forked from science-ation/science-ation
89 lines
2.8 KiB
PHP
89 lines
2.8 KiB
PHP
|
<?
|
||
|
/*
|
||
|
This file is part of the 'Science Fair In A Box' project
|
||
|
SFIAB Website: http://www.sfiab.ca
|
||
|
|
||
|
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
|
||
|
Copyright (C) 2005 James Grant <james@lightbox.org>
|
||
|
Copyright (C) 2009 David Grant <dave@lightbox.org>
|
||
|
|
||
|
This program is free software; you can redistribute it and/or
|
||
|
modify it under the terms of the GNU General Public
|
||
|
License as published by the Free Software Foundation, version 2.
|
||
|
|
||
|
This program is distributed in the hope that it will be useful,
|
||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||
|
General Public License for more details.
|
||
|
|
||
|
You should have received a copy of the GNU General Public License
|
||
|
along with this program; see the file COPYING. If not, write to
|
||
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
||
|
Boston, MA 02111-1307, USA.
|
||
|
*/
|
||
|
?>
|
||
|
<?
|
||
|
require_once('common.inc.php');
|
||
|
require_once('user.inc.php');
|
||
|
require_once('admin/xml.inc.php');
|
||
|
|
||
|
$d=xml_parsexml($_POST['xml']);
|
||
|
$data = $d['sfiab'][0];
|
||
|
|
||
|
$username = $data['username'][0];
|
||
|
$password = $data['password'][0];
|
||
|
|
||
|
// echo "Authenticating... ";
|
||
|
$username = mysql_escape_string($username);
|
||
|
$q=mysql_query("SELECT uid FROM users WHERE username='$username'");
|
||
|
if(mysql_num_rows($q) != 1) {
|
||
|
echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
|
||
|
exit;
|
||
|
}
|
||
|
$i = mysql_fetch_assoc($q);
|
||
|
$u = user_load_by_uid($i['uid']);
|
||
|
if($u['password'] != $password) {
|
||
|
echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
|
||
|
exit;
|
||
|
}
|
||
|
|
||
|
$response = array();
|
||
|
if(array_key_exists('getstats', $data)) {
|
||
|
$year = $data['getstats'][0]['year'][0];
|
||
|
$vars = array('fair_stats_participation', 'fair_stats_schools_ext',
|
||
|
'fair_stats_minorities', 'fair_stats_guests');
|
||
|
foreach($vars as $v) {
|
||
|
$response['statconfig'][$v] = $config[$v];
|
||
|
}
|
||
|
$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
|
||
|
AND year='$year'");
|
||
|
$response['stats'] = mysql_fetch_assoc($q);
|
||
|
unset($response['stats']['id']);
|
||
|
}
|
||
|
|
||
|
if(array_key_exists('stats', $data)) {
|
||
|
$stats = array();
|
||
|
foreach($data['stats'][0] as $k=>$v) {
|
||
|
$stats[$k] = $v[0];
|
||
|
}
|
||
|
$str = join(',',$stats);
|
||
|
$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
|
||
|
$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
|
||
|
mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
|
||
|
AND year='{$stats['year']}'");
|
||
|
echo mysql_error();
|
||
|
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
|
||
|
echo mysql_error();
|
||
|
|
||
|
$response['error'] = 0;
|
||
|
$response['message'] = 'Stats saved';
|
||
|
}
|
||
|
|
||
|
$output="";
|
||
|
xmlCreateRecurse(array('sfiab'=>$response));
|
||
|
echo urlencode($output);
|
||
|
// echo "Success!<br />";
|
||
|
|
||
|
|
||
|
?>
|