Fixes by Alex (thank you)

Changed session backend to files to save some db processing
2024-04-02 12:12:16 +00:00 · 2015-11-24 11:12:29 +11:00
parent 79de7f7efb cea894587a
commit 516f6709c0
17 changed files with 82 additions and 81 deletions
--- a/admin/auth-admin.php
+++ b/admin/auth-admin.php
@@ -39,18 +39,13 @@ include_once(dirname(__FILE__) . "/../config.inc.php");
 */
 include_once(dirname(__FILE__) . "/../db.inc.php");
-
+session_name(LS_SESSION_NAME);
 //get session name from DB
 //
 $sql = "SELECT stg_value
        FROM " . LIME_PREFIX . "settings_global
        WHERE stg_name = 'SessionName'";
 session_name($db->GetOne($sql));
 session_set_cookie_params(0,QUEXS_PATH);
-session_start();
+if ((defined('PHP_SESSION_ACTIVE') && session_status() !== PHP_SESSION_ACTIVE) || !session_id()) { 
 session_start();
 }
 //check if the session exists or loginID not set
 if (session_id() == "" || !isset($_SESSION['loginID']))
--- a/admin/clientquestionnaire.php
+++ b/admin/clientquestionnaire.php
@@ -140,18 +140,18 @@ if (isset($_POST['submit']))
 }
 /* delete client from quexs and lime tables*/  //requires data-toggle-confirmation to finalize
-if (isset($_POST['delete']) && isset($_POST['uid']))
+if (isset($_GET['delete']) && isset($_GET['uid']) && isset($_GET['uname']))
 {
-	$client_id = intval($_POST['delete']);
+	$client_id = intval($_GET['delete']);
-	$uid = intval($_POST['uid']);
+	$uid = intval($_GET['uid']);
-	$uname = $_POST['uname'];
+	$uname = $_GET['uname'];
 	global $db;
 	$db->StartTrans();
 	if ($uid !=1){ //double protect superadmin from being deleted
 		$db->StartTrans();
 		$sql = "DELETE FROM " . LIME_PREFIX . "templates_rights WHERE `uid` = '$uid' AND `uid` != 1";
 		$db->Execute($sql);
@@ -164,20 +164,19 @@ if (isset($_POST['delete']) && isset($_POST['uid']))
 		$sql = "DELETE FROM " . LIME_PREFIX . "users WHERE `uid` = '$uid' AND `uid` != 1";
 		$db->Execute($sql);
 		$sql = "DELETE FROM `client_questionnaire` WHERE `client_id` = '$client_id' ";
 		$db->Execute($sql);
 		$sql = "DELETE FROM `client` WHERE `client_id` = '$client_id'";
 		$db->Execute($sql);
 		$db->CompleteTrans();
 	}
 	$sql = "DELETE FROM `client_questionnaire` WHERE `client_id` = '$client_id' ";
 	$db->Execute($sql);
 	$sql = "DELETE FROM `client` WHERE `client_id` = '$client_id'";
 	$db->Execute($sql);
 	$db->CompleteTrans();
 	if ($db->CompleteTrans()) $msg = "<p class='alert alert-info'>". T_("Client with username $uname deleted") . "</p>";
-		else $msg = "<p class='alert alert-warning'>". T_("ERROR deleting client with username $uname") . "</p>";
+	else $msg = "<p class='alert alert-warning'>". T_("ERROR deleting client with username $uname") . "</p>";
-	unset($_POST['delete'], $_POST['uid'], $_POST['uname'], $client_id, $username, $uid);
+	unset($_GET['delete'], $_GET['uid'], $_GET['uname'], $client_id, $username, $uid);
 }
