forked from science-ation/science-ation
136 lines
3.3 KiB
PHP
136 lines
3.3 KiB
PHP
<?
|
|
/*
|
|
This file is part of the 'Science Fair In A Box' project
|
|
SFIAB Website: http://www.sfiab.ca
|
|
|
|
Copyright (C) 2010 Youth Science Ontario <info@youthscienceontario.ca>
|
|
Copyright (C) 2010 James Grant <james@lightbox.org>
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU General Public
|
|
License as published by the Free Software Foundation, version 2.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; see the file COPYING. If not, write to
|
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
Boston, MA 02111-1307, USA.
|
|
*/
|
|
?>
|
|
<?
|
|
include "common.inc.php";
|
|
require_once("account.inc.php");
|
|
require_once("user.inc.php");
|
|
|
|
if($_SERVER['HTTPS']!="on") {
|
|
$ret['status']="error";
|
|
$ret['error']="SSL is required for API access, please access the API over https";
|
|
echo json_encode($ret);
|
|
exit;
|
|
}
|
|
|
|
$request=explode("/",$_GET['request']);
|
|
$ret=array();
|
|
|
|
switch($request[0]) {
|
|
case "conferences":
|
|
$ret['status']="ok";
|
|
$ret['conferences']=array();
|
|
|
|
$response=array();
|
|
$q=mysql_query("SELECT id,name,type FROM conferences WHERE status='running' ORDER BY id");
|
|
while($r=mysql_fetch_assoc($q)) {
|
|
$response[]=$r;
|
|
}
|
|
$ret['conferences']=$response;
|
|
break;
|
|
|
|
case "dates":
|
|
if($request[1]) {
|
|
$ret['status']="ok";
|
|
$ret['dates']=array();
|
|
$q=mysql_query("SELECT date,name,description FROM dates WHERE conferences_id='{$request[1]}' ORDER BY date");
|
|
$dates=array();
|
|
while($r=mysql_fetch_assoc($q)) {
|
|
$dates[]=$r;
|
|
}
|
|
$ret['dates']=$dates;
|
|
}
|
|
else {
|
|
$ret['status']="error";
|
|
$ret['error']="Conference ID is required";
|
|
}
|
|
break;
|
|
|
|
case "auth":
|
|
if($request[1]=="login") {
|
|
$user = $_POST['username'];
|
|
$pass = $_POST['password'];
|
|
|
|
$accounts_id = try_login($user, $pass);
|
|
if($accounts_id == false) {
|
|
$ret['status']="error";
|
|
$ret['error']="Invalid Username/Password";
|
|
}
|
|
else {
|
|
$a = account_load($accounts_id);
|
|
$_SESSION['username']=$a['username'];
|
|
$_SESSION['email']=$a['email'];
|
|
$_SESSION['accounts_id']=$accounts_id;
|
|
$_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no';
|
|
$_SESSION['roles']=array();
|
|
|
|
$status=user_conference_load($accounts_id,$_SESSION['conferences_id']);
|
|
|
|
$ret['status']="ok";
|
|
$ret['account']=$a;
|
|
$ret['roles']=$_SESSION['roles'];
|
|
}
|
|
}
|
|
if($request[1]=="logout") {
|
|
unset($_SESSION['username']);
|
|
unset($_SESSION['email']);
|
|
unset($_SESSION['accounts_id']);
|
|
unset($_SESSION['superuser']);
|
|
unset($_SESSION['roles']);
|
|
$ret['status']="ok";
|
|
}
|
|
break;
|
|
|
|
case "testauth":
|
|
if($request[1]) {
|
|
$ok=api_user_auth_required($request[1]);
|
|
}
|
|
else {
|
|
$ok=api_user_auth_required();
|
|
}
|
|
|
|
if($ok['status']=="ok") {
|
|
$ret['status']='ok';
|
|
}
|
|
else {
|
|
$ret['status']="error";
|
|
$ret['error']=$ok['error'];
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
case "soteams":
|
|
api_user_auth_required('teacher');
|
|
|
|
|
|
break;
|
|
default:
|
|
$ret['status']="error";
|
|
$ret['error']="Invalid API command ({$request[0]})";
|
|
|
|
}
|
|
echo json_encode($ret);
|
|
|
|
?>
|