. }
  576. /* transaction failed */
  577. else{
  578. $error = true;
  579. $message = "Material delete failed";
  580. }
  581. $delete->close();
  582. }
  583. /* query failed */
  584. else{
  585. $error = true;
  586. $message = "Material delete failed";
  587. }
  588. }
  589. /* lab not authorized */
  590. else{
  591. $error = true;
  592. $message = "Laboratory not authorized";
  593. }
  594. }
  595. /* missing args */
  596. else{
  597. $error = true;
  598. $message = "One or more arguments missing";
  599. }
  600. break;
  601. case 9: /* material transaction */
  602. /* verify args */
  603. if(isset($_POST["lab_id"]) and isset($_POST["mat_id"]) and isset($_POST["capacity"]) and isset($_POST["transaction"]) and isset($_POST["man_id"]) and isset($_POST["total"]) and isset($_POST["amount"]) and isset($_POST["uom"])){
  604. $flag = false;
  605. $lab_id = $_POST["lab_id"];
  606. $mat_id = $_POST["mat_id"];
  607. $capacity = $_POST["capacity"];
  608. $transaction = $_POST["transaction"];
  609. $total = $_POST["total"];
  610. $uom = $_POST["uom"];
  611. $man_id = $_POST["man_id"];
  612. $amount = $_POST["amount"];
  613. $delete = false;
  614. /* match lab id with authorized labs */
  615. if(array_key_exists($lab_id,$_SESSION["authorized"])){
  616. /* update total amount */
  617. if($total > 0){
  618. $containers = ceil($total/$capacity);
  619. $update = $db->prepare("UPDATE Lab_Material SET total=?,quantity=? WHERE mat_id=? AND man_id=? AND lab_id=? AND capacity=? AND uom=?");
  620. $update->bind_param("diiiids",$total,$containers,$mat_id,$man_id,$lab_id,$capacity,$uom);
  621. if($update->execute()){
  622. $update->close();
  623. $flag = true;
  624. }
  625. /* transaction failed */
  626. else{
  627. $error = true;
  628. $message = "Transaction failed";
  629. }
  630. }
  631. /* material consumed, remove entry */
  632. else{
  633. $flag = true;
  634. $delete = true;
  635. }
  636. /* record transaction */
  637. if($flag){
  638. $timestamp = date("Y-m-d H:i:s");
  639. $insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");
  640. $insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$amount,$uom);
  641. if($insert->execute()){
  642. if($transaction === "offer"){
  643. $offered_insert = $db->prepare("INSERT INTO Offered_Material(person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?)");
  644. $offered_insert->bind_param("isiidids",$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$amount,$uom);
  645. if($offered_insert->execute()){
  646. $response["status"] = "success";
  647. $response["message"] = "Transaction completed successfully";
  648. }
  649. else{
  650. $error = true;
  651. $message = "Insertion into Offered Materials failed";
  652. }
  653. $offered_insert->close();
  654. }
  655. else{
  656. $response["status"] = "success";
  657. $response["message"] = "Transaction completed successfully";
  658. }
  659. if($delete){
  660. $delete = $db->prepare("DELETE FROM Lab_Material WHERE mat_id=? AND man_id=? AND lab_id=? AND capacity=? AND uom=?");
  661. $delete->bind_param("iiids",$mat_id,$man_id,$lab_id,$capacity,$uom);
  662. if($delete->execute()){
  663. $response["status"] = "success";
  664. $response["message"] = "Transaction completed successfully";
  665. }
  666. /* delete failed */
  667. else{
  668. $error = true;
  669. $message = "Material removal failed";
  670. }
  671. $delete->close();
  672. }
  673. }
  674. /* transaction failed */
  675. else{
  676. $error = true;
  677. $message ="Transaction failed";
  678. }
  679. $insert->close();
  680. }
  681. /* initial transaction failed */
  682. else{
  683. $error = true;
  684. $message = "Transaction failed";
  685. }
  686. }
  687. /* lab not authorized */
  688. else{
  689. $error = true;
  690. $message = "Laboratory not authorized";
  691. }
  692. }
  693. /* missing args */
  694. else{
  695. $error = true;
  696. $message = "One or more arguments missing";
  697. }
  698. break;
  699. case 10: /* insert material */
  700. /* verify args */
  701. if(isset($_POST["lab_id"]) and isset($_POST["data"])){
  702. $flag = false;
  703. $lab_id = $_POST["lab_id"];
  704. $data = json_decode($_POST["data"],true);
  705. $capacity = $data["capacity"];
  706. $mat_name = $data["mat_name"];
  707. $total = $data["quantity"] * $capacity;
  708. $uom = $data["uom"];
  709. $man_name = $data["man_name"];
  710. /* match lab id with authorized labs */
  711. if(array_key_exists($lab_id,$_SESSION["authorized"])){
  712. /* verify if manufacturer already exists */
  713. $manufacturer = $db->prepare("SELECT man_id FROM Manufacturer WHERE man_name=?");
  714. $manufacturer->bind_param("s",$man_name);
  715. $manufacturer->execute();
  716. $manufacturer->store_result();
  717. $manufacturer->bind_result($man_id);
  718. if($manufacturer->num_rows > 0){
  719. $manufacturer->fetch();
  720. }
  721. /* insert manufacturer */
  722. else{
  723. $insert = $db->prepare("INSERT INTO Manufacturer(man_name) VALUES (?)");
  724. $insert->bind_param("s",$man_name);
  725. if($insert->execute()){
  726. $man_id = $db->insert_id;
  727. }
  728. /* insert failed */
  729. else{
  730. $error = true;
  731. $message = "Manufacturer insert failed";
  732. }
  733. $insert->close();
  734. }
  735. $manufacturer->close();
  736. if($man_id){
  737. /* verify if material already exists */
  738. $material = $db->prepare("SELECT mat_id FROM Material WHERE mat_name=? AND uom=?");
  739. $material->bind_param("ss",$mat_name,$uom);
  740. $material->execute();
  741. $material->bind_result($mat_id);
  742. $material->store_result();
  743. if($material->num_rows > 0){
  744. $material->fetch();
  745. }
  746. /* insert material */
  747. else{
  748. $insert = $db->prepare("INSERT INTO Material(mat_name,cas,state,type,uom) VALUES (?,?,?,?,?)");
  749. $insert->bind_param("sssss",$mat_name,$data["cas"],$data["state"],$data["type"],$uom);
  750. if($insert->execute()){
  751. $mat_id = $db->insert_id;
  752. }
  753. /* material insert failed */
  754. else{
  755. $error = true;
  756. $message = "Material insert failed";
  757. }
  758. $insert->close();
  759. }
  760. $material->close();
  761. }
  762. /* match material and manufacturer */
  763. if($man_id and $mat_id and !$error){
  764. $mat_man = $db->prepare("INSERT INTO Material_Manufacturer(mat_id,man_id,sds) VALUES (?,?,?)");
  765. $mat_man->bind_param("iis",$mat_id,$man_id,$data["sds"]);
  766. if($mat_man->execute()){
  767. }
  768. else{
  769. $mat_man = $db->prepare("SELECT mat_id FROM Material_Manufacturer WHERE mat_id=? AND man_id=?");
  770. $mat_man->bind_param("ii",$mat_id,$man_id);
  771. $mat_man->execute();
  772. $mat_man->bind_result($mat_id);
  773. $mat_man->store_result();
  774. if($mat_man->num_rows > 0){
  775. }
  776. /* match failed */
  777. else{
  778. $error = true;
  779. $message = "Material/Manufacturer match failed";
  780. }
  781. }
  782. $mat_man->close();
  783. /* match material and hazard */
  784. if(!$error){
  785. $delete = $db->prepare("DELETE FROM Material_Hazard WHERE mat_id=?");
