From 9c46b41a4b04246863a0c6798a77fc73f9633974 Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Thu, 24 Jan 2013 15:10:16 +1100 Subject: [PATCH 01/40] Added CHANGELOG update Included sRandomChars in functions.limesurvey Add an index on the token field of the survey table --- CHANGELOG | 9 ++++++++ functions/functions.limesurvey.php | 22 +++++++++++++++++++ .../limesurvey/admin/activate_functions.php | 5 +++++ 3 files changed, 36 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index 6a8867d7..efd92290 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,12 @@ +queXS 1.7.0 - Changes since 1.6.1 + +New Feature: Replace queXS caseid as token with a random token to allow for safe external access + +Database updates: + +ALTER TABLE `case` ADD `token` VARCHAR( 36 ) NOT NULL ; +ALTER TABLE `case` ADD UNIQUE (`token`); + queXS 1.6.1 - Changes since 1.6.0 New Feature: Include paradata/metadata in data output (number call attempts, number of answering machine messages and all sample variables) diff --git a/functions/functions.limesurvey.php b/functions/functions.limesurvey.php index 54a2b76f..2b6ad7c6 100644 --- a/functions/functions.limesurvey.php +++ b/functions/functions.limesurvey.php @@ -271,6 +271,28 @@ function getRandomID() } +/** +* Creates a random sequence of characters +* +* @param mixed $length Length of resulting string +* @param string $pattern To define which characters should be in the resulting string +* +* From Limesurvey +*/ +function sRandomChars($length = 15,$pattern="23456789abcdefghijkmnpqrstuvwxyz") +{ + $patternlength = strlen($pattern)-1; + for($i=0;$i<$length;$i++) + { + if(isset($key)) + $key .= $pattern{rand(0,$patternlength)}; + else + $key = $pattern{rand(0,$patternlength)}; + } + return $key; +} + + /** diff --git a/include/limesurvey/admin/activate_functions.php b/include/limesurvey/admin/activate_functions.php index 2d5bcfc1..bc78b907 100644 --- a/include/limesurvey/admin/activate_functions.php +++ b/include/limesurvey/admin/activate_functions.php @@ -407,6 +407,11 @@ function activateSurvey($postsid,$surveyid, $scriptname='admin.php') } $execresult=$dict->ExecuteSQLArray($sqlarray,1); + + //queXS Addition - add an index on the token + $createtokenindex = $dict->CreateIndexSQL("{$tabname}_idx", $tabname, array('token')); + $dict->ExecuteSQLArray($createtokenindex, false) or safe_die ("Failed to create token index
$createtokenindex

