Separated the functionality of school selection from the pages, implemented it in the API

api.php

@@ -26,14 +26,13 @@ include "common.inc.php";
 require_once("account.inc.php");
 require_once("user.inc.php");
 require_once("schedule.inc.php");
-/* FIXME!!! Unremark before committing
 if($_SERVER['HTTPS']!="on") {
 	$ret['status']="error";
 	$ret['error']="SSL is required for API access, please access the API over https";
 	echo json_encode($ret);
 	exit;
 }
-*/
+
 $request=explode("/",$_GET['request']);
 $ret=array();
 
@@ -500,11 +499,11 @@ switch($request[0]) {
 				}
 			break;
 
-		/*	APIDOC: user/edit
+			/*	APIDOC: user/edit
-			description(edit user information for current conference)
+				description(edit user information for current conference)
-			post(user array)
+				post(user array)
-			return(user array)
+				return(user array)
-		*/
+			*/
 			case "edit":
 				if($origu=user_load($_SESSION['users_id'])) {
 					$u=json_decode($_POST['user']);
@@ -535,6 +534,30 @@ switch($request[0]) {
 					$ret['error']="Error loading user in order to edit";
 				}
 			break;
+
+			/*	APIDOC: user/connect_to_school
+				description(connects the current users teacher role to the specified school using the school's access code)
+				post(schools_id integer, accesscode varchar(16))
+				return(school array)
+			*/
+			case 'connect_to_school':
+				if($u = user_load($_SESSION['users_id'])) {
+					$schoolId = mysql_real_escape_string($_POST['schools_id']);
+					$accesscode = mysql_real_escape_string($_POST['accesscode']);
+					if(user_set_school($u, $schoolId, $accesscode)){
+						$ret['status'] = "ok";
+						$ret['school'] = mysql_fetch_assoc(mysql_query("SELECT school, phone, fax, address, city, province_code AS province, postalcode FROM schools WHERE id = $schoolId"));
+					}else{
+						$ret['status'] = "error";
+						$ret['error'] = "Error matching schools_id and accesscode";
+					}
+				}else{
+					$ret['status'] = "error";
+					$ret['error'] = "Error loading user";
+				}
+	
+				
+			break;
 		}
 
 	break;
@@ -674,6 +697,18 @@ switch($request[0]) {
 		}
 	break;
 
+	case 'school':
+		switch($request[1]){
+			/*	APIDOC: school/list
+				description(list schools)
+				return(schools array)
+			*/
+			case 'list':
+				$ret['schools'] = get_schools($conference['id']);
+				$ret['status'] = 'ok';
+			break;
+		}
+
 	default:
 		$ret['status']="error";
 		$ret['error']="invalid API command ({$request[0]})";
@@ -681,11 +716,6 @@ switch($request[0]) {
 }
 echo json_encode($ret);
 
-		/*	APIDOC: school/list
-			notimplemented
-			description(list schools)
-			return(schools array)
-		*/
 
 		/*	APIDOC: account/edit
 			notimplemented
@@ -694,11 +724,5 @@ echo json_encode($ret);
 			return(account array)
 		*/
 
-		/*	APIDOC: user/connect_teacher_to_school
-			notimplemented
-			description(connects the current users teacher role to the specified school usign the schools access code)
-			post(schools_id integer, accesscode varchar(16))
-			return(school array)
-		*/
 
 ?>

common.inc.functions.php

@@ -808,7 +808,6 @@ function get_timeslots($conferenceId){
 }
 
 // a convenience function for getting the special awards that are relevant to the specified conference.
-// separated because it's used in a couple of spots
 function get_special_awards($conferenceId){
 	$returnval = array();
 	$q = mysql_query("SELECT award_awards.id,
@@ -830,3 +829,23 @@ function get_special_awards($conferenceId){
 	return $returnval;
 }
 
+// a convenience function for getting a list of schools that are relevant to the specified conference
+function get_schools($conferenceId){
+	$data = array();
+	$returnval = array();
+	$q = mysql_query("SELECT MAX(id) AS id,school,city FROM schools GROUP BY school, city");
+	while($record = mysql_fetch_assoc($q)) $data[] = $record;
+	$prevRecord = null;
+	for($n = 0; $n < count($data); $n++){
+		$record = $data[$n];
+		$title = $data[$n]['school'];
+		if(array_key_exists($n + 1, $data) && $data[$n + 1]['school'] == $title){
+			$title .= " ({$record['city']})";
+		}else if($prevRecord != null && $prevRecord['school'] == $title){
+			$title .= " ({$record['city']})";
+		}
+		$returnval[$record['id']] = $title;
+		$prevRecord = $record;
+	}
+	return $returnval;
+}

