diff --git a/account.inc.php b/account.inc.php
index 94180e4..126eecd 100644
--- a/account.inc.php
+++ b/account.inc.php
@@ -377,4 +377,95 @@ function account_remove_role($accounts_id, $roles_id, $conferences_id){
return 'ok';
}
+// A function for handling updates of any fields that can be modified through an API call.
+// returns 'ok' on success, error message otherwise.
+function account_update_info($fields){
+ if(array_key_exists('accounts_id', $_SESSION)){
+ $accounts_id = $_SESSION['accounts_id'];
+ }else{
+ return 'you must be logged in to change your account settings';
+ }
+
+ if(!is_array($fields)) return 'account_update_info expects an array';
+ $message = 'ok';
+ $updates = array();
+ foreach($fields as $index => $value){
+ switch($index){
+ case 'username':
+ if(account_valid_user($value)){
+ $u = mysql_real_escape_string($value);
+ $q = mysql_query("SELECT id FROM accounts WHERE username = '$u' AND deleted = 'no' AND id != $accounts_id");
+ if(mysql_num_rows($q) != 0){
+ $message = "username already in use";
+ }else{
+ $updates[$index] = $value;
+ }
+ }else{
+ $message = "invalid username";
+ }
+ break;
+
+ case 'password':
+ $q = mysql_query("SELECT password FROM accounts WHERE id='$accounts_id' AND password='" . mysql_real_escape_string($value) . "'");
+ if(mysql_num_rows($q)){
+ // ignore this parameter. The password has not changed
+ }else if(!account_valid_password($value)){
+ $message = "invalid password";
+ }else{
+ $updates[$index] = $value;
+ }
+ break;
+
+ case 'link_username_to_email':
+ if(in_array($value, array('yes', 'no'))){
+ $updates[$index] = $value;
+ }else{
+ $message = '"link_username_to_email" must be either a "yes" or "no" value';
+ }
+ break;
+
+ case 'email':
+ if(isEmailAddress($value)){
+ $updates[$index] = $value;
+ }else{
+ $message = 'invalid e-mail address';
+ }
+ break;
+
+ default:
+ $message = 'invalid field name';
+ }
+ }
+
+ if($message != 'ok'){
+ return $message;
+ }
+
+ // the data's all been validated, so we can continue with the actual update.
+ // doing it separately from the above loop to ensure that it's an all-or nothing update;
+ // none of it will happen if any one part is erroneous.
+ foreach($updates as $index => $value){
+ switch($index){
+ case 'username':
+ $username = mysql_real_escape_string($value);
+ mysql_query("UPDATE accounts SET username = '$username' WHERE id = $accounts_id");
+ break;
+
+ case 'password':
+ account_set_password($accounts_id, mysql_real_escape_string($value));
+ break;
+
+ case 'link_username_to_email':
+ mysql_query("UPDATE accounts SET link_username_to_email = '$value' WHERE id = $accounts_id");
+ break;
+
+ case 'email':
+ account_set_email($accounts_id, $value);
+ break;
+ }
+ }
+
+ return $message;
+}
+
?>
diff --git a/api.php b/api.php
index 32f8f65..e20a4b2 100644
--- a/api.php
+++ b/api.php
@@ -32,7 +32,6 @@ if($_SERVER['HTTPS']!="on") {
echo json_encode($ret);
exit;
}
-
$request=explode("/",$_GET['request']);
$ret=array();
@@ -293,6 +292,47 @@ switch($request[0]) {
$ret['error']="You are not logged in";
}
break;
+
+ /* APIDOC: account/edit
+ notimplemented
+ description(edits an account)
+ post(account array)
+ return(account array)
+ */
+ case 'edit':
+ if(isset($_SESSION['accounts_id'])) {
+
+ // grab the relevant keys from $_POST
+ $params = array();
+ foreach($_POST as $key => $value){
+ if(in_array($key, array('username', 'password', 'email', 'link_username_to_email'))){
+ $params[$key] = $_POST[$key];
+ }
+ }
+
+ if(count($params) > 0){
+ $result = account_update_info($params);
+ if($result == 'ok'){
+ $a = account_load($_SESSION['accounts_id']);
+ $ret['status'] = 'ok';
+ $ret['account'] = $a;
+ }else{
+
+ $ret['status'] = "error";
+ $ret['error'] = $result;
+ }
+ }else{
+ $ret['status'] = "error";
+ $ret['error'] = "No field values passed";
+ }
+
+ }else{
+ $ret['status']="error";
