PHP outputXML函数代码示例

function outputXML($node_name = null, $node = null, $level = 1)
{
    $output = '';
    $row_template = '<tr><th width="65">%s</th><td>%s</td></tr>';
    $table_template = '<table width="100%%" class="data_table show_border small" cellspacing="0" cellpadding="0">%s</table>';
    $node_data = '';
    if (count($node->children())) {
        $child_data = '';
        foreach ($node->children() as $child_name => $child) {
            $child_data .= outputXML($child_name, $child, 2);
        }
        $node_data .= sprintf($table_template, $child_data);
    } else {
        if (count($node->attributes())) {
            $child_data = '';
            foreach ($node->attributes() as $child_name => $child) {
                $child_data .= outputXML($child_name, $child, 2);
            }
            $node_data .= sprintf($table_template, $child_data);
        } else {
            $node_data = (string) $node;
        }
    }
    if ($level == 1) {
        $output = $node_data;
    } else {
        $output = sprintf($row_template, $node_name, $node_data);
    }
    return $output;
}

function doService($url, $method, $level)
{
    if ($method == 'POST') {
        $user = strtoupper($_POST['u']);
        $qry = "SELECT * FROM Users WHERE UserName='" . $user . "'";
        $result = mysql_query($qry);
        $member = mysql_fetch_assoc($result);
        $pwd = $member['Password'];
        $trustedKey = "xolJXj25jlk56LJkk5677LS";
        $controlString = "3p1XyTiBj01EM0360lFw";
        $AUTH_KEY = md5($user . $pwd . $controlString);
        $TRUST_KEY = md5($AUTH_KEY . $trustedKey);
        $postKey = $_POST['key'];
        if ($postKey == $TRUST_KEY && (int) $member['Type'] >= $level) {
            $ID = clean($_POST['ID']);
            $f_name = clean($_POST['Firstname']);
            $l_name = clean($_POST['Lastname']);
            $sex = clean($_POST['Sex']);
            $email = clean($_POST['Email']);
            $birthday = clean($_POST['Birthday']);
            $phone = clean($_POST['Phonenumber']);
            $ssn = clean($_POST['SSN']);
            $type = clean($_POST['Type']);
            $need = clean($_POST['Need']);
            $table_name = 'Users';
            //  $address = clean($_POST['Address']);
            //  $policy = clean($_POST['Policy']);
            $status = clean($_POST['Status']);
            if ($need == 1) {
                $updateQry = "UPDATE {$table_name} Set FirstName='{$f_name}',LastName='{$l_name}',Sex='{$sex}',Email='{$email}',Birthday='{$birthday}',PhoneNumber='{$phone}',SSN='{$ssn}', Type = '{$type}', NeedApproval='0' WHERE PK_member_id = '{$ID}'";
            } else {
                $updateQry = "UPDATE {$table_name} Set FirstName='{$f_name}',LastName='{$l_name}',Sex='{$sex}',Email='{$email}',Birthday='{$birthday}',PhoneNumber='{$phone}',SSN='{$ssn}', Type = '{$type}', NeedApproval='1' WHERE PK_member_id = '{$ID}'";
            }
            if (strcmp($status, "lock") == 0) {
                $statusQry = "UPDATE {$table_name} SET Locked = '1' WHERE PK_member_id = '{$ID}'";
            } else {
                $statusQry = "UPDATE {$table_name} SET Locked = '0' WHERE PK_member_id = '{$ID}'";
            }
            if (mysql_query($updateQry)) {
                if (mysql_query($statusQry)) {
                    $retVal = outputXML('1', 'SUCCESSFUL UPDATE!');
                } else {
                    $retVal = outputXML('0', mysql_error());
                }
            } else {
                $retVal = outputXML('0', mysql_error());
            }
        } else {
            if ($postKey == $AUTH_KEY) {
                $retVal = outputXML('0', 'UNTRUSTED CLIENTS UNABLE TO UPDATE ACCOUNT INFORMATION');
            } else {
                $retVal = outputXML('0', 'UNAUTHORIZED ACCESS');
            }
        }
    } else {
        $retVal = outputXML('0', 'RECEIVED INCORRECT MESSAGE');
    }
    return $retVal;
}

