science-ation/api.php

<?
/* 
   This file is part of the 'Science Fair In A Box' project
   SFIAB Website: http://www.sfiab.ca

   Copyright (C) 2010 Youth Science Ontario <info@youthscienceontario.ca>
   Copyright (C) 2010 James Grant <james@lightbox.org>

   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public
   License as published by the Free Software Foundation, version 2.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; see the file COPYING.  If not, write to
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
*/
?>
<?
include "common.inc.php";
require_once("common.inc.functions.php");
require_once("account.inc.php");
require_once("user.inc.php");
require_once("schedule.inc.php");
require_once("register_participants.inc.php");
require_once("projects.inc.php");
if($_SERVER['HTTPS']!="on" && !$API_DONT_REQUIRE_SSL) {
	$ret['status']="error";
	$ret['error']="SSL is required for API access, please access the API over https";
	echo json_encode($ret);
	exit;
}
$request=explode("/",$_GET['request']);
$ret=array();

$logPath = get_logpath();
$fout = fopen("$logPath/api.log", "a");
fwrite($fout, " --- request at " . date("Y-m-d H:i:s") . " ---\n");
fwrite($fout, "\$_GET = \n" . print_r($_GET, true) . "\n");
fwrite($fout, "\$_POST = \n" . print_r($_POST, true) . "\n");
fwrite($fout, "\$_SESSION = \n" . print_r($_SESSION, true) . "\n");
ob_start();

switch($request[0]) {
	case 'config':
		switch($request[1]){
			/*	APIDOC: config/variables
				description(retreives the entire configuration variables, minus ones that cant be included (like passwords)
				return(config array)
			*/
			case 'variables':
				$exclude=array("judge_registration_singlepassword","volunteer_registration_singlepassword","participant_registration_singlepassword","fairmanageremail");
				$configapi=$config;
				foreach($exclude AS $e) {
					unset($configapi[$e]);
				}
				$ret['status']="ok";
				$ret['config']=$configapi;
			break;

			/*	APIDOC: config/divisions
				description(retreives the list of divisions)
				return(divisions array)
			*/
			case 'divisions':
				$divs=projectdivisions_load();
				$ret['status']="ok";
				$ret['divisions']=$divs;
			break;

			/*	APIDOC: config/subdivisions
				description(retreives the list of subdivisions)
				return(subdivisions array)
			*/
			case 'subdivisions':
				$subdivs=projectsubdivisions_load();
				$ret['status']="ok";
				$ret['subdivisions']=$subdivs;
			break;

			/*	APIDOC: config/categories
				description(retreives the list of age categories)
				return(categories array)
			*/
			case 'categories':
				$cats=projectcategories_load();
				$ret['status']="ok";
				$ret['categories']=$cats;
			break;

		}
	break;

	case 'locations':
		switch($request[1]){
			case 'list':
				/*	APIDOC: locations/list
					description(lists locations at the current conference)
					return(locations array)
				*/
				$locationData = getLocationList($_SESSION['conferences_id']);
				if(is_array($locationData)){
					$ret['status'] = 'ok';
					$ret['locations'] = $locationData;
				}else{
					$ret['status'] = 'error';
					$ret['error'] = $locationData;
				}
				break;
			default:
				$ret['status'] = 'error';
				$ret['error']="Invalid API command ({$request[1]})";
		}
		break;
	case "schedule":
		$u = user_load($_SESSION['users_id']);
		$school_id = null;
		if($u['schools_id']) {
			$school_id=$u['schools_id'];
		}else{
			$ret['status'] = 'error';
			$ret['error']="Not connected to a school";
			break;
		}

		switch($request[1]){
			case 'list':
				/*	APIDOC: events/list
					description(gets a list of all events at the current conference, and team information if applicable)
					return(events array)
				*/
				$eventData = getEventList($_SESSION['conferences_id'], $school_id);
				if(is_array($eventData)){
					$ret['status'] = 'ok';
					$ret['events'] = $eventData;
				}else{
					$ret['status'] = 'error';
					$ret['error'] = $eventData;
				}
				break;

			case 'register':
				/*	APIDOC: schedule/register
					description(register a team for a scheduled event)
					post(team_id integer, schedule_id integer)
					return(results array)
				*/
				if(!array_key_exists('team_id', $_POST)){
					$ret['status'] = "error";
					$ret['error'] = 'team_id (integer) is required';
				}else if(!array_key_exists('schedule_id', $_POST)){
					$ret['status'] = "error";
					$ret['error'] = 'schedule_id (integer) is required';
				}else{
					$ret['status'] = 'ok';
					$ret['registration'] = registerTeamInEvent($_SESSION['conferences_id'], $_POST['schedule_id'], $_POST['team_id']);
				}
				break;

			case 'unregister':
				/*	APIDOC: schedule/register
					description(unregister a team for a scheduled event)
					post(team_id integer, schedule_id integer)
					return(results array)
				*/
				if(!array_key_exists('team_id', $_POST)){
					$ret['status'] = "error";
					$ret['error'] = 'team_id (integer) is required';
				}else if(!array_key_exists('schedule_id', $_POST)){
					$ret['status'] = "error";
					$ret['error'] = 'schedule_id (integer) is required';
				}else{
					$ret['status'] = 'ok';
					$ret['registration'] = unregisterTeamInEvent($_SESSION['conferences_id'], $_POST['schedule_id'], $_POST['team_id']);
				}
				break;

			default:
				$ret['status'] = 'error';
				$ret['error']="Invalid API command ({$request[1]})";

