forked from science-ation/science-ation
a92544bbea
Remove saving some stuff from user_save
539 lines
14 KiB
PHP
539 lines
14 KiB
PHP
<?
|
|
/*
|
|
This file is part of the 'Science Fair In A Box' project
|
|
SFIAB Website: http://www.sfiab.ca
|
|
|
|
Copyright (C) 2010 Youth Science Ontario <info@youthscienceontario.ca>
|
|
Copyright (C) 2010 James Grant <james@lightbox.org>
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU General Public
|
|
License as published by the Free Software Foundation, version 2.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; see the file COPYING. If not, write to
|
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
Boston, MA 02111-1307, USA.
|
|
*/
|
|
?>
|
|
<?
|
|
include "common.inc.php";
|
|
require_once("account.inc.php");
|
|
require_once("user.inc.php");
|
|
require_once("schedule.inc.php");
|
|
if($_SERVER['HTTPS']!="on") {
|
|
$ret['status']="error";
|
|
$ret['error']="SSL is required for API access, please access the API over https";
|
|
echo json_encode($ret);
|
|
exit;
|
|
}
|
|
|
|
$request=explode("/",$_GET['request']);
|
|
$ret=array();
|
|
|
|
switch($request[0]) {
|
|
/* APIDOC: config
|
|
description(retreives the entire configuration variables, minus ones that cant be included (like passwords)
|
|
return(config array)
|
|
*/
|
|
case 'config':
|
|
$exclude=array("judge_registration_singlepassword","volunteer_registration_singlepassword","participant_registration_singlepassword","fairmanageremail");
|
|
$configapi=$config;
|
|
foreach($exclude AS $e) {
|
|
unset($configapi[$e]);
|
|
}
|
|
$ret['status']="ok";
|
|
$ret['config']=$configapi;
|
|
break;
|
|
|
|
case 'locations':
|
|
switch($request[1]){
|
|
case 'list':
|
|
/* APIDOC: locations/list
|
|
description(lists locations at the current conference)
|
|
return(locations array)
|
|
*/
|
|
$locationData = getLocationList($_SESSION['conferences_id']);
|
|
if(is_array($locationData)){
|
|
$ret['status'] = 'ok';
|
|
$ret['locations'] = $locationData;
|
|
}else{
|
|
$ret['status'] = 'error';
|
|
$ret['error'] = $locationData;
|
|
}
|
|
break;
|
|
default:
|
|
$ret['status'] = 'error';
|
|
$ret['error']="Invalid API command ({$request[1]})";
|
|
}
|
|
break;
|
|
case "schedule":
|
|
$u = user_load($_SESSION['users_id']);
|
|
$school_id = null;
|
|
if($u['schools_id']) {
|
|
$school_id=$u['schools_id'];
|
|
}else{
|
|
$ret['status'] = 'error';
|
|
$ret['error']="Not connected to a school";
|
|
break;
|
|
}
|
|
|
|
switch($request[1]){
|
|
case 'list':
|
|
/* APIDOC: events/list
|
|
description(gets a list of all events at the current conference, and team information if applicable)
|
|
return(events array)
|
|
*/
|
|
$eventData = getEventList($_SESSION['conferences_id'], $school_id);
|
|
if(is_array($eventData)){
|
|
$ret['status'] = 'ok';
|
|
$ret['events'] = $eventData;
|
|
}else{
|
|
$ret['status'] = 'error';
|
|
$ret['error'] = $eventData;
|
|
}
|
|
break;
|
|
|
|
case 'register':
|
|
/* APIDOC: schedule/register
|
|
description(register a team for a scheduled event)
|
|
post(team_id integer, schedule_id integer)
|
|
return(results array)
|
|
*/
|
|
if(!array_key_exists('team_id', $_POST)){
|
|
$ret['status'] = "error";
|
|
$ret['error'] = 'team_id (integer) is required';
|
|
}else if(!array_key_exists('schedule_id', $_POST)){
|
|
$ret['status'] = "error";
|
|
$ret['error'] = 'schedule_id (integer) is required';
|
|
}else{
|
|
$ret['status'] = 'ok';
|
|
$ret['registration'] = registerTeamInEvent($_SESSION['conferences_id'], $_POST['schedule_id'], $_POST['team_id']);
|
|
}
|
|
break;
|
|
|
|
case 'unregister':
|
|
/* APIDOC: schedule/register
|
|
description(unregister a team for a scheduled event)
