Exemplo n.º 1
0
 public function execute($request)
 {
     $connection = RaykuCommon::getDatabaseConnection();
     $logedUserId = $_SESSION['symfony/user/sfUser/attributes']['symfony/user/sfUser/attributes']['user_id'];
     $currentUser = $this->getUser()->getRaykuUser();
     $userId = $currentUser->getId();
     $this->userId = $currentUser->getId();
     $time = time();
     $this->cat = $this->getRequestParameter('category');
     $this->course_id = $this->getRequestParameter('course');
     if (empty($this->course_id)) {
         if (!empty($_SESSION['course_id'])) {
             $this->course_id = $_SESSION['course_id'];
         } else {
             $this->course_id = 1;
         }
     } else {
         $_SESSION['course_id'] = $this->course_id;
     }
     if (empty($this->cat)) {
         if (!empty($_SESSION['subject'])) {
             $this->cat = $_SESSION['subject'];
         } else {
             $this->cat = 1;
         }
     } else {
         $_SESSION['subject'] = $this->cat;
     }
     if (empty($_SESSION["course_id"])) {
         $_SESSION["course_id"] = '1';
     }
     /* Quick Registration Users - Listing Tutors */
     if ($this->studentFromQuickRegistrationAskingAQuestion()) {
         $_dash_question = '';
         $_dash_course_id = '';
         $_school = '';
         $_dash_education = '';
         $_dash_code_id = '';
         $_dash_year = '';
         $_SESSION['subject'] = 1;
         $_dash_education = $_SESSION['edu'];
         $_dash_course_id = $_SESSION['course_id'];
         if ($_dash_course_id) {
             $queryCname = mysql_query("select * from courses where id ='" . $_dash_course_id . "'", $connection) or die(mysql_error());
             $rowCoursename = mysql_fetch_array($queryCname);
             $_SESSION['course_name_sess'] = $rowCoursename['course_name'];
         }
         if (strtolower($_SESSION['year']) != "Choose year") {
             $_dash_year = trim($_SESSION['year']);
         } elseif (strtolower($_SESSION['grade']) != "Choose grade") {
             $_dash_year = trim($_SESSION['grade']);
         }
         $c = new Criteria();
         $c->add(UserQuestionTagPeer::CATEGORY_ID, 1);
         $c->add(UserQuestionTagPeer::USER_ID, $userId);
         $c->add(UserQuestionTagPeer::COURSE_ID, $_dash_course_id);
         $c->add(UserQuestionTagPeer::COURSE_CODE, $_dash_code_id);
         $c->add(UserQuestionTagPeer::EDUCATION, $_dash_education);
         $c->add(UserQuestionTagPeer::SCHOOL, $_school);
         $c->add(UserQuestionTagPeer::YEAR, $_dash_year);
         $userQuestionTag = UserQuestionTagPeer::doSelectOne($c);
         if ($userQuestionTag) {
             $userQuestionTag->delete();
         }
         $userQuestionTag = new UserQuestionTag();
         $userQuestionTag->setUserId($userId);
         $userQuestionTag->setCategoryId(1);
         $userQuestionTag->setCourseId($_dash_course_id);
         $userQuestionTag->setCourseCode($_dash_code_id);
         $userQuestionTag->setEducation($_dash_education);
         $userQuestionTag->setSchool($_school);
         $userQuestionTag->setYear($_dash_year);
         $userQuestionTag->setQuestion($_SESSION['question']);
         $userQuestionTag->save();
     } else {
         if ($this->loggedStudentAsksAQuestion()) {
             $_dash_question = '';
             $_dash_course_id = '';
             $_school = '';
             $_dash_education = '';
             $_dash_code_id = '';
             $_dash_year = '';
             $_dash_question = $_POST['question'];
             $_SESSION['question'] = $_dash_question;
             $_SESSION['subject'] = 1;
             if (!empty($_POST['course_category_hidden'])) {
                 $course_name = trim($_POST['course_category_hidden']);
                 $_SESSION['course_name_sess'] = $course_name;
                 $_queryCourse = mysql_query("select * from courses where course_name ='" . $course_name . "' ", $connection) or die(mysql_error());
                 $_rowCourse = mysql_fetch_assoc($_queryCourse);
                 $_dash_course_id = $_rowCourse['id'];