  786. $delete->bind_param("i",$data["mat_id"]);
  787. if(!$delete->execute()){
  788. $error = true;
  789. $message = "Material/Hazard match failedj";
  790. }
  791. else{
  792. $insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");
  793. $ghs = explode(",",$data["ghs"]);
  794. for($i = 0; $i < sizeof($ghs); $i++){
  795. if($ghs[$i]){
  796. $insert->bind_param("is",$mat_id,$ghs[$i]);
  797. if(!$insert->execute()){
  798. $insert_ghs = $db->prepare("INSERT INTO Hazard(code) VALUES(?)");
  799. $insert_ghs->bind_param("s",$ghs[$i]);
  800. if(!$insert_ghs->execute()){
  801. $insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");
  802. $insert->bind_param("is",$mat_id,$ghs[$i]);
  803. if(!$insert->execute()){
  804. $error = true;
  805. $message = "Material/Hazard match failedjh";
  806. break;
  807. }
  808. }
  809. }
  810. }
  811. }
  812. $insert->close();
  813. }
  814. $delete->close();
  815. }
  816. /* match material and lab material */
  817. if(!$error){
  818. $lab = $db->prepare("SELECT total FROM Lab_Material WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
  819. $lab->bind_param("iiids",$mat_id,$lab_id,$man_id,$capacity,$uom);
  820. $lab->execute();
  821. $lab->bind_result($new_total);
  822. $lab->store_result();
  823. /* update total amount */
  824. if($lab->num_rows > 0){
  825. $lab->fetch();
  826. $lab->close();
  827. $new_total += $total;
  828. $containers = ceil($new_total/$capacity);
  829. $update = $db->prepare("UPDATE Lab_Material SET total=?,quantity=? WHERE mat_id=? AND man_id=? AND lab_id=? AND capacity=? AND uom=?");
  830. $update->bind_param("diiiids",$new_total,$containers,$mat_id,$man_id,$lab_id,$capacity,$uom);
  831. if(!$update->execute()){
  832. $error = true;
  833. $message = "Amount update failed";
  834. }
  835. $update->close();
  836. }
  837. /* create new entry */
  838. else{
  839. $lab_mat = $db->prepare("INSERT INTO Lab_Material(lab_id,mat_id,capacity,quantity,total,location,uom,man_id) VALUES (?,?,?,?,?,?,?,?)");
  840. $lab_mat->bind_param("iididssi",$lab_id,$mat_id,$capacity,$data["quantity"],$total,$data["location"],$uom,$man_id);
  841. if($lab_mat->execute()){
  842. $flag = true;
  843. }
  844. /* transaction failed */
  845. else{
  846. $error = true;
  847. $message = "Transaction failed";
  848. }
  849. $lab_mat->close();
  850. }
  851. }
  852. }
  853. /* record transaction */
  854. if(!$error){
  855. $timestamp = date("Y-m-d H:i:s");
  856. $insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");
  857. $transaction = "add";
  858. $insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$data["total"],$uom);
  859. if($insert->execute()){
  860. $response["mat_id"] = $mat_id;
  861. $response["man_id"] = $man_id;
  862. $response["status"] = "success";
  863. $response["message"] = "Material added successfully";
  864. }
  865. /* transaction failed */
  866. else{
  867. $error = true;
  868. $message = "Transaction failed";
  869. }
  870. $insert->close();
  871. }
  872. }
  873. /* lab not authorized */
  874. else{
  875. $error = true;
  876. $message = "Laboratory not authorized";
  877. }
  878. }
  879. /* missing args */
  880. else{
  881. $error = true;
  882. $message = "One or more arguments missing";
  883. }
  884. break;
  885. case 11: /* log out user */
  886. /* unset session variables and destroy session */
  887. unset($_SESSION);
  888. session_destroy();
  889. $_SESSION = array();
  890. $response["status"] = "success";
  891. break;
  892. case 12: /* fetch material details */
  893. /* verify args */
  894. if(isset($_POST["lab_id"]) and isset($_POST["mat_id"]) and isset($_POST["man_id"]) and isset($_POST["capacity"]) and isset($_POST["uom"])){
  895. $lab_id = $_POST["lab_id"];
  896. $mat_id = $_POST["mat_id"];
  897. $man_id = $_POST["man_id"];
  898. $capacity = $_POST["capacity"];
  899. $uom = $_POST["uom"];
  900. /* match lab id with authorized labs */
  901. if(array_key_exists($lab_id,$_SESSION["authorized"])){
  902. $material = $db->prepare("SELECT Material.cas,Material.state,Material.type,Material_Manufacturer.sds FROM Material INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id LEFT JOIN Material_Manufacturer ON Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id WHERE Lab_Material.lab_id=? AND Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.man_id=? AND Lab_Material.uom=?");
  903. $material->bind_param("iidis",$lab_id,$mat_id,$capacity,$man_id,$uom);
  904. $material->execute();
  905. $material->bind_result($cas,$state,$type,$sds);
  906. $material->store_result();
  907. $hazard = $db->prepare("SELECT DISTINCT(Material_Hazard.code) FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.lab_id=? AND Lab_Material.man_id=? AND Lab_Material.uom=? ORDER BY Material_Hazard.code ASC");
  908. /* fetch material details */
  909. $response["material"] = array();
  910. if($material->num_rows > 0){
  911. while($material->fetch()){
  912. $hazard->bind_param("idiis",$mat_id,$capacity,$lab_id,$man_id,$uom);
  913. $hazard->execute();
  914. $hazard->bind_result($ghs);
  915. $hazard->store_result();
  916. $full_ghs = array();
  917. $full_description = array();
  918. /* fetch hazard details */
  919. while($hazard->fetch()){
  920. if(!(array_search($ghs,$full_ghs))){
  921. array_push($full_ghs,$ghs);
  922. }
  923. }
  924. $response["material"] = array("cas" => $cas,"ghs" => implode(",",$full_ghs),"state" => $state,"type" => $type,"sds" => urlencode($sds));
  925. }
  926. $material->close();
  927. $response["status"] = "success";
  928. }
  929. /* empty query */
  930. else{
  931. $error = true;
  932. $message = "Material not found";
  933. }
  934. }
  935. /* lab not authorized */
  936. else{
  937. $error = true;
  938. $message = "Laboratory not authorized";
  939. }
  940. }
  941. /* missing args */
  942. else{
  943. $error = true;
  944. $message = "One or more arguments missing";
  945. }
  946. break;
  947. case 13: /* fetch personnel */
  948. $personnel = $db->prepare("SELECT person_id,person_name FROM Person ORDER BY person_name ASC");
  949. $personnel->execute();
  950. $personnel->bind_result($person_id,$person_name);
  951. $personnel->store_result();
  952. $response["personnel"] = array();
  953. /* fetch entries */
  954. while($personnel->fetch()){
  955. array_push($response["personnel"],array("person_id" => $person_id,"person_name" => $person_name));
  956. }
  957. $personnel->close();
  958. $response["status"] = "success";
  959. break;
  960. case 14: /* add lab */
  961. /* verify args */
  962. if(isset($_POST["lab_name"]) and isset($_POST["lab_room"]) and isset($_POST["department"]) and isset($_POST["building"]) and isset($_POST["extension"]) and isset($_POST["pi"])){
  963. $lab_name = $_POST["lab_name"];
  964. $lab_room = $_POST["lab_room"];
  965. $department = $_POST["department"];
  966. $building = $_POST["building"];
  967. $extension = $_POST["extension"];
  968. $pi = $_POST["pi"];
  969. $access_level = "investigator";
  970. /* admins */
  971. if($_SESSION["access_level"] == "admin"){
  972. /* */