|
|
post(team_id integer, schedule_id integer)
|
|
return(results array)
|
|
*/
|
|
if(!array_key_exists('team_id', $_POST)){
|
|
$ret['status'] = "error";
|
|
$ret['error'] = 'team_id (integer) is required';
|
|
}else if(!array_key_exists('schedule_id', $_POST)){
|
|
$ret['status'] = "error";
|
|
$ret['error'] = 'schedule_id (integer) is required';
|
|
}else{
|
|
$ret['status'] = 'ok';
|
|
$ret['registration'] = unregisterTeamInEvent($_SESSION['conferences_id'], $_POST['schedule_id'], $_POST['team_id']);
|
|
}
|
|
break;
|
|
|
|
default:
|
|
$ret['status'] = 'error';
|
|
$ret['error']="Invalid API command ({$request[1]})";
|
|
|
|
}
|
|
|
|
break;
|
|
case "conferences":
|
|
/* APIDOC: conferences/switch
|
|
description(switches the active conference)
|
|
post(conferences_id integer)
|
|
return(conferences_id integer)
|
|
*/
|
|
if($request[1]=="switch") {
|
|
if($_POST['conferences_id']) {
|
|
//this makes sure its valid and sets teh session
|
|
switchConference($_POST['conferences_id']);
|
|
|
|
//get rid of their current roles, and load their record for the new conference
|
|
if(is_array($_SESSION['roles'])) {
|
|
$_SESSION['roles']=array();
|
|
user_conference_load($_SESSION['accounts_id'],$_SESSION['conferences_id']);
|
|
}
|
|
$ret['status']="ok";
|
|
$ret['conferences_id']=$_SESSION['conferences_id'];
|
|
} else {
|
|
$ret['status']="error";
|
|
$ret['error']='conferences_id (integer) is required';
|
|
}
|
|
}
|
|
/* APIDOC: conferences
|
|
description(lists all conferences)
|
|
return(conferences array)
|
|
*/
|
|
else {
|
|
$ret['status']="ok";
|
|
$ret['conferences']=array();
|
|
|
|
$response=array();
|
|
$q=mysql_query("SELECT id,name,type,status FROM conferences ORDER BY id");
|
|
while($r=mysql_fetch_assoc($q)) {
|
|
$response[]=$r;
|
|
}
|
|
$ret['conferences']=$response;
|
|
}
|
|
break;
|
|
|
|
case "dates":
|
|
/* APIDOC: dates
|
|
description(list dates for active conference)
|
|
return(dates array)
|
|
*/
|
|
/* APIDOC: dates/<conferences_id integer>
|
|
description(list dates for specified conference)
|
|
return(dates array)
|
|
*/
|
|
if($request[1]) {
|
|
$cid=intval($request[1]);
|
|
}
|
|
else
|
|
$cid=$_SESSION['conferences_id'];
|
|
|
|
$ret['status']="ok";
|
|
$ret['dates']=array();
|
|
$q=mysql_query("SELECT date,name,description FROM dates WHERE conferences_id='$cid' ORDER BY date");
|
|
$dates=array();
|
|
while($r=mysql_fetch_assoc($q)) {
|
|
$dates[]=$r;
|
|
}
|
|
$ret['conferences_id']=$cid;
|
|
$ret['dates']=$dates;
|
|
break;
|
|
|
|
case "account":
|
|
/* APIDOC: account/create
|
|
description(creates an account)
|
|
post(username varchar(64), password varchar(64), email varchar(64) optional)
|
|
return(account array)
|
|
*/
|
|
if($request[1]=="create") {
|
|
$user = trim($_POST['username']);
|
|
$pass = trim($_POST['password']);
|
|
$email = trim($_POST['email']);
|
|
if($user && $pass) {
|
|
$a=account_create($user,$pass);
|
|
if(is_array($a)) {
|
|
if($email)
|
|
account_set_email($a['id'],$email);
|
|
$account=account_load($a['id']);
|
|
$ret['status']="ok";
|
|
$ret['account']=$account;
|
|
}
|
|
else {
|
|
$ret['status']="error";
|
|
switch($a) {
|
|
case -1: $ret['error']="invalid username"; break;
|
|
case -2: $ret['error']="username already exists"; break;
|
|
case -3: $ret['error']="invalid password"; break;
|
|
default: $ret['error']="unknown account creation error"; break;
|
|
}
|
|
}
|
|
} else {
|
|
$ret['status']="error";
|
|
$ret['error']="username (varchar 64) and password (varchar 64) are required ";
|
|
}
|
|
}
|
|
else {
|
|
$ret['status']="error";
|
|
$ret['error']="invalid account command";
|
|
}
|
|
break;
|
|
|
|
case "auth":
|
|