--- a/admin/clients.php
+++ b/admin/clients.php
@@ -124,6 +124,9 @@ if (isset($_POST['client']) && !empty($_POST['client']))
 		}
 	}
 	else $a = T_("Username") . " " . $client . ". " . T_("is already in use");
 	$client =""; $firstname="";$lastname="";$email=""; $time_zone_name="";
 	unset($_POST['client'],$_POST['password'],$_POST['lastname'],$_POST['firstname'],$_POST['email'],$_POST['Time_zone_name']);
 }
 $header = T_("Add a client");
--- a/admin/questionnairelist.php
+++ b/admin/questionnairelist.php
@@ -581,6 +581,7 @@ else
 			CONCAT('<a href=\'outcomes.php?questionnaire_id=',questionnaire_id,'\' class=\'btn\' title=\'" . TQ_("Outcomes for questionnaire"). "&ensp;',questionnaire_id,'\' data-toggle=\'tooltip\'><i class=\'fa fa-bar-chart fa-2x\'></i></a>')
 		END as outcomes,
 		CONCAT('<a href=\'callhistory.php?questionnaire_id=',questionnaire_id,'\' class=\'btn\' title=\'" . TQ_("Call history"). " " . TQ_("questionnaire"). " ',questionnaire_id,'\' data-toggle=\'tooltip\'><i class=\'fa fa-phone fa-2x\'></i></a>') as calls,
 		CONCAT('<a href=\'set_outcomes.php?qid=',questionnaire_id,'\' class=\'btn\' title=\'" . TQ_("Set outcomes"). "&ensp;\n" . TQ_("questionnaire"). "&ensp;',questionnaire_id,'\' data-toggle=\'tooltip\'><i class=\'fa fa-list-ol fa-2x\'></i></a>') as setoutcomes,
 		CASE WHEN enabled = 0 THEN
 			CONCAT('<i class=\'btn fa fa-download fa-2x\' style=\'color:lightgrey;\'></i>')
 		ELSE
@@ -604,7 +605,7 @@ else
 		FROM questionnaire";
 	$rs = $db->GetAll($sql);
-	$columns = array("qid","description","status","enabledisable","outcomes","calls","casestatus","shifts","assample","quotareport","dataout","modify","inlime","prefill","deletee");
+	$columns = array("qid","description","status","enabledisable","outcomes","calls","casestatus","shifts","assample","quotareport","dataout","modify","setoutcomes","inlime","prefill","deletee");
 	xhtml_table($rs,$columns,false,"table-hover table-condensed "); 
 print "</div>";
--- a/admin/set_outcomes.php
+++ b/admin/set_outcomes.php
@@ -197,8 +197,14 @@ if (isset($_GET['qid'])) {
 /* for default outcomes  */
 if (isset($_GET['default'])) {
-	$sql = "SELECT o.*, ot.description as type, 
+	/* allow delay edit only to superadmins (currenlty admin) */
-			CONCAT('<input type=\'number\' name=\"delay[', o.outcome_id ,']\" class=\'form-control text-right\' style=\'width:7em;\' max=50000 min=0 required value=\'', o.default_delay_minutes ,'\' />') as `delay`,
+	if ($_SESSION['user'] === "admin"){ 
 		$delay = "CONCAT('<input type=\'number\' name=\"delay[', o.outcome_id ,']\" class=\'form-control text-right\' style=\'width:7em;\' max=50000 min=0 required value=\'', o.default_delay_minutes ,'\' />') ";
 	}
 	else {
 		$delay = "CONCAT('<span class=\'pull-right\' >', o.default_delay_minutes ,'&emsp;</span>')";
 	}	
 	$sql = "SELECT o.*, ot.description as type, $delay as `delay`,
 			CONCAT('<h4>&ensp;<span class=\"label label-', CASE WHEN o.tryanother = 1 THEN  'primary\">" . T_("Yes") . "' ELSE 'default\">" . T_("No") . "' END , '</span></h4>') as tryanother,
 			CONCAT('<h4>&ensp;<span class=\"label label-', CASE WHEN o.tryagain = 1 THEN  'primary\">" . T_("Yes") . "' ELSE 'default\">" . T_("No") . "' END , '</span></h4>') as tryagain,
 			CONCAT('<h4>&ensp;<span class=\"label label-', CASE WHEN o.contacted = 1 THEN  'primary\">" . T_("Yes") . "' ELSE 'default\">" . T_("No") . "' END , '</span></h4>') as contacted,
@@ -214,9 +220,6 @@ if (isset($_GET['default'])) {
 	$row = array("outcome_id","description","select","type","delay","contacted","tryanother","tryagain","eligible","require_note");
 	$hdr = array(T_("Outcome ID"),T_("Description"),T_("Default"),T_("Outcome type"),T_("Delay, min"),T_("Contacted"),T_("Try another"),T_("Try again"),T_("Eligible"),T_("Require note"));
 	/* allow delay edit only to superadmins (currenlty admin) */
 	if ( $_SESSION['user'] != "admin"){ unset($row[4]); unset($hdr[4]); } 
 	$hid  = "default";
 	$value = "";
--- a/auth-interviewer.php
+++ b/auth-interviewer.php
@@ -40,16 +40,13 @@ include_once("config.inc.php");
 include_once("db.inc.php");
-//get session name from DB
+session_name(LS_SESSION_NAME);
 //
 $sql = "SELECT stg_value
        FROM " . LIME_PREFIX . "settings_global
        WHERE stg_name = 'SessionName'";
 session_name($db->GetOne($sql));
 session_set_cookie_params(0,QUEXS_PATH);
-session_start();
+
 if ((defined('PHP_SESSION_ACTIVE') && session_status() !== PHP_SESSION_ACTIVE) || !session_id()) { 
 session_start();
 }
 //check if the session exists or loginID not set
 if (session_id() == "" || !isset($_SESSION['loginID']))
--- a/client/auth-client.php
+++ b/client/auth-client.php
@@ -39,18 +39,13 @@ include_once(dirname(__FILE__)."/../config.inc.php");
 */
 include_once(dirname(__FILE__)."/../db.inc.php");
-
+session_name(LS_SESSION_NAME);
 //get session name from DB
 //
 $sql = "SELECT stg_value
        FROM " . LIME_PREFIX . "settings_global
        WHERE stg_name = 'SessionName'";
 session_name($db->GetOne($sql));
 session_set_cookie_params(0,QUEXS_PATH);
-session_start();
+if ((defined('PHP_SESSION_ACTIVE') && session_status() !== PHP_SESSION_ACTIVE) || !session_id()) { 
 session_start();
 }
 //check if the session exists or loginID not set
 if (session_id() == "" || !isset($_SESSION['loginID']))
--- a/client/index.php
+++ b/client/index.php
@@ -78,10 +78,9 @@ if ($client_id)
 		print "<p class='alert alert-info'>" . T_("There are no questionnaires assigned to you") . "</p>";
 	else
 	{
 		print "<div class='col-lg-2'>";
 		foreach($qs as $q)
 		{
 			print "<div class='col-lg-2'>";
 			print "<div class=' '><h2>{$q['description']}</h2>";
 			$questionnaire_id = $q['questionnaire_id'];
@@ -116,22 +115,25 @@ if ($client_id)
