public function execute($request) { $connection = RaykuCommon::getDatabaseConnection(); $logedUserId = $_SESSION['symfony/user/sfUser/attributes']['symfony/user/sfUser/attributes']['user_id']; $currentUser = $this->getUser()->getRaykuUser(); $userId = $currentUser->getId(); $this->userId = $currentUser->getId(); $time = time(); $this->cat = $this->getRequestParameter('category'); $this->course_id = $this->getRequestParameter('course'); if (empty($this->course_id)) { if (!empty($_SESSION['course_id'])) { $this->course_id = $_SESSION['course_id']; } else { $this->course_id = 1; } } else { $_SESSION['course_id'] = $this->course_id; } if (empty($this->cat)) { if (!empty($_SESSION['subject'])) { $this->cat = $_SESSION['subject']; } else { $this->cat = 1; } } else { $_SESSION['subject'] = $this->cat; } if (empty($_SESSION["course_id"])) { $_SESSION["course_id"] = '1'; } /* Quick Registration Users - Listing Tutors */ if ($this->studentFromQuickRegistrationAskingAQuestion()) { $_dash_question = ''; $_dash_course_id = ''; $_school = ''; $_dash_education = ''; $_dash_code_id = ''; $_dash_year = ''; $_SESSION['subject'] = 1; $_dash_education = $_SESSION['edu']; $_dash_course_id = $_SESSION['course_id']; if ($_dash_course_id) { $queryCname = mysql_query("select * from courses where id ='" . $_dash_course_id . "'", $connection) or die(mysql_error()); $rowCoursename = mysql_fetch_array($queryCname); $_SESSION['course_name_sess'] = $rowCoursename['course_name']; } if (strtolower($_SESSION['year']) != "Choose year") { $_dash_year = trim($_SESSION['year']); } elseif (strtolower($_SESSION['grade']) != "Choose grade") { $_dash_year = trim($_SESSION['grade']); } $c = new Criteria(); $c->add(UserQuestionTagPeer::CATEGORY_ID, 1); $c->add(UserQuestionTagPeer::USER_ID, $userId); $c->add(UserQuestionTagPeer::COURSE_ID, $_dash_course_id); $c->add(UserQuestionTagPeer::COURSE_CODE, $_dash_code_id); $c->add(UserQuestionTagPeer::EDUCATION, $_dash_education); $c->add(UserQuestionTagPeer::SCHOOL, $_school); $c->add(UserQuestionTagPeer::YEAR, $_dash_year); $userQuestionTag = UserQuestionTagPeer::doSelectOne($c); if ($userQuestionTag) { $userQuestionTag->delete(); } $userQuestionTag = new UserQuestionTag(); $userQuestionTag->setUserId($userId); $userQuestionTag->setCategoryId(1); $userQuestionTag->setCourseId($_dash_course_id); $userQuestionTag->setCourseCode($_dash_code_id); $userQuestionTag->setEducation($_dash_education); $userQuestionTag->setSchool($_school); $userQuestionTag->setYear($_dash_year); $userQuestionTag->setQuestion($_SESSION['question']); $userQuestionTag->save(); } else { if ($this->loggedStudentAsksAQuestion()) { $_dash_question = ''; $_dash_course_id = ''; $_school = ''; $_dash_education = ''; $_dash_code_id = ''; $_dash_year = ''; $_dash_question = $_POST['question']; $_SESSION['question'] = $_dash_question; $_SESSION['subject'] = 1; if (!empty($_POST['course_category_hidden'])) { $course_name = trim($_POST['course_category_hidden']); $_SESSION['course_name_sess'] = $course_name; $_queryCourse = mysql_query("select * from courses where course_name ='" . $course_name . "' ", $connection) or die(mysql_error()); $_rowCourse = mysql_fetch_assoc($_queryCourse); $_dash_course_id = $_rowCourse['id']; $_SESSION["course_id"] = $_dash_course_id; } $_dash_education = $_POST['edu']; /* Student Confirmation */ $_SESSION['edu'] = $_dash_education; if (strtolower($_POST['year_hidden']) != "choose year") { $_dash_year = trim($_POST['year_hidden']); /* student confirmation */ $_SESSION['year'] = $_dash_year; } elseif (strtolower($_POST['grade_hidden']) != "choose grade") { $_dash_year = trim($_POST['grade_hidden']); /* student confirmation */ $_SESSION['grade'] = $_dash_year; } $c = new Criteria(); $c->add(UserQuestionTagPeer::CATEGORY_ID, 1); $c->add(UserQuestionTagPeer::USER_ID, $userId); $c->add(UserQuestionTagPeer::COURSE_ID, $_dash_course_id); $c->add(UserQuestionTagPeer::COURSE_CODE, $_dash_code_id); $c->add(UserQuestionTagPeer::EDUCATION, $_dash_education); $c->add(UserQuestionTagPeer::SCHOOL, $_school); $c->add(UserQuestionTagPeer::YEAR, $_dash_year); $userQuestionTag = UserQuestionTagPeer::doSelectOne($c); if ($userQuestionTag) { $userQuestionTag->delete(); } $userQuestionTag = new UserQuestionTag(); $userQuestionTag->setUserId($userId); $userQuestionTag->setCategoryId(1); $userQuestionTag->setCourseId($_dash_course_id); $userQuestionTag->setCourseCode($_dash_code_id); $userQuestionTag->setEducation($_dash_education); $userQuestionTag->setSchool($_school); $userQuestionTag->setYear($_dash_year); $userQuestionTag->setQuestion($_POST['question']); $userQuestionTag->save(); } } /** * @todo - below block of code could be extracted to separate action */ if (!empty($_POST['hidden'])) { $count = count($_POST['checkbox']); /* Clearing Cookies */ if (isset($_COOKIE['cookcount'])) { for ($u = $_COOKIE['cookcount']; $u >= 1; $u--) { $cookname = 'expert_' . $u; setcookie($cookname, '', time() - 3600, "/", sfConfig::get('app_cookies_domain')); } } setcookie("expertscount", '', time() - 3600, "/", sfConfig::get('app_cookies_domain')); setcookie("cooktotal", '', time() - 3600, "/", sfConfig::get('app_cookies_domain')); /* Clearing Cookies */ if ($count == 4) { $close = 46000; $_SESSION['connected_tutors'] = 4; } else { if ($count == 3) { $close = 46000; $_SESSION['connected_tutors'] = 3; } else { if ($count == 2) { $close = 61000; $_SESSION['connected_tutors'] = 2; } else { if ($count == 1) { $close = 61000; $_SESSION['connected_tutors'] = 1; } else { $close = 61000; $_SESSION['connected_tutors'] = 1; } } } } $j = 0; $c = new Criteria(); $c->add(UserQuestionTagPeer::USER_ID, $userId); $c->addDescendingOrderByColumn(UserQuestionTagPeer::ID); $userQuestionTag = UserQuestionTagPeer::doSelectOne($c); $course_code = ''; $year = ''; $course_id = '1'; $school = ''; if ($userQuestionTag) { $course_id = $userQuestionTag->getCourseId(); $course_code = $userQuestionTag->getCourseCode(); $year = $userQuestionTag->getYear(); $school = $userQuestionTag->getSchool(); if ($userQuestionTag->getEducation() == 2) { $school = "High School"; } } // this is where the sql injection error is happening, fix this // escape single quotes for ($i = 0; $i < $count; $i++) { mysql_query("INSERT INTO `user_expert` (`user_id`, `checked_id`, `category_id`, course_id, `question`, `exe_order`, `time`,course_code, year, school, status, close) VALUES ('" . mysql_real_escape_string($userId) . "', '" . mysql_real_escape_string($_POST['checkbox'][$i]) . "', " . mysql_real_escape_string($this->cat) . ", " . mysql_real_escape_string($course_id) . ",'" . mysql_real_escape_string($_SESSION['question']) . "','" . mysql_real_escape_string(++$j) . "', '" . mysql_real_escape_string($time) . "', '" . mysql_real_escape_string($course_code) . "', '" . mysql_real_escape_string($year) . "', '" . mysql_real_escape_string($school) . "', 1, " . mysql_real_escape_string($close) . ") ", $connection) or die("Error In Insert-->" . mysql_error()); } /* Notify same tutor again */ $l = 0; $source = 'expertmanager'; mysql_query("DELETE FROM `student_questions` WHERE user_id = " . $userId . "", $connection); for ($i = 0; $i < $count; $i++) { $question = new StudentQuestion(); $question->setStudentId($userId); $question->setTutorId($_POST['checkbox'][$i]); $question->setCategoryId($this->cat); $question->setCourseId($course_id); $question->setQuestion($_SESSION['question']); $question->setExeOrder(++$l); $question->setTime($time); $question->setCourseCode($course_code); $question->setYear($year); $question->setSchool($school); $question->setStatus(1); $question->setClose($close); $question->setSource($source); $question->save(); } setcookie("asker_que", urldecode($_SESSION['question']), time() + 600, "/", sfConfig::get('app_cookies_domain')); $this->getResponse()->setCookie("redirection", 1, time() + 600, '/', sfConfig::get('app_cookies_domain')); $this->getResponse()->setCookie("forumsub", $_SESSION['subject'], time() + 600, '/', sfConfig::get('app_cookies_domain')); $this->redirect('expertmanager/connect'); } $logedUserId = $_SESSION['symfony/user/sfUser/attributes']['symfony/user/sfUser/attributes']['user_id']; $c = new Criteria(); $c->addJoin(ExpertCategoryPeer::USER_ID, UserTutorPeer::USERID, Criteria::INNER_JOIN); if ($this->cat == 5) { $experts = ExpertCategoryPeer::doSelect($c); } else { $c->add(ExpertCategoryPeer::CATEGORY_ID, $this->cat); $experts = ExpertCategoryPeer::doSelect($c); } $queryPoints = mysql_query("select * from user where id = " . $userId, $connection) or die("Error In rate" . mysql_error()); if (mysql_num_rows($queryPoints) > 0) { $rowPoints = mysql_fetch_assoc($queryPoints); $_points = $rowPoints['points']; } $newUser = array(); $i = 0; $eachExpertOnlyOnce = array(); foreach ($experts as $exp) { if ($userId != $exp->getUserId()) { if (in_array($exp->getUserId(), $eachExpertOnlyOnce)) { continue; } $eachExpertOnlyOnce[] = $exp->getUserId(); $_queryCourse = ''; $tutorsq = mysql_query("select * from tutor_profile where category = 1 and user_id = " . $exp->getUserId() . "", $connection) or die("Er-1-->" . mysql_error()); $tutors = mysql_fetch_array($tutorsq); $tutor = ''; $tutor = explode("-", $tutors['course_id']); if (in_array($_SESSION["course_id"], $tutor)) { $_queryCourse = mysql_query("select * from tutor_profile where category = 1 and user_id = " . $exp->getUserId() . "", $connection) or die("Er-1-->" . mysql_error()); } if ($_queryCourse && mysql_num_rows($_queryCourse) > 0) { $query = mysql_query("select * from user_score where user_id = " . $exp->getUserId(), $connection) or die(mysql_error()); $score = mysql_fetch_assoc($query); if ($score['score'] != 0) { if ($_points == '' || $_points == '0.00') { $emptyRCquery = mysql_query("select * from user_rate where userid = " . $exp->getUserId() . " and (rate = 0.00 || rate = 0) ", $connection) or die("Error In rate" . mysql_error()); if (mysql_num_rows($emptyRCquery) > 0) { $dv = new Criteria(); $dv->add(UserPeer::ID, $exp->getUserId()); $_thisUser = UserPeer::doSelectOne($dv); $rankUsersFinal[$i] = array("score" => $score['score'], "userid" => $exp->getUserId(), "category" => $this->cat, "createdat" => $_thisUser->getCreatedAt()); $newUser[$i] = array("score" => $score['score'], "userid" => $exp->getUserId(), "category" => $this->cat, "createdat" => $_thisUser->getCreatedAt()); $i++; } } else { $dv = new Criteria(); $dv->add(UserPeer::ID, $exp->getUserId()); $_thisUser = UserPeer::doSelectOne($dv); $rankUsersFinal[$i] = array("score" => $score['score'], "userid" => $exp->getUserId(), "category" => $this->cat, "createdat" => $_thisUser->getCreatedAt()); $newUser[$i] = array("score" => $score['score'], "userid" => $exp->getUserId(), "category" => $this->cat, "createdat" => $_thisUser->getCreatedAt()); $i++; } } } } } asort($newUser); arsort($newUser); asort($rankUsersFinal); arsort($rankUsersFinal); $this->rankCheckUsers = $rankUsersFinal; ////if no online expert available redirecting to the board page // // ant-edit get rid of adding notification bots right now $onlineusers = array(); $offlineusers = array(); $newOnlineUser = array(); $newOfflineUser = array(); $j = 0; $k = 0; // $facebookTutors = BotServiceProvider::createFor("http://facebook.rayku.com/tutor")->getContent(); // $onlineTutorsByNotificationBot = BotServiceProvider::createFor("http://notification-bot.rayku.com/tutor")->getContent(); // $Users = json_decode($facebookTutors, true); // $_Users = json_decode($onlineTutorsByNotificationBot, true); //Iterate through every user and check if they are online (either on fb gchat local rayku etc... foreach ($newUser as $new) { $a = new Criteria(); $a->add(UserPeer::ID, $new['userid']); $users_online = UserPeer::doSelectOne($a); $onlinecheck = ''; if ($users_online->isOnline()) { $onlinecheck = "online"; } // // ant-edit get rid of gtalk users for now if (empty($onlinecheck)) { $userGtalk = $users_online->getUserGtalk(); if ($userGtalk) { $onlinecheck = BotServiceProvider::createFor(sfConfig::get('app_rayku_url') . ':' . sfConfig::get('app_g_chat_port') . '/status/' . $userGtalk->getGtalkid())->getContent(); } } // if ((empty($onlinecheck) || ($onlinecheck != "online")) && is_array($Users)) { // $userFb = UserFbPeer::retrieveByUserId($new['userid']); // if ($userFb) { // $fb_username = $userFb->getFbUsername(); // foreach ($Users as $key => $user) { // if ($user['username'] == $fb_username) { // $onlinecheck = 'online'; // break; // } // } // } // } // if ((empty($onlinecheck) || ($onlinecheck != "online")) && is_array($_Users)) { // foreach ($_Users as $key => $_user) { // if ($_user['email'] == $users_online->getEmail()) { // $onlinecheck = 'online'; // break; // } // } // } //if user was online then store ; if ($onlinecheck == "online") { $onlineusers[$j] = $new['userid']; $newOnlineUser[$j] = array("score" => $new['score'], "userid" => $new['userid'], "category" => $new['category'], "createdat" => $new['createdat']); $j++; } elseif ($users_online->isOnline()) { $newOnlineUser[$j] = array("score" => $new['score'], "userid" => $new['userid'], "category" => $new['category'], "createdat" => $new['createdat']); $onlineusers[$j] = $new['userid']; $j++; } else { $newOfflineUser[$k] = array("score" => $new['score'], "userid" => $new['userid'], "category" => $new['category'], "createdat" => $new['createdat']); $offlineusers[$k] = $new['userid']; $k++; } } $this->newOnlineUser = $newOnlineUser; $this->newOfflineUser = $newOfflineUser; $this->_checkOnlineUsers = $onlineusers; if (count($onlineusers) < 1) { $this->redirect('http://' . RaykuCommon::getCurrentHttpDomain() . '/forum/newthread/' . $_SESSION['subject'] . '?exp_online = 1'); } $onoff = isset($_COOKIE['onoff']) ? $_COOKIE['onoff'] : null; if ($onoff == 1) { if (!empty($_COOKIE["school"])) { $cookieSchool = array(); $m = 0; foreach ($newOnlineUser as $new) { $b = new Criteria(); $b->add(UserPeer::ID, $new['userid']); $schoolusers = UserPeer::doSelectOne($b); $mail = explode("@", $schoolusers->getEmail()); $newMail = explode(".", $mail[1]); if ($newMail[0] == $_COOKIE["school"] || $newMail[1] == $_COOKIE["school"]) { $cookieSchool[$m] = $new; $m++; } } $this->expert_cats = $cookieSchool; } else { $this->expert_cats = $newOnlineUser; } } else { if ($onoff == 2) { if (!empty($_COOKIE["school"])) { $cookieSchool = array(); $m = 0; foreach ($newOfflineUser as $new) { $b = new Criteria(); $b->add(UserPeer::ID, $new['userid']); $schoolusers = UserPeer::doSelectOne($b); $mail = explode("@", $schoolusers->getEmail()); $newMail = explode(".", $mail[1]); if ($newMail[0] == $_COOKIE["school"] || $newMail[1] == $_COOKIE["school"]) { $cookieSchool[$m] = $new; $m++; } } $this->expert_cats = $cookieSchool; } else { $this->expert_cats = $newOfflineUser; } } else { if (!empty($_COOKIE["school"])) { $cookieSchool = array(); $m = 0; foreach ($newUser as $new) { $b = new Criteria(); $b->add(UserPeer::ID, $new['userid']); $schoolusers = UserPeer::doSelectOne($b); $mail = explode("@", $schoolusers->getEmail()); $newMail = explode(".", $mail[1]); if ($newMail[0] == $_COOKIE["school"] || $newMail[1] == $_COOKIE["school"]) { $cookieSchool[$m] = $new; $m++; } } $this->expert_cats = $cookieSchool; } else { $this->expert_cats = $newUser; } } } $this->tutorsCount = count($this->expert_cats); $c = new Criteria(); $c->add(CategoryPeer::ID, $this->cat); $this->e = CategoryPeer::doSelectOne($c); }
/** * Adds an object to the instance pool. * * Propel keeps cached copies of objects in an instance pool when they are retrieved * from the database. In some cases -- especially when you override doSelect*() * methods in your stub classes -- you may need to explicitly add objects * to the cache in order to ensure that the same objects are always returned by doSelect*() * and retrieveByPK*() calls. * * @param UserQuestionTag $value A UserQuestionTag object. * @param string $key (optional) key to use for instance map (for performance boost if key was already calculated externally). */ public static function addInstanceToPool(UserQuestionTag $obj, $key = null) { if (Propel::isInstancePoolingEnabled()) { if ($key === null) { $key = (string) $obj->getId(); } // if key === null self::$instances[$key] = $obj; } }