function doService()
{
    $errMsgArr = array();
    $errNum = 0;
    $userName = $_GET['u'];
    $authKey = $_GET['k'];
    // no username supplied, output error and return
    if (!isset($userName) || $userName == "") {
        $errMsgArr[] = 'Username Missing';
        $errNum++;
        $xmlOutput = outputXML('0', $errNum, $errMsgArr);
        return $xmlOutput;
    }
    // no authkey supplied, output error and return
    if (!isset($authKey) || $authKey == "") {
        $errMsgArr[] = 'Key Missing';
        $errNum++;
        $xmlOutput = outputXML('0', $errNum, $errMsgArr);
        return $xmlOutput;
    }
    global $db;
    $prep = $db->prepare('SELECT CurrentKey, Locked, NeedApproval, PK_member_id 
							FROM Users WHERE UserName = :u');
    if ($prep->execute(array(':u' => $userName))) {
        $result = $prep->fetch(PDO::FETCH_ASSOC);
    } else {
        return "SQL ERROR GETTING USER DATA";
    }
    $dbCurrentKey = $result['CurrentKey'];
    $dbLocked = $result['Locked'];
    $dbNeedApproval = $result['NeedApproval'];
    $dbMemberID = $result['PK_member_id'];
    if ($dbLocked == '1') {
        $errMsgArr[] = 'Locked user trying to logout';
        $errNum++;
        $xmlOutput = outputXML('0', $errNum, $errMsgArr);
        return $xmlOutput;
    }
    $prep = $db->prepare("UPDATE Users SET CurrentKey = NULL WHERE UserName = :u");
    $prep->execute(array(":u" => $userName));
    if ($prep->rowCount() != 1) {
        $error = $prep->errorInfo();
        $errMsgArr[] = $error[2];
        $errNum += 1;
        $xmlOutput = outputXML('0', $errNum, $errMsgArr);
    } else {
        $xmlOutput = outputXML('1', $errNum, $errMsgArr);
    }
    return $xmlOutput;
}

function doService()
{
    global $db;
    $errMsgArr = array();
    $errNum = 0;
    //MAKE SURE THEY PASSED US CREDENTIALS
    if (!isset($_GET['u']) || $_GET['u'] == '') {
        $errMsgArr[] = "No username provided for authentication";
        $errNum++;
    }
    if (!isset($_GET['key']) || $_GET['key'] == '') {
        $errMsgArr[] = "No key provided for authentication";
        $errNum++;
    }
    if ($errNum != 0) {
        return outputXML($errNum, $errMsgArr, '');
    }
    //USE CREDENTIALS AND AUTHENTICATE
    $user = $_GET['u'];
    $recKey = $_GET['key'];
    $userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
    $userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
    $memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
    //failed to access database for user info
    if (!$userInfoSuccess) {
        $errMsgArr[] = "DATABASE ERROR ONE";
        $errNum++;
        return outputXML($errNum, $errMsgArr, '');
    }
    $currKey = $memberInfo['CurrentKey'];
    $trustString = "xolJXj25jlk56LJkk5677LS";
    $trustedKey = md5($currKey . $trustString);
    if ($recKey == $trustedKey || $recKey == $currKey) {
        $qry = "SELECT * FROM LogFiles";
        $doctorNamePrep = $db->prepare($qry);
        $doctorNameSuccess = $doctorNamePrep->execute();
        if (!$doctorNameSuccess) {
            $errMsgArr[] = "DATABASE ERROR TWO";
            $errNum++;
        }
        $retVal = outputXML($errNum, $errMsgArr, $doctorNamePrep);
    } else {
        $errMsgArr[] = "Unauthorized to view information";
        $errNum++;
        $retVal = outputXML($errNum, $errMsgArr, '');
    }
    //  $retVal = "STUFF";
    return $retVal;
}

function init($args)
{
    $albumName = $args['name'];
    $themeList = getThemeNames();
    $albumDefault = getCurrentTheme($albumName);
    $outString = "";
    foreach ($themeList as $name => $html) {
        $outString .= "<theme ";
        if ($name == $albumDefault) {
            $outString .= "default=\"true\"";
        }
        $outString .= ">{$name}</theme>";
    }
    outputXML("<status>success</status>{$outString}");
}

function doService()
{
    $user = strtoupper($_GET['u']);
    $qry = "SELECT * FROM Users WHERE UserName='" . $user . "' AND Password='" . $_GET['p'] . "'";
    $result = mysql_query($qry);
    $member = mysql_fetch_assoc($result);
    if (mysql_numrows($result)) {
        $retVal = outputXML('1', $user, $_GET['p']);
        logToDB("Login Succeed", true, $member['PK_member_id']);
    } else {
        $retVal = outputXML('0', '', '');
        logToDB("Login Fail", false, -1);
    }
    return $retVal;
}

function getAvailDates()
{
    global $link;
    $dates = array();
    $fullDates = array();
    $result = mysql_query("SELECT updatedTime FROM newswire_tb ORDER BY updatedTime DESC");
    while ($row = mysql_fetch_assoc($result)) {
        if (_checkDate($row['updatedTime'], $dates) == 0) {
            $dates[] = _parseDate($row['updatedTime']);
            $fullDates[] = $row['updatedTime'];
            //$dates[] = $row['updatedTime'];
        }
        //echo "date: "._parseDate( $row['updatedTime'] )."<br>";
    }
    for ($i = 0; $i < count($dates); $i++) {
        //echo 'selected date: '.$dates[$i]."<br>";
    }
    mysql_free_result($result);
    mysql_close($link);
    outputXML($fullDates);
}

