Odyssey
MbrExMIR.data
1 <?php
2 
3 /*
4  * File: MbrExEZCARD.data
5  * Purpose: Handle the CRUD portion of the MbrExtKey maintenance script
6  * when trustid = HcuEZCARD
7  * When returning the requested data do it in a JSON format, for the client to
8  * display accordingly.
9  *
10  * Call this script with the following parameters
11  * cu to identify appropriate {$Cu}extkey table (might use $Cu out of cookie?)
12  * action - what the client side is requesting.
13  * trustid for data related to a particular providermode in {$Cu}extkey table
14  * ***trustid must match existing cutrusteddetail record for given $Cu
15  * member - to identify member for whom edits occur
16  *
17  * Returns JSON OBJECT.
18  *
19  * based on trustid / providermode, load appropriate include to define
20  * parms_parse - explode parms into component values
21  * parms_validate - check entries before attemtping db update
22  * includes readying for db write
23  * parms_disp4edit - layout screen for display / edit values
24  */
25 $iClass= $HcuMIRi;
26 extract($POSTED["HCUPOST"]);
27 try {
28  $returnMsgData = Array();
29  switch ($POSTED['HCUPOST']['action']) {
30  case 'read':
31  if (!isset($Cu) || !isset($trustid)) {
32  throw new Exception('Missing Expected Parameters');
33  }
34 
35  $where= array("providermode='$trustid'");
36  $doLimit= false;
37  # should only be one record, but just in case, limit 1
38  if (isset($member))
39  {
40  $where[]= "accountnumber='$member'";
41  $doLimit= true;
42  }
43  if (isset($userid))
44  $where[]= "user_id=" . intval($userid);
45 
46  $sql = "select user_id as userid, id as keyid, trim(accountnumber) as accountnumber, parms from {$Cu}extkey
47  where " . implode(" and ", $where) . ($doLimit ? " limit 1" : "");
48 
49  $sqlRs = db_query($sql, $dbh);
50  if (!($sqlRs)) {
51  throw new Exception("SQL failed ($sql).");
52  }
53  $sIdx = 0;
54  while ($dRecord = db_fetch_assoc($sqlRs, $sIdx)) {
55  $payload = array();
56  /*
57  * now parse the payload as needed for this provider mode
58  * FIS_EZCARD needs this: list($card4, $cardsig, $cardtype) = explode(',', $payload);
59  *
60  */
61  $payload = $iClass->parms_parse($dRecord['parms']); #array('card4' => $card4, 'cardsig' => $cardsig, 'cardtype' => $cardtype);
62  $returnMsgData[] = $dRecord + $payload;
63  $sIdx++;
64  }
65 
66  $retStatus_ary['homecuData'] = $returnMsgData;
67  break;
68 
69  case 'new':
70  /*
71  * save member data to {$Cu}extkey table
72  * expects that $payload is ready to write -
73  * call payload_validate to check data
74  * and payload_format to prepare it for saving first
75  */
76  if (!isset($Cu) || !isset($trustid) || !isset($accountnumber)) {
77 
78  throw new Exception('Missing Expected Parameters');
79  }
80  /*
81  * Validate the data coming in
82  */
83 
84  // * Make sure the member exists
85  $sql = "SELECT count(*) as count_rec
86  FROM ${Cu}user where primary_account = '" . prep_save($POSTED['HCUPOST']['accountnumber'], 12) . "'";
87  $cntRs = db_query($sql, $dbh);
88  list($recordCount) = db_fetch_array($cntRs);
89  if ($recordCount == 0) {
90  throw new Exception('Unable to save entry, Invalid Member Number.');
91  }
92 
93  // ** only one entry per member
94  $sql = "SELECT count(*) as count_rec
95  FROM {$Cu}extkey
96  WHERE accountnumber = '" . prep_save($POSTED['HCUPOST']['accountnumber'], 12) . "'
97  AND providermode = '" . prep_save($POSTED['HCUPOST']['trustid'], 20) . "'";
98  $cntRs = db_query($sql, $dbh);
99  list($recordCount) = db_fetch_array($cntRs);
100  if ($recordCount > 0) {
101  throw new Exception('Unable to save entry, Only one entry per Member allowed.');
102  }
103 
104  $payload = $iClass->parms_validate($POSTED['HCUPOST']);
105  if (is_array($payload[errors])) {
106  throw new exception("Multiple errors", 1);
107  }
108 
109  $sql = "INSERT INTO {$Cu}extkey (accountnumber, user_id, providermode, parms)
110  VALUES (