                 $_SESSION["course_id"] = $_dash_course_id;
             }
             $_dash_education = $_POST['edu'];
             /* Student Confirmation */
             $_SESSION['edu'] = $_dash_education;
             if (strtolower($_POST['year_hidden']) != "choose year") {
                 $_dash_year = trim($_POST['year_hidden']);
                 /* student confirmation */
                 $_SESSION['year'] = $_dash_year;
             } elseif (strtolower($_POST['grade_hidden']) != "choose grade") {
                 $_dash_year = trim($_POST['grade_hidden']);
                 /* student confirmation */
                 $_SESSION['grade'] = $_dash_year;
             }
             $c = new Criteria();
             $c->add(UserQuestionTagPeer::CATEGORY_ID, 1);
             $c->add(UserQuestionTagPeer::USER_ID, $userId);
             $c->add(UserQuestionTagPeer::COURSE_ID, $_dash_course_id);
             $c->add(UserQuestionTagPeer::COURSE_CODE, $_dash_code_id);
             $c->add(UserQuestionTagPeer::EDUCATION, $_dash_education);
             $c->add(UserQuestionTagPeer::SCHOOL, $_school);
             $c->add(UserQuestionTagPeer::YEAR, $_dash_year);
             $userQuestionTag = UserQuestionTagPeer::doSelectOne($c);
             if ($userQuestionTag) {
                 $userQuestionTag->delete();
             }
             $userQuestionTag = new UserQuestionTag();
             $userQuestionTag->setUserId($userId);
             $userQuestionTag->setCategoryId(1);
             $userQuestionTag->setCourseId($_dash_course_id);
             $userQuestionTag->setCourseCode($_dash_code_id);
             $userQuestionTag->setEducation($_dash_education);
             $userQuestionTag->setSchool($_school);
             $userQuestionTag->setYear($_dash_year);
             $userQuestionTag->setQuestion($_POST['question']);
             $userQuestionTag->save();
         }
     }
     /**
      * @todo - below block of code could be extracted to separate action 
      */
     if (!empty($_POST['hidden'])) {
         $count = count($_POST['checkbox']);
         /* Clearing Cookies */
         if (isset($_COOKIE['cookcount'])) {
             for ($u = $_COOKIE['cookcount']; $u >= 1; $u--) {
                 $cookname = 'expert_' . $u;
                 setcookie($cookname, '', time() - 3600, "/", sfConfig::get('app_cookies_domain'));
             }
         }
         setcookie("expertscount", '', time() - 3600, "/", sfConfig::get('app_cookies_domain'));
         setcookie("cooktotal", '', time() - 3600, "/", sfConfig::get('app_cookies_domain'));
         /* Clearing Cookies */
         if ($count == 4) {
             $close = 46000;
             $_SESSION['connected_tutors'] = 4;
         } else {
             if ($count == 3) {
                 $close = 46000;
                 $_SESSION['connected_tutors'] = 3;
             } else {
                 if ($count == 2) {
                     $close = 61000;
                     $_SESSION['connected_tutors'] = 2;
                 } else {
                     if ($count == 1) {
                         $close = 61000;
                         $_SESSION['connected_tutors'] = 1;
                     } else {
                         $close = 61000;
                         $_SESSION['connected_tutors'] = 1;
                     }
                 }
             }
         }
         $j = 0;
         $c = new Criteria();
         $c->add(UserQuestionTagPeer::USER_ID, $userId);
         $c->addDescendingOrderByColumn(UserQuestionTagPeer::ID);
         $userQuestionTag = UserQuestionTagPeer::doSelectOne($c);
         $course_code = '';
         $year = '';
         $course_id = '1';
         $school = '';
         if ($userQuestionTag) {
             $course_id = $userQuestionTag->getCourseId();
             $course_code = $userQuestionTag->getCourseCode();
             $year = $userQuestionTag->getYear();
             $school = $userQuestionTag->getSchool();
             if ($userQuestionTag->getEducation() == 2) {
                 $school = "High School";
