Copyright (C) 2010 James Grant This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; see the file COPYING. If not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ ?> description(list dates for specified conference) return(dates array) */ if($request[1]) { $cid=intval($request[1]); } else $cid=$_SESSION['conferences_id']; $ret['status']="ok"; $ret['dates']=array(); $q=mysql_query("SELECT date,name,description FROM dates WHERE conferences_id='$cid' ORDER BY date"); $dates=array(); while($r=mysql_fetch_assoc($q)) { $dates[]=$r; } $ret['conferences_id']=$cid; $ret['dates']=$dates; break; case "account": /* apidoc: account/create description(creates an account) post(username varchar(64), password varchar(64), email varchar(64) optional) return(account array) */ if($request[1]=="create") { $user = trim($_POST['username']); $pass = trim($_POST['password']); $email = trim($_POST['email']); if($user && $pass) { $a=account_create($user,$pass); if(is_array($a)) { if($email) account_set_email($a['id'],$email); $account=account_load($a['id']); $ret['status']="ok"; $ret['account']=$account; } else { $ret['status']="error"; switch($a) { case -1: $ret['error']="invalid username"; break; case -2: $ret['error']="username already exists"; break; case -3: $ret['error']="invalid password"; break; default: $ret['error']="unknown account creation error"; break; } } } else { $ret['status']="error"; $ret['error']="username (varchar 64) and password (varchar 64) are required "; } } else { $ret['status']="error"; $ret['error']="invalid account command"; } break; case "auth": /* apidoc: auth/login description(login to an account) post(username varchar(64), password varchar(64)) return(account array, roles array, conferences_id integer) */ if($request[1]=="login") { $user = $_POST['username']; $pass = $_POST['password']; $accounts_id = try_login($user, $pass); if($accounts_id == false) { $ret['status']="error"; $ret['error']="Invalid Username/Password"; } else { $a = account_load($accounts_id); $_SESSION['username']=$a['username']; $_SESSION['email']=$a['email']; $_SESSION['accounts_id']=$accounts_id; $_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no'; $_SESSION['roles']=array(); $status=user_conference_load($accounts_id,$_SESSION['conferences_id']); $ret['conferences_id']=$_SESSION['conferences_id']; $ret['status']="ok"; $ret['account']=$a; //$ret['user']=user_load($_SESSION['users_id']); $ret['roles']=$_SESSION['roles']; } } /* apidoc: auth/logout description(logs out of an account) return(account array) */ else if($request[1]=="logout") { unset($_SESSION['username']); unset($_SESSION['email']); unset($_SESSION['accounts_id']); unset($_SESSION['superuser']); unset($_SESSION['roles']); unset($_SESSION['users_id']); unset($_SESSION['name']); $ret['status']="ok"; } else { $ret['status']="error"; $ret['error']="invalid auth command"; } break; case "testauth": if($request[1]) { $ok=api_user_auth_required($request[1]); } else { $ok=api_user_auth_required(); } if($ok['status']=="ok") { $ret['status']='ok'; } else { $ret['status']="error"; $ret['error']=$ok['error']; } break; case "scienceolympics": $chk=api_user_auth_required('teacher'); if($chk['status']!="ok") { $ret['status']="error"; $ret['error']=$chk['error']; break; } $u=user_load($_SESSION['users_id']); if(!$u['schools_id']) { $ret['status']="error"; $ret['error']='Your teacher account is not attached to any school'; break; } $school_id=$u['schools_id']; require_once("so_teams.inc.php"); switch($request[1]) { case "teams": switch($request[2]) { case "list": $q=mysql_query("SELECT id,name FROM so_teams WHERE schools_id='{$u['schools_id']}' AND conferences_id='{$conference['id']}'"); $ret['status']='ok'; $teams=array(); while($r=mysql_fetch_assoc($q)) { $teams[]=$r; } $ret['teams']=$teams; break; case "add": if($_POST['teamname']) { if(so_team_add($school_id,$conference['id'],$_POST['teamname'])) { $ret['status']="ok"; } else { $ret['status']='error'; $ret['error']='could not add team'; } } else { $ret['status']='error'; $ret['error']='teamname (varchar 64) is required'; } break; case "edit": if($_POST['id'] && $_POST['teamname']) { if(so_team_edit($school_id,$_POST['id'],$_POST['teamname'])) { $ret['status']="ok"; } else { $ret['status']='error'; $ret['error']='could not edit team'; } } else { $ret['status']='error'; $ret['error']='id (integer), teamname (varchar 64) are required'; } break; case "delete"; if($_POST['id']) { if(so_team_delete($school_id,$_POST['id'])) { $ret['status']="ok"; } else { $ret['status']='error'; $ret['error']='could not delete team'; } } else { $ret['status']='error'; $ret['error']='id (integer) is required'; } break; default: $ret['status']="error"; $ret['error']="invalid scienceolympics/teams command ({$request[2]})"; break; } break; default: $ret['status']="error"; $ret['error']="invalid scienceolympics command ({$request[1]})"; break; } break; default: $ret['status']="error"; $ret['error']="Invalid API command ({$request[0]})"; } echo json_encode($ret); ?>