arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Added api functionality for creating and saving projects

Browse Source
This commit is contained in:
jacob 2011-02-17 22:04:47 +00:00
parent b71a0dc994
commit 3745d8cfd9
6 changed files with 320 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

137
api.php
View File

@ -27,6 +27,7 @@ require_once("common.inc.functions.php");
require_once("account.inc.php");
require_once("user.inc.php");
require_once("schedule.inc.php");
require_once("register_participants.inc.php");
if($_SERVER['HTTPS']!="on" && !$API_DONT_REQUIRE_SSL) {
$ret['status']="error";
$ret['error']="SSL is required for API access, please access the API over https";
@ -842,7 +843,143 @@ switch($request[0]) {
$ret['schools'] = get_schools($conference['id']);
$ret['status'] = 'ok';
break;
default:
$ret['status']="error";
$ret['error']="invalidi school API command ({$request[1]})";
}
break;
case 'project':
$chk=api_user_auth_required();
if($chk['status']!="ok") {
$ret['status']="error";
$ret['error']=$chk['error'];
break;
}
// students status must be complete in order to add projects
/*
$sStatus = studentStatus();
if($sStatus != 'complete'){
$ret['status'] = "error";
$ret['error'] = "student information must be completed before managing projects - " . $sStatus;
break;
}
*/
switch($request[1]){
/* APIDOC: project/add
description(add a project)
post(projectdivisions_id integer, title varchar(255), language char(2), req_electricity enum('no', 'yes'), req_table enum('no', 'yes'), req_special varchar(128), summary text)
return(project array)
*/
case 'add':
// be logged in as a student in order to create a project
$user = user_load($_SESSION['users_id']);
if(!$user || !in_array('participant', $_SESSION['roles'])){
$ret['status'] = 'error';
$ret['error'] = "You must be logged in as a participant to create a project";
break;
}
// we start by creating a registration
$regNumber = addRegistration($_SESSION['users_id']);
if(!is_numeric($regNumber)){
$ret['status'] = 'error';
$ret['error'] = $regNumber;
break;
}
// now we add a project to that registration
$project = addProject($regNumber);
if(!is_array($project)){
$ret['status'] = 'error';
$ret['error'] = $project;
break;
}
// and then save the posted data to that project
$params['project_id'] = $project['id'];
foreach($_POST as $fieldName){
$params[$fieldName] = $_POST[$fieldName];
}
$message = saveProjectData($params);
if($message != 'success'){
$ret['status'] = 'error';
$ret['error'] = $message;
break;
}
// if we got thes far, then all's good and we can return the project data
$ret['status'] = 'ok';
$ret['project'] = getProject($regNumber);
break;
/* APIDOC: project/edit
post(project_id integer, projectdivisions_id integer, title varchar(255), language char(2), req_electricity enum('no', 'yes'), req_table enum('no', 'yes'), req_special varchar(128), summary text)
description(Edit an existing project. "language" notes the language a participant wishes to be judged in. "req_electricity" notes whethor or not the project requires an electrical outlet. "req_table" states whether or not the project needs a table. "req_special" is a field for special requirements.)
*/
case 'edit':
$message = saveProjectData($_POST);
if($message == 'success'){
$ret['status'] = 'ok';
}else{
$ret['status'] = 'error';
$ret['error'] = $message;
}
break;
/* APIDOC: project/join
description(join an existing project - not yet implemented)
*/
case 'join':
// this should let somone join a specific registration (think "team")
$ret['status'] = "error";
$ret['error'] = $_GET['request'] . " functionality not yet implemented";
break;
/* APIDOC: project/remove
description(remove an existing project - not yet implemented
*/
case 'remove':
$ret['status'] = "error";
$ret['error'] = $_GET['request'] . " functionality not yet implemented";
break;
case 'mentor':
switch($request[2]){
/* APIDOC: project/mentor/add
description(add a project mentor - not yet implemented)
*/
case 'add':
$ret['status'] = "error";
$ret['error'] = $_GET['request'] . " functionality not yet implemented";
break;
/* APIDOC: project/mentor/add
description(remove a project mentor - not yet implemented)
*/
case 'remove':
$ret['status'] = "error";
$ret['error'] = $_GET['request'] . " functionality not yet implemented";
break;
/* APIDOC: project/mentor/add
description(list project mentors - not yet implemented)
*/
case 'list':
$ret['status'] = "error";
$ret['error'] = $_GET['request'] . " functionality not yet implemented";
break;
}
break;
default:
$ret['status']="error";
$ret['error']="invalid project API command ({$request[1]})";
}
break;
default:
$ret['status']="error";

