From 5ec38a7314f76387e2f839053862b348c888a008 Mon Sep 17 00:00:00 2001
From: dave <dave>
Date: Mon, 21 Sep 2009 07:20:49 +0000
Subject: [PATCH] - Server-side award uploading.  Tag registrations, proejcts,
 and students with   a fair_id.  This is ignored for regular operation, but
 now needed to have   multiple students from multiple feeder fairs attached to
 the same award. (so   we know which ones to delete when we update the
 winners)

---
 db/db.code.version.txt |   2 +-
 db/db.update.137.sql   |   3 +
 xmltransport.php       | 189 +++++++++++++++++++++++++++++++++++++++++
 3 files changed, 193 insertions(+), 1 deletion(-)
 create mode 100644 db/db.update.137.sql

diff --git a/db/db.code.version.txt b/db/db.code.version.txt
index 7296f257..065fd3e7 100644
--- a/db/db.code.version.txt
+++ b/db/db.code.version.txt
@@ -1 +1 @@
-136
+137
diff --git a/db/db.update.137.sql b/db/db.update.137.sql
new file mode 100644
index 00000000..8d72b423
--- /dev/null
+++ b/db/db.update.137.sql
@@ -0,0 +1,3 @@
+ALTER TABLE `winners` ADD `fairs_id` INT NOT NULL;
+ALTER TABLE `projects` ADD `fairs_id` INT NOT NULL;
+ALTER TABLE `students` ADD `fairs_id` INT NOT NULL AFTER `schools_id` ;
diff --git a/xmltransport.php b/xmltransport.php
index e6369e3d..7f10274d 100644
--- a/xmltransport.php
+++ b/xmltransport.php
@@ -114,6 +114,194 @@ function handle_getawards(&$u, $fair, &$data, &$response)
 	$response['postback'] = 'http://localhost';
 }
 
