<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2010 Youth Science Ontario <info@youthscienceontario.ca>
Copyright (C) 2010 James Grant <james@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
include "common.inc.php";
require_once("account.inc.php");
require_once("user.inc.php");
if($_SERVER['HTTPS']!="on") {
$ret['status']="error";
$ret['error']="SSL is required for API access, please access the API over https";
echo json_encode($ret);
exit;
}
$request=explode("/",$_GET['request']);
$ret=array();
switch($request[0]) {
case "conferences":
if($request[1]=="switch") {
if($_POST['conferences_id']) {
//this makes sure its valid and sets teh session
switchConference($_POST['conferences_id']);
//get rid of their current roles, and load their record for the new conference
if(is_array($_SESSION['roles'])) {
$_SESSION['roles']=array();
user_conference_load($_SESSION['accounts_id'],$_SESSION['conferences_id']);
}
$ret['status']="ok";
} else {
$ret['status']="error";
$ret['error']='conferences_id (integer) is required';
}
}
else {
$ret['status']="ok";
$ret['conferences']=array();
$response=array();
$q=mysql_query("SELECT id,name,type FROM conferences WHERE status='running' ORDER BY id");
while($r=mysql_fetch_assoc($q)) {
$response[]=$r;
}
$ret['conferences']=$response;
}
break;
case "dates":
if($request[1]) {
$cid=intval($request[1]);
}
else
$cid=$_SESSION['conferences_id'];
$ret['status']="ok";
$ret['dates']=array();
$q=mysql_query("SELECT date,name,description FROM dates WHERE conferences_id='$cid' ORDER BY date");
$dates=array();
while($r=mysql_fetch_assoc($q)) {
$dates[]=$r;
}
$ret['conferences_id']=$cid;
$ret['dates']=$dates;
break;
case "auth":
if($request[1]=="login") {
$user = $_POST['username'];
$pass = $_POST['password'];
$accounts_id = try_login($user, $pass);
if($accounts_id == false) {
$ret['status']="error";
$ret['error']="Invalid Username/Password";
}
else {
$a = account_load($accounts_id);
$_SESSION['username']=$a['username'];
$_SESSION['email']=$a['email'];
$_SESSION['accounts_id']=$accounts_id;
$_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no';
$_SESSION['roles']=array();
$status=user_conference_load($accounts_id,$_SESSION['conferences_id']);
$ret['status']="ok";
$ret['account']=$a;
//$ret['user']=user_load($_SESSION['users_id']);
$ret['roles']=$_SESSION['roles'];
}
}
if($request[1]=="logout") {
unset($_SESSION['username']);
unset($_SESSION['email']);
unset($_SESSION['accounts_id']);
unset($_SESSION['superuser']);
unset($_SESSION['roles']);
unset($_SESSION['users_id']);
unset($_SESSION['name']);
$ret['status']="ok";
}
break;
case "testauth":
if($request[1]) {
$ok=api_user_auth_required($request[1]);
}
else {
$ok=api_user_auth_required();
}
if($ok['status']=="ok") {
$ret['status']='ok';
}
else {
$ret['status']="error";
$ret['error']=$ok['error'];
}
break;
case "scienceolympics":
$chk=api_user_auth_required('teacher');
if($chk['status']!="ok") {
$ret['status']="error";
$ret['error']=$chk['error'];
break;
}
$u=user_load($_SESSION['users_id']);
if(!$u['schools_id']) {
$ret['status']="error";
$ret['error']='Your teacher account is not attached to any school';
break;
}
$school_id=$u['schools_id'];
require_once("so_teams.inc.php");
switch($request[1]) {
case "teams":
switch($request[2]) {
case "list":
$q=mysql_query("SELECT id,name FROM so_teams WHERE schools_id='{$u['schools_id']}' AND conferences_id='{$conference['id']}'");
$ret['status']='ok';
$teams=array();
while($r=mysql_fetch_assoc($q)) {
$teams[]=$r;
}
$ret['teams']=$teams;
break;
case "add":
if($_POST['teamname']) {
if(so_team_add($school_id,$conference['id'],$_POST['teamname'])) {
$ret['status']="ok";
}
else {
$ret['status']='error';
$ret['error']='could not add team';
}
} else {
$ret['status']='error';
$ret['error']='teamname (varchar 64) is required';
}
break;
case "edit":
if($_POST['id'] && $_POST['teamname']) {
if(so_team_edit($school_id,$_POST['id'],$_POST['teamname'])) {
$ret['status']="ok";
}
else {
$ret['status']='error';
$ret['error']='could not edit team';
}
}
else {
$ret['status']='error';
$ret['error']='id (integer), teamname (varchar 64) are required';
}
break;
case "delete";
if($_POST['id']) {
if(so_team_delete($school_id,$_POST['id'])) {
$ret['status']="ok";
}
else {
$ret['status']='error';
$ret['error']='could not delete team';
}
} else {
$ret['status']='error';
$ret['error']='id (integer) is required';
}
break;
default:
$ret['status']="error";
$ret['error']="invalid scienceolympics/teams command ({$request[2]})";
break;
}
break;
default:
$ret['status']="error";
$ret['error']="invalid scienceolympics command ({$request[1]})";
break;
}
break;
default:
$ret['status']="error";
$ret['error']="Invalid API command ({$request[0]})";
}
echo json_encode($ret);
?>