  973. $add_laboratory = $db->prepare("INSERT INTO Laboratory(lab_room,department,building,extension,pi,cho,lab_name) VALUES (?,?,?,?,?,?,?)");
  974. $add_laboratory->bind_param("sssiiis",$lab_room,$department,$building,$extension,$pi,$pi,$lab_name);
  975. /* extract id */
  976. if($add_laboratory->execute()){
  977. $lab_id = $add_laboratory->insert_id;
  978. /* authorize pi */
  979. $auth = $db->prepare("INSERT INTO Authorized(person_id,lab_id,access_level) VALUES (?,?,?)");
  980. $auth->bind_param("iis",$pi,$lab_id,$access_level);
  981. if($auth->execute()){
  982. $admins = [75,76];
  983. $access_level = "admin";
  984. foreach($admins as $key => $admin){
  985. $auth->bind_param("iis",$admin,$lab_id,$access_level);
  986. if(!($auth->execute())){
  987. $error = true;
  988. $message = "Access level not granted";
  989. break;
  990. }
  991. }
  992. $response["lab_id"] = $lab_id;
  993. $_SESSION["authorized"][$lab_id] = array("lab_name" => $lab_name, "access_level" => $_SESSION["access_level"]);
  994. $response["status"] = "success";
  995. $response["message"] = "Laboratory created successfully";
  996. }
  997. /* access level not granted */
  998. else{
  999. $error = true;
  1000. $message = "Access level not granted";
  1001. }
  1002. $auth->close();
  1003. }
  1004. /* query failed */
  1005. else{
  1006. $error = true;
  1007. $message = "Laboratory creation failed";
  1008. }
  1009. $add_laboratory->close();
  1010. }
  1011. /* restricted access level */
  1012. else{
  1013. $error = true;
  1014. $message = "Action not allowed";
  1015. }
  1016. }
  1017. /* missing args */
  1018. else{
  1019. $error = true;
  1020. $message = "One or more arguments missing";
  1021. }
  1022. break;
  1023. case 15: /* fetch personnel/access levels */
  1024. if($_SESSION["access_level"] == "admin" or $_SESSION["access_level"] == "investigator"){
  1025. $personnel = $db->prepare("SELECT person_id,person_name FROM Person WHERE person_id!=? AND person_id!=75 AND person_id!=76 ORDER BY person_name ASC");
  1026. $personnel->bind_param("i",$_SESSION["person_id"]);
  1027. $personnel->execute();
  1028. $personnel->bind_result($person_id,$person_name);
  1029. $personnel->store_result();
  1030. /* generate personnel array */
  1031. $response["personnel"] = array();
  1032. while($personnel->fetch()){
  1033. array_push($response["personnel"],array("person_id" => $person_id,"person_name" => $person_name));
  1034. }
  1035. $personnel->close();
  1036. $access = $db->prepare("SELECT Person.person_id,Person.person_name,Laboratory.lab_room,Laboratory.lab_id,Authorized.access_level FROM Person INNER JOIN Authorized ON Person.person_id=Authorized.person_id INNER JOIN Laboratory ON Laboratory.lab_id=Authorized.lab_id WHERE Person.person_id!=? AND Authorized.access_level!='admin' AND Authorized.access_level!='none' ORDER BY person_name ASC");
  1037. $access->bind_param("i",$_SESSION["person_id"]);
  1038. $access->execute();
  1039. $access->bind_result($person_id,$person_name,$lab_room,$lab_id,$access_level);
  1040. $access->store_result();
  1041. /* generate access levels array */
  1042. $response["access_levels"] = array();
  1043. while($access->fetch()){
  1044. $response["access_levels"][$person_id][$lab_id] = array("lab_room" => $lab_room,"access_level" => $access_level);
  1045. }
  1046. $access->close();
  1047. /* extract authorized laboratories */
  1048. $auth = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC");
  1049. $auth->bind_param("i",$_SESSION["person_id"]);
  1050. $auth->execute();
  1051. $auth->bind_result($lab_id,$lab_room,$access_level);
  1052. /* generate authorized arrays */
  1053. $response["labs"] = array();
  1054. $_SESSION["authorized"] = array();
  1055. $response["authorized"] = array();
  1056. while($auth->fetch()){
  1057. array_push($response["labs"],array("lab_id" => $lab_id,"lab_room" => $lab_room));
  1058. $_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level);
  1059. $response["authorized"][$lab_id] = array("lab_room" => $lab_room,"access_level" => $access_level);
  1060. }
  1061. $auth->close();
  1062. $response["status"] = "success";
  1063. }
  1064. /* restricted access level */
  1065. else{
  1066. $error = true;
  1067. $message = "Access denied";
  1068. }
  1069. break;
  1070. case 16: /* update access level */
  1071. /* verify args */
  1072. if(isset($_POST["lab_id"]) and isset($_POST["person_id"]) and isset($_POST["access_level"]) and isset($_POST["action"])){
  1073. $lab_id = $_POST["lab_id"];
  1074. $person_id = $_POST["person_id"];
  1075. $access_level = $_POST["access_level"];
  1076. $action = $_POST["action"];
  1077. /* register user */
  1078. if($_SESSION["access_level"] == "admin" or $_SESSION["access_level"] == "investigator"){
  1079. if($action == "authorize"){
  1080. $insert = $db->prepare("INSERT INTO Authorized(person_id,lab_id,access_level) VALUES (?,?,?)");
  1081. $insert->bind_param("iis",$person_id,$lab_id,$access_level);
  1082. if($insert->execute()){
  1083. $response["status"] = "success";
  1084. $response["message"] = "Access level granted";
  1085. }
  1086. /* insert failed */
  1087. else{
  1088. /* match lab id with authorized labs */
  1089. if(array_key_exists($lab_id,$_SESSION["authorized"])){
  1090. $flag = false;
  1091. if($_SESSION["access_level"] != "admin"){
  1092. $select = $db->prepare("SELECT pi FROM Laboratory WHERE lab_id=?");
  1093. $select->bind_param("i",$lab_id);
  1094. $select->execute();
  1095. $select->bind_result($pi);
  1096. $select->store_result();
  1097. $select->fetch();
  1098. if($pi == $person_id){
  1099. $error = true;
  1100. $flag = true;
  1101. $message = "Access level not updated";
  1102. }
  1103. $select->close();
  1104. }
  1105. if(!$flag){
  1106. $update = $db->prepare("UPDATE Authorized SET access_level=? WHERE person_id=? AND lab_id=?");
  1107. $update->bind_param("sii",$access_level,$person_id,$lab_id);
  1108. if($update->execute()){
  1109. $response["status"] = "success";
  1110. $response["message"] = "Access level updated";
  1111. }
  1112. /* update failed */
  1113. else{
  1114. $error = true;
  1115. $message = "Access level not updated";
  1116. }
  1117. $update->close();
  1118. }
  1119. }
  1120. /* lab not authorized */
  1121. else{
  1122. $error = true;
  1123. $message = "Action not allowed";
  1124. }
  1125. }
  1126. $insert->close();
  1127. }
  1128. /* restrict */
  1129. else{
  1130. /* match lab id with authorized labs */
  1131. if(array_key_exists($lab_id,$_SESSION["authorized"])){
  1132. $flag = false;
  1133. if($_SESSION["access_level"] != "admin"){
  1134. $select = $db->prepare("SELECT pi FROM Laboratory WHERE lab_id=?");
  1135. $select->bind_param("i",$lab_id);
  1136. $select->execute();
  1137. $select->bind_result($pi);
  1138. $select->store_result();
  1139. $select->fetch();
  1140. if($pi == $person_id){
  1141. $error = true;
  1142. $flag = true;
  1143. $message = "Access level not updated";
  1144. }
  1145. $select->close();
  1146. }
  1147. if(!$flag){
  1148. $update = $db->prepare("UPDATE Authorized SET access_level=? WHERE person_id=? AND lab_id=?");
