marpisco · Copilot · May 21, 2026 · May 21, 2026 · May 21, 2026 · May 21, 2026
diff --git a/admin/api/requisitor_lookup.php b/admin/api/requisitor_lookup.php
@@ -0,0 +1,45 @@
+<?php
+header('Content-Type: application/json; charset=utf-8');
+require_once(__DIR__ . '/../../src/db.php');
+require_once(__DIR__ . '/../../func/validation.php');
+if (session_status() === PHP_SESSION_NONE) { session_start(); }
+
+if (!isset($_SESSION['admin']) || !$_SESSION['admin']) {
+    http_response_code(403);
+    echo json_encode(['error' => 'Acesso negado']);
+    exit;
+}
+
+$query = isset($_GET['q']) ? sanitize_input($_GET['q'], 100) : '';
+$query = trim($query);
+
+if (mb_strlen($query) < 2) {
+    echo json_encode(['items' => [], 'limit' => 10, 'requiresFilter' => true]);
+    $db->close();
+    exit;
+}
+
+$escaped = str_replace(['%', '_'], ['\\%', '\\_'], $query);
+$idPrefixParam = $escaped . '%';
+$searchParam = '%' . $escaped . '%';
+$limit = 10;
+
+$stmt = $db->prepare("SELECT id, nome, email FROM cache WHERE id LIKE ? ESCAPE '\\\\' OR nome LIKE ? ESCAPE '\\\\' OR email LIKE ? ESCAPE '\\\\' ORDER BY nome ASC LIMIT ?");
+$stmt->bind_param("sssi", $idPrefixParam, $searchParam, $searchParam, $limit);
+$stmt->execute();
+$result = $stmt->get_result();
+
+$items = [];
+while ($row = $result->fetch_assoc()) {
+    $items[] = [
+        'id' => $row['id'],
+        'title' => $row['nome'],
+        'subtitle' => $row['email']
+    ];
+}
+
+$stmt->close();
+$db->close();
+
+echo json_encode(['items' => $items, 'limit' => $limit, 'requiresFilter' => false]);
+?>
diff --git a/admin/api/sala_lookup.php b/admin/api/sala_lookup.php
@@ -0,0 +1,44 @@
+<?php
+header('Content-Type: application/json; charset=utf-8');
+require_once(__DIR__ . '/../../src/db.php');
+require_once(__DIR__ . '/../../func/validation.php');
+if (session_status() === PHP_SESSION_NONE) { session_start(); }
+
+if (!isset($_SESSION['admin']) || !$_SESSION['admin']) {
+    http_response_code(403);
+    echo json_encode(['error' => 'Acesso negado']);
+    exit;
+}
+
+$query = isset($_GET['q']) ? sanitize_input($_GET['q'], 100) : '';
+$query = trim($query);
+
+if (mb_strlen($query) < 2) {
+    echo json_encode(['items' => [], 'limit' => 10, 'requiresFilter' => true]);
+    $db->close();
+    exit;
+}
+
+$escaped = str_replace(['%', '_'], ['\\%', '\\_'], $query);
+$idPrefixParam = $escaped . '%';
+$searchParam = '%' . $escaped . '%';
+$limit = 10;
+
+$stmt = $db->prepare("SELECT id, nome FROM salas WHERE id LIKE ? ESCAPE '\\\\' OR nome LIKE ? ESCAPE '\\\\' ORDER BY nome ASC LIMIT ?");
+$stmt->bind_param("ssi", $idPrefixParam, $searchParam, $limit);
+$stmt->execute();
+$result = $stmt->get_result();
+
+$items = [];
+while ($row = $result->fetch_assoc()) {
+    $items[] = [
+        'id' => $row['id'],
+        'title' => $row['nome']
+    ];
+}
+
+$stmt->close();
+$db->close();
+
+echo json_encode(['items' => $items, 'limit' => $limit, 'requiresFilter' => false]);
+?>
diff --git a/admin/api/tempo_lookup.php b/admin/api/tempo_lookup.php
@@ -0,0 +1,44 @@
+<?php
+header('Content-Type: application/json; charset=utf-8');
+require_once(__DIR__ . '/../../src/db.php');
+require_once(__DIR__ . '/../../func/validation.php');
+if (session_status() === PHP_SESSION_NONE) { session_start(); }
+
+if (!isset($_SESSION['admin']) || !$_SESSION['admin']) {
+    http_response_code(403);
+    echo json_encode(['error' => 'Acesso negado']);
+    exit;
+}
+
+$query = isset($_GET['q']) ? sanitize_input($_GET['q'], 100) : '';
+$query = trim($query);
+
+if (mb_strlen($query) < 2) {
+    echo json_encode(['items' => [], 'limit' => 10, 'requiresFilter' => true]);
+    $db->close();
+    exit;
+}
+
+$escaped = str_replace(['%', '_'], ['\\%', '\\_'], $query);
+$idPrefixParam = $escaped . '%';
+$searchParam = '%' . $escaped . '%';
+$limit = 10;
+
+$stmt = $db->prepare("SELECT id, horashumanos FROM tempos WHERE id LIKE ? ESCAPE '\\\\' OR horashumanos LIKE ? ESCAPE '\\\\' ORDER BY horashumanos ASC LIMIT ?");
+$stmt->bind_param("ssi", $idPrefixParam, $searchParam, $limit);
+$stmt->execute();
+$result = $stmt->get_result();
+
+$items = [];
+while ($row = $result->fetch_assoc()) {
+    $items[] = [
+        'id' => $row['id'],
+        'title' => $row['horashumanos']
+    ];
+}
+
+$stmt->close();
+$db->close();
+
+echo json_encode(['items' => $items, 'limit' => $limit, 'requiresFilter' => false]);
+?>
diff --git a/admin/materiais.php b/admin/materiais.php
@@ -4,7 +4,7 @@
 
 <div class="mb-4">
     <h5>Importar Materiais via CSV</h5>
-    <a href="/assets/csvsample.csv" download>Download do modelo CSV</a>
+    <a href="/assets/csvsample_materiais.csv" download>Download do modelo CSV</a>
     <p class="text-muted small"><strong>Nota:</strong> Para obter o RoomID de uma sala, consulte a gestão de salas ou use a listagem abaixo.</p>
     <p class="small" style="color:red;font-weight:bold;">Deve de consultar o manual do administrador para mais informações.</p>
     <form action="materiais.php?action=import" method="POST" enctype="multipart/form-data" class="d-flex align-items-center justify-content-center">
@@ -53,7 +53,7 @@
         $errors = [];
         $lineNumber = 0;
 
-        while (($data = fgetcsv($tempFile, 0, ';')) !== FALSE) {  // Changed: Added ';' as delimiter
+        while (($data = fgetcsv($tempFile, 0, ',')) !== FALSE) {
             $lineNumber++;
 
             // Skip empty lines