function outputXML($node_name = null, $node = null, $level = 1)
{
$output = '';
$row_template = '<tr><th width="65">%s</th><td>%s</td></tr>';
$table_template = '<table width="100%%" class="data_table show_border small" cellspacing="0" cellpadding="0">%s</table>';
$node_data = '';
if (count($node->children())) {
$child_data = '';
foreach ($node->children() as $child_name => $child) {
$child_data .= outputXML($child_name, $child, 2);
}
$node_data .= sprintf($table_template, $child_data);
} else {
if (count($node->attributes())) {
$child_data = '';
foreach ($node->attributes() as $child_name => $child) {
$child_data .= outputXML($child_name, $child, 2);
}
$node_data .= sprintf($table_template, $child_data);
} else {
$node_data = (string) $node;
}
}
if ($level == 1) {
$output = $node_data;
} else {
$output = sprintf($row_template, $node_name, $node_data);
}
return $output;
}
function doService($url, $method, $level)
{
if ($method == 'POST') {
$user = strtoupper($_POST['u']);
$qry = "SELECT * FROM Users WHERE UserName='******'";
$result = mysql_query($qry);
$member = mysql_fetch_assoc($result);
$pwd = $member['Password'];
$trustedKey = "xolJXj25jlk56LJkk5677LS";
$controlString = "3p1XyTiBj01EM0360lFw";
$AUTH_KEY = md5($user . $pwd . $controlString);
$TRUST_KEY = md5($AUTH_KEY . $trustedKey);
$postKey = $_POST['key'];
if ($postKey == $TRUST_KEY && (int) $member['Type'] >= $level) {
$ID = clean($_POST['ID']);
$f_name = clean($_POST['Firstname']);
$l_name = clean($_POST['Lastname']);
$sex = clean($_POST['Sex']);
$email = clean($_POST['Email']);
$birthday = clean($_POST['Birthday']);
$phone = clean($_POST['Phonenumber']);
$ssn = clean($_POST['SSN']);
$type = clean($_POST['Type']);
$need = clean($_POST['Need']);
$table_name = 'Users';
// $address = clean($_POST['Address']);
// $policy = clean($_POST['Policy']);
$status = clean($_POST['Status']);
if ($need == 1) {
$updateQry = "UPDATE {$table_name} Set FirstName='{$f_name}',LastName='{$l_name}',Sex='{$sex}',Email='{$email}',Birthday='{$birthday}',PhoneNumber='{$phone}',SSN='{$ssn}', Type = '{$type}', NeedApproval='0' WHERE PK_member_id = '{$ID}'";
} else {
$updateQry = "UPDATE {$table_name} Set FirstName='{$f_name}',LastName='{$l_name}',Sex='{$sex}',Email='{$email}',Birthday='{$birthday}',PhoneNumber='{$phone}',SSN='{$ssn}', Type = '{$type}', NeedApproval='1' WHERE PK_member_id = '{$ID}'";
}
if (strcmp($status, "lock") == 0) {
$statusQry = "UPDATE {$table_name} SET Locked = '1' WHERE PK_member_id = '{$ID}'";
} else {
$statusQry = "UPDATE {$table_name} SET Locked = '0' WHERE PK_member_id = '{$ID}'";
}
if (mysql_query($updateQry)) {
if (mysql_query($statusQry)) {
$retVal = outputXML('1', 'SUCCESSFUL UPDATE!');
} else {
$retVal = outputXML('0', mysql_error());
}
} else {
$retVal = outputXML('0', mysql_error());
}
} else {
if ($postKey == $AUTH_KEY) {
$retVal = outputXML('0', 'UNTRUSTED CLIENTS UNABLE TO UPDATE ACCOUNT INFORMATION');
} else {
$retVal = outputXML('0', 'UNAUTHORIZED ACCESS');
}
}
} else {
$retVal = outputXML('0', 'RECEIVED INCORRECT MESSAGE');
}
return $retVal;
}
function doService()
{
$errMsgArr = array();
$errNum = 0;
$userName = $_GET['u'];
$authKey = $_GET['k'];
// no username supplied, output error and return
if (!isset($userName) || $userName == "") {
$errMsgArr[] = 'Username Missing';
$errNum++;
$xmlOutput = outputXML('0', $errNum, $errMsgArr);
return $xmlOutput;
}
// no authkey supplied, output error and return
if (!isset($authKey) || $authKey == "") {
$errMsgArr[] = 'Key Missing';
$errNum++;
$xmlOutput = outputXML('0', $errNum, $errMsgArr);
return $xmlOutput;
}
global $db;
$prep = $db->prepare('SELECT CurrentKey, Locked, NeedApproval, PK_member_id
FROM Users WHERE UserName = :u');
if ($prep->execute(array(':u' => $userName))) {
$result = $prep->fetch(PDO::FETCH_ASSOC);
} else {
return "SQL ERROR GETTING USER DATA";
}
$dbCurrentKey = $result['CurrentKey'];
$dbLocked = $result['Locked'];
$dbNeedApproval = $result['NeedApproval'];
$dbMemberID = $result['PK_member_id'];
if ($dbLocked == '1') {
$errMsgArr[] = 'Locked user trying to logout';
$errNum++;
$xmlOutput = outputXML('0', $errNum, $errMsgArr);
return $xmlOutput;
}
$prep = $db->prepare("UPDATE Users SET CurrentKey = NULL WHERE UserName = :u");
$prep->execute(array(":u" => $userName));
if ($prep->rowCount() != 1) {
$error = $prep->errorInfo();
$errMsgArr[] = $error[2];
$errNum += 1;
$xmlOutput = outputXML('0', $errNum, $errMsgArr);
} else {
$xmlOutput = outputXML('1', $errNum, $errMsgArr);
}
return $xmlOutput;
}
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
//MAKE SURE THEY PASSED US CREDENTIALS
if (!isset($_GET['u']) || $_GET['u'] == '') {
$errMsgArr[] = "No username provided for authentication";
$errNum++;
}
if (!isset($_GET['key']) || $_GET['key'] == '') {
$errMsgArr[] = "No key provided for authentication";
$errNum++;
}
if ($errNum != 0) {
return outputXML($errNum, $errMsgArr, '');
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_GET['u'];
$recKey = $_GET['key'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$currKey = $memberInfo['CurrentKey'];
$trustString = "xolJXj25jlk56LJkk5677LS";
$trustedKey = md5($currKey . $trustString);
if ($recKey == $trustedKey || $recKey == $currKey) {
$qry = "SELECT * FROM LogFiles";
$doctorNamePrep = $db->prepare($qry);
$doctorNameSuccess = $doctorNamePrep->execute();
if (!$doctorNameSuccess) {
$errMsgArr[] = "DATABASE ERROR TWO";
$errNum++;
}
$retVal = outputXML($errNum, $errMsgArr, $doctorNamePrep);
} else {
$errMsgArr[] = "Unauthorized to view information";
$errNum++;
$retVal = outputXML($errNum, $errMsgArr, '');
}
// $retVal = "STUFF";
return $retVal;
}
function init($args)
{
$albumName = $args['name'];
$themeList = getThemeNames();
$albumDefault = getCurrentTheme($albumName);
$outString = "";
foreach ($themeList as $name => $html) {
$outString .= "<theme ";
if ($name == $albumDefault) {
$outString .= "default=\"true\"";
}
$outString .= ">{$name}</theme>";
}
outputXML("<status>success</status>{$outString}");
}
function doService()
{
$user = strtoupper($_GET['u']);
$qry = "SELECT * FROM Users WHERE UserName='******' AND Password='******'p'] . "'";
$result = mysql_query($qry);
$member = mysql_fetch_assoc($result);
if (mysql_numrows($result)) {
$retVal = outputXML('1', $user, $_GET['p']);
logToDB("Login Succeed", true, $member['PK_member_id']);
} else {
$retVal = outputXML('0', '', '');
logToDB("Login Fail", false, -1);
}
return $retVal;
}
function getAvailDates()
{
global $link;
$dates = array();
$fullDates = array();
$result = mysql_query("SELECT updatedTime FROM newswire_tb ORDER BY updatedTime DESC");
while ($row = mysql_fetch_assoc($result)) {
if (_checkDate($row['updatedTime'], $dates) == 0) {
$dates[] = _parseDate($row['updatedTime']);
$fullDates[] = $row['updatedTime'];
//$dates[] = $row['updatedTime'];
}
//echo "date: "._parseDate( $row['updatedTime'] )."<br>";
}
for ($i = 0; $i < count($dates); $i++) {
//echo 'selected date: '.$dates[$i]."<br>";
}
mysql_free_result($result);
mysql_close($link);
outputXML($fullDates);
}
function doService($url, $method, $level)
{
// method is POST
if (strcmp($method, "POST") == 0) {
$user = strtoupper($_POST['u']);
$qry = "SELECT * FROM Users WHERE UserName='******'";
$result = mysql_query($qry);
$member = mysql_fetch_assoc($result);
$pwd = $member['Password'];
$trustedKey = "xolJXj25jlk56LJkk5677LS";
$controlString = "3p1XyTiBj01EM0360lFw";
$AUTH_KEY = md5($user . $pwd . $controlString);
$TRUST_KEY = md5($AUTH_KEY . $trustedKey);
$postKey = $_POST['key'];
if ($postKey == $TRUST_KEY && (int) $member['Type'] >= $level) {
$patientID = clean($_POST['patientID']);
$doctorID = clean($_POST['doctorID']);
$doctorMemberID = clean($_POST['doctorMemberID']);
$updateQry = "UPDATE Patient SET FK_DoctorID = '" . $doctorID . "' WHERE PK_PatientID = '" . $patientID . "'";
if (mysql_query($updateQry)) {
logToDB("Doctor added a patient", true, $doctorMemberID);
$retVal = outputXML('1', "PATIENT ADDED");
} else {
$retVal = outputXML('0', mysql_error());
}
} else {
if ($postKey == $AUTH_KEY) {
$retVal = outputXML('0', 'UNTRUSTED CLIENTS UNABLE TO ADD PATIENTS');
} else {
$retVal = outputXML('0', 'UNAUTHORIZED ACCESS');
}
}
} else {