function doService($url, $method, $level)
{
    // method is POST
    if (strcmp($method, "POST") == 0) {
        $user = strtoupper($_POST['u']);
        $qry = "SELECT * FROM Users WHERE UserName='" . $user . "'";
        $result = mysql_query($qry);
        $member = mysql_fetch_assoc($result);
        $pwd = $member['Password'];
        $trustedKey = "xolJXj25jlk56LJkk5677LS";
        $controlString = "3p1XyTiBj01EM0360lFw";
        $AUTH_KEY = md5($user . $pwd . $controlString);
        $TRUST_KEY = md5($AUTH_KEY . $trustedKey);
        $postKey = $_POST['key'];
        if ($postKey == $TRUST_KEY && (int) $member['Type'] >= $level) {
            $patientID = clean($_POST['patientID']);
            $doctorID = clean($_POST['doctorID']);
            $doctorMemberID = clean($_POST['doctorMemberID']);
            $updateQry = "UPDATE Patient SET FK_DoctorID = '" . $doctorID . "' WHERE PK_PatientID = '" . $patientID . "'";
            if (mysql_query($updateQry)) {
                logToDB("Doctor added a patient", true, $doctorMemberID);
                $retVal = outputXML('1', "PATIENT ADDED");
            } else {
                $retVal = outputXML('0', mysql_error());
            }
        } else {
            if ($postKey == $AUTH_KEY) {
                $retVal = outputXML('0', 'UNTRUSTED CLIENTS UNABLE TO ADD PATIENTS');
            } else {
                $retVal = outputXML('0', 'UNAUTHORIZED ACCESS');
            }
        }
    } else {
        $retVal = outputXML('0', 'RECEIVED INCORRECT MESSAGE');
    }
    $retVal .= "<br>{$updateQry}";
    return $retVal;
}

function doService()
{
    global $db;
    $errMsgArr = array();
    $errNum = 0;
    //MAKE SURE THEY PASSED US CREDENTIALS
    if (!isset($_GET['u']) || $_GET['u'] == '') {
        $errMsgArr[] = "No username provided for authentication";
        $errNum++;
    }
    if (!isset($_GET['key']) || $_GET['key'] == '') {
        $errMsgArr[] = "No key provided for authentication";
        $errNum++;
    }
    if ($errNum != 0) {
        return outputXML($errNum, $errMsgArr, '', '', '');
    }
    //USE CREDENTIALS AND AUTHENTICATE
    $user = $_GET['u'];
    $recKey = $_GET['key'];
    $userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
    $userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
    $memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
    //failed to access database for user info
    if (!$userInfoSuccess) {
        $errMsgArr[] = "DATABASE ERROR ONE";
        $errNum++;
        return outputXML($errNum, $errMsgArr, '', '', '');
    }
    $currKey = $memberInfo['CurrentKey'];
    $trustString = "xolJXj25jlk56LJkk5677LS";
    $trustedKey = md5($currKey . $trustString);
    if ($recKey == $trustedKey || $recKey == $currKey) {
        // || $memberInfo['Type'] >= 200) {
        if (isset($_GET['med'])) {
            $medQry = "SELECT Medications.* FROM Medications WHERE ";
            $paramArray = array();
            if ($memberInfo['Type'] == 1 || isset($_GET['pat'])) {
                $medQry .= "Medications.FK_PatientID = :patID AND ";
                if ($memberInfo['Type'] == 1) {
                    $patIDQry = "SELECT Patient.PK_PatientID FROM Patient WHERE Patient.FK_member_id = " . $memberInfo['PK_member_id'];
                    $patIDPrep = $db->prepare($patIDQry);
                    $updateSucc = $patIDPrep->execute();
                    if (!$updateSucc) {
                        $errorInfoArray = $prep->errorInfo();
                        $errMsgArr[] = $errorInfoArray[2];
                        $errNum++;
                        return outputXML($errNum, $errMsgArr, $memberInfo, '', '');
                    }
                    $thisPatID = $patIDPrep->fetch(PDO::FETCH_ASSOC);
                    $paramArray[":patID"] = $thisPatID['PK_PatientID'];
                } else {
                    $paramArray[":patID"] = $_GET["pat"];
                }
            }
            $paramArray[":med"] = $_GET['med'];
            $medQry .= "Medications.PK_MedicationsID = :med";
            $medPrep = $db->prepare($medQry);
            $medSuccess = $medPrep->execute($paramArray);
            if (!$medSuccess) {
                $errorInfoArray = $medPrep->errorInfo();
                $errMsgArr[] = $errorInfoArray[2];
                $errNum++;
            }
            return outputXML($errNum, $errMsgArr, $memberInfo, $medPrep, '');
            //	return "STUFF";
        }
        if (isset($_GET['prec'])) {
            $precQry = "SELECT Precondition.* FROM Precondition WHERE ";
            $paramArray = array();
            if ($memberInfo['Type'] == 1 || isset($_GET['pat'])) {
                $precQry .= "Precondition.FK_PatientID = :patID AND ";
                if ($memberInfo['Type'] == 1) {
                    $patIDQry = "SELECT Patient.PK_PatientID FROM Patient WHERE Patient.FK_member_id = " . $memberInfo['PK_member_id'];
                    $patIDPrep = $db->prepare($patIDQry);
                    $updateSucc = $patIDPrep->execute();
                    if (!$updateSucc) {
                        $errorInfoArray = $prep->errorInfo();
                        $errMsgArr[] = $errorInfoArray[2];
                        $errNum++;
                        return outputXML($errNum, $errMsgArr, $memberInfo, '', '');
                    }
                    $thisPatID = $patIDPrep->fetch(PDO::FETCH_ASSOC);
                    $paramArray[":patID"] = $thisPatID['PK_PatientID'];
                } else {
                    $paramArray[":patID"] = $_GET["pat"];
                }
            }
            $paramArray[":prec"] = $_GET['prec'];
            $precQry .= "Precondition.PK_ConditionID = :prec";
            $precPrep = $db->prepare($precQry);
            $precSuccess = $precPrep->execute($paramArray);
            if (!$precSuccess) {
                $errorInfoArray = $precPrep->errorInfo();
                $errMsgArr[] = $errorInfoArray[2];
                $errNum++;
            }
            return outputXML($errNum, $errMsgArr, $memberInfo, '', $precPrep);
        }
        $medQry = "SELECT Medications.* FROM Medications";
//.........这里部分代码省略.........