		}
		
		break;
	case "conferences":
		/*	APIDOC: conferences/switch
			description(switches the active conference)
			post(conferences_id integer)
			return(conferences_id integer)
		*/
		if($request[1]=="switch") {
			if($_POST['conferences_id']) {
				//this makes sure its valid and sets the sessiona
				$cid = intval($_POST['conferences_id']);
				if(switchConference($cid)){

					//get rid of their current roles, and load their record for the new conference
					if(is_array($_SESSION['roles'])) {
						$_SESSION['roles']=array();
						user_conference_load($_SESSION['accounts_id'], $cid);
					}
					$ret['status']="ok";
					$ret['conferences_id'] = $cid;
				}else{
					// not a valid conference id
					$ret['status'] = "error";
					$ret['error'] = "Conference ID #$cid is either inactive or invalid";
				}
			} else {
				$ret['status']="error";
				$ret['error']='conferences_id (integer) is required';
			}
		}
		/*	APIDOC: conferences
			description(lists all conferences)
			return(conferences array)
		*/
		else {
			$ret['status']="ok";
			$ret['conferences']=array();

			$response=array();
			$q=mysql_query("SELECT id,name,type,status,copyoriginal,copyparent FROM conferences ORDER BY id");
			while($r=mysql_fetch_assoc($q)) {
				$response[]=$r;
			}
			$ret['conferences']=$response;
		}
		break;

	case "dates":
		/*	APIDOC: dates
			description(list dates for active conference)
			return(dates array)
		*/
		/*	APIDOC: dates/<conferences_id integer>
			description(list dates for specified conference)
			return(dates array)
		*/
		if($request[1]) {
			$cid=intval($request[1]);
		}
		else 
			$cid=$_SESSION['conferences_id'];

		$ret['status']="ok";
		$ret['dates']=array();
		$q=mysql_query("SELECT date,name,description FROM dates WHERE conferences_id='$cid' ORDER BY date");
		$dates=array();
		while($r=mysql_fetch_assoc($q)) {
			$dates[]=$r;
		}
		$ret['conferences_id']=$cid;
		$ret['dates']=$dates;
	break;

	case "account":
		switch($request[1]) {
			/*	APIDOC: account/create
				description(creates an account)
				post(username varchar(64), password varchar(64) optional, email varchar(64) optional)
				return(account array)
			*/
			case 'create':
				$user = trim($_POST['username']);
				$pass = trim($_POST['password']);
				$email = trim($_POST['email']);
				if($user) {
					if($pass) $p=$pass; else $p=NULL;
					$a=account_create($user,$p);
					if(is_array($a)) {
						if($email)
							account_set_email($a['id'],$email);
						else if(isEmailAddress($user))
							account_set_email($a['id'],$user);

						$account=account_load($a['id']);
						$ret['status']="ok";
						$ret['account']=$account;
					}else{
						$ret['status'] = "error";
						$ret['error'] = $a;
					}
				} else {
					$ret['status']="error";
					$ret['error']="username (varchar 64) and password (varchar 64) are required ";
				}
			break;

			/*	APIDOC: account/view
				description(view account information for currently logged in account)
				object(account: {id,username,link_username_to_email enum(no,yes),passwordset date,email,pendignemail,superuser enum(no,yes),deleted enum(no,yes),deleted_datetime datetime,created datetime})
				return(account array)
			*/
			case 'view':
				if(isset($_SESSION['accounts_id'])) {
					$a = account_load($_SESSION['accounts_id']);
					$ret['status']='ok';
					$ret['account']=$a;
				}
				else {
					$ret['status']="error";
					$ret['error']="You are not logged in";
				}
			break;

			/*	APIDOC: account/edit
				description(edits an account)
				post(account array)
				object(account: {id,username,password,link_username_to_email enum(no,yes),email})
				return(account array)
			*/
			case 'edit':
				if(isset($_SESSION['accounts_id'])) {
					$account=json_decode($_POST['account'],true);
					if($account['id']!=$_SESSION['accounts_id']) {
							$ret['status'] = "error";
							$ret['error'] = "Account id mismatch"; 
							break;
					}
					
