From cde2134d6aea308a358a6db6bafd4836e6d34be5 Mon Sep 17 00:00:00 2001
From: Claudio <info@claudiosironi.com>
Date: Sat, 19 Oct 2024 10:18:39 +0200
Subject: [PATCH] ai to temp update

---
 public/userarea/apilogic/api-to-temp.php | 69 +++++++++++++++---------
 1 file changed, 45 insertions(+), 24 deletions(-)

diff --git a/public/userarea/apilogic/api-to-temp.php b/public/userarea/apilogic/api-to-temp.php
index b47c487..82e081d 100644
--- a/public/userarea/apilogic/api-to-temp.php
+++ b/public/userarea/apilogic/api-to-temp.php
@@ -32,34 +32,55 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         $secret_key = $decoded_data['secret_key'];
         $reflab = $decoded_data['reflab'];
 
-        // For testing purposes, use hardcoded credentials
-        $valid_api_key = 'api_key_123';
-        $valid_secret_key = 'api_secret_123';
-        $valid_reflab = 'REF001';
+        $query = "SELECT * FROM laboratories WHERE reflab = ? AND api_key = ?";
+        $stmt = $conn->prepare($query);
+        $stmt->bind_param("ss", $reflab, $api_key);
+        $stmt->execute();
+        $result = $stmt->get_result();
 
-        if ($api_key !== $valid_api_key) {
-            echo json_encode([
-                "status" => "error",
-                "message" => "Invalid API key."
-            ]);
+        // Controllo se un laboratorio valido è stato trovato con `reflab` e `api_key`
+        if ($result->num_rows > 0) {
+            $row = $result->fetch_assoc();
+
+            // Verifica lo stato del laboratorio
+            if ($row['status'] !== 'active') {
+                echo json_encode([
+                    "status" => "error",
+                    "message" => "Laboratory is inactive."
+                ]);
+                exit;
+            }
+
+            // Verifica la chiave segreta utilizzando `password_verify`
+            if (!password_verify($secret_key, $row['api_secret'])) {
+                echo json_encode([
+                    "status" => "error",
+                    "message" => "Invalid secret key."
+                ]);
+                exit;
+            }
+        } else {
+            // Verifica se il `reflab` è valido, ma l'`api_key` non corrisponde
+            $query = "SELECT * FROM laboratories WHERE reflab = ?";
+            $stmt = $conn->prepare($query);
+            $stmt->bind_param("s", $reflab);
+            $stmt->execute();
+            $result = $stmt->get_result();
+
+            if ($result->num_rows > 0) {
+                echo json_encode([
+                    "status" => "error",
+                    "message" => "Invalid API key."
+                ]);
+            } else {
+                echo json_encode([
+                    "status" => "error",
+                    "message" => "Invalid reflab."
+                ]);
+            }
             exit;
         }
 
-        if ($secret_key !== $valid_secret_key) {
-            echo json_encode([
-                "status" => "error",
-                "message" => "Invalid secret key."
-            ]);
-            exit;
-        }
-
-        if ($reflab !== $valid_reflab) {
-            echo json_encode([
-                "status" => "error",
-                "message" => "Invalid reflab."
-            ]);
-            exit;
-        }
 
         // Generate a UUID to uniquely identify the record
         $uuid = uniqid(); // Alternatively, use UUID() in MySQL