function doService()
{
    global $db;
    $errMsgArr = array();
    $errNum = 0;
    //MAKE SURE THEY PASSED US CREDENTIALS
    if (!isset($_POST['u']) || $_POST['u'] == '') {
        $errMsgArr[] = "No username provided for authentication";
        $errNum++;
    }
    if (!isset($_POST['key']) || $_POST['key'] == '') {
        $errMsgArr[] = "No key provided for authentication";
        $errNum++;
    }
    if ($errNum != 0) {
        return outputXML($errNum, $errMsgArr, '');
    }
    //USE CREDENTIALS AND AUTHENTICATE
    $user = $_POST['u'];
    $recKey = $_POST['key'];
    $userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
    $userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
    //failed to access database for user info
    if (!$userInfoSuccess) {
        $errMsgArr[] = "DATABASE ERROR ONE";
        $errNum++;
        return outputXML($errNum, $errMsgArr, '');
    }
    $memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
    $currKey = $memberInfo['CurrentKey'];
    $trustString = "xolJXj25jlk56LJkk5677LS";
    $trustedKey = md5($currKey . $trustString);
    if (($recKey == $trustedKey || $recKey == $currKey) && $memberInfo['Type'] > 1) {
        //ENSURE OLD PASS AND TWO NEW PASSWORDS PROVIDED
        //FIGURE OUT IF WE'RE ADDING A NEW ONE OR OLD
        $precIsSet = isset($_POST['prec']);
        if (!isset($_POST['desc']) || $_POST['desc'] == '') {
            $errMsgArr[] = "No description provided";
            $errNum++;
        }
        if (!isset($_POST['pat']) || $_POST['pat'] == '') {
            $errMsgArr[] = "No patient provided";
            $errNum++;
        }
        $prec = $_POST['prec'];
        $desc = $_POST['desc'];
        $patient = $_POST['pat'];
        //update database with new appt info
        if ($errNum == 0) {
            if ($precIsSet) {
                $str = "UPDATE Precondition SET `Description`='{$desc}' WHERE `PK_ConditionID`='{$prec}';";
                $update = $db->prepare($str);
                $success = $update->execute();
                if (!$success) {
                    $sqlError = $update > errorInfo();
                    $errMsgArr[] = $sqlError[2];
                    $errNum++;
                }
            } else {
                $str = "INSERT INTO Precondition (`FK_PatientID`, `Description`) VALUES ('{$patient}', '{$desc}');";
                $insert = $db->prepare($str);
                $success = $insert->execute();
                if (!$success) {
                    $sqlError = $insert->errorInfo();
                    $errMsgArr[] = $sqlError[2];
                    $errNum++;
                } else {
                    $getID = $db->prepare("SELECT @@IDENTITY");
                    $success = $getID->execute();
                    if (!$success) {
                        $sqlError = $getID->errorInfo();
                        $errMsgArr[] = $sqlError[2];
                        $errNum++;
                    } else {
                        $apptIDArray = $getID->fetch(PDO::FETCH_ASSOC);
                        $_POST['prec'] = $apptIDArray['@@IDENTITY'];
                    }
                }
            }
        }
    } else {
        $errMsgArr[] = "Unauthorized to change precondition information";
        $errNum++;
    }
    $retVal = outputXML($errNum, $errMsgArr, $memberInfo);
    return $retVal;
}

