diff --git a/api.php b/api.php index 61e0599..e494b58 100644 --- a/api.php +++ b/api.php @@ -27,6 +27,7 @@ require_once("common.inc.functions.php"); require_once("account.inc.php"); require_once("user.inc.php"); require_once("schedule.inc.php"); +require_once("register_participants.inc.php"); if($_SERVER['HTTPS']!="on" && !$API_DONT_REQUIRE_SSL) { $ret['status']="error"; $ret['error']="SSL is required for API access, please access the API over https"; @@ -842,7 +843,143 @@ switch($request[0]) { $ret['schools'] = get_schools($conference['id']); $ret['status'] = 'ok'; break; + + default: + $ret['status']="error"; + $ret['error']="invalidi school API command ({$request[1]})"; } + break; + + case 'project': + $chk=api_user_auth_required(); + if($chk['status']!="ok") { + $ret['status']="error"; + $ret['error']=$chk['error']; + break; + } + + // students status must be complete in order to add projects +/* + $sStatus = studentStatus(); + if($sStatus != 'complete'){ + $ret['status'] = "error"; + $ret['error'] = "student information must be completed before managing projects - " . $sStatus; + break; + } +*/ + switch($request[1]){ + /* APIDOC: project/add + description(add a project) + post(projectdivisions_id integer, title varchar(255), language char(2), req_electricity enum('no', 'yes'), req_table enum('no', 'yes'), req_special varchar(128), summary text) + return(project array) + */ + case 'add': + // be logged in as a student in order to create a project + $user = user_load($_SESSION['users_id']); + if(!$user || !in_array('participant', $_SESSION['roles'])){ + $ret['status'] = 'error'; + $ret['error'] = "You must be logged in as a participant to create a project"; + break; + } + + // we start by creating a registration + $regNumber = addRegistration($_SESSION['users_id']); + if(!is_numeric($regNumber)){ + $ret['status'] = 'error'; + $ret['error'] = $regNumber; + break; + } + + // now we add a project to that registration + $project = addProject($regNumber); + if(!is_array($project)){ + $ret['status'] = 'error'; + $ret['error'] = $project; + break; + } + + // and then save the posted data to that project + $params['project_id'] = $project['id']; + foreach($_POST as $fieldName){ + $params[$fieldName] = $_POST[$fieldName]; + } + $message = saveProjectData($params); + if($message != 'success'){ + $ret['status'] = 'error'; + $ret['error'] = $message; + break; + } + + // if we got thes far, then all's good and we can return the project data + $ret['status'] = 'ok'; + $ret['project'] = getProject($regNumber); + + break; + + /* APIDOC: project/edit + post(project_id integer, projectdivisions_id integer, title varchar(255), language char(2), req_electricity enum('no', 'yes'), req_table enum('no', 'yes'), req_special varchar(128), summary text) + description(Edit an existing project. "language" notes the language a participant wishes to be judged in. "req_electricity" notes whethor or not the project requires an electrical outlet. "req_table" states whether or not the project needs a table. "req_special" is a field for special requirements.) + */ + case 'edit': + $message = saveProjectData($_POST); + if($message == 'success'){ + $ret['status'] = 'ok'; + }else{ + $ret['status'] = 'error'; + $ret['error'] = $message; + } + break; + + /* APIDOC: project/join + description(join an existing project - not yet implemented) + */ + case 'join': + // this should let somone join a specific registration (think "team") + $ret['status'] = "error"; + $ret['error'] = $_GET['request'] . " functionality not yet implemented"; + break; + + /* APIDOC: project/remove + description(remove an existing project - not yet implemented + */ + case 'remove': + $ret['status'] = "error"; + $ret['error'] = $_GET['request'] . " functionality not yet implemented"; + break; + + case 'mentor': + switch($request[2]){ + /* APIDOC: project/mentor/add + description(add a project mentor - not yet implemented) + */ + case 'add': + $ret['status'] = "error"; + $ret['error'] = $_GET['request'] . " functionality not yet implemented"; + break; + + /* APIDOC: project/mentor/add + description(remove a project mentor - not yet implemented) + */ + case 