					$result = account_update_info($account);
					if($result == 'ok'){
						$a = account_load($_SESSION['accounts_id']);
						$ret['status'] = 'ok';
						$ret['account'] = $a;
					}else{
						
						$ret['status'] = "error";
						$ret['error'] = $result;
					}

				}else{
					$ret['status']="error";
					$ret['error']="You are not logged in";
				}
				
			break;

			default:
				$ret['status']="error";
				$ret['error']="invalid account command";
		}
	break;

	case "auth":
		/*	APIDOC: auth/login
			description(login to an account)
			post(username varchar(64), password varchar(64), conferences_id integer optional)
			return(account array, roles array, conferences_id integer)
		*/
		if($request[1]=="login") {
			$user = $_POST['username'];
			$pass = $_POST['password'];
			$cid = $_POST['conferences_id'];

			$accounts_id = try_login($user, $pass);
			if($accounts_id == false) {
				$ret['status']="error";
				$ret['error']="Invalid Username/Password";
			} 
			else {
				$a = account_load($accounts_id);
				$_SESSION['username']=$a['username'];
				$_SESSION['email']=$a['email'];
				$_SESSION['accounts_id']=$accounts_id;
				$_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no';

				if(!$cid) $cid=$_SESSION['conferences_id'];
				$u = user_load(null, $accounts_id);

				if(is_array($u)){
					$_SESSION['users_id'] = $u['id'];
					$_SESSION['roles'] = $u['roles'];
					$p = getProject($u['id']);
					if(is_array($p)) {
						$_SESSION['registration_id'] = $p['registrations_id'];
						$_SESSION['registration_number'] = $p['registration_number'];
					}else
						$_SESSION['error'] = "project not found: $p";
						
				}
				else{
					$_SESSION['roles']=array();
					$_SESSION['error'] = "user not found";
				}

				$ret['conferences_id']=$cid;
				$ret['status']="ok";
				$ret['account']=$a;
				//$ret['user']=user_load($_SESSION['users_id']);
				$ret['roles']=$_SESSION['roles'];
			}
		}
		/*	APIDOC: auth/logout
			description(logs out of an account)
			return(account array)
		*/
		else if($request[1]=="logout") {
			unset($_SESSION['username']);
			unset($_SESSION['email']);
			unset($_SESSION['accounts_id']);
			unset($_SESSION['superuser']);
			unset($_SESSION['roles']);
			unset($_SESSION['users_id']);
			unset($_SESSION['name']);
			unset($_SESSION['registration_id']);
			unset($_SESSION['registration_number']);
			$ret['status']="ok";
		}
		else {
			$ret['status']="error";
			$ret['error']="invalid auth command";
		}
	break;

	case "testauth":
		if($request[1]) {
			$ok=api_user_auth_required($request[1]);
		}
		else {
			$ok=api_user_auth_required();
		}

		if($ok['status']=="ok") {
			$ret['status']='ok';
		}
		else {
			$ret['status']="error";
			$ret['error']=$ok['error'];
		}

	break;
	case "scienceolympics":
		$chk=api_user_auth_required('teacher');
		if($chk['status']!="ok") {
			$ret['status']="error";
			$ret['error']=$chk['error'];
			break;
		}
		$u=user_load($_SESSION['users_id']);
		if(!$u['schools_id']) {
			$ret['status']="error";
			$ret['error']='Your teacher account is not attached to any school';
			break;
		}
		$school_id=$u['schools_id'];

		require_once("so_teams.inc.php");
		switch($request[1]) {
			case "teams":
				switch($request[2]) {
					/*	APIDOC: scienceolympics/teams/list
						description(lists the schools science olympics teams)
						return(teams array)
					*/
					case "list":
						$q=mysql_query("SELECT id,name FROM so_teams WHERE schools_id='{$u['schools_id']}' AND conferences_id='{$conference['id']}'");
						$ret['status']='ok';
						$teams=array();
						while($r=mysql_fetch_assoc($q)) {
							$teams[]=$r;
						}
						$ret['teams']=$teams;
					break;
					/*	APIDOC: scienceolympics/teams/add
						description(add a science olympics team to the logged in teacher's school)
						post(teamname varchar(64))
						return(team array);
					*/
					case "add":
						if($_POST['teamname']) {
							if($team=so_team_add($school_id,$conference['id'],$_POST['teamname'])) {
								$ret['team']=$team;
								$ret['status']="ok";
							}
							else {
								$ret['status']='error';
								$ret['error']='could not add team';
							}
						} else {
								$ret['status']='error';
								$ret['error']='teamname (varchar 64) is required';
						}
					break;
					/*	APIDOC: scienceolympics/teams/edit
						description(edit a science olympics team)
						post(id integer, teamname varchar(64))
						return(team array);
					*/
					case "edit":
						if($_POST['id'] && $_POST['teamname']) {
							if($team=so_team_edit($school_id,$_POST['id'],$_POST['teamname'])) {
								$ret['status']="ok";
								$ret['team']=$team;
							}
							else {
								$ret['status']='error';
								$ret['error']='could not edit team';
							}
						}
						else {
								$ret['status']='error';
								$ret['error']='id (integer), teamname (varchar 64) are required';
						}
					break;
					/*	APIDOC: scienceolympics/teams/delete
						description(delete a science olympics team)
						post(id integer)
					*/
					case "delete";
						if($_POST['id']) {
							if(so_team_delete($school_id,$_POST['id'])) {
								$ret['status']="ok";
							}
							else {
								$ret['status']='error';
								$ret['error']='could not delete team';
							}
						} else {
								$ret['status']='error';
								$ret['error']='id (integer) is required';
						}

