forked from science-ation/science-ation
- And the server side of the JSON stats. We should probably rename this file
since it has nothing to do with XML anymore.
This commit is contained in:
parent
687d4ea875
commit
036cf2c295
@ -25,36 +25,58 @@
|
||||
<?
|
||||
require_once('common.inc.php');
|
||||
require_once('user.inc.php');
|
||||
require_once('admin/xml.inc.php');
|
||||
|
||||
$d=xml_parsexml($_POST['xml']);
|
||||
$data = $d['sfiab'][0];
|
||||
/* magic quotes DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, on by default *
|
||||
* for any PHP < 5.3.0. Pain in the ASS. php is running the urldecode for us,
|
||||
* seeing that the string has quotes, then adding quotes before we can
|
||||
* json_decode()
|
||||
* It only does this in POST and GET */
|
||||
if(get_magic_quotes_gpc())
|
||||
$data = json_decode(stripslashes($_POST['json']), true);
|
||||
else
|
||||
$data = json_decode($_POST['json'], true);
|
||||
|
||||
$username = $data['username'][0];
|
||||
$password = $data['password'][0];
|
||||
// echo "post:";print_r($_POST);
|
||||
// echo "json post: ".htmlspecialchars($_POST['json'])."<br>";
|
||||
// echo "stripslashes(json post): ".stripslashes($_POST['json'])."<br>";
|
||||
// echo "data:";print_r($data);
|
||||
// echo "<br />";
|
||||
// exit;
|
||||
|
||||
$username = $data['auth']['username'];
|
||||
$password = $data['auth']['password'];
|
||||
|
||||
$response['query'] = $data;
|
||||
|
||||
// echo "Authenticating... ";
|
||||
$username = mysql_escape_string($username);
|
||||
$q=mysql_query("SELECT uid FROM users WHERE username='$username'");
|
||||
if(mysql_num_rows($q) != 1) {
|
||||
echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
|
||||
exit;
|
||||
$response['error'] = 1;
|
||||
$response['message'] = "Authentication Failed";
|
||||
echo json_encode($response);
|
||||
exit;
|
||||
}
|
||||
$i = mysql_fetch_assoc($q);
|
||||
$u = user_load_by_uid($i['uid']);
|
||||
$response['i'] = $i;
|
||||
if(!is_array($u) || $u['password'] == '') {
|
||||
echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
|
||||
exit;
|
||||
$response['error'] = 1;
|
||||
$response['message'] = "Authentication Failed2";
|
||||
echo json_encode($response);
|
||||
exit;
|
||||
}
|
||||
|
||||
if($u['password'] != $password) {
|
||||
echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
|
||||
exit;
|
||||
$response['error'] = 1;
|
||||
$response['message'] = "Authentication Failed3";
|
||||
echo json_encode($response);
|
||||
exit;
|
||||
}
|
||||
|
||||
$response = array();
|
||||
if(array_key_exists('getstats', $data)) {
|
||||
$year = $data['getstats'][0]['year'][0];
|
||||
$year = $data['getstats']['year'];
|
||||
$vars = array('fair_stats_participation', 'fair_stats_schools_ext',
|
||||
'fair_stats_minorities', 'fair_stats_guests',
|
||||
'fair_stats_sffbc_misc', 'fair_stats_info',
|
||||
@ -68,14 +90,16 @@
|
||||
AND year='$year'");
|
||||
$response['stats'] = mysql_fetch_assoc($q);
|
||||
unset($response['stats']['id']);
|
||||
$response['error'] = 0;
|
||||
}
|
||||
|
||||
if(array_key_exists('stats', $data)) {
|
||||
$stats = array();
|
||||
foreach($data['stats'][0] as $k=>$v) {
|
||||
$stats[$k] = $v[0];
|
||||
$stats = $data['stats'];
|
||||
foreach($stats as $k=>$v) {
|
||||
$stats[$k] = mysql_escape_string($stats[$k]);
|
||||
}
|
||||
$str = join(',',$stats);
|
||||
|
||||
// $str = join(',',$stats);
|
||||
$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
|
||||
$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
|
||||
mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
|
||||
@ -88,9 +112,7 @@
|
||||
$response['message'] = 'Stats saved';
|
||||
}
|
||||
|
||||
$output="";
|
||||
xmlCreateRecurse(array('sfiab'=>$response));
|
||||
echo urlencode($output);
|
||||
echo urlencode(json_encode($response));
|
||||
// echo "Success!<br />";
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user