Proyecto en colaboración con OPASO

opaso.php 5.1KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164
  1. <?php
  2. /* Authors : Carlos C. Corrada-Bravo
  3. David J. Ortiz-Rivera
  4. José A. Quiñones-Flores
  5. Organization : Centro de Desarrollo y Consultoria Computacional
  6. Project : OPASO Material Registry
  7. File : opaso.php
  8. Description : Handle API requests for OPASO */
  9. require "config.php";
  10. error_reporting(E_ALL);
  11. ini_set("display_errors",1);
  12. /* extract api call */
  13. if(isset($_POST["query"])){
  14. $query = $_POST["query"];
  15. $response = array(); /* response array */
  16. $error = false;
  17. /* handle query */
  18. switch($query){
  19. case 0: /* Register user */
  20. break;
  21. case 1: /* Login user */
  22. break;
  23. case 2: /* Get laboratories */
  24. break;
  25. case 3: /* Get materials */
  26. break;
  27. case 4: /* Get inventory by lab */
  28. /* extract args */
  29. if(isset($_POST["laboratory"])){
  30. $laboratory = $_POST["laboratory"];
  31. if($lab_name = $db->prepare("SELECT lname FROM Laboratory WHERE lid=?")){
  32. $lab_name->bind_param("i",$laboratory); /* bind laboratory to query and execute */
  33. if($lab_name->execute()){
  34. $lab_name->bind_result($lname);
  35. $lab_name->store_result();
  36. if($lab_name->num_rows > 0){
  37. while($lab_name->fetch()){
  38. $response["laboratory"] = $lname;
  39. }
  40. }
  41. else{
  42. $error = true;
  43. $message = "Lab not found.";
  44. }
  45. }
  46. else{
  47. $error = true;
  48. $message = "Something went wrong.";
  49. }
  50. }
  51. else{
  52. $error = true;
  53. $message = "Something went wrong.";
  54. }
  55. /* prepare query */
  56. if($inventory = $db->prepare("SELECT eid,chemical,cas,manufacturer,sds,ghs,hazard,state,type,amount,quantity,total,uom,location FROM Inventory WHERE lid=?")){
  57. $inventory->bind_param("i",$laboratory); /* bind laboratory to query and execute */
  58. if($inventory->execute()){
  59. $inventory->bind_result($eid,$chemical,$cas,$manufacturer,$sds,$ghs,$hazard,$state,$type,$amount,$quantity,$total,$uom,$location);
  60. $inventory->store_result();
  61. if($inventory->num_rows > 0){
  62. $response["status"] = "success";
  63. $response["inventory"] = [];
  64. $options = [
  65. "cost" => 8,
  66. ];
  67. while($inventory->fetch()){
  68. $response["inventory"][password_hash($eid,PASSWORD_DEFAULT,$options)] = ["chemical" => $chemical,"cas" => $cas,"manufacturer" => $manufacturer,"sds" => $sds,"ghs" => $ghs,"hazard" => $hazard,"state" => $state,"type" => $type,"amount" => $amount,"quantity" => $quantity,"total" => $total,"uom" => $uom,"location" => $location];
  69. }
  70. }
  71. else{
  72. $error = true;
  73. $message = "No results found.";
  74. }
  75. $inventory->close();
  76. }
  77. else{
  78. $error = true;
  79. $message = "Something went wrong.";
  80. }
  81. }
  82. else{
  83. $error = true;
  84. $message = "Something went wrong.";
  85. }
  86. }
  87. /* missing args */
  88. else{
  89. $error = true;
  90. $message = "One ore more arguments missing.";
  91. }
  92. break;
  93. case 5: /* */
  94. break;
  95. case 6: /* edit row */
  96. /* extract args */
  97. if(isset($_POST["eid"]) and isset($_POST["laboratory"]) and isset($_POST["fields"])){
  98. $eid = $_POST["eid"];
  99. $laboratory = $_POST["laboratories"];
  100. $fields = $_POST["fields"];
  101. /* match row with authorized rows */
  102. $uid = "";
  103. $labs = array();
  104. for($l=0; $l < sizeof($labs); $l++){
  105. if($rows = $db->prepare("SELECT eid FROM Laboratory WHERE lid=?")){
  106. $rows->bind_param("i",$labs[$l]); /* bind laboratory to query and execute */
  107. if($rows->execute()){
  108. $rows->bind_result($rid);
  109. $rows->store_result();
  110. if($rows->num_rows > 0){
  111. while($rows->fetch()){
  112. /* if ids match, update row */
  113. if(password_verify($rid,$_POST["eid"])){
  114. if($update_row = $db->prepare("UPDATE Inventory SET chemical=?,manufacturer=?,sds=?,cas=?,state=?,hazard=?,type=?,amount=?,quantity=?,total=?,location=?,ghs=?,uom=? WHERE eid=?")){
  115. $update_row->bind_param("sssssssssssssi",$fields["chemical"],$fields["manufacturer"],$fields["sds"],$fields["cas"],$fields["state"],$fields["hazard"],$fields["type"],$fields["amount"],$fields["quantity"],$fields["total"],$fields["ghs"],$fields["uom"],$rid);
  116. if($update_row->execute()){
  117. $response["status"] = "success";
  118. }
  119. }
  120. }
  121. }
  122. }
  123. else{
  124. $error = true;
  125. $message = "No results found.";
  126. }
  127. }
  128. }
  129. }
  130. }
  131. /* missing args */
  132. else{
  133. $error = true;
  134. $message = "One ore more arguments missing.";
  135. }
  136. break;
  137. case 7: /* edit inventory row */
  138. print_r($_POST);
  139. break;
  140. case 8: /* copy inventory row */
  141. print_r($_POST);
  142. break;
  143. default: /* non defined requests */
  144. print_r($_POST);
  145. echo "request not defined";
  146. break;
  147. }
  148. if($error){
  149. $response = array();
  150. $response["status"] = "error";
  151. $response["error"] = $message;
  152. }
  153. echo json_encode($response);
  154. }
  155. /* missing api call */
  156. else{
  157. echo "one or more arguments are missing";
  158. }
  159. ?>