}
$qry .= " WHERE FK_member_id = :id";
//print($qry . " ID[" . $memberInfo['PK_member_id'] . "]");
$prep = $db->prepare($qry);
if ($prep->execute(array(":id" => $memberInfo['PK_member_id']))) {
//die("PERSONAL ID: " . $prep->rowCount());
$info = $prep->fetch(PDO::FETCH_ASSOC);
$memberInfo['PersonalID'] = $info[$assocString];
} else {
$error = $prep->errorInfo();
$errMsgArr[] = $error[2];
$errNum += 1;
return outputXML($errNum, $errMsgArr, '');
}
$retVal = outputXML($errNum, $errMsgArr, $memberInfo);
} else {
$errMsgArr[] = 'Login and Password Incorrect';
$errNum += 1;
$retVal = outputXML($errNum, $errMsgArr, '');
}
} else {
$error = $prep->errorInfo();
$errMsgArr[] = $error[2];
$errNum += 1;
$retVal = outputXML($errNum, $errMsgArr, '');
}
return $retVal;
}
clean(&$_GET);
$output = doService();
print $output;
if (mysql_query($updateQry)) {
if (mysql_query($statusQry)) {
$retVal = outputXML('1', 'SUCCESSFUL UPDATE!');
} else {
$retVal = outputXML('0', mysql_error());
}
} else {
$retVal = outputXML('0', mysql_error());
}
} else {
if ($postKey == $AUTH_KEY) {
$retVal = outputXML('0', 'UNTRUSTED CLIENTS UNABLE TO UPDATE ACCOUNT INFORMATION');
} else {
$retVal = outputXML('0', 'UNAUTHORIZED ACCESS');
}
}
} else {
$retVal = outputXML('0', 'RECEIVED INCORRECT MESSAGE');
}
return $retVal;
}
//8758e4c115ba4669e13a574464488496xolJXj25jlk56LJkk5677LS
//AUTH KEY 40fc9157068b426ea62b1134d57be6ce
// set up some useful variables
$serviceURL = $_SERVER['REQUEST_URI'];
$serviceMethod = strtoupper($_SERVER['REQUEST_METHOD']);
$getArgs = $_GET;
$postArgs = $_POST;
//don't care about post
$retVal = doService($serviceURL, $serviceMethod, 400);
print $retVal;
$day = $_POST['day'];
$year = $_POST['year'];
$appID = $_POST['appID'];
if ($errNum == 0) {
//set up and insert values into the user table
//getting the patient id from the user table
//$getPID = $db->prepare("Select * FROM Patient WHERE FK_member_id = (Select PK_member_id From Users where UserName = '******'u'] . "');");
//$succes = $getPID->execute();
//$member = $getPID->fetch(PDO::FETCH_ASSOC);
//$pid = $member['PK_PatientID'];
$addCoPayPrep = $db->prepare("INSERT INTO Copayment(Amount, Date, FK_AppID) \n VALUES(:amount, :date, :appID);");
//$tableType = '';
//$status = "scheduled";
$date = $year . "-" . $month . "-" . $day;
$time = $hour . "";
$vals = array(':amount' => $amount, ':date' => $date, ':appID' => $appID);
$addCoPaytSuccess = $addCoPayPrep->execute($vals);
//$needapproval;
//$type;
if (!$insertApptSuccess) {
$errMsgArr[] = 'Add CoPay failed';
$errNum += 1;
}
$retVal = outputXML($errNum, $errMsgArr, $db);
} else {
$retVal = outputXML($errNum, $errMsgArr, $db);
}
return $retVal;
}
$output = doService($db);
print $output;
$target = $_GET['u'];
}
$qry = "SELECT * FROM Users LEFT JOIN Patient ON Users.PK_member_id = Patient.FK_member_id\r\n\t\t\t\t\tLEFT JOIN Insurance ON Insurance.FK_PatientID = Patient.PK_PatientID";
if ($target != "all") {
$qry .= " WHERE UserName = :target";
}
$patientInfoPrep = $db->prepare($qry);
$patientInfoSuccess = $patientInfoPrep->execute(array(":target" => $target));
if (!$patientInfoSuccess) {
$errMsgArr[] = "DATABASE ERROR TWO";
$errNum++;
}
if ($errNum == 0) {
$retVal = outputXML($errNum, $errMsgArr, $patientInfoPrep);
//print($patientInfoPrep->rowCount());
} else {
$retVal = outputXML($errNum, $errMsgArr, '');
}
} else {
$errMsgArr[] = "Unauthorized to view information";
$errNum++;
$retVal = outputXML($errNum, $errMsgArr, '');
}
return $retVal;
}
//8758e4c115ba4669e13a574464488496xolJXj25jlk56LJkk5677LS
//AUTH KEY 40fc9157068b426ea62b1134d57be6ce
// set up some useful variables
$output = doService(300);
print $output;
//print("SHIT = " . $_GET['u']);
}
function doService($url, $method, $getArgs, $postArgs)
{
$retVal = "METHOD = " . $method;
if ($method == 'GET') {
if (strtoupper($getArgs['login']) == 'TEST' && strtoupper($getArgs['pw']) == 'TEST') {
$retVal = output('OK', '1', 'GET AUTHENTICATION SUCCESS');
} else {
$retVal = output('OK', '0', 'GET AUTHENTICATION FAILURE');
}
} else {
if ($method == 'POST') {
if (strtoupper($postArgs['login']) == 'TEST' && strtoupper($postArgs['pw']) == 'TEST') {
$retVal = output('OK', '1', 'POST AUTHENTICATION SUCCESS');
} else {
$retVal = output('OK', '0', 'POST AUTHENTICATION SUCCESS');
}
} else {
return 'UNKNOWN METHOD';
}
}
return $retVal;
}
// set up some useful variables
$serviceURL = $_SERVER['REQUEST_URI'];
$serviceMethod = strtoupper($_SERVER['REQUEST_METHOD']);
$getArgs = $_GET;
$postArgs = $_POST;
$retVal = doService($serviceURL, $serviceMethod, $getArgs, $postArgs);
print "<HTML><H2>{$retVal}</H2></HTML>";
return;
<?php
require_once 'configREST.php';
//sql connection information
require_once 'bootstrapREST.php';
//link information
doService();
function doService()
{
global $db;
$errMsgArr = array();
$errNum = 0;
//MAKE SURE THEY PASSED US CREDENTIALS
if (!isset($_GET['u']) || $_GET['u'] == '') {
$errMsgArr[] = "No username provided for authentication";
$errNum++;
}
if (!isset($_GET['key']) || $_GET['key'] == '') {
$errMsgArr[] = "No key provided for authentication";
$errNum++;
}
if ($errNum != 0) {
return outputXML($errNum, $errMsgArr, '');
}
//USE CREDENTIALS AND AUTHENTICATE
$user = $_GET['u'];
$recKey = $_GET['key'];
$aid = $_GET['aid'];
$userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
$userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
$memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