2
db/db.code.version.txt
View File

@ -1 +1 @@
227
228

1
db/db.update.228.sql Normal file
View File

@ -0,0 +1 @@
ALTER TABLE `users` ADD `registrations_id` INT( 10 ) NULL DEFAULT NULL AFTER `schools_id`;

169
register_participants.inc.php
View File

@ -430,7 +430,7 @@ function generateProjectNumber($registration_id)
function computeRegistrationFee($regid)
{
global $config, $conference;
global $config, $conference;
$ret = array();
$regfee_items = array();
@ -462,7 +462,7 @@ function computeRegistrationFee($regid)
'base' => $config['regfee'],
'num' => $n_students,
'ext' => $f );
$regfee += $f;
$regfee += $f;
} else {
$ret[] = array( 'id' => 'regfee',
'text' => "Fair Registration (per project)",
@ -512,6 +512,171 @@ function computeRegistrationFee($regid)
return array($regfee, $ret);
}
/******************************************************************************
New functionality split off for API purposes
******************************************************************************/
function saveProjectData($data){
global $conference, $config;
$requiredFields = array('project_id', 'summary', 'title', 'projectdivisions_id', 'language', 'req_table', 'req_electricity', 'summary');
if($config['participant_short_title_enable'] == 'yes'){
$requiredFields[] = 'shorttitle';
}
$missingFields = array();
foreach($requiredFields as $field){
if(!array_key_exists($field, $data)){
$missingFields[] = $field;
}else if(trim($data[$field]) == ''){
$missingFields[] = $field;
}
}
if(registrationFormsReceived()){
$message = i18n("Cannot make changes to forms once they have been received by the fair");
}else if(registrationDeadlinePassed()){
$message = i18n("Cannot make changes to forms after registration deadline");
}else if(count($missingFields)){
$message = i18n("Required fields missing: %1", array(implode(', ', $missingFields)));
}else{
//first, lets make sure this project really does belong to them
$q = mysql_query("SELECT * FROM projects WHERE id='" . $data['project_id'] . "' AND registrations_id='" . $_SESSION['registration_id'] . "' AND conferences_id='" . $conference['id'] . "'");
if(mysql_num_rows($q) == 1)
{
$summarywords = preg_split("/[\s,]+/", $data['summary']);
$summarywordcount = count($summarywords);
if($summarywordcount > $config['participant_project_summary_wordmax'] || $summarywordcount<$config['participant_project_summary_wordmin'])
$summarycountok=0;
else
$summarycountok=1;
if($config['participant_project_title_charmax'] && strlen(stripslashes($data['title']))>$config['participant_project_title_charmax']) //0 for no limit, eg 255 database field limit
{
$title=substr(stripslashes($data['title']),0,$config['participant_project_title_charmax']);
$message = i18n("Project title truncated to %1 characters",array($config['participant_project_title_charmax']));
}
else
$title=stripslashes($data['title']);
if($config['participant_short_title_enable'] == 'yes'
&& $config['participant_short_title_charmax']
&& strlen(stripslashes($data['shorttitle']))>$config['participant_short_title_charmax']) //0 for no limit, eg 255 database field limit
{
$shorttitle=substr(stripslashes($data['shorttitle']),0,$config['participant_short_title_charmax']);
$message = i18n("Short project title truncated to %1 characters",array($config['participant_short_title_charmax']));
}
else
$shorttitle=stripslashes($data['shorttitle']);
mysql_query("UPDATE projects SET " .
"title='" . mysql_escape_string($title)."', " .
"shorttitle='" . mysql_escape_string($shorttitle) . "', " .
"projectdivisions_id='" . $data['projectdivisions_id'] . "', " .
