science-ation/xmltransport.php

183 lines
5.7 KiB
PHP
Raw Normal View History

<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2009 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once('common.inc.php');
require_once('user.inc.php');
function handle_getstats(&$u, $fair,&$data, &$response)
{
$year = $data['getstats']['year'];
$vars = array('fair_stats_participation', 'fair_stats_schools_ext',
'fair_stats_minorities', 'fair_stats_guests',
'fair_stats_sffbc_misc', 'fair_stats_info',
'fair_stats_next_chair', 'fair_stats_scholarships',
'fair_stats_delegates',
);
foreach($vars as $v) {
$response['statconfig'][$v] = $config[$v];
}
$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
AND year='$year'");
$response['stats'] = mysql_fetch_assoc($q);
unset($response['stats']['id']);
$response['error'] = 0;
}
function handle_stats(&$u,$fair, &$data, &$response)
{
$stats = $data['stats'];
foreach($stats as $k=>$v) {
$stats[$k] = mysql_escape_string($stats[$k]);
}
// $str = join(',',$stats);
$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
AND year='{$stats['year']}'");
echo mysql_error();
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
echo mysql_error();
$response['message'] = 'Stats saved';
$response['error'] = 0;
}
function handle_getawards(&$u, $fair, &$data, &$response)
{
$awards = array();
$year = $data['getawards']['year'];
$ids = array();
/* Load a list of awards linked to the fair id */
$q = mysql_query("SELECT * FROM fairs_awards_link WHERE fairs_id='{$fair['id']'");
while($r = mysql_fetch_assoc($q)) {
$aaid = $r['award_awards_id'];
if($r['download_award'] == 'yes') $ids[] = $aaid;
$ul[$aaid] = $r['upload_winners'];
}
/* Load the awards this fair is allowed to download */
$where = "id='".join("' OR id='", $ids)."'";
$q = mysql_query("SELECT * FROM award_awards WHERE $where");
while($a = mysql_fetch_assoc($q)) {
$award = array();
$award['identifier'] = $a['identifier'];
$award['year'] = $a['year'];
$award['name_en'] = $a['name'];
$award['criteria_en'] = $a['criteria'];
$award['upload_winners'] = $ul[$a['id']];
if($a['sponsors_id']) {
$sq = mysql_query("SELECT * FROM sponsors WHERE id='{$a['sponsors_id']}'");
if(mysql_num_rows($sq)) {
$s = mysql_fetch_assoc($sq);
$award['sponsor'] = $s['organization'];
}
}
$award['prizes'] = array();
$pq = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='{$a['id']}'");
while($p = mysql_fetch_assoc($pq)) {
$prize = array();
$prize['identifier'] = "";
$prize['cash'] = $p['cash'];;
$prize['scholarship'] = $p['scholarship'];
$prize['value'] = $p['value'];
$prize['prize_en'] = $p['prize'];
$prize['number'] = $p['number'];
$prize['ord'] = $p['order'];
$award['prizes'][] = $prize;
}
$awards[] = $award;
}
$response['awards'] = $awards;
$response['postback'] = 'http://localhost';
}
/* magic quotes DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, on by default *
* for any PHP < 5.3.0. Pain in the ASS. php is running the urldecode for us,
* seeing that the string has quotes, then adding quotes before we can
* json_decode()
* It only does this in POST and GET */
if(get_magic_quotes_gpc())
$data = json_decode(stripslashes($_POST['json']), true);
else
$data = json_decode($_POST['json'], true);
// echo "post:";print_r($_POST);
// echo "json post: ".htmlspecialchars($_POST['json'])."<br>";
// echo "stripslashes(json post): ".stripslashes($_POST['json'])."<br>";
// echo "data:";print_r($data);
// echo "<br />";
// exit;
$username = $data['auth']['username'];
$password = $data['auth']['password'];
$response['query'] = $data;
// echo "Authenticating... ";
$username = mysql_escape_string($username);
$q=mysql_query("SELECT uid FROM users WHERE username='$username'");
if(mysql_num_rows($q) != 1) {
$response['error'] = 1;
$response['message'] = "Authentication Failed";
echo json_encode($response);
exit;
}
$i = mysql_fetch_assoc($q);
$u = user_load_by_uid($i['uid']);
$response['i'] = $i;
if(!is_array($u) || $u['password'] == '') {
$response['error'] = 1;
$response['message'] = "Authentication Failed2";
echo json_encode($response);
exit;
}
if($u['password'] != $password) {
$response['error'] = 1;
$response['message'] = "Authentication Failed3";
echo json_encode($response);
exit;
}
$q = mysql_query("SELECT * FROM fairs WHERE id='{$u['fairs_id']}'");
$fair = mysql_fetch_assoc($q);
$response = array();
if(array_key_exists('getstats', $data)) handle_getstats($u,$fair, $data, $response);
if(array_key_exists('stats', $data)) handle_stats($u,$fair, $data, $response);
if(array_key_exists('getawards', $data)) handle_getawards($u,$fair,$data, $response);
echo urlencode(json_encode($response));
// echo "Success!<br />";
?>