/**
* Executes query and hydrate this object
*
* @param string $query the query being searched for
*/
public function query($query, PropelPDO $propelConnection = null)
{
$refQuery = trim($query);
if (strlen($refQuery) < 3) {
throw new Exception("Too few characters in the query string");
} elseif (helperFunctions::isMaliciousString($refQuery)) {
throw new Exception("Malicious string detected. Are you trying to wreck our system?");
} else {
// search for courses
$c = new Criteria();
$idCrit = $c->getNewCriterion(CoursePeer::ID, $refQuery . "%", Criteria::LIKE);
$nameCrit = $c->getNewCriterion(CoursePeer::DESCR, "%" . $refQuery . "%", Criteria::LIKE);
$idCrit->addOr($nameCrit);
$c->addAnd($idCrit);
$c->setDistinct();
$c->addAscendingOrderByColumn(CoursePeer::ID);
$this->_courseList = CoursePeer::doselect($c, $propelConnection);
// search for professors
$c = new Criteria();
$firstNameCrit = $c->getNewCriterion(InstructorPeer::FIRST_NAME, "%" . $refQuery . "%", Criteria::LIKE);
$lastNameCrit = $c->getNewCriterion(InstructorPeer::LAST_NAME, "%" . $refQuery . "%", Criteria::LIKE);
$firstNameCrit->addOr($lastNameCrit);
$c->addAnd($firstNameCrit);
$c->setDistinct();
$c->addAscendingOrderByColumn(InstructorPeer::LAST_NAME);
$this->_profList = InstructorPeer::doSelect($c, $propelConnection);
// search for programs
$c = new Criteria();
$descrCrit = $c->getNewCriterion(DisciplinePeer::DESCR, "%" . $refQuery . "%", Criteria::LIKE);
$c->addAnd($descrCrit);
$c->setDistinct();
$c->addAscendingOrderByColumn(DisciplinePeer::DESCR);
$this->_programList = DisciplinePeer::doSelect($c, $propelConnection);
}
}
public function executeLogin(sfWebRequest $request)
{
if (helperFunctions::isLoggedIn($request)) {
$this->redirect("siteadmin/index");
}
if ($request->isMethod(sfRequest::POST) && $request->hasParameter('username') && $request->hasParameter('password')) {
$username = $request->getParameter("username");
$password = $request->getParameter("password");
if (helperFunctions::isMaliciousString($username) || helperFunctions::isMaliciousString($password)) {
$this->error = "* Malicious keywords detected. Do not attempt this again!";
} else {
$conn = Propel::getConnection();
$admin = UserPeer::retrieveByPK($username, $conn);
if (!is_object($admin) || $admin->getPassword() != $password) {
$this->error = "* Incorrect credentials.";
} elseif ($admin->getTypeId() != EnumItemPeer::USER_ADMIN) {
$this->error = "* You do not have enough clearance to access this section.";
} else {
$this->getResponse()->setCookie('username', $username);
// redirect to whatever page the user came from
if ($request->hasParameter("redirect")) {
$redirect = $request->getParameter("redirect");
} else {
$redirect = "siteadmin/index";
}
$this->redirect($redirect);
}
}
}
}
public function executeSubmitExam(sfWebRequest $request)
{
if ($request->isMethod(sfRequest::POST) && $request->hasParameter('security') && $request->hasParameter('year') && $request->hasParameter('descr')) {
$files = $request->getFiles();
$file = $files['file'];
$descr = $request->getParameter('descr');
if (isset($file) && strtoupper(substr($file['name'], -3, 3)) == 'PDF' && !helperFunctions::isMaliciousString($descr)) {
if ($request->getParameter("security") != $_SESSION['securityImage']) {
echo "<input type='text' id='status' value='Security'/>";
exit;
}
$year = $request->getParameter("year") . $request->getParameter("term");
// make directories if not exist
if (!is_dir("exams/custom")) {
if (!mkdir("exams/custom")) {
echo "<input type='text' id='status' value='Moving'/>";
exit;
}
}
$tgt_path = "exams/custom/" . $year;
if (!is_dir($tgt_path)) {
if (!mkdir($tgt_path)) {
echo "<input type='text' id='status' value='Moving'/>";
exit;
}
}
$fileName = time() . ".pdf";
if (move_uploaded_file($file['tmp_name'], $tgt_path . "/" . $fileName)) {
// register in db
$conn = Propel::getConnection();
$exam = new Exam();
$exam->setCourseId($request->getParameter("course"));
$exam->setFilePath($tgt_path . "/" . $fileName);
$exam->setYear($year);
$exam->setType($request->getParameter("type"));
$exam->setDescr($descr);
$exam->save($conn);
// send notification email
$ip = $_SERVER['REMOTE_ADDR'];