$retVal = outputXML('0', 'RECEIVED INCORRECT MESSAGE');
}
$retVal .= "<br>{$updateQry}";
return $retVal;
}
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
//MAKE SURE THEY PASSED US CREDENTIALS
if (!isset($_GET['u']) || $_GET['u'] == '') {
$errMsgArr[] = "No username provided for authentication";
$errNum++;
}
if (!isset($_GET['key']) || $_GET['key'] == '') {
$errMsgArr[] = "No key provided for authentication";
$errNum++;
}
if ($errNum != 0) {
return outputXML($errNum, $errMsgArr, '', '', '');
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_GET['u'];
$recKey = $_GET['key'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '', '', '');
}
$currKey = $memberInfo['CurrentKey'];
$trustString = "xolJXj25jlk56LJkk5677LS";
$trustedKey = md5($currKey . $trustString);
if ($recKey == $trustedKey || $recKey == $currKey) {
// || $memberInfo['Type'] >= 200) {
if (isset($_GET['med'])) {
$medQry = "SELECT Medications.* FROM Medications WHERE ";
$paramArray = array();
if ($memberInfo['Type'] == 1 || isset($_GET['pat'])) {
$medQry .= "Medications.FK_PatientID = :patID AND ";
if ($memberInfo['Type'] == 1) {
$patIDQry = "SELECT Patient.PK_PatientID FROM Patient WHERE Patient.FK_member_id = " . $memberInfo['PK_member_id'];
$patIDPrep = $db->prepare($patIDQry);
$updateSucc = $patIDPrep->execute();
if (!$updateSucc) {
$errorInfoArray = $prep->errorInfo();
$errMsgArr[] = $errorInfoArray[2];
$errNum++;
return outputXML($errNum, $errMsgArr, $memberInfo, '', '');
}
$thisPatID = $patIDPrep->fetch(PDO::FETCH_ASSOC);
$paramArray[":patID"] = $thisPatID['PK_PatientID'];
} else {
$paramArray[":patID"] = $_GET["pat"];
}
}
$paramArray[":med"] = $_GET['med'];
$medQry .= "Medications.PK_MedicationsID = :med";
$medPrep = $db->prepare($medQry);
$medSuccess = $medPrep->execute($paramArray);
if (!$medSuccess) {
$errorInfoArray = $medPrep->errorInfo();
$errMsgArr[] = $errorInfoArray[2];
$errNum++;
}
return outputXML($errNum, $errMsgArr, $memberInfo, $medPrep, '');
// return "STUFF";
}
if (isset($_GET['prec'])) {
$precQry = "SELECT Precondition.* FROM Precondition WHERE ";
$paramArray = array();
if ($memberInfo['Type'] == 1 || isset($_GET['pat'])) {
$precQry .= "Precondition.FK_PatientID = :patID AND ";
if ($memberInfo['Type'] == 1) {
$patIDQry = "SELECT Patient.PK_PatientID FROM Patient WHERE Patient.FK_member_id = " . $memberInfo['PK_member_id'];
$patIDPrep = $db->prepare($patIDQry);
$updateSucc = $patIDPrep->execute();
if (!$updateSucc) {
$errorInfoArray = $prep->errorInfo();
$errMsgArr[] = $errorInfoArray[2];
$errNum++;
return outputXML($errNum, $errMsgArr, $memberInfo, '', '');
}
$thisPatID = $patIDPrep->fetch(PDO::FETCH_ASSOC);
$paramArray[":patID"] = $thisPatID['PK_PatientID'];
} else {
$paramArray[":patID"] = $_GET["pat"];
}
}
$paramArray[":prec"] = $_GET['prec'];
$precQry .= "Precondition.PK_ConditionID = :prec";
$precPrep = $db->prepare($precQry);
$precSuccess = $precPrep->execute($paramArray);
if (!$precSuccess) {
$errorInfoArray = $precPrep->errorInfo();
$errMsgArr[] = $errorInfoArray[2];
$errNum++;
}
return outputXML($errNum, $errMsgArr, $memberInfo, '', $precPrep);
}
$medQry = "SELECT Medications.* FROM Medications";
$precQry = "SELECT Precondition.* FROM Precondition";
if ($memberInfo['Type'] == 1 || isset($_GET['pat'])) {
$medQry .= " WHERE Medications.FK_PatientID = :patID";
$precQry .= " WHERE Precondition.FK_PatientID = :patID";
if ($memberInfo['Type'] == 1) {
$patIDQry = "SELECT Patient.PK_PatientID FROM Patient WHERE Patient.FK_member_id = " . $memberInfo['PK_member_id'];
$patIDPrep = $db->prepare($patIDQry);
$updateSucc = $patIDPrep->execute();
if (!$updateSucc) {
$errorInfoArray = $prep->errorInfo();
$errMsgArr[] = $errorInfoArray[2];
$errNum++;
return outputXML($errNum, $errMsgArr, $memberInfo, '', '');
}
$thisPatID = $patIDPrep->fetch(PDO::FETCH_ASSOC);
$paramArray = array(":patID" => $thisPatID['PK_PatientID']);
} else {
$paramArray = array(":patID" => $_GET["pat"]);
}
}
$medPrep = $db->prepare($medQry);
$precPrep = $db->prepare($precQry);
$medSuccess = $medPrep->execute($paramArray);
$precSuccess = $precPrep->execute($paramArray);
if (!$medSuccess) {
$errorInfoArray = $medPrep->errorInfo();
$errMsgArr[] = $errorInfoArray[2];
$errNum++;
}
if (!$precSuccess) {
$errorInfoArray = $precPrep->errorInfo();
$errMsgArr[] = $errorInfoArray[2];
$errNum++;
}
if ($errNum == 0) {
$retVal = outputXML($errNum, $errMsgArr, $memberInfo, $medPrep, $precPrep);
} else {
$retVal = outputXML($errNum, $errMsgArr, $memberInfo, '', '');
}
} else {
$errMsgArr[] = "Unauthorized to view information";
$errNum++;
$retVal = outputXML($errNum, $errMsgArr, '');
}
return $retVal;
}
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
//MAKE SURE THEY PASSED US CREDENTIALS
if (!isset($_POST['u']) || $_POST['u'] == '') {
$errMsgArr[] = "No username provided for authentication";
$errNum++;
}
if (!isset($_POST['key']) || $_POST['key'] == '') {
$errMsgArr[] = "No key provided for authentication";
$errNum++;
}
if ($errNum != 0) {
return outputXML($errNum, $errMsgArr, '');
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_POST['u'];
$recKey = $_POST['key'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
$currKey = $memberInfo['CurrentKey'];
$trustString = "xolJXj25jlk56LJkk5677LS";
$trustedKey = md5($currKey . $trustString);
if (($recKey == $trustedKey || $recKey == $currKey) && $memberInfo['Type'] > 1) {
//ENSURE OLD PASS AND TWO NEW PASSWORDS PROVIDED
//FIGURE OUT IF WE'RE ADDING A NEW ONE OR OLD
$precIsSet = isset($_POST['prec']);
if (!isset($_POST['desc']) || $_POST['desc'] == '') {
$errMsgArr[] = "No description provided";
$errNum++;
}
if (!isset($_POST['pat']) || $_POST['pat'] == '') {
$errMsgArr[] = "No patient provided";
$errNum++;
}
$prec = $_POST['prec'];
$desc = $_POST['desc'];
$patient = $_POST['pat'];
//update database with new appt info
if ($errNum == 0) {
if ($precIsSet) {
$str = "UPDATE Precondition SET `Description`='{$desc}' WHERE `PK_ConditionID`='{$prec}';";
$update = $db->prepare($str);
$success = $update->execute();
if (!$success) {
$sqlError = $update > errorInfo();
$errMsgArr[] = $sqlError[2];
$errNum++;
}
} else {
$str = "INSERT INTO Precondition (`FK_PatientID`, `Description`) VALUES ('{$patient}', '{$desc}');";
$insert = $db->prepare($str);
$success = $insert->execute();
if (!$success) {
$sqlError = $insert->errorInfo();
$errMsgArr[] = $sqlError[2];
$errNum++;
} else {
$getID = $db->prepare("SELECT @@IDENTITY");
$success = $getID->execute();
if (!$success) {
$sqlError = $getID->errorInfo();
$errMsgArr[] = $sqlError[2];
$errNum++;
} else {
$apptIDArray = $getID->fetch(PDO::FETCH_ASSOC);
$_POST['prec'] = $apptIDArray['@@IDENTITY'];
}
}
}
}
} else {
$errMsgArr[] = "Unauthorized to change precondition information";
$errNum++;
}
$retVal = outputXML($errNum, $errMsgArr, $memberInfo);
return $retVal;
}
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
//MAKE SURE THEY PASSED US CREDENTIALS
if (!isset($_POST['u']) || $_POST['u'] == '') {
$errMsgArr[] = "No username provided for authentication";
$errNum++;
}
if (!isset($_POST['key']) || $_POST['key'] == '') {
$errMsgArr[] = "No key provided for authentication";
$errNum++;
}
if ($errNum != 0) {
return outputXML($errNum, $errMsgArr, '');
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_POST['u'];
$recKey = $_POST['key'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
$currKey = $memberInfo['CurrentKey'];
$trustString = "xolJXj25jlk56LJkk5677LS";
$trustedKey = md5($currKey . $trustString);
if (($recKey == $trustedKey || $recKey == $currKey) && $memberInfo['Type'] > 1) {
//ENSURE OLD PASS AND TWO NEW PASSWORDS PROVIDED
//FIGURE OUT IF WE'RE ADDING A NEW ONE OR OLD
$medIsSet = isset($_POST['med']);
if (!isset($_POST['medication']) || $_POST['medication'] == '') {
$errMsgArr[] = "No medication provided";
$errNum++;
}
if (!isset($_POST['dosage']) || $_POST['dosage'] == '') {
$errMsgArr[] = "No dosage provided";
$errNum++;
}
if (!isset($_POST['startdate']) || $_POST['startdate'] == '') {
$errMsgArr[] = "No start date provided";
$errNum++;
} else {
if (!preg_match('/^(2[0-9][0-9][0-9])-([1-9]|0[1-9]|1[0-2])-([1-9]|0[1-9]|[1-2][0-9]|3[0-1])$/', $_POST['startdate'])) {
