2010-07-28 21:49:58 +00:00
|
|
|
<?
|
|
|
|
/*
|
|
|
|
This file is part of the 'Science Fair In A Box' project
|
|
|
|
SFIAB Website: http://www.sfiab.ca
|
|
|
|
|
|
|
|
Copyright (C) 2010 Youth Science Ontario <info@youthscienceontario.ca>
|
|
|
|
Copyright (C) 2010 James Grant <james@lightbox.org>
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
|
|
modify it under the terms of the GNU General Public
|
|
|
|
License as published by the Free Software Foundation, version 2.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; see the file COPYING. If not, write to
|
|
|
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
|
|
Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
?>
|
|
|
|
<?
|
|
|
|
include "common.inc.php";
|
2010-08-24 16:04:12 +00:00
|
|
|
require_once("account.inc.php");
|
|
|
|
require_once("user.inc.php");
|
|
|
|
|
|
|
|
if($_SERVER['HTTPS']!="on") {
|
|
|
|
$ret['status']="error";
|
|
|
|
$ret['error']="SSL is required for API access, please access the API over https";
|
|
|
|
echo json_encode($ret);
|
|
|
|
exit;
|
|
|
|
}
|
2010-07-28 21:49:58 +00:00
|
|
|
|
|
|
|
$request=explode("/",$_GET['request']);
|
2010-08-24 16:04:12 +00:00
|
|
|
$ret=array();
|
2010-07-28 21:49:58 +00:00
|
|
|
|
|
|
|
switch($request[0]) {
|
|
|
|
case "conferences":
|
2010-09-02 17:38:13 +00:00
|
|
|
if($request[1]=="switch") {
|
|
|
|
if($_POST['conferences_id']) {
|
|
|
|
//this makes sure its valid and sets teh session
|
|
|
|
switchConference($_POST['conferences_id']);
|
2010-07-28 21:49:58 +00:00
|
|
|
|
2010-09-02 17:38:13 +00:00
|
|
|
//get rid of their current roles, and load their record for the new conference
|
|
|
|
if(is_array($_SESSION['roles'])) {
|
|
|
|
$_SESSION['roles']=array();
|
|
|
|
user_conference_load($_SESSION['accounts_id'],$_SESSION['conferences_id']);
|
|
|
|
}
|
|
|
|
$ret['status']="ok";
|
2010-09-07 19:59:37 +00:00
|
|
|
$ret['conferences_id']=$_SESSION['conferences_id'];
|
2010-09-02 17:38:13 +00:00
|
|
|
} else {
|
|
|
|
$ret['status']="error";
|
|
|
|
$ret['error']='conferences_id (integer) is required';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$ret['status']="ok";
|
|
|
|
$ret['conferences']=array();
|
|
|
|
|
|
|
|
$response=array();
|
2010-09-07 19:59:37 +00:00
|
|
|
$q=mysql_query("SELECT id,name,type,status FROM conferences ORDER BY id");
|
2010-09-02 17:38:13 +00:00
|
|
|
while($r=mysql_fetch_assoc($q)) {
|
|
|
|
$response[]=$r;
|
|
|
|
}
|
|
|
|
$ret['conferences']=$response;
|
2010-07-28 21:49:58 +00:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case "dates":
|
|
|
|
if($request[1]) {
|
2010-09-02 18:53:48 +00:00
|
|
|
$cid=intval($request[1]);
|
2010-07-28 21:49:58 +00:00
|
|
|
}
|
2010-09-02 18:53:48 +00:00
|
|
|
else
|
|
|
|
$cid=$_SESSION['conferences_id'];
|
|
|
|
|
|
|
|
$ret['status']="ok";
|
|
|
|
$ret['dates']=array();
|
|
|
|
$q=mysql_query("SELECT date,name,description FROM dates WHERE conferences_id='$cid' ORDER BY date");
|
|
|
|
$dates=array();
|
|
|
|
while($r=mysql_fetch_assoc($q)) {
|
|
|
|
$dates[]=$r;
|
2010-07-28 21:49:58 +00:00
|
|
|
}
|
2010-09-02 18:53:48 +00:00
|
|
|
$ret['conferences_id']=$cid;
|
|
|
|
$ret['dates']=$dates;
|
2010-07-28 21:49:58 +00:00
|
|
|
break;
|
|
|
|
|
2010-08-24 16:04:12 +00:00
|
|
|
case "auth":
|
|
|
|
if($request[1]=="login") {
|
|
|
|
$user = $_POST['username'];
|
|
|
|
$pass = $_POST['password'];
|
|
|
|
|
|
|
|
$accounts_id = try_login($user, $pass);
|
|
|
|
if($accounts_id == false) {
|
|
|
|
$ret['status']="error";
|
|
|
|
$ret['error']="Invalid Username/Password";
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$a = account_load($accounts_id);
|
|
|
|
$_SESSION['username']=$a['username'];
|
|
|
|
$_SESSION['email']=$a['email'];
|
|
|
|
$_SESSION['accounts_id']=$accounts_id;
|
|
|
|
$_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no';
|
|
|
|
$_SESSION['roles']=array();
|
|
|
|
|
|
|
|
$status=user_conference_load($accounts_id,$_SESSION['conferences_id']);
|
|
|
|
|
2010-09-02 19:01:49 +00:00
|
|
|
$ret['conferences_id']=$_SESSION['conferences_id'];
|
2010-08-24 16:04:12 +00:00
|
|
|
$ret['status']="ok";
|
|
|
|
$ret['account']=$a;
|
2010-08-31 20:12:41 +00:00
|
|
|