"language='" . mysql_escape_string(stripslashes($data['language'])) . "', " .
"req_table='" . mysql_escape_string(stripslashes($data['req_table'])) . "', " .
"req_electricity='" . mysql_escape_string(stripslashes($data['req_electricity'])) . "', " .
"req_special='" . mysql_escape_string(stripslashes($data['req_special'])) . "', " .
"summary='" . mysql_escape_string(stripslashes($data['summary'])) . "', " .
"summarycountok='$summarycountok'" .
"WHERE id='" . $data['project_id'] . "'");
$message = mysql_error();
if($message == ''){
$message = 'success';
}
}
else
{
$message = i18n("Invalid project to update");
}
}
return $message;
}
//get a random registration number between 100000 and 999999 (six digit integer)
// that isn't already in use
//TODO - set up a method or ensuring that the very unlikely chance of two people simultaneously
// getting the same number is in fact impossible
function getNewRegNum(){
global $conference;
do {
$regnum = rand(100000,999999);
$q = mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND conferences_id=".$conference['id']);
}while(mysql_num_rows($q) > 0);
return $regnum;
}
// add a registration record and return it's unique "num" id
//FIXME - this should probably do a check to see if the user
// was connected to another project already, and either:
// a) check to see if anyone else is connected to it, and delete it if not
// b) don't let them create a new one without explicitly disassociating with the other
function addRegistration($userId){
global $conference;
// create the new registration record, and assign a random/unique registration number.
$regnum = getNewRegNum();
//actually insert it
$query = "INSERT INTO registrations (num,email,start,status,conferences_id) VALUES (".
"'$regnum', ".
"'".$_SESSION['email']."', ".
"NOW(), ".
"'new', ".
$conference['id'].
")";
mysql_query($query);
$err = mysql_error();
if($err){
return "register_participants.inc.php::addRegistration -> " . $err;
}
// update the user now, connecting them to that registration
$query = "UPDATE users SET registrations_id = $regnum WHERE id = $userId";
mysql_query($query);
$err = mysql_error();
if($err){
return "register_participants.inc.php::addRegistration -> " . $err;
}
// ok, if the flow hits this point, then we've successfully added the registration and
// linked the user to it. Return the registration number
return $regnum;
}
function getProject($registrations_id){
global $conference;
// FIXME - in the future, this should be able to handle a many-to-many
// relationship in projects to registrations (so remove that LIMIT 1)
$fields = implode(',', array(
'id', 'projectdivisions_id', 'title', 'language', 'req_electricity',
'registrations_id', 'req_table', 'req_special', 'summary'
));
$q = mysql_query("SELECT $fields FROM projects WHERE registrations_id='$registrations_id' AND conferences_id='".$conference['id']."' LIMIT 1");
$returnval = mysql_error();
if($returnval){
$returnval = "register_participants.inc.php::getProject -> " . $returnval;
}else{
$returnval = mysql_fetch_assoc($q);
}
return $returnval;
}
// add a project
function addProject($registrations_id){
global $conference;
mysql_query("
INSERT INTO projects(registrations_id, conferences_id)
VALUES ('" . $registrations_id . "','" . $conference['id']."')
");
//now query the one we just inserted
$q = mysql_query("SELECT * FROM projects WHERE registrations_id='$registrations_id' AND conferences_id='{$conference['id']}'");
$returnval = mysql_error();
if($returnval){
$returnval = "register_participants.inc.php::addProject -> " . $returnval;
}else{
$returnval = mysql_fetch_assoc($q);
}
return $returnval;
}
?>