function doService()
{
    global $db;
    $errMsgArr = array();
    $errNum = 0;
    //MAKE SURE THEY PASSED US CREDENTIALS
    if (!isset($_POST['u']) || $_POST['u'] == '') {
        $errMsgArr[] = "No username provided for authentication";
        $errNum++;
    }
    if (!isset($_POST['key']) || $_POST['key'] == '') {
        $errMsgArr[] = "No key provided for authentication";
        $errNum++;
    }
    if ($errNum != 0) {
        return outputXML($errNum, $errMsgArr, '');
    }
    //USE CREDENTIALS AND AUTHENTICATE
    $user = $_POST['u'];
    $recKey = $_POST['key'];
    $userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
    $userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
    //failed to access database for user info
    if (!$userInfoSuccess) {
        $errMsgArr[] = "DATABASE ERROR ONE";
        $errNum++;
        return outputXML($errNum, $errMsgArr, '');
    }
    $memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
    $currKey = $memberInfo['CurrentKey'];
    $trustString = "xolJXj25jlk56LJkk5677LS";
    $trustedKey = md5($currKey . $trustString);
    if (($recKey == $trustedKey || $recKey == $currKey) && $memberInfo['Type'] > 1) {
        //ENSURE OLD PASS AND TWO NEW PASSWORDS PROVIDED
        //FIGURE OUT IF WE'RE ADDING A NEW ONE OR OLD
        $medIsSet = isset($_POST['med']);
        if (!isset($_POST['medication']) || $_POST['medication'] == '') {
            $errMsgArr[] = "No medication provided";
            $errNum++;
        }
        if (!isset($_POST['dosage']) || $_POST['dosage'] == '') {
            $errMsgArr[] = "No dosage provided";
            $errNum++;
        }
        if (!isset($_POST['startdate']) || $_POST['startdate'] == '') {
            $errMsgArr[] = "No start date provided";
            $errNum++;
        } else {
            if (!preg_match('/^(2[0-9][0-9][0-9])-([1-9]|0[1-9]|1[0-2])-([1-9]|0[1-9]|[1-2][0-9]|3[0-1])$/', $_POST['startdate'])) {
                $errMsgArr[] = "Improper date format: start";
                $errNum++;
            }
        }
        if (!isset($_POST['enddate']) || $_POST['enddate'] == '') {
            $errMsgArr[] = "No end date provided";
            $errNum++;
        } else {
            if (!preg_match('/^(2[0-9][0-9][0-9])-([1-9]|0[1-9]|1[0-2])-([1-9]|0[1-9]|[1-2][0-9]|3[0-1])$/', $_POST['enddate'])) {
                $errMsgArr[] = "Improper date format : end";
                $errNum++;
            }
        }
        if (!isset($_POST['pat']) || $_POST['pat'] == '') {
            $errMsgArr[] = "No patient provided";
            $errNum++;
        }
        $med = $_POST['med'];
        $medication = $_POST['medication'];
        $dosage = $_POST['dosage'];
        $start = $_POST['startdate'];
        $end = $_POST['enddate'];
        $patient = $_POST['pat'];
        //update database with new appt info
        if ($errNum == 0) {
            if ($medIsSet) {
                $str = "UPDATE Medications SET `Medication`='{$medication}', `Dosage`='{$dosage}', `StartDate`='{$start}', `EndDate`='{$end}' WHERE `PK_MedicationsID`='{$med}';";
                $update = $db->prepare($str);
                $success = $update->execute();
                if (!$success) {
                    $sqlError = $update > errorInfo();
                    $errMsgArr[] = $sqlError[2];
                    $errNum++;
                }
            } else {
                $str = "INSERT INTO Medications (`FK_PatientID`, `Medication`, `Dosage`, `StartDate`, `EndDate`) \r\n\t\t\t\t\t\tVALUES ('{$patient}', '{$medication}', '{$dosage}', '{$start}', '{$end}');";
                $insert = $db->prepare($str);
                $success = $insert->execute();
                if (!$success) {
                    $sqlError = $insert->errorInfo();
                    $errMsgArr[] = $sqlError[2];
                    $errNum++;
                } else {
                    $getID = $db->prepare("SELECT @@IDENTITY");
                    $success = $getID->execute();
                    if (!$success) {
                        $sqlError = $getID->errorInfo();
                        $errMsgArr[] = $sqlError[2];
                        $errNum++;
                    } else {
                        $apptIDArray = $getID->fetch(PDO::FETCH_ASSOC);
//.........这里部分代码省略.........

