- And the server side of the JSON stats. We should probably rename this file

since it has nothing to do with XML anymore.
This commit is contained in:
dave 2009-05-05 07:27:38 +00:00
parent 687d4ea875
commit 036cf2c295

View File

@ -25,36 +25,58 @@
<? <?
require_once('common.inc.php'); require_once('common.inc.php');
require_once('user.inc.php'); require_once('user.inc.php');
require_once('admin/xml.inc.php');
$d=xml_parsexml($_POST['xml']); /* magic quotes DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, on by default *
$data = $d['sfiab'][0]; * for any PHP < 5.3.0. Pain in the ASS. php is running the urldecode for us,
* seeing that the string has quotes, then adding quotes before we can
* json_decode()
* It only does this in POST and GET */
if(get_magic_quotes_gpc())
$data = json_decode(stripslashes($_POST['json']), true);
else
$data = json_decode($_POST['json'], true);
$username = $data['username'][0]; // echo "post:";print_r($_POST);
$password = $data['password'][0]; // echo "json post: ".htmlspecialchars($_POST['json'])."<br>";
// echo "stripslashes(json post): ".stripslashes($_POST['json'])."<br>";
// echo "data:";print_r($data);
// echo "<br />";
// exit;
$username = $data['auth']['username'];
$password = $data['auth']['password'];
$response['query'] = $data;
// echo "Authenticating... "; // echo "Authenticating... ";
$username = mysql_escape_string($username); $username = mysql_escape_string($username);
$q=mysql_query("SELECT uid FROM users WHERE username='$username'"); $q=mysql_query("SELECT uid FROM users WHERE username='$username'");
if(mysql_num_rows($q) != 1) { if(mysql_num_rows($q) != 1) {
echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>"; $response['error'] = 1;
$response['message'] = "Authentication Failed";
echo json_encode($response);
exit; exit;
} }
$i = mysql_fetch_assoc($q); $i = mysql_fetch_assoc($q);
$u = user_load_by_uid($i['uid']); $u = user_load_by_uid($i['uid']);
$response['i'] = $i;
if(!is_array($u) || $u['password'] == '') { if(!is_array($u) || $u['password'] == '') {
echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>"; $response['error'] = 1;
$response['message'] = "Authentication Failed2";
echo json_encode($response);
exit; exit;
} }
if($u['password'] != $password) { if($u['password'] != $password) {
echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>"; $response['error'] = 1;
$response['message'] = "Authentication Failed3";
echo json_encode($response);
exit; exit;
} }
$response = array(); $response = array();
if(array_key_exists('getstats', $data)) { if(array_key_exists('getstats', $data)) {
$year = $data['getstats'][0]['year'][0]; $year = $data['getstats']['year'];
$vars = array('fair_stats_participation', 'fair_stats_schools_ext', $vars = array('fair_stats_participation', 'fair_stats_schools_ext',
'fair_stats_minorities', 'fair_stats_guests', 'fair_stats_minorities', 'fair_stats_guests',
'fair_stats_sffbc_misc', 'fair_stats_info', 'fair_stats_sffbc_misc', 'fair_stats_info',
@ -68,14 +90,16 @@
AND year='$year'"); AND year='$year'");
$response['stats'] = mysql_fetch_assoc($q); $response['stats'] = mysql_fetch_assoc($q);
unset($response['stats']['id']); unset($response['stats']['id']);
$response['error'] = 0;
} }
if(array_key_exists('stats', $data)) { if(array_key_exists('stats', $data)) {
$stats = array(); $stats = $data['stats'];
foreach($data['stats'][0] as $k=>$v) { foreach($stats as $k=>$v) {
$stats[$k] = $v[0]; $stats[$k] = mysql_escape_string($stats[$k]);
} }
$str = join(',',$stats);
// $str = join(',',$stats);
$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`'; $keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'"; $vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}' mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
@ -88,9 +112,7 @@
$response['message'] = 'Stats saved'; $response['message'] = 'Stats saved';
} }
$output=""; echo urlencode(json_encode($response));
xmlCreateRecurse(array('sfiab'=>$response));
echo urlencode($output);
// echo "Success!<br />"; // echo "Success!<br />";