quoteInto() only accepts '?' as place holder
[cacert-mgr.git] / manager / application / controllers / AddPointsController.php
1 <?php
2 /**
3 * @author Michael Tänzer
4 */
5
6 class AddPointsController extends Zend_Controller_Action
7 {
8 const MAX_POINTS_PER_ASSURANCE = 35;
9 const MAX_ASSURANCE_POINTS = 100;
10
11 protected $db;
12
13 public function init()
14 {
15 $config = new Zend_Config_Ini(APPLICATION_PATH . '/configs/application.ini',
16 APPLICATION_ENV);
17
18 $this->db = Zend_Db::factory($config->ca_mgr->db->auth->pdo,
19 $config->ca_mgr->db->auth);
20 }
21
22 public function indexAction()
23 {
24 $this->view->assurance_form = $this->getAssuranceForm();
25 $this->render('index');
26 }
27
28 public function assuranceAction()
29 {
30 // Validate form
31 if (!$this->getRequest()->isPost()) {
32 return $this->_forward('index');
33 }
34
35 $form = $this->getAssuranceForm();
36 if (!$form->isValid($_POST)) {
37 $this->view->assurance_form = $form;
38 return $this->render('index');
39 }
40
41 // Form is valid -> get values for processing
42 $values = $form->getValues();
43
44
45 // Check identity of the user
46 $session = Zend_Registry::get('session');
47 if ($session->authdata['authed'] !== true) {
48 throw new Exception(__METHOD__ . ': you need to log in to use this feature');
49 }
50 $query = 'select `id` from `users` where `id` = :user';
51 $query_params['user'] = $session->authdata['authed_id'];
52 $result = $this->db->query($query, $query_params);
53 if ($result->rowCount() !== 1) {
54 throw new Exception(__METHOD__ . ': user ID not found in the data base');
55 }
56 $row = $result->fetch();
57 $user['id'] = $row['id'];
58
59
60 // Get current points of the user
61 $query = 'select sum(`points`) as `total` from `notary` where `to` = :user';
62 $query_params['user'] = $user['id'];
63 $row = $this->db->query($query, $query_params)->fetch();
64 if ($row['total'] === NULL) $row['total'] = 0;
65 $user['points'] = $row['total'];
66
67
68 // Do the actual assurances
69 $assurance = array(); // Make sure the array is empty
70 $assurance['to'] = $user['id'];
71 $assurance['location'] = $values['location'];
72 $assurance['date'] = $values['date'];
73 $assurance['when'] = new Zend_Db_Expr('now()');
74 $this->view->assurancesDone = array();
75
76 $quantity = $values['quantity'];
77 do {
78 // split up into multiple assurances
79 if ($quantity > self::MAX_POINTS_PER_ASSURANCE) {
80 $assurance['awarded'] = self::MAX_POINTS_PER_ASSURANCE;
81 $quantity -= self::MAX_POINTS_PER_ASSURANCE;
82 } else {
83 $assurance['awarded'] = $quantity;
84 $quantity = 0;
85 }
86
87 // Get the assurer for this assurance
88 $assurance['from'] = $this->getNewAssurer($user['id']);
89
90 // only assign points whithin the limit
91 if ($user['points'] + $assurance['awarded'] > self::MAX_ASSURANCE_POINTS){
92 $assurance['points'] = self::MAX_ASSURANCE_POINTS - $user['points'];
93 } else {
94 $assurance['points'] = $assurance['awarded'];
95 }
96
97 $this->db->insert('notary', $assurance);
98
99 $user['points'] += $assurance['points'];
100 $this->view->assurancesDone[] = $assurance['points'];
101 } while ($quantity > 0);
102
103
104 // Fix the assurer flag
105 $where = array();
106 $query = '`users`.`id` = ?';
107 $where[] = $this->db->quoteInto($query, $user['id']);
108 $query = 'exists(select * from `cats_passed` as `cp`, ' .
109 '`cats_variant` as `cv` where `cp`.`variant_id` = `cv`.`id` and ' .
110 '`cv`.`type_id` = 1 and `cp`.`user_id` = ?';
111 $where[] = $this->db->quoteInto($query, $user['id']);
112 $query = '(select sum(`points`) from `notary` where `to`= ? and ' .
113 '`expire` > now()) >= 100';
114 $where[] = $this->db->quoteInto($query, $user['id']);
115 $this->db->update('users', array('assurer' => 1), $where);
116
117 return;
118 }
119
120 /**
121 * Get the first assurer who didn't already assure the user
122 *
123 * @param int $user_id The ID of the user who should get assured
124 * @return int The ID of the selected assurer
125 */
126 protected function getNewAssurer($user_id)
127 {
128 $query = 'select min(`id`) as `assurer` from `users` ' .
129 'where `email` like \'john.doe-___@example.com\' and ' .
130 '`id` not in (select `from` from `notary` where `to` = :user)';
131 $query_params['user'] = $user_id;
132 $row = $this->db->query($query, $query_params)->fetch();
133
134 if ($row['assurer'] === NULL) {
135 throw new Exception(__METHOD__ . ': no more assurers that haven\'t '.
136 'already assured this account');
137 }
138
139 return $row['assurer'];
140 }
141
142 protected function getAssuranceForm()
143 {
144 $form = new Zend_Form();
145 $form->setAction('/add-points/assurance')->setMethod('post');
146
147 $quantity = new Zend_Form_Element_Text('quantity');
148 $quantity->setRequired(true)
149 ->setLabel(I18n::_('Number of Points'))
150 ->addFilter(new Zend_Filter_Int())
151 ->addValidator(new Zend_Validate_Between(0, 100));
152 $form->addElement($quantity);
153
154 $location = new Zend_Form_Element_Text('location');
155 $location->setRequired(true)
156 ->setLabel(I18n::_('Location'))
157 ->setValue(I18n::_('CACert Test Manager'))
158 ->addValidator(new Zend_Validate_StringLength(1,255));
159 $form->addElement($location);
160
161 $date = new Zend_Form_Element_Text('date');
162 $date->setRequired(true)
163 ->setLabel(I18n::_('Date of Assurance'))
164 ->setValue(date('Y-m-d H:i:s'))
165 ->addValidator(new Zend_Validate_StringLength(1,255));
166 $form->addElement($date);
167
168 $submit = new Zend_Form_Element_Submit('submit');
169 $submit->setLabel(I18n::_('Assure Me'));
170 $form->addElement($submit);
171
172 return $form;
173 }
174 }