forked from science-ation/science-ation
Added API function for modifying account information
This commit is contained in:
jacob
parent
d0d3c7b7c4
commit
4f35702bbf
@ -377,4 +377,95 @@ function account_remove_role($accounts_id, $roles_id, $conferences_id){
|
||||
return 'ok';
|
||||
}
|
||||
|
||||
// A function for handling updates of any fields that can be modified through an API call.
|
||||
// returns 'ok' on success, error message otherwise.
|
||||
function account_update_info($fields){
|
||||
if(array_key_exists('accounts_id', $_SESSION)){
|
||||
$accounts_id = $_SESSION['accounts_id'];
|
||||
}else{
|
||||
return 'you must be logged in to change your account settings';
|
||||
}
|
||||
|
||||
if(!is_array($fields)) return 'account_update_info expects an array';
|
||||
$message = 'ok';
|
||||
$updates = array();
|
||||
foreach($fields as $index => $value){
|
||||
switch($index){
|
||||
case 'username':
|
||||
if(account_valid_user($value)){
|
||||
$u = mysql_real_escape_string($value);
|
||||
$q = mysql_query("SELECT id FROM accounts WHERE username = '$u' AND deleted = 'no' AND id != $accounts_id");
|
||||
if(mysql_num_rows($q) != 0){
|
||||
$message = "username already in use";
|
||||
}else{
|
||||
$updates[$index] = $value;
|
||||
}
|
||||
}else{
|
||||
$message = "invalid username";
|
||||
}
|
||||
break;
|
||||
|
||||
case 'password':
|
||||
$q = mysql_query("SELECT password FROM accounts WHERE id='$accounts_id' AND password='" . mysql_real_escape_string($value) . "'");
|
||||
if(mysql_num_rows($q)){
|
||||
// ignore this parameter. The password has not changed
|
||||
}else if(!account_valid_password($value)){
|
||||
$message = "invalid password";
|
||||
}else{
|
||||
$updates[$index] = $value;
|
||||
}
|
||||
break;
|
||||
|
||||
case 'link_username_to_email':
|
||||
if(in_array($value, array('yes', 'no'))){
|
||||
$updates[$index] = $value;
|
||||
}else{
|
||||
$message = '"link_username_to_email" must be either a "yes" or "no" value';
|
||||
}
|
||||
break;
|
||||
|
||||
case 'email':
|
||||
if(isEmailAddress($value)){
|
||||
$updates[$index] = $value;
|
||||
}else{
|
||||
$message = 'invalid e-mail address';
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
$message = 'invalid field name';
|
||||
}
|
||||
}
|
||||
|
||||
if($message != 'ok'){
|
||||
return $message;
|
||||
}
|
||||
|
||||
// the data's all been validated, so we can continue with the actual update.
|
||||
// doing it separately from the above loop to ensure that it's an all-or nothing update;
|
||||
// none of it will happen if any one part is erroneous.