  1149. $update->bind_param("sii",$access_level,$person_id,$lab_id);
  1150. if($update->execute()){
  1151. $response["status"] = "success";
  1152. $response["message"] = "Access level updated";
  1153. }
  1154. /* update failed */
  1155. else{
  1156. $error = true;
  1157. $message = "Access level not updated";
  1158. }
  1159. $update->close();
  1160. }
  1161. }
  1162. /* lab not authorized */
  1163. else{
  1164. $error = true;
  1165. $message = "Action not allowed";
  1166. }
  1167. }
  1168. }
  1169. /* restricted access level */
  1170. else{
  1171. $error = true;
  1172. $message = "Action not allowed";
  1173. }
  1174. }
  1175. /* missing args */
  1176. else{
  1177. $error = true;
  1178. $message = "One or more arguments missing";
  1179. }
  1180. break;
  1181. case 17: /* fetch laboratories */
  1182. if($_SESSION["access_level"] === "admin" or $_SESSION["access_level"] === "investigator"){
  1183. if($_SESSION["access_level"] === "admin"){
  1184. $query = "SELECT Laboratory.lab_id,Laboratory.lab_room,Laboratory.department,Laboratory.building,Laboratory.extension,Laboratory.pi,Person.person_name,Laboratory.lab_name FROM Laboratory INNER JOIN Person ON Person.person_id=Laboratory.pi ORDER BY Laboratory.lab_room ASC";
  1185. $bind_flag = false;
  1186. }
  1187. else if($_SESSION["access_level"] === "investigator"){
  1188. $query = "SELECT Laboratory.lab_id,Laboratory.lab_room,Laboratory.department,Laboratory.building,Laboratory.extension,Laboratory.pi,Person.person_name,Laboratory.lab_name FROM Laboratory INNER JOIN Person ON Person.person_id=Laboratory.pi WHERE Laboratory.pi=? ORDER BY Laboratory.lab_room ASC";
  1189. $bind_flag = true;
  1190. }
  1191. $labs = $db->prepare($query);
  1192. if($bind_flag){
  1193. $labs->bind_param("i",$_SESSION["person_id"]);
  1194. }
  1195. $labs->execute();
  1196. $labs->bind_result($lab_id,$lab_room,$department,$building,$extension,$pi,$person_name,$lab_name);
  1197. /* extract authorized laboratories */
  1198. $response["laboratories"] = array();
  1199. while($labs->fetch()){
  1200. array_push($response["laboratories"],array("lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room),"lab_name" => $lab_name,"department" => $department,"building" => $building,"extension" => $extension,"pi" => array("person_id" => $pi,"person_name" => $person_name)));
  1201. }
  1202. $labs->close();
  1203. $response["status"] = "success";
  1204. }
  1205. /* restricted access level */
  1206. else{
  1207. $error = true;
  1208. $message = "Access denied";
  1209. }
  1210. break;
  1211. case 18: /* edit lab */
  1212. /* verify args */
  1213. if(isset($_POST["lab_id"]) and isset($_POST["lab_name"]) and isset($_POST["lab_room"]) and isset($_POST["department"]) and isset($_POST["building"]) and isset($_POST["extension"]) and isset($_POST["pi"])){
  1214. $lab_id = $_POST["lab_id"];
  1215. $lab_name = $_POST["lab_name"];
  1216. $lab_room = $_POST["lab_room"];
  1217. $department = $_POST["department"];
  1218. $building = $_POST["building"];
  1219. $extension = $_POST["extension"];
  1220. $pi = $_POST["pi"];
  1221. $access_level = "investigator";
  1222. /* update lab */
  1223. if(($_SESSION["access_level"] == "admin" or $_SESSION["access_level"] == "investigator") and array_key_exists($lab_id,$_SESSION["authorized"])){
  1224. $update = $db->prepare("UPDATE Laboratory SET lab_room=?,department=?,building=?,extension=?,pi=?,lab_name=? WHERE lab_id=?");
  1225. $update->bind_param("ssssisi",$lab_room,$department,$building,$extension,$pi,$lab_name,$lab_id);
  1226. /* authorize pi */
  1227. if($update->execute()){
  1228. $auth = $db->prepare("INSERT INTO Authorized(person_id,lab_id,access_level) VALUES (?,?,?)");
  1229. $auth->bind_param("iis",$pi,$lab_id,$access_level);
  1230. if($auth->execute()){
  1231. $response["status"] = "success";
  1232. $response["message"] = "Laboratory updated successfully";
  1233. }
  1234. /* possible duplicate */
  1235. else{
  1236. $update = $db->prepare("UPDATE Authorized SET access_level=? WHERE person_id=? AND lab_id=?");
  1237. $update->bind_param("sii",$access_level,$pi,$lab_id);
  1238. if($update->execute()){
  1239. $response["status"] = "success";
  1240. $response["message"] = "Laboratory updated successfully";
  1241. }
  1242. /* update failed */
  1243. else{
  1244. $error = true;
  1245. $message = "Access level not granted";
  1246. }
  1247. }
  1248. $auth->close();
  1249. }
  1250. /* update failed */
  1251. else{
  1252. $error = true;
  1253. $message = "Laboratory update failed";
  1254. }
  1255. $update->close();
  1256. }
  1257. /* restricted access level */
  1258. else{
  1259. $error = true;
  1260. $message = "Action not allowed";
  1261. }
  1262. }
  1263. /* missing args */
  1264. else{
  1265. $error = true;
  1266. $message = "One or more arguments missing";
  1267. }
  1268. break;
  1269. case 19: /* fetch materials */
  1270. /* verify args */
  1271. if(isset($_POST["page"])){
  1272. $page = $_POST["page"];
  1273. $offset = $page * 50;
  1274. /* generate query */
  1275. $query = "SELECT Material.mat_id,Material.mat_name,Material.cas,Lab_Material.uom,Lab_Material.total FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id WHERE ";
  1276. foreach($_SESSION["authorized"] as $lab_id => $auth){
  1277. $query .= "Lab_Material.lab_id=". $lab_id ." OR ";
  1278. }
  1279. $query = substr($query,0,-3);
  1280. $query .= "ORDER BY Material.mat_name";
  1281. $materials = $db->prepare($query);
  1282. $materials->execute();
  1283. $materials->bind_result($mat_id,$mat_name,$cas,$uom,$total);
  1284. $materials->store_result();
  1285. /* fetch material data */
  1286. $response["materials"] = array();
  1287. $response["identifiers"] = array();
  1288. while($materials->fetch()){
  1289. if(!array_key_exists($mat_id,$response["materials"])){
  1290. $response["materials"][$mat_id] = array("mat_name" => $mat_name,"cas" => $cas,"total" => array(utf8_encode($uom) => $total));
  1291. array_push($response["identifiers"],array("mat_id" => $mat_id));
  1292. }
  1293. else{
  1294. if(!array_key_exists($uom,$response["materials"][$mat_id]["total"])){
  1295. $response["materials"][$mat_id]["total"][utf8_encode($uom)] = $total;
  1296. }
  1297. else{
  1298. $response["materials"][$mat_id]["total"][utf8_encode($uom)] += $total;
  1299. }
  1300. }
  1301. }
  1302. $materials->close();
  1303. $response["status"] = "success";
  1304. }
  1305. /* missing args */
  1306. else{
  1307. $error = true;
  1308. $message = "One or more arguments missing";
  1309. }
  1310. break;
  1311. case 20: /* fetch total materials */
  1312. $query = "SELECT COUNT(*) FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id INNER JOIN Laboratory ON Laboratory.lab_id=Lab_Material.lab_id WHERE ";
  1313. foreach($_SESSION["authorized"] as $lab_id => $auth){
  1314. $query .= "Lab_Material.lab_id=". $lab_id ." OR ";
  1315. }
  1316. $query = substr($query,0,-4);
  1317. $count = $db->prepare($query);
  1318. $count->execute();
  1319. $count->bind_result($total);