$errMsgArr[] = "Improper date format: start";
$errNum++;
}
}
if (!isset($_POST['enddate']) || $_POST['enddate'] == '') {
$errMsgArr[] = "No end date provided";
$errNum++;
} else {
if (!preg_match('/^(2[0-9][0-9][0-9])-([1-9]|0[1-9]|1[0-2])-([1-9]|0[1-9]|[1-2][0-9]|3[0-1])$/', $_POST['enddate'])) {
$errMsgArr[] = "Improper date format : end";
$errNum++;
}
}
if (!isset($_POST['pat']) || $_POST['pat'] == '') {
$errMsgArr[] = "No patient provided";
$errNum++;
}
$med = $_POST['med'];
$medication = $_POST['medication'];
$dosage = $_POST['dosage'];
$start = $_POST['startdate'];
$end = $_POST['enddate'];
$patient = $_POST['pat'];
//update database with new appt info
if ($errNum == 0) {
if ($medIsSet) {
$str = "UPDATE Medications SET `Medication`='{$medication}', `Dosage`='{$dosage}', `StartDate`='{$start}', `EndDate`='{$end}' WHERE `PK_MedicationsID`='{$med}';";
$update = $db->prepare($str);
$success = $update->execute();
if (!$success) {
$sqlError = $update > errorInfo();
$errMsgArr[] = $sqlError[2];
$errNum++;
}
} else {
$str = "INSERT INTO Medications (`FK_PatientID`, `Medication`, `Dosage`, `StartDate`, `EndDate`) \r\n\t\t\t\t\t\tVALUES ('{$patient}', '{$medication}', '{$dosage}', '{$start}', '{$end}');";
$insert = $db->prepare($str);
$success = $insert->execute();
if (!$success) {
$sqlError = $insert->errorInfo();
$errMsgArr[] = $sqlError[2];
$errNum++;
} else {
$getID = $db->prepare("SELECT @@IDENTITY");
$success = $getID->execute();
if (!$success) {
$sqlError = $getID->errorInfo();
$errMsgArr[] = $sqlError[2];
$errNum++;
} else {
$apptIDArray = $getID->fetch(PDO::FETCH_ASSOC);
$_POST['med'] = $apptIDArray['@@IDENTITY'];
}
}
}
}
} else {
$errMsgArr[] = "Unauthorized to change medication information";
$errNum++;
}
$retVal = outputXML($errNum, $errMsgArr, $memberInfo);
return $retVal;
}
function doService($db)
{
$errMsgArr = array();
$errNum = 0;
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$bday = $_POST['bday'];
$email = $_POST['email'];
$ssn = $_POST['ssn'];
$user = $_POST['u'];
$password = $_POST['p'];
$cpassword = $_POST['cp'];
$type = $_POST['type'];
//Input Validations
if (!isset($_POST['fname']) || $_POST['fname'] == '') {
$errMsgArr[] = 'First name missing';
$errNum++;
}
if (!isset($_POST['lname']) || $_POST['lname'] == '') {
$errMsgArr[] = 'Last name missing';
$errNum++;
}
//test
if (!isset($_POST['bday']) || $_POST['bday'] == '') {
$errMsgArr[] = 'birthdate missing';
$errNum++;
}
if (!isset($_POST['email']) || $_POST['email'] == '') {
$errMsgArr[] = 'e-mail address missing';
$errNum++;
}
if (!isset($_POST['ssn']) || $_POST['ssn'] == '') {
$errMsgArr[] = 'Social Security Number missing';
$errNum++;
}
//end
if (!isset($_POST['u']) || $_POST['u'] == '') {
$errMsgArr[] = 'Login ID missing';
$errNum++;
}
if (!isset($_POST['p']) || $_POST['p'] == '' || $_POST['p'] == 'd41d8cd98f00b204e9800998ecf8427e') {
$errMsgArr[] = 'Password missing';
$errNum++;
}
if (!isset($_POST['cp']) || $_POST['cp'] == '' || $_POST['cp'] == 'd41d8cd98f00b204e9800998ecf8427e') {
$errMsgArr[] = 'Confirm password missing';
$errNum++;
}
if (strcmp($password, $cpassword) != 0) {
$errMsgArr[] = 'Passwords do not match';
$errNum++;
}
if (!ctype_alnum($password)) {
$errMsgArr[] = 'Password should be numbers and digits only';
$errNum++;
}
if (strlen($password) < 7) {
$errMsgArr[] = 'Password must be at least 7 chars';
$errNum++;
}
if (strlen($password) > 20) {
$errMsgArr[] = 'Password must be at most 20 chars ';
$errNum++;
}
if (!preg_match('`[A-Z]`', $password)) {
$errMsgArr[] = 'Password must contain at least one upper case';
$errNum++;
}
if (!preg_match('`[a-z]`', $password)) {
$errMsgArr[] = 'Password must contain at least one lower case';
$errNum++;
}
if (!preg_match('`[0-9]`', $password)) {
$errMsgArr[] = 'Password must contain at least one digit';
$errNum++;
}
$prepUsers = $db->prepare("SELECT * FROM `Users` WHERE UserName = :id ; ");
if ($prepUsers->execute(array(":id" => $user))) {
//IF NAME IS NOT IN USE
if ($prepUsers->rowCount() != 0) {
$errMsgArr[] = 'Username already in use';
$errNum++;
}
} else {
$error = $prepUsers->errorInfo();
$errMsgArr[] = $error[2];
$errNum++;
$retVal = outputXML($errNum, $errMsgArr);
}
if ($errNum == 0) {
//set up and insert values into the user table
$insertUserPrep = $db->prepare("INSERT INTO Users(FirstName, LastName, UserName, Email, Birthday, SSN, Type, NeedApproval, Password) \n\t\t\t\t\tVALUES(:fname, :lname, :login, :email, :bday, :ssn, :type, :needapproval, :password);");
$tableType = '';
$needapproval;
$type;
if (strcmp($_POST['type'], "patient") == 0) {
$type = 1;
$needapproval = 0;
$tableType = "Patient";
} elseif (strcmp($_POST['type'], "nurse") == 0) {
$type = 200;
$needapproval = 1;
$tableType = "Nurse";
} elseif (strcmp($_POST['type'], "doctor") == 0) {
$type = 300;
$needapproval = 1;
$tableType = "Doctor";
} elseif (strcmp($_POST['type'], "admin") == 0) {
$type = 400;
$needapproval = 1;
$tableType = "Admin";
}
$vals = array(':type' => $type, ':needapproval' => $needapproval, ':fname' => $fname, ':lname' => $lname, ':login' => $user, ':email' => $email, ':bday' => $bday, ':ssn' => $ssn, ':password' => md5($password));
$insertUserSuccess = $insertUserPrep->execute($vals);
if (!$insertUserSuccess) {
//didnt insert into user table
$errMsgArr[] = 'DATABASE ERROR ONE';
$errNum++;
} else {
//get the primary key for the recently entered row
$memIDPrep = $db->prepare("SELECT * FROM Users WHERE UserName = '******'");
$getIDSuccess = $memIDPrep->execute();
if (!$getIDSuccess) {
//get member id error
$errMsgArr[] = 'DATABASE ERROR TWO';
$errNum++;
} else {
//add into the proper sub table with the user primary key as the member foreign key
$member = $memIDPrep->fetch(PDO::FETCH_ASSOC);
if ($tableType == "Doctor") {
$insertTypePrep = $db->prepare("INSERT INTO " . $tableType . "(FK_member_id, DocName) VALUES('" . $member['PK_member_id'] . "', '" . $member['LastName'] . "' )");
} else {
$insertTypePrep = $db->prepare("INSERT INTO " . $tableType . "(FK_member_id) VALUES('" . $member['PK_member_id'] . "')");
}
//insert into subtable failed
if (!$insertTypePrep->execute()) {
$errMsgArr[] = "DATABASE ERORR THREE";
$errNum++;
} else {
if (strcmp($_POST['type'], "patient") == 0) {
//get the primary key for the recently entered row
$patIDPrep = $db->prepare("SELECT * FROM Patient WHERE FK_member_id = '" . $member['PK_member_id'] . "'");
$getPatSuccess = $patIDPrep->execute();
if (!$getPatSuccess) {
//get member id error
$errMsgArr[] = 'DATABASE ERROR FOUR';
$errNum++;
} else {
//add into the proper sub table with the user primary key as the member foreign key
$patient = $patIDPrep->fetch(PDO::FETCH_ASSOC);
$insertInsPrep = $db->prepare("INSERT INTO Insurance (FK_PatientID) VALUES('" . $patient['PK_PatientID'] . "')");
//insert into subtable failed
if (!$insertInsPrep->execute()) {
$errMsgArr[] = "DATABASE ERORR FIVE";
$errNum++;
}
}
}
}
}
}
$retVal = outputXML($errNum, $errMsgArr);
} else {
$retVal = outputXML($errNum, $errMsgArr);
}
return $retVal;
}
function doService()
{
$errMsgArr = array();
$errNum = 0;
$userName = $_POST['UserName'];
$authKey = $_POST['AuthKey'];
$callingUserName = $_POST['CallingUserName'];
global $db;
/*// no username supplied, output error and return
if(!isset($userName) || $userName == "") {
$errMsgArr[] = 'Username Missing';
$errNum++;
$xmlOutput = outputXML('0', $errNum, $errMsgArr);
return $xmlOutput;
}
// no authkey supplied, output error and return
if(!isset($authKey) || $authKey == "") {
$errMsgArr[] = 'Key Missing';
$errNum++;
$xmlOutput = outputXML('0', $errNum, $errMsgArr);
return $xmlOutput;
}
// no authkey supplied, output error and return
if(!isset($callingUserName) || $callingUserName == "") {
$errMsgArr[] = 'Calling User Missing';
$errNum++;
$xmlOutput = outputXML('0', $errNum, $errMsgArr);
return $xmlOutput;
}
$data = '';
foreach ($_POST as $key => $value) {
$data .= "$key = $value\n";
}
return $data;*/
$updateSQL = 'UPDATE Users SET';
$updateSQL .= " Users.FirstName='" . $_POST['FirstName'];
$updateSQL .= "', Users.LastName='" . $_POST['LastName'];
$updateSQL .= "', Users.Sex='" . $_POST['Sex'];
$updateSQL .= "', Users.Birthday='" . $_POST['Birthday'];
