Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- header('Access-Control-Allow-Origin: *');
- header('Content-Type: application/json');
- $servername = "localhost";
- $username = "root";
- $password = "";
- $dbname = "emu";
- $emu = "true";
- // Create connection
- $conn = new mysqli($servername, $username, $password, $dbname);
- // Check connection
- if ($conn->connect_error) {
- die("Connection failed: " . $conn->connect_error);
- }
- if(isset($_POST["login"])){
- $username = $_POST["username"];
- $password = $_POST["password"];
- $sql = "SELECT * FROM staffs WHERE username='$username' AND password='$password'";
- $result = $conn->query($sql);
- if ($result->num_rows > 0) {
- $row = $result->fetch_assoc();
- $token = rand(10000,100000);
- $staffid = $row["id"];
- $updatesql = "UPDATE staffs SET token='$token' WHERE id='$staffid'";
- if ($conn->query($updatesql) === TRUE) {
- $row["token"] = $token;
- $row["status"] = "Succesful";
- $row["status_message"] = "Succesful logged in";
- $data[] = $row;
- } else {
- echo "Error updating record: " . $conn->error;
- }
- } else {
- $row["status"] = "Fail";
- $row["status_message"] = "Fail";
- $data[] = $row;
- }
- echo json_encode($row);
- }
- if(isset($_GET["stafflist"])){
- $token = $_GET["stafflist"];
- $sql = "SELECT * FROM staffs";
- $result = $conn->query($sql);
- if ($result->num_rows > 0) {
- // output data of each row
- while($row = $result->fetch_assoc()) {
- if($row["type"] != 0){
- $row["personaltype"] = 'Staff';
- $data[] = $row;
- }
- }
- } else {
- }
- $sql = "SELECT * FROM staff_patients";
- $result = $conn->query($sql);
- if ($result->num_rows > 0) {
- // output data of each row
- while($row = $result->fetch_assoc()) {
- $ids = $row["identification_number"];
- $sqlx = "SELECT * FROM patients WHERE identification_number = '$ids' ORDER BY dates DESC limit 1";
- $resultx = $conn->query($sqlx);
- if ($resultx->num_rows > 0) {
- // output data of each row
- while($rowx = $resultx->fetch_assoc()) {
- /* $service_url = 'http://localhost:3000/api/Trader/'.$ids;
- $curl = curl_init($service_url);
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, false);
- $curl_response = curl_exec($curl);
- $data = json_decode($curl_response, true);
- if(isset($data['tradeId'])){
- }else{
- }
- curl_close($curl); */
- $rowx["personaltype"] = 'Patient';
- $data[] = $rowx;
- }
- } else {
- }
- }
- } else {
- }
- echo json_encode($data);
- }
- if(isset($_GET["staffinfo"])){
- $id = $_GET["staffinfo"];
- $sql = "SELECT * FROM staffs WHERE id ='$id'";
- $result = $conn->query($sql);
- if ($result->num_rows > 0) {
- $row = $result->fetch_assoc();
- $data[] = $row;
- } else {
- echo "0 results";
- }
- $json = json_encode($data);
- $json = str_replace("[","", $json);
- $json = str_replace("]","", $json);
- echo $json;
- }
- if(isset($_POST["updatestaff"])){
- $id = $_POST["updatestaff"];
- $fn = $_POST["firstname"];
- $ln = $_POST["lastname"];
- $type = $_POST["position"];
- $sql = "UPDATE staffs SET firstname='$fn', lastname='$ln' ,type='$type' WHERE id='$id'";
- if ($conn->query($sql) === TRUE) {
- echo '{"status":"Successful"}';
- } else {
- echo '{"status":"Fail"}';
- echo "Error updating record: " . $conn->error;
- }
- }
- if(isset($_GET["checktoken"])){
- $token = $_GET["checktoken"];
- $sql = "SELECT * FROM staffs WHERE token='$token'";
- $result = $conn->query($sql);
- if ($result->num_rows > 0) {
- $row = $result->fetch_assoc();
- $data = $row;
- } else {
- $row["expired"] = 'True';
- $data = $row;
- }
- echo json_encode($data);
- }
- if(isset($_GET["patientlist"])){
- $staffid = $_GET["patientlist"];
- $sql = "SELECT * FROM staff_patients WHERE staffid='$staffid'";
- $result = $conn->query($sql);
- if ($result->num_rows > 0) {
- // output data of each row