  1320. $count->store_result();
  1321. if($count->fetch()){
  1322. $response["total"] = $total;
  1323. $response["status"] = "success";
  1324. }
  1325. /* some error */
  1326. else{
  1327. $error = true;
  1328. $message = "Some error ocurred";
  1329. }
  1330. $count->close();
  1331. break;
  1332. case 21: /* fetch material info */
  1333. /* verify args */
  1334. if(isset($_POST["mat_id"])){
  1335. $mat_id = $_POST["mat_id"];
  1336. $query = "SELECT Lab_Material.uom,Lab_Material.man_id,Manufacturer.man_name,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.lab_id,Laboratory.lab_room FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id INNER JOIN Laboratory ON Laboratory.lab_id=Lab_Material.lab_id WHERE Material.mat_id=? AND (";
  1337. foreach($_SESSION["authorized"] as $lab_id => $auth){
  1338. $query .= "Lab_Material.lab_id=". $lab_id ." OR ";
  1339. }
  1340. $query = substr($query,0,-4);
  1341. $query .= ") ORDER BY Material.mat_name ASC";
  1342. $material = $db->prepare($query);
  1343. $material->bind_param("i",$mat_id);
  1344. $material->execute();
  1345. $material->bind_result($uom,$man_id,$man_name,$capacity,$quantity,$total,$lab_id,$lab_room);
  1346. $material->store_result();
  1347. $response["details"] = array();
  1348. while($material->fetch()){
  1349. array_push($response["details"],array("lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room),"manufacturer" => $man_name,"capacity" => $capacity . $uom,"quantity" => $quantity,"total" => $total . $uom));
  1350. }
  1351. $material->close();
  1352. $response["status"] = "success";
  1353. }
  1354. /* missing args */
  1355. else{
  1356. $error = true;
  1357. $message = "One or more arguments missing";
  1358. }
  1359. break;
  1360. case 22: /* fetch transactions */
  1361. if($_SESSION["access_level"] === "admin" or $_SESSION["access_level"] === "investigator"){
  1362. $query = "SELECT Person.person_name,Transaction.timestamp,Material.mat_name,Manufacturer.man_name,Transaction.capacity,Laboratory.lab_room,Transaction.amount,Transaction.uom,Transaction.type,Transaction.lab_id,Transaction.mat_id FROM Transaction INNER JOIN Laboratory ON Laboratory.lab_id=Transaction.lab_id INNER JOIN Material ON Material.mat_id=Transaction.mat_id INNER JOIN Person ON Person.person_id=Transaction.person_id INNER JOIN Manufacturer ON Manufacturer.man_id=Transaction.man_id WHERE ";
  1363. foreach($_SESSION["authorized"] as $lab_id => $auth){
  1364. $query .= "Transaction.lab_id=". $lab_id ." OR ";
  1365. }
  1366. $query = substr($query,0,-3);
  1367. $query .= "ORDER BY Transaction.timestamp DESC";
  1368. $transactions = $db->prepare($query);
  1369. $transactions->execute();
  1370. $transactions->bind_result($person_name,$timestamp,$mat_name,$man_name,$capacity,$lab_room,$amount,$uom,$type,$lab_id,$mat_id);
  1371. $transactions->store_result();
  1372. $response["transactions"] = array();
  1373. while($transactions->fetch()){
  1374. array_push($response["transactions"],array("type" => $type,"person_name" => $person_name,"timestamp" => $timestamp,"material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"man_name" => $man_name,"lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room),"capacity" => $capacity . $uom,"amount" => $amount . $uom));
  1375. }
  1376. $transactions->close();
  1377. $response["status"] = "success";
  1378. }
  1379. /* not authorized */
  1380. else{
  1381. $error = true;
  1382. $message = "Access denied";
  1383. }
  1384. break;
  1385. case 23: /* fetch single material */
  1386. /* verify args */
  1387. if(isset($_POST["mat_id"])){
  1388. $mat_id = $_POST["mat_id"];
  1389. $query = "SELECT Material.mat_id,Material.mat_name,Material.cas,Lab_Material.uom,Lab_Material.total FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id WHERE Material.mat_id=? AND (";
  1390. foreach($_SESSION["authorized"] as $lab_id => $auth){
  1391. $query .= "Lab_Material.lab_id=". $lab_id ." OR ";
  1392. }
  1393. $query = substr($query,0,-4);
  1394. $query .= ")";
  1395. $material = $db->prepare($query);
  1396. $material->bind_param("i",$mat_id);
  1397. $material->execute();
  1398. $material->bind_result($mat_id,$mat_name,$cas,$uom,$total);
  1399. $material->store_result();
  1400. /* fetch material data */
  1401. $response["material"] = array();
  1402. $response["identifier"] = array();
  1403. while($material->fetch()){
  1404. if(!array_key_exists($mat_id,$response["material"])){
  1405. $response["material"][$mat_id] = array("mat_name" => $mat_name,"cas" => $cas,"total" => array(utf8_encode($uom) => $total));
  1406. array_push($response["identifier"],array("mat_id" => $mat_id));
  1407. }
  1408. else{
  1409. if(!array_key_exists($uom,$response["material"][$mat_id]["total"])){
  1410. $response["material"][$mat_id]["total"][utf8_encode($uom)] = $total;
  1411. }
  1412. else{
  1413. $response["material"][$mat_id]["total"][utf8_encode($uom)] += $total;
  1414. }
  1415. }
  1416. }
  1417. $material->close();
  1418. $response["status"] = "success";
  1419. }
  1420. /* missing args */
  1421. else{
  1422. $error = true;
  1423. $message = "One or more arguments missing";
  1424. }
  1425. break;
  1426. case 24: /* download table */
  1427. /* verify args */
  1428. if(isset($_POST["download_type"])){
  1429. /* handle by download type */
  1430. $download_type = $_POST["download_type"];
  1431. switch($download_type){
  1432. case "full_report": /* full material report */
  1433. /* fetch material data */
  1434. $query = "SELECT Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Material.state,Material.type,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location,Laboratory.lab_room FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id WHERE (";
  1435. /* authorized labs */
  1436. foreach($_SESSION["authorized"] as $lab_id => $auth){
  1437. $query .= "Lab_Material.lab_id=". $lab_id ." OR ";
  1438. }
  1439. $query = substr($query,0,-4);
  1440. $query .= ") ORDER BY Material.mat_name";
  1441. $title = "Full Material Report";
  1442. $file_name = $download_type . ".csv";
  1443. $report = $db->prepare($query);
  1444. $report->execute();
  1445. $report->bind_result($mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$state,$type,$capacity,$quantity,$total,$uom,$location,$lab_room);
  1446. $report->store_result();
  1447. $hazard = $db->prepare("SELECT Material_Hazard.code,Hazard.description FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.man_id=? GROUP BY Material_Hazard.code,Hazard.description ORDER BY Material_Hazard.code ASC");
  1448. $key = 2;
  1449. $data = array(array(""),array("Material","Manufacturer","SDS Link","CAS Num.","State","Type","Capacity","Quantity","Total","GHS Code","Hazard Description","Location","Laboratory"));
  1450. while($report->fetch()){
  1451. $hazard->bind_param("idi",$mat_id,$capacity,$man_id);
  1452. $hazard->execute();
  1453. $hazard->bind_result($ghs,$description);
  1454. $hazard->store_result();
  1455. $full_ghs = array();
  1456. $full_description = array();
  1457. /* fetch hazard details */
  1458. while($hazard->fetch()){