             }
         }
         // this is where the sql injection error is happening, fix this
         // escape single quotes
         for ($i = 0; $i < $count; $i++) {
             mysql_query("INSERT INTO `user_expert` (`user_id`, `checked_id`, `category_id`, course_id, `question`, `exe_order`, `time`,course_code, year, school, status, close) VALUES ('" . mysql_real_escape_string($userId) . "', '" . mysql_real_escape_string($_POST['checkbox'][$i]) . "', " . mysql_real_escape_string($this->cat) . ", " . mysql_real_escape_string($course_id) . ",'" . mysql_real_escape_string($_SESSION['question']) . "','" . mysql_real_escape_string(++$j) . "', '" . mysql_real_escape_string($time) . "', '" . mysql_real_escape_string($course_code) . "', '" . mysql_real_escape_string($year) . "', '" . mysql_real_escape_string($school) . "', 1, " . mysql_real_escape_string($close) . ") ", $connection) or die("Error In Insert-->" . mysql_error());
         }
         /* Notify same tutor again */
         $l = 0;
         $source = 'expertmanager';
         mysql_query("DELETE FROM `student_questions` WHERE user_id = " . $userId . "", $connection);
         for ($i = 0; $i < $count; $i++) {
             $question = new StudentQuestion();
             $question->setStudentId($userId);
             $question->setTutorId($_POST['checkbox'][$i]);
             $question->setCategoryId($this->cat);
             $question->setCourseId($course_id);
             $question->setQuestion($_SESSION['question']);
             $question->setExeOrder(++$l);
             $question->setTime($time);
             $question->setCourseCode($course_code);
             $question->setYear($year);
             $question->setSchool($school);
             $question->setStatus(1);
             $question->setClose($close);
             $question->setSource($source);
             $question->save();
         }
         setcookie("asker_que", urldecode($_SESSION['question']), time() + 600, "/", sfConfig::get('app_cookies_domain'));
         $this->getResponse()->setCookie("redirection", 1, time() + 600, '/', sfConfig::get('app_cookies_domain'));
         $this->getResponse()->setCookie("forumsub", $_SESSION['subject'], time() + 600, '/', sfConfig::get('app_cookies_domain'));
         $this->redirect('expertmanager/connect');
     }
     $logedUserId = $_SESSION['symfony/user/sfUser/attributes']['symfony/user/sfUser/attributes']['user_id'];
     $c = new Criteria();
     $c->addJoin(ExpertCategoryPeer::USER_ID, UserTutorPeer::USERID, Criteria::INNER_JOIN);
     if ($this->cat == 5) {
         $experts = ExpertCategoryPeer::doSelect($c);
     } else {
         $c->add(ExpertCategoryPeer::CATEGORY_ID, $this->cat);
         $experts = ExpertCategoryPeer::doSelect($c);
     }
     $queryPoints = mysql_query("select * from user where id = " . $userId, $connection) or die("Error In rate" . mysql_error());
     if (mysql_num_rows($queryPoints) > 0) {
         $rowPoints = mysql_fetch_assoc($queryPoints);
         $_points = $rowPoints['points'];
     }
     $newUser = array();
     $i = 0;
     $eachExpertOnlyOnce = array();
     foreach ($experts as $exp) {
         if ($userId != $exp->getUserId()) {
             if (in_array($exp->getUserId(), $eachExpertOnlyOnce)) {
                 continue;
             }
             $eachExpertOnlyOnce[] = $exp->getUserId();
             $_queryCourse = '';
             $tutorsq = mysql_query("select * from tutor_profile where category = 1 and user_id = " . $exp->getUserId() . "", $connection) or die("Er-1-->" . mysql_error());
             $tutors = mysql_fetch_array($tutorsq);
             $tutor = '';
             $tutor = explode("-", $tutors['course_id']);
             if (in_array($_SESSION["course_id"], $tutor)) {
                 $_queryCourse = mysql_query("select * from tutor_profile where category = 1 and user_id = " . $exp->getUserId() . "", $connection) or die("Er-1-->" . mysql_error());
             }
             if ($_queryCourse && mysql_num_rows($_queryCourse) > 0) {
