ai to temp update

2024-10-19 10:18:39 +02:00 · 2024-10-19 10:18:39 +02:00 · cde2134d6a
commit cde2134d6a
parent 2b46b082dd
1 changed files with 45 additions and 24 deletions
--- a/public/userarea/apilogic/api-to-temp.php
+++ b/public/userarea/apilogic/api-to-temp.php
@ -32,34 +32,55 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $secret_key = $decoded_data['secret_key'];
        $reflab = $decoded_data['reflab'];
-        // For testing purposes, use hardcoded credentials
+        $query = "SELECT * FROM laboratories WHERE reflab = ? AND api_key = ?";
-        $valid_api_key = 'api_key_123';
+        $stmt = $conn->prepare($query);
-        $valid_secret_key = 'api_secret_123';
+        $stmt->bind_param("ss", $reflab, $api_key);
-        $valid_reflab = 'REF001';
+        $stmt->execute();
        $result = $stmt->get_result();
-        if ($api_key !== $valid_api_key) {
+        // Controllo se un laboratorio valido è stato trovato con `reflab` e `api_key`
-            echo json_encode([
+        if ($result->num_rows > 0) {
-                "status" => "error",
+            $row = $result->fetch_assoc();
-                "message" => "Invalid API key."
+
-            ]);
+            // Verifica lo stato del laboratorio
            if ($row['status'] !== 'active') {
                echo json_encode([
                    "status" => "error",
                    "message" => "Laboratory is inactive."
                ]);
                exit;
            }
            // Verifica la chiave segreta utilizzando `password_verify`
            if (!password_verify($secret_key, $row['api_secret'])) {
                echo json_encode([
                    "status" => "error",
                    "message" => "Invalid secret key."
                ]);
                exit;
            }
        } else {
            // Verifica se il `reflab` è valido, ma l'`api_key` non corrisponde
            $query = "SELECT * FROM laboratories WHERE reflab = ?";
            $stmt = $conn->prepare($query);
            $stmt->bind_param("s", $reflab);
            $stmt->execute();
            $result = $stmt->get_result();
            if ($result->num_rows > 0) {
                echo json_encode([
                    "status" => "error",
                    "message" => "Invalid API key."
                ]);
            } else {
                echo json_encode([
                    "status" => "error",
                    "message" => "Invalid reflab."
                ]);
            }
            exit;
        }
        if ($secret_key !== $valid_secret_key) {
            echo json_encode([
                "status" => "error",
                "message" => "Invalid secret key."
            ]);
            exit;
        }
        if ($reflab !== $valid_reflab) {
            echo json_encode([
                "status" => "error",
                "message" => "Invalid reflab."
            ]);
            exit;
        }
        // Generate a UUID to uniquely identify the record
        $uuid = uniqid(); // Alternatively, use UUID() in MySQL