/* APIDOC: auth/login
|
|
description(login to an account)
|
|
post(username varchar(64), password varchar(64))
|
|
return(account array, roles array, conferences_id integer)
|
|
*/
|
|
if($request[1]=="login") {
|
|
$user = $_POST['username'];
|
|
$pass = $_POST['password'];
|
|
|
|
$accounts_id = try_login($user, $pass);
|
|
if($accounts_id == false) {
|
|
$ret['status']="error";
|
|
$ret['error']="Invalid Username/Password";
|
|
}
|
|
else {
|
|
$a = account_load($accounts_id);
|
|
$_SESSION['username']=$a['username'];
|
|
$_SESSION['email']=$a['email'];
|
|
$_SESSION['accounts_id']=$accounts_id;
|
|
$_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no';
|
|
$_SESSION['roles']=array();
|
|
|
|
$status=user_conference_load($accounts_id,$_SESSION['conferences_id']);
|
|
|
|
$ret['conferences_id']=$_SESSION['conferences_id'];
|
|
$ret['status']="ok";
|
|
$ret['account']=$a;
|
|
//$ret['user']=user_load($_SESSION['users_id']);
|
|
$ret['roles']=$_SESSION['roles'];
|
|
}
|
|
}
|
|
/* APIDOC: auth/logout
|
|
description(logs out of an account)
|
|
return(account array)
|
|
*/
|
|
else if($request[1]=="logout") {
|
|
unset($_SESSION['username']);
|
|
unset($_SESSION['email']);
|
|
unset($_SESSION['accounts_id']);
|
|
unset($_SESSION['superuser']);
|
|
unset($_SESSION['roles']);
|
|
unset($_SESSION['users_id']);
|
|
unset($_SESSION['name']);
|
|
$ret['status']="ok";
|
|
}
|
|
else {
|
|
$ret['status']="error";
|
|
$ret['error']="invalid auth command";
|
|
}
|
|
break;
|
|
|
|
case "testauth":
|
|
if($request[1]) {
|
|
$ok=api_user_auth_required($request[1]);
|
|
}
|
|
else {
|
|
$ok=api_user_auth_required();
|
|
}
|
|
|
|
if($ok['status']=="ok") {
|
|
$ret['status']='ok';
|
|
}
|
|
else {
|
|
$ret['status']="error";
|
|
$ret['error']=$ok['error'];
|
|
}
|
|
|
|
break;
|
|
case "scienceolympics":
|
|
$chk=api_user_auth_required('teacher');
|
|
if($chk['status']!="ok") {
|
|
$ret['status']="error";
|
|
$ret['error']=$chk['error'];
|
|
break;
|
|
}
|
|
$u=user_load($_SESSION['users_id']);
|
|
if(!$u['schools_id']) {
|
|
$ret['status']="error";
|
|
$ret['error']='Your teacher account is not attached to any school';
|
|
break;
|
|
}
|
|
$school_id=$u['schools_id'];
|
|
|
|
require_once("so_teams.inc.php");
|
|
switch($request[1]) {
|
|
case "teams":
|
|
switch($request[2]) {
|
|
/* APIDOC: scienceolympics/teams/list
|
|
description(lists the schools science olympics teams)
|
|
return(teams array)
|
|
*/
|
|
case "list":
|
|
$q=mysql_query("SELECT id,name FROM so_teams WHERE schools_id='{$u['schools_id']}' AND conferences_id='{$conference['id']}'");
|
|
$ret['status']='ok';
|
|
$teams=array();
|
|
while($r=mysql_fetch_assoc($q)) {
|
|
$teams[]=$r;
|
|
}
|
|
$ret['teams']=$teams;
|
|
break;
|
|
/* APIDOC: scienceolympics/teams/add
|
|
description(add a science olympics team to the logged in teacher's school)
|
|
post(teamname varchar(64))
|
|
return(team array);
|
|
*/
|
|
case "add":
|
|
if($_POST['teamname']) {
|
|
if($team=so_team_add($school_id,$conference['id'],$_POST['teamname'])) {
|
|
$ret['team']=$team;
|
|
$ret['status']="ok";
|
|
}
|
|
else {
|
|
$ret['status']='error';
|
|
$ret['error']='could not add team';
|
|
}
|
|
} else {
|
|
$ret['status']='error';
|
|
$ret['error']='teamname (varchar 64) is required';
|
|
}
|
|
break;
|
|
/* APIDOC: scienceolympics/teams/edit
|
|
description(edit a science olympics team)
|
|
post(id integer, teamname varchar(64))
|
|
return(team array);
|
|
*/
|
|
case "edit":
|
|
if($_POST['id'] && $_POST['teamname']) {
|
|
if($team=so_team_edit($school_id,$_POST['id'],$_POST['teamname'])) {
|
|
$ret['status']="ok";
|
|
$ret['team']=$team;
|
|
}
|
|
else {
|
|
$ret['status']='error';
|
