/** * Executes query and hydrate this object * * @param string $query the query being searched for */ public function query($query, PropelPDO $propelConnection = null) { $refQuery = trim($query); if (strlen($refQuery) < 3) { throw new Exception("Too few characters in the query string"); } elseif (helperFunctions::isMaliciousString($refQuery)) { throw new Exception("Malicious string detected. Are you trying to wreck our system?"); } else { // search for courses $c = new Criteria(); $idCrit = $c->getNewCriterion(CoursePeer::ID, $refQuery . "%", Criteria::LIKE); $nameCrit = $c->getNewCriterion(CoursePeer::DESCR, "%" . $refQuery . "%", Criteria::LIKE); $idCrit->addOr($nameCrit); $c->addAnd($idCrit); $c->setDistinct(); $c->addAscendingOrderByColumn(CoursePeer::ID); $this->_courseList = CoursePeer::doselect($c, $propelConnection); // search for professors $c = new Criteria(); $firstNameCrit = $c->getNewCriterion(InstructorPeer::FIRST_NAME, "%" . $refQuery . "%", Criteria::LIKE); $lastNameCrit = $c->getNewCriterion(InstructorPeer::LAST_NAME, "%" . $refQuery . "%", Criteria::LIKE); $firstNameCrit->addOr($lastNameCrit); $c->addAnd($firstNameCrit); $c->setDistinct(); $c->addAscendingOrderByColumn(InstructorPeer::LAST_NAME); $this->_profList = InstructorPeer::doSelect($c, $propelConnection); // search for programs $c = new Criteria(); $descrCrit = $c->getNewCriterion(DisciplinePeer::DESCR, "%" . $refQuery . "%", Criteria::LIKE); $c->addAnd($descrCrit); $c->setDistinct(); $c->addAscendingOrderByColumn(DisciplinePeer::DESCR); $this->_programList = DisciplinePeer::doSelect($c, $propelConnection); } }
public function executeLogin(sfWebRequest $request) { if (helperFunctions::isLoggedIn($request)) { $this->redirect("siteadmin/index"); } if ($request->isMethod(sfRequest::POST) && $request->hasParameter('username') && $request->hasParameter('password')) { $username = $request->getParameter("username"); $password = $request->getParameter("password"); if (helperFunctions::isMaliciousString($username) || helperFunctions::isMaliciousString($password)) { $this->error = "* Malicious keywords detected. Do not attempt this again!"; } else { $conn = Propel::getConnection(); $admin = UserPeer::retrieveByPK($username, $conn); if (!is_object($admin) || $admin->getPassword() != $password) { $this->error = "* Incorrect credentials."; } elseif ($admin->getTypeId() != EnumItemPeer::USER_ADMIN) { $this->error = "* You do not have enough clearance to access this section."; } else { $this->getResponse()->setCookie('username', $username); // redirect to whatever page the user came from if ($request->hasParameter("redirect")) { $redirect = $request->getParameter("redirect"); } else { $redirect = "siteadmin/index"; } $this->redirect($redirect); } } } }
public function executeSubmitExam(sfWebRequest $request) { if ($request->isMethod(sfRequest::POST) && $request->hasParameter('security') && $request->hasParameter('year') && $request->hasParameter('descr')) { $files = $request->getFiles(); $file = $files['file']; $descr = $request->getParameter('descr'); if (isset($file) && strtoupper(substr($file['name'], -3, 3)) == 'PDF' && !helperFunctions::isMaliciousString($descr)) { if ($request->getParameter("security") != $_SESSION['securityImage']) { echo "<input type='text' id='status' value='Security'/>"; exit; } $year = $request->getParameter("year") . $request->getParameter("term"); // make directories if not exist if (!is_dir("exams/custom")) { if (!mkdir("exams/custom")) { echo "<input type='text' id='status' value='Moving'/>"; exit; } } $tgt_path = "exams/custom/" . $year; if (!is_dir($tgt_path)) { if (!mkdir($tgt_path)) { echo "<input type='text' id='status' value='Moving'/>"; exit; } } $fileName = time() . ".pdf"; if (move_uploaded_file($file['tmp_name'], $tgt_path . "/" . $fileName)) { // register in db $conn = Propel::getConnection(); $exam = new Exam(); $exam->setCourseId($request->getParameter("course")); $exam->setFilePath($tgt_path . "/" . $fileName); $exam->setYear($year); $exam->setType($request->getParameter("type")); $exam->setDescr($descr); $exam->save($conn); // send notification email $ip = $_SERVER['REMOTE_ADDR']; $msg = "Submitted by " . $ip . " [id=" . $exam->getId() . "]"; helperFunctions::sendEmailNotice("Exam Submission", $msg); echo "<input type='text' id='status' value='Success'/>"; } else { echo "<input type='text' id='status' value='Moving'/>"; } } else { echo "<input type='text' id='status' value='PDF'/>"; } } exit; }
