Copyright (C) 2005 James Grant Copyright (C) 2009 David Grant This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; see the file COPYING. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ ?> "; // echo "stripslashes(json post): ".stripslashes($_POST['json'])."
"; // echo "data:";print_r($data); // echo "
"; // exit; $username = $data['auth']['username']; $password = $data['auth']['password']; $response['query'] = $data; // echo "Authenticating... "; $username = mysql_escape_string($username); $q=mysql_query("SELECT uid FROM users WHERE username='$username'"); if(mysql_num_rows($q) != 1) { $response['error'] = 1; $response['message'] = "Authentication Failed"; echo json_encode($response); exit; } $i = mysql_fetch_assoc($q); $u = user_load_by_uid($i['uid']); $response['i'] = $i; if(!is_array($u) || $u['password'] == '') { $response['error'] = 1; $response['message'] = "Authentication Failed2"; echo json_encode($response); exit; } if($u['password'] != $password) { $response['error'] = 1; $response['message'] = "Authentication Failed3"; echo json_encode($response); exit; } $response = array(); if(array_key_exists('getstats', $data)) { $year = $data['getstats']['year']; $vars = array('fair_stats_participation', 'fair_stats_schools_ext', 'fair_stats_minorities', 'fair_stats_guests', 'fair_stats_sffbc_misc', 'fair_stats_info', 'fair_stats_next_chair', 'fair_stats_scholarships', 'fair_stats_delegates', ); foreach($vars as $v) { $response['statconfig'][$v] = $config[$v]; } $q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}' AND year='$year'"); $response['stats'] = mysql_fetch_assoc($q); unset($response['stats']['id']); $response['error'] = 0; } if(array_key_exists('stats', $data)) { $stats = $data['stats']; foreach($stats as $k=>$v) { $stats[$k] = mysql_escape_string($stats[$k]); } // $str = join(',',$stats); $keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`'; $vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'"; mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}' AND year='{$stats['year']}'"); echo mysql_error(); mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)"); echo mysql_error(); $response['error'] = 0; $response['message'] = 'Stats saved'; } echo urlencode(json_encode($response)); // echo "Success!
"; ?>