arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity
b5745656c1
science-ation/xmltransport.php
dave b5745656c1 - Add user/pass support to the fair info 
- Add a generic fair stats uploader, can't do YSF stats yet, but it will soon
  (and when it does it can replace the YSF specific stats uploader)
- Add better authentication to the incoming xml transport.
2009-04-20 05:02:23 +00:00

94 lines
2.9 KiB
PHP
Raw Blame History

<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2009 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once('common.inc.php');
require_once('user.inc.php');
require_once('admin/xml.inc.php');
$d=xml_parsexml($_POST['xml']);
$data = $d['sfiab'][0];
$username = $data['username'][0];
$password = $data['password'][0];
// echo "Authenticating... ";
$username = mysql_escape_string($username);
$q=mysql_query("SELECT uid FROM users WHERE username='$username'");
if(mysql_num_rows($q) != 1) {
echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
exit;
}
$i = mysql_fetch_assoc($q);
$u = user_load_by_uid($i['uid']);
if(!is_array($u) || $u['password'] == '') {
echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
exit;
}
if($u['password'] != $password) {
echo "<sfiab><error>1</error><message>authentication failed</message></sfiab>";
exit;
}
$response = array();
if(array_key_exists('getstats', $data)) {
$year = $data['getstats'][0]['year'][0];
$vars = array('fair_stats_participation', 'fair_stats_schools_ext',
'fair_stats_minorities', 'fair_stats_guests');
foreach($vars as $v) {
$response['statconfig'][$v] = $config[$v];
}
$q = mysql_query("SELECT * FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
AND year='$year'");
$response['stats'] = mysql_fetch_assoc($q);
unset($response['stats']['id']);
}
if(array_key_exists('stats', $data)) {
$stats = array();
foreach($data['stats'][0] as $k=>$v) {
$stats[$k] = $v[0];
}
$str = join(',',$stats);
$keys = '`fairs_id`,`'.join('`,`', array_keys($stats)).'`';
$vals = "'{$u['fairs_id']}','".join("','", array_values($stats))."'";
mysql_query("DELETE FROM fairs_stats WHERE fairs_id='{$u['fairs_id']}'
AND year='{$stats['year']}'");
echo mysql_error();
mysql_query("INSERT INTO fairs_stats (`id`,$keys) VALUES ('',$vals)");
echo mysql_error();
$response['error'] = 0;
$response['message'] = 'Stats saved';
}
$output="";
xmlCreateRecurse(array('sfiab'=>$response));
echo urlencode($output);
// echo "Success!<br />";
?>
View Git Blame Copy Permalink