".$connect->ErrorMsg()); + if ($execresult==0 || $execresult==1) { $activateoutput .= "
\n
\n" . From 64c8325546c3f90bff61531b34c35fe97c6c7cb8 Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Thu, 24 Jan 2013 15:19:38 +1100 Subject: [PATCH 02/40] Removed references to fixed with output as obsolete Replaced token as case_id queries with token from case_id table --- admin/dataoutput.php | 19 -- functions/functions.limesurvey.php | 321 ++--------------------------- 2 files changed, 20 insertions(+), 320 deletions(-) diff --git a/admin/dataoutput.php b/admin/dataoutput.php index a4d0a17c..87b663ae 100644 --- a/admin/dataoutput.php +++ b/admin/dataoutput.php @@ -35,25 +35,6 @@ */ include("../functions/functions.input.php"); - -if (isset($_GET['data'])) -{ - /** - * Limesurvey functions - */ - include("../functions/functions.limesurvey.php"); - - $questionnaire_id = false; - $sample_import_id = false; - if (isset($_GET['sample_import_id'])) $sample_import_id = bigintval($_GET['sample_import_id']); - if (isset($_GET['questionnaire_id'])) $questionnaire_id = bigintval($_GET['questionnaire_id']); - - limesurvey_export_fixed_width($questionnaire_id,$sample_import_id); - - exit(); -} - - /** * Configuration file */ diff --git a/functions/functions.limesurvey.php b/functions/functions.limesurvey.php index 2b6ad7c6..2a05a040 100644 --- a/functions/functions.limesurvey.php +++ b/functions/functions.limesurvey.php @@ -65,7 +65,7 @@ function limesurvey_quota_replicate_completions($lime_sid,$questionnaire_id,$sam JOIN `sample` as sam ON (c.sample_id = sam.sample_id AND sam.import_id = '$sample_import_id') JOIN `sample_var` as sv ON (sv.sample_id = sam.sample_id AND sv.var LIKE '$var' AND sv.val LIKE '$val') WHERE s.submitdate IS NOT NULL - AND s.token = c.case_id"; + AND s.token = c.token"; $rs = $db->GetRow($sql); @@ -95,7 +95,7 @@ function limesurvey_quota_match($lime_sgqa,$lime_sid,$case_id,$value,$comparison FROM " . LIME_PREFIX . "survey_$lime_sid as s JOIN `case` as c ON (c.case_id = '$case_id') JOIN `sample` as sam ON (c.sample_id = sam.sample_id) - WHERE s.token = c.case_id + WHERE s.token = c.token AND s.`$lime_sgqa` $comparison '$value'"; $rs = $db->GetRow($sql); @@ -127,7 +127,7 @@ function limesurvey_quota_replicate_match($lime_sid,$case_id,$val,$var) JOIN `case` as c ON (c.case_id = '$case_id') JOIN `sample` as sam ON (c.sample_id = sam.sample_id) JOIN `sample_var` as sv ON (sv.sample_id = sam.sample_id AND sv.var LIKE '$var' AND sv.val LIKE '$val') - WHERE s.token = c.case_id"; + WHERE s.token = c.token"; $rs = $db->GetRow($sql); @@ -161,7 +161,7 @@ function limesurvey_quota_completions($lime_sgqa,$lime_sid,$questionnaire_id,$sa JOIN `case` as c ON (c.questionnaire_id = '$questionnaire_id') JOIN `sample` as sam ON (c.sample_id = sam.sample_id AND sam.import_id = '$sample_import_id') WHERE s.submitdate IS NOT NULL - AND s.token = c.case_id + AND s.token = c.token AND s.`$lime_sgqa` $comparison '$value'"; $rs = $db->GetRow($sql); @@ -373,9 +373,10 @@ function get_lime_id($case_id) $lime_sid = get_lime_sid($case_id); if ($lime_sid == false) return false; - $sql = "SELECT id - FROM " . LIME_PREFIX . "survey_$lime_sid - WHERE token = '$case_id'"; + $sql = "SELECT s.id + FROM " . LIME_PREFIX . "survey_$lime_sid as s, `case` as c + WHERE c.case_id = '$case_id' + AND c.token = s.token"; $r = $db->GetRow($sql); @@ -402,9 +403,10 @@ function get_lime_tid($case_id) $lime_sid = get_lime_sid($case_id); if ($lime_sid == false) return false; - $sql = "SELECT tid - FROM " . LIME_PREFIX . "tokens_$lime_sid - WHERE token = '$case_id'"; + $sql = "SELECT t.tid + FROM " . LIME_PREFIX . "tokens_$lime_sid as t, `case` as c + WHERE c.case_id = '$case_id' + AND c.token = t.token"; $r = $db->GetRow($sql); @@ -453,9 +455,10 @@ function limesurvey_is_quota_full($case_id) $lime_sid = get_lime_sid($case_id); if ($lime_sid == false) return false; - $sql = "SELECT completed - FROM " . LIME_PREFIX . "tokens_$lime_sid - WHERE token = '$case_id'"; + $sql = "SELECT t.completed + FROM " . LIME_PREFIX . "tokens_$lime_sid as t, `case` as c + WHERE c.case_id = '$case_id' + AND c.token = t.token"; $r = $db->GetRow($sql); @@ -480,9 +483,10 @@ function limesurvey_is_completed($case_id) $lime_sid = get_lime_sid($case_id); if ($lime_sid == false) return false; - $sql = "SELECT completed - FROM " . LIME_PREFIX . "tokens_$lime_sid - WHERE token = '$case_id'"; + $sql = "SELECT t.completed + FROM " . LIME_PREFIX . "tokens_$lime_sid as t, `case` as c + WHERE c.case_id = '$case_id' + AND t.token = c.token"; $r = $db->GetRow($sql); @@ -624,289 +628,4 @@ function limesurvey_create_multi(&$varwidth,&$vartype,$qid,$varname,$length,$typ return; } -/** - * Return a string with only ASCII characters in it - * - * This function was sourced from the php website, help on str_replace - * No author was listed at the time of access - * - * @param string $stringIn The string - * @return string A string containing only ASCII characters - */ -function all_ascii( $stringIn ){ - $final = ''; - $search = array(chr(145),chr(146),chr(147),chr(148),chr(150),chr(151),chr(13),chr(10)); - $replace = array("'","'",'"','"','-','-',' ',' '); - - $hold = str_replace($search[0],$replace[0],$stringIn); - $hold = str_replace($search[1],$replace[1],$hold); - $hold = str_replace($search[2],$replace[2],$hold); - $hold = str_replace($search[3],$replace[3],$hold); - $hold = str_replace($search[4],$replace[4],$hold); - $hold = str_replace($search[5],$replace[5],$hold); - $hold = str_replace($search[6],$replace[6],$hold); - $hold = str_replace($search[7],$replace[7],$hold); - - if(!function_exists('str_split')){ - function str_split($string,$split_length=1){ - $count = strlen($string); - if($split_length < 1){ - return false; - } elseif($split_length > $count){ - return array($string); - } else { - $num = (int)ceil($count/$split_length); - $ret = array(); - for($i=0;$i<$num;$i++){ - $ret[] = substr($string,$i*$split_length,$split_length); - } - return $ret; - } - } - } - - $holdarr = str_split($hold); - foreach ($holdarr as $val) { - if (ord($val) < 128) $final .= $val; - } - return $final; -} - - -/** - * Produce a fixed width string containing the data from a questionnaire - * - * @param int $questionnaire_id The quesitonnaire id - * @param int|false $sample_import_id The sample importid or false for all data - * @return string Fixed width data from the limesurvey database - * - */ -function limesurvey_export_fixed_width($questionnaire_id,$sample_import_id = false) -{ - global $db; - - //array of varname and width - $varwidth = array(); - $vartype = array(); - - $sql = "SELECT lime_sid - FROM questionnaire - WHERE questionnaire_id = '$questionnaire_id'"; - - $r = $db->GetRow($sql); - - if (!empty($r)) - $surveyid = $r['lime_sid']; - else - return; - - //foreach question - $sql = "SELECT q.* - FROM ".LIME_PREFIX."questions as q, ".LIME_PREFIX."groups as g - WHERE q.sid=$surveyid - AND q.type NOT LIKE 'X' - AND g.gid = q.gid - ORDER BY g.group_order ASC,q.question_order ASC"; - - $r = $db->GetAll($sql); - foreach ($r as $RowQ) - { - $type = $RowQ['type']; - $qid = $RowQ['qid']; - $lid = $RowQ['lid']; - $gid = $RowQ['gid']; - - $varName = $surveyid . "X" . $gid . "X" . $qid; - - switch ($type) - { - case "X": //BOILERPLATE QUESTION - none should appear - - break; - case "5": //5 POINT CHOICE radio-buttons - $varwidth[$varName]=1; - $vartype[$varName] = 1; - break; - case "D": //DATE - $varwidth[$varName]=8; - $vartype[$varName] = 1; - break; - case "Z": //LIST Flexible drop-down/radio-button list - $varwidth[$varName]=limesurvey_fixed_width($lid); - $vartype[$varName] = 1; - break; - case "L": //LIST drop-down/radio-button