2009-04-20 04:34:37 +00:00
|
|
|
<?
|
|
|
|
/*
|
|
|
|
This file is part of the 'Science Fair In A Box' project
|
|
|
|
SFIAB Website: http://www.sfiab.ca
|
|
|
|
|
|
|
|
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
|
|
|
|
Copyright (C) 2005 James Grant <james@lightbox.org>
|
|
|
|
Copyright (C) 2009 David Grant <dave@lightbox.org>
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
|
|
modify it under the terms of the GNU General Public
|
|
|
|
License as published by the Free Software Foundation, version 2.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; see the file COPYING. If not, write to
|
|
|
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
|
|
Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
?>
|
|
|
|
<?
|
|
|
|
require_once('common.inc.php');
|
|
|
|
require_once('user.inc.php');
|
|
|
|
|
2009-05-05 07:27:38 +00:00
|
|
|
/* magic quotes DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, on by default *
|
|
|
|
* for any PHP < 5.3.0. Pain in the ASS. php is running the urldecode for us,
|
|
|
|
* seeing that the string has quotes, then adding quotes before we can
|
|
|
|
* json_decode()
|
|
|
|
* It only does this in POST and GET */
|
|
|
|
if(get_magic_quotes_gpc())
|
|
|
|
$data = json_decode(stripslashes($_POST['json']), true);
|
|
|
|
else
|
|
|
|
$data = json_decode($_POST['json'], true);
|
|
|
|
|
|
|
|
// echo "post:";print_r($_POST);
|
|
|
|
// echo "json post: ".htmlspecialchars($_POST['json'])."<br>";
|
|
|
|
// echo "stripslashes(json post): ".stripslashes($_POST['json'])."<br>";
|
|
|
|
// echo "data:";print_r($data);
|
|
|
|
// echo "<br />";
|
|
|
|
// exit;
|
|
|
|
|
|
|
|
$username = $data['auth']['username'];
|
|
|
|
$password = $data['auth']['password'];
|
|
|
|
|
|
|
|
$response['query'] = $data;
|
2009-04-20 04:34:37 +00:00
|
|
|
|
|
|
|
// echo "Authenticating... ";
|
|
|
|
$username = mysql_escape_string($username);
|
|
|
|
$q=mysql_query("SELECT uid FROM users WHERE username='$username'");
|
|
|
|
if(mysql_num_rows($q) != 1) {
|
2009-05-05 07:27:38 +00:00
|
|
|
$response['error'] = 1;
|
|
|
|
$response['message'] = "Authentication Failed";
|
|
|
|
echo json_encode($response);
|
|
|
|
exit;
|
2009-04-20 04:34:37 +00:00
|
|
|
}
|
|
|
|
$i = mysql_fetch_assoc($q);
|
|
|
|
$u = user_load_by_uid($i['uid']);
|
2009-05-05 07:27:38 +00:00
|
|
|
$response['i'] = $i;
|
2009-04-20 05:02:23 +00:00
|
|
|
if(!is_array($u) || $u['password'] == '') {
|
2009-05-05 07:27:38 +00:00
|
|
|
$response['error'] = 1;
|
|
|
|
$response['message'] = "Authentication Failed2";
|
|
|
|
echo json_encode($response);
|
|
|
|
exit;
|
2009-04-20 05:02:23 +00:00
|
|
|
}
|
|
|
|
|
2009-04-20 04:34:37 +00:00
|
|
|
if($u['password'] != $password) {
|
2009-05-05 07:27:38 +00:00
|
|
|
$response['error'] = 1;
|
|
|
|
$response['message'] = "Authentication Failed3";
|
|
|
|
echo json_encode($response);
|
|
|
|
exit;
|
2009-04-20 04:34:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
$response = array();
|
|
|
|
if(array_key_exists('getstats', $data)) {
|
2009-05-05 07:27:38 +00:00
|
|
|
$year = $data['getstats']['year'];
|
2009-04-20 04:34:37 +00:00
|
|
|
$vars = array('fair_stats_participation', 'fair_stats_schools_ext',
|
2009-04-20 05:27:06 +00:00
|
|
|
'fair_stats_minorities', 'fair_stats_guests',
|
2009-05-04 06:13:44 +00:00
|
|
|
'fair_stats_sffbc_misc', 'fair_stats_info',
|
|
|
|
'fair_stats_next_chair', 'fair_stats_scholarships',
|
|
|
|
'fair_stats_delegates',
|
|
|
|
);
|
2009-04-20 04:34:37 +00:00
|
|
|
foreach($vars as $v) {
|
|
|
|
$response['statconfig'][$v] = $config[$v];
|
|
|
|
}
|
|
|
|
$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
|
|
|
|
AND year='$year'");
|
|
|
|
$response['stats'] = mysql_fetch_assoc($q);
|
|
|
|
unset($response['stats']['id']);
|
2009-05-05 07:27:38 +00:00
|
|
|
$response['error'] = 0;
|
2009-04-20 04:34:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if(array_key_exists('stats', $data)) {
|
2009-05-05 07:27:38 +00:00
|
|
|
$stats = $data['stats'];
|
|
|
|
foreach($stats as $k=>$v) {
|
|
|
|
$stats[$k] = mysql_escape_string($stats[$k]);
|
2009-04-20 04:34:37 +00:00
|
|
|
}
|
2009-05-05 07:27:38 +00:00
|
|
|
|
|
|
|
// $str = join(',',$stats);
|
2009-04-20 04:34:37 +00:00
|
|
|
$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
|
|
|
|
$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
|
|
|
|
mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
|
|
|
|
AND year='{$stats['year']}'");
|
|
|
|
echo mysql_error();
|
|
|
|
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
|
|
|
|
echo mysql_error();
|
|
|
|
|
|
|
|
$response['error'] = 0;
|
|
|
|
$response['message'] = 'Stats saved';
|
|
|
|
}
|
|
|
|
|
2009-05-05 07:27:38 +00:00
|
|
|
echo urlencode(json_encode($response));
|
2009-04-20 04:34:37 +00:00
|
|
|
// echo "Success!<br />";
|
|
|
|
|
|
|
|
|
|
|
|
?>
|