}
            $qry .= " WHERE FK_member_id = :id";
            //print($qry . " ID[" . $memberInfo['PK_member_id'] . "]");
            $prep = $db->prepare($qry);
            if ($prep->execute(array(":id" => $memberInfo['PK_member_id']))) {
                //die("PERSONAL ID: " . $prep->rowCount());
                $info = $prep->fetch(PDO::FETCH_ASSOC);
                $memberInfo['PersonalID'] = $info[$assocString];
            } else {
                $error = $prep->errorInfo();
                $errMsgArr[] = $error[2];
                $errNum += 1;
                return outputXML($errNum, $errMsgArr, '');
            }
            $retVal = outputXML($errNum, $errMsgArr, $memberInfo);
        } else {
            $errMsgArr[] = 'Login and Password Incorrect';
            $errNum += 1;
            $retVal = outputXML($errNum, $errMsgArr, '');
        }
    } else {
        $error = $prep->errorInfo();
        $errMsgArr[] = $error[2];
        $errNum += 1;
        $retVal = outputXML($errNum, $errMsgArr, '');
    }
    return $retVal;
}
clean(&$_GET);
$output = doService();
print $output;
            if (mysql_query($updateQry)) {
                if (mysql_query($statusQry)) {
                    $retVal = outputXML('1', 'SUCCESSFUL UPDATE!');
                } else {
                    $retVal = outputXML('0', mysql_error());
                }
            } else {
                $retVal = outputXML('0', mysql_error());
            }
        } else {
            if ($postKey == $AUTH_KEY) {
                $retVal = outputXML('0', 'UNTRUSTED CLIENTS UNABLE TO UPDATE ACCOUNT INFORMATION');
            } else {
                $retVal = outputXML('0', 'UNAUTHORIZED ACCESS');
            }
        }
    } else {
        $retVal = outputXML('0', 'RECEIVED INCORRECT MESSAGE');
    }
    return $retVal;
}
//8758e4c115ba4669e13a574464488496xolJXj25jlk56LJkk5677LS
//AUTH KEY 40fc9157068b426ea62b1134d57be6ce
// set up some useful variables
$serviceURL = $_SERVER['REQUEST_URI'];
$serviceMethod = strtoupper($_SERVER['REQUEST_METHOD']);
$getArgs = $_GET;
$postArgs = $_POST;
//don't care about post
$retVal = doService($serviceURL, $serviceMethod, 400);
print $retVal;
Beispiel #3
0
    $day = $_POST['day'];
    $year = $_POST['year'];
    $appID = $_POST['appID'];
    if ($errNum == 0) {
        //set up and insert values into the user table
        //getting the patient id from the user table
        //$getPID = $db->prepare("Select * FROM Patient WHERE FK_member_id = (Select PK_member_id From Users where UserName = '******'u'] . "');");
        //$succes = $getPID->execute();
        //$member = $getPID->fetch(PDO::FETCH_ASSOC);
        //$pid = $member['PK_PatientID'];
        $addCoPayPrep = $db->prepare("INSERT INTO Copayment(Amount, Date, FK_AppID) \n                                        VALUES(:amount, :date, :appID);");
        //$tableType = '';
        //$status = "scheduled";
        $date = $year . "-" . $month . "-" . $day;
        $time = $hour . "";
        $vals = array(':amount' => $amount, ':date' => $date, ':appID' => $appID);
        $addCoPaytSuccess = $addCoPayPrep->execute($vals);
        //$needapproval;
        //$type;
        if (!$insertApptSuccess) {
            $errMsgArr[] = 'Add CoPay failed';
            $errNum += 1;
        }
        $retVal = outputXML($errNum, $errMsgArr, $db);
    } else {
        $retVal = outputXML($errNum, $errMsgArr, $db);
    }
    return $retVal;
}
$output = doService($db);
print $output;
            $target = $_GET['u'];
        }
        $qry = "SELECT * FROM Users LEFT JOIN Patient ON Users.PK_member_id = Patient.FK_member_id\r\n\t\t\t\t\tLEFT JOIN Insurance ON Insurance.FK_PatientID = Patient.PK_PatientID";
        if ($target != "all") {
            $qry .= " WHERE UserName = :target";
        }
        $patientInfoPrep = $db->prepare($qry);
        $patientInfoSuccess = $patientInfoPrep->execute(array(":target" => $target));
        if (!$patientInfoSuccess) {
            $errMsgArr[] = "DATABASE ERROR TWO";
            $errNum++;
        }
        if ($errNum == 0) {
            $retVal = outputXML($errNum, $errMsgArr, $patientInfoPrep);
            //print($patientInfoPrep->rowCount());
        } else {
            $retVal = outputXML($errNum, $errMsgArr, '');
        }
    } else {
        $errMsgArr[] = "Unauthorized to view information";
        $errNum++;
        $retVal = outputXML($errNum, $errMsgArr, '');
    }
    return $retVal;
}
//8758e4c115ba4669e13a574464488496xolJXj25jlk56LJkk5677LS
//AUTH KEY 40fc9157068b426ea62b1134d57be6ce
// set up some useful variables
$output = doService(300);
print $output;
//print("SHIT = " . $_GET['u']);
}
function doService($url, $method, $getArgs, $postArgs)
{
    $retVal = "METHOD = " . $method;
    if ($method == 'GET') {
        if (strtoupper($getArgs['login']) == 'TEST' && strtoupper($getArgs['pw']) == 'TEST') {
            $retVal = output('OK', '1', 'GET AUTHENTICATION SUCCESS');
        } else {
            $retVal = output('OK', '0', 'GET AUTHENTICATION FAILURE');
        }
    } else {
        if ($method == 'POST') {
            if (strtoupper($postArgs['login']) == 'TEST' && strtoupper($postArgs['pw']) == 'TEST') {
                $retVal = output('OK', '1', 'POST AUTHENTICATION SUCCESS');
            } else {
                $retVal = output('OK', '0', 'POST AUTHENTICATION SUCCESS');
            }
        } else {
            return 'UNKNOWN METHOD';
        }
    }
    return $retVal;
}
// set up some useful variables
$serviceURL = $_SERVER['REQUEST_URI'];
$serviceMethod = strtoupper($_SERVER['REQUEST_METHOD']);
$getArgs = $_GET;
$postArgs = $_POST;
$retVal = doService($serviceURL, $serviceMethod, $getArgs, $postArgs);
print "<HTML><H2>{$retVal}</H2></HTML>";
return;
Beispiel #6
0
<?php

require_once 'configREST.php';
//sql connection information
require_once 'bootstrapREST.php';
//link information
doService();
function doService()
{
    global $db;
    $errMsgArr = array();
    $errNum = 0;
    //MAKE SURE THEY PASSED US CREDENTIALS
    if (!isset($_GET['u']) || $_GET['u'] == '') {
        $errMsgArr[] = "No username provided for authentication";
        $errNum++;
    }
    if (!isset($_GET['key']) || $_GET['key'] == '') {
        $errMsgArr[] = "No key provided for authentication";
        $errNum++;
    }
    if ($errNum != 0) {
        return outputXML($errNum, $errMsgArr, '');
    }
    //USE CREDENTIALS AND AUTHENTICATE
    $user = $_GET['u'];
    $recKey = $_GET['key'];
    $aid = $_GET['aid'];
    $userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
    $userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
    $memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);