science-ation/api.php

<?
/* 
   This file is part of the 'Science Fair In A Box' project
   SFIAB Website: http://www.sfiab.ca

   Copyright (C) 2010 Youth Science Ontario <info@youthscienceontario.ca>
   Copyright (C) 2010 James Grant <james@lightbox.org>

   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public
   License as published by the Free Software Foundation, version 2.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; see the file COPYING.  If not, write to
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
*/
?>
<?
include "common.inc.php";
require_once("account.inc.php");
require_once("user.inc.php");

if($_SERVER['HTTPS']!="on") {
	$ret['status']="error";
	$ret['error']="SSL is required for API access, please access the API over https";
	echo json_encode($ret);
	exit;
}

$request=explode("/",$_GET['request']);
$ret=array();

switch($request[0]) {
	case "conferences":
		/*	APIDOC: conferences/switch
			description(switches the active conference)
			post(conferences_id integer)
			return(conferences_id integer)
		*/
		if($request[1]=="switch") {
			if($_POST['conferences_id']) {
				//this makes sure its valid and sets teh session
				switchConference($_POST['conferences_id']);

				//get rid of their current roles, and load their record for the new conference
				if(is_array($_SESSION['roles'])) {
					$_SESSION['roles']=array();
					user_conference_load($_SESSION['accounts_id'],$_SESSION['conferences_id']);
				}
				$ret['status']="ok";
				$ret['conferences_id']=$_SESSION['conferences_id'];
			} else {
				$ret['status']="error";
				$ret['error']='conferences_id (integer) is required';
			}
		}
		/*	APIDOC: conferences
			description(lists all conferences)
			return(conferences array)
		*/
		else {
			$ret['status']="ok";
			$ret['conferences']=array();

			$response=array();
			$q=mysql_query("SELECT id,name,type,status FROM conferences ORDER BY id");
			while($r=mysql_fetch_assoc($q)) {
				$response[]=$r;
			}
			$ret['conferences']=$response;
		}
		break;

	case "dates":
		/*	APIDOC: dates
			description(list dates for active conference)
			return(dates array)
		*/
		/*	APIDOC: dates/<conferences_id integer>
			description(list dates for specified conference)
			return(dates array)
		*/
		if($request[1]) {
			$cid=intval($request[1]);
		}
		else 
			$cid=$_SESSION['conferences_id'];

		$ret['status']="ok";
		$ret['dates']=array();
		$q=mysql_query("SELECT date,name,description FROM dates WHERE conferences_id='$cid' ORDER BY date");
		$dates=array();
		while($r=mysql_fetch_assoc($q)) {
			$dates[]=$r;
		}
		$ret['conferences_id']=$cid;
		$ret['dates']=$dates;
	break;

	case "account":
		/*	APIDOC: account/create
			description(creates an account)
			post(username varchar(64), password varchar(64), email varchar(64) optional)
			return(account array)
		*/
		if($request[1]=="create") {
			$user = trim($_POST['username']);
			$pass = trim($_POST['password']);
			$email = trim($_POST['email']);
			if($user && $pass) {
				$a=account_create($user,$pass);
				if(is_array($a)) {
					if($email)
						account_set_email($a['id'],$email);
					$account=account_load($a['id']);
					$ret['status']="ok";
					$ret['account']=$account;
				}
				else {
					$ret['status']="error";
					switch($a) {
						case -1: $ret['error']="invalid username"; break;
						case -2: $ret['error']="username already exists"; break;
						case -3: $ret['error']="invalid password"; break;
						default: $ret['error']="unknown account creation error"; break;
					}
				}
			} else {
				$ret['status']="error";
				$ret['error']="username (varchar 64) and password (varchar 64) are required ";
			}
		}
		else {
			$ret['status']="error";
			$ret['error']="invalid account command";
		}
	break;

	case "auth":
		/*	APIDOC: auth/login
			description(login to an account)
			post(username varchar(64), password varchar(64))
			return(account array, roles array, conferences_id integer)
		*/
		if($request[1]=="login") {
			$user = $_POST['username'];
			$pass = $_POST['password'];

			$accounts_id = try_login($user, $pass);
			if($accounts_id == false) {
				$ret['status']="error";
				$ret['error']="Invalid Username/Password";
			} 
			else {
				$a = account_load($accounts_id);
				$_SESSION['username']=$a['username'];
				$_SESSION['email']=$a['email'];
				$_SESSION['accounts_id']=$accounts_id;
				$_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no';
				$_SESSION['roles']=array();

				$status=user_conference_load($accounts_id,$_SESSION['conferences_id']);

				$ret['conferences_id']=$_SESSION['conferences_id'];
				$ret['status']="ok";
				$ret['account']=$a;
				//$ret['user']=user_load($_SESSION['users_id']);
				$ret['roles']=$_SESSION['roles'];
			}
		}
		/*	APIDOC: auth/logout
			description(logs out of an account)
			return(account array)
		*/
		else if($request[1]=="logout") {
			unset($_SESSION['username']);
			unset($_SESSION['email']);
			unset($_SESSION['accounts_id']);
			unset($_SESSION['superuser']);
			unset($_SESSION['roles']);
			unset($_SESSION['users_id']);
			unset($_SESSION['name']);
			$ret['status']="ok";
		}
		else {
			$ret['status']="error";
			$ret['error']="invalid auth command";
		}
	break;

	case "testauth":
		if($request[1]) {
			$ok=api_user_auth_required($request[1]);
		}
		else {
			$ok=api_user_auth_required();
		}

		if($ok['status']=="ok") {
			$ret['status']='ok';
		}
		else {
			$ret['status']="error";
			$ret['error']=$ok['error'];
		}

	break;
	case "scienceolympics":
		$chk=api_user_auth_required('teacher');
		if($chk['status']!="ok") {
			$ret['status']="error";
			$ret['error']=$chk['error'];
			break;
		}
		$u=user_load($_SESSION['users_id']);
		if(!$u['schools_id']) {
			$ret['status']="error";
			$ret['error']='Your teacher account is not attached to any school';
			break;
		}
		$school_id=$u['schools_id'];

		require_once("so_teams.inc.php");
		switch($request[1]) {
			case "teams":
				switch($request[2]) {
					/*	APIDOC: scienceolympics/teams/list
						description(lists the schools science olympics teams)
						return(teams array)
					*/
					case "list":
						$q=mysql_query("SELECT id,name FROM so_teams WHERE schools_id='{$u['schools_id']}' AND conferences_id='{$conference['id']}'");
						$ret['status']='ok';
						$teams=array();
						while($r=mysql_fetch_assoc($q)) {
							$teams[]=$r;
						}
						$ret['teams']=$teams;
					break;
					/*	APIDOC: scienceolympics/teams/add
						description(add a science olympics team to the logged in teacher's school)
						post(teamname varchar(64))
						return(team array);
					*/
					case "add":
						if($_POST['teamname']) {
							if($team=so_team_add($school_id,$conference['id'],$_POST['teamname'])) {
								$ret['team']=$team;
								$ret['status']="ok";
							}
							else {
								$ret['status']='error';
								$ret['error']='could not add team';
							}
						} else {
								$ret['status']='error';
								$ret['error']='teamname (varchar 64) is required';
						}
					break;
					/*	APIDOC: scienceolympics/teams/edit
						description(edit a science olympics team)
						post(id integer, teamname varchar(64))
						return(team array);
					*/
					case "edit":
						if($_POST['id'] && $_POST['teamname']) {
							if($team=so_team_edit($school_id,$_POST['id'],$_POST['teamname'])) {
								$ret['status']="ok";
								$ret['team']=$team;
							}
							else {
								$ret['status']='error';
								$ret['error']='could not edit team';
							}
						}
						else {
								$ret['status']='error';
								$ret['error']='id (integer), teamname (varchar 64) are required';
						}
					break;
					/*	APIDOC: scienceolympics/teams/delete
						description(delete a science olympics team)
						post(id integer)
					*/
					case "delete";
						if($_POST['id']) {
							if(so_team_delete($school_id,$_POST['id'])) {
								$ret['status']="ok";
							}
							else {
								$ret['status']='error';
								$ret['error']='could not delete team';
							}
						} else {
								$ret['status']='error';
								$ret['error']='id (integer) is required';
						}

					break;
					default:
						$ret['status']="error";
						$ret['error']="invalid scienceolympics/teams command ({$request[2]})";
					break;

				}
			break;
			default:
				$ret['status']="error";
				$ret['error']="invalid scienceolympics command ({$request[1]})";
			break;
		}
	break;

	default:
		$ret['status']="error";
		$ret['error']="Invalid API command ({$request[0]})";

}
echo json_encode($ret);

		/*	APIDOC: zNOTIMPLEMENTED_school/list
			description(list schools)
			return(schools array)
		*/

		/*	APIDOC: zNOTIMPLEMENTED_account/edit
			description(edit account information)
			post(account array)
			return(account array)
		*/

		/*	APIDOC: zNOTIMPLEMENTED_user/edit
			description(edit user information for current conference)
			post(user array)
			return(user array)
		*/

		/*	APIDOC: zNOTIMPLEMENTED_user/connect_teacher_to_school
			description(connects the current users teacher role to the specified school usign the schools access code)
			post(schools_id integer, accesscode varchar(16))
			return(school array)
		*/

		/*	APIDOC: zNOTIMPLEMENTED_role/list
			description(list roles and their corresponding registration types)
			return(roles array)
		*/

		/*	APIDOC: zNOTIMPLEMENTED_role/add
			post(role_id integer, password varchar(64) optional)
			description(add a role for the user to the current conference. Depending on the registraiton type, an optional password (singlepassword, schoolpassword, etc) can be specified)
			return(role array)
		*/

		/*	APIDOC: zNOTIMPLEMENTED_role/remove
			post(role_id integer)
			description(remove a role from the user for the current conference)
			return(role array)
		*/

?>