testapi.php

@@ -128,6 +128,17 @@ foreach($roles AS $role=>$r) {
 }?>
 <input type="submit" value="List Registration Fields for Selected Roles">
 </form>
+
+<h1>Schools</h1>
+<a href="api/school/list">School Listing</a><br/>
+
+<form method="post" action="api/user/connect_to_school">
+<input type="text" size=4 name="schools_id">
+<input type="text" size=6 name="accesscode">
+<input type="submit" value="Set user's school">
+</form>
+
+
 <h1>Session Variables</h1>
 <?
 echo json_encode($_SESSION);

user.inc.php

@@ -284,7 +284,10 @@ function user_get_role_fields($role){
 			$fields = array('sponsors_id','primary','position','notes');
 			break;
 		case 'teacher':
-			$fields = array();
+			$fields = array('schools_id');
+			break;
+		case 'principal':
+			$fields = array('schools_id');
 			break;
 		case 'volunteer':
 			$fields = array('languages');
@@ -599,7 +602,7 @@ function user_save(&$u)
 					'willing_chair','special_award_only',
 					'cat_prefs','div_prefs','divsub_prefs',
 					'expertise_other','languages', 'highest_psd');
-	$fields_for_role['student'] = array('schools_id');
+//	$fields_for_role['student'] = array('schools_id');
 	$fields_for_role['fair'] = array('fairs_id');
 	$fields_for_role['sponsor'] = array('sponsors_id','primary','position');
 	$fields_for_role['teacher'] = array();
@@ -935,6 +938,21 @@ function user_add_role_allowed(&$u, $role)
 	return true;
 }
 
+// Set the user's school to the one specifed.  Verifying the school code is needed
+// here, as it will be called from both the web interface and the API.
+// returns true on success, false otherwise
+function user_set_school($u, $schoolId, $schoolCode){
+	$returnval = false;
+	// make sure the id and code match
+	$tally = mysql_result(mysql_query("SELECT COUNT(*) FROM schools WHERE id = $schoolId AND accesscode = '$schoolCode'"), 0);
+	if($tally == 1){
+		if(mysql_query("UPDATE users SET schools_id = $schoolId WHERE id = " . $u['id'])){
+			$u['schools_id'] = $schoolId;
+			$returnval = true;
+		}
+	}
+	return $returnval;
+}
 
 // Add a role for a user.
 // now just a skin on top of account_add_role

user_edit.php

@@ -131,6 +131,7 @@ $tabs = array(	'fairinfo' => array(
 			'label' => 'Time Avail.',
 			'types' => array('judge'),
 			'file' => 'judge_availability.php',
+			'disabled' => 'true'
 			),
 		'judgesa' => array(
 			'label' => 'Special Awards',

user_school.php

@@ -41,15 +41,9 @@ if(array_key_exists('action', $_POST)){
 		case 'submit_code':
 			$code = mysql_real_escape_string($_POST['code']);
 			$school = mysql_real_escape_string($_POST['school']);
-			$query = "SELECT * FROM schools WHERE id = $school AND accesscode = '$code'";
+			if(user_set_school($u, $school, $code)){
-			$data = mysql_fetch_assoc(mysql_query($query));
+				$schoolData = mysql_fetch_assoc(mysql_query("SELECT school, address, city, province_code, postalcode, phone FROM schools WHERE id='$school'"));
-			if(is_array($data)){
+				echo "schoolInfo = '" . implode("<br/>", $schoolData) . "';";
-				$query = "UPDATE users SET schools_id = $school WHERE id = $edit_id";
-				if(mysql_query($query)){
-					// we successfully updated the school for this user.  Now send the info back to papulate the page
-					$schoolData = mysql_fetch_assoc(mysql_query("SELECT school, address, city, province_code, postalcode, phone FROM schools WHERE id='$school'"));
-					echo "schoolInfo = '" . implode("<br/>", $schoolData) . "';";
-				}
 			}
 			break;
 		default:
@@ -86,7 +80,7 @@ $translations = array(
 					$('#instructions').html("<?=$translations['incorrect'];?>");
 				}
 
-			}
+		}
 		);
 	}
 </script>
@@ -114,21 +108,15 @@ echo "</td><td>";
 
 // build a select box for them to pick out a school
 echo '<select id="schoolId">';
-$query = "SELECT MAX(id) AS id,school,city FROM schools GROUP BY school, city";
-$q = mysql_query($query);
-$prev="somethingthatdoesnotexist";
 echo "<option value=\"\">".i18n("Choose a school")."</option>\n";
-while($r=mysql_fetch_object($q)){
+$schoolList = get_schools($conference['id']);
-	if($r->school == $schoolData['school']){
+foreach($schoolList as $id => $school){
+	if($school == $schoolData['school']){
 		$sel= "selected=\"selected\"";
 	}else{
 		$sel= "";
 	}
-	if($r->school==$prev)
+	echo "<option $sel value=\"$id\">$school</option>";
-		echo "<option $sel value=\"$r->id\">$r->school ($r->city)</option>\n";
-	else
-		echo "<option $sel value=\"$r->id\">$r->school</option>\n";
-	$prev=$r->school;
 }
 echo "</select>";
 echo "</td></tr>";