                 $query = mysql_query("select * from user_score where user_id = " . $exp->getUserId(), $connection) or die(mysql_error());
                 $score = mysql_fetch_assoc($query);
                 if ($score['score'] != 0) {
                     if ($_points == '' || $_points == '0.00') {
                         $emptyRCquery = mysql_query("select * from user_rate where userid = " . $exp->getUserId() . " and (rate = 0.00 || rate = 0) ", $connection) or die("Error In rate" . mysql_error());
                         if (mysql_num_rows($emptyRCquery) > 0) {
                             $dv = new Criteria();
                             $dv->add(UserPeer::ID, $exp->getUserId());
                             $_thisUser = UserPeer::doSelectOne($dv);
                             $rankUsersFinal[$i] = array("score" => $score['score'], "userid" => $exp->getUserId(), "category" => $this->cat, "createdat" => $_thisUser->getCreatedAt());
                             $newUser[$i] = array("score" => $score['score'], "userid" => $exp->getUserId(), "category" => $this->cat, "createdat" => $_thisUser->getCreatedAt());
                             $i++;
                         }
                     } else {
                         $dv = new Criteria();
                         $dv->add(UserPeer::ID, $exp->getUserId());
                         $_thisUser = UserPeer::doSelectOne($dv);
                         $rankUsersFinal[$i] = array("score" => $score['score'], "userid" => $exp->getUserId(), "category" => $this->cat, "createdat" => $_thisUser->getCreatedAt());
                         $newUser[$i] = array("score" => $score['score'], "userid" => $exp->getUserId(), "category" => $this->cat, "createdat" => $_thisUser->getCreatedAt());
                         $i++;
                     }
                 }
             }
         }
     }
     asort($newUser);
     arsort($newUser);
     asort($rankUsersFinal);
     arsort($rankUsersFinal);
     $this->rankCheckUsers = $rankUsersFinal;
     ////if no online expert available redirecting to the board page
     // // ant-edit get rid of adding notification bots right now
     $onlineusers = array();
     $offlineusers = array();
     $newOnlineUser = array();
     $newOfflineUser = array();
     $j = 0;
     $k = 0;
     // $facebookTutors = BotServiceProvider::createFor("http://facebook.rayku.com/tutor")->getContent();
     // $onlineTutorsByNotificationBot = BotServiceProvider::createFor("http://notification-bot.rayku.com/tutor")->getContent();
     // $Users = json_decode($facebookTutors, true);
     // $_Users = json_decode($onlineTutorsByNotificationBot, true);
     //Iterate through every user and check if they are online (either on fb gchat local rayku etc...
     foreach ($newUser as $new) {
         $a = new Criteria();
         $a->add(UserPeer::ID, $new['userid']);
         $users_online = UserPeer::doSelectOne($a);
         $onlinecheck = '';
         if ($users_online->isOnline()) {
             $onlinecheck = "online";
         }
         // // ant-edit get rid of gtalk users for now
         if (empty($onlinecheck)) {
             $userGtalk = $users_online->getUserGtalk();
             if ($userGtalk) {
                 $onlinecheck = BotServiceProvider::createFor(sfConfig::get('app_rayku_url') . ':' . sfConfig::get('app_g_chat_port') . '/status/' . $userGtalk->getGtalkid())->getContent();
             }
         }
         // if ((empty($onlinecheck) || ($onlinecheck != "online")) && is_array($Users)) {
         //     $userFb = UserFbPeer::retrieveByUserId($new['userid']);
         //     if ($userFb) {
         //         $fb_username = $userFb->getFbUsername();
         //         foreach ($Users as $key => $user) {
         //             if ($user['username'] == $fb_username) {
         //                 $onlinecheck = 'online';
         //                 break;
         //             }
         //         }
         //     }
         // }
         // if ((empty($onlinecheck) || ($onlinecheck != "online")) && is_array($_Users)) {
         //     foreach ($_Users as $key => $_user) {