|
$ret['error']='could not edit team';
|
|
}
|
|
}
|
|
else {
|
|
$ret['status']='error';
|
|
$ret['error']='id (integer), teamname (varchar 64) are required';
|
|
}
|
|
break;
|
|
/* APIDOC: scienceolympics/teams/delete
|
|
description(delete a science olympics team)
|
|
post(id integer)
|
|
*/
|
|
case "delete";
|
|
if($_POST['id']) {
|
|
if(so_team_delete($school_id,$_POST['id'])) {
|
|
$ret['status']="ok";
|
|
}
|
|
else {
|
|
$ret['status']='error';
|
|
$ret['error']='could not delete team';
|
|
}
|
|
} else {
|
|
$ret['status']='error';
|
|
$ret['error']='id (integer) is required';
|
|
}
|
|
|
|
break;
|
|
default:
|
|
$ret['status']="error";
|
|
$ret['error']="invalid scienceolympics/teams command ({$request[2]})";
|
|
break;
|
|
|
|
}
|
|
break;
|
|
default:
|
|
$ret['status']="error";
|
|
$ret['error']="invalid scienceolympics command ({$request[1]})";
|
|
break;
|
|
}
|
|
break;
|
|
case 'user':
|
|
$chk=api_user_auth_required();
|
|
if($chk['status']!="ok") {
|
|
$ret['status']="error";
|
|
$ret['error']=$chk['error'];
|
|
break;
|
|
}
|
|
|
|
require_once("so_teams.inc.php");
|
|
switch($request[1]) {
|
|
/* APIDOC: user/view
|
|
description(view user information for current conference)
|
|
return(user array)
|
|
*/
|
|
case "view":
|
|
if($u=user_load($_SESSION['users_id'])) {
|
|
//we dont need to send the 'orig' part of it
|
|
unset($u['orig']);
|
|
$ret['status']="ok";
|
|
$ret['user']=$u;
|
|
}
|
|
else {
|
|
$ret['status']="error";
|
|
$ret['error']="Error loading user";
|
|
}
|
|
break;
|
|
|
|
/* APIDOC: user/edit
|
|
description(edit user information for current conference)
|
|
post(user array)
|
|
return(user array)
|
|
*/
|
|
case "edit":
|
|
if($origu=user_load($_SESSION['users_id'])) {
|
|
$u=json_decode($_POST['user']);
|
|
if(!is_array($u)) {
|
|
$ret['status']="error";
|
|
$ret['error']="user (array) is required";
|
|
break;
|
|
}
|
|
|
|
if($origu['id']!=$u['id']) {
|
|
$ret['status']="error";
|
|
$ret['error']="User ID mismatch";
|
|
break;
|
|
}
|
|
|
|
$u['orig']=$origu['orig'];
|
|
|
|
if(user_save($u)) {
|
|
$ret['status']="ok";
|
|
$ret['user']=$u;
|
|
} else {
|
|
$ret['status']="error";
|
|
$ret['error']="Error saving user";
|
|
}
|
|
}
|
|
else {
|
|
$ret['status']="error";
|
|
$ret['error']="Error loading user in order to edit";
|
|
}
|
|
break;
|
|
}
|
|
|
|
break;
|
|
default:
|
|
$ret['status']="error";
|
|
$ret['error']="Invalid API command ({$request[0]})";
|
|
|
|
}
|
|
echo json_encode($ret);
|
|
|
|
/* APIDOC: school/list
|
|
notimplemented
|
|
description(list schools)
|
|
return(schools array)
|
|
*/
|
|
|
|
/* APIDOC: account/edit
|
|
notimplemented
|
|
description(edit account information)
|
|
post(account array)
|
|
return(account array)
|
|
*/
|
|
|
|
|
|
|
|
/* APIDOC: user/connect_teacher_to_school
|
|
notimplemented
|
|
description(connects the current users teacher role to the specified school usign the schools access code)
|
|
post(schools_id integer, accesscode varchar(16))
|
|
return(school array)
|
|
*/
|
|
|
|
/* APIDOC: role/list
|
|
notimplemented
|
|
description(list roles and their corresponding registration types)
|
|
return(roles array)
|
|
*/
|
|
|
|
/* APIDOC: role/add
|
|
notimplemented
|
|
post(role_id integer, password varchar(64) optional)
|
|
description(add a role for the user to the current conference. Depending on the registraiton type, an optional password (singlepassword, schoolpassword, etc) can be specified)
|
|
return(role array)
|
|
*/
|
|
|
|
/* APIDOC: role/remove
|
|
notimplemented
|
|
post(role_id integer)
|
|
description(remove a role from the user for the current conference)
|
|
return(role array)
|
|
*/
|
|
|
|
?>
|