 			if (!empty($rs))
 			{
 				translate_array($rs,array("des"));
-				xhtml_table($rs,array("des","count"),array(T_("Outcome"),T_("Count")),"tclass",array("des" => "Complete"));
+				xhtml_table($rs,array("des","count"),array(T_("Outcome"),T_("Count")),"tclass",array("des" => "Complete"),array("count"));
 			}
 			else print "<p class='alert alert-info'>" . T_("No outcomes recorded for this questionnaire") . "</p>";
-			print "</br><a href=\"?qsid=$qsid\" class=\"btn btn-default btn-block btn-lime\">" . T_("View summary results") . "</a></div>";
+			print "</br><a href=\"?qsid=$qsid\" class=\"btn btn-default btn-block btn-lime\">" . T_("View summary results") . "</a></div></div>";
 		}
-		if (isset($_GET['qsid'])) $qsid = intval($_GET['qsid']); 
+		if (isset($_GET['qsid'])) {
-		$page = LIME_URL . "admin/admin.php?action=browse&amp;sid=$qsid"; 
+			$qsid = intval($_GET['qsid']);
-?>		
+			$page = LIME_URL . "admin/admin.php?action=browse&amp;sid=$qsid"; }
-		</div>
+		else $page ='';
-		<div class="col-lg-10" id=" " style="height:820px;">
+		if ($page){
 ?>				
 		<div class="col-lg-10 pull-right" id=" " style="height:820px;">
 			<?php xhtml_object($page,' ',"full"); ?>
 		</div>	
 <?php
 		}
 	}
 }
--- a/config.default.php
+++ b/config.default.php
@@ -281,6 +281,11 @@ if (!defined('LDB_TYPE')) define('LDB_TYPE', DB_TYPE);
 if (!defined('COMPANY_NAME')) define ('COMPANY_NAME', 'queXS ');
 if (!defined('ADMIN_PANEL_NAME')) define ('ADMIN_PANEL_NAME',' Administration Panel');
 /** 
 * Session name
 * - If changed must also be changed in the lime_settings_global table
 */
 if (!defined('LS_SESSION_NAME')) define ('LS_SESSION_NAME', 'ls28629164789259281352');
 /**
 * Debugging
--- a/db.inc.php
+++ b/db.inc.php
@@ -47,10 +47,10 @@ if (!(include_once(ADODB_PATH . 'adodb.inc.php')))
 /**
 * Include ADODB session handling functions
 */
-if (!(include_once(ADODB_PATH . 'session/adodb-session2.php')))
+//if (!(include_once(ADODB_PATH . 'session/adodb-session2.php')))
-{
+//{
-	print "<p>ERROR: Please modify config.inc.php for ADODB_PATH to point to your ADODb installation</p>";
+//	print "<p>ERROR: Please modify config.inc.php for ADODB_PATH to point to your ADODb installation</p>";
-}
+//}
 define('ADODB_OUTP',"outputDebug");
@@ -75,7 +75,7 @@ if (DEBUG == true) $db->debug = true;
 $db->Execute("set names 'utf8'");
 //store session in database (see sessions2 table)
-ADOdb_Session::config(DB_TYPE, DB_HOST, DB_USER, DB_PASS, DB_NAME, array('table' => LIME_PREFIX . 'sessions'));
+//ADOdb_Session::config(DB_TYPE, DB_HOST, DB_USER, DB_PASS, DB_NAME, array('table' => LIME_PREFIX . 'sessions'));
 /**
--- a/include/limesurvey/admin/browse.php
+++ b/include/limesurvey/admin/browse.php
@@ -81,6 +81,7 @@ else //SURVEY MATCHING $surveyid DOESN'T EXIST
 //OK. IF WE GOT THIS FAR, THEN THE SURVEY EXISTS AND IT IS ACTIVE, SO LETS GET TO WORK.