function doService($db)
{
    $errMsgArr = array();
    $errNum = 0;
    $fname = $_POST['fname'];
    $lname = $_POST['lname'];
    $bday = $_POST['bday'];
    $email = $_POST['email'];
    $ssn = $_POST['ssn'];
    $user = $_POST['u'];
    $password = $_POST['p'];
    $cpassword = $_POST['cp'];
    $type = $_POST['type'];
    //Input Validations
    if (!isset($_POST['fname']) || $_POST['fname'] == '') {
        $errMsgArr[] = 'First name missing';
        $errNum++;
    }
    if (!isset($_POST['lname']) || $_POST['lname'] == '') {
        $errMsgArr[] = 'Last name missing';
        $errNum++;
    }
    //test
    if (!isset($_POST['bday']) || $_POST['bday'] == '') {
        $errMsgArr[] = 'birthdate missing';
        $errNum++;
    }
    if (!isset($_POST['email']) || $_POST['email'] == '') {
        $errMsgArr[] = 'e-mail address missing';
        $errNum++;
    }
    if (!isset($_POST['ssn']) || $_POST['ssn'] == '') {
        $errMsgArr[] = 'Social Security Number missing';
        $errNum++;
    }
    //end
    if (!isset($_POST['u']) || $_POST['u'] == '') {
        $errMsgArr[] = 'Login ID missing';
        $errNum++;
    }
    if (!isset($_POST['p']) || $_POST['p'] == '' || $_POST['p'] == 'd41d8cd98f00b204e9800998ecf8427e') {
        $errMsgArr[] = 'Password missing';
        $errNum++;
    }
    if (!isset($_POST['cp']) || $_POST['cp'] == '' || $_POST['cp'] == 'd41d8cd98f00b204e9800998ecf8427e') {
        $errMsgArr[] = 'Confirm password missing';
        $errNum++;
    }
    if (strcmp($password, $cpassword) != 0) {
        $errMsgArr[] = 'Passwords do not match';
        $errNum++;
    }
    if (!ctype_alnum($password)) {
        $errMsgArr[] = 'Password should be numbers and digits only';
        $errNum++;
    }
    if (strlen($password) < 7) {
        $errMsgArr[] = 'Password must be at least 7 chars';
        $errNum++;
    }
    if (strlen($password) > 20) {
        $errMsgArr[] = 'Password must be at most 20 chars ';
        $errNum++;
    }
    if (!preg_match('`[A-Z]`', $password)) {
        $errMsgArr[] = 'Password must contain at least one upper case';
        $errNum++;
    }
    if (!preg_match('`[a-z]`', $password)) {
        $errMsgArr[] = 'Password must contain at least one lower case';
        $errNum++;
    }
    if (!preg_match('`[0-9]`', $password)) {
        $errMsgArr[] = 'Password must contain at least one digit';
        $errNum++;
    }
    $prepUsers = $db->prepare("SELECT * FROM `Users` WHERE UserName = :id ; ");
    if ($prepUsers->execute(array(":id" => $user))) {
        //IF NAME IS NOT IN USE
        if ($prepUsers->rowCount() != 0) {
            $errMsgArr[] = 'Username already in use';
            $errNum++;
        }
    } else {
        $error = $prepUsers->errorInfo();
        $errMsgArr[] = $error[2];
        $errNum++;
        $retVal = outputXML($errNum, $errMsgArr);
    }
    if ($errNum == 0) {
        //set up and insert values into the user table
        $insertUserPrep = $db->prepare("INSERT INTO Users(FirstName, LastName, UserName, Email, Birthday, SSN, Type, NeedApproval, Password) \n\t\t\t\t\tVALUES(:fname, :lname, :login, :email, :bday, :ssn, :type, :needapproval, :password);");
        $tableType = '';
        $needapproval;
        $type;
        if (strcmp($_POST['type'], "patient") == 0) {
            $type = 1;
            $needapproval = 0;
            $tableType = "Patient";
        } elseif (strcmp($_POST['type'], "nurse") == 0) {
//.........这里部分代码省略.........

function doService()
{
    $errMsgArr = array();
    $errNum = 0;
    $userName = $_POST['UserName'];
    $authKey = $_POST['AuthKey'];
    $callingUserName = $_POST['CallingUserName'];
    global $db;
    /*// no username supplied, output error and return
    	if(!isset($userName) || $userName == "") {
    		$errMsgArr[] = 'Username Missing';
    		$errNum++;
    		$xmlOutput = outputXML('0', $errNum, $errMsgArr);
    		return $xmlOutput;
    	}	
    	// no authkey supplied, output error and return
    	if(!isset($authKey) || $authKey == "") {
    		$errMsgArr[] = 'Key Missing';
    		$errNum++;
    		$xmlOutput = outputXML('0', $errNum, $errMsgArr);
    		return $xmlOutput;
    	}
    	// no authkey supplied, output error and return
    	if(!isset($callingUserName) || $callingUserName == "") {
    		$errMsgArr[] = 'Calling User Missing';
    		$errNum++;
    		$xmlOutput = outputXML('0', $errNum, $errMsgArr);
    		return $xmlOutput;
    	}
    	