list - $varwidth[$varName]=limesurvey_answer_width($qid); - $vartype[$varName] = 1; - break; - case "W": //List - dropdown - $varwidth[$varName]=limesurvey_answer_width($qid); - $vartype[$varName] = 1; - break; - case "!": //List - dropdown - $varwidth[$varName]=limesurvey_answer_width($qid); - $vartype[$varName] = 1; - break; - case "O": //LIST WITH COMMENT drop-down/radio-button list + textarea - //Not yet implemented - break; - case "R": //RANKING STYLE - //Not yet implemented - break; - case "M": //MULTIPLE OPTIONS checkbox - limesurvey_create_multi($varwidth,$vartype,$qid,$varName,1,3); - break; - case "P": //MULTIPLE OPTIONS WITH COMMENTS checkbox + text - //Not yet implemented - break; - case "Q": //MULTIPLE SHORT TEXT - limesurvey_create_multi($varwidth,$vartype,$qid,$varName,limesurvey_get_width($qid,24),2); - break; - case "K": //MULTIPLE NUMERICAL - limesurvey_create_multi($varwidth,$vartype,$qid,$varName,limesurvey_get_width($qid,10),1); - break; - case "N": //NUMERICAL QUESTION TYPE - $varwidth[$varName]= limesurvey_get_width($qid,10); - $vartype[$varName] = 1; - break; - case "S": //SHORT FREE TEXT - $varwidth[$varName]= limesurvey_get_width($qid,240); - $vartype[$varName] = 2; - break; - case "T": //LONG FREE TEXT - $varwidth[$varName]= limesurvey_get_width($qid,1024); - $vartype[$varName] = 2; - break; - case "U": //HUGE FREE TEXT - $varwidth[$varName]= limesurvey_get_width($qid,2048); - $vartype[$varName] = 2; - break; - case "Y": //YES/NO radio-buttons - $varwidth[$varName]=1; - $vartype[$varName] = 1; - break; - case "G": //GENDER drop-down list - $varwidth[$varName]=1; - $vartype[$varName] = 1; - break; - case "A": //ARRAY (5 POINT CHOICE) radio-buttons - $varwidth[$varName]=1; - $vartype[$varName] = 1; - break; - case "B": //ARRAY (10 POINT CHOICE) radio-buttons - $varwidth[$varName]=2; - $vartype[$varName] = 1; - break; - case "C": //ARRAY (YES/UNCERTAIN/NO) radio-buttons - $varwidth[$varName]=1; - $vartype[$varName] = 1; - break; - case "E": //ARRAY (Increase/Same/Decrease) radio-buttons - $varwidth[$varName]=1; - $vartype[$varName] = 1; - break; - case "F": //ARRAY (Flexible) - Row Format - limesurvey_create_multi($varwidth,$vartype,$qid,$varName,limesurvey_fixed_width($lid),1); - break; - case "H": //ARRAY (Flexible) - Column Format - limesurvey_create_multi($varwidth,$vartype,$qid,$varName,limesurvey_fixed_width($lid),1); - break; - case "^": //SLIDER CONTROL - //Not yet implemented - break; - } //End Switch - - - } - - - $fn = "survey_$surveyid.dat"; - - header("Content-Type: application/download"); - header("Content-Disposition: attachment; filename=$fn"); - header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past - header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); - Header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); - header("Pragma: no-cache"); // HTTP/1.0 - - $sql3 = "SELECT c.case_id as case_id - FROM `case` as c - WHERE c.questionnaire_id = '$questionnaire_id' - AND c.current_outcome_id = 10"; - - $r = $db->GetAll($sql3); - - if (!empty($r)) - { - $sql = "SELECT * - FROM ".LIME_PREFIX."survey_$surveyid - WHERE "; - - - if ($sample_import_id == false) - { - $sql .= " ("; - $ccount = count($r); - $ccounter = 0; - foreach($r as $row) - { - $token = $row['case_id']; - $ccounter++; - $sql .= " token = '$token'"; - if ($ccounter < $ccount) - $sql .= " or "; - } - $sql .= ")"; - } - else - { - $sql2 = "SELECT c.case_id as case_id - FROM `case` as c, `sample` as s - WHERE c.questionnaire_id = '$questionnaire_id' - AND c.sample_id = s.sample_id - AND s.import_id = '$sample_import_id'"; - - $r = $db->GetAll($sql2); - - if (!empty($r)) - { - $sql .= " ("; - $ccount = count($r); - $ccounter = 0; - foreach($r as $row) - { - $token = $row['case_id']; - $ccounter++; - $sql .= " token = '$token'"; - if ($ccounter < $ccount) - $sql .