					break;
					default:
						$ret['status']="error";
						$ret['error']="invalid scienceolympics/teams command ({$request[2]})";
					break;

				}
			break;
			default:
				$ret['status']="error";
				$ret['error']="invalid scienceolympics command ({$request[1]})";
			break;
		}
	break;
	case 'user':
		$chk=api_user_auth_required();
		if($chk['status']!="ok") {
			$ret['status']="error";
			$ret['error']=$chk['error'];
			break;
		}

		switch($request[1]) {
			/*	APIDOC: user/view
				description(view user information for current conference)
				return(user array)
			*/
			case "view":
				if($u=user_load($_SESSION['users_id'])) {
					//we dont need to send the 'orig' part of it
					unset($u['orig']);
					$ret['status']="ok";
					$ret['user']=$u;
				}
				else {
					$ret['status']="error";
					$ret['error']="Error loading user";
				}
			break;

			/*	APIDOC: user/edit
				description(edit user information for current conference)
				post(user array)
				return(user array)
			*/
			case "edit":
				if($origu=user_load($_SESSION['users_id'])) {
					$u=json_decode($_POST['user'],true);
					if(!is_array($u))  {
						$ret['status']="error";
						$ret['error']="user (array) is required.";
						break;
					}

					if($origu['id']!=$u['id']) {
						$ret['status']="error";
						$ret['error']="User ID mismatch";
						break;
					}

					$u['orig']=$origu['orig'];
					$result = user_save($u);
					if($result == 'ok') {
						$ret['status']="ok";
						$ret['user']=$u;
					} else {
						$ret['status']="error";
						$ret['error']=$result;
					}
				}
				else {
					$ret['status']="error";
					$ret['error']="Error loading user in order to edit";
				}
			break;

			/*	APIDOC: user/connect_to_school
				description(connects the current user to the specified school using the school's access code)
				post(schools_id integer, accesscode varchar(16))
				return(school array)
			*/
			case 'connect_to_school':
				if($u = user_load($_SESSION['users_id'])) {
					$schoolId = mysql_real_escape_string($_POST['schools_id']);
					$accesscode = mysql_real_escape_string($_POST['accesscode']);
					if(user_set_school($u, $schoolId, $accesscode)){
						$ret['status'] = "ok";
						$ret['school'] = mysql_fetch_assoc(mysql_query("SELECT school, phone, fax, address, city, province_code AS province, postalcode FROM schools WHERE id = $schoolId"));
					}else{
						$ret['status'] = "error";
						$ret['error'] = "Error matching schools_id and accesscode";
					}
				}else{
					$ret['status'] = "error";
					$ret['error'] = "Error loading user";
				}
	
				
			break;

			/*	APIDOC: user/invite
				description(invites a user to play a particular role in the conference, creating an account for them, and giving them the specifed role)
				post(username varchar(64), password varchar(64), email varchar(64), roles_id integer)
				return(user array)
			*/
			case 'invite':
				// let's make sure we have all of the data posted
				$ok = true;
				foreach(array('username' => 'varchar(64)', 'password' => 'varchar(64)', 'email' => 'varchar(64)', 'roles_id' => 'integer') as $field => $format){
					if(!array_key_exists($field, $_POST)){
						$ret['status'] == 'error';
						$ret['error'] = "$field ($format) is required";
						$ok = false;
						break;
					}
				}

				if($ok){
					$newUser = user_invite($_POST['username'], $_POST['password'], $_POST['email'], $_POST['roles_id']);
					if(is_array($newUser)){
						$ret['status'] = 'ok';
						$ret['user'] = $newUser;
					}else{
						$ret['status'] = 'error';
						$ret['error'] = $newUser;
					}
				}
			break;

			/*	APIDOC: user/uninvite
				description(uninvite a user from a particular role in the conference, removing only the role, not the user)
				post(users_id integer, roles_id integer)
				return(user array)
			*/
			case 'uninvite':
				if(!array_key_exists('users_id', $_POST)){
					$ret['status'] = 'error';
					$ret['error'] = 'parameter users_id required';
					break;
				}

				if(!array_key_exists('roles_id', $_POST)){
					$ret['status'] = 'error';
					$ret['error'] = 'parameter roles_id required';
					break;
				}
				
