diff --git a/get_sign.php b/get_sign.php new file mode 100644 index 0000000..a508f65 --- /dev/null +++ b/get_sign.php @@ -0,0 +1,119 @@ +0) + { + + // Update last active + $query='UPDATE devices SET last_active = "'.date('Y-m-d').'" WHERE api_key="' . mysqli_real_escape_string($connect, $apiKey) . '"'; + $result2 = mysqli_query ( $connect, $query ); + + + $row = mysqli_fetch_assoc($result); + $user_id = $row["user_id"]; + + // Is this a Matrix employee? + $query='SELECT user_type FROM users WHERE user_id="' . mysqli_real_escape_string($connect, $user_id) . '"'; + $result = mysqli_query ( $connect, $query ); + if ( ! $result ) + { + echo '{ "message": "Database error", "data": {}}'; + exit(); + } + if(mysqli_num_rows($result)>0) + { + $row = mysqli_fetch_assoc($result); + $user_type = $row["user_type"]; + + if(!($user_type=="0" || $user_type=="1")){ + // Else, are they allowed to see this document? + $query='SELECT site_id FROM serviceorder WHERE service_id = "'.mysqli_real_escape_string($connect, $service_id).'"'; + $result = mysqli_query ( $connect, $query ); + if ( ! $result ) + { + echo '{ "message": "Database error", "data": {}}'; + exit(); + } + if(mysqli_num_rows($result)>0) + { + + $row2 = mysqli_fetch_assoc($result); + + $query='SELECT site_id FROM siteaccess WHERE user_id="' . mysqli_real_escape_string($connect, $user_id) . '" AND site_id = "'.mysqli_real_escape_string($connect, $row2["site_id"]).'"'; + $result = mysqli_query ( $connect, $query ); + if ( ! $result ) + { + echo '{ "message": "Database error", "data": {}}'; + exit(); + } + if(mysqli_num_rows($result)<1) + { + echo '{ "message": "You do not have access to this site", "data": {}}'; + exit(); + } + }else{ + echo '{ "message": "Invalid Site", "data": {}}'; + exit(); + } + + } + + + $query='SELECT file_id FROM servicesignatures WHERE service_id="' . mysqli_real_escape_string($connect, $service_id) . '"'; + $result = mysqli_query ( $connect, $query ); + if ( ! $result ) + { + echo '{ "message": "Database error", "data": {}}'; + exit(); + } + if(mysqli_num_rows($result)>0) + { + $row = mysqli_fetch_assoc($result); + $file_id = $row["file_id"]; + + $file = $path . $file_id; + + echo '{ "message": "", "data": {"img":"data:image/png;base64,'.base64_encode(file_get_contents($file)).'"}}'; + + }else{ + echo '{ "message": "", "data": {"img":""}}'; + } + }else{ + echo '{ "message": "Database error", "data": {}}'; + } + }else{ + echo '{ "message": "Incorrect API credentials", "data": {}}'; + } +}else{ + echo '{ "message": "Invalid post variables", "data": {}}'; +} +?> \ No newline at end of file diff --git a/qr_search.html b/qr_search.html new file mode 100644 index 0000000..270b558 --- /dev/null +++ b/qr_search.html @@ -0,0 +1,142 @@ + + +
+ + + + + + + + + +