arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity
036cf2c295
science-ation/xmltransport.php
dave 036cf2c295 - And the server side of the JSON stats. We should probably rename this file 
since it has nothing to do with XML anymore.
2009-05-05 07:27:38 +00:00

120 lines
3.7 KiB
PHP
Raw Blame History

<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2009 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once('common.inc.php');
require_once('user.inc.php');
/* magic quotes DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, on by default *
* for any PHP < 5.3.0. Pain in the ASS. php is running the urldecode for us,
* seeing that the string has quotes, then adding quotes before we can
* json_decode()
* It only does this in POST and GET */
if(get_magic_quotes_gpc())
$data = json_decode(stripslashes($_POST['json']), true);
else
$data = json_decode($_POST['json'], true);
// echo "post:";print_r($_POST);
// echo "json post: ".htmlspecialchars($_POST['json'])."<br>";
// echo "stripslashes(json post): ".stripslashes($_POST['json'])."<br>";
// echo "data:";print_r($data);
// echo "<br />";
// exit;
$username = $data['auth']['username'];
$password = $data['auth']['password'];
$response['query'] = $data;
// echo "Authenticating... ";
$username = mysql_escape_string($username);
$q=mysql_query("SELECT uid FROM users WHERE username='$username'");
if(mysql_num_rows($q) != 1) {
$response['error'] = 1;
$response['message'] = "Authentication Failed";
echo json_encode($response);
exit;
}
$i = mysql_fetch_assoc($q);
$u = user_load_by_uid($i['uid']);
$response['i'] = $i;
if(!is_array($u) || $u['password'] == '') {
$response['error'] = 1;
$response['message'] = "Authentication Failed2";
echo json_encode($response);
exit;
}
if($u['password'] != $password) {
$response['error'] = 1;
$response['message'] = "Authentication Failed3";
echo json_encode($response);
exit;
}
$response = array();
if(array_key_exists('getstats', $data)) {
$year = $data['getstats']['year'];
$vars = array('fair_stats_participation', 'fair_stats_schools_ext',
'fair_stats_minorities', 'fair_stats_guests',
'fair_stats_sffbc_misc', 'fair_stats_info',
'fair_stats_next_chair', 'fair_stats_scholarships',
'fair_stats_delegates',
);
foreach($vars as $v) {
$response['statconfig'][$v] = $config[$v];
}
$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
AND year='$year'");
$response['stats'] = mysql_fetch_assoc($q);
unset($response['stats']['id']);
$response['error'] = 0;
}
if(array_key_exists('stats', $data)) {
$stats = $data['stats'];
foreach($stats as $k=>$v) {
$stats[$k] = mysql_escape_string($stats[$k]);
}
// $str = join(',',$stats);
$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
AND year='{$stats['year']}'");
echo mysql_error();
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
echo mysql_error();
$response['error'] = 0;
$response['message'] = 'Stats saved';
}
echo urlencode(json_encode($response));
// echo "Success!<br />";
?>
View Git Blame Copy Permalink