forked from science-ation/science-ation
0a9053181c
- Move the nubmer of available prizes to the top so it's harder to miss.
183 lines
5.7 KiB
PHP
183 lines
5.7 KiB
PHP
<?
|
|
/*
|
|
This file is part of the 'Science Fair In A Box' project
|
|
SFIAB Website: http://www.sfiab.ca
|
|
|
|
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
|
|
Copyright (C) 2005 James Grant <james@lightbox.org>
|
|
Copyright (C) 2009 David Grant <dave@lightbox.org>
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU General Public
|
|
License as published by the Free Software Foundation, version 2.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; see the file COPYING. If not, write to
|
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
Boston, MA 02111-1307, USA.
|
|
*/
|
|
?>
|
|
<?
|
|
require_once('common.inc.php');
|
|
require_once('user.inc.php');
|
|
|
|
|
|
function handle_getstats(&$u, $fair,&$data, &$response)
|
|
{
|
|
$year = $data['getstats']['year'];
|
|
$vars = array('fair_stats_participation', 'fair_stats_schools_ext',
|
|
'fair_stats_minorities', 'fair_stats_guests',
|
|
'fair_stats_sffbc_misc', 'fair_stats_info',
|
|
'fair_stats_next_chair', 'fair_stats_scholarships',
|
|
'fair_stats_delegates',
|
|
);
|
|
foreach($vars as $v) {
|
|
$response['statconfig'][$v] = $config[$v];
|
|
}
|
|
$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
|
|
AND year='$year'");
|
|
$response['stats'] = mysql_fetch_assoc($q);
|
|
unset($response['stats']['id']);
|
|
$response['error'] = 0;
|
|
}
|
|
|
|
function handle_stats(&$u,$fair, &$data, &$response)
|
|
{
|
|
$stats = $data['stats'];
|
|
foreach($stats as $k=>$v) {
|
|
$stats[$k] = mysql_escape_string($stats[$k]);
|
|
}
|
|
|
|
// $str = join(',',$stats);
|
|
$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
|
|
$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
|
|
mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
|
|
AND year='{$stats['year']}'");
|
|
echo mysql_error();
|
|
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
|
|
echo mysql_error();
|
|
|
|
$response['message'] = 'Stats saved';
|
|
$response['error'] = 0;
|
|
}
|
|
|
|
function handle_getawards(&$u, $fair, &$data, &$response)
|
|
{
|
|
$awards = array();
|
|
$year = $data['getawards']['year'];
|
|
|
|
$ids = array();
|
|
/* Load a list of awards linked to the fair id */
|
|
$q = mysql_query("SELECT * FROM fairs_awards_link WHERE fairs_id='{$fair['id']}'");
|
|
while($r = mysql_fetch_assoc($q)) {
|
|
$aaid = $r['award_awards_id'];
|
|
if($r['download_award'] == 'yes') $ids[] = $aaid;
|
|
$ul[$aaid] = $r['upload_winners'];
|
|
}
|
|
|
|
/* Load the awards this fair is allowed to download */
|
|
$where = "id='".join("' OR id='", $ids)."'";
|
|
$q = mysql_query("SELECT * FROM award_awards WHERE $where");
|
|
|
|
while($a = mysql_fetch_assoc($q)) {
|
|
$award = array();
|
|
$award['identifier'] = $a['external_identifier'];
|
|
$award['year'] = $a['year'];
|
|
$award['name_en'] = $a['name'];
|
|
$award['criteria_en'] = $a['criteria'];
|
|
$award['upload_winners'] = $ul[$a['id']];
|
|
if($a['sponsors_id']) {
|
|
$sq = mysql_query("SELECT * FROM sponsors WHERE id='{$a['sponsors_id']}'");
|
|
if(mysql_num_rows($sq)) {
|
|
$s = mysql_fetch_assoc($sq);
|
|
$award['sponsor'] = $s['organization'];
|
|
}
|
|
}
|
|
|
|
$award['prizes'] = array();
|
|
$pq = mysql_query("SELECT * FROM award_prizes WHERE award_awards_id='{$a['id']}'");
|
|
while($p = mysql_fetch_assoc($pq)) {
|
|
$prize = array();
|
|
$prize['identifier'] = "";
|
|
$prize['cash'] = $p['cash'];;
|
|
$prize['scholarship'] = $p['scholarship'];
|
|
$prize['value'] = $p['value'];
|
|
$prize['prize_en'] = $p['prize'];
|
|
$prize['number'] = $p['number'];
|
|
$prize['ord'] = $p['order'];
|
|
$award['prizes'][] = $prize;
|
|
}
|
|
$awards[] = $award;
|
|
}
|
|
$response['awards'] = $awards;
|
|
$response['postback'] = 'http://localhost';
|
|
}
|
|
|
|
|
|
/* magic quotes DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, on by default *
|
|
* for any PHP < 5.3.0. Pain in the ASS. php is running the urldecode for us,
|
|
* seeing that the string has quotes, then adding quotes before we can
|
|
* json_decode()
|
|
* It only does this in POST and GET */
|
|
if(get_magic_quotes_gpc())
|
|
$data = json_decode(stripslashes($_POST['json']), true);
|
|
else
|
|
$data = json_decode($_POST['json'], true);
|
|
|
|
// echo "post:";print_r($_POST);
|
|
// echo "json post: ".htmlspecialchars($_POST['json'])."<br>";
|
|
// echo "stripslashes(json post): ".stripslashes($_POST['json'])."<br>";
|
|
// echo "data:";print_r($data);
|
|
// echo "<br />";
|
|
// exit;
|
|
|
|
$username = $data['auth']['username'];
|
|
$password = $data['auth']['password'];
|
|
|
|
$response['query'] = $data;
|
|
|
|
// echo "Authenticating... ";
|
|
$username = mysql_escape_string($username);
|
|
$q=mysql_query("SELECT uid FROM users WHERE username='$username'");
|
|
if(mysql_num_rows($q) != 1) {
|
|
$response['error'] = 1;
|
|
$response['message'] = "Authentication Failed";
|
|
echo json_encode($response);
|
|
exit;
|
|
}
|
|
$i = mysql_fetch_assoc($q);
|
|
$u = user_load_by_uid($i['uid']);
|
|
$response['i'] = $i;
|
|
if(!is_array($u) || $u['password'] == '') {
|
|
$response['error'] = 1;
|
|
$response['message'] = "Authentication Failed2";
|
|
echo json_encode($response);
|
|
exit;
|
|
}
|
|
|
|
if($u['password'] != $password) {
|
|
$response['error'] = 1;
|
|
$response['message'] = "Authentication Failed3";
|
|
echo json_encode($response);
|
|
exit;
|
|
}
|
|
|
|
$q = mysql_query("SELECT * FROM fairs WHERE id='{$u['fairs_id']}'");
|
|
$fair = mysql_fetch_assoc($q);
|
|
|
|
$response = array();
|
|
if(array_key_exists('getstats', $data)) handle_getstats($u,$fair, $data, $response);
|
|
if(array_key_exists('stats', $data)) handle_stats($u,$fair, $data, $response);
|
|
if(array_key_exists('getawards', $data)) handle_getawards($u,$fair,$data, $response);
|
|
|
|
echo urlencode(json_encode($response));
|
|
// echo "Success!<br />";
|
|
|
|
|
|
?>
|