				$result = user_uninvite($_POST['users_id'], $_POST['roles_id']);

				if(is_array($result)){
					$ret['status'] = 'ok';
					$ret['user'] = $result;
				}else{
					$ret['status'] = 'error';
					$ret['error'] = $result;
				}
			break;

			/*	APIDOC: user/list
				description(list users of the specified role in this conference that the current user has permission to view/modify)
				post(roles_id integer)
				return(list array)
			*/
			case 'list':
				if(!array_key_exists('roles_id', $_POST)){
					$ret['status'] = 'error';
					$ret['error'] = 'parameter roles_id required';
				}else{
					$result = user_list_modifiable($_POST['roles_id']);
					if(is_array($result)){
						$ret['status'] = 'ok';
						$ret['list'] = $result;
					}else{
						$ret['status'] = 'error';
						$ret['error'] = $result;
					}
				}
			break;

			case 'displayname':
				$chk=api_user_auth_required('participant');
				if($chk['status']!="ok") {
					$ret['status']="error";
					$ret['error']=$chk['error'];
					break;
				}
				switch($request[2]){
					/*	APIDOC: user/displayname/get
						description(Get the current display name for this user, and whether or not it's been confirmed)
						return(displayname array)
					*/
					case 'get':
						$ret['status'] = 'ok';
						$ret['displayname'] = array(
							'name' => user_get_displayname($_SESSION['users_id']),
							'confirmed' => user_displayname_confirmed($_SESSION['users_id'])
						);
					break;

					/*	APIDOC: user/displayname/confirm
						description(mark the display name as being correct)
					*/
					case 'confirm':
						user_confirm_displayname($_SESSION['users_id']);
						$ret['status'] = 'ok';
					break;
				}
			break;
		}

	break;

	case "role":
		//these ones dont need to be authenticated
		switch($request[1]) {
			/*	APIDOC: role/list
				description(list roles and their corresponding registration types)
				return(roles array)
			*/
			case "list":
				$q=mysql_query("SELECT * FROM roles ORDER BY name");
				$reqroles=array();
				while($r=mysql_fetch_assoc($q)) {
					//if the whole type is not enabled, then report 'not available', no matter what the _registration_type says
					if($config[$r['type']."_enable"]=="no") {
						$r['registration']="not available";
					}
					else {
						if($config[$r['type']."_registration_type"]) {
							$r['registration']=$config[$r['type']."_registration_type"];
						}
						else
							$r['registration']="not available";
					}
					$reqroles[]=$r;
				}
				$ret['status']="ok";
				$ret['roles']=$reqroles;

			break;

			/*	APIDOC: role/add
				post(role_id integer, password varchar(64) optional)
				description(add a role for the user to the current conference. Depending on the registraiton type, an optional password (singlepassword, schoolpassword, etc) can be specified)
				return(role array)
			*/
			case "add":
				$chk=api_user_auth_required();
				if($chk['status']!="ok") {
					$ret['status']="error";
					$ret['error']=$chk['error'];
					break;
				}

				$role_id=intval($_POST['role_id']);
				$password=trim($_POST['password']);
				if($password)
					$addstatus=account_add_role($_SESSION['accounts_id'],$role_id,$conference['id'],$password);
				else 
					$addstatus=account_add_role($_SESSION['accounts_id'],$role_id,$conference['id']);

				switch($addstatus) {
					case "ok":
						$ret['status']="ok";
						updateSessionRoles();
						break;
					case "invalidrole": $ret['status']="error"; $ret['error']="Invalid role"; break;
					case "invalidrole(invite only)": $ret['status']="error"; $ret['error']="Invalid role - registation by invite only"; break;
					case "invalidrole(account_add_role_allowed)": $ret['status']="error"; $ret['error']="Invalid role - account_add_role_allowed said no"; break;
					case "invalidaccount": $ret['status']="error"; $ret['error']="Invalid account"; break;
					case "invalidconference": $ret['status']="error"; $ret['error']="Invalid conference"; break;
					case "invalidpassword": $ret['status']="error"; $ret['error']="Invalid password for role"; break;
					default: $ret['status']="error"; $ret['error']="unknown role add error. addstatus=[$addstatus]";
				}
			break;

			/*	APIDOC: role/remove
				post(role_id integer)
				description(remove a role from the user for the current conference)
				return(role array)
			*/
			case "remove":
				$chk=api_user_auth_required();
				if($chk['status']!="ok") {
					$ret['status']="error";
					$ret['error']=$chk['error'];
					break;
				}

