-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapi_with_error_messages.php
149 lines (114 loc) · 3.31 KB
/
api_with_error_messages.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
<?php
//important: this api is not secure and is only for prototyping ;)
//turn off error reporting to use only our response-codes
error_reporting(0);
if(isset($_GET["pid"]) && isset($_GET["code"]) && isset($_GET["operation"])) {
$pid = $_GET["pid"];
$pcode = $_GET["code"];
$operation = $_GET["operation"];
if($operation == "validate_user") {
validate_user($pid, $pcode);
} elseif ($operation == "get_dose") {
if(!isset($_GET["must_order"])) {
print("404\n[must order] is missing in your request");
exit();
}
$must_order = $_GET["must_order"];
get_dose($pid, $pcode, $must_order);
} else {
print("404\nInvalid operation");
exit();
}
} else {
print("404\nInvalid request");
exit();
}
function exec_query($query) {
$host = "localhost";
$username = "id17824824_ranim_5th_year_admin";
$password = "LjXDC_+5{[=<1GfF";
$dbname = "id17824824_ranim_5th_year";
$mysqli = new mysqli($host, $username, $password, $dbname);
// Check connection
if ($mysqli -> connect_errno) {
return false;
print("404\nCan't connect to database. Server error");
exit();
}
// Perform query
if ($result = $mysqli -> query($query)) {
$mysqli -> close();
return $result;
} else {
return false;
}
}
function validate_user($pid, $pcode) {
$query = "SELECT * FROM `patients` WHERE id=$pid AND passcode='$pcode'";
$result = exec_query($query);
if(mysqli_num_rows($result)) {
print("200");
} else {
print("404\nInvalid user");
exit();
}
}
function get_dose($pid, $pcode, $must_order) {
$query = "SELECT timestamp FROM `monitoring` WHERE patient_id=$pid ORDER BY timestamp DESC LIMIT 1";
$result = exec_query($query);
if($result) {
//if the user has already got at least 1 dose from our system
if($record = $result->fetch_object()) {
$last_dose_timestamp = $record->timestamp;
$now_timestamp = time();
$diff = (int)date('H', $now_timestamp - $last_dose_timestamp);
unset($record);
$ordering_error = false;
//give dose only if at least 8 hours difference form last dose
if($diff >= 8) {
//add monitoring data
$query = "INSERT INTO `monitoring` (patient_id) VALUES ($pid)";
$result = exec_query($query);
//order if must
if($must_order == "yes") {
$query = "INSERT INTO `orders` (patient_id) VALUES ($pid)";
$result = exec_query($query);
if($result == false) {
$ordering_error = true;
}
}
if($ordering_error) {
print("434\nWasn't able to order new medicine");
exit();
} else {
print("200");
}
} else {
print("444\nThe patient is trying to get another dose in less that 8 hours.");
exit();
}
} else {//if this is the first time for this user getting a dose from our system (nothing in monitoring from the past)
//add monitoring data
$query = "INSERT INTO `monitoring` (patient_id) VALUES ($pid)";
$result = exec_query($query);
//order if must
if($must_order == "yes") {
$query = "INSERT INTO `orders` (patient_id) VALUES ($pid)";
$result = exec_query($query);
if($result == false) {
$ordering_error = true;
}
}
if($ordering_error) {
print("434\nWasn't able to order new medicine");
exit();
} else {
print("200");
}
}
} else {
print("404\nCan't execute databse monitoring query. Server error.");
exit();
}
}
?>