         //         if ($_user['email'] == $users_online->getEmail()) {
         //             $onlinecheck = 'online';
         //             break;
         //         }
         //     }
         // }
         //if user was online then store ;
         if ($onlinecheck == "online") {
             $onlineusers[$j] = $new['userid'];
             $newOnlineUser[$j] = array("score" => $new['score'], "userid" => $new['userid'], "category" => $new['category'], "createdat" => $new['createdat']);
             $j++;
         } elseif ($users_online->isOnline()) {
             $newOnlineUser[$j] = array("score" => $new['score'], "userid" => $new['userid'], "category" => $new['category'], "createdat" => $new['createdat']);
             $onlineusers[$j] = $new['userid'];
             $j++;
         } else {
             $newOfflineUser[$k] = array("score" => $new['score'], "userid" => $new['userid'], "category" => $new['category'], "createdat" => $new['createdat']);
             $offlineusers[$k] = $new['userid'];
             $k++;
         }
     }
     $this->newOnlineUser = $newOnlineUser;
     $this->newOfflineUser = $newOfflineUser;
     $this->_checkOnlineUsers = $onlineusers;
     if (count($onlineusers) < 1) {
         $this->redirect('http://' . RaykuCommon::getCurrentHttpDomain() . '/forum/newthread/' . $_SESSION['subject'] . '?exp_online = 1');
     }
     $onoff = isset($_COOKIE['onoff']) ? $_COOKIE['onoff'] : null;
     if ($onoff == 1) {
         if (!empty($_COOKIE["school"])) {
             $cookieSchool = array();
             $m = 0;
             foreach ($newOnlineUser as $new) {
                 $b = new Criteria();
                 $b->add(UserPeer::ID, $new['userid']);
                 $schoolusers = UserPeer::doSelectOne($b);
                 $mail = explode("@", $schoolusers->getEmail());
                 $newMail = explode(".", $mail[1]);
                 if ($newMail[0] == $_COOKIE["school"] || $newMail[1] == $_COOKIE["school"]) {
                     $cookieSchool[$m] = $new;
                     $m++;
                 }
             }
             $this->expert_cats = $cookieSchool;
         } else {
             $this->expert_cats = $newOnlineUser;
         }
     } else {
         if ($onoff == 2) {
             if (!empty($_COOKIE["school"])) {
                 $cookieSchool = array();
                 $m = 0;
                 foreach ($newOfflineUser as $new) {
                     $b = new Criteria();
                     $b->add(UserPeer::ID, $new['userid']);
                     $schoolusers = UserPeer::doSelectOne($b);
                     $mail = explode("@", $schoolusers->getEmail());
                     $newMail = explode(".", $mail[1]);
                     if ($newMail[0] == $_COOKIE["school"] || $newMail[1] == $_COOKIE["school"]) {
                         $cookieSchool[$m] = $new;
                         $m++;
                     }
                 }
                 $this->expert_cats = $cookieSchool;
             } else {
                 $this->expert_cats = $newOfflineUser;
             }
         } else {
             if (!empty($_COOKIE["school"])) {
                 $cookieSchool = array();
                 $m = 0;
                 foreach ($newUser as $new) {
                     $b = new Criteria();
                     $b->add(UserPeer::ID, $new['userid']);
                     $schoolusers = UserPeer::doSelectOne($b);
                     $mail = explode("@", $schoolusers->getEmail());
                     $newMail = explode(".", $mail[1]);
                     if ($newMail[0] == $_COOKIE["school"] || $newMail[1] == $_COOKIE["school"]) {
                         $cookieSchool[$m] = $new;
                         $m++;
                     }
                 }
                 $this->expert_cats = $cookieSchool;
             } else {
                 $this->expert_cats = $newUser;
             }
         }
     }
     $this->tutorsCount = count($this->expert_cats);
     $c = new Criteria();
     $c->add(CategoryPeer::ID, $this->cat);
     $this->e = CategoryPeer::doSelectOne($c);
 }