  1459. if(!(array_search($ghs,$full_ghs))){
  1460. array_push($full_ghs,$ghs);
  1461. array_push($full_description,$description);
  1462. }
  1463. }
  1464. $data[$key] = array("mat_name" => $mat_name,"man_name" => $man_name,"sds" => $sds,"cas" => $cas,"state" => $state,"type" => $type,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"ghs" => implode(",",$full_ghs),"description" => implode(",",$full_description),"location" => $location,"lab_room" => $lab_room);
  1465. $key += 1;
  1466. }
  1467. /* generate csv */
  1468. $hazard->close();
  1469. $report->close();
  1470. $response["status"] = "success";
  1471. $response["file_name"] = $file_name;
  1472. $response["url"] = gen_csv($data,$title);
  1473. break;
  1474. case "full_lab_report": /* full lab report */
  1475. /* fetch material data */
  1476. $query = "SELECT Lab_Material.lab_id,Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Laboratory.lab_room FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id WHERE (";
  1477. /* authorized labs */
  1478. foreach($_SESSION["authorized"] as $lab_id => $auth){
  1479. $query .= "Lab_Material.lab_id=". $lab_id ." OR ";
  1480. }
  1481. $query = substr($query,0,-4);
  1482. $query .= ") ORDER BY Material.mat_name";
  1483. $title = "Full Laboratory Report";
  1484. $file_name = $download_type . ".csv";
  1485. $report = $db->prepare($query);
  1486. $report->execute();
  1487. $report->bind_result($lab_id,$mat_id,$man_id,$mat_name,$capacity,$quantity,$total,$uom,$lab_room);
  1488. $report->store_result();
  1489. $data = array();
  1490. $labs = array();
  1491. /* fetch material quantities */
  1492. while($report->fetch()){
  1493. if(!array_key_exists($mat_id,$data)){
  1494. $data[$mat_id] = array("mat_name" => $mat_name,"total" => array($uom => $total),"uom" => array($uom));
  1495. }
  1496. /* update totals */
  1497. else{
  1498. if(!array_key_exists($uom,$data[$mat_id]["total"])){
  1499. $data[$mat_id]["total"][$uom] = $total;
  1500. array_push($data[$mat_id]["uom"],$uom);
  1501. }
  1502. else{
  1503. $data[$mat_id]["total"][$uom] += $total;
  1504. }
  1505. }
  1506. /* save lab quantities */
  1507. if(!array_key_exists($mat_id,$labs)){
  1508. $labs[$mat_id] = array();
  1509. }
  1510. /* duplicate laboratories */
  1511. if(!array_key_exists($lab_id,$labs[$mat_id])){
  1512. $labs[$mat_id][$lab_id] = array(array("lab_room" => $lab_room,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom));
  1513. }
  1514. else{
  1515. array_push($labs[$mat_id][$lab_id],array("lab_room" => $lab_room,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom));
  1516. }
  1517. }
  1518. /* generate report format */
  1519. $key = 2;
  1520. $tmp = array(array(""),array("Material","Total","Laboratories"));
  1521. foreach($data as $mat_id => $arr){
  1522. $total = "";
  1523. foreach($data[$mat_id]["total"] as $uom => $value){
  1524. $total .= $data[$mat_id]["total"][$uom].$uom." / ";
  1525. }
  1526. $total = substr($total,0,-3);
  1527. $tmp[$key] = array("","");
  1528. $tmp[$key+1] = array("","");
  1529. $tmp[$key+2] = array($data[$mat_id]["mat_name"],$total);
  1530. foreach($labs[$mat_id] as $lab_id => $lab_data){
  1531. for($i=0; $i < sizeof($lab_data); $i++){
  1532. array_push($tmp[$key],$labs[$mat_id][$lab_id][$i]["lab_room"]);
  1533. array_push($tmp[$key],"");
  1534. array_push($tmp[$key],"");
  1535. array_push($tmp[$key+1],"Capacity");
  1536. array_push($tmp[$key+1],"Qty.");
  1537. array_push($tmp[$key+1],"Total");
  1538. array_push($tmp[$key+2],$labs[$mat_id][$lab_id][$i]["capacity"].$labs[$mat_id][$lab_id][$i]["uom"]);
  1539. array_push($tmp[$key+2],$labs[$mat_id][$lab_id][$i]["quantity"]);
  1540. array_push($tmp[$key+2],$labs[$mat_id][$lab_id][$i]["total"].$labs[$mat_id][$lab_id][$i]["uom"]);
  1541. }
  1542. }
  1543. $tmp[$key+3] = array("");
  1544. $key += 4;
  1545. }
  1546. /* generate csv */
  1547. $report->close();
  1548. $response["status"] = "success";
  1549. $response["file_name"] = $file_name;
  1550. $response["url"] = gen_csv($tmp,$title);
  1551. break;
  1552. case "ghs_report": /* ghs report */
  1553. /* verify args */
  1554. if(isset($_POST["ghs"])){
  1555. $ghs = $_POST["ghs"];
  1556. $query = "SELECT Hazard.description,Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location,Laboratory.lab_room,Laboratory.lab_id FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE ((";
  1557. foreach($_SESSION["authorized"] as $lab_id => $auth){
  1558. $query .= "Lab_Material.lab_id=". $lab_id ." OR ";
  1559. }
  1560. $query = substr($query,0,-4);
  1561. $query .= ") AND Material_Hazard.code=?) ORDER BY Material.mat_name ASC";
  1562. $report = $db->prepare($query);
  1563. $report->bind_param("s",$ghs);
  1564. $report->execute();
  1565. $report->bind_result($description,$mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$capacity,$quantity,$total,$uom,$location,$lab_room,$lab_id);
  1566. $report->store_result();
  1567. $key = 2;
  1568. $data = array(array(""),array("Material","Manufacturer","SDS Link","CAS Num.","Capacity","Quantity","Total","Location","Laboratory"));
  1569. while($report->fetch()){
  1570. $data[$key] = array("mat_name" => $mat_name,"man_name" => $man_name,"sds" => urlencode($sds),"cas" => $cas,"capacity" => $capacity.$uom,"quantity" => $quantity,"total" => $total.$uom,"location" => $location,"lab_room" => $lab_room);
  1571. $key += 1;
  1572. }
  1573. /* generate csv */
  1574. $report->close();
  1575. $response["status"] = "success";
  1576. $response["file_name"] = $ghs . "_report.csv";
  1577. $response["url"] = gen_csv($data,$ghs ." Report \nDescription: " . $description);
  1578. }
  1579. /* missing args */
  1580. else{
  1581. $error = true;
  1582. $message = "One or more args are missing";
  1583. }
  1584. break;
  1585. case "lab_report":
  1586. /* verify args */
  1587. if(isset($_POST["lab_id"])){
  1588. /* fetch material data */
  1589. $lab_id = $_POST["lab_id"];
  1590. if(array_key_exists($lab_id,$_SESSION["authorized"])){
  1591. $lab_room = $_SESSION["authorized"][$lab_id]["lab_room"];
  1592. $title = $lab_room . " Lab Report";
  1593. $file_name = $lab_room . "_" . $download_type . ".csv";
  1594. $report = $db->prepare("SELECT Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Material.state,Material.type,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id WHERE Lab_Material.lab_id=? ORDER BY Material.mat_name");
  1595. $report->bind_param("i",$lab_id);
  1596. $report->execute();
  1597. $report->bind_result($mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$state,$type,$capacity,$quantity,$total,$uom,$location);
  1598. $report->store_result();
  1599. $hazard = $db->prepare("SELECT Material_Hazard.code,Hazard.description FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.man_id=? GROUP BY Material_Hazard.code,Hazard.description ORDER BY Material_Hazard.code ASC");
  1600. $key = 2;
  1601. $data = array(array(""),array("Material","Manufacturer","SDS Link","CAS Num.","State","Type","Capacity","Quantity","Total","GHS Code","Hazard Description","Location","Laboratory"));