$updateSQL .= "', Users.SSN='" . $_POST['SSN'];
$updateSQL .= "', Users.Email='" . $_POST['Email'];
$updateSQL .= "', Users.PhoneNumber='" . $_POST['PhoneNumber'];
if ($_POST['Status'] == 'lock') {
$updateSQL .= "', Users.Locked='1";
} else {
$updateSQL .= "', Users.Locked='0";
}
$updateSQL .= "' WHERE Users.UserName='******'";
$prep = $db->prepare($updateSQL);
if ($prep->execute()) {
} else {
$errorInfoArray = $prep->errorInfo();
$errMsgArr[] = $errorInfoArray[2];
$errNum++;
$xmlOutput = outputXML($errNum, $errMsgArr);
return $xmlOutput;
}
$updateSQL = 'UPDATE Insurance SET';
$updateSQL .= " Insurance.Company_Name='" . $_POST['Company_Name'];
$updateSQL .= "', Insurance.Plan_Type='" . $_POST['Plan_Type'];
$updateSQL .= "', Insurance.Plan_Num='" . $_POST['Plan_Num'];
$updateSQL .= "', Insurance.`Co-Pay`='" . $_POST['Co-Pay'];
$updateSQL .= "', Insurance.`Coverage-Start`='" . $_POST['Coverage-Start'];
$updateSQL .= "', Insurance.`Coverage-End`='" . $_POST['Coverage-End'];
$updateSQL .= "' WHERE Insurance.FK_PatientID='" . $_POST['PersonalID'] . "'";
print $updateSQL;
$prep = $db->prepare($updateSQL);
if ($prep->execute()) {
$xmlOutput = outputXML($errNum, $errMsgArr);
return $xmlOutput;
} else {
$errorInfoArray = $prep->errorInfo();
$errMsgArr[] = $errorInfoArray[2];
$errNum++;
$xmlOutput = outputXML($errNum, $errMsgArr);
return $xmlOutput;
}
}
function doService($level)
{
global $db;
$errMsgArr = array();
$errNum = 0;
//MAKE SURE THEY PASSED US CREDENTIALS
if (!isset($_GET['u']) || $_GET['u'] == '') {
$errMsgArr[] = "No username provided for authentication";
$errNum++;
}
if (!isset($_GET['key']) || $_GET['key'] == '') {
$errMsgArr[] = "No key provided for authentication";
$errNum++;
}
if ($errNum != 0) {
return outputXML($errNum, $errMsgArr, '');
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_GET['u'];
$recKey = $_GET['key'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$currKey = $memberInfo['CurrentKey'];
$trustString = "xolJXj25jlk56LJkk5677LS";
$trustedKey = md5($currKey . $trustString);
if ($recKey == $trustedKey || $recKey == $currKey) {
if (isset($_GET['pat']) && $memberInfo['Type'] >= $level) {
$target = $_GET['pat'];
} else {
$target = $_GET['u'];
}
$qry = "SELECT * FROM Users LEFT JOIN Patient ON Users.PK_member_id = Patient.FK_member_id\r\n\t\t\t\t\tLEFT JOIN Insurance ON Insurance.FK_PatientID = Patient.PK_PatientID";
if ($target != "all") {
$qry .= " WHERE UserName = :target";
}
$patientInfoPrep = $db->prepare($qry);
$patientInfoSuccess = $patientInfoPrep->execute(array(":target" => $target));
if (!$patientInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR TWO";
$errNum++;
}
if ($errNum == 0) {
$retVal = outputXML($errNum, $errMsgArr, $patientInfoPrep);
//print($patientInfoPrep->rowCount());
} else {
$retVal = outputXML($errNum, $errMsgArr, '');
}
} else {
$errMsgArr[] = "Unauthorized to view information";
$errNum++;
$retVal = outputXML($errNum, $errMsgArr, '');
}
return $retVal;
}
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
//MAKE SURE THEY PASSED US CREDENTIALS
if (!isset($_POST['u']) || $_POST['u'] == '') {
$errMsgArr[] = "No username provided for authentication";
$errNum++;
}
if (!isset($_POST['key']) || $_POST['key'] == '') {
$errMsgArr[] = "No key provided for authentication";
$errNum++;
}
if ($errNum != 0) {
return outputXML($errNum, $errMsgArr, '');
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_POST['u'];
$recKey = $_POST['key'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
$currKey = $memberInfo['CurrentKey'];
$trustString = "xolJXj25jlk56LJkk5677LS";
$trustedKey = md5($currKey . $trustString);
if ($recKey == $trustedKey) {
//ENSURE OLD PASS AND TWO NEW PASSWORDS PROVIDED
if (!isset($_POST['oldpass']) || $_POST['oldpass'] == '' || $_POST['oldpass'] == 'd41d8cd98f00b204e9800998ecf8427e') {
$errMsgArr[] = "Old password not provided";
$errNum++;
}
if (!isset($_POST['newpass1']) || $_POST['newpass1'] == '' || $_POST['newpass1'] == 'd41d8cd98f00b204e9800998ecf8427e') {
$errMsgArr[] = "First new password not provided";
$errNum++;
}
if (!isset($_POST['newpass2']) || $_POST['newpass2'] == '' || $_POST['newpass2'] == 'd41d8cd98f00b204e9800998ecf8427e') {
$errMsgArr[] = "Second new password not provided";
$errNum++;
}
//Make sure old password correct
$oldpass = $_POST['oldpass'];
$epass = md5($oldpass);
$newpass1 = $_POST['newpass1'];
$newpass2 = $_POST['newpass2'];
$currPass = $memberInfo['Password'];
if ($currPass != $epass) {
$errMsgArr[] = 'Old password incorrect';
$errNum++;
}
//problems with new password
if ($oldpass == $newpass1) {
$errMsgArr[] = 'New and old passwords must be different';
$errNum++;
}
if ($newpass1 != $newpass2) {
$errMsgArr[] = 'New passwords do not match different';
$errNum++;
}
if (!ctype_alnum($newpass1)) {
$errMsgArr[] = 'New password should be numbers and digits only';
$errNum++;
}
if (strlen($newpass1) < 7) {
$errMsgArr[] = 'New password must be at least 7 chars';
$errNum++;
}
if (strlen($newpass1) > 20) {
$errMsgArr[] = 'New password must be at most 20 chars';
$errNum++;
}
if (!preg_match('`[A-Z]`', $newpass1)) {
$errMsgArr[] = 'New password must contain at least one upper case';
$errNum++;
}
if (!preg_match('`[a-z]`', $newpass1)) {
$errMsgArr[] = 'New password must contain at least one lower case';
$errNum++;
}
if (!preg_match('`[0-9]`', $newpass1)) {
$errMsgArr[] = 'New password must contain at least one digit';
$errNum++;
}
//update database with new password
if ($errNum == 0) {
$updatePassPrep = $db->prepare("UPDATE Users SET Password = :pass WHERE PK_member_id = :id;");
$updatePassSuccess = $updatePassPrep->execute(array(":pass" => md5($newpass1), ":id" => $memberInfo['PK_member_id']));
if (!$updatePassSuccess) {
$errMsgArr[] = 'Password update failure';
$errNum++;
}
}
} else {
$errMsgArr[] = "Unauthorized to change password";
$errNum++;
}
$retVal = outputXML($errNum, $errMsgArr, $memberInfo);
return $retVal;
}
function doService($db)
{
$errMsgArr = array();
$errNum = 0;
$doctor = $_POST['doctor'];
$month = $_POST['month'];
$day = $_POST['day'];
$year = $_POST['year'];
$hour = $_POST['hour'];
$reason = $_POST['reason'];
$reminder = $_POST['reminder'];
if ($errNum == 0) {
//set up and insert values into the user table
//getting the patient id from the user table
$getPID = $db->prepare("Select * FROM Patient WHERE FK_member_id = (Select PK_member_id From Users where UserName = '******'u'] . "');");
$succes = $getPID->execute();
$member = $getPID->fetch(PDO::FETCH_ASSOC);
$pid = $member['PK_PatientID'];
$addApptPrep = $db->prepare("INSERT INTO Appointment(FK_DoctorID, FK_PatientID, Date, Time, Address, Status, Reason, Reminder) \n VALUES(:doc, :pid, :date, :time, :address, :status, :reason, :reminder);");
//$tableType = '';
$status = "scheduled";
$date = $year . "-" . $month . "-" . $day;
$time = $hour . "";
$vals = array(':doc' => $doctor, ':pid' => $pid, ':date' => $date, ':time' => $time, ':address' => $address, ':status' => $status, ':reason' => $reason, ':reminder' => $reminder);
$insertApptSuccess = $addApptPrep->execute($vals);
//$needapproval;
//$type;
if (!$insertApptSuccess) {
$errMsgArr[] = 'Add Appt failed';
$errNum += 1;
}
$retVal = outputXML($errNum, $errMsgArr, $db);
} else {
$retVal = outputXML($errNum, $errMsgArr, $db);
}
return $retVal;
}
function formatMessage($status, $message)
{
$out = "<" . PF_STATUS_TAG . ">" . $status . "</" . PF_STATUS_TAG . ">";
$out .= "<" . PF_MESSAGE_TAG . ">" . $message . "</" . PF_MESSAGE_TAG . ">";
outputXML($out);
}
function doService($db)
{
$errMsgArr = array();
$errNum = 0;
$id = $_POST['id'];
$bp = $_POST['bp'];
$weight = $_POST['weight'];
$sym = $_POST['sym'];
$diag = $_POST['diag'];
$med = $_POST['med'];
$dos = $_POST['dos'];
$sdate = $_POST['sdate'];
$edate = $_POST['edate'];
$bill = $_POST['bill'];
$pp = $_POST['pp'];
$numon = $_POST['numan'];
$rd = $_POST['rd'];
$fname = $_POST['fname'];
$floc = $_POST['floc'];
$status = "close";
/* //Input Validations (still need to do
if (!isset($_POST['bp']) || $_POST['bp'] == '') {
$errMsgArr[] = 'Blood Pressure missing';
$errNum += 1;
}
if (!isset($_POST['weight']) || $_POST['weight'] == '') {
$errMsgArr[] = 'Weight missing';
$errNum += 1;
}
//test
if (!isset($_POST['sym']) || $_POST['sym'] == '') {
$errMsgArr[] = 'Symptoms missing';
$errNum += 1;
}
if (!isset($_POST['diag']) || $_POST['diag'] == '') {
$errMsgArr[] = 'Diagnosis address missing';
$errNum += 1;
} */
//end
if ($errNum == 0) {
//Do update
$updateVistPrep = $db->prepare("UPDATE Appointment SET bp = :bp, weight = :weight, symptoms = :sym, diagnosis = :diag,\r\n\t\t\t\t\t\t\t\t\t\t\t\tbill = :bill, paymentPlan = :pp, NumMonths = :numan, FK_ReferalDoc = :rd,\r\n\t\t\t\t\t\t\t\t\t\t\t\tfileName = :fname, fileLocation = :floc, Status = :status\r\n\t\t\t\t\t\t\t\t\t\t\t\tWHERE PK_AppID = :id");
//$tableType = '';
$vals = array(':bp' => $bp, ':weight' => $weight, ':sym' => $sym, ':diag' => $diag, ':bill' => $bill, ':pp' => $pp, ':numan' => $numan, ':rd' => $ssn, ':fname' => $ssn, ':floc' => $floc, ':id' => $id, ':status' => $status);
$updateVisitSuccess = $updateVistPrep->execute($vals);
if (!$updateVisitSuccess) {
$errMsgArr[] = 'update visit failed';
$errNum += 1;
}
if ($med && $dos && $sdate && $edate) {
$medPrep = $db->prepare("SELECT * FROM Appointment WHERE PK_AppID = '" . $id . "'");
$medSuccess = $medPrep->execute();
$meds = $medPrep->fetch(PDO::FETCH_ASSOC);
$insertMedPrep = $db->prepare("INSERT INTO Medications (FK_PatientID, Medication, Dosage, StartDate, EndDate)\r\n\t\t\t\t\t\t\t\t\t\t\t\tVALUES( '" . $meds['FK_PatientID'] . "', :med, :dos, :sdate, :edate)");
$vals2 = array(':med' => $med, ':dos' => $dos, ':sdate' => $sdate, ':edate' => $edate);
if (!$insertMedPrep->execute($vals2)) {
$errMsgArr[] = "Medication insert fail";
$errNum += 1;
}
}
$retVal = outputXML($errNum, $errMsgArr, $db);
} else {
$retVal = outputXML($errNum, $errMsgArr, $db);
}
return $retVal;
}
}
// backward
if (!in_array($_GET['mod'], $mods)) {
$_GET['mod'] = 'dictionary';
}
$mod = $_GET['mod'];
// shortcut
$_GET['mod'] = 'dictionary';
$_GET['action'] = 'view';
$_GET['format'] = $_GET['format'] == 'json' ? 'json' : 'xml';
// process
require_once $base_dir . '/modules/class_' . $mod . '.php';
$page = new $mod(&$db, &$auth, $msg);
$page->process();
if ($apiData = $page->getAPI()) {
$ret = $_GET['format'] == 'json' ? outputJSON($apiData) : outputXML($apiData);
} else {
$ret = '<p>Antarmuka pemrograman aplikasi (API) yang (masih) sangat sederhana ini dibuat untuk memungkinkan para pengembang memanfaatkan data yang disediakan oleh Kateglo. Untuk tahap awal, baru modul kamus yang dapat diakses dengan API ini.</p>
<p>Gunakan format</p>
<blockquote>http://bahtera.org/kateglo/api.php?format=[xml|json]&phrase=[lema_yang_dicari].</blockquote></p>
<p>Contoh:</p>
<blockquote><a href="api.php?format=xml&phrase=kata">http://bahtera.org/kateglo/api.php?format=xml&phrase=kata</a><br /><a href="api.php?format=json&phrase=bahtera">http://bahtera.org/kateglo/api.php?format=json&phrase=bahtera</a></blockquote>
<p>Silakan pelajari sendiri dulu keluaran XML atau JSON yang dihasilkan karena dokumentasi masih belum sempat dibuat.</p>
<p>API ini disediakan dengan apa adanya, dan ada kemungkinan akan berubah format.</p>';
}
echo $ret;
/**
* output XML
*/
function outputXML(&$apiData)
{
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
//MAKE SURE THEY PASSED US CREDENTIALS
if (!isset($_POST['u']) || $_POST['u'] == '') {
$errMsgArr[] = "No username provided for authentication";
$errNum++;
}
if (!isset($_POST['key']) || $_POST['key'] == '') {
$errMsgArr[] = "No key provided for authentication";
$errNum++;
}
if ($errNum != 0) {
return outputXML($errNum, $errMsgArr, '');
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_POST['u'];
$recKey = $_POST['key'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
$currKey = $memberInfo['CurrentKey'];
$trustString = "xolJXj25jlk56LJkk5677LS";
$trustedKey = md5($currKey . $trustString);
if ($recKey == $trustedKey) {
if ($memberInfo['Type'] == 1) {
$userName = $_POST['u'];
} else {
$userName = $_POST['UserName'];
}
//update database with new password
if ($errNum == 0) {
$updateSQL = 'UPDATE Users SET';
$updateSQL .= " Users.FirstName=:FirstName";
$updateSQL .= ", Users.LastName=:LastName";
$updateSQL .= ", Users.Sex=:Sex";
$updateSQL .= ", Users.Birthday=:Birthday";
$updateSQL .= ", Users.SSN=:SSN";
$updateSQL .= ", Users.Email=:Email";
$updateSQL .= ", Users.PhoneNumber=:PhoneNumber";
$paramArray = array(":FirstName" => $_POST['FirstName'], ":LastName" => $_POST['LastName'], ":Sex" => $_POST['Sex'], ":Birthday" => $_POST['Birthday'], ":SSN" => $_POST['SSN'], ":Email" => $_POST['Email'], ":PhoneNumber" => $_POST['PhoneNumber']);
if ($_POST['Status'] == 'lock') {
$updateSQL .= ", Users.Locked='1'";
} else {
$updateSQL .= ", Users.Locked='0'";
}
if ($_POST['NeedApproval'] == 'Approve') {
$updateSQL .= ", Users.NeedApproval='0'";
}
$updateSQL .= " WHERE Users.UserName=:user";
$paramArray[":user"] = $userName;
$prep = $db->prepare($updateSQL);
$updateSucc = $prep->execute($paramArray);
$updateSucc = true;
if (!$updateSucc) {
$errorInfoArray = $prep->errorInfo();
$errMsgArr[] = $errorInfoArray[2];
$errNum++;
return outputXML($errNum, $errMsgArr, $memberInfo);
}
if ($_POST['Type'] == 1 || $memberInfo['Type'] == 1) {
//$updateSQL = 'UPDATE Insurance SET';
//$updateSQL .= " Insurance.`Company_Name`=:Company_Name";
//$updateSQL .= ", Insurance.`Plan_Type`=:Plan_Type";
//$updateSQL .= ", Insurance.`Plan_Num`=:Plan_Num";
//$updateSQL .= ", Insurance.`Co-Pay`=:Co-Pay";
//$updateSQL .= ", Insurance.`Coverage-Start`=:Coverage-Start";
//$updateSQL .= ", Insurance.`Coverage-End`=:Coverage-End";
//$updateSQL .= " WHERE Insurance.`FK_PatientID`=:FK_PatientID";
$paramArray = array(":Company_Name" => $_POST['Company_Name'], ":Plan_Type" => $_POST['Plan_Type'], ":Plan_Num" => $_POST['Plan_Num'], ":Co-Pay" => $_POST['Co-Pay'], ":Coverage-Start" => $_POST['Coverage-Start'], ":Coverage-End" => $_POST['Coverage-End']);
$paramArray = array(":Company_Name" => $_POST['Company_Name'], ":Plan_Type" => $_POST['Plan_Type'], ":Plan_Num" => $_POST['Plan_Num'], ":CoPay" => $_POST['Co-Pay'], ":CoverageStart" => $_POST['Coverage-Start'], ":CoverageEnd" => $_POST['Coverage-End']);
if ($memberInfo['Type'] == 1) {
$patIDQry = "SELECT Patient.PK_PatientID FROM Patient WHERE Patient.FK_member_id = " . $memberInfo['PK_member_id'];
$patIDPrep = $db->prepare($patIDQry);
$updateSucc = $patIDPrep->execute();
if (!$updateSucc) {
$errorInfoArray = $prep->errorInfo();
$errMsgArr[] = $errorInfoArray[2];
$errNum++;
return outputXML($errNum, $errMsgArr, $memberInfo);
}
$thisPatID = $patIDPrep->fetch(PDO::FETCH_ASSOC);
$paramArray[":FK_PatientID"] = $thisPatID['PK_PatientID'];
} else {
if ($_POST['Type'] == 1) {
$paramArray[":FK_PatientID"] = $_POST['PersonalID'];
}
}
$updateSQL = "UPDATE Insurance SET `Company_Name`=:Company_Name, `Plan_Type`=:Plan_Type, \r\n\t\t\t\t\t\t\t`Plan_Num`=:Plan_Num, `Co-Pay`=:CoPay, `Coverage-Start`=:CoverageStart, `Coverage-End`=:CoverageEnd\r\n\t\t\t\t\t\t\tWHERE FK_PatientID=:FK_PatientID";
$prep = $db->prepare($updateSQL);
$updateSucc = $prep->execute($paramArray);
print "PARAM---\n";
print_r($paramArray);
if (!$updateSucc) {
$errorInfoArray = $prep->errorInfo();
$errMsgArr[] = $errorInfoArray[2] . ": db error for insurance";
$errNum++;
return outputXML($errNum, $errMsgArr, $memberInfo);
}
}
}
$thin = $_POST['FK_PatientID'];
// print("_----" . $thin);
//return $_POST['FK_PatientID'];
} else {
$errMsgArr[] = "Unauthorized to change password";
$errNum++;
}
$retVal = outputXML($errNum, $errMsgArr, $memberInfo);
return $retVal;
}
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
$date = $_GET['date'];
//MAKE SURE THEY PASSED US CREDENTIALS
if (!isset($_GET['u']) || $_GET['u'] == '') {
$errMsgArr[] = "No username provided for authentication";
$errNum++;
}
if (!isset($_GET['key']) || $_GET['key'] == '') {
$errMsgArr[] = "No key provided for authentication";
$errNum++;
}
if ($errNum != 0) {
return outputXML($errNum, $errMsgArr, '');
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_GET['u'];
$recKey = $_GET['key'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$currKey = $memberInfo['CurrentKey'];
$trustString = "xolJXj25jlk56LJkk5677LS";
$trustedKey = md5($currKey . $trustString);
//are user credentials going to be used?
if ($recKey == $trustedKey || $recKey == $currKey) {
$qry = "SELECT Appointment.PK_AppID, Appointment.Bill, Users.UserName, Insurance.Company_Name, Insurance.Plan_Type, Insurance.Plan_Num, Insurance.Coverage_Percent\n FROM Appointment, Users, Insurance\n WHERE `Appointment`.`Date` = :date\n AND Users.PK_member_id=(SELECT Patient.FK_member_id FROM Patient WHERE Patient.PK_PatientID = Appointment.FK_PatientID)\n AND Insurance.FK_PatientID = Appointment.FK_PatientID";
/*
$qry = "Select Appointment.*, UDoc.LastName AS DocName, UPat.FirstName AS PatFirstName, UPat.LastName AS PatLastName
From Appointment, Users UDoc, Users UPat WHERE ";
if ($memberInfo['Type'] == 1) {
//doctor name is $apptInfo['DocName']
//patient name is $memberInfo['FirstName']
$qry .= "Appointment.FK_PatientID = (SELECT Patient.PK_PatientID FROM Patient WHERE FK_member_id = :user)
AND UPat.PK_member_id = :user AND UDoc.PK_member_id =
(SELECT Doctor.FK_member_id FROM Doctor WHERE Doctor.PK_DoctorID = Appointment.FK_DoctorID)";
if (isset($_GET['aid'])) {
$qry .= " AND Appointment.PK_AppID = :aid";
}
$target = $memberInfo['PK_member_id'];
} else if ($memberInfo['Type'] == 300) {
//doctor name is $memberInfo['LastName']
//patient name is $apptInfo['LastName']
$qry .= "Appointment.FK_DoctorID = (SELECT Doctor.PK_DoctorID FROM Doctor WHERE FK_member_id = :user)
AND UDoc.PK_member_id = :user AND UPat.PK_member_id =
(SELECT Patient.FK_member_id FROM Patient WHERE Patient.PK_PatientID = Appointment.FK_PatientID)";
if (isset($_GET['aid'])) {
$qry .= " AND Appointment.PK_AppID = :aid";
}
$target = $memberInfo['PK_member_id'];
} else if ($memberInfo['Type'] == 400) {
if (isset($_GET['pat'])) {
$qry .= "Appointment.FK_DoctorID = (SELECT Doctor.PK_DoctorID FROM Doctor WHERE FK_member_id = :user)
AND UDoc.PK_member_id = :user AND UPat.PK_member_id =
(SELECT Patient.FK_member_id FROM Patient WHERE Patient.PK_PatientID = Appointment.FK_PatientID)";
$target = $_GET['pat'];
} else if (isset($_GET['doc'])) {
$qry .= "Appointment.FK_DoctorID = (SELECT Doctor.PK_DoctorID FROM Doctor WHERE FK_member_id = :user)
AND UDoc.PK_member_id = :user AND UPat.PK_member_id =
(SELECT Patient.FK_member_id FROM Patient WHERE Patient.PK_PatientID = Appointment.FK_PatientID)";
$target = $_GET['doc'];
} else {
$qry .= "UDoc.PK_member_id = (SELECT Doctor.FK_member_id FROM Doctor WHERE Doctor.PK_DoctorID = Appointment.FK_DoctorID)
AND UPat.PK_member_id = (SELECT Patient.FK_member_id FROM Patient WHERE Patient.PK_PatientID = Appointment.FK_PatientID)";
$target = '';
}
if (isset($_GET['aid'])) {
$qry .= " AND Appointment.PK_AppID =:aid";
}
}
*/
$apptInfoPrep = $db->prepare($qry);
$apptArray = array(':date' => $date);
$apptInfoSuccess = $apptInfoPrep->execute($apptArray);
if (!$apptInfoSuccess) {
$pdoError = $apptInfoPrep->errorInfo();
$errMsgArr[] = "DATABASE ERROR TWO";
//$errMsgArr[] = ' aid = ' . $apptArray[':aid'];
$errNum++;
}
if ($errNum == 0) {
$retVal = outputXML($errNum, $errMsgArr, $apptInfoPrep);
} else {
$retVal = outputXML($errNum, $errMsgArr, '');
}
} else {
// $errMsgArr[] = "Unauthorized to view information";
$errMsgArr[] = $trustedKey;
$errNum++;
$retVal = outputXML($errNum, $errMsgArr, '');
}
// $retVal = "STUFF";
return $retVal;
}
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
//MAKE SURE THEY PASSED US CREDENTIALS
if (!isset($_POST['u']) || $_POST['u'] == '') {
$errMsgArr[] = "No username provided for authentication";
$errNum++;
}
if (!isset($_POST['key']) || $_POST['key'] == '') {
$errMsgArr[] = "No key provided for authentication";
$errNum++;
}
if ($errNum != 0) {
return outputXML($errNum, $errMsgArr, '');
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_POST['u'];
$recKey = $_POST['key'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
$currKey = $memberInfo['CurrentKey'];
$trustString = "xolJXj25jlk56LJkk5677LS";
$trustedKey = md5($currKey . $trustString);
if ($recKey == $trustedKey || $recKey == $currKey) {
//ENSURE OLD PASS AND TWO NEW PASSWORDS PROVIDED
//FIGURE OUT IF WE'RE ADDING A NEW ONE OR OLD
$aidIsSet = isset($_POST['aid']);
if ($aidIsSet && (!isset($_POST['status']) || $_POST['status'] == '')) {
$thing = false;
$errMsgArr[] = "No status provided";
$errNum++;
} else {
if (!$aidIsSet) {
$_POST['status'] = true;
}
}
if (!isset($_POST['reminder']) || $_POST['reminder'] == '') {
$errMsgArr[] = "No reminder setting provided";
$errNum++;
}
if (!isset($_POST['reason']) || $_POST['reason'] == '') {
$errMsgArr[] = "No reason for appointment provided";
$errNum++;
}
if (!isset($_POST['time']) || $_POST['time'] == '') {
$errMsgArr[] = "No appointment time provided";
$errNum++;
} else {
if (!preg_match('/^([1-9]|0[1-9]|1[0-9]|2[0-3]):([0-5][0-9])$/', $_POST['time'])) {
$errMsgArr[] = "Improper Time Format";
$errNum++;
}
}
if (!isset($_POST['date']) || $_POST['date'] == '') {
$errMsgArr[] = "No appointment date provided";
$errNum++;
} else {
if (!preg_match('/^(2[0-9][0-9][0-9])-([1-9]|0[1-9]|1[0-2])-([1-9]|0[1-9]|[1-2][0-9]|3[0-1])$/', $_POST['date'])) {
$errMsgArr[] = "Improper date format";
$errNum++;
}
}
$needDoc = $memberInfo['Type'] == 1 || $memberInfo['Type'] == 200 || $memberInfo['Type'] == 400;
$needPat = $memberInfo['Type'] == 200 || $memberInfo['Type'] == 300 || $memberInfo['Type'] == 400;
if (!$needDoc) {
$thisDocIDPrep = $db->prepare("SELECT Doctor.PK_DoctorID FROM Doctor WHERE FK_member_id = :memID;");
$thisDocIDSuccess = $thisDocIDPrep->execute(array(":memID" => $memberInfo['PK_member_id']));
//failed to access database for user info
if (!$thisDocIDSuccess) {
$errMsgArr[] = "Getting doctor id error";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$docIDArray = $thisDocIDPrep->fetch(PDO::FETCH_ASSOC);
$docID = $docIDArray['PK_DoctorID'];
$_POST['doctor'] = $docID;
}
if (!$needPat) {
$thisPatIDPrep = $db->prepare("SELECT Patient.PK_PatientID FROM Patient WHERE FK_member_id = :memID;");
$thisPatIDSuccess = $thisPatIDPrep->execute(array(":memID" => $memberInfo['PK_member_id']));
//failed to access database for user info
if (!$thisPatIDSuccess) {
$errMsgArr[] = "Getting patient id error";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$patIDArray = $thisPatIDPrep->fetch(PDO::FETCH_ASSOC);
$patID = $patIDArray['PK_PatientID'];
$_POST['patient'] = $patID;
}
if (!isset($_POST['doctor']) || $_POST['doctor'] == '' || $_POST['doctor'] == 0) {
$errMsgArr[] = "No doctor provided";
$errNum++;
}
if (!isset($_POST['patient']) || $_POST['patient'] == '' || $_POST['patient'] == 0) {
$errMsgArr[] = "No patient provided";
$errNum++;
}
//Make sure old password correct
$aid = $_POST['aid'];
$status = $_POST['status'];
if ($_POST['reminder'] == 'true') {
$reminder = 1;
} else {
$reminder = 0;
}
//print($reminder);
//$reminder = $_POST['reminder'];
$reason = $_POST['reason'];
$time = $_POST['time'] . ":00";
$date = $_POST['date'];
$doctor = $_POST['doctor'];
$patient = $_POST['patient'];
$address = "12345 Hospital Lane";
$str = "SELECT Appointment.PK_AppID FROM Appointment WHERE \r\n\t\t\t\tDate=:date AND Time=:time AND (FK_PatientID=:patID OR FK_DoctorID=:docID) AND Status!='Cancelled'";
$availParam = array(":date" => $date, ":time" => $time, ":patID" => $patient, ":docID" => $doctor);
if ($aidIsSet) {
$str .= " AND PK_AppID!=:aid";
$availParam["aid"] = $aid;
}
$availPrep = $db->prepare($str);
$availSuccess = $availPrep->execute($availParam);
//failed to access database for user info
if (!$availSuccess) {
$errMsgArr[] = "Checking schedule conflict error";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
if ($availPrep->rowCount() != 0 && $status != 'Cancelled') {
//$answerArray = $availPrep->fetch(PDO::FETCH_ASSOC);
//$errMsgArr[] = $answerArray['PK_AppID'] . "Scheduling Conflict" . " Row Count " . $availPrep->rowCount();
$errMsgArr[] = "Scheduling conflict";
$errNum++;
}
//update database with new appt info
if ($errNum == 0) {
if ($aidIsSet) {
$str = "UPDATE Appointment SET `FK_DoctorID`='{$doctor}', FK_PatientID='{$patient}', `Date`='{$date}', `Time`='{$time}', `Address`='{$address}',\r\n\t\t\t\t\t\t`Status`='{$status}', `Reason`='{$reason}', `Reminder`='{$reminder}' WHERE `PK_AppID`='{$aid}';";
// print($str);
$insertAppt = $db->prepare($str);
$success = $insertAppt->execute();
if (!$success) {
$sqlError = $insertAppt->errorInfo();
$errMsgArr[] = $sqlError[2];
$errNum++;
}
} else {
$str = "INSERT INTO Appointment (FK_DoctorID, FK_PatientID, `Date`, `Time`, `Address`, `Status`, `Reason`, `Reminder`)\r\n\t\t\t\t\t\tVALUES ('{$doctor}', '{$patient}', '{$date}', '{$time}', '{$address}', '{$status}', '{$reason}', '{$reminder}');";
$insertAppt = $db->prepare($str);
$success = $insertAppt->execute();
if (!$success) {
$sqlError = $insertAppt->errorInfo();
$errMsgArr[] = $sqlError[2];
$errNum++;
} else {
$getApptID = $db->prepare("SELECT @@IDENTITY");
$apptIDSucc = $getApptID->execute();
if (!$apptIDSucc) {
$sqlError = $insertAppt->errorInfo();
$errMsgArr[] = $sqlError[2];
$errNum++;
} else {
$apptIDArray = $getApptID->fetch(PDO::FETCH_ASSOC);