|
||||
foreach($updates as $index => $value){
|
||||
switch($index){
|
||||
case 'username':
|
||||
$username = mysql_real_escape_string($value);
|
||||
mysql_query("UPDATE accounts SET username = '$username' WHERE id = $accounts_id");
|
||||
break;
|
||||
|
||||
case 'password':
|
||||
account_set_password($accounts_id, mysql_real_escape_string($value));
|
||||
break;
|
||||
|
||||
case 'link_username_to_email':
|
||||
mysql_query("UPDATE accounts SET link_username_to_email = '$value' WHERE id = $accounts_id");
|
||||
break;
|
||||
|
||||
case 'email':
|
||||
account_set_email($accounts_id, $value);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return $message;
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
54
api.php
54
api.php
@ -32,7 +32,6 @@ if($_SERVER['HTTPS']!="on") {
|
||||
echo json_encode($ret);
|
||||
exit;
|
||||
}
|
||||
|
||||
$request=explode("/",$_GET['request']);
|
||||
$ret=array();
|
||||
|
||||
@ -293,6 +292,47 @@ switch($request[0]) {
|
||||
$ret['error']="You are not logged in";
|
||||
}
|
||||
break;
|
||||
|
||||
/* APIDOC: account/edit
|
||||
notimplemented
|
||||
description(edits an account)
|
||||
post(account array)
|
||||
return(account array)
|
||||
*/
|
||||
case 'edit':
|
||||
if(isset($_SESSION['accounts_id'])) {
|
||||
|
||||
// grab the relevant keys from $_POST
|
||||
$params = array();
|
||||
foreach($_POST as $key => $value){
|
||||
if(in_array($key, array('username', 'password', 'email', 'link_username_to_email'))){
|
||||
$params[$key] = $_POST[$key];
|
||||
}
|
||||
}
|
||||
|
||||
if(count($params) > 0){
|
||||
$result = account_update_info($params);
|
||||
if($result == 'ok'){
|
||||
$a = account_load($_SESSION['accounts_id']);
|
||||
$ret['status'] = 'ok';
|
||||
$ret['account'] = $a;
|
||||
}else{
|
||||
|
||||
$ret['status'] = "error";
|
||||
$ret['error'] = $result;
|
||||
}
|
||||
}else{
|
||||
$ret['status'] = "error";
|
||||
$ret['error'] = "No field values passed";
|
||||
}
|
||||
|
||||
}else{
|
||||
$ret['status']="error";
|
||||
$ret['error']="You are not logged in";
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
default:
|
||||
$ret['status']="error";
|
||||
$ret['error']="invalid account command";
|
||||
@ -536,7 +576,7 @@ switch($request[0]) {
|
||||
break;
|
||||
|
||||
/* APIDOC: user/connect_to_school
|
||||
description(connects the current users teacher role to the specified school using the school's access code)
|
||||
description(connects the current user to the specified school using the school's access code)
|
||||
post(schools_id integer, accesscode varchar(16))
|
||||
return(school array)
|
||||
*/
|
||||
@ -715,14 +755,4 @@ switch($request[0]) {
|
||||
|
||||
}
|
||||
echo json_encode($ret);
|
||||
|
||||
|
||||
/* APIDOC: account/edit
|
||||
notimplemented
|
||||
description(edits an account)
|
||||
post(account array)
|
||||
return(account array)
|
||||
*/
|
||||
|
||||
|
||||
?>
|
||||
|
||||
@ -833,7 +833,7 @@ function get_special_awards($conferenceId){
|
||||
function get_schools($conferenceId){
|
||||
$data = array();
|
||||
$returnval = array();
|
||||
$q = mysql_query("SELECT MAX(id) AS id,school,city FROM schools GROUP BY school, city");
|
||||
$q = mysql_query("SELECT MAX(id) AS id, school, city FROM schools GROUP BY school, city");
|
||||
while($record = mysql_fetch_assoc($q)) $data[] = $record;
|
||||
$prevRecord = null;
|
||||
for($n = 0; $n < count($data); $n++){
|
||||
|
||||
47
testapi.php
47
testapi.php
@ -24,7 +24,38 @@ include "common.inc.php";
|
||||
$('#rolediv_2').prepend(selector[1]);
|
||||
});
|
||||
});
|
||||
|
||||
function submitAccountUpdate(){
|
||||
// using this to avoid passing blank values to the account update API
|
||||
