Talenttic_survey/CATI_Tool
2
0
Fork 0
mirror of https://github.com/ACSPRI/queXS synced 2024-04-02 12:12:16 +00:00
Code Issues Releases Activity

Replaced case_id as token with token

Browse Source
This commit is contained in:
Adam Zammit
2013-01-24 16:04:44 +11:00
parent f0eec45186
commit 6674326c8b
9 changed files with 29 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@@ -1,6 +1,7 @@
queXS 1.7.0 - Changes since 1.6.1 queXS 1.7.0 - Changes since 1.6.1
New Feature: Replace queXS caseid as token with a random token to allow for safe external access New Feature: Replace queXS caseid as token with a random token to allow for safe external access
Fixed Bug: Replaced php short tags with long tags
Database updates: Database updates:

10
include/limesurvey/admin/browse.php
View File

@@ -197,7 +197,7 @@ if ($subaction == "id")
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$query .= " JOIN `case` AS c ON (s.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $query .= " JOIN `case` AS c ON (s.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$query .= " JOIN `sample` AS ss ON (ss.sample_id = c.sample_id AND ss.import_id = '{$qfs[1]}') "; $query .= " JOIN `sample` AS ss ON (ss.sample_id = c.sample_id AND ss.import_id = '{$qfs[1]}') ";
} }
@@ -592,7 +592,7 @@ elseif ($subaction == "all")
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$sql_from .= " JOIN `case` AS c ON ({$surveytable}.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $sql_from .= " JOIN `case` AS c ON ({$surveytable}.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$sql_from .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; $sql_from .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') ";
} }
@@ -639,7 +639,7 @@ elseif ($subaction == "all")
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$dtquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; $dtquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') ";
} }
@@ -669,7 +669,7 @@ elseif ($subaction == "all")
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$dtquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; $dtquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') ";
} }
@@ -702,7 +702,7 @@ elseif ($subaction == "all")
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$dtquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; $dtquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') ";
} }

2
include/limesurvey/admin/export_data_functions.php
View File

@@ -460,7 +460,7 @@ function spss_getquery() {
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') ";
} }

13
include/limesurvey/admin/exportresults.php
View File

@@ -425,14 +425,15 @@ if ($tokenTableExists && $thissurvey['anonymized']=='N' && isset($_POST['attribu
if (in_array('callattempts',$_POST['attribute_select'])) if (in_array('callattempts',$_POST['attribute_select']))
{ {
$dquery .= ", (SELECT COUNT(c.call_attempt_id) $dquery .= ", (SELECT COUNT(c.call_attempt_id)
FROM call_attempt as c FROM call_attempt as c, `case` as ca
WHERE c.case_id = {$dbprefix}survey_$surveyid.token) as callattempts "; WHERE c.case_id = ca.case_id AND ca.token = {$dbprefix}survey_$surveyid.token) as callattempts ";
} }
if (in_array('messagesleft',$_POST['attribute_select'])) if (in_array('messagesleft',$_POST['attribute_select']))
{ {
$dquery .= ", (SELECT COUNT(c2.call_id) $dquery .= ", (SELECT COUNT(c2.call_id)
FROM `call` as c2 FROM `call` as c2, `case` as ca2
WHERE c2.case_id = {$dbprefix}survey_$surveyid.token WHERE ca2.case_id = c2.case_id
AND ca2.token = {$dbprefix}survey_$surveyid.token
AND c2.outcome_id = 23) as messagesleft "; AND c2.outcome_id = 23) as messagesleft ";
} }
if (in_array('token',$_POST['attribute_select'])) if (in_array('token',$_POST['attribute_select']))
@@ -477,7 +478,7 @@ if ($tokenTableExists && $thissurvey['anonymized']=='N' && isset($_POST['attribu
{ {
$dquery .= ", ( SELECT sv.val $dquery .= ", ( SELECT sv.val
FROM sample_var as sv, `case` as c3 FROM sample_var as sv, `case` as c3
WHERE c3.case_id = {$dbprefix}survey_$surveyid.token WHERE c3.token = {$dbprefix}survey_$surveyid.token
AND c3.sample_id = sv.sample_id AND c3.sample_id = sv.sample_id
AND sv.var LIKE '$attr_name') as attribute_$i "; AND sv.var LIKE '$attr_name') as attribute_$i ";
@@ -505,7 +506,7 @@ $qfs = questionnaireSampleFilterstate();
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$dquery .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $dquery .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$dquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; $dquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') ";
} }