= " or "; - } - $sql .= ")"; - } - - } - - $r = $db->GetAll($sql); - - foreach($r as $Row) - { - foreach ($varwidth as $var => $width) - { - if ($vartype[$var] == 1) - echo str_pad(substr(all_ascii($Row[$var]),0,$width), $width, " ", STR_PAD_LEFT); - else if ($vartype[$var] == 2) - echo str_pad(substr(all_ascii($Row[$var]),0,$width), $width, " ", STR_PAD_RIGHT); - else if ($vartype[$var] == 3) - if (empty($Row[$var])) echo " "; else echo "1"; - } - echo str_pad(substr($Row['token'],0,9), 9, " ", STR_PAD_LEFT); - echo str_pad(substr($Row['datestamp'],0,16), 16, " ", STR_PAD_LEFT); - echo "\n"; - } - - } - -} - - ?> From 72eb065284db282e109bd882e09c130b584bc169 Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Thu, 24 Jan 2013 15:30:19 +1100 Subject: [PATCH 03/40] Removed some more obsolete functions --- functions/functions.limesurvey.php | 62 ------------------------------ 1 file changed, 62 deletions(-) diff --git a/functions/functions.limesurvey.php b/functions/functions.limesurvey.php index 2a05a040..adf33a9b 100644 --- a/functions/functions.limesurvey.php +++ b/functions/functions.limesurvey.php @@ -566,66 +566,4 @@ function limesurvey_get_width($qid,$default) return $default; } - -/** - * Return the greatest width of answers - * - * @param mixed $qid Limesurvey question id - * - * @return int width of longest answer - * @author Adam Zammit - * @since 2010-11-03 - */ -function limesurvey_answer_width($qid) -{ - global $db; - - $sql = "SELECT MAX(LENGTH(code)) as c FROM ".LIME_PREFIX."answers WHERE qid = $qid"; - $r = $db->GetRow($sql); - - $val = 1; - - if (!empty($r)) - $val = $r['c']; - - return $val; - -} - -function limesurvey_fixed_width($lid) -{ - global $db; - - $sql = "SELECT MAX(LENGTH(code)) as c FROM ".LIME_PREFIX."labels WHERE lid = $lid"; - $r = $db->GetRow($sql); - - $val = 1; - - if (!empty($r)) - $val = $r['c']; - - return $val; -} - -function limesurvey_create_multi(&$varwidth,&$vartype,$qid,$varname,$length,$type) -{ - global $db; - - $sql = "SELECT * - FROM ".LIME_PREFIX."answers - WHERE qid = $qid - ORDER BY sortorder ASC"; - - $r = $db->GetAll($sql); - - foreach($r as $Row) - { - $v = $varname . $Row['code']; - $varwidth[$v] = $length; - $vartype[$v] = $type; - } - - return; -} - ?> From ec5c6fa8337a1610f73dc2facf15393693068b6b Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Thu, 24 Jan 2013 15:32:30 +1100 Subject: [PATCH 04/40] Replaced short tags with long ones --- appointment.php | 48 +++++------ appointmentlist.php | 2 +- availability.php | 2 +- call.php | 2 +- call_interface2.php | 2 +- callhistory.php | 2 +- calllist.php | 2 +- casenote.php | 8 +- config.default.php | 2 +- config.inc.local.php.example | 2 +- config.inc.php | 2 +- contactdetails.php | 10 +-- db.inc.php | 2 +- endwork.php | 2 +- index.php | 124 ++++++++++++++--------------- index_interface2.php | 106 ++++++++++++------------ info.php | 2 +- lang.inc.php | 2 +- nocallavailable.php | 6 +- nocaseavailable.php | 30 +++---- performance.php | 2 +- project_info.php | 2 +- record.php | 2 +- respondent.php | 10 +-- rs_answeringmachine.php | 16 ++-- rs_answeringmachine_interface2.php | 16 ++-- rs_business.php | 10 +-- rs_business_interface2.php | 10 +-- rs_callback.php | 10 +-- rs_callback_interface2.php | 10 +-- rs_intro.php | 38 ++++----- rs_intro_interface2.php | 38 ++++----- rs_project_end.php | 6 +- rs_project_end_interface2.php | 6 +- rs_project_intro.php | 14 ++-- rs_project_intro_interface2.php | 14 ++-- rs_quota_end.php | 10 +-- shifts.php | 2 +- status.php | 2 +- status_interface2.php | 2 +- supervisor.php | 2 +- waitnextcase_interface2.php | 8 +- 42 files changed, 294 insertions(+), 294 deletions(-) diff --git a/appointment.php b/appointment.php index 510e0651..9118def4 100644 --- a/appointment.php +++ b/appointment.php @@ -1,4 +1,4 @@ - -