  1602. while($report->fetch()){
  1603. $hazard->bind_param("idi",$mat_id,$capacity,$man_id);
  1604. $hazard->execute();
  1605. $hazard->bind_result($ghs,$description);
  1606. $hazard->store_result();
  1607. $full_ghs = array();
  1608. $full_description = array();
  1609. /* fetch hazard details */
  1610. while($hazard->fetch()){
  1611. if(!(array_search($ghs,$full_ghs))){
  1612. array_push($full_ghs,$ghs);
  1613. array_push($full_description,$description);
  1614. }
  1615. }
  1616. $data[$key] = array("mat_name" => $mat_name,"man_name" => $man_name,"sds" => $sds,"cas" => $cas,"state" => $state,"type" => $type,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"ghs" => implode(",",$full_ghs),"description" => implode(",",$full_description),"location" => $location,"lab_room" => $lab_room);
  1617. $key += 1;
  1618. }
  1619. /* generate csv */
  1620. $hazard->close();
  1621. $report->close();
  1622. $response["status"] = "success";
  1623. $response["file_name"] = $file_name;
  1624. $response["url"] = gen_csv($data,$title);
  1625. }
  1626. }
  1627. /* missing args */
  1628. else{
  1629. $error = true;
  1630. $message = "One or more args are missing";
  1631. }
  1632. break;
  1633. default:
  1634. $error = true;
  1635. $message = "Incorrect download type";
  1636. break;
  1637. }
  1638. }
  1639. /* missing args */
  1640. else{
  1641. $error = true;
  1642. $message = "One or more args are missing";
  1643. }
  1644. break;
  1645. case 25: /* fetch ghs codes */
  1646. $ghs = $db->prepare("SELECT DISTINCT(code) FROM Material_Hazard ORDER BY code ASC");
  1647. $ghs->execute();
  1648. $ghs->bind_result($code);
  1649. $ghs->store_result();
  1650. $response["ghs"] = array();
  1651. while($ghs->fetch()){
  1652. $response["ghs"][$code] = array("icon" => urlencode("/images/" . $code . ".png"));
  1653. }
  1654. $ghs->close();
  1655. $response["status"] = "success";
  1656. break;
  1657. case 26: /* fetch materials by ghs */
  1658. /* verify args */
  1659. if(isset($_POST["ghs"])){
  1660. $ghs = $_POST["ghs"];
  1661. $query = "SELECT DISTINCT Hazard.description,Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location,Laboratory.lab_room,Laboratory.lab_id FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE ((";
  1662. foreach($_SESSION["authorized"] as $lab_id => $auth){
  1663. $query .= "Lab_Material.lab_id=". $lab_id ." OR ";
  1664. }
  1665. $query = substr($query,0,-4);
  1666. $query .= ") AND Material_Hazard.code=?) ORDER BY Material.mat_name ASC";
  1667. $materials = $db->prepare($query);
  1668. $materials->bind_param("s",$ghs);
  1669. $materials->execute();
  1670. $materials->bind_result($description,$mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$capacity,$quantity,$total,$uom,$location,$lab_room,$lab_id);
  1671. $materials->store_result();
  1672. $response["ghs"] = array();
  1673. while($materials->fetch()){
  1674. array_push($response["ghs"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"sds" => urlencode($sds),"cas" => $cas,"capacity" => $capacity.$uom,"quantity" => $quantity,"total" => $total.$uom,"location" => $location,"laboratory" => array("lab_id" => $lab_id,"lab_room" => $lab_room)));
  1675. }
  1676. $materials->close();
  1677. $response["status"] = "success";
  1678. $response["description"] = $description;
  1679. }
  1680. /* missing args */
  1681. else{
  1682. $error = true;
  1683. $message = "One or more args are missing";
  1684. }
  1685. break;
  1686. case 27: /* fetch offered materials */
  1687. $offered = $db->prepare("SELECT Person.person_name,Person.person_id,Laboratory.lab_room,Offered_Material.lab_id,Manufacturer.man_name,Offered_Material.man_id,Material.mat_name,Offered_Material.mat_id,Offered_Material.capacity,Offered_Material.uom,Offered_Material.amount,Offered_Material.timestamp FROM Offered_Material INNER JOIN Laboratory ON Laboratory.lab_id=Offered_Material.lab_id INNER JOIN Material ON Material.mat_id=Offered_Material.mat_id INNER JOIN Person ON Person.person_id=Offered_Material.person_id INNER JOIN Manufacturer ON Manufacturer.man_id=Offered_Material.man_id ORDER BY Offered_Material.timestamp DESC");
  1688. $offered->execute();
  1689. $offered->bind_result($person_name,$person_id,$lab_room,$lab_id,$man_name,$man_id,$mat_name,$mat_id,$capacity,$uom,$amount,$timestamp);
  1690. $offered->store_result();
  1691. /* save materials */
  1692. $response["offered"] = array();
  1693. while($offered->fetch()){
  1694. array_push($response["offered"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name,"uom" => $uom,"timestamp" => $timestamp),"timestamp" => $timestamp,"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"capacity" => $capacity.$uom,"amount" => $amount.$uom,"person" => array("person_id" => $person_id,"person_name" => $person_name),"lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room)));
  1695. }
  1696. $offered->close();
  1697. $response["status"] = "success";
  1698. $response["person_id"] = $_SESSION["person_id"];
  1699. break;
  1700. case 28: /* request offered materials */
  1701. /* verify args */
  1702. if(isset($_POST["person_id"]) and isset($_POST["lab_id"]) and isset($_POST["request"])){
  1703. $request = json_decode($_POST["request"],true);
  1704. $mat_id = $request["material"]["mat_id"];
  1705. $timestamp = $request["material"]["timestamp"];
  1706. $man_id = $request["manufacturer"]["man_id"];
  1707. $o_lab_id = $request["lab"]["lab_id"];
  1708. $n_lab_id = $_POST["lab_id"];
  1709. $uom = $request["material"]["uom"];
  1710. $capacity = str_replace($uom,"",$request["capacity"]);
  1711. $amount = str_replace($uom,"",$request["amount"]);
  1712. $person_id = $_POST["person_id"];
  1713. $insert = $db->prepare("INSERT INTO Request(`timestamp`,person_id,mat_id,man_id,capacity,uom,lab_id,amount,request_lab_id) VALUES (?,?,?,?,?,?,?,?,?)");
  1714. $insert->bind_param("siiidsidi",$timestamp,$person_id,$mat_id,$man_id,$capacity,$uom,$o_lab_id,$amount,$n_lab_id);
  1715. if($insert->execute()){
  1716. $response["status"] = "success";
  1717. $response["message"] = "Request submited";
  1718. }
  1719. /* request failed */
  1720. else{
  1721. $error = true;
  1722. $message = "Request failed";
  1723. }
  1724. $insert->close();
  1725. }
  1726. /* missing args */
  1727. else{
  1728. $error = true;
  1729. $message = "One or more args are missing";
  1730. }
  1731. break;
  1732. case 29: /* fetch requested materials */
  1733. $requested = $db->prepare("SELECT Person.person_name,Person.person_id,Laboratory.lab_room,L.lab_room,Request.lab_id,Request.request_lab_id,Manufacturer.man_name,Request.man_id,Material.mat_name,Request.mat_id,Request.capacity,Request.uom,Request.amount,Request.request_lab_id,Request.timestamp FROM Request INNER JOIN Laboratory ON Laboratory.lab_id=Request.lab_id INNER JOIN Material ON Material.mat_id=Request.mat_id INNER JOIN Person ON Person.person_id=Request.person_id INNER JOIN Manufacturer ON Manufacturer.man_id=Request.man_id INNER JOIN Laboratory as L ON L.lab_id=Request.request_lab_id ORDER BY Material.mat_name ASC");
  1734. $requested->execute();