- while($row = $result->fetch_assoc()) {
- $patientid = $row["identification_number"];
- $sqlpatient = "SELECT * FROM patients WHERE identification_number ='$patientid' ORDER by dates DESC LIMIT 1 ";
- $resultpatient = $conn->query($sqlpatient);
- if ($resultpatient->num_rows > 0) {
- while($patientrow = $resultpatient->fetch_assoc()) {
- $data[] = $patientrow;
- }
- } else {
- echo "0 results";
- }
- }
- } else {
- echo "0 results";
- }
- echo json_encode($data);
- }
- if(isset($_GET["patientinfo"])){
- //Build staff info
- echo $id ;
- $id = $_GET["patientinfo"];
- $sql = "SELECT * FROM patients WHERE identification_number='$id' ORDER by dates DESC LIMIT 1";
- $result = $conn->query($sql);
- if ($result->num_rows > 0) {
- // output data of each row
- $row = $result->fetch_assoc();
- echo '[{"patientinfo":';
- echo '[';
- echo json_encode($row);
- echo '],';
- } else {
- }
- $sql = "SELECT * FROM medical_records WHERE identification_number ='$id'";
- $result = $conn->query($sql);
- if ($result->num_rows > 0) {
- // output data of each row
- echo ' "medical_records":[';
- $totalrow = $result->num_rows;
- $chasingrow = 1;
- while($row = $result->fetch_assoc()) {
- echo json_encode($row);
- if($totalrow > $chasingrow){
- echo ',';
- $chasingrow++;
- }
- }
- echo ']}]';
- } else {
- echo '"medical_records":[]}]';
- }
- }
- if(isset($_POST["updatepatient"])){
- $patientid = $_POST["updatepatient"];
- $firstname = $_POST["firstname"];
- $lastname = $_POST["lastname"];
- $alive = $_POST["status"];
- $datetime = date("Y-m-d H:i:s");
- $sql = "INSERT INTO patients (firstname, lastname, identification_number, dates, alive)
- VALUES ('$firstname', '$lastname', '$patientid', '$datetime', '$alive')";
- if ($conn->query($sql) === TRUE) {
- echo '{"status":"Sucessfull"}';
- } else {
- echo '{"status":"Fail '.$conn->error.'"}';
- }
- }
- if(isset($_POST["updatemedicalrecord"])){
- $patientid = $_POST["updatemedicalrecord"];
- $patientrecord = $_POST["updatesss"];
- $datetime = date("Y-m-d H:i:s");
- $sql = "INSERT INTO medical_records (identification_number, record, recorddate)
- VALUES ('$patientid', '$patientrecord', '$datetime')";
- if ($conn->query($sql) === TRUE) {
- echo '{"status":"Succesful"}';
- } else {
- echo '{"status":"Fail '.$conn->error.'"}';
- }
- }
- if(isset($_POST["assignpatient"])){
- $pid = $_POST["assignpatient"];
- $sid = $_POST["staff"];
- $sql = "DELETE FROM staff_patients WHERE identification_number='$pid'";
- if ($conn->query($sql) === TRUE) {
- $sql = "INSERT INTO staff_patients (identification_number, staffid)
- VALUES ('$pid', '$sid')";
- if ($conn->query($sql) === TRUE) {
- echo '{"status":"successfull"}';
- } else {
- echo "Error: " . $sql . "<br>" . $conn->error;
- }
- }
- }
- if(isset($_POST["addnewstaff"])){
- $fn = $_POST["lastname"];
- $ln = $_POST["firstname"];
- $ps = $_POST["addnewstaff"];
- $un = $_POST["username"];
- $pos = $_POST["password"];
- $sql = "INSERT INTO staffs (firstname, lastname, type, username, password)
- VALUES ('$fn', '$ln', '$ps', '$un', '$pos')";
- if ($conn->query($sql) === TRUE) {
- echo '{"status":"successfull"}';
- } else {
- echo "Error: " . $sql . "<br>" . $conn->error;
- }
- }
- if(isset($_POST["addnewpatient"])){
- $fn = $_POST["lastname"];
- $ln = $_POST["firstname"];
- $address = $_POST["address"];
- $sex = $_POST["gender"];
- $age = $_POST["age"];
- $ids = 'P'.rand(1000,10000);
- $curdate = date("Y-m-d H:i:s")
- $sql = "INSERT INTO patients (firstname, lastname, identification_number, age, address, gender)
- VALUES ('$fn', '$ln', '$ids', '$age', '$address', '$sex')";
- if ($conn->query($sql) === TRUE) {
- echo '{"status":"successfull"}';
- } else {
- echo "Error: " . $sql . "<br>" . $conn->error;
- }
- }
- $conn->close();
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement