<?

/*
 * This file is part of the 'Science Fair In A Box' project
 * Science-ation Website: https://science-ation.ca/
 *
 * Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
 * Copyright (C) 2005 James Grant <james@lightbox.org>
 * Copyright (C) 2024 AlgoLibre Inc. <science-ation@algolibre.io>
 * Copyright (C) 2009 David Grant <dave@lightbox.org>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public
 * License as published by the Free Software Foundation, version 2.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; see the file COPYING.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 */
?>
<?
require_once('common.inc.php');
require_once('user.inc.php');

require_once('fair_additional_materials.inc.php');

function handle_getstats(&$u, $fair, &$data, &$response)
{
	global $pdo;

	$year = $data['getstats']['year'];

	/* Send back the stats we'd like to collect */
	$response['statconfig'] = explode(',', $fair['gather_stats']);

	/* Send back the stats we currently have */
	$q = $pdo->prepare("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
				AND year='$year'");
	$q->execute();
	$response['stats'] = $q->fetch(PDO::FETCH_ASSOC);
	unset($response['stats']['id']);
	$response['error'] = 0;
}

function handle_stats(&$u, $fair, &$data, &$response)
{
	global $pdo;

	$stats = $data['stats'];
	foreach ($stats as $k => $v) {
		$stats[$k] = $stats[$k];
	}

	//	$str = join(',',$stats);
	$keys = '`fairs_id`,`' . join('`,`', array_keys($stats)) . '`';
	$vals = "'{$u['fairs_id']}','" . join("','", array_values($stats)) . "'";
	$stmt = $pdo->prepare("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
		AND year='{$stats['year']}'");
	$stmt->execute();
	show_pdo_errors_if_any($pdo);
	$stmt = $pdo->prepare("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
	$stmt->execute();
	show_pdo_errors_if_any($pdo);

	$response['message'] = 'Stats saved';
	$response['error'] = 0;
}

function handle_getawards(&$u, $fair, &$data, &$response)
{
	global $pdo;

	$awards = array();
	$year = $data['getawards']['year'];

	$ids = array();
	/* Load a list of awards linked to the fair id */
	$q = $pdo->prepare("SELECT * FROM fairs_awards_link WHERE fairs_id='{$fair['id']}'");
	$q->execute();
	while ($r = $q->fetch(PDO::FETCH_ASSOC)) {
		$aaid = $r['award_awards_id'];
		if ($r['download_award'] == 'yes')
			$ids[] = $aaid;
		$ul[$aaid] = $r['upload_winners'];
	}

	/* Load the awards this fair is allowed to download */
	$where = "(id='" . join("' OR id='", $ids) . "')";
	$q = $pdo->prepare("SELECT * FROM award_awards WHERE $where AND year='$year'");
	$q->execute();

	while ($a = $q->fetch(PDO::FETCH_ASSOC)) {
		$award = array();
		$award['identifier'] = $a['external_identifier'];
		$award['external_additional_materials'] = $a['external_additional_materials'];
		$award['external_register_winners'] = $a['external_register_winners'];
		$award['year'] = $a['year'];
		$award['name_en'] = $a['name'];
		$award['criteria_en'] = $a['criteria'];
		$award['upload_winners'] = $ul[$a['id']];
		$award['self_nominate'] = $a['self_nominate'];
		$award['schedule_judges'] = $a['schedule_judges'];

		if ($a['sponsors_id']) {
			$sq = $pdo->prepare("SELECT * FROM sponsors WHERE id='{$a['sponsors_id']}'");
			$sq->execute();
			if ($sq->rowCount()) {
				$s = $sq->fetch(PDO::FETCH_ASSOC);
				$award['sponsor'] = $s['organization'];
			}
		}

		$award['prizes'] = array();
		$pq = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='{$a['id']}'");
		$pq->execute();
		while ($p = $pq->fetch(PDO::FETCH_ASSOC)) {
			/* Map array keys -> local database field */
			$map = array(
				'cash' => 'cash',
				'scholarship' => 'scholarship',
				'value' => 'value',
				'prize_en' => 'prize',
				'number' => 'number',
				'ord' => 'order',
				'trophystudentkeeper' => 'trophystudentkeeper',
				'trophystudentreturn' => 'trophystudentreturn',
				'trophyschoolkeeper' => 'trophyschoolkeeper',
				'trophyschoolreturn' => 'trophyschoolreturn'
			);
			$prize = array('identifier' => '');
			foreach ($map as $k => $field)
				$prize[$k] = $p[$field];

			$award['prizes'][] = $prize;
		}
		$awards[] = $award;
	}
	$response['awards'] = $awards;
	$response['postback'] = 'http://localhost';
}

function award_upload_update_school(&$mysql_query, &$school, $school_id = -1)
{
	global $pdo;
	/* transport name => mysql name */
	$school_fields = array(  // 'schoolname'=>'school',
		'schoollang' => 'schoollang',
		'schoollevel' => 'schoollevel',
		'board' => 'board',
		'district' => 'district',
		'phone' => 'phone',
		'fax' => 'fax',
		'address' => 'address',
		'city' => 'city',
		'province_code' => 'province_code',
		'postalcode' => 'postalcode',
		'schoolemail' => 'schoolemail'
	);
	/*				'principal'=>'principal',
					'sciencehead'=>'sciencehead',
					'scienceheademail'=>'scienceheademail',
					'scienceheadphone'=>'scienceheadphone');*/

	if ($school_id == -1) {
		$our_school = $mysql_query->fetch(PDO::FETCH_ASSOC);
		$sid = $our_school['id'];
	} else {
		$sid = $school_id;
		$our_school = array();
	}
	$set = '';
	foreach ($school_fields as $t => $m) {
		if ($our_school[$m] == $school[$t])
			continue;
		if ($set != '')
			$set .= ',';
		$set .= "`$m`='" . $school[$t] . "'";
	}
	$stmt = $pdo->prepare("UPDATE schools SET $set WHERE id='$sid'");
	$stmt->execute();
	return $sid;
}

function award_upload_school(&$student, &$school, $year, &$response)
{
	global $pdo;

	$school_name = $school['schoolname'];
	$school_city = $school['city'];
	$school_phone = $school['phone'];
	$school_addr = $school['address'];
	$student_city = $student['city'];

	/* Find school by matching name, city, phone, year */
	$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND phone='$school_phone' AND year='$year'");
	$q->execute();
	if ($q->rowCount() == 1)
		return award_upload_update_school($q, $school);

	/* Find school by matching name, city, address, year */
	$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND address='$school_addr' AND year='$year'");
	$q->execute();
	if ($q->rowCount() == 1)
		return award_upload_update_school($q, $school);

	/* Find school by matching name, city, year */
	$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$school_city' AND year='$year'");
	$q->execute();
	if ($q->rowCount() == 1)
		return award_upload_update_school($q, $school);

	/* Find school by matching name, student city, year */
	$q = $pdo->prepare("SELECT * FROM schools WHERE school='$school_name' AND city='$student_city' AND year='$year'");
	$q->execute();
	if ($q->rowCount() == 1)
		return award_upload_update_school($q, $school);

	$response['notice'][] = "      - Creating new school: $school_name";
	/* No? ok, make a new school */
	$stmt = $pdo->prepare("INSERT INTO schools(`school`,`year`) VALUES ('" . $school['schoolname'] . "','$year')");
	$stmt->execute();
	$school_id = $pdo->lastInsertId();
	return award_upload_update_school($q, $school, $school_id);
}

function award_upload_assign(&$fair, &$award, &$prize, &$project, $year, &$response)
{
	global $pdo;

	$reg_email_needs_update = false;
	$new_reg = false;

	/*
	 * Copied from admin/award_upload.php, this is the
	 *  transport name => sql name mapping
	 */
	$student_fields = array(
		'firstname' => 'firstname',
		'lastname' => 'lastname',
		'email' => 'email',
		'gender' => 'sex',
		'grade' => 'grade',
		'language' => 'lang',
		'birthdate' => 'dateofbirth',
		'address' => 'address',
		'city' => 'city',
		'province' => 'province',
		'postalcode' => 'postalcode',
		'phone' => 'phone',
		'teachername' => 'teachername',
		'teacheremail' => 'teacheremail'
	);

	/* See if this project already exists */
	$pn = $project['projectnumber'];
	$q = $pdo->prepare("SELECT * FROM projects WHERE projectnumber='$pn' AND fairs_id='{$fair['id']}' AND year='$year'");
	$q->execute();
	show_pdo_errors_if_any($pdo);
	if ($q->rowCount() == 1) {
		$our_project = $q->fetch(PDO::FETCH_ASSOC);
		$registrations_id = $our_project['registrations_id'];
		$pid = $our_project['id'];
		$response['notice'][] = "   - Found existing project: {$project['title']}";
	} else {
		$response['notice'][] = "   - Creating new project: {$project['title']}";
		/* Create a registration */
		$regnum = 0;
		// now create the new registration record, and assign a random/unique registration number to then.
		do {
			// random number between
			// 100000 and 999999  (six digit integer)
			$regnum = rand(100000, 999999);
			$q = $pdo->prepare("SELECT * FROM registrations WHERE num='$regnum' AND year=$year");
			$q->execute();
			show_pdo_errors_if_any($pdo);
		} while ($q->rowCount() > 0);

		// actually insert it
		$stmt = $pdo->prepare('INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES ('
			. "'$regnum','$regnum',NOW(),'open',NULL,'$year')");
		$stmt->execute();
		$registrations_id = $pdo->lastInsertId();
		/* We'll fill in the email address later */

		/* Add the project */
		$stmt = $pdo->prepare("INSERT INTO projects (`registrations_id`,`projectnumber`,`year`,`fairs_id`)
				VALUES('$registrations_id',
					'" . $project['projectnumber'] . "',
					'$year', '{$fair['id']}');");
		$stmt->execute();
		$pid = $pdo->lastInsertId();
		$reg_email_needs_update = true;
		$new_reg = true;
	}
	$q = $pdo->prepare("SELECT * FROM registrations WHERE id='$registrations_id'");
	$q->execute();
	$registration = $q->fetch(PDO::FETCH_ASSOC);

	/* Update the project in case anythign changed */
	$stmt = $pdo->prepare("UPDATE projects SET title='" . $project['title'] . "',
					summary='" . $project['abstract'] . "',
					projectcategories_id='" . intval($project['projectcategories_id']) . "',
					projectdivisions_id='" . intval($project['projectdivisions_id']) . "'
				WHERE id='$pid'");
	$stmt->execute();

	/* Record the winner */
	$stmt = $pdo->prepare("INSERT INTO winners(`awards_prizes_id`,`projects_id`,`year`,`fairs_id`)
			VALUES('{$prize['id']}','$pid','$year','{$fair['id']}')");
	$stmt->execute();
	/* Delete the students attached to this project */
	$stmt = $pdo->prepare("DELETE FROM students WHERE registrations_id='$registrations_id'");
	$stmt->execute();

	/* Add new */
	foreach ($project['students'] as &$student) {
		$response['notice'][] = "      - Student {$student['firstname']} {$student['lastname']} saved";

		$schools_id = award_upload_school($student, $student['school'], $year, $response);

		$keys = ',`' . join('`,`', array_values($student_fields)) . '`';
		$values = '';
		foreach ($student_fields as $k => $v)
			$values .= ",'" . $student[$k] . "'";
		/* Note lack of comma before $keys, we added it above for both keys and values */
		$stmt = $pdo->prepare("INSERT INTO students (`registrations_id`,`fairs_id`, `schools_id`,`year` $keys)
				VALUES('$registrations_id','{$fair['id']}','$schools_id','$year' $values )");
		$stmt->execute();

		/* Update the registration email */
		if ($reg_email_needs_update) {
			$stmt = $pdo->prepare("UPDATE registrations SET email='" . $student['email'] . "'
					WHERE id='$registrations_id'");
			$stmt->execute();
			$reg_email_needs_update = false;
		}

		if ($award['external_register_winners'] == 1 && $new_reg == true) {
			/*
			 * This award is for students who are participating in this fair, we need
			 * to get their reg number to them if this is a new registration
			 */
			email_send(
				'new_participant',
				$student['email'],
				array(),
				array(
					'EMAIL' => $student['email'],
					'REGNUM' => $registration['num']
				)
			);
			$response['notice'][] = "         - Sent welcome registration email to: {$student['firstname']} {$student['lastname']} &lt;{$student['email']}&gt;";
		}
	}
	if ($award['external_register_winners'] == 0) {
		/*
		 * It's not an external, so we don't need the student to login
		 * or antyhing, we probably want to include it in reports, so set
		 * it to complete
		 */
		$stmt = $pdo->prepare("UPDATE registrations SET status='complete' WHERE id='$registrations_id'");
		$stmt->execute();
	}
}

function handle_award_upload(&$u, &$fair, &$data, &$response)
{
	$response['notice'][] = 'Handle Award Upload deprecated , please upgrade your SFIAB';
	$response['error'] = 1;
}

function handle_awards_upload(&$u, &$fair, &$data, &$response)
{
	global $pdo;
	//	$response['debug'] = array_keys($data['awards_upload']);
	//	$response['error'] = 0;
	//	return;
	foreach ($data['awards_upload'] as $award_data) {
		$external_identifier = $award_data['external_identifier'];
		$year = intval($award_data['year']);

		/* Find the award */
		$eid = $external_identifier;

		$q = $pdo->prepare("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
		$q->execute();
		if ($q->rowCount() != 1) {
			$response['message'] = "Unknown award identifier '$eid' for year $year";
			$response['error'] = 1;
			return;
		}
		$award = $q->fetch(PDO::FETCH_ASSOC);
		$aaid = $award['id'];

		$response['notice'][] = "Found award: {$award['name']}";

		/*
		 * Load prizes, we fetched the right award by year, so we don't need to
		 * check the year as long as we query by aaid
		 */
		$prizes = array();
		$q = $pdo->prepare("SELECT * FROM award_prizes WHERE award_awards_id='$aaid'");
		$q->execute();
		while ($prize = $q->fetch(PDO::FETCH_ASSOC)) {
			$response['notice'][] = " - Prize: {$prize['prize']}";

			/* Clean out existing winners for this prize */
			$stmt = $pdo->prepare("DELETE FROM winners WHERE 
					award_prize_id='{$prize['id']}' 
					AND fairs_id='{$fair['id']}'");
			$stmt->execute();

			/* Assign projects to this prize */
			$ul_p = &$award_data['prizes'][$prize['prize']];
			if (!is_array($ul_p['projects']))
				continue;

			foreach ($ul_p['projects'] as &$project) {
				award_upload_assign($fair, $award, $prize, $project, $year, $response);
			}
		}
	}
	$response['notice'][] = 'All awards and winners saved';
	$response['error'] = 0;
}

function handle_get_categories(&$u, &$fair, &$data, &$response)
{
	global $pdo;
	$year = intval($data['get_categories']['year']);
	$cat = array();
	$q = $pdo->prepare("SELECT * FROM projectcategories WHERE year='$year' ORDER BY id");
	$q->execute();
	while ($r = $q->fetch(PDO::FETCH_OBJ)) {
		$cat[$r->id] = array(
			'id' => $r->id,
			'category' => $r->category,
			'mingrade' => $r->mingrade,
			'maxgrade' => $r->maxgrade
		);
	}
	$response['categories'] = $cat;
	$response['error'] = 0;
}

function handle_get_divisions(&$u, &$fair, &$data, &$response)
{
	global $pdo;
	$year = intval($data['get_divisions']['year']);
	$div = array();
	$q = $pdo->prepare("SELECT * FROM projectdivisions WHERE year='$year' ORDER BY id");
	$q->execute();
	while ($r = $q->fetch(PDO::FETCH_OBJ)) {
		$div[$r->id] = array(
			'id' => $r->id,
			'division' => $r->division
		);
	}
	$response['divisions'] = $div;
	$response['error'] = 0;
}

function handle_award_additional_materials(&$u, &$fair, &$data, &$response)
{
	global $pdo;
	$year = intval($data['award_additional_materials']['year']);
	$external_identifier = $data['award_additional_materials']['identifier'];

	$eid = $external_identifier;
	$q = $pdo->prepare("SELECT * FROM award_awards WHERE external_identifier='$eid' AND year='$year'");
	$q->execute();
	if ($q->rowCount() != 1) {
		$response['message'] = "Unknown award identifier '$eid'";
		$response['error'] = 1;
		return;
	}
	$award = $q->fetch(PDO::FETCH_ASSOC);

	$pdf = fair_additional_materials($fair, $award, $year);
	$response['award_additional_materials']['pdf']['header'] = $pdf['header'];
	$response['award_additional_materials']['pdf']['data64'] = base64_encode($pdf['data']);
	$response['error'] = 0;
}

// echo "post:";print_r($_POST);
// echo "json post: ".htmlspecialchars($_POST['json'])."<br>";
// echo "stripslashes(json post): ".stripslashes($_POST['json'])."<br>";
// echo "data:";print_r($data);
// echo "<br />";
// exit;

$username = $data['auth']['username'];
$password = $data['auth']['password'];

$response['query'] = $data;

// echo "Authenticating... ";
$u = user_load_by_email($username);
if ($u == false) {
	$response['error'] = 1;
	$response['message'] = 'Authentication Failed';
	echo json_encode($response);
	exit;
}
if (!is_array($u) || $u['password'] == '') {
	$response['error'] = 1;
	$response['message'] = 'Authentication Failed';
	echo json_encode($response);
	exit;
}

if (!password_verify($password, $u['password'])) {
	$response['error'] = 1;
	$response['message'] = 'Authentication Failed';
	echo json_encode($response);
	exit;
}

$q = $pdo->prepare("SELECT * FROM fairs WHERE id='?'");
$q->execute([$u['fairs_id']]);
$fair = $q->fetch(PDO::FETCH_ASSOC);

$response = array();
if (array_key_exists('getstats', $data))
	handle_getstats($u, $fair, $data, $response);
if (array_key_exists('stats', $data))
	handle_stats($u, $fair, $data, $response);
if (array_key_exists('getawards', $data))
	handle_getawards($u, $fair, $data, $response);
if (array_key_exists('awards_upload', $data))
	handle_awards_upload($u, $fair, $data, $response);
if (array_key_exists('award_upload', $data))
	handle_award_upload($u, $fair, $data, $response);
if (array_key_exists('get_categories', $data))
	handle_get_categories($u, $fair, $data, $response);
if (array_key_exists('get_divisions', $data))
	handle_get_divisions($u, $fair, $data, $response);
if (array_key_exists('award_additional_materials', $data))
	handle_award_additional_materials($u, $fair, $data, $response);

// $response['hi'] = 'hi';
echo urlencode(json_encode($response));
// echo "Success!<br />";

?>