+ $ret['error']="You are not logged in";
+ }
+
+ break;
+
default:
$ret['status']="error";
$ret['error']="invalid account command";
@@ -536,7 +576,7 @@ switch($request[0]) {
break;
/* APIDOC: user/connect_to_school
- description(connects the current users teacher role to the specified school using the school's access code)
+ description(connects the current user to the specified school using the school's access code)
post(schools_id integer, accesscode varchar(16))
return(school array)
*/
@@ -715,14 +755,4 @@ switch($request[0]) {
}
echo json_encode($ret);
-
-
- /* APIDOC: account/edit
- notimplemented
- description(edits an account)
- post(account array)
- return(account array)
- */
-
-
?>
diff --git a/common.inc.functions.php b/common.inc.functions.php
index 48a0c38..d314e29 100644
--- a/common.inc.functions.php
+++ b/common.inc.functions.php
@@ -833,7 +833,7 @@ function get_special_awards($conferenceId){
function get_schools($conferenceId){
$data = array();
$returnval = array();
- $q = mysql_query("SELECT MAX(id) AS id,school,city FROM schools GROUP BY school, city");
+ $q = mysql_query("SELECT MAX(id) AS id, school, city FROM schools GROUP BY school, city");
while($record = mysql_fetch_assoc($q)) $data[] = $record;
$prevRecord = null;
for($n = 0; $n < count($data); $n++){
diff --git a/testapi.php b/testapi.php
index c284970..fdb8655 100644
--- a/testapi.php
+++ b/testapi.php
@@ -24,7 +24,38 @@ include "common.inc.php";
$('#rolediv_2').prepend(selector[1]);
});
});
+
+ function submitAccountUpdate(){
+ // using this to avoid passing blank values to the account update API
+ var submitDat = {}, field, value, n, hasvals = false;
+ for(n = 0; n < 4; n++){
+ switch(n){
+ case 0: field = 'username'; value = $('#username').val(); break;
+ case 1: field = 'password'; value = $('#password').val(); break;
+ case 2: field = 'email'; value = $('#email').val(); break;
+ case 3: field = 'link_username_to_email'; value = $('[name=' + field + ']:checked').val(); break;
+ }
+ if(value != undefined && value != ''){
+ eval('submitDat.' + field + ' = value;');
+ hasvals = true;
+ }
+ }
+ if(hasvals){
+ $.post('api/account/edit', submitDat,
+ function(result){
+ alert(result);
+ }
+ );
+ }
+ }
+
+ function dateListForConference() {
+ var o=document.getElementById('conferences_id');
+ window.location.href='api/dates/'+o.value;
+ return false;
+ }
+
@@ -48,14 +79,6 @@ Switch Conference
-
-
Dates List (current conference)
+Account Settings
+Edit account information
+Username:
+Password:
+email:
+Link username to email? Yes No
+
+
Teacher Specific Commands
Science Olympic Teams List
diff --git a/user.inc.php b/user.inc.php
index fa9d206..43898b4 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -235,6 +235,9 @@ function user_load($users_id, $accounts_id = false)
unset($u['orig']);
/*
echo "";
+echo "The user fields:\n";
+print_r($fieldDat);
+echo "\nThe user object:\n";
print_r($u);
echo "
";
*/
@@ -944,7 +947,7 @@ function user_add_role_allowed(&$u, $role)
function user_set_school($u, $schoolId, $schoolCode){
$returnval = false;
// make sure the id and code match
- $tally = mysql_result(mysql_query("SELECT COUNT(*) FROM schools WHERE id = $schoolId AND accesscode = '$schoolCode'"), 0);
+ $tally = mysql_result(mysql_query("SELECT COUNT(*) FROM schools WHERE id = '$schoolId' AND accesscode = '$schoolCode'"), 0);
if($tally == 1){
if(mysql_query("UPDATE users SET schools_id = $schoolId WHERE id = " . $u['id'])){
$u['schools_id'] = $schoolId;
diff --git a/user_school.php b/user_school.php
index 8c431a8..77431d4 100644
--- a/user_school.php
+++ b/user_school.php
@@ -74,7 +74,7 @@ $translations = array(
eval(response);
if(schoolInfo != null){
$('#infobox').html(schoolInfo);
- $('#infobox').css({'border':'solid'});
+ $('#infobox').css({'border':'solid', 'border-width':'1px'});
$('#instructions').html("");
}else{
$('#instructions').html("");