'remove': + $ret['status'] = "error"; + $ret['error'] = $_GET['request'] . " functionality not yet implemented"; + break; + + /* APIDOC: project/mentor/add + description(list project mentors - not yet implemented) + */ + case 'list': + $ret['status'] = "error"; + $ret['error'] = $_GET['request'] . " functionality not yet implemented"; + break; + } + break; + + default: + $ret['status']="error"; + $ret['error']="invalid project API command ({$request[1]})"; + } + break; default: $ret['status']="error"; diff --git a/db/db.code.version.txt b/db/db.code.version.txt index 2c36bbd..9be0dc9 100644 --- a/db/db.code.version.txt +++ b/db/db.code.version.txt @@ -1 +1 @@ -227 +228 diff --git a/db/db.update.228.sql b/db/db.update.228.sql new file mode 100644 index 0000000..be35436 --- /dev/null +++ b/db/db.update.228.sql @@ -0,0 +1 @@ +ALTER TABLE `users` ADD `registrations_id` INT( 10 ) NULL DEFAULT NULL AFTER `schools_id`; diff --git a/register_participants.inc.php b/register_participants.inc.php index 2b7b14a..cc344c7 100644 --- a/register_participants.inc.php +++ b/register_participants.inc.php @@ -430,7 +430,7 @@ function generateProjectNumber($registration_id) function computeRegistrationFee($regid) { - global $config, $conference; + global $config, $conference; $ret = array(); $regfee_items = array(); @@ -462,7 +462,7 @@ function computeRegistrationFee($regid) 'base' => $config['regfee'], 'num' => $n_students, 'ext' => $f ); - $regfee += $f; + $regfee += $f; } else { $ret[] = array( 'id' => 'regfee', 'text' => "Fair Registration (per project)", @@ -512,6 +512,171 @@ function computeRegistrationFee($regid) return array($regfee, $ret); } +/****************************************************************************** +New functionality split off for API purposes +******************************************************************************/ + +function saveProjectData($data){ + global $conference, $config; + $requiredFields = array('project_id', 'summary', 'title', 'projectdivisions_id', 'language', 'req_table', 'req_electricity', 'summary'); + if($config['participant_short_title_enable'] == 'yes'){ + $requiredFields[] = 'shorttitle'; + } + $missingFields = array(); + foreach($requiredFields as $field){ + if(!array_key_exists($field, $data)){ + $missingFields[] = $field; + }else if(trim($data[$field]) == ''){ + $missingFields[] = $field; + } + } + + if(registrationFormsReceived()){ + $message = i18n("Cannot make changes to forms once they have been received by the fair"); + }else if(registrationDeadlinePassed()){ + $message = i18n("Cannot make changes to forms after registration deadline"); + }else if(count($missingFields)){ + $message = i18n("Required fields missing: %1", array(implode(', ', $missingFields))); + }else{ + //first, lets make sure this project really does belong to them + $q = mysql_query("SELECT * FROM projects WHERE id='" . $data['project_id'] . "' AND registrations_id='" . $_SESSION['registration_id'] . "' AND conferences_id='" . $conference['id'] . "'"); + if(mysql_num_rows($q) == 1) + { + $summarywords = preg_split("/[\s,]+/", $data['summary']); + $summarywordcount = count($summarywords); + if($summarywordcount > $config['participant_project_summary_wordmax'] || $summarywordcount<$config['participant_project_summary_wordmin']) + $summarycountok=0; + else + $summarycountok=1; + + if($config['participant_project_title_charmax'] && strlen(stripslashes($data['title']))>$config['participant_project_title_charmax']) //0 for no limit, eg 255 database field limit + { + $title=substr(stripslashes($data['title']),0,$config['participant_project_title_charmax']); + $message = i18n("Project title truncated to %1 characters",array($config['participant_project_title_charmax'])); + } + else + $title=stripslashes($data['title']); + + if($config['participant_short_title_enable'] == 'yes' + && $config['participant_short_title_charmax'] + && strlen(stripslashes($data['shorttitle']))>$config['participant_short_title_charmax']) //0 for no limit, eg 255 database field limit + { + $shorttitle=substr(stripslashes($data['shorttitle']),0,$config['participant_short_title_charmax']); + $message = i18n("Short