111  '" . prep_save($POSTED['HCUPOST']['accountnumber'], 12) . "',
112  '" . prep_save($POSTED['HCUPOST']['userid']) . "',
113  '" . prep_save($POSTED['HCUPOST']['trustid'], 20) . "',
114  '" . prep_save($payload['data']) . "');
115  select currval('${Cu}extkey_id_seq')";
116  $updRs = db_query($sql, $dbh);
117 
118  if (!$updRs) {
119  // ** FAILED
120  throw new Exception('A problem occurred, unable to save entry.');
121  } else {
122  list($keyid) = db_fetch_array($updRs,0);
123  // ** SUCCESS
124  $retStatus_ary['homecuInfo'][] = "Entry successfully saved.";
125  $retStatus_ary['homecuData'] = $iClass->parms_parse($payload['data']);
126  $retStatus_ary['homecuData']['keyid'] = $keyid;
127  $retStatus_ary['homecuData']['accountnumber'] = $POSTED['HCUPOST']['accountnumber'];
128  }
129  break;
130 
131  case 'update':
132  /*
133  * save member data to {$Cu}extkey table
134  * expects that $payload is ready to write -
135  * call payload_validate to check data
136  * and payload_format to prepare it for saving first
137  */
138  if (!isset($Cu) || !isset($trustid) || !isset($accountnumber)) {
139 
140  throw new Exception('Missing Expected Parameters');
141  }
142  /*
143  * Validate the data coming in
144  */
145  // * Make sure the member exists
146  $sql = "SELECT count(*) as count_rec
147  FROM ${Cu}user where primary_account = '" . prep_save($POSTED['HCUPOST']['accountnumber'], 12) . "'";
148  $cntRs = db_query($sql, $dbh);
149  list($recordCount) = db_fetch_array($cntRs);
150  if ($recordCount == 0) {
151  throw new Exception('Update failed, Invalid Member Number.');
152  }
153 
154  // ** only one entry per member
155  $sql = "SELECT count(*) as count_rec
156  FROM {$Cu}extkey
157  WHERE accountnumber = '" . prep_save($POSTED['HCUPOST']['accountnumber'], 12) . "'
158  AND providermode = '" . prep_save($POSTED['HCUPOST']['trustid'], 20) . "'
159  AND id <> {$POSTED['HCUPOST']['keyid']}";
160  $cntRs = db_query($sql, $dbh);
161  list($recordCount) = db_fetch_array($cntRs);
162  if ($recordCount > 0) {
163  throw new Exception('Update failed, Only one entry per Member allowed.');
164  }
165 
166  $payload = $iClass->parms_validate($POSTED['HCUPOST']);
167  if (is_array($payload[errors])) {
168  throw new Exception(implode("<br>\n",$payload[errors]));
169  }
170 
171  $sql = "UPDATE {$Cu}extkey SET accountnumber = '" . prep_save($POSTED['HCUPOST']['accountnumber'], 12) . "',
172  providermode = '" . prep_save($POSTED['HCUPOST']['trustid'], 20) . "',
173  parms='" . prep_save($payload['data']) . "'
174  WHERE id = {$POSTED['HCUPOST']['keyid']}";
175  $updRs = db_query($sql, $dbh);
176  if (!$updRs) {
177  // ** FAILED
178  throw new Exception('A problem occurred, update failed.');
179  } elseif (db_affected_rows($updRs) != 1) {
180  throw new Exception('Record not found.');
181  } else {
182  // ** SUCCESS
183  $retStatus_ary['homecuInfo'][] = "Entry successfully updated.";
184  }
185  break;
186 
187  case 'delete':
188  $sql = "DELETE FROM {$Cu}extkey
189  WHERE id = {$POSTED['HCUPOST']['keyid']}";
190 
191  $updRs = db_query($sql, $dbh);
192  if (!$updRs) {
193  // ** FAILED
194  throw new Exception('A problem occurred, delete failed.');
195  } elseif (db_affected_rows($updRs) != 1) {
196  throw new Exception('Record not found, delete failed.');
197  } else {
198  // ** SUCCESS
199  $retStatus_ary['homecuInfo'][] = "Entry successfully deleted.";
200  }
201 
202  break;
203 
204  default:
205  throw new Exception("Unexpected action: {$action}. Action cancelled.");
206 
207  break;
208  }
209 } catch (Exception $ex) {
210  if ($ex->getCode() == 1)
211  $retStatus_ary['homecuErrors']= $payload[errors];
212  else
213  $retStatus_ary['homecuErrors'][] = $ex->getMessage();
214 }
215 // ** Prepare the package for returning
216 header('Content-type: application/json');
217 
218 print json_encode(Array("Results" => Array($retStatus_ary)));
219 
220 ?>
Generated by   doxygen 1.8.15