64
register_participants_project.php
View File

@ -71,63 +71,11 @@ echo mysql_error();
if($_POST['action']=="save")
{
if(registrationFormsReceived())
{
echo error(i18n("Cannot make changes to forms once they have been received by the fair"));
}
else if(registrationDeadlinePassed())
{
echo error(i18n("Cannot make changes to forms after registration deadline"));
}
else
{
//first, lets make sure this project really does belong to them
$q=mysql_query("SELECT * FROM projects WHERE id='".$_POST['id']."' AND registrations_id='".$_SESSION['registration_id']."' AND conferences_id='".$conference['id']."'");
if(mysql_num_rows($q)==1)
{
$summarywords=preg_split("/[\s,]+/",$_POST['summary']);
$summarywordcount=count($summarywords);
if($summarywordcount>$config['participant_project_summary_wordmax'] || $summarywordcount<$config['participant_project_summary_wordmin'])
$summarycountok=0;
else
$summarycountok=1;
if($config['participant_project_title_charmax'] && strlen(stripslashes($_POST['title']))>$config['participant_project_title_charmax']) //0 for no limit, eg 255 database field limit
{
$title=substr(stripslashes($_POST['title']),0,$config['participant_project_title_charmax']);
echo error(i18n("Project title truncated to %1 characters",array($config['participant_project_title_charmax'])));
}
else
$title=stripslashes($_POST['title']);
if($config['participant_short_title_enable'] == 'yes'
&& $config['participant_short_title_charmax']
&& strlen(stripslashes($_POST['shorttitle']))>$config['participant_short_title_charmax']) //0 for no limit, eg 255 database field limit
{
$shorttitle=substr(stripslashes($_POST['shorttitle']),0,$config['participant_short_title_charmax']);
echo error(i18n("Short project title truncated to %1 characters",array($config['participant_short_title_charmax'])));
}
else
$shorttitle=stripslashes($_POST['shorttitle']);
mysql_query("UPDATE projects SET ".
"title='".mysql_escape_string($title)."', ".
"shorttitle='".mysql_escape_string($shorttitle)."', ".
"projectdivisions_id='".$_POST['projectdivisions_id']."', ".
"language='".mysql_escape_string(stripslashes($_POST['language']))."', ".
"req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ".
"req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ".
"req_special='".mysql_escape_string(stripslashes($_POST['req_special']))."', ".
"summary='".mysql_escape_string(stripslashes($_POST['summary']))."', ".
"summarycountok='$summarycountok'".
"WHERE id='".$_POST['id']."'");
echo mysql_error();
echo notice(i18n("Project information successfully updated"));
}
else
{
echo error(i18n("Invalid project to update"));
}
$message = saveProjectData($_POST);
if($message == 'success'){
echo notice(i18n("Project information successfully updated"));
}else{
echo error($message);
}
}
@ -208,7 +156,7 @@ function countwords()
echo "<form name=\"projectform\" method=\"post\" action=\"register_participants_project.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\">\n";
echo "<input type=\"hidden\" name=\"id\" value=\"$projectinfo->id\">\n";
echo "<input type=\"hidden\" name=\"project_id\" value=\"$projectinfo->id\">\n";
echo "<table>\n";
echo "<tr><td>".i18n("Project Title").": </td><td><input type=\"text\" name=\"title\" size=\"50\" value=\"".htmlspecialchars($projectinfo->title)."\" />".REQUIREDFIELD;
if($config['participant_project_title_charmax'])

10
user.inc.php
View File

@ -289,7 +289,7 @@ function user_load_by_email($email)
}
function user_get_role_fields($role){
global $conference;
global $conference, $config;
switch($role){
case 'committee':
$fields = array('emailprivate','ord','displayemail');
@ -305,7 +305,13 @@ function user_get_role_fields($role){
}
break;
case 'participant':
$fields = array('grade', 'schools_id', 'foodreq', 'tshirt', 'medicalalert', 'dateofbirth');
$fields = array('grade', 'schools_id', 'foodreq', 'medicalalert', 'registrations_id');
if($config['participant_student_personal'] == "yes"){
$fields[] = 'dateofbirth';
}
if($config['participant_student_tshirt'] == "yes"){
$fields[] = 'tshirt';
}
break;
case 'fair':
$fields = array('fairs_id');