    	$data = '';
    	foreach ($_POST as $key => $value) {
    		$data .= "$key = $value\n";
    	}
    	return $data;*/
    $updateSQL = 'UPDATE Users SET';
    $updateSQL .= " Users.FirstName='" . $_POST['FirstName'];
    $updateSQL .= "', Users.LastName='" . $_POST['LastName'];
    $updateSQL .= "', Users.Sex='" . $_POST['Sex'];
    $updateSQL .= "', Users.Birthday='" . $_POST['Birthday'];
    $updateSQL .= "', Users.SSN='" . $_POST['SSN'];
    $updateSQL .= "', Users.Email='" . $_POST['Email'];
    $updateSQL .= "', Users.PhoneNumber='" . $_POST['PhoneNumber'];
    if ($_POST['Status'] == 'lock') {
        $updateSQL .= "', Users.Locked='1";
    } else {
        $updateSQL .= "', Users.Locked='0";
    }
    $updateSQL .= "' WHERE Users.UserName='" . $userName . "'";
    $prep = $db->prepare($updateSQL);
    if ($prep->execute()) {
    } else {
        $errorInfoArray = $prep->errorInfo();
        $errMsgArr[] = $errorInfoArray[2];
        $errNum++;
        $xmlOutput = outputXML($errNum, $errMsgArr);
        return $xmlOutput;
    }
    $updateSQL = 'UPDATE Insurance SET';
    $updateSQL .= " Insurance.Company_Name='" . $_POST['Company_Name'];
    $updateSQL .= "', Insurance.Plan_Type='" . $_POST['Plan_Type'];
    $updateSQL .= "', Insurance.Plan_Num='" . $_POST['Plan_Num'];
    $updateSQL .= "', Insurance.`Co-Pay`='" . $_POST['Co-Pay'];
    $updateSQL .= "', Insurance.`Coverage-Start`='" . $_POST['Coverage-Start'];
    $updateSQL .= "', Insurance.`Coverage-End`='" . $_POST['Coverage-End'];
    $updateSQL .= "' WHERE Insurance.FK_PatientID='" . $_POST['PersonalID'] . "'";
    print $updateSQL;
    $prep = $db->prepare($updateSQL);
    if ($prep->execute()) {
        $xmlOutput = outputXML($errNum, $errMsgArr);
        return $xmlOutput;
    } else {
        $errorInfoArray = $prep->errorInfo();
        $errMsgArr[] = $errorInfoArray[2];
        $errNum++;
        $xmlOutput = outputXML($errNum, $errMsgArr);
        return $xmlOutput;
    }
}

function doService($level)
{
    global $db;
    $errMsgArr = array();
    $errNum = 0;
    //MAKE SURE THEY PASSED US CREDENTIALS
    if (!isset($_GET['u']) || $_GET['u'] == '') {
        $errMsgArr[] = "No username provided for authentication";
        $errNum++;
    }
    if (!isset($_GET['key']) || $_GET['key'] == '') {
        $errMsgArr[] = "No key provided for authentication";
        $errNum++;
    }
    if ($errNum != 0) {
        return outputXML($errNum, $errMsgArr, '');
    }
    //USE CREDENTIALS AND AUTHENTICATE
    $user = $_GET['u'];
    $recKey = $_GET['key'];
    $userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
    $userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
    $memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
    //failed to access database for user info
    if (!$userInfoSuccess) {
        $errMsgArr[] = "DATABASE ERROR ONE";
        $errNum++;
        return outputXML($errNum, $errMsgArr, '');
    }
    $currKey = $memberInfo['CurrentKey'];
    $trustString = "xolJXj25jlk56LJkk5677LS";
    $trustedKey = md5($currKey . $trustString);
    if ($recKey == $trustedKey || $recKey == $currKey) {
        if (isset($_GET['pat']) && $memberInfo['Type'] >= $level) {
            $target = $_GET['pat'];
        } else {
            $target = $_GET['u'];
        }
        $qry = "SELECT * FROM Users LEFT JOIN Patient ON Users.PK_member_id = Patient.FK_member_id\r\n\t\t\t\t\tLEFT JOIN Insurance ON Insurance.FK_PatientID = Patient.PK_PatientID";
        if ($target != "all") {
            $qry .= " WHERE UserName = :target";
        }
        $patientInfoPrep = $db->prepare($qry);
        $patientInfoSuccess = $patientInfoPrep->execute(array(":target" => $target));
        if (!$patientInfoSuccess) {
            $errMsgArr[] = "DATABASE ERROR TWO";
            $errNum++;
        }
        if ($errNum == 0) {
            $retVal = outputXML($errNum, $errMsgArr, $patientInfoPrep);
            //print($patientInfoPrep->rowCount());
        } else {
            $retVal = outputXML($errNum, $errMsgArr, '');
        }
    } else {
        $errMsgArr[] = "Unauthorized to view information";
        $errNum++;
        $retVal = outputXML($errNum, $errMsgArr, '');
    }
    return $retVal;
}

