Ensure only one data record per token. Applies to newly activated surveys

2024-04-02 12:12:16 +00:00 · 2022-06-02 11:38:09 +10:00
parent 93238bde44
commit 73fcb96bb4
3 changed files with 66 additions and 55 deletions
--- a/include/limesurvey/admin/activate_functions.php
+++ b/include/limesurvey/admin/activate_functions.php
@@ -408,8 +408,8 @@ function activateSurvey($postsid,$surveyid, $scriptname='admin.php')
    $execresult=$dict->ExecuteSQLArray($sqlarray,1);
-    //queXS Addition - add an index on the token
+    //queXS Addition - add a UNIQUE index on the token
-    $createtokenindex = $dict->CreateIndexSQL("{$tabname}_idx", $tabname, array('token'));
+    $createtokenindex = $dict->CreateIndexSQL("{$tabname}_idx", $tabname, array('token'),array('UNIQUE'));
    $dict->ExecuteSQLArray($createtokenindex, false) or safe_die ("Failed to create token index<br />$createtokenindex<br /><br />".$connect->ErrorMsg());
    if ($execresult==0 || $execresult==1)
--- a/include/limesurvey/classes/expressions/LimeExpressionManager.php
+++ b/include/limesurvey/classes/expressions/LimeExpressionManager.php
@@ -4646,44 +4646,49 @@
            $_SESSION['datestamp']=$datestamp;
            if ($this->surveyOptions['active'] && !isset($_SESSION['srid']))
            {
-                // Create initial insert row for this record
+                $srid = $connect->GetOne("SELECT id FROM ".$this->surveyOptions['tablename']." WHERE token='".$this->surveyOptions['token']."'");
-                $sdata = array(
+                if (is_null($srid)) {
-                "datestamp"=>$datestamp,
+	                // Create initial insert row for this record
-                "ipaddr"=>(($this->surveyOptions['ipaddr']) ? getIPAddress() : ''),
+	                $sdata = array(
-                "startlanguage"=>$this->surveyOptions['startlanguage'],
+	                "datestamp"=>$datestamp,
-                "token"=>($this->surveyOptions['token']),
+	                "ipaddr"=>(($this->surveyOptions['ipaddr']) ? getIPAddress() : ''),
-                "refurl"=>(($this->surveyOptions['refurl']) ? getenv("HTTP_REFERER") : NULL),
+	                "startlanguage"=>$this->surveyOptions['startlanguage'],
-                "startdate"=>$datestamp,
+		                "token"=>($this->surveyOptions['token']),
-                );
+	                "refurl"=>(($this->surveyOptions['refurl']) ? getenv("HTTP_REFERER") : NULL),
-                //One of the strengths of ADOdb's AutoExecute() is that only valid field names for $table are updated
+	                "startdate"=>$datestamp,
-                if ($connect->AutoExecute($this->surveyOptions['tablename'], $sdata,'INSERT'))    // Checked
+	                );
-                {
+	                //One of the strengths of ADOdb's AutoExecute() is that only valid field names for $table are updated
-                    $srid = $connect->Insert_ID($this->surveyOptions['tablename'],"id");
+	                if ($connect->AutoExecute($this->surveyOptions['tablename'], $sdata,'INSERT'))    // Checked
-                    $_SESSION['srid'] = $srid;
+	                {
-                }
+	                    $srid = $connect->Insert_ID($this->surveyOptions['tablename'],"id");
-                else
+	                    $_SESSION['srid'] = $srid;
-                {
+                	}
-                    $message .= $this->gT("Unable to insert record into survey table: ") .$connect->ErrorMsg() . "<br/>";
+	                else
-                    $_SESSION['flashmessage'] = $message;
+	                {
-                    echo $message;
+	                    $message .= $this->gT("Unable to insert record into survey table: ") .$connect->ErrorMsg() . "<br/>";
-                }
+	                    $_SESSION['flashmessage'] = $message;
-                //Insert Row for Timings, if needed
+	                    echo $message;
                if ($this->surveyOptions['savetimings']) {
                    $tdata = array(
                    'id'=>$srid,
                    'interviewtime'=>0
                    );
                    if ($connect->AutoExecute($this->surveyOptions['tablename_timings'], $tdata,'INSERT'))    // Checked
                    {
                        $trid = $connect->Insert_ID($this->surveyOptions['tablename_timings'],"sid");
                    }
-                    else
+	                //Insert Row for Timings, if needed
-                    {
+        	        if ($this->surveyOptions['savetimings']) {
-                        $message .= $this->gT("Unable to insert record into timings table "). $connect->ErrorMsg() . "<br/>";
+	                    $tdata = array(
-                        $_SESSION['flashmessage'] = $message;
+	                    'id'=>$srid,
-                        echo $message;
+	                    'interviewtime'=>0
-                    }
+	                    );
-                }
+	                    if ($connect->AutoExecute($this->surveyOptions['tablename_timings'], $tdata,'INSERT'))    // Checked
 	                    {
 	                        $trid = $connect->Insert_ID($this->surveyOptions['tablename_timings'],"sid");
 	                    }
 	                    else
 	                    {
 	                        $message .= $this->gT("Unable to insert record into timings table "). $connect->ErrorMsg() . "<br/>";
 	                        $_SESSION['flashmessage'] = $message;
    	                    echo $message;
 	                    }
 	                }
 				} else {
 	    			$_SESSION['srid'] = $srid;
 				}
            }
            if (count($updatedValues) > 0 || $finished)
--- a/include/limesurvey/save.php
+++ b/include/limesurvey/save.php
@@ -130,22 +130,28 @@
            //INSERT BLANK RECORD INTO "survey_x" if one doesn't already exist
            if (!isset($_SESSION['srid']))
            {
-                $today = date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust);
+                $result = $connect->GetOne("SELECT id FROM ".$thissurvey['tablename']." WHERE token='{$_POST['token']}'"); 
-                $sdata = array("datestamp"=>$today,
+				if (is_null($result)) {
-                "ipaddr"=>getIPAddress(),
+
-                "startlanguage"=>$_SESSION['s_lang'],
+	                $today = date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust);
-                "refurl"=>getenv("HTTP_REFERER"),
+	                $sdata = array("datestamp"=>$today,
-		"token" => $_POST['token']);
+	                "ipaddr"=>getIPAddress(),
-                //One of the strengths of ADOdb's AutoExecute() is that only valid field names for $table are updated
+	                "startlanguage"=>$_SESSION['s_lang'],
-                if ($connect->AutoExecute($thissurvey['tablename'], $sdata,'INSERT'))    // Checked
+	                "refurl"=>getenv("HTTP_REFERER"),
-                {
+					"token" => $_POST['token']);
-                    $srid = $connect->Insert_ID($thissurvey['tablename'],"sid");
+		                //One of the strengths of ADOdb's AutoExecute() is that only valid field names for $table are updated
-                    $_SESSION['srid'] = $srid;
+	                if ($connect->AutoExecute($thissurvey['tablename'], $sdata,'INSERT'))    // Checked
-                }
+	                {
-                else
+	                    $srid = $connect->Insert_ID($thissurvey['tablename'],"sid");
-                {
+	                    $_SESSION['srid'] = $srid;
-                    safe_die("Unable to insert record into survey table.<br /><br />".$connect->ErrorMsg());
+	                }
-                }
+	                else
 	                {
 	                    safe_die("Unable to insert record into survey table.<br /><br />".$connect->ErrorMsg());
 	                }
 				} else {
 					$_SESSION['srid'] = $result;
 				}
            }
            //CREATE ENTRY INTO "saved_control"
            $today = date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust);