public function executeSubmitExam(sfWebRequest $request)
{
if ($request->isMethod(sfRequest::POST) && $request->hasParameter('security') && $request->hasParameter('year') && $request->hasParameter('descr')) {
$files = $request->getFiles();
$file = $files['file'];
$descr = $request->getParameter('descr');
if (isset($file) && strtoupper(substr($file['name'], -3, 3)) == 'PDF' && !helperFunctions::isMaliciousString($descr)) {
if ($request->getParameter("security") != $_SESSION['securityImage']) {
echo "<input type='text' id='status' value='Security'/>";
exit;
}
$year = $request->getParameter("year") . $request->getParameter("term");
// make directories if not exist
if (!is_dir("exams/custom")) {
if (!mkdir("exams/custom")) {
echo "<input type='text' id='status' value='Moving'/>";
exit;
}
}
$tgt_path = "exams/custom/" . $year;
if (!is_dir($tgt_path)) {
if (!mkdir($tgt_path)) {
echo "<input type='text' id='status' value='Moving'/>";
exit;
}
}
$fileName = time() . ".pdf";
if (move_uploaded_file($file['tmp_name'], $tgt_path . "/" . $fileName)) {
// register in db
$conn = Propel::getConnection();
$exam = new Exam();
$exam->setCourseId($request->getParameter("course"));
$exam->setFilePath($tgt_path . "/" . $fileName);
$exam->setYear($year);
$exam->setType($request->getParameter("type"));
$exam->setDescr($descr);
$exam->save($conn);
// send notification email
$ip = $_SERVER['REMOTE_ADDR'];
$msg = "Submitted by " . $ip . " [id=" . $exam->getId() . "]";
helperFunctions::sendEmailNotice("Exam Submission", $msg);
echo "<input type='text' id='status' value='Success'/>";
} else {
echo "<input type='text' id='status' value='Moving'/>";
}
} else {
echo "<input type='text' id='status' value='PDF'/>";
}
}
exit;
}
/**
* Ajax request to comment submission
* @param sfWebRequest $request
*/
public function executeAjaxCommentSubmission(sfWebRequest $request)
{
if ($request->isMethod(sfRequest::POST)) {
if (!$request->hasParameter("my_comment") || trim($request->getParameter("my_comment")) == "") {
echo "Comment cannot be empty.";
} elseif (!$request->hasParameter("term")) {
echo "Must choose a term.";
} elseif (!$request->hasParameter("year")) {
echo "Must choose a year.";
} elseif (!$request->hasParameter("security") || trim($request->getParameter("security")) == "") {
echo "Must type in the security string.";
} else {
// first, check for security string
$code = $_SESSION['securityImage'];
if (trim($request->getParameter("security")) != $code) {
echo "Security string does not match.";
return sfView::NONE;
}
// second, get the course object
$id = $request->getParameter("id");
$conn = Propel::getConnection();
$courseObj = CoursePeer::retrieveByPK($id, $conn);
if (!is_object($courseObj)) {
echo "Error with comment submission. Please try again later.";
return sfView::NONE;
}
// third, check for spam
$c = new Criteria();
$year = $request->getParameter("year");
$term = $request->getParameter("term");
$crit = $c->getNewCriterion(CourseCommentPeer::APPLIES_TO, $year . $term);
$c->addAnd($crit);
$_list = $courseObj->getCourseComments($c, $conn, true);
$ip = $_SERVER['REMOTE_ADDR'];
//FIXME i have disabled spam checking because computers in the computer lab might all have the same ip
/*$isSpam = false;
foreach ($_list as $commentObj){
if ($commentObj->getIp() == $ip){
$isSpam = true;
break;
}
}
if ($isSpam){
echo "You cannot comment on the same semester twice!";
return sfView::NONE;
}*/
// now we can save
try {
$_comment = trim($request->getParameter("my_comment"));
$date = date(skuleadminConst::TIMESTAMP_FORMAT);
$newComment = new CourseComment();
$newComment->setComment($_comment);
$newComment->setAppliesTo($year . $term);
$newComment->setApproved(0);
$newComment->setCourse($courseObj);
$newComment->setIp($ip);
$newComment->setInputDt($date);
$newComment->save($conn);
// send notification
$msg = "A new comment on [course=" . $courseObj->getId() . "; term=" . $year . $term . "] has been submitted by " . $ip . " on " . $date . ".\n\n";
$msg .= "Below is the main body of the comment:\n\n" . $_comment;
$msg .= "\n\nPlease access the siteadmin module: http://courses.skule.ca/siteadmin to approve the submission.";
helperFunctions::sendEmailNotice("Comment Submission", $msg);
echo "Submission successful. Pending moderator review.\n <script type='text/javascript'>eval(\"document.getElementById('commentInputBtns').style.display='none'; document.getElementById('commentSuccessBtns').style.display='block';\")</script>";
return sfView::NONE;
} catch (Exception $e) {
echo "Error with comment submission. Please try again later.";
helperFunctions::sendEmailNotice("Comment Submission Error", $e->getMessage());
return sfView::NONE;
}
}
}
return sfView::NONE;
}
/**
* Take the exam submission request and save it into database
* @param sfWebRequest $request
*/
public function executeSubmitExam(sfWebRequest $request)
{
//TODO: set up uniform display name for each exam/test uploaded so things don't get messy.
//i.e. instead of letting the user choose the display name, we'll appropriate it
//requested by David
set_time_limit(0);
if ($request->isMethod(sfRequest::POST) && $request->hasParameter('security') && $request->hasParameter('year') && $request->hasParameter('descr')) {
$files = $request->getFiles();
$file = $files['file'];
$descr = $request->getParameter('descr');
if (isset($file) && strtoupper(substr($file['name'], -3, 3)) == 'PDF' && !helperFunctions::isMaliciousString($descr)) {
if ($request->getParameter("security") != $_SESSION['securityImage']) {
echo "<input type='text' id='status' value='Security'/>";
return sfView::NONE;
}
$year = $request->getParameter("year") . $request->getParameter("term");
// make directories if not exist
if (!is_dir("exams/custom")) {
if (!mkdir("exams/custom")) {
echo "<input type='text' id='status' value='Moving'/>";
return sfView::NONE;
}
}
$tgt_path = "exams/custom/" . $year;
if (!is_dir($tgt_path)) {
if (!mkdir($tgt_path)) {
echo "<input type='text' id='status' value='Moving'/>";
return sfView::NONE;
}
}
// unique filename
$courseId = $request->getParameter("course");
$examType = $request->getParameter("type");
$examTypeAbbr = HelperFunctions::getExamTypeAbbr($examType);
$fileName = substr($courseId, 0, 6) . '_' . substr($year, 0, 4) . '_' . $examTypeAbbr . '_' . time() . ".pdf";
if (move_uploaded_file($file['tmp_name'], $tgt_path . "/" . $fileName)) {
try {
// register in db
$conn = Propel::getConnection();
$exam = new Exam();
$exam->setCourseId($courseId);
$exam->setFilePath($tgt_path . "/" . $fileName);
$exam->setYear($year);
$exam->setType($examType);
$exam->setDescr($descr);
$exam->save($conn);
// send notification email
$ip = $_SERVER['REMOTE_ADDR'];
$msg = "A new exam on [title=" . $exam->getDescr() . "; course=" . $exam->getCourseId() . "; year=" . $exam->getYear() . "; id=" . $exam->getId() . "] has been submitted by " . $ip . " on " . date('Y-m-d H:i:s') . ".";
helperFunctions::sendEmailNotice("Exam Submission", $msg);
echo "<input type='text' id='status' value='Success'/>";
} catch (Exception $e) {
echo "<input type='text' id='status' value='Saving'/>";
// send error email
helperFunctions::sendEmailNotice("Exam Submission Error", $e->getMessage());
}
} else {
echo "<input type='text' id='status' value='Moving'/>";
}
} else {
echo "<input type='text' id='status' value='PDF'/>";
}
return sfView::NONE;
} else {
$this->forward404();
}
}