//$ret['user']=user_load($_SESSION['users_id']);
|
2010-08-24 16:04:12 +00:00
|
|
|
$ret['roles']=$_SESSION['roles'];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if($request[1]=="logout") {
|
|
|
|
unset($_SESSION['username']);
|
|
|
|
unset($_SESSION['email']);
|
|
|
|
unset($_SESSION['accounts_id']);
|
|
|
|
unset($_SESSION['superuser']);
|
|
|
|
unset($_SESSION['roles']);
|
2010-08-31 20:50:11 +00:00
|
|
|
unset($_SESSION['users_id']);
|
|
|
|
unset($_SESSION['name']);
|
2010-08-24 16:04:12 +00:00
|
|
|
$ret['status']="ok";
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case "testauth":
|
|
|
|
if($request[1]) {
|
|
|
|
$ok=api_user_auth_required($request[1]);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$ok=api_user_auth_required();
|
|
|
|
}
|
|
|
|
|
|
|
|
if($ok['status']=="ok") {
|
|
|
|
$ret['status']='ok';
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$ret['status']="error";
|
|
|
|
$ret['error']=$ok['error'];
|
|
|
|
}
|
|
|
|
|
|
|
|
break;
|
2010-08-31 20:50:11 +00:00
|
|
|
case "scienceolympics":
|
|
|
|
$chk=api_user_auth_required('teacher');
|
|
|
|
if($chk['status']!="ok") {
|
|
|
|
$ret['status']="error";
|
|
|
|
$ret['error']=$chk['error'];
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
$u=user_load($_SESSION['users_id']);
|
|
|
|
if(!$u['schools_id']) {
|
|
|
|
$ret['status']="error";
|
|
|
|
$ret['error']='Your teacher account is not attached to any school';
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
$school_id=$u['schools_id'];
|
|
|
|
|
|
|
|
require_once("so_teams.inc.php");
|
2010-08-31 20:12:41 +00:00
|
|
|
switch($request[1]) {
|
|
|
|
case "teams":
|
|
|
|
switch($request[2]) {
|
|
|
|
case "list":
|
|
|
|
$q=mysql_query("SELECT id,name FROM so_teams WHERE schools_id='{$u['schools_id']}' AND conferences_id='{$conference['id']}'");
|
|
|
|
$ret['status']='ok';
|
|
|
|
$teams=array();
|
|
|
|
while($r=mysql_fetch_assoc($q)) {
|
|
|
|
$teams[]=$r;
|
|
|
|
}
|
|
|
|
$ret['teams']=$teams;
|
|
|
|
break;
|
|
|
|
case "add":
|
2010-08-31 20:50:11 +00:00
|
|
|
if($_POST['teamname']) {
|
|
|
|
if(so_team_add($school_id,$conference['id'],$_POST['teamname'])) {
|
|
|
|
$ret['status']="ok";
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$ret['status']='error';
|
|
|
|
$ret['error']='could not add team';
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$ret['status']='error';
|
|
|
|
$ret['error']='teamname (varchar 64) is required';
|
|
|
|
}
|
2010-08-31 20:12:41 +00:00
|
|
|
break;
|
|
|
|
case "edit":
|
2010-08-31 20:50:11 +00:00
|
|
|
if($_POST['id'] && $_POST['teamname']) {
|
|
|
|
if(so_team_edit($school_id,$_POST['id'],$_POST['teamname'])) {
|
|
|
|
$ret['status']="ok";
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$ret['status']='error';
|
|
|
|
$ret['error']='could not edit team';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$ret['status']='error';
|
|
|
|
$ret['error']='id (integer), teamname (varchar 64) are required';
|
|
|
|
}
|
2010-08-31 20:12:41 +00:00
|
|
|
break;
|
2010-08-31 20:50:11 +00:00
|
|
|
case "delete";
|
|
|
|
if($_POST['id']) {
|
|
|
|
if(so_team_delete($school_id,$_POST['id'])) {
|
|
|
|
$ret['status']="ok";
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$ret['status']='error';
|
|
|
|
$ret['error']='could not delete team';
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
$ret['status']='error';
|
|
|
|
$ret['error']='id (integer) is required';
|
|
|
|
}
|
|
|
|
|
2010-08-31 20:12:41 +00:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
$ret['status']="error";
|
2010-08-31 20:50:11 +00:00
|
|
|
$ret['error']="invalid scienceolympics/teams command ({$request[2]})";
|
2010-08-31 20:12:41 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
$ret['status']="error";
|
2010-08-31 20:50:11 +00:00
|
|
|
$ret['error']="invalid scienceolympics command ({$request[1]})";
|
2010-08-31 20:12:41 +00:00
|
|
|
break;
|
|
|
|
}
|
2010-08-24 16:04:12 +00:00
|
|
|
break;
|
2010-08-31 20:12:41 +00:00
|
|
|
|
2010-07-28 21:49:58 +00:00
|
|
|
default:
|
|
|
|
$ret['status']="error";
|
|
|
|
$ret['error']="Invalid API command ({$request[0]})";
|
|
|
|
|
|
|
|
}
|
|
|
|
echo json_encode($ret);
|
|
|
|
|
|
|
|
?>
|