project title truncated to %1 characters",array($config['participant_short_title_charmax'])); + } + else + $shorttitle=stripslashes($data['shorttitle']); + + mysql_query("UPDATE projects SET " . + "title='" . mysql_escape_string($title)."', " . + "shorttitle='" . mysql_escape_string($shorttitle) . "', " . + "projectdivisions_id='" . $data['projectdivisions_id'] . "', " . + "language='" . mysql_escape_string(stripslashes($data['language'])) . "', " . + "req_table='" . mysql_escape_string(stripslashes($data['req_table'])) . "', " . + "req_electricity='" . mysql_escape_string(stripslashes($data['req_electricity'])) . "', " . + "req_special='" . mysql_escape_string(stripslashes($data['req_special'])) . "', " . + "summary='" . mysql_escape_string(stripslashes($data['summary'])) . "', " . + "summarycountok='$summarycountok'" . + "WHERE id='" . $data['project_id'] . "'"); + $message = mysql_error(); + if($message == ''){ + $message = 'success'; + } + } + else + { + $message = i18n("Invalid project to update"); + } + } + return $message; +} + +//get a random registration number between 100000 and 999999 (six digit integer) +// that isn't already in use +//TODO - set up a method or ensuring that the very unlikely chance of two people simultaneously +// getting the same number is in fact impossible +function getNewRegNum(){ + global $conference; + do { + $regnum = rand(100000,999999); + $q = mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND conferences_id=".$conference['id']); + }while(mysql_num_rows($q) > 0); + return $regnum; +} + +// add a registration record and return it's unique "num" id +//FIXME - this should probably do a check to see if the user +// was connected to another project already, and either: +// a) check to see if anyone else is connected to it, and delete it if not +// b) don't let them create a new one without explicitly disassociating with the other +function addRegistration($userId){ + global $conference; + + // create the new registration record, and assign a random/unique registration number. + $regnum = getNewRegNum(); + + //actually insert it + $query = "INSERT INTO registrations (num,email,start,status,conferences_id) VALUES (". + "'$regnum', ". + "'".$_SESSION['email']."', ". + "NOW(), ". + "'new', ". + $conference['id']. + ")"; + mysql_query($query); + $err = mysql_error(); + if($err){ + return "register_participants.inc.php::addRegistration -> " . $err; + } + + // update the user now, connecting them to that registration + $query = "UPDATE users SET registrations_id = $regnum WHERE id = $userId"; + mysql_query($query); + $err = mysql_error(); + if($err){ + return "register_participants.inc.php::addRegistration -> " . $err; + } + + // ok, if the flow hits this point, then we've successfully added the registration and + // linked the user to it. Return the registration number + return $regnum; +} + +function getProject($registrations_id){ + global $conference; + // FIXME - in the future, this should be able to handle a many-to-many + // relationship in projects to registrations (so remove that LIMIT 1) + $fields = implode(',', array( + 'id', 'projectdivisions_id', 'title', 'language', 'req_electricity', + 'registrations_id', 'req_table', 'req_special', 'summary' + )); + $q = mysql_query("SELECT $fields FROM projects WHERE registrations_id='$registrations_id' AND conferences_id='".$conference['id']."' LIMIT 1"); + $returnval = mysql_error(); + if($returnval){ + $returnval = "register_participants.inc.php::getProject -> " . $returnval; + }else{ + $returnval = mysql_fetch_assoc($q); + } + return $returnval; +} + +// add a project +function addProject($registrations_id){ + global $conference; + mysql_query(" + INSERT INTO projects(registrations_id, conferences_id) + VALUES ('" . $registrations_id . "','" . $conference['id']."') + "); + //now query the one we just inserted + $q = mysql_query("SELECT * FROM projects WHERE registrations_id='$registrations_id' AND conferences_id='{$conference['id']}'"); + $returnval = mysql_error(); + if($returnval){ + $returnval = "register_participants.inc.php::addProject -> " . $returnval; + }else{ + $returnval = mysql_fetch_assoc($q); + } + return $returnval; +} ?