science-ation/api.php

<?
/* 
   This file is part of the 'Science Fair In A Box' project
   SFIAB Website: http://www.sfiab.ca

   Copyright (C) 2010 Youth Science Ontario <info@youthscienceontario.ca>
   Copyright (C) 2010 James Grant <james@lightbox.org>

   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public
   License as published by the Free Software Foundation, version 2.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; see the file COPYING.  If not, write to
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
*/
?>
<?
include "common.inc.php";
require_once("account.inc.php");
require_once("user.inc.php");

if($_SERVER['HTTPS']!="on") {
	$ret['status']="error";
	$ret['error']="SSL is required for API access, please access the API over https";
	echo json_encode($ret);
	exit;
}

$request=explode("/",$_GET['request']);
$ret=array();

switch($request[0]) {
	case "conferences":
		$ret['status']="ok";
		$ret['conferences']=array();

		$response=array();
		$q=mysql_query("SELECT id,name,type FROM conferences WHERE status='running' ORDER BY id");
		while($r=mysql_fetch_assoc($q)) {
			$response[]=$r;
		}
		$ret['conferences']=$response;
		break;

	case "dates":
		if($request[1]) {
			$ret['status']="ok";
			$ret['dates']=array();
			$q=mysql_query("SELECT date,name,description FROM dates WHERE conferences_id='{$request[1]}' ORDER BY date");
			$dates=array();
			while($r=mysql_fetch_assoc($q)) {
				$dates[]=$r;
			}
			$ret['dates']=$dates;
		}
		else {
			$ret['status']="error";
			$ret['error']="Conference ID is required";
		}
	break;

	case "auth":
		if($request[1]=="login") {
			$user = $_POST['username'];
			$pass = $_POST['password'];

			$accounts_id = try_login($user, $pass);
			if($accounts_id == false) {
				$ret['status']="error";
				$ret['error']="Invalid Username/Password";
			} 
			else {
				$a = account_load($accounts_id);
				$_SESSION['username']=$a['username'];
				$_SESSION['email']=$a['email'];
				$_SESSION['accounts_id']=$accounts_id;
				$_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no';
				$_SESSION['roles']=array();

				$status=user_conference_load($accounts_id,$_SESSION['conferences_id']);

				$ret['status']="ok";
				$ret['account']=$a;
				//$ret['user']=user_load($_SESSION['users_id']);
				$ret['roles']=$_SESSION['roles'];
			}
		}
		if($request[1]=="logout") {
			unset($_SESSION['username']);
			unset($_SESSION['email']);
			unset($_SESSION['accounts_id']);
			unset($_SESSION['superuser']);
			unset($_SESSION['roles']);
			$ret['status']="ok";
		}
	break;

	case "testauth":
		if($request[1]) {
			$ok=api_user_auth_required($request[1]);
		}
		else {
			$ok=api_user_auth_required();
		}

		if($ok['status']=="ok") {
			$ret['status']='ok';
		}
		else {
			$ret['status']="error";
			$ret['error']=$ok['error'];
		}

	break;
	case "so":
		api_user_auth_required('teacher');
		switch($request[1]) {
			case "teams":
				switch($request[2]) {
					case "list":
						$u=user_load($_SESSION['users_id']);
						$q=mysql_query("SELECT id,name FROM so_teams WHERE schools_id='{$u['schools_id']}' AND conferences_id='{$conference['id']}'");
						$ret['status']='ok';
						$teams=array();
						while($r=mysql_fetch_assoc($q)) {
							$teams[]=$r;
						}
						$ret['teams']=$teams;
					break;
					case "add":
						$ret['status']='error';
						$ret['error']='not implemented yet';
					break;
					case "edit":
						$ret['status']='error';
						$ret['error']='not implemented yet';
					break;
					case "remove";
						$ret['status']='error';
						$ret['error']='not implemented yet';
					break;
					default:
						$ret['status']="error";
						$ret['error']="invalid so/teams command ({$request[2]})";
					break;

				}
			break;
			default:
				$ret['status']="error";
				$ret['error']="invalid so command ({$request[1]})";
			break;
		}
	break;

	default:
		$ret['status']="error";
		$ret['error']="Invalid API command ({$request[0]})";

}
echo json_encode($ret);

?>
Add conferences and dates api 2010-07-28 21:49:58 +00:00			`<?`
			`/*`
			`This file is part of the 'Science Fair In A Box' project`
			`SFIAB Website: http://www.sfiab.ca`

			`Copyright (C) 2010 Youth Science Ontario <info@youthscienceontario.ca>`
			`Copyright (C) 2010 James Grant <james@lightbox.org>`

			`This program is free software; you can redistribute it and/or`
			`modify it under the terms of the GNU General Public`
			`License as published by the Free Software Foundation, version 2.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; see the file COPYING. If not, write to`
			`the Free Software Foundation, Inc., 59 Temple Place - Suite 330,`
			`Boston, MA 02111-1307, USA.`
			`*/`
			`?>`
			`<?`
			`include "common.inc.php";`
Add changes for API Authenication and force API to use SSL 2010-08-24 16:04:12 +00:00			`require_once("account.inc.php");`
			`require_once("user.inc.php");`

			`if($_SERVER['HTTPS']!="on") {`
			`$ret['status']="error";`
			`$ret['error']="SSL is required for API access, please access the API over https";`
			`echo json_encode($ret);`
			`exit;`
			`}`
Add conferences and dates api 2010-07-28 21:49:58 +00:00
			`$request=explode("/",$_GET['request']);`
Add changes for API Authenication and force API to use SSL 2010-08-24 16:04:12 +00:00			`$ret=array();`
Add conferences and dates api 2010-07-28 21:49:58 +00:00
			`switch($request[0]) {`
			`case "conferences":`
			`$ret['status']="ok";`
			`$ret['conferences']=array();`

			`$response=array();`
			`$q=mysql_query("SELECT id,name,type FROM conferences WHERE status='running' ORDER BY id");`
			`while($r=mysql_fetch_assoc($q)) {`
			`$response[]=$r;`
			`}`
			`$ret['conferences']=$response;`
			`break;`

			`case "dates":`
			`if($request[1]) {`
			`$ret['status']="ok";`
			`$ret['dates']=array();`
			`$q=mysql_query("SELECT date,name,description FROM dates WHERE conferences_id='{$request[1]}' ORDER BY date");`
			`$dates=array();`
			`while($r=mysql_fetch_assoc($q)) {`
			`$dates[]=$r;`
			`}`
			`$ret['dates']=$dates;`
			`}`
			`else {`
			`$ret['status']="error";`
			`$ret['error']="Conference ID is required";`
			`}`
			`break;`

Add changes for API Authenication and force API to use SSL 2010-08-24 16:04:12 +00:00			`case "auth":`
			`if($request[1]=="login") {`
			`$user = $_POST['username'];`
			`$pass = $_POST['password'];`

			`$accounts_id = try_login($user, $pass);`
			`if($accounts_id == false) {`
			`$ret['status']="error";`
			`$ret['error']="Invalid Username/Password";`
			`}`
			`else {`
			`$a = account_load($accounts_id);`
			`$_SESSION['username']=$a['username'];`
			`$_SESSION['email']=$a['email'];`
			`$_SESSION['accounts_id']=$accounts_id;`
			`$_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no';`
			`$_SESSION['roles']=array();`

			`$status=user_conference_load($accounts_id,$_SESSION['conferences_id']);`

			`$ret['status']="ok";`
			`$ret['account']=$a;`
More user stuff to get things workinga gain Add a API module for science olympics 2010-08-31 20:12:41 +00:00			`//$ret['user']=user_load($_SESSION['users_id']);`
Add changes for API Authenication and force API to use SSL 2010-08-24 16:04:12 +00:00			`$ret['roles']=$_SESSION['roles'];`
			`}`
			`}`
			`if($request[1]=="logout") {`
			`unset($_SESSION['username']);`
			`unset($_SESSION['email']);`
			`unset($_SESSION['accounts_id']);`
			`unset($_SESSION['superuser']);`
			`unset($_SESSION['roles']);`
			`$ret['status']="ok";`
			`}`
			`break;`

			`case "testauth":`
			`if($request[1]) {`
			`$ok=api_user_auth_required($request[1]);`
			`}`
			`else {`
			`$ok=api_user_auth_required();`
			`}`

			`if($ok['status']=="ok") {`
			`$ret['status']='ok';`
			`}`
			`else {`
			`$ret['status']="error";`
			`$ret['error']=$ok['error'];`
			`}`

			`break;`
More user stuff to get things workinga gain Add a API module for science olympics 2010-08-31 20:12:41 +00:00			`case "so":`
			`api_user_auth_required('teacher');`
			`switch($request[1]) {`
			`case "teams":`
			`switch($request[2]) {`
			`case "list":`
			`$u=user_load($_SESSION['users_id']);`
			`$q=mysql_query("SELECT id,name FROM so_teams WHERE schools_id='{$u['schools_id']}' AND conferences_id='{$conference['id']}'");`
			`$ret['status']='ok';`
			`$teams=array();`
			`while($r=mysql_fetch_assoc($q)) {`
			`$teams[]=$r;`
			`}`
			`$ret['teams']=$teams;`
			`break;`
			`case "add":`
			`$ret['status']='error';`
			`$ret['error']='not implemented yet';`
			`break;`
			`case "edit":`
			`$ret['status']='error';`
			`$ret['error']='not implemented yet';`
			`break;`
			`case "remove";`
			`$ret['status']='error';`
			`$ret['error']='not implemented yet';`
			`break;`
			`default:`
			`$ret['status']="error";`
			`$ret['error']="invalid so/teams command ({$request[2]})";`
			`break;`

			`}`
			`break;`
			`default:`
			`$ret['status']="error";`
			`$ret['error']="invalid so command ({$request[1]})";`
			`break;`
			`}`
Add changes for API Authenication and force API to use SSL 2010-08-24 16:04:12 +00:00			`break;`
More user stuff to get things workinga gain Add a API module for science olympics 2010-08-31 20:12:41 +00:00
Add conferences and dates api 2010-07-28 21:49:58 +00:00			`default:`
			`$ret['status']="error";`
			`$ret['error']="Invalid API command ({$request[0]})";`

			`}`
			`echo json_encode($ret);`

			`?>`