$msg = "Submitted by " . $ip . " [id=" . $exam->getId() . "]";
helperFunctions::sendEmailNotice("Exam Submission", $msg);
echo "<input type='text' id='status' value='Success'/>";
} else {
echo "<input type='text' id='status' value='Moving'/>";
}
} else {
echo "<input type='text' id='status' value='PDF'/>";
}
}
exit;
}
public function executeSearchByProgram(sfWebRequest $request)
{
$conn = Propel::getConnection();
$today = getdate();
$this->searchType = searchActions::SEARCH_BY_PROGRAM;
$rawProgList = DisciplinePeer::doSelectAll($conn);
$this->programList = array();
foreach ($rawProgList as $obj) {
$this->programList[$obj->getId()] = $obj->getDescr();
}
$this->yearList = array("0" => "All", "1" => "First Year", "2" => "Second Year", "3" => "Third Year", "4" => "Fourth Year");
if ($request->hasParameter("year") && $request->hasParameter("program")) {
$this->programId = $request->getParameter("program");
if (helperFunctions::isMaliciousString($this->programId)) {
$this->forward404();
}
$this->year = $request->getParameter("year");
if (helperFunctions::isMaliciousString($this->year)) {
$this->forward404();
}
// get result set
$discipline = DisciplinePeer::retrieveByPK($this->programId, $conn);
if (!is_object($discipline)) {
$this->forward404();
}
$this->resultTitle = "Results for " . $discipline->getDescr();
$this->results = CoursePeer::findCoursesByDisciplineIdAndYear($this->programId, $this->year, $conn);
} else {
$this->programId = $rawProgList[0]->getId();
$this->year = 1;
}
}
/**
* Take the exam submission request and save it into database
* @param sfWebRequest $request
*/
public function executeSubmitExam(sfWebRequest $request)
{
//TODO: set up uniform display name for each exam/test uploaded so things don't get messy.
//i.e. instead of letting the user choose the display name, we'll appropriate it
//requested by David
set_time_limit(0);
if ($request->isMethod(sfRequest::POST) && $request->hasParameter('security') && $request->hasParameter('year') && $request->hasParameter('descr')) {
$files = $request->getFiles();
$file = $files['file'];
$descr = $request->getParameter('descr');
if (isset($file) && strtoupper(substr($file['name'], -3, 3)) == 'PDF' && !helperFunctions::isMaliciousString($descr)) {
if ($request->getParameter("security") != $_SESSION['securityImage']) {
echo "<input type='text' id='status' value='Security'/>";
return sfView::NONE;
}
$year = $request->getParameter("year") . $request->getParameter("term");
// make directories if not exist
if (!is_dir("exams/custom")) {
if (!mkdir("exams/custom")) {
echo "<input type='text' id='status' value='Moving'/>";
return sfView::NONE;
}
}
$tgt_path = "exams/custom/" . $year;
if (!is_dir($tgt_path)) {
if (!mkdir($tgt_path)) {
echo "<input type='text' id='status' value='Moving'/>";
return sfView::NONE;
}
}
// unique filename
$courseId = $request->getParameter("course");
$examType = $request->getParameter("type");
$examTypeAbbr = HelperFunctions::getExamTypeAbbr($examType);
$fileName = substr($courseId, 0, 6) . '_' . substr($year, 0, 4) . '_' . $examTypeAbbr . '_' . time() . ".pdf";
if (move_uploaded_file($file['tmp_name'], $tgt_path . "/" . $fileName)) {
try {
// register in db
$conn = Propel::getConnection();
$exam = new Exam();
$exam->setCourseId($courseId);
$exam->setFilePath($tgt_path . "/" . $fileName);
$exam->setYear($year);
$exam->setType($examType);
$exam->setDescr($descr);
$exam->save($conn);
// send notification email
$ip = $_SERVER['REMOTE_ADDR'];
$msg = "A new exam on [title=" . $exam->getDescr() . "; course=" . $exam->getCourseId() . "; year=" . $exam->getYear() . "; id=" . $exam->getId() . "] has been submitted by " . $ip . " on " . date('Y-m-d H:i:s') . ".";
helperFunctions::sendEmailNotice("Exam Submission", $msg);
echo "<input type='text' id='status' value='Success'/>";
} catch (Exception $e) {
echo "<input type='text' id='status' value='Saving'/>";
// send error email
helperFunctions::sendEmailNotice("Exam Submission Error", $e->getMessage());
}
} else {
echo "<input type='text' id='status' value='Moving'/>";
}
} else {
echo "<input type='text' id='status' value='PDF'/>";
}
return sfView::NONE;
} else {
$this->forward404();
}
}