+

- -

"/>

+ +

"/>

- -

+

-

"/> - - - - - -

+

"/> + + + + + +

- -

+

- " . T_("Accept appointment from ") .convert_time($_GET['start']).T_(" till ").convert_time($_GET['end']).T_(" on ") . "$day/$month/$year? " . T_("on") . " $phonenum

"; ?> + " . T_("Accept appointment from ") .convert_time($_GET['start']).T_(" till ").convert_time($_GET['end']).T_(" on ") . "$day/$month/$year? " . T_("on") . " $phonenum

"; ?>

- - - - - - - + + + + + + +

-

- "/> + "/>

-

+

-
- -
+ +
-
+
-
-
-
-
-
-
-
<? echo T_('/>
-
+
+
+
+
+
+
<?php  echo T_('/>
+
-
- +
- +
@@ -181,92 +181,92 @@ xhtml_object($data,"main-content");
- -
"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
" id="tab-shifts"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
"> -

-
+

+
- +
@@ -274,7 +274,7 @@ xhtml_object($data,"main-content");
-
-
- -
<? echo T_('/>
+ +
<?php  echo T_('/>
@@ -288,82 +288,82 @@ xhtml_object($data,"main-content");
- -
"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
" id="tab-shifts"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
"> -

-
+

+
- + - -
"> -

-
+

+
- +
@@ -371,7 +371,7 @@ xhtml_object($data,"main-content");
- -

- + -

-

+

+

-GetAll($sql); ?> -

-

+

GetAll($sql); ?> -

-

+

GetRow($sql); ?> -

-

+

-

-

+
- -
+ +
-
+
-" . T_("Do not leave a message, please hang up") . "

"; ?> -

-

+ -

-

+ -

-

-

+

+" . T_("Do not leave a message, please hang up") . "

"; ?> -

-

+ -

-

+ -

-

-

+

+ -

+

-

-

-

+

+ -

+

-

-

-

+

+" . T_("You are: ") . round(limesurvey_percent_complete ?> -

-

-

-

+

+

+" . T_("You are: ") . round(limesurvey_percent_complete ?> -

-

-

-

+

+

+ -

-

+ -

-

+ -

-

+ -

-

+ -

-

-

-

-

-

-

-

-

-

+

+

+

+

+

+

+

+

+ -

-

+ -

-

+ -

-

+ -

-

+ -

-

-

-

-

-

-

-

-

-

+

+

+

+

+

+

+

+

+ -

-

+ -

-

+ " . template_replace($r['rs_project_intro'],$operator_i ?> -

+

-

-

-

+

+

+

-

+

-" . template_replace($r['rs_project_intro'],$operator_i ?> -

+

-

-

-

+

+

+

-

+

-" . template_replace($_GET['message'],$operator_id,$cas if (ALTERNATE_INTERFACE && !is_voip_enabled($operator_id)) { ?> -

-

+ -

-

+
- Date: Thu, 24 Jan 2013 15:33:27 +1100 Subject: [PATCH 05/40] Replaced the rest of the short tags with long ones --- admin/addshift.php | 14 ++++----- admin/assignsample.php | 18 +++++------ admin/availability.php | 12 ++++---- admin/availabilitygroup.php | 6 ++-- admin/bulkappointment.php | 16 +++++----- admin/callhistory.php | 2 +- admin/callrestrict.php | 10 +++---- admin/casesbyoutcome.php | 2 +- admin/centreinfo.php | 8 ++--- admin/clientquestionnaire.php | 6 ++-- admin/clients.php | 30 +++++++++---------- admin/databasestrings.php | 2 +- admin/dataoutput.php | 3 +- admin/displayappointments.php | 3 +- admin/extensionstatus.php | 3 +- admin/import.php | 18 +++++------ admin/index.php | 3 +- admin/new.php | 34 ++++++++++----------- admin/operatorlist.php | 2 +- admin/operatorperformance.php | 3 +- admin/operatorquestionnaire.php | 6 ++-- admin/operators.php | 46 ++++++++++++++--------------- admin/operatorskill.php | 6 ++-- admin/outcomes.php | 3 +- admin/process.php | 2 +- admin/questionnaireavailability.php | 10 +++---- admin/questionnairelist.php | 32 ++++++++++---------- admin/questionnaireprefill.php | 16 +++++----- admin/quota.php | 18 +++++------ admin/quotareport.php | 3 +- admin/quotarow.php | 40 ++++++++++++------------- admin/samplecallattempts.php | 3 +- admin/samplesearch.php | 10 +++---- admin/shiftreport.php | 3 +- admin/shifttemplate.php | 10 +++---- admin/supervisor.php | 34 ++++++++++----------- admin/systemsort.php | 2 +- admin/systemsortprocess.php | 2 +- admin/timezonetemplate.php | 8 ++--- admin/voipmonitor.php | 2 +- client/index.php | 3 +- functions/functions.aapor.php | 2 +- functions/functions.calendar.php | 7 ++--- functions/functions.client.php | 2 +- functions/functions.display.php | 2 +- functions/functions.freepbx.php | 2 +- functions/functions.htpasswd.php | 2 +- functions/functions.import.php | 2 +- functions/functions.input.php | 2 +- functions/functions.limesurvey.php | 2 +- functions/functions.operator.php | 2 +- functions/functions.performance.php | 2 +- functions/functions.process.php | 2 +- functions/functions.template.php | 2 +- functions/functions.voip.php | 2 +- functions/functions.xhtml.php | 10 +++---- 56 files changed, 243 insertions(+), 254 deletions(-) diff --git a/admin/addshift.php b/admin/addshift.php index 008a894a..6a1cbe63 100644 --- a/admin/addshift.php +++ b/admin/addshift.php @@ -1,4 +1,4 @@ -
- