From 036cf2c295fa86a57e26495134d9e83356406ff6 Mon Sep 17 00:00:00 2001
From: dave <dave>
Date: Tue, 5 May 2009 07:27:38 +0000
Subject: [PATCH] - And the server side of the JSON stats.  We should probably
 rename this file   since it has nothing to do with XML anymore.

---
 xmltransport.php | 62 ++++++++++++++++++++++++++++++++----------------
 1 file changed, 42 insertions(+), 20 deletions(-)

diff --git a/xmltransport.php b/xmltransport.php
index 4fca291..f15f8bc 100644
--- a/xmltransport.php
+++ b/xmltransport.php
@@ -25,36 +25,58 @@
 <?
  require_once('common.inc.php');
  require_once('user.inc.php');
- require_once('admin/xml.inc.php');
 
- $d=xml_parsexml($_POST['xml']);
- $data = $d['sfiab'][0];
- 
- $username = $data['username'][0];
- $password = $data['password'][0];
+ /* magic quotes DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, on by default *
+  * for any PHP < 5.3.0.  Pain in the ASS.  php is running the urldecode for us,
+  * seeing that the string has quotes, then adding quotes before we can
+  * json_decode() 
+  * It only does this in POST and GET */
+ if(get_magic_quotes_gpc())
+	$data = json_decode(stripslashes($_POST['json']), true);
+ else 
+	$data = json_decode($_POST['json'], true);
+
+// echo "post:";print_r($_POST);
+// echo "json post: ".htmlspecialchars($_POST['json'])."<br>";
+// echo "stripslashes(json post): ".stripslashes($_POST['json'])."<br>";
+// echo "data:";print_r($data);
+// echo "<br />";
+// exit;
+
+ $username = $data['auth']['username'];
+ $password = $data['auth']['password'];
+
+ $response['query'] = $data;
  
 // echo "Authenticating... ";
  $username = mysql_escape_string($username);
  $q=mysql_query("SELECT uid FROM users WHERE username='$username'");
  if(mysql_num_rows($q) != 1) {
-	 echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
-	 exit;
+ 	$response['error'] = 1;
+	$response['message'] = "Authentication Failed";
+	echo json_encode($response);
+	exit;
  }
  $i = mysql_fetch_assoc($q);
  $u = user_load_by_uid($i['uid']);
+ $response['i'] = $i;
  if(!is_array($u) || $u['password'] == '') {
-	 echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
-	 exit;
+ 	$response['error'] = 1;
+	$response['message'] = "Authentication Failed2";
+	echo json_encode($response);
+	exit;
  }
 
  if($u['password'] != $password) {
-	 echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
-	 exit;
+ 	$response['error'] = 1;
+	$response['message'] = "Authentication Failed3";
+	echo json_encode($response);
+	exit;
  }
 
  $response = array();
  if(array_key_exists('getstats', $data)) {
-	$year = $data['getstats'][0]['year'][0];
+	$year = $data['getstats']['year'];
 	$vars = array('fair_stats_participation', 'fair_stats_schools_ext',
 		 'fair_stats_minorities', 'fair_stats_guests',
 		 'fair_stats_sffbc_misc', 'fair_stats_info',
@@ -68,14 +90,16 @@
 				AND year='$year'");
 	$response['stats'] = mysql_fetch_assoc($q);
 	unset($response['stats']['id']);
+	$response['error'] = 0;
  }
 
  if(array_key_exists('stats', $data)) {
-	$stats = array();
-	foreach($data['stats'][0] as $k=>$v) {
-		$stats[$k] = $v[0];
+	$stats = $data['stats'];
+	foreach($stats as $k=>$v) {
+		$stats[$k] = mysql_escape_string($stats[$k]);
 	}
-	$str = join(',',$stats);
+
+//	$str = join(',',$stats);
 	$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
 	$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
 	mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
@@ -88,9 +112,7 @@
 	$response['message'] = 'Stats saved';
  }
 
- $output="";
- xmlCreateRecurse(array('sfiab'=>$response));
- echo urlencode($output);
+ echo urlencode(json_encode($response));
 // echo "Success!<br />";