				$role_id=intval($_POST['role_id']);
				$removestatus=account_remove_role($_SESSION['accounts_id'],$role_id,$conference['id']);

				switch($removestatus) {
					case "ok":
						$ret['status']="ok";
						updateSessionRoles();
						break;
					case "invalidrole": $ret['status']="error"; $ret['error']="Invalid role"; break;
					case "invalidaccount": $ret['status']="error"; $ret['error']="Invalid account"; break;
					case "invalidconference": $ret['status']="error"; $ret['error']="Invalid conference"; break;
					default: $ret['status']="error"; $ret['error']="unknown role remove error";
				}

			break;

			default:
				$ret['status']="error";
				$ret['error']="invalid role command ({$request[1]})";
		}
	break;

	case 'registration':
		switch($request[1]){
			/*	APIDOC: registration/fields
				description(retreives the list of fields to be asked for in order to complete registration for a specific set of roles.  If an array of roles is passed in it retrieves the fields for those roles, if no roles are passed in, then it uses the roles from the currently logged in user)
				post(roles[] array) optional
				return(fields array)
			*/
			case 'fields':
				if(is_array($_POST['roles'])) {
					$reqroles=$_POST['roles'];
				} else {
					$reqroles=json_decode($_POST['roles'],true);
				}
				if(is_array($reqroles)) {
					for($x=0;$x<count($reqroles);$x++) {
						if(is_numeric($reqroles[$x]))
							$reqroles[$x]=$roles_by_id[$reqroles[$x]]['type'];
						if(!array_key_exists($reqroles[$x],$roles))
							unset($reqroles[$x]);
					}
					$ret['status']="ok";
					$ret['roles']=$reqroles;
					$ret['fields']=user_get_fields($reqroles);
				} else {
					//load the currently logged in user
					if($_SESSION['users_id']) {
						$u = user_load($_SESSION['users_id']);
						if(is_array($u['roles']) && count($u['roles']>0)) {
							$ret['status']="ok";
							$ret['roles']=array_keys($u['roles']);
							$ret['fields']=user_get_fields(array_keys($u['roles']));
						} else {
							$ret['status']="error";
							$ret['error']="Currently logged in user has no roles";
						}
					} else {
						$ret['status']="error";
						$ret['error']="No roles submitted and not logged in";
					}
				}
			break;
			/*	APIDOC: registration/dictionary
				description(retrieves a list of all user fields with their label and category information)
				return(dictionary array)
			*/
			case 'dictionary':
				$ret['status'] = 'ok';
				if(is_array($conference) && array_key_exists('id', $conference)){
					$ret['dictionary'] = user_get_field_info();
				}else{
					$ret['dictionary'] = user_get_field_info(true);
				}
			break;

			/*	APIDOC: registration/view
				description(registration information about the currently logged in users registration)
				object(registration: {id,num,status,end,nummentors,numstudents,students array of student,status array,project array})
				object(student: {id,accounts_id,username,firstname,lastname,complete})
				object(project: {id,projectnumber,title})
				return(registration array)
			*/
			case 'view':
				$chk=api_user_auth_required('participant');
				if($chk['status']!="ok") {
					$ret['status']="error";
					$ret['error']=$chk['error'];
					break;
				}

				if(!$_SESSION['registration_id']) {
					$ret['status']="error";
					$ret['error']="No registration has been created or joined yet";
					break;
				}

				// be logged in as a student in order to create a project
				$r=getRegistration($_SESSION['registration_id']);
				if($r) {
					$ret['status']="ok";
					$ret['registration']=$r;
				}
				else {
					$ret['status'] = 'error';
					$ret['error']="Invalid registration id";
				}
				break;
			default:

			/*	COMMENTEDOUT because there's nothing to be saved!: registration/edit
				description(update registration information)
				post(registration array)
				return(registration array)
			*/
			/*
			case 'edit':
				$chk=api_user_auth_required('participant');
				if($chk['status']!="ok") {
					$ret['status']="error";
					$ret['error']=$chk['error'];
					break;
				}

				if(!$_SESSION['registration_id']) {
					$ret['status']="error";
					$ret['error']="No registration has been created or joined yet";
					break;
				}
				// be logged in as a student in order to create a project
				$r=json_decode($_POST['registration'],true);
				if(is_array($r)) {
					$ret['status']='ok';
					$newreg=saveRegistrationData($r);
					$ret['registration']=$newreg;
				} else {
					$ret['status']='error';
					$ret['error']="registration array required";
				}

			break;
			*/


			default:
				$ret['status']="error";
				$ret['error']="invalid registration API command ({$request[1]})";
		}
	break;

	case 'school':
		switch($request[1]){
			/*	APIDOC: school/list
				description(list schools)
				return(schools array)
			*/
			case 'list':
				$ret['schools'] = get_schools($conference['id']);
				$ret['status'] = 'ok';
			break;

			default:
				$ret['status']="error";
				$ret['error']="invalid school API command ({$request[1]})";
		}
	break;

