forked from science-ation/science-ation
328 lines
8.7 KiB
PHP
328 lines
8.7 KiB
PHP
<?
|
|
/*
|
|
This file is part of the 'Science Fair In A Box' project
|
|
SFIAB Website: http://www.sfiab.ca
|
|
|
|
Copyright (C) 2010 Youth Science Ontario <info@youthscienceontario.ca>
|
|
Copyright (C) 2010 James Grant <james@lightbox.org>
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU General Public
|
|
License as published by the Free Software Foundation, version 2.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; see the file COPYING. If not, write to
|
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
Boston, MA 02111-1307, USA.
|
|
*/
|
|
?>
|
|
<?
|
|
include "common.inc.php";
|
|
require_once("account.inc.php");
|
|
require_once("user.inc.php");
|
|
|
|
if($_SERVER['HTTPS']!="on") {
|
|
$ret['status']="error";
|
|
$ret['error']="SSL is required for API access, please access the API over https";
|
|
echo json_encode($ret);
|
|
exit;
|
|
}
|
|
|
|
$request=explode("/",$_GET['request']);
|
|
$ret=array();
|
|
|
|
switch($request[0]) {
|
|
case "conferences":
|
|
/* APIDOC: conferences/switch
|
|
description(switches the active conference)
|
|
post(conferences_id integer)
|
|
return(conferences_id integer)
|
|
*/
|
|
if($request[1]=="switch") {
|
|
if($_POST['conferences_id']) {
|
|
//this makes sure its valid and sets teh session
|
|
switchConference($_POST['conferences_id']);
|
|
|
|
//get rid of their current roles, and load their record for the new conference
|
|
if(is_array($_SESSION['roles'])) {
|
|
$_SESSION['roles']=array();
|
|
user_conference_load($_SESSION['accounts_id'],$_SESSION['conferences_id']);
|
|
}
|
|
$ret['status']="ok";
|
|
$ret['conferences_id']=$_SESSION['conferences_id'];
|
|
} else {
|
|
$ret['status']="error";
|
|
$ret['error']='conferences_id (integer) is required';
|
|
}
|
|
}
|
|
/* APIDOC: conferences
|
|
description(lists all conferences)
|
|
return(conferences array)
|
|
*/
|
|
else {
|
|
$ret['status']="ok";
|
|
$ret['conferences']=array();
|
|
|
|
$response=array();
|
|
$q=mysql_query("SELECT id,name,type,status FROM conferences ORDER BY id");
|
|
while($r=mysql_fetch_assoc($q)) {
|
|
$response[]=$r;
|
|
}
|
|
$ret['conferences']=$response;
|
|
}
|
|
break;
|
|
|
|
case "dates":
|
|
/* APIDOC: dates
|
|
description(list dates for active conference)
|
|
return(dates array)
|
|
*/
|
|
/* APIDOC: dates/<conferences_id integer>
|
|
description(list dates for specified conference)
|
|
return(dates array)
|
|
*/
|
|
if($request[1]) {
|
|
$cid=intval($request[1]);
|
|
}
|
|
else
|
|
$cid=$_SESSION['conferences_id'];
|
|
|
|
$ret['status']="ok";
|
|
$ret['dates']=array();
|
|
$q=mysql_query("SELECT date,name,description FROM dates WHERE conferences_id='$cid' ORDER BY date");
|
|
$dates=array();
|
|
while($r=mysql_fetch_assoc($q)) {
|
|
$dates[]=$r;
|
|
}
|
|
$ret['conferences_id']=$cid;
|
|
$ret['dates']=$dates;
|
|
break;
|
|
|
|
case "account":
|
|
/* APIDOC: account/create
|
|
description(creates an account)
|
|
post(username varchar(64), password varchar(64), email varchar(64) optional)
|
|
return(account array)
|
|
*/
|
|
if($request[1]=="create") {
|
|
$user = trim($_POST['username']);
|
|
$pass = trim($_POST['password']);
|
|
$email = trim($_POST['email']);
|
|
if($user && $pass) {
|
|
$a=account_create($user,$pass);
|
|
if(is_array($a)) {
|
|
if($email)
|
|
account_set_email($a['id'],$email);
|
|
$account=account_load($a['id']);
|
|
$ret['status']="ok";
|
|
$ret['account']=$account;
|
|
}
|
|
else {
|
|
$ret['status']="error";
|
|
switch($a) {
|
|
case -1: $ret['error']="invalid username"; break;
|
|
case -2: $ret['error']="username already exists"; break;
|
|
case -3: $ret['error']="invalid password"; break;
|
|
default: $ret['error']="unknown account creation error"; break;
|
|
}
|
|
}
|
|
} else {
|
|
$ret['status']="error";
|
|
$ret['error']="username (varchar 64) and password (varchar 64) are required ";
|
|
}
|
|
}
|
|
else {
|
|
$ret['status']="error";
|
|
$ret['error']="invalid account command";
|
|
}
|
|
break;
|
|
|
|
case "auth":
|
|
/* APIDOC: auth/login
|
|
description(login to an account)
|
|
post(username varchar(64), password varchar(64))
|
|
return(account array, roles array, conferences_id integer)
|
|
*/
|
|
if($request[1]=="login") {
|
|
$user = $_POST['username'];
|
|
$pass = $_POST['password'];
|
|
|
|
$accounts_id = try_login($user, $pass);
|
|