var submitDat = {}, field, value, n, hasvals = false;
|
||||
for(n = 0; n < 4; n++){
|
||||
switch(n){
|
||||
case 0: field = 'username'; value = $('#username').val(); break;
|
||||
case 1: field = 'password'; value = $('#password').val(); break;
|
||||
case 2: field = 'email'; value = $('#email').val(); break;
|
||||
case 3: field = 'link_username_to_email'; value = $('[name=' + field + ']:checked').val(); break;
|
||||
}
|
||||
if(value != undefined && value != ''){
|
||||
eval('submitDat.' + field + ' = value;');
|
||||
hasvals = true;
|
||||
}
|
||||
}
|
||||
if(hasvals){
|
||||
$.post('api/account/edit', submitDat,
|
||||
function(result){
|
||||
alert(result);
|
||||
}
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
function dateListForConference() {
|
||||
var o=document.getElementById('conferences_id');
|
||||
window.location.href='api/dates/'+o.value;
|
||||
return false;
|
||||
}
|
||||
</script>
|
||||
|
||||
</head>
|
||||
<body>
|
||||
|
||||
@ -48,14 +79,6 @@ Switch Conference
|
||||
<input type="text" size=2 name="conferences_id">
|
||||
<input type="submit" value="Switch Conference">
|
||||
</form>
|
||||
<script type="text/javascript">
|
||||
function dateListForConference() {
|
||||
var o=document.getElementById('conferences_id');
|
||||
window.location.href='api/dates/'+o.value;
|
||||
return false;
|
||||
}
|
||||
</script>
|
||||
|
||||
<a href="api/dates">Dates List (current conference)</a><br />
|
||||
<form method="post" onsubmit="return dateListForConference()">
|
||||
Date List
|
||||
@ -63,6 +86,14 @@ Date List
|
||||
<input type="submit" value="Conference Date List">
|
||||
</form>
|
||||
|
||||
<h1>Account Settings</h1>
|
||||
<strong>Edit account information</strong>
|
||||
Username: <input type="text" id="username"></input><br/>
|
||||
Password: <input type="text" id="password"></input><br/>
|
||||
email: <input type="text" id="email"></input><br/>
|
||||
Link username to email? <input type="radio" name="link_username_to_email" value="yes"></input>Yes <input type="radio" name="link_username_to_email" value="no"></input>No<br/>
|
||||
<button onclick = "submitAccountUpdate(); return false;">Update account information</button>
|
||||
|
||||
<h1>Teacher Specific Commands</h1>
|
||||
<a href="api/scienceolympics/teams/list">Science Olympic Teams List</a><br />
|
||||
|
||||
|
||||
@ -235,6 +235,9 @@ function user_load($users_id, $accounts_id = false)
|
||||
unset($u['orig']);
|
||||
/*
|
||||
echo "<pre>";
|
||||
echo "The user fields:\n";
|
||||
print_r($fieldDat);
|
||||
echo "\nThe user object:\n";
|
||||
print_r($u);
|
||||
echo "</pre>";
|
||||
*/
|
||||
@ -944,7 +947,7 @@ function user_add_role_allowed(&$u, $role)
|
||||
function user_set_school($u, $schoolId, $schoolCode){
|
||||
$returnval = false;
|
||||
// make sure the id and code match
|
||||
$tally = mysql_result(mysql_query("SELECT COUNT(*) FROM schools WHERE id = $schoolId AND accesscode = '$schoolCode'"), 0);
|
||||
$tally = mysql_result(mysql_query("SELECT COUNT(*) FROM schools WHERE id = '$schoolId' AND accesscode = '$schoolCode'"), 0);
|
||||
if($tally == 1){
|
||||
if(mysql_query("UPDATE users SET schools_id = $schoolId WHERE id = " . $u['id'])){
|
||||
$u['schools_id'] = $schoolId;
|
||||
|
||||
@ -74,7 +74,7 @@ $translations = array(
|
||||
eval(response);
|
||||
if(schoolInfo != null){
|
||||
$('#infobox').html(schoolInfo);
|
||||
$('#infobox').css({'border':'solid'});
|
||||
$('#infobox').css({'border':'solid', 'border-width':'1px'});
|
||||
$('#instructions').html("<?=$translations['if_incorrect'];?>");
|
||||
}else{
|
||||
$('#instructions').html("<?=$translations['incorrect'];?>");
|
||||
|
||||
Loading…
Reference in New Issue
Block a user