 $surveyinfo=getSurveyInfo($surveyid);
 include_once("../quexs.php");
 require_once(dirname(__FILE__).'/sessioncontrol.php');
 // Set language for questions and labels to base language of this survey
@@ -787,7 +788,6 @@ elseif ($subaction == "all")
 $quexsfilterstate = questionnaireSampleFilterstate();
    //queXS Addition
    include_once("../quexs.php");
    $browseoutput .= "&nbsp;".T_("Questionnaire and Sample selection:")."<select id='quexsfilterinc' name='quexsfilterinc' onchange='javascript:document.getElementById(\"limit\").value=\"\";submit();'>\n"
    ."\t<option value='all' >".T_("All queXS questionnaires and samples associated with this instrument")."</option>\n"
    . get_questionnaire_sample_list($surveyid,$quexsfilterstate)
--- a/include/limesurvey/admin/preview.php
+++ b/include/limesurvey/admin/preview.php
@@ -18,6 +18,7 @@
 $LEMdebugLevel=0;
 include_once("login_check.php");
 include_once("../quexs.php");
 require_once(dirname(__FILE__).'/sessioncontrol.php');
 if (!isset($surveyid)) {$surveyid=returnglobal('sid');}
--- a/include/limesurvey/admin/sessioncontrol.php
+++ b/include/limesurvey/admin/sessioncontrol.php
@@ -21,7 +21,8 @@
 if (!isset($dbprefix) || isset($_REQUEST['dbprefix'])) {die("Cannot run this script directly");}
 // Read the session name from the settings table
-$usresult = getGlobalSetting('SessionName');
+//$usresult = getGlobalSetting('SessionName');
 $usresult = LS_SESSION_NAME; //queXS Addition
 if ($usresult)
 {
    @session_name($usresult);
--- a/include/limesurvey/config.php
+++ b/include/limesurvey/config.php
@@ -89,4 +89,3 @@ $siteadminemail = "quexs@acspri.org.au";
 //				'manage_label' => 1);
 //
 $sessionhandler     =  'db';
--- a/include/limesurvey/group.php
+++ b/include/limesurvey/group.php
@@ -483,6 +483,7 @@ else
 		}
                killSession();
                header("Location: {$url}");
            }
--- a/include/limesurvey/index.php
+++ b/include/limesurvey/index.php
@@ -62,6 +62,7 @@ if (isset($_GET['loadall']) && $_GET['loadall'] == "reload" && isset($_GET['toke
 //end queXS Addition
 //LimeExpressionManager::SetSurveyId($surveyid);  // must be called early - it clears internal cache if a new survey is being used
 //DEFAULT SETTINGS FOR TEMPLATES
@@ -96,12 +97,12 @@ if ($surveyid)
 // Session name is based:
 // * on this specific limesurvey installation (Value SessionName in DB)
 // * on the surveyid (from Get or Post param). If no surveyid is given we are on the public surveys portal
-$usquery = "SELECT stg_value FROM ".db_table_name("settings_global")." where stg_name='SessionName'";
+//$usquery = "SELECT stg_value FROM ".db_table_name("settings_global")." where stg_name='SessionName'";
-$usresult = db_execute_assoc($usquery,'',true);          //Checked
+//$usresult = db_execute_assoc($usquery,'',true);          //Checked
 $usresult = LS_SESSION_NAME; //queXS Addition
 if ($usresult)
 {
-    $usrow = $usresult->FetchRow();
+    $stg_SessionName=$usresult;
    $stg_SessionName=$usrow['stg_value'];
    if ($surveyid && $surveyexists)
    {
        @session_name($stg_SessionName.'-runtime-'.$surveyid);
@@ -116,6 +117,9 @@ else
    session_name("LimeSurveyRuntime-$surveyid");
 }
 session_set_cookie_params(0,$relativeurl.'/');
 if (!isset($_SESSION) || empty($_SESSION)) // the $_SESSION variable can be empty if register_globals is on
    @session_start();
--- a/voip/auth-interviewer.php
+++ b/voip/auth-interviewer.php
@@ -39,18 +39,13 @@ include_once(dirname(__FILE__)."/../config.inc.php");
 */
 include_once(dirname(__FILE__)."/../db.inc.php");
-
+session_name(LS_SESSION_NAME);
 //get session name from DB
 //
 $sql = "SELECT stg_value
        FROM " . LIME_PREFIX . "settings_global
        WHERE stg_name = 'SessionName'";
 session_name($db->GetOne($sql));
 session_set_cookie_params(0,QUEXS_PATH);
-session_start();
+if ((defined('PHP_SESSION_ACTIVE') && session_status() !== PHP_SESSION_ACTIVE) || !session_id()) { 
 session_start();
 }
 //check if the session exists or loginID not set
 if (session_id() == "" || !isset($_SESSION['loginID']))