dd api for managing science olympics teams

This commit is contained in:
james 2010-08-31 20:50:11 +00:00
parent de564f3c55
commit d01a3088b7
3 changed files with 96 additions and 25 deletions

65
api.php
View File

@ -98,6 +98,8 @@ switch($request[0]) {
unset($_SESSION['accounts_id']); unset($_SESSION['accounts_id']);
unset($_SESSION['superuser']); unset($_SESSION['superuser']);
unset($_SESSION['roles']); unset($_SESSION['roles']);
unset($_SESSION['users_id']);
unset($_SESSION['name']);
$ret['status']="ok"; $ret['status']="ok";
} }
break; break;
@ -119,13 +121,26 @@ switch($request[0]) {
} }
break; break;
case "so": case "scienceolympics":
api_user_auth_required('teacher'); $chk=api_user_auth_required('teacher');
if($chk['status']!="ok") {
$ret['status']="error";
$ret['error']=$chk['error'];
break;
}
$u=user_load($_SESSION['users_id']);
if(!$u['schools_id']) {
$ret['status']="error";
$ret['error']='Your teacher account is not attached to any school';
break;
}
$school_id=$u['schools_id'];
require_once("so_teams.inc.php");
switch($request[1]) { switch($request[1]) {
case "teams": case "teams":
switch($request[2]) { switch($request[2]) {
case "list": case "list":
$u=user_load($_SESSION['users_id']);
$q=mysql_query("SELECT id,name FROM so_teams WHERE schools_id='{$u['schools_id']}' AND conferences_id='{$conference['id']}'"); $q=mysql_query("SELECT id,name FROM so_teams WHERE schools_id='{$u['schools_id']}' AND conferences_id='{$conference['id']}'");
$ret['status']='ok'; $ret['status']='ok';
$teams=array(); $teams=array();
@ -135,27 +150,59 @@ switch($request[0]) {
$ret['teams']=$teams; $ret['teams']=$teams;
break; break;
case "add": case "add":
if($_POST['teamname']) {
if(so_team_add($school_id,$conference['id'],$_POST['teamname'])) {
$ret['status']="ok";
}
else {
$ret['status']='error'; $ret['status']='error';
$ret['error']='not implemented yet'; $ret['error']='could not add team';
}
} else {
$ret['status']='error';
$ret['error']='teamname (varchar 64) is required';
}
break; break;
case "edit": case "edit":
if($_POST['id'] && $_POST['teamname']) {
if(so_team_edit($school_id,$_POST['id'],$_POST['teamname'])) {
$ret['status']="ok";
}
else {
$ret['status']='error'; $ret['status']='error';
$ret['error']='not implemented yet'; $ret['error']='could not edit team';
}
}
else {
$ret['status']='error';
$ret['error']='id (integer), teamname (varchar 64) are required';
}
break; break;
case "remove"; case "delete";
if($_POST['id']) {
if(so_team_delete($school_id,$_POST['id'])) {
$ret['status']="ok";
}
else {
$ret['status']='error'; $ret['status']='error';
$ret['error']='not implemented yet'; $ret['error']='could not delete team';
}
} else {
$ret['status']='error';
$ret['error']='id (integer) is required';
}
break; break;
default: default:
$ret['status']="error"; $ret['status']="error";
$ret['error']="invalid so/teams command ({$request[2]})"; $ret['error']="invalid scienceolympics/teams command ({$request[2]})";
break; break;
} }
break; break;
default: default:
$ret['status']="error"; $ret['status']="error";
$ret['error']="invalid so command ({$request[1]})"; $ret['error']="invalid scienceolympics command ({$request[1]})";
break; break;
} }
break; break;

View File

@ -1,17 +1,18 @@
<?php <?php
require_once('common.inc.php'); require_once('common.inc.php');
require_once('user.inc.php'); require_once('user.inc.php');
require_once("so_teams.inc.php");
if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'] && $conference['type'] == 'scienceolympics'){ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'] && $conference['type'] == 'scienceolympics'){
switch($_GET['action']){ switch($_GET['action']){
case 'saveNew': case 'saveNew':
$teamName = mysql_real_escape_string($_POST['teamname']); $teamName = mysql_real_escape_string($_POST['teamname']);
$query = 'INSERT INTO so_teams (schools_id, conferences_id, name) VALUES (' . $_SESSION['schoolid'] . ', ' . $conference['id'] . ', "' . $teamName . '")'; $success = so_team_add($_SESSION['schoolid'], $conference['id'], $teamName);
$success = mysql_query($query);
draw_page(); draw_page();
break; break;
case 'save': case 'save':
$success = false; $success = false;
$teamId = mysql_real_escape_string($_POST['teamId']); $teamId = intval($_POST['teamId']);
$teamName = mysql_real_escape_string($_POST['teamname']); $teamName = mysql_real_escape_string($_POST['teamname']);
// a quick check to make sure the team being updated does indeed belong // a quick check to make sure the team being updated does indeed belong
// to this school // to this school
@ -20,10 +21,7 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'] && $conference['type']
if($testResults['tally'] == 1){ if($testResults['tally'] == 1){
// ok, the team belongs to the school that this session belongs to. We can // ok, the team belongs to the school that this session belongs to. We can
// can go ahead and save the changes. // can go ahead and save the changes.
$query = 'UPDATE so_teams SET name="' . $teamName . '" '; $success=so_team_edit($_SESSION['schoolid'],$teamId,$teamName);
$query .= 'WHERE schools_id=' . $_SESSION['schoolid'] . ' ';
$query .= 'AND id=' . $teamId;
$success = mysql_query($query);
} }
if($success){ if($success){
happy_("Team successfully updated"); happy_("Team successfully updated");
@ -44,12 +42,7 @@ if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'] && $conference['type']
if($testResults['tally'] == 1){ if($testResults['tally'] == 1){
// ok, the team belongs to the school that this session belongs to. We can // ok, the team belongs to the school that this session belongs to. We can
// can go ahead and save the changes. // can go ahead and save the changes.
$query = 'DELETE FROM so_teams '; $success=so_team_delete($_SESSION['schoolid'],$teamId);
$query .= 'WHERE schools_id=' . $_SESSION['schoolid'] . ' ';
$query .= 'AND id=' . $teamId;
if(mysql_query($query)){
$success = true;
}
} }
if($success){ if($success){
happy_("Team successfully deleted"); happy_("Team successfully deleted");

31
so_teams.inc.php Normal file
View File

@ -0,0 +1,31 @@
<?
function so_team_add($schools_id, $conferences_id, $name) {
$schools_id=intval($schools_id);
$query = "INSERT INTO so_teams (schools_id, conferences_id, name) VALUES (
".$schools_id.",
".$conference['id'].",
".mysql_real_escape_string($name)."'";
return mysql_query($query);
}
function so_team_edit($schools_id, $team_id, $name) {
$schools_id=intval($schools_id);
$team_id=intval($team_id);
$query = "UPDATE so_teams SET name='".mysql_real_escape_string($name)."'
WHERE schools_id='".$schools_id."'
AND id='".$team_id."'";
return mysql_query($query);
}
function so_team_delete($schools_id,$team_id) {
$schools_id=intval($schools_id);
$team_id=intval($team_id);
$query = "DELETE FROM so_teams WHERE schools_id='".$schools_id."'. AND id=".$team_id."'";
return mysql_query($query);
}
?>