ai to temp update

2024-10-19 10:18:39 +02:00 · 2024-10-19 10:18:39 +02:00 · cde2134d6a
commit cde2134d6a
parent 2b46b082dd
1 changed files with 45 additions and 24 deletions
--- a/public/userarea/apilogic/api-to-temp.php
+++ b/public/userarea/apilogic/api-to-temp.php
@ -32,34 +32,55 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $secret_key = $decoded_data['secret_key'];
        $reflab = $decoded_data['reflab'];

-        // For testing purposes, use hardcoded credentials
-        $valid_api_key = 'api_key_123';
-        $valid_secret_key = 'api_secret_123';
-        $valid_reflab = 'REF001';
+        $query = "SELECT * FROM laboratories WHERE reflab = ? AND api_key = ?";
+        $stmt = $conn->prepare($query);
+        $stmt->bind_param("ss", $reflab, $api_key);
+        $stmt->execute();
+        $result = $stmt->get_result();

-        if ($api_key !== $valid_api_key) {
-            echo json_encode([
-                "status" => "error",
-                "message" => "Invalid API key."
-            ]);
+        // Controllo se un laboratorio valido è stato trovato con `reflab` e `api_key`
+        if ($result->num_rows > 0) {
+            $row = $result->fetch_assoc();
+
+            // Verifica lo stato del laboratorio
+            if ($row['status'] !== 'active') {
+                echo json_encode([
+                    "status" => "error",
+                    "message" => "Laboratory is inactive."
+                ]);
+                exit;
+            }
+
+            // Verifica la chiave segreta utilizzando `password_verify`
+            if (!password_verify($secret_key, $row['api_secret'])) {
+                echo json_encode([
+                    "status" => "error",
+                    "message" => "Invalid secret key."
+                ]);
+                exit;
+            }
+        } else {
+            // Verifica se il `reflab` è valido, ma l'`api_key` non corrisponde
+            $query = "SELECT * FROM laboratories WHERE reflab = ?";
+            $stmt = $conn->prepare($query);
+            $stmt->bind_param("s", $reflab);
+            $stmt->execute();
+            $result = $stmt->get_result();
+
+            if ($result->num_rows > 0) {
+                echo json_encode([
+                    "status" => "error",
+                    "message" => "Invalid API key."
+                ]);
+            } else {
+                echo json_encode([
+                    "status" => "error",
+                    "message" => "Invalid reflab."
+                ]);
+            }
            exit;
        }

-        if ($secret_key !== $valid_secret_key) {
-            echo json_encode([
-                "status" => "error",
-                "message" => "Invalid secret key."
-            ]);
-            exit;
-        }
-
-        if ($reflab !== $valid_reflab) {
-            echo json_encode([
-                "status" => "error",
-                "message" => "Invalid reflab."
-            ]);
-            exit;
-        }

        // Generate a UUID to uniquely identify the record
        $uuid = uniqid(); // Alternatively, use UUID() in MySQL