$_POST['aid'] = $apptIDArray['@@IDENTITY'];
}
}
}
}
} else {
$errMsgArr[] = "Unauthorized to change appointment information";
$errNum++;
}
$retVal = outputXML($errNum, $errMsgArr, $memberInfo);
return $retVal;
}
function doService($url, $method)
{
if ($method == 'POST') {
$user = strtoupper($_POST['u']);
$qry = "SELECT * FROM Users WHERE UserName='******'";
$result = mysql_query($qry);
$member = mysql_fetch_assoc($result);
$pwd = $member['Password'];
$trustedKey = "xolJXj25jlk56LJkk5677LS";
$controlString = "3p1XyTiBj01EM0360lFw";
$AUTH_KEY = md5($user . $pwd . $controlString);
$TRUST_KEY = md5($AUTH_KEY . $trustedKey);
$postKey = $_POST['key'];
if ($postKey == $TRUST_KEY) {
if (isset($_POST['oldpass'])) {
if ($_POST['newpass1'] == $_POST['newpass2']) {
$qry = "SELECT * FROM Users WHERE UserName='******' AND Password='******'oldpass']) . "'";
$result = mysql_query($qry);
$oldpass = $_POST['oldpass'];
$newpass1 = $_POST['newpass1'];
$newpass2 = $_POST['newpass2'];
$numError = 0;
$ErrorString;
//Check whether the query was successful or not
if ($result) {
if (mysql_num_rows($result) == 1) {
//problems with new password
if ($oldpass == $newpass1) {
$errmsg_arr[] = 'New and old passwords must be different';
$ErrorString .= "Error: New and old passwords must be different.\n<br />";
$numError += 1;
}
if (!ctype_alnum($newpass1)) {
$errmsg_arr[] = 'New password should be numbers & Digits only';
$ErrorString .= "Error: New password should be numbers & Digits only.\n<br />";
$numError += 1;
}
if (strlen($newpass1) < 7) {
$errmsg_arr[] = 'New password must be at least 7 chars';
$ErrorString .= "Error: New password must be at least 7 chars.\n<br />";
$numError += 1;
}
if (strlen($newpass1) > 20) {
$errmsg_arr[] = 'New password must be at most 20 chars';
$ErrorString .= "Error: New password must be at most 20 chars.\n<br />";
$numError += 1;
}
if (!preg_match('`[A-Z]`', $newpass1)) {
$errmsg_arr[] = 'New password must contain at least one upper case';
$ErrorString .= "Error: New password must contain at least one upper case.\n<br />";
$numError += 1;
}
if (!preg_match('`[a-z]`', $newpass1)) {
$errmsg_arr[] = 'New password must contain at least one lower case';
$ErrorString .= "Error: New password must contain at least one lower case.\n<br />";
$numError += 1;
}
if (!preg_match('`[0-9]`', $newpass1)) {
$errmsg_arr[] = 'New password must contain at least one digit';
$ErrorString .= "Error: New password must contain at least one digit.\n<br />";
$numError += 1;
}
if ($numError == 0) {
$updateQry = "UPDATE Users SET Password='******' WHERE UserName='******' AND Password='******'";
if (!mysql_query($updateQry)) {
$ErrorString .= mysql_error() . "\n<br />";
$numError += 1;
$retVal = outputXML('0', -1, $numError, $ErrorString);
}
$controlString = "3p1XyTiBj01EM0360lFw";
$AUTH_KEY = md5(strtoupper($user) . md5($newpass1) . $controlString);
$retVal = outputXML('1', $AUTH_KEY, $numError, $ErrorString);
} else {
$retVal = outputXML('0', 'PASSWORD RESET ERROR', $numError, $ErrorString);
}
} else {
//Login failed or old password is wrong
$ErrorString .= "Error: Old password is wrong.\n<br />";
$numError += 1;
$retVal = outputXML('0', -1, $numError, $ErrorString);
}
} else {
$ErrorString .= "Result was empty!\n<br />";
$numError += 1;
$retVal = outputXML('0', -1, $numError, $ErrorString);
}
} else {
$ErrorString .= "New Passwords do not match\n<br />";
$numError += 1;
$retVal = outputXML('0', -1, $numError, $ErrorString);
}
} else {
$ErrorString .= "Old Password Incorrect\n<br />";
$numError += 1;
$retVal = outputXML('0', -1, $numError, $ErrorString);
}
} else {
if ($postKey == $AUTH_KEY) {
$ErrorString .= "UNTRUSTED CLIENTS UNABLE TO UPDATE ACCOUNT INFORMATION\n<br />";
$numError += 1;
$retVal = outputXML('0', -1, $numError, $ErrorString);
} else {
$ErrorString .= "UNAUTHORIZED ACCESS\n<br />";
$numError += 1;
$retVal = outputXML('0', -1, $numError, $ErrorString);
}
}
} else {
$ErrorString .= "RECEIVED INCORRECT MESSAGE\n<br />";
$numError += 1;
$retVal = outputXML('0', -1, $numError, $ErrorString);
}
return $retVal;
}
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
//Input Validations
if (!isset($_GET['pat']) || $_GET['pat'] == '') {
$errMsgArr[] = 'Patient ID number missing';
$errNum++;
}
if (!isset($_GET['doc']) || $_GET['doc'] == '') {
$errMsgArr[] = 'Doctor ID number missing';
$errNum++;
}
//end
if (!isset($_GET['u']) || $_GET['u'] == '') {
$errMsgArr[] = 'Login ID missing';
$errNum++;
}
if (!isset($_GET['key']) || $_GET['key'] == '' || $_GET['key'] == 'd41d8cd98f00b204e9800998ecf8427e') {
$errMsgArr[] = 'Authorization key missing';
$errNum++;
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_GET['u'];
$recKey = $_GET['key'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$currKey = $memberInfo['CurrentKey'];
$trustString = "xolJXj25jlk56LJkk5677LS";
$trustedKey = md5($currKey . $trustString);
if ($recKey == $trustedKey || $reKey == $currKey) {
$patID = $_GET['pat'];
$docID = $_GET['doc'];
if ($docID == -1) {
$docID = NULL;
}
$qry = "UPDATE Patient SET FK_DoctorID = :doc WHERE PK_PatientID = :pat";
$patientInfoPrep = $db->prepare($qry);
$patientInfoSuccess = $patientInfoPrep->execute(array(":doc" => $docID, ":pat" => $patID));
if (!$patientInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR TWO";
$errNum++;
}
if (errNum == 0) {
$retVal = outputXML($errNum, $errMsgArr, $memberInfo);
//print($patientInfoPrep->rowCount());
} else {
$retVal = outputXML($errNum, $errMsgArr, '');
}
} else {
$errMsgArr[] = "Unauthorized to view information";
$errNum++;
$retVal = outputXML($errNum, $errMsgArr, '');
}
return $retVal;
}
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
//MAKE SURE THEY PASSED US CREDENTIALS
if (!isset($_POST['u']) || $_POST['u'] == '') {
$errMsgArr[] = "No username provided for authentication";
$errNum++;
}
if (!isset($_POST['key']) || $_POST['key'] == '') {
$errMsgArr[] = "No key provided for authentication";
$errNum++;
}
if ($errNum != 0) {
return outputXML($errNum, $errMsgArr, '');
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_POST['u'];
$recKey = $_POST['key'];
$aid = $_POST['aid'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
$currKey = $memberInfo['CurrentKey'];
$trustString = "xolJXj25jlk56LJkk5677LS";
$trustedKey = md5($currKey . $trustString);
if ($recKey == $trustedKey) {
$updateSQL2 = "UPDATE Appointment SET Status='Completed', Reason=:Reason, \r\n\t\t\t\t\t\tbp = :BP, weight = :Weight, symptoms = :Symptoms,\r\n\t\t\t\t\t\tdiagnosis = :Diagnosis, bill = :Bill, fileLocation = :file, fileSize = :fsize \r\n\t\t\t\t\t\tWHERE PK_AppID = :aid";
$paramArray = array(":aid" => $_POST['aid'], ":BP" => $_POST['bp'], ":Weight" => $_POST['weight'], ":Reason" => $_POST['reason'], ":Diagnosis" => $_POST['diagnosis'], ":Symptoms" => $_POST['symptoms'], ":Bill" => $_POST['totalBill'], ":file" => $_POST['fileName'], ":fsize" => $_POST['fileSize']);
$prep2 = $db->prepare($updateSQL2);
$updateSucc = $prep2->execute($paramArray);
if (!$updateSucc) {
$errorInfoArray = $prep2->errorInfo();
//$errMsgArr[] = $errorInfoArray[2];
$errMsgArr[] = "prep2";
$errNum++;
return outputXML($errNum, $errMsgArr, $memberInfo);
}
global $currentPath;
$request = $currentPath . "apptViewREST.php?";
$request .= "u=" . urlencode($user);
$request .= "&key=" . urlencode($recKey);
$request .= "&aid=" . urlencode($aid);
//die($request);
//format and send request
$ch = curl_init($request);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 4);
curl_setopt($ch, CURLOPT_TIMEOUT, 8);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$RESToutput = curl_exec($ch);
//send URL Request to RESTServer... returns string
curl_close($ch);
//string from server has been returned <XML> closethe channel
//die($RESToutput);
if ($RESToutput == '') {
die("CONNECTION ERROR");
}
//parse return string
$parser = xml_parser_create();
xml_parse_into_struct($parser, $RESToutput, $wsResponse, $wsIndices);
xml_parser_free($parser);
$errNum = $wsResponse[$wsIndices['ERRNUM'][0]]['value'];
if ($errNum != 0) {
$ct = 0;
while ($ct < $errNum) {
$err_msg_arr[] = $wsResponse[$wsIndices['ERROR'][$ct]]['value'];
$ct++;
}
$_SESSION['ERRMSG_ARR'] = $err_msg_arr;
}
$pid = $wsResponse[$wsIndices['PATID'][0]]['value'];
//die("FK_PATIENTID " . $pid);
$updateSQL4 = "INSERT INTO Medications(FK_PatientID, Medication, Dosage)\r\n\t\t\t\t\t\t\tVALUES(:pid, :Medicine, :Dosage)";
$paramArray3 = array(":Medicine" => $_POST['medicine'], ":Dosage" => $_POST['dosage'], ":pid" => $pid);
$prep4 = $db->prepare($updateSQL4);
$updateSucc = $prep4->execute($paramArray3);
if (!$updateSucc) {
$errorInfoArray = $prep->errorInfo();
//$errMsgArr[] = $errorInfoArray[2];
$errMsgArr[] = "DATABASE ERROR TWO";
$errNum++;
return outputXML($errNum, $errMsgArr, $memberInfo);
}
//return $_POST['FK_PatientID'];
} else {
$errMsgArr[] = "Unauthorized to change password";
$errNum++;
}
//do file stuff
$retVal = outputXML($errNum, $errMsgArr, $memberInfo);
return $retVal;
}
function doService($db)
{
$errMsgArr = array();