+function award_upload_update_school(&$mysql_query, &$school, $school_id = -1)
+{
+
+	/* transport name => mysql name */
+	$school_fields = array( //'schoolname'=>'school',
+				'schoollang'=>'schoollang',
+				'schoollevel'=>'schoollevel',
+				'board'=>'board',
+				'district'=>'district',
+				'phone'=>'phone',
+				'fax'=>'fax',
+				'address'=>'address',
+				'city'=>'city',
+				'province_code'=>'province_code',
+				'postalcode'=>'postalcode',
+				'principal'=>'principal',
+				'schoolemail'=>'schoolemail',
+				'sciencehead'=>'sciencehead',
+				'scienceheademail'=>'scienceheademail',
+				'scienceheadphone'=>'scienceheadphone');
+
+	if($school_id == -1) {
+		$our_school = mysql_fetch_assoc($mysql_query);
+		$sid = $our_school['id'];
+	} else {
+		$sid = $school_id;
+		$our_school = array();
+	}
+	$set = '';
+	foreach($school_fields as $t=>$m) {
+		if($our_school[$m] == $school[$t]) continue;
+		if($set != '') $set.=',';
+		$set .= "`$m`='".mysql_real_escape_string($school[$t])."'";
+	}
+	mysql_query("UPDATE schools SET $set WHERE id='$sid'");
+	return $sid;
+}
+
+function award_upload_school(&$student, &$school, $year)
+{
+
+	$school_name = mysql_real_escape_string($school['schoolname']);
+	$school_city = mysql_real_escape_string($school['city']);
+	$school_phone = mysql_real_escape_string($school['phone']);
+	$school_addr = mysql_real_escape_string($school['address']);
+	$student_city = $student['city'];
+
+	/* Find school by matching name, city, phone, year */
+	$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND phone='$school_phone' AND year='$year'");
+	if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
+
+	/* Find school by matching name, city, address, year */
+	$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND address='$school_addr' AND year='$year'");
+	if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
+
+	/* Find school by matching name, city, year */
+	$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND year='$year'");
+	if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
+
+	/* Find school by matching name, student city, year */
+	$q = mysql_query("SELECT * FROM schools WHERE school='$school_name' AND city='$student_city' AND year='$year'");
+	if(mysql_num_rows($q) == 1) return award_upload_update_school($q, $school);
+
+	/* No? ok, make a new school */
+	mysql_query("INSERT INTO schools(`school`,`year`) VALUES ('".mysql_real_escape_string($school['schoolname'])."','$year')");
+	$school_id = mysql_insert_id();
+	return award_upload_update_school($q, $school, $school_id);
+}
+
+function award_upload_assign(&$fair, &$prize, &$project, $year)
+{
+	/* Copied from admin/award_upload.php, this is the
+	 *  transport name => sql name mapping */
+	$student_fields = array('firstname'=>'firstname',
+				'lastname'=>'lastname',
+				'email'=>'email',
+				'gender'=>'sex',
+				'grade'=>'grade',
+				'language'=>'lang',
+				'birthdate'=>'dateofbirth',
+				'address'=>'address',
+				'city'=>'city',
+				'province'=>'province',
+				'postalcode'=>'postalcode',
+				'phone'=>'phone',
+				'teachername'=>'teachername',
+				'teacheremail'=>'teacheremail');
+
+	/* See if this project already exists */
+	$pn = mysql_real_escape_string($project['projectnumber']);
+	$q = mysql_query("SELECT * FROM projects WHERE projectnumber='$pn' AND fairs_id='{$fair['id']}' AND year='$year'");
+	echo mysql_error();
+	if(mysql_num_rows($q) == 1) {
+		$our_project = mysql_fetch_assoc($q);
+		echo "Found existing project";
+		$registrations_id = $our_project['registrations_id'];
+		$pid = $our_project['id'];
+	} else {
+		/* Create a registration */
+		$regnum=0;
+		//now create the new registration record, and assign a random/unique registration number to then.
+		do {
+			//random number between
+			//100000 and 999999  (six digit integer)
+			$regnum=rand(100000,999999);
+			$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=$year");
+			echo mysql_error();
+		}while(mysql_num_rows($q)>0);
+
+		//actually insert it
+		mysql_query("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
+				"'$regnum','$regnum',NOW(),'new',NULL,'$year')");
+		$registrations_id = mysql_insert_id();
+		/* We'll fill in the email address later */
+
+		/* Add the project */
+		mysql_query("INSERT INTO projects (`registrations_id`,`projectnumber`,`year`,`fairs_id`)
+				VALUES('$registrations_id',
+					'".mysql_real_escape_string($project['projectnumber'])."',
+					'$year', '{$fair['id']}');");
+		$pid = mysql_insert_id();
+	}
+	/* Update the project in case anythign changed */
+	mysql_query("UPDATE projects SET title='".mysql_real_escape_string($project['title'])."',
+					summary='".mysql_real_escape_string($project['abstract'])."'
+				WHERE id='$pid'");
+
+	/* Delete the students attached to this project */
+	mysql_query("DELETE FROM students WHERE registrations_id='$registrations_id'");
+
+	/* Add new */
+	foreach($project['students'] as &$student) {
+
+		$schools_id = award_upload_school($student, $student['school'], $year);
+
+		$keys = ",`".join("`,`", array_values($student_fields))."`";
+		$values = "";
+		foreach($student_fields as $k=>$v) 
+			$values .= ",'".mysql_real_escape_string($student[$k])."'";
+		/* Note lack of comma before $keys, we added it above for both keys and values */
+		mysql_query("INSERT INTO students (`registrations_id`,`fairs_id`, `schools_id` $keys)
+				VALUES('$registrations_id','{$fair['id']}','$schools_id' $values )");
+	}
+
+}
+
+function handle_award_upload(&$u, &$fair, &$data, &$response)
+{
+
+	$external_identifier = $data['award_upload']['external_identifier'];
+	$year = intval($data['award_upload']['year']);
+	$prizes = $data['award_upload']['prizes'];
+
+	/* Find the award */
+	$eid = mysql_real_escape_string($external_identifier);
+
+	$q = mysql_query("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
+	if(mysql_num_rows($q) != 1) {
+		$response['message'] = "Unknown award identifier '$eid'";
+		$response['error'] = 1;
+		return;
+	}
+	$award = mysql_fetch_assoc($q);
+	$aaid = $award['id'];
+
+	/* Load prizes, we fetched the right award by year, so we don't need to 
+	 * check the year as long as we query by aaid */
+	$prizes = array();
+	$q = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='$aaid'");
+	while($prize = mysql_fetch_assoc($q)) {
+		/* Clean out existing winners for this prize */
+		mysql_query("DELETE FROM winners WHERE 
+				award_prize_id='{$prize['id']}' 
+				AND fairs_id='{$fair['id']}'");
+
+		/* Assign projects to this prize */
+		$ul_p =& $data['award_upload']['prizes'][$prize['prize']];
+		if(!is_array($ul_p['projects'])) continue;
+
+		foreach($ul_p['projects'] as &$project) {
+			award_upload_assign($fair, $prize, $project, $year);
+		}
+	}
+
+	$response['message'] = 'Award winners saved';
+	$response['error'] = 0;
+}
+
 
  /* magic quotes DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, on by default *
   * for any PHP < 5.3.0.  Pain in the ASS.  php is running the urldecode for us,
@@ -170,6 +358,7 @@ function handle_getawards(&$u, $fair, &$data, &$response)
  if(array_key_exists('getstats', $data)) handle_getstats($u,$fair, $data, $response);
  if(array_key_exists('stats', $data)) handle_stats($u,$fair, $data, $response);
  if(array_key_exists('getawards', $data)) handle_getawards($u,$fair,$data, $response);
+ if(array_key_exists('award_upload', $data)) handle_award_upload($u,$fair,$data, $response);
 
  echo urlencode(json_encode($response));
 // echo "Success!<br />";