arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity
6963b7104b
science-ation/api.php

236 lines
6.0 KiB
PHP
Raw Normal View History

Add conferences and dates api
2010-07-28 21:49:58 +00:00
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2010 Youth Science Ontario <info@youthscienceontario.ca>
Copyright (C) 2010 James Grant <james@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
include "common.inc.php";
Add changes for API Authenication and force API to use SSL
2010-08-24 16:04:12 +00:00
require_once("account.inc.php");
require_once("user.inc.php");
if($_SERVER['HTTPS']!="on") {
$ret['status']="error";
$ret['error']="SSL is required for API access, please access the API over https";
echo json_encode($ret);
exit;
}
Add conferences and dates api
2010-07-28 21:49:58 +00:00
$request=explode("/",$_GET['request']);
Add changes for API Authenication and force API to use SSL
2010-08-24 16:04:12 +00:00
$ret=array();
Add conferences and dates api
2010-07-28 21:49:58 +00:00
switch($request[0]) {
case "conferences":
switch conference API
2010-09-02 17:38:13 +00:00
if($request[1]=="switch") {
if($_POST['conferences_id']) {
//this makes sure its valid and sets teh session
switchConference($_POST['conferences_id']);
Add conferences and dates api
2010-07-28 21:49:58 +00:00
switch conference API
2010-09-02 17:38:13 +00:00
//get rid of their current roles, and load their record for the new conference
if(is_array($_SESSION['roles'])) {
$_SESSION['roles']=array();
user_conference_load($_SESSION['accounts_id'],$_SESSION['conferences_id']);
}
$ret['status']="ok";
} else {
$ret['status']="error";
$ret['error']='conferences_id (integer) is required';
}
}
else {
$ret['status']="ok";
$ret['conferences']=array();
$response=array();
$q=mysql_query("SELECT id,name,type FROM conferences WHERE status='running' ORDER BY id");
while($r=mysql_fetch_assoc($q)) {
$response[]=$r;
}
$ret['conferences']=$response;
Add conferences and dates api
2010-07-28 21:49:58 +00:00
}
break;
case "dates":
if($request[1]) {
$ret['status']="ok";
$ret['dates']=array();
$q=mysql_query("SELECT date,name,description FROM dates WHERE conferences_id='{$request[1]}' ORDER BY date");
$dates=array();
while($r=mysql_fetch_assoc($q)) {
$dates[]=$r;
}
$ret['dates']=$dates;
}
else {
$ret['status']="error";
$ret['error']="Conference ID is required";
}
break;
Add changes for API Authenication and force API to use SSL
2010-08-24 16:04:12 +00:00
case "auth":
if($request[1]=="login") {
$user = $_POST['username'];
$pass = $_POST['password'];
$accounts_id = try_login($user, $pass);
if($accounts_id == false) {
$ret['status']="error";
$ret['error']="Invalid Username/Password";
}
else {
$a = account_load($accounts_id);
$_SESSION['username']=$a['username'];
$_SESSION['email']=$a['email'];
$_SESSION['accounts_id']=$accounts_id;
$_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no';
$_SESSION['roles']=array();
$status=user_conference_load($accounts_id,$_SESSION['conferences_id']);
$ret['status']="ok";
$ret['account']=$a;
More user stuff to get things workinga gain Add a API module for science olympics
2010-08-31 20:12:41 +00:00
//$ret['user']=user_load($_SESSION['users_id']);
Add changes for API Authenication and force API to use SSL
2010-08-24 16:04:12 +00:00
$ret['roles']=$_SESSION['roles'];
}
}
if($request[1]=="logout") {
unset($_SESSION['username']);
unset($_SESSION['email']);
unset($_SESSION['accounts_id']);
unset($_SESSION['superuser']);
unset($_SESSION['roles']);
dd api for managing science olympics teams
2010-08-31 20:50:11 +00:00
unset($_SESSION['users_id']);
unset($_SESSION['name']);
