diff --git a/account.inc.php b/account.inc.php index 861dee7..9951e94 100644 --- a/account.inc.php +++ b/account.inc.php @@ -135,6 +135,11 @@ function account_create($username,$password=NULL) return -2; } + //if the password is set, make sure its valid, if its null, thats OK, it'll get generated and set by account_set_password + if($password $$ !account_valid_password($password)) { + return -3; + } + /* Create the account */ mysql_query("INSERT INTO accounts (`username`,`created`,`deleted`,`superuser`) VALUES ('$us', NOW(),'no','no')"); @@ -143,8 +148,6 @@ function account_create($username,$password=NULL) $accounts_id = mysql_insert_id(); account_set_password($accounts_id, $password); - account_set_email($accounts_id, $email); - $a = account_load($accounts_id); return $a; diff --git a/api.php b/api.php index c14fa93..3540f57 100644 --- a/api.php +++ b/api.php @@ -38,6 +38,11 @@ $ret=array(); switch($request[0]) { case "conferences": + /* apidoc: conferences/switch + description(switches the active conference) + post(conferences_id integer) + return(conferences_id integer) + */ if($request[1]=="switch") { if($_POST['conferences_id']) { //this makes sure its valid and sets teh session @@ -55,6 +60,10 @@ switch($request[0]) { $ret['error']='conferences_id (integer) is required'; } } + /* apidoc: conferences + description(lists all conferences) + return(conferences array) + */ else { $ret['status']="ok"; $ret['conferences']=array(); @@ -69,6 +78,14 @@ switch($request[0]) { break; case "dates": + /* apidoc: dates + description(list dates for active conference) + return(dates array) + */ + /* apidoc: dates/ + description(list dates for specified conference) + return(dates array) + */ if($request[1]) { $cid=intval($request[1]); } @@ -86,7 +103,51 @@ switch($request[0]) { $ret['dates']=$dates; break; + case "account": + /* apidoc: account/create + description(creates an account) + post(username varchar(64), password varchar(64), email varchar(64) optional) + return(account array) + */ + if($request[1]=="create") { + $user = trim($_POST['username']); + $pass = trim($_POST['password']); + $email = trim($_POST['email']); + if($user && $pass) { + $a=account_create($user,$pass); + if(is_array($a)) { + if($email) + account_set_email($a['id'],$email); + $account=account_load($a['id']); + $ret['status']="ok"; + $ret['account']=$account; + } + else { + $ret['status']="error"; + switch($a) { + case -1: $ret['error']="invalid username"; break; + case -2: $ret['error']="username already exists"; break; + case -3: $ret['error']="invalid password"; break; + default: $ret['error']="unknown account creation error"; break; + } + } + } else { + $ret['status']="error"; + $ret['error']="username (varchar 64) and password (varchar 64) are required "; + } + } + else { + $ret['status']="error"; + $ret['error']="invalid account command"; + } + break; + case "auth": + /* apidoc: auth/login + description(login to an account) + post(username varchar(64), password varchar(64)) + return(account array, roles array, conferences_id integer) + */ if($request[1]=="login") { $user = $_POST['username']; $pass = $_POST['password']; @@ -113,7 +174,11 @@ switch($request[0]) { $ret['roles']=$_SESSION['roles']; } } - if($request[1]=="logout") { + /* apidoc: auth/logout + description(logs out of an account) + return(account array) + */ + else if($request[1]=="logout") { unset($_SESSION['username']); unset($_SESSION['email']); unset($_SESSION['accounts_id']); @@ -123,6 +188,10 @@ switch($request[0]) { unset($_SESSION['name']); $ret['status']="ok"; } + else { + $ret['status']="error"; + $ret['error']="invalid auth command"; + } break; case "testauth":