> diff --git a/register_participants_project.php b/register_participants_project.php index c0618d3..a85c29f 100644 --- a/register_participants_project.php +++ b/register_participants_project.php @@ -71,63 +71,11 @@ echo mysql_error(); if($_POST['action']=="save") { - if(registrationFormsReceived()) - { - echo error(i18n("Cannot make changes to forms once they have been received by the fair")); - } - else if(registrationDeadlinePassed()) - { - echo error(i18n("Cannot make changes to forms after registration deadline")); - } - else - { - //first, lets make sure this project really does belong to them - $q=mysql_query("SELECT * FROM projects WHERE id='".$_POST['id']."' AND registrations_id='".$_SESSION['registration_id']."' AND conferences_id='".$conference['id']."'"); - if(mysql_num_rows($q)==1) - { - $summarywords=preg_split("/[\s,]+/",$_POST['summary']); - $summarywordcount=count($summarywords); - if($summarywordcount>$config['participant_project_summary_wordmax'] || $summarywordcount<$config['participant_project_summary_wordmin']) - $summarycountok=0; - else - $summarycountok=1; - - if($config['participant_project_title_charmax'] && strlen(stripslashes($_POST['title']))>$config['participant_project_title_charmax']) //0 for no limit, eg 255 database field limit - { - $title=substr(stripslashes($_POST['title']),0,$config['participant_project_title_charmax']); - echo error(i18n("Project title truncated to %1 characters",array($config['participant_project_title_charmax']))); - } - else - $title=stripslashes($_POST['title']); - - if($config['participant_short_title_enable'] == 'yes' - && $config['participant_short_title_charmax'] - && strlen(stripslashes($_POST['shorttitle']))>$config['participant_short_title_charmax']) //0 for no limit, eg 255 database field limit - { - $shorttitle=substr(stripslashes($_POST['shorttitle']),0,$config['participant_short_title_charmax']); - echo error(i18n("Short project title truncated to %1 characters",array($config['participant_short_title_charmax']))); - } - else - $shorttitle=stripslashes($_POST['shorttitle']); - - mysql_query("UPDATE projects SET ". - "title='".mysql_escape_string($title)."', ". - "shorttitle='".mysql_escape_string($shorttitle)."', ". - "projectdivisions_id='".$_POST['projectdivisions_id']."', ". - "language='".mysql_escape_string(stripslashes($_POST['language']))."', ". - "req_table='".mysql_escape_string(stripslashes($_POST['req_table']))."', ". - "req_electricity='".mysql_escape_string(stripslashes($_POST['req_electricity']))."', ". - "req_special='".mysql_escape_string(stripslashes($_POST['req_special']))."', ". - "summary='".mysql_escape_string(stripslashes($_POST['summary']))."', ". - "summarycountok='$summarycountok'". - "WHERE id='".$_POST['id']."'"); - echo mysql_error(); - echo notice(i18n("Project information successfully updated")); - } - else - { - echo error(i18n("Invalid project to update")); - } + $message = saveProjectData($_POST); + if($message == 'success'){ + echo notice(i18n("Project information successfully updated")); + }else{ + echo error($message); } } @@ -208,7 +156,7 @@ function countwords() echo "
\n"; echo "\n"; - echo "id\">\n"; + echo "id\">\n"; echo "\n"; echo "
".i18n("Project Title").": title)."\" />".REQUIREDFIELD; if($config['participant_project_title_charmax']) diff --git a/user.inc.php b/user.inc.php index be8a991..fea2029 100644 --- a/user.inc.php +++ b/user.inc.php @@ -289,7 +289,7 @@ function user_load_by_email($email) } function user_get_role_fields($role){ - global $conference; + global $conference, $config; switch($role){ case 'committee': $fields = array('emailprivate','ord','displayemail'); @@ -305,7 +305,13 @@ function user_get_role_fields($role){ } break; case 'participant': - $fields = array('grade', 'schools_id', 'foodreq', 'tshirt', 'medicalalert', 'dateofbirth'); + $fields = array('grade', 'schools_id', 'foodreq', 'medicalalert', 'registrations_id'); + if($config['participant_student_personal'] == "yes"){ + $fields[] = 'dateofbirth'; + } + if($config['participant_student_tshirt'] == "yes"){ + $fields[] = 'tshirt'; + } break; case 'fair': $fields = array('fairs_id');