if($accounts_id == false) {
|
|
$ret['status']="error";
|
|
$ret['error']="Invalid Username/Password";
|
|
}
|
|
else {
|
|
$a = account_load($accounts_id);
|
|
$_SESSION['username']=$a['username'];
|
|
$_SESSION['email']=$a['email'];
|
|
$_SESSION['accounts_id']=$accounts_id;
|
|
$_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no';
|
|
$_SESSION['roles']=array();
|
|
|
|
$status=user_conference_load($accounts_id,$_SESSION['conferences_id']);
|
|
|
|
$ret['conferences_id']=$_SESSION['conferences_id'];
|
|
$ret['status']="ok";
|
|
$ret['account']=$a;
|
|
//$ret['user']=user_load($_SESSION['users_id']);
|
|
$ret['roles']=$_SESSION['roles'];
|
|
}
|
|
}
|
|
/* APIDOC: auth/logout
|
|
description(logs out of an account)
|
|
return(account array)
|
|
*/
|
|
else if($request[1]=="logout") {
|
|
unset($_SESSION['username']);
|
|
unset($_SESSION['email']);
|
|
unset($_SESSION['accounts_id']);
|
|
unset($_SESSION['superuser']);
|
|
unset($_SESSION['roles']);
|
|
unset($_SESSION['users_id']);
|
|
unset($_SESSION['name']);
|
|
$ret['status']="ok";
|
|
}
|
|
else {
|
|
$ret['status']="error";
|
|
$ret['error']="invalid auth command";
|
|
}
|
|
break;
|
|
|
|
case "testauth":
|
|
if($request[1]) {
|
|
$ok=api_user_auth_required($request[1]);
|
|
}
|
|
else {
|
|
$ok=api_user_auth_required();
|
|
}
|
|
|
|
if($ok['status']=="ok") {
|
|
$ret['status']='ok';
|
|
}
|
|
else {
|
|
$ret['status']="error";
|
|
$ret['error']=$ok['error'];
|
|
}
|
|
|
|
break;
|
|
case "scienceolympics":
|
|
$chk=api_user_auth_required('teacher');
|
|
if($chk['status']!="ok") {
|
|
$ret['status']="error";
|
|
$ret['error']=$chk['error'];
|
|
break;
|
|
}
|
|
$u=user_load($_SESSION['users_id']);
|
|
if(!$u['schools_id']) {
|
|
$ret['status']="error";
|
|
$ret['error']='Your teacher account is not attached to any school';
|
|
break;
|
|
}
|
|
$school_id=$u['schools_id'];
|
|
|
|
require_once("so_teams.inc.php");
|
|
switch($request[1]) {
|
|
case "teams":
|
|
switch($request[2]) {
|
|
/* APIDOC: scienceolympics/teams/list
|
|
description(lists the schools science olympics teams)
|
|
return(teams array)
|
|
*/
|
|
case "list":
|
|
$q=mysql_query("SELECT id,name FROM so_teams WHERE schools_id='{$u['schools_id']}' AND conferences_id='{$conference['id']}'");
|
|
$ret['status']='ok';
|
|
$teams=array();
|
|
while($r=mysql_fetch_assoc($q)) {
|
|
$teams[]=$r;
|
|
}
|
|
$ret['teams']=$teams;
|
|
break;
|
|
/* APIDOC: scienceolympics/teams/add
|
|
description(add a science olympics team to the logged in teacher's school)
|
|
post(teamname varchar(64))
|
|
return(team array);
|
|
*/
|
|
case "add":
|
|
if($_POST['teamname']) {
|
|
if($team=so_team_add($school_id,$conference['id'],$_POST['teamname'])) {
|
|
$ret['team']=$team;
|
|
$ret['status']="ok";
|
|
}
|
|
else {
|
|
$ret['status']='error';
|
|
$ret['error']='could not add team';
|
|
}
|
|
} else {
|
|
$ret['status']='error';
|
|
$ret['error']='teamname (varchar 64) is required';
|
|
}
|
|
break;
|
|
/* APIDOC: scienceolympics/teams/edit
|
|
description(edit a science olympics team)
|
|
post(id integer, teamname varchar(64))
|
|
return(team array);
|
|
*/
|
|
case "edit":
|
|
if($_POST['id'] && $_POST['teamname']) {
|
|
if($team=so_team_edit($school_id,$_POST['id'],$_POST['teamname'])) {
|
|
$ret['status']="ok";
|
|
$ret['team']=$team;
|
|
}
|
|
else {
|
|
$ret['status']='error';
|
|
$ret['error']='could not edit team';
|
|
}
|
|
}
|
|
else {
|
|
$ret['status']='error';
|
|
$ret['error']='id (integer), teamname (varchar 64) are required';
|
|
}
|
|
break;
|
|
/* APIDOC: scienceolympics/teams/delete
|
|
description(delete a science olympics team)
|
|
post(id integer)
|
|
*/
|
|
case "delete";
|
|
if($_POST['id']) {
|
|
if(so_team_delete($school_id,$_POST['id'])) {
|
|
$ret['status']="ok";
|
|
}
|
|
else {
|
|
$ret['status']='error';
|
|
$ret['error']='could not delete team';
|
|
}
|
|
} else {
|
|
$ret['status']='error';
|
|
$ret['error']='id (integer) is required';
|
|
}
|
|
|
|
break;
|
|
default:
|
|
$ret['status']="error";
|
|
$ret['error']="invalid scienceolympics/teams command ({$request[2]})";
|
|
break;
|
|
|
|
}
|
|
break;
|
|
default:
|
|
$ret['status']="error";
|
|
$ret['error']="invalid scienceolympics command ({$request[1]})";
|
|
break;
|
|
}
|
|
break;
|
|
|
|
default:
|
|
$ret['status']="error";
|
|
$ret['error']="Invalid API command ({$request[0]})";
|
|
|
|
}
|
|
echo json_encode($ret);
|
|
|
|
?>
|