public function getAjaxPOIsAction(Request $request, $long1, $lat1, $long2, $lat2, $token) { // 1) We will check for the token, to avoid people atacking this url $csrf = $this->get('security.csrf.token_manager'); $csrfToken = $csrf->getToken('ajaxinmaps'); // The same key used when generating the map at indexAction() if ($token != $csrfToken) { $response = new Response(); $response->setStatusCode(403); // Forbidden return $response; } // 2) Check throttling $session = $this->get('session'); $noPolygonsUntil = $session->get('nopolygonsuntil'); $new = new \DateTime(); $now = new \DateTime(); $session->set('nopolygonsuntil', $new->add(new \DateInterval('PT2S'))); if (isset($noPolygonsUntil) && $now->diff($noPolygonsUntil)->invert == 0) { $response = new Response(); $response->setStatusCode(503); //Unavailable return $response; } // Get the data $em = $this->getDoctrine()->getManager(); $results = $em->getRepository('AppBundle:POI')->findBySquare($long1, $lat1, $long2, $lat2, 100, true); // 5) Construct the geojsonobject $features = array(); $router = $this->get('router'); $img = new Image(); $lm = $this->get('liip_imagine.cache.manager'); foreach ($results as $res) { if (isset($res['image_id'])) { $img_url = $lm->getBrowserPath($img->getRelativeFileName($res['image_id']), 'thumb_inbound_125x125'); } else { $img_url = ''; } $features[] = array('type' => 'Feature', 'properties' => array('id' => $res['id'], 'title' => $res['title'], 'url' => $router->generate('place', array('slug' => $res['slug'])), 'img_url' => $img_url, 'karma' => $res['karma']), 'geometry' => json_decode($res['coordinate_json'])); } $obj = array('type' => 'FeatureCollection', 'features' => $features); // 6) Return ajax response $response = new Response(json_encode($obj)); $response->headers->set('Content-Type', 'application/json'); return $response; }