  1735. $requested->bind_result($person_name,$person_id,$prev_lab_room,$new_lab_room,$prev_lab_id,$new_lab_id,$man_name,$man_id,$mat_name,$mat_id,$capacity,$uom,$amount,$request_lab_id,$timestamp);
  1736. $requested->store_result();
  1737. $response["requested"] = array();
  1738. while($requested->fetch()){
  1739. array_push($response["requested"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name,"uom" => $uom,"timestamp" => $timestamp),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"capacity" => $capacity.$uom,"amount" => $amount.$uom,"person" => array("person_id" => $person_id,"person_name" => $person_name),"prev_lab" => array("lab_id" => $prev_lab_id,"lab_room" => $prev_lab_room),"new_lab" => array("lab_id" => $new_lab_id,"lab_room" => $new_lab_room)));
  1740. }
  1741. $requested->close();
  1742. $response["status"] = "success";
  1743. break;
  1744. case 30: /* handle requested materials */
  1745. /* verify args */
  1746. if(isset($_POST["type"]) and isset($_POST["material"])){
  1747. $type = $_POST["type"];
  1748. $material = json_decode($_POST["material"],true);
  1749. $mat_id = $material["material"]["mat_id"];
  1750. $timestamp = $material["material"]["timestamp"];
  1751. $man_id = $material["manufacturer"]["man_id"];
  1752. $prev_lab_id = $material["prev_lab"]["lab_id"];
  1753. $new_lab_id = $material["new_lab"]["lab_id"];
  1754. $uom = $material["material"]["uom"];
  1755. $capacity = (float) str_replace($uom,"",$material["capacity"]);
  1756. $amount = (float) str_replace($uom,"",$material["amount"]);
  1757. $person_id = $material["person"]["person_id"];
  1758. $quantity = ceil($amount/$capacity);
  1759. $location = "n/a";
  1760. $delete = false;
  1761. if($type === "accept"){
  1762. $transaction = "add";
  1763. $select = $db->prepare("SELECT total FROM Lab_Material WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=?");
  1764. $select->bind_param("iidis",$mat_id,$new_lab_id,$capacity,$man_id,$uom);
  1765. $select->execute();
  1766. $select->bind_result($total);
  1767. $select->store_result();
  1768. if($select->num_rows > 0){
  1769. $select->fetch();
  1770. $total += $amount;
  1771. $update = $db->prepare("UPDATE Lab_Material SET total=? WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=?");
  1772. $update->bind_param("diidis",$total,$mat_id,$new_lab_id,$capacity,$man_id,$uom);
  1773. if($update->execute()){
  1774. $delete = true;
  1775. }
  1776. /* request failed */
  1777. else{
  1778. $error = true;
  1779. $message = $update->error;
  1780. }
  1781. $update->close();
  1782. }
  1783. /* insert into lab */
  1784. else{
  1785. $insert = $db->prepare("INSERT INTO Lab_Material(lab_id,mat_id,capacity,quantity,total,location,uom,man_id) VALUES (?,?,?,?,?,?,?,?)");
  1786. $insert->bind_param("iididssi",$new_lab_id,$mat_id,$capacity,$quantity,$amount,$location,$uom,$man_id);
  1787. if($insert->execute()){
  1788. $delete = true;
  1789. }
  1790. /* request failed */
  1791. else{
  1792. $error = true;
  1793. $message = "Request failed";
  1794. }
  1795. $insert->close();
  1796. }
  1797. $select->close();
  1798. /* record transaction */
  1799. if($delete){
  1800. $insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");
  1801. $insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$new_lab_id,$amount,$uom);
  1802. if(!$insert->execute()){
  1803. $error = true;
  1804. $message = $insert->error;
  1805. $delete = false;
  1806. }
  1807. $insert->close();
  1808. }
  1809. }
  1810. else{
  1811. $delete = true;
  1812. }
  1813. if($delete){
  1814. $delete = $db->prepare("DELETE FROM Request WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=? AND person_id=? AND request_lab_id=? AND `timestamp`=?");
  1815. $delete->bind_param("iidisiis",$mat_id,$prev_lab_id,$capacity,$man_id,$uom,$person_id,$new_lab_id,$timestamp);
  1816. $offer = $db->prepare("DELETE FROM Offered_Material WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=? AND `timestamp`=?");
  1817. $offer->bind_param("iidiss",$mat_id,$prev_lab_id,$capacity,$man_id,$uom,$timestamp);
  1818. if($delete->execute()){
  1819. if($offer->execute()){
  1820. $response["status"] = "success";
  1821. $response["message"] = "Request answered successfully";
  1822. }
  1823. /* request failed */
  1824. else{
  1825. $error = true;
  1826. $message = "Request failed";
  1827. }
  1828. $offer->close();
  1829. }
  1830. /* request failed */
  1831. else{
  1832. $error = true;
  1833. $message = "Request failed";
  1834. }
  1835. $delete->close();
  1836. }
  1837. }
  1838. /* missing args */
  1839. else{
  1840. $error = true;
  1841. $message = "One or more args are missing";
  1842. }
  1843. break;
  1844. default: /* non defined requests */
  1845. $error = true;
  1846. $message = "Invalid request";
  1847. break;
  1848. }
  1849. }
  1850. }
  1851. /* missing api call */
  1852. else{
  1853. $error = true;
  1854. $message = "One or more arguments are missing";
  1855. }
  1856. /* handle errors */
  1857. if($error){
  1858. $response = array("status" => "error","message" => $message);
  1859. }
  1860. /* query response */
  1861. $db->close();
  1862. echo json_encode(utf8_response($response));
  1863. }
  1864. /* start session */
  1865. function start_session(){
  1866. /* start user session */
  1867. if(!isset($_SESSION)){
  1868. session_start();
  1869. }
  1870. }
  1871. /* utf8_response($obj: array/string) - parse response as utf-8 */
  1872. function utf8_response($obj){
  1873. if(is_array($obj)){
  1874. foreach($obj as $key => $value){
  1875. $obj[$key] = utf8_response($value);
  1876. }
  1877. }
  1878. else if(is_string($obj)){
  1879. return utf8_encode($obj);
  1880. }
  1881. return $obj;
  1882. }
  1883. /* session_expired() - verify if session is expired */
  1884. function session_expired(){
  1885. /* start session */
  1886. start_session();
  1887. /* check for expired session */
  1888. if(!isset($_SESSION["last_activity"]) or (time() - $_SESSION["last_activity"]) > 1800){
  1889. /* destroy session */
  1890. session_unset();
  1891. session_destroy();
  1892. $_SESSION = array();
  1893. $expired = true;
  1894. }
  1895. /* update last activity */
  1896. else{
  1897. /* update session id, after 30 mins */
  1898. if((time() - $_SESSION["created"]) > 1800){
  1899. /* update session id/creation time */
  1900. session_regenerate_id(true);
  1901. $_SESSION["created"] = time();
  1902. }
  1903. $_SESSION['last_activity'] = time();
  1904. $expired = false;
  1905. }
  1906. return $expired;
  1907. }
  1908. /* gen_csv($data: array of arrays,$title: string) - generate csv file */
  1909. function gen_csv($data,$title){
  1910. /* generate file name */
  1911. $file_name = "../tmp/" . bin2hex(random_bytes(16)) . ".csv";
  1912. $f = fopen($file_name,"w");
  1913. fwrite($f,$title . "\n");
  1914. fwrite($f,"Report generated: " . $timestamp = date("Y-m-d H:i:s") . "\n");
  1915. foreach($data as $row){
  1916. fputcsv($f,$row,",");
  1917. }
  1918. fclose($f);
  1919. return str_replace("..","",$file_name);
  1920. }
  1921. opaso();
  1922. ?>