10
include/limesurvey/admin/statistics_function.php
View File

@@ -510,7 +510,7 @@
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') ";
} }
@@ -1143,7 +1143,7 @@
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') ";
} }
@@ -1207,7 +1207,7 @@
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') ";
} }
@@ -1237,7 +1237,7 @@
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$querystarter .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $querystarter .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$querystarter .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; $querystarter .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') ";
} }
@@ -1957,7 +1957,7 @@
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$querylimit .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $querylimit .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$querylimit .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; $querylimit .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') ";
} }

2
include/limesurvey/admin/vvexport.php
View File

@@ -123,7 +123,7 @@ elseif (isset($surveyid) && $surveyid)
if ($qfs != false) if ($qfs != false)
{ {
//Limit responses by questionnaire and/or sample //Limit responses by questionnaire and/or sample
$query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') ";
if ($qfs[1] != 0) //if a sample is selected if ($qfs[1] != 0) //if a sample is selected
$query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') ";
} }

2
include/limesurvey/classes/expressions/LimeExpressionManager.php
View File

@@ -3419,7 +3419,7 @@
$sql = "SELECT sv.var,sv.val $sql = "SELECT sv.var,sv.val
FROM sample_var as sv, `case` as c FROM sample_var as sv, `case` as c
WHERE c.sample_id = sv.sample_id WHERE c.sample_id = sv.sample_id
AND c.case_id = {$_SESSION['token']}"; AND c.token = {$_SESSION['token']}";
$queXSrs = $connect->GetAssoc($sql); $queXSrs = $connect->GetAssoc($sql);

2
include/limesurvey/index.php
View File

@@ -2649,7 +2649,7 @@ function check_quota($checkaction,$surveyid)
$querysel = "SELECT id FROM ".db_table_name('survey_'.$surveyid)." AS s $querysel = "SELECT id FROM ".db_table_name('survey_'.$surveyid)." AS s
JOIN `case` AS cq ON (cq.case_id = '$case_id') JOIN `case` AS cq ON (cq.case_id = '$case_id')
JOIN sample AS sampt ON (sampt.sample_id = cq.sample_id) JOIN sample AS sampt ON (sampt.sample_id = cq.sample_id)
JOIN `case` AS c ON (c.case_id = s.token AND c.questionnaire_id = cq.questionnaire_id) JOIN `case` AS c ON (c.token = s.token AND c.questionnaire_id = cq.questionnaire_id)
JOIN `sample` as sam ON (c.sample_id = sam.sample_id AND sam.import_id = sampt.import_id) JOIN `sample` as sam ON (c.sample_id = sam.sample_id AND sam.import_id = sampt.import_id)
WHERE ".implode(' AND ',$querycond)." "." WHERE ".implode(' AND ',$querycond)." "."
AND s.submitdate IS NOT NULL"; AND s.submitdate IS NOT NULL";

8
include/limesurvey/quexs.php
View File

@@ -753,8 +753,14 @@ function get_start_interview_url()
if ($case_id) if ($case_id)
{ {
$sql = "SELECT token
FROM `case`
WHERE case_id = $case_id";
$token = $db->GetOne($sql);
$sid = get_limesurvey_id($operator_id); $sid = get_limesurvey_id($operator_id);
$url = LIME_URL . "index.php?loadall=reload&sid=$sid&token=$case_id&lang=" . DEFAULT_LOCALE; $url = LIME_URL . "index.php?loadall=reload&sid=$sid&token=$token&lang=" . DEFAULT_LOCALE;
$questionnaire_id = get_questionnaire_id($operator_id); $questionnaire_id = get_questionnaire_id($operator_id);
//get prefills //get prefills