require_once 'dbconnection.php';
include 'functions/shared_functions.php';
?>
<?php
header("Access-Control-Allow-Origin: *");
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
$admin = $request->group;
// $password = sqlsrv_escape_string($request->password);
// $nhsnumber = sqlsrv_escape_string($request->nhsnumber);
$password = $request->password;
$nhsnumber = $request->nhsnumber;
// Expects the date in the format 'YYYY-MM-DD'
$dateofbirth = $request->dateofbirth;
$dateofbirth .= "T00:00:00";
$gender = $request->gender;
$activitylevel = $request->activitylevel;
$sql = "SELECT * FROM users WHERE nhsnumber = '" . $nhsnumber . "'";
$nhsnumbercheck = sqlsrv_query($conn, $sql) or die(errorparse("Error: Query to check if nhsnumber exists failed"));
if (!null == sqlsrv_fetch_array($nhsnumbercheck)) {
echo errorparse("failure");
} else {
/// Hash and salt the password
$password = sha1('vq3%jt' . $password . 's1*v');
///Process the query then redirect if successful
$query = "INSERT INTO users (admin, password, nhsnumber, dateofbirth, gender, activitylevel) ";
$query .= "VALUES ('{$admin}', '{$password}', '{$nhsnumber}', CONVERT(datetime2,'{$dateofbirth}',120), '{$gender}', '{$activitylevel}')";
$result = sqlsrv_query($conn, $query) or die(errorparse('Error: Query to insert new user failed. Query: '));
echo errorparse("success");
}
<?php
require_once 'dbconnection.php';
include 'functions/shared_functions.php';
?>
<?php
header("Access-Control-Allow-Origin: *");
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
// $password = sqlsrv_escape_string($request->password);
// $nhsnumber = sqlsrv_escape_string($request->nhsnumber);
$password = $request->password;
$nhsnumber = $request->nhsnumber;
$password = sha1('vq3%jt' . $password . 's1*v');
$sql = "SELECT * FROM users WHERE nhsnumber = '" . $nhsnumber . "' AND password = '******'";
$result = sqlsrv_query($conn, $sql) or die(errorparse("Error: query to check if login details are correct failed"));
if (!null == sqlsrv_fetch_array($result)) {
$query = "SELECT * FROM users WHERE nhsnumber = '" . $nhsnumber . "'";
$result2 = sqlsrv_query($conn, $query) or die(errorparse("Query failed"));
while ($row = sqlsrv_fetch_array($result2)) {
echo errorparse($row['id']);
session_start();
$_SESSION['id'] = $row['id'];
}
} else {
echo errorparse("failure");
}
switch ($table) {
case "foodlist":
echo foodlist($result);
break;
case "userfoodlist":
echo userfoodlist($result);
break;
case "usermeallist":
echo usermeallist($result);
break;
case "userweightmanifest":
echo userweightmanifest($result);
break;
case "userfoodmanifest":
echo userfoodmanifest($result);
break;
case "userrequirementsmanifest":
echo userrequirementsmanifest($result);
break;
case "symptomlist":
echo symptomlist($result);
break;
case "usersymptomlist":
echo usersymptomlist($result);
break;
case "usersymptommanifest":
echo usersymptomlist($result);
break;
default:
echo errorparse("Error: data parse failed");
}