	case 'project':
		$chk=api_user_auth_required('participant');
		if($chk['status']!="ok") {
			$ret['status']="error";
			$ret['error']=$chk['error'];
			break;
		}
/*
	Originally, the student status was supposed to be complete before they could manage projects.  Should
	this still be true?  If so, this code needs to be unremarked, and the subsets within /project checked
	to see if it applies to all of them.  If not, the remove this currently remarked block.
*/
/*
		$sStatus = studentStatus();
		if($sStatus != 'complete'){
			$ret['status'] = "error";
			$ret['error'] = "student information must be completed before managing projects - " . $sStatus;
			break;
		}
*/
		switch($request[1]){
			/*	APIDOC: project/add
				post(project array optional)
				description(add a project.  Will create a blank project if there's no input, otherwise, creates a project based on the project array passed in)
				return(project array)
			*/
			case 'add':
				// be logged in as a student in order to create a project
				$user = user_load($_SESSION['users_id']);
				if(!$user || !in_array('participant', $_SESSION['roles'])){
					$ret['status'] = 'error';
					$ret['error'] = "You must be logged in as a participant to create a project";
					break;
				}

				// we start by creating a registration
				$regdat = addRegistration($_SESSION['users_id']);
				if(!is_array($regdat)){
					$ret['status'] = 'error';
					$ret['error'] = $regdat;
					break;
				}

				// now we add a project to that registration
				$newproject = addProject($regdat['registrations_id']);
				if(!is_array($newproject)){
					$ret['status'] = 'error';
					$ret['error'] = $newproject;
					break;
				}

				// if we got this far, then all's good and we can return the project data
				$_SESSION['registration_id'] = $regdat['registrations_id'];
				$_SESSION['registration_number'] = $regdat['registration_number']; 

				if($_POST['project']) {
					$project=json_decode($_POST['project'],true);
					if(!is_array($project))  {
						$ret['status']="error";
						$ret['error']="project needs to be a project array";
						break;
					}
					$project['id']=$newproject['id'];

					$message = saveProjectData($project);
					if($message == 'success'){
						$ret['status'] = 'ok';
						$ret['project'] = getProject($_SESSION['users_id']);
					}else{
						$ret['status'] = 'error';
						$ret['error'] = $message;
					}
				}
				else {
					$ret['status'] = 'ok';
					$ret['project'] = getProject($_SESSION['users_id']);
				}

			break;

			/*	APIDOC: project/view
				description(Displays the current project information)
				return(project array)
				object(project: {project_id integer, projectdivisions_id integer, title varchar(255), language char(2), req_electricity enum('no', 'yes'), req_table enum('no', 'yes'), req_special varchar(128), summary text, nummentors integer, numstudents integer, safetyquestions array of question, specialawards array of specialaward})
				object(question: {id,question,type,required,ord,answer})
				object(specialaward: {id,name,criteria,self_nominate,selected})
			*/
			case 'view':
				if($u=user_load($_SESSION['users_id'])) {
					$p=getProject($_SESSION['users_id']);
					if(is_array($p)) {
						$ret['status'] = 'ok';
						$ret['project'] = $p;
					}
					else {
						$ret['status'] = 'error';
						$ret['error'] = 'no project';
					}
				}else{
					$ret['status'] = 'error';
					$ret['error'] = 'unabe to load current user';
				}

			break;
			/*	APIDOC: project/edit
				post(project array)
				description(Edit an existing project.  "language" notes the language a participant wishes to be judged in. "req_electricity" notes whethor or not the project requires an electrical outlet. "req_table" states whether or not the project needs a table. "req_special" is a field for special requirements.)
				object(project: as per project/view)
				object(question: for sake of not re-transmitting all the safetyquestion text, the only fields required to save are {id,answer})
				object(specialaward: for sake of not re-transmitting all the specialaward text, the only fields required to save are {id,selected})
				return(project array)
			*/
			case 'edit':
				$project=json_decode($_POST['project'],true);
				if(!is_array($project))  {
					$ret['status']="error";
					$ret['error']="project (array) is required.";
					break;
				}

				$message = saveProjectData($project);
				if($message == 'success'){
					$ret['status'] = 'ok';
					$ret['project'] = getProject($_SESSION['users_id']);
				}else{
					$ret['status'] = 'error';
					$ret['error'] = $message;
				}
			break;

			/*	APIDOC: project/join
				post(registration_number integer, email varchar(64))
				description(join an existing project, identified and confirmed by the registration number and e-mail address stored in the registrations table)
			*/
			case 'join':
				if(!(array_key_exists('registration_number', $_POST) && array_key_exists('email', $_POST))){
					$ret['status'] = "error";
					$ret['error'] = "Missing required parameters";
					break;
				}
				$result = joinProject($_POST['registration_number'], $_POST['email']);
				if($result == "ok"){
					$_SESSION['registration_id'] = getRegistrationsId($_SESSION['users_id']);
					$_SESSION['registration_number'] = $_POST['registration_number'];
					$ret['status'] = "ok";
				}else{
					$ret['status'] = "error";
					$ret['error'] = $result;
				}
			break;