function doService()
{
    global $db;
    $errMsgArr = array();
    $errNum = 0;
    //MAKE SURE THEY PASSED US CREDENTIALS
    if (!isset($_POST['u']) || $_POST['u'] == '') {
        $errMsgArr[] = "No username provided for authentication";
        $errNum++;
    }
    if (!isset($_POST['key']) || $_POST['key'] == '') {
        $errMsgArr[] = "No key provided for authentication";
        $errNum++;
    }
    if ($errNum != 0) {
        return outputXML($errNum, $errMsgArr, '');
    }
    //USE CREDENTIALS AND AUTHENTICATE
    $user = $_POST['u'];
    $recKey = $_POST['key'];
    $userInfoPrep = $db->prepare("SELECT * FROM Users WHERE UserName = :user;");
    $userInfoSuccess = $userInfoPrep->execute(array(":user" => $user));
    //failed to access database for user info
    if (!$userInfoSuccess) {
        $errMsgArr[] = "DATABASE ERROR ONE";
        $errNum++;
        return outputXML($errNum, $errMsgArr, '');
    }
    $memberInfo = $userInfoPrep->fetch(PDO::FETCH_ASSOC);
    $currKey = $memberInfo['CurrentKey'];
    $trustString = "xolJXj25jlk56LJkk5677LS";
    $trustedKey = md5($currKey . $trustString);
    if ($recKey == $trustedKey) {
        //ENSURE OLD PASS AND TWO NEW PASSWORDS PROVIDED
        if (!isset($_POST['oldpass']) || $_POST['oldpass'] == '' || $_POST['oldpass'] == 'd41d8cd98f00b204e9800998ecf8427e') {
            $errMsgArr[] = "Old password not provided";
            $errNum++;
        }
        if (!isset($_POST['newpass1']) || $_POST['newpass1'] == '' || $_POST['newpass1'] == 'd41d8cd98f00b204e9800998ecf8427e') {
            $errMsgArr[] = "First new password not provided";
            $errNum++;
        }
        if (!isset($_POST['newpass2']) || $_POST['newpass2'] == '' || $_POST['newpass2'] == 'd41d8cd98f00b204e9800998ecf8427e') {
            $errMsgArr[] = "Second new password not provided";
            $errNum++;
        }
        //Make sure old password correct
        $oldpass = $_POST['oldpass'];
        $epass = md5($oldpass);
        $newpass1 = $_POST['newpass1'];
        $newpass2 = $_POST['newpass2'];
        $currPass = $memberInfo['Password'];
        if ($currPass != $epass) {
            $errMsgArr[] = 'Old password incorrect';
            $errNum++;
        }
        //problems with new password
        if ($oldpass == $newpass1) {
            $errMsgArr[] = 'New and old passwords must be different';
            $errNum++;
        }
        if ($newpass1 != $newpass2) {
            $errMsgArr[] = 'New passwords do not match different';
            $errNum++;
        }
        if (!ctype_alnum($newpass1)) {
            $errMsgArr[] = 'New password should be numbers and digits only';
            $errNum++;
        }
        if (strlen($newpass1) < 7) {
            $errMsgArr[] = 'New password must be at least 7 chars';
            $errNum++;
        }
        if (strlen($newpass1) > 20) {
            $errMsgArr[] = 'New password must be at most 20 chars';
            $errNum++;
        }
        if (!preg_match('`[A-Z]`', $newpass1)) {
            $errMsgArr[] = 'New password must contain at least one upper case';
            $errNum++;
        }
        if (!preg_match('`[a-z]`', $newpass1)) {
            $errMsgArr[] = 'New password must contain at least one lower case';
            $errNum++;
        }
        if (!preg_match('`[0-9]`', $newpass1)) {
            $errMsgArr[] = 'New password must contain at least one digit';
            $errNum++;
        }
        //update database with new password
        if ($errNum == 0) {
            $updatePassPrep = $db->prepare("UPDATE Users SET Password = :pass WHERE PK_member_id = :id;");
            $updatePassSuccess = $updatePassPrep->execute(array(":pass" => md5($newpass1), ":id" => $memberInfo['PK_member_id']));
            if (!$updatePassSuccess) {
                $errMsgArr[] = 'Password update failure';
                $errNum++;
            }
        }
    } else {
        $errMsgArr[] = "Unauthorized to change password";
//.........这里部分代码省略.........