Add changes for API Authenication and force API to use SSL
2010-08-24 16:04:12 +00:00
$ret['status']="ok";
}
break;
case "testauth":
if($request[1]) {
$ok=api_user_auth_required($request[1]);
}
else {
$ok=api_user_auth_required();
}
if($ok['status']=="ok") {
$ret['status']='ok';
}
else {
$ret['status']="error";
$ret['error']=$ok['error'];
}
break;
dd api for managing science olympics teams
2010-08-31 20:50:11 +00:00
case "scienceolympics":
$chk=api_user_auth_required('teacher');
if($chk['status']!="ok") {
$ret['status']="error";
$ret['error']=$chk['error'];
break;
}
$u=user_load($_SESSION['users_id']);
if(!$u['schools_id']) {
$ret['status']="error";
$ret['error']='Your teacher account is not attached to any school';
break;
}
$school_id=$u['schools_id'];
require_once("so_teams.inc.php");
More user stuff to get things workinga gain Add a API module for science olympics
2010-08-31 20:12:41 +00:00
switch($request[1]) {
case "teams":
switch($request[2]) {
case "list":
$q=mysql_query("SELECT id,name FROM so_teams WHERE schools_id='{$u['schools_id']}' AND conferences_id='{$conference['id']}'");
$ret['status']='ok';
$teams=array();
while($r=mysql_fetch_assoc($q)) {
$teams[]=$r;
}
$ret['teams']=$teams;
break;
case "add":
dd api for managing science olympics teams
2010-08-31 20:50:11 +00:00
if($_POST['teamname']) {
if(so_team_add($school_id,$conference['id'],$_POST['teamname'])) {
$ret['status']="ok";
}
else {
$ret['status']='error';
$ret['error']='could not add team';
}
} else {
$ret['status']='error';
$ret['error']='teamname (varchar 64) is required';
}
More user stuff to get things workinga gain Add a API module for science olympics
2010-08-31 20:12:41 +00:00
break;
case "edit":
dd api for managing science olympics teams
2010-08-31 20:50:11 +00:00
if($_POST['id'] && $_POST['teamname']) {
if(so_team_edit($school_id,$_POST['id'],$_POST['teamname'])) {
$ret['status']="ok";
}
else {
$ret['status']='error';
$ret['error']='could not edit team';
}
}
else {
$ret['status']='error';
$ret['error']='id (integer), teamname (varchar 64) are required';
}
More user stuff to get things workinga gain Add a API module for science olympics
2010-08-31 20:12:41 +00:00
break;
dd api for managing science olympics teams
2010-08-31 20:50:11 +00:00
case "delete";
if($_POST['id']) {
if(so_team_delete($school_id,$_POST['id'])) {
$ret['status']="ok";
}
else {
$ret['status']='error';
$ret['error']='could not delete team';
}
} else {
$ret['status']='error';
$ret['error']='id (integer) is required';
}
More user stuff to get things workinga gain Add a API module for science olympics
2010-08-31 20:12:41 +00:00
break;
default:
$ret['status']="error";
dd api for managing science olympics teams
2010-08-31 20:50:11 +00:00
$ret['error']="invalid scienceolympics/teams command ({$request[2]})";
More user stuff to get things workinga gain Add a API module for science olympics
2010-08-31 20:12:41 +00:00
break;
}
break;
default:
$ret['status']="error";
dd api for managing science olympics teams
2010-08-31 20:50:11 +00:00
$ret['error']="invalid scienceolympics command ({$request[1]})";
More user stuff to get things workinga gain Add a API module for science olympics
2010-08-31 20:12:41 +00:00
break;
}
Add changes for API Authenication and force API to use SSL
2010-08-24 16:04:12 +00:00
break;
More user stuff to get things workinga gain Add a API module for science olympics
2010-08-31 20:12:41 +00:00
Add conferences and dates api
2010-07-28 21:49:58 +00:00
default:
$ret['status']="error";
$ret['error']="Invalid API command ({$request[0]})";
}
echo json_encode($ret);
?>
Copy Permalink