			/*	APIDOC: project/remove
				description(remove the current user from an existing project.  If no other users are in the project, then it is deleted.)
			*/
			case 'remove':
				$regId = getRegistrationsId($_SESSION['users_id']);
				if(!$regId){
					$ret['status'] = 'error';
					$ret['error'] = 'current user not associated with a project';
					break;
				}

				$result = removeProject($regId);
				if($result != 'ok'){
					$ret['status'] = "error";
					$ret['error'] = $result;
					break;
				}
				unset($_SESSION['registration_id']);
				unset($_SESSION['registration_number']);
				$ret['status'] = 'ok';
			break;

			case 'mentor':
				switch($request[2]){
					/*	APIDOC: project/mentor/edit
						post(mentors array of mentor arrays)
						object(mentor: {id,firstname,lastname,email,phone,organization,position,description})
						object(mentors: {mentor,...})
						description(edit a list of project mentors or add new ones if a mentor array has no id)
						return(mentors array of mentor arrays)
					*/
					case 'edit':
						if(!array_key_exists('mentors', $_POST)){
							$ret['status'] = "error";
							$ret['error'] = "mentors array parameter required";
							break;
						}
						$errors = array();
						$mentorList = json_decode($_POST['mentors'],true);
						if(!is_array($mentorList)) {
							$ret['status'] = "error";
							$ret['error'] = "mentors array parameter must be an array of mentors (or an empty array if no mentors)";
							break;
						}
						foreach($mentorList as $mentor){
							if(!is_array($mentor)){
								$errors[] = "Invalid mentor data: $mentor";
								continue;
							}
							if($mentor['id']) {
								$result = saveMentorData($mentor);
							}
							else {
								$result = addMentor($_SESSION['registration_id']);
								$mentor['id']=$result['id'];
								$result = saveMentorData($mentor);
							}
							if($result != 'ok') $errors[] = $result;
						}
						if(!count($errors)){
							$ret['status'] = 'ok';
							$ret['mentors']= getMentors($_SESSION['registration_id']);
						}else{
							$ret['status'] = 'error';
							$ret['error'] = '(' . implode('), (', $errors) . ')';
						}
					break;

					/*	APIDOC: project/mentor/remove
						post(id integer)
						description(remove a project mentor with the specified id)
					*/
					case 'remove':
						if(!array_key_exists('id', $_POST)){
							$ret['status'] = "error";
							$ret['error'] = "mentor id parameter required";
							break;
						}
						$result = removeMentor($_POST['id']);
						if($result == 'ok'){
							$ret['status'] = 'ok';
						}else{
							$ret['status'] = 'error';
							$ret['error'] = $result;
						}
					break;

					/*	APIDOC: project/mentor/view
						description(list project mentors)
						return(mentors array of mentor arrays)
					*/
					case 'view':
						if(!array_key_exists('registration_id', $_SESSION)){
							$ret['status'] = "error";
							$ret['error'] = 'current user not associated with a project';
							break;
						}
						$result = getMentors($_SESSION['registration_id']);
						if(is_array($result)){
							$ret['status'] = 'ok';
							$ret['mentors'] = $result;
						}else{
							$ret['status'] = "error";
							$ret['error'] = $result;
						}
					break;

					default:
						$ret['status']="error";
						$ret['error']="invalid project API command ({$request[2]})";
				}
			break;

			/*	APIDOC: project/signatureform
				description(generate and download the signature page PDF for the currently logged in user/project, as a BASE64 ENCODED string)
				return(pdf base64 encoded string)
			*/
			case 'signatureform':
				ob_start();
				//this tells it to simply return the [S]tring instead of outputting headers to force pdf display in a browser
				$PDFDEST="S";
				include "register_participants_signature.php";
				$c=ob_get_contents();
				ob_end_clean();
				$b64=base64_encode($c);

				$fptmp=fopen("tmp.pdf","w");
				fwrite($fptmp,$c);
				fclose($fptmp);
/*
				$fptmp=fopen("tmp.b64","w");
				fwrite($fptmp,$b64);
				fclose($fptmp);
				*/

				$ret['status']="ok";
				$ret['pdf']=$b64;
			break;

			default:
				$ret['status']="error";
				$ret['error']="invalid project API command ({$request[1]})";
		}
	break;

	default:
		$ret['status']="error";
		$ret['error']="invalid API command ({$request[0]})";

}
fwrite($fout, "result = \n" . print_r($ret, true) . "\n");
$output=ob_get_contents();
fwrite($fout, "outputbuffer = $output\n");
fclose($fout);
ob_end_clean();
echo json_encode($ret);
?>