public function executeSearchByProgram(sfWebRequest $request) { $conn = Propel::getConnection(); $today = getdate(); $this->searchType = searchActions::SEARCH_BY_PROGRAM; $rawProgList = DisciplinePeer::doSelectAll($conn); $this->programList = array(); foreach ($rawProgList as $obj) { $this->programList[$obj->getId()] = $obj->getDescr(); } $this->yearList = array("0" => "All", "1" => "First Year", "2" => "Second Year", "3" => "Third Year", "4" => "Fourth Year"); if ($request->hasParameter("year") && $request->hasParameter("program")) { $this->programId = $request->getParameter("program"); if (helperFunctions::isMaliciousString($this->programId)) { $this->forward404(); } $this->year = $request->getParameter("year"); if (helperFunctions::isMaliciousString($this->year)) { $this->forward404(); } // get result set $discipline = DisciplinePeer::retrieveByPK($this->programId, $conn); if (!is_object($discipline)) { $this->forward404(); } $this->resultTitle = "Results for " . $discipline->getDescr(); $this->results = CoursePeer::findCoursesByDisciplineIdAndYear($this->programId, $this->year, $conn); } else { $this->programId = $rawProgList[0]->getId(); $this->year = 1; } }
/** * Take the exam submission request and save it into database * @param sfWebRequest $request */ public function executeSubmitExam(sfWebRequest $request) { //TODO: set up uniform display name for each exam/test uploaded so things don't get messy. //i.e. instead of letting the user choose the display name, we'll appropriate it //requested by David set_time_limit(0); if ($request->isMethod(sfRequest::POST) && $request->hasParameter('security') && $request->hasParameter('year') && $request->hasParameter('descr')) { $files = $request->getFiles(); $file = $files['file']; $descr = $request->getParameter('descr'); if (isset($file) && strtoupper(substr($file['name'], -3, 3)) == 'PDF' && !helperFunctions::isMaliciousString($descr)) { if ($request->getParameter("security") != $_SESSION['securityImage']) { echo "<input type='text' id='status' value='Security'/>"; return sfView::NONE; } $year = $request->getParameter("year") . $request->getParameter("term"); // make directories if not exist if (!is_dir("exams/custom")) { if (!mkdir("exams/custom")) { echo "<input type='text' id='status' value='Moving'/>"; return sfView::NONE; } } $tgt_path = "exams/custom/" . $year; if (!is_dir($tgt_path)) { if (!mkdir($tgt_path)) { echo "<input type='text' id='status' value='Moving'/>"; return sfView::NONE; } } // unique filename $courseId = $request->getParameter("course"); $examType = $request->getParameter("type"); $examTypeAbbr = HelperFunctions::getExamTypeAbbr($examType); $fileName = substr($courseId, 0, 6) . '_' . substr($year, 0, 4) . '_' . $examTypeAbbr . '_' . time() . ".pdf"; if (move_uploaded_file($file['tmp_name'], $tgt_path . "/" . $fileName)) { try { // register in db $conn = Propel::getConnection(); $exam = new Exam(); $exam->setCourseId($courseId); $exam->setFilePath($tgt_path . "/" . $fileName); $exam->setYear($year); $exam->setType($examType); $exam->setDescr($descr); $exam->save($conn); // send notification email $ip = $_SERVER['REMOTE_ADDR']; $msg = "A new exam on [title=" . $exam->getDescr() . "; course=" . $exam->getCourseId() . "; year=" . $exam->getYear() . "; id=" . $exam->getId() . "] has been submitted by " . $ip . " on " . date('Y-m-d H:i:s') . "."; helperFunctions::sendEmailNotice("Exam Submission", $msg); echo "<input type='text' id='status' value='Success'/>"; } catch (Exception $e) { echo "<input type='text' id='status' value='Saving'/>"; // send error email helperFunctions::sendEmailNotice("Exam Submission Error", $e->getMessage()); } } else { echo "<input type='text' id='status' value='Moving'/>"; } } else { echo "<input type='text' id='status' value='PDF'/>"; } return sfView::NONE; } else { $this->forward404(); } }