$errNum = 0;
$amount = $_POST['amount'];
$month = $_POST['month'];
$day = $_POST['day'];
$year = $_POST['year'];
$appID = $_POST['appID'];
if ($errNum == 0) {
//set up and insert values into the user table
//getting the patient id from the user table
//$getPID = $db->prepare("Select * FROM Patient WHERE FK_member_id = (Select PK_member_id From Users where UserName = '******'u'] . "');");
//$succes = $getPID->execute();
//$member = $getPID->fetch(PDO::FETCH_ASSOC);
//$pid = $member['PK_PatientID'];
$addCoPayPrep = $db->prepare("INSERT INTO Copayment(Amount, Date, FK_AppID) \n VALUES(:amount, :date, :appID);");
//$tableType = '';
//$status = "scheduled";
$date = $year . "-" . $month . "-" . $day;
$time = $hour . "";
$vals = array(':amount' => $amount, ':date' => $date, ':appID' => $appID);
$addCoPaytSuccess = $addCoPayPrep->execute($vals);
//$needapproval;
//$type;
if (!$insertApptSuccess) {
$errMsgArr[] = 'Add CoPay failed';
$errNum += 1;
}
$retVal = outputXML($errNum, $errMsgArr, $db);
} else {
$retVal = outputXML($errNum, $errMsgArr, $db);
}
return $retVal;
}
function doService($url, $method, $levelForAll)
{
if ($method == 'GET') {
$user = strtoupper($_GET['u']);
$qry = "SELECT * FROM Users WHERE UserName='******'";
$result = mysql_query($qry);
$member = mysql_fetch_assoc($result);
$pwd = $member['Password'];
$trustedKey = "xolJXj25jlk56LJkk5677LS";
$controlString = "3p1XyTiBj01EM0360lFw";
$AUTH_KEY = md5($user . $pwd . $controlString);
$TRUST_KEY = md5($AUTH_KEY . $trustedKey);
$postKey = $_GET['key'];
if ($postKey == $TRUST_KEY && (int) $member['Type'] >= $levelForAll) {
if ($_GET['targetType'] == '' || $_GET['target'] == '') {
$retVal = outputXML('1', '', '', '');
} else {
$retVal = outputXML('1', '', $_GET['targetType'], $_GET['target']);
}
} else {
if ($postKey == $TRUST_KEY) {
$retVal = outputXML('1', '', 'UserName', $user);
} else {
if ($postKey == $AUTH_KEY) {
$retVal = outputXML('0', 'UNTRUSTED CLIENTS UNABLE TO UPDATE ACCOUNT INFORMATION');
} else {
$retVal = outputXML('0', 'UNAUTHORIZED ACCESS');
}
}
}
} else {
$retVal = outputXML('0', 'RECEIVED INCORRECT MESSAGE');
}
return $retVal;
}
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
if (!isset($_GET['u']) || $_GET['u'] == '') {
$errMsgArr[] = 'Login ID Missing';
$errNum += 1;
}
if (!isset($_GET['p']) || $_GET['p'] == '' || $_GET['p'] == 'd41d8cd98f00b204e9800998ecf8427e') {
$errMsgArr[] = 'Password Missing';
$errNum += 1;
}
$user = strtoupper($_GET['u']);
$pw = $_GET['p'];
// // CHECK FOR MULTIPLE SERVICE REQESTS FROM IP, DENY IF > 3/MINUTE, ALLOW OTHERWISE
// $prep = $db->prepare('SELECT TimeStamp FROM LogFiles WHERE SourceIP = ?');
// if ($prep->execute(array($_SESSION["REMOTE_ADDR"]))) { // if records exist, check them
// if($prep->rowCount() >= 1){ // else if no previous records, proceed
// $info = $prep->fetchAll();
// $currentTime = end($info);
// $currentTime = date_create_from_format('Y-m-d H:i:s', $currentTime[0]);
// $cutOffTime = $currentTime->modify("-1 minutes");
// $count = 0;
// foreach($info as &$record) {
// if(date_create_from_format('Y-m-d H:i:s', $record[0]) > $cutOffTime) {
// $count++;
// }
// }
// if($count > 3) {
// $errMsgArr[] = 'Too many login attempts';
// $errNum += 1;
// $retVal = outputXML($errNum, $errMsgArr, '');
// return $retVal;
// }
// }
// } else {
// $error = $prep->errorInfo();
// $errMsgArr[] = $error[2];
// $errNum += 1;
// return outputXML($errNum, $errMsgArr, '', $db);
// }
// CHECK FOR MULTIPLE SERVICE REQESTS FROM MEMBER_ID, DENY IF > 5/MINUTE, ALLOW OTHERWISE
// FIND MEMEBER_ID FOR CURRENT ATTEMPTED USER
$prep = $db->prepare('SELECT PK_member_id FROM Users WHERE UserName = ?');
$id = '';
if ($prep->execute(array($user))) {
$id = $prep->fetch();
$id = $id[0];
} else {
$error = $prep->errorInfo();
$errMsgArr[] = $error[2];
$errNum += 1;
return outputXML($errNum, $errMsgArr, '', $db);
}
// SEARCH FOR PREVIOUS LOGIN ATTEMPTS BY USER
$prep = $db->prepare('SELECT TimeStamp FROM LogFiles WHERE UserName = ?');
if ($prep->execute(array($user))) {
if ($prep->rowCount() >= 1) {
// if records exist, check them
$info = $prep->fetchAll();
$currentTime = date_create();
$cutOffTime = $currentTime->modify("-12 minutes");
$count = 0;
foreach ($info as &$record) {
// $errMsgArr[] = $record['TimeStamp'] . " compared to " . $cutOffTime->format('Y-m-d H:i:s');
// $errNum += 1;
if (date_create_from_format('Y-m-d H:i:s', $record['TimeStamp']) > $cutOffTime) {
// $errMsgArr[] = $record['TimeStamp'] . " is greater than " . $cutOffTime->format('Y-m-d H:i:s');
// $errNum += 1;
$count++;
}
}
if ($count > 5) {
// IF MORE THAN 5 ATTEMPTS IN A MINUTE, DENY ACCESS
$errMsgArr[] = "Too many login attempts {$count}, {$id}, {$user}";
$errNum += 1;
$retVal = outputXML($errNum, $errMsgArr, '');
return $retVal;
}
}
} else {
$error = $prep->errorInfo();
$errMsgArr[] = $error[2];
$errNum += 1;
return outputXML($errNum, $errMsgArr, '', $db);
}
$prep = $db->prepare("SELECT * FROM `Users` WHERE UserName = :id AND Password = :pw ; ");
//LOOK FOR USERNAME AND PW IN DATABASE THEN CALL OUTPUTXML BASED ON RESULTS
if ($prep->execute(array(":id" => $user, ":pw" => $pw))) {
if ($prep->rowCount() == 1) {
$memberInfo = $prep->fetch(PDO::FETCH_ASSOC);
//CREATE AUTH KEY BASED ON USERNAME . PASSWORD . CONTROL STRING . CURRENT TIME
//AND SAVE IN THE DATABASE
$controlString = "3p1XyTiBj01EM0360lFw";
$user = strtoupper($memberInfo['UserName']);
$pw = $memberInfo['Password'];
$AUTH_KEY = md5($user . $pw . $controlString . date("H:i:s"));
$db->exec("UPDATE Users SET CurrentKey='" . $AUTH_KEY . "' WHERE PK_member_id='" . $memberInfo['PK_member_id'] . "'");
$memberInfo['AUTHKEY'] = $AUTH_KEY;
//DEPENDING ON TYPE GRAB THEIR PERSONAL ID
$qry = "SELECT * FROM ";
if ($memberInfo['Type'] == 1) {
$qry .= "`Patient` ";
$assocString = 'PK_PatientID';
} else {
if ($memberInfo['Type'] == 200) {
$qry .= "`Nurse` ";
$assocString = 'PK_NurseID';
} else {
if ($memberInfo['Type'] == 300) {
$qry .= "`Doctor` ";
$assocString = 'PK_DoctorID';
} else {
if ($memberInfo['Type'] == 400) {
$qry .= "Admin ";
$assocString = 'PK_AdminID';
}
}
}
}
$qry .= " WHERE FK_member_id = :id";
//print($qry . " ID[" . $memberInfo['PK_member_id'] . "]");
$prep = $db->prepare($qry);
if ($prep->execute(array(":id" => $memberInfo['PK_member_id']))) {
//die("PERSONAL ID: " . $prep->rowCount());
$info = $prep->fetch(PDO::FETCH_ASSOC);
$memberInfo['PersonalID'] = $info[$assocString];
} else {
$error = $prep->errorInfo();
$errMsgArr[] = $error[2];
$errNum += 1;
return outputXML($errNum, $errMsgArr, '');
}
$retVal = outputXML($errNum, $errMsgArr, $memberInfo);
} else {
$errMsgArr[] = 'Login and Password Incorrect';
$errNum += 1;
$retVal = outputXML($errNum, $errMsgArr, '');
}
} else {
$error = $prep->errorInfo();
$errMsgArr[] = $error[2];
$errNum += 1;
$retVal = outputXML($errNum, $errMsgArr, '');
}
return $retVal;
}
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
//MAKE SURE THEY PASSED US CREDENTIALS
if (!isset($_GET['u']) || $_GET['u'] == '') {
$errMsgArr[] = "No username provided for authentication";
$errNum++;
}
if (!isset($_GET['key']) || $_GET['key'] == '') {
$errMsgArr[] = "No key provided for authentication";
$errNum++;
}
if ($errNum != 0) {
return outputXML($errNum, $errMsgArr, '');
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_GET['u'];
$recKey = $_GET['key'];
$aid = $_GET['aid'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
$currKey = $memberInfo['CurrentKey'];
$trustString = "xolJXj25jlk56LJkk5677LS";
$trustedKey = md5($currKey . $trustString);
if ($recKey == $trustedKey || $recKey == $currKey) {
$userInfoPrep = $db->prepare("SELECT fileLocation FROM Appointment WHERE PK_AppID = :aid;");
$userInfoSuccess = $userInfoPrep->execute(array(":aid" => $aid));
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
//failed to access database for user info
if (!$userInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR ONE";
$errNum++;
return outputXML($errNum, $errMsgArr, '');
}
//TEST STUFF
//CHANGE THIS TO SUIT YOUR APP
$file_size = $memberInfo['fileSize'];
//bytes
$path_to_file = $memberInfo['fileLocation'];
$path_to_file = rawurldecode($path_to_file);
//SEND HEADER
//@ob_end_clean();
//@ini_set('zlib.output_compression', 'Off');
//header('Pragma: public');
//header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
//header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1
//header('Cache-Control: pre-check=0, post-check=0, max-age=0'); // HTTP/1.1
header("Content-type: image/jpeg");
//header('Content-Disposition: inline; filename="' . basename($path_to_file) . '"');
//header("Content-length: $file_size");
//SEND FILE DATA
/*$file = fopen($path_to_file, "rb");
if ($file) {
while(!feof($file)) {
print(fread($file, 8192));
flush();
if (connection_status() != 0) {
fclose($file);
die();
}
}
fclose($file);
}*/
$content = file_get_contents($path_to_file = rawurldecode($path_to_file));
print $content;
} else {
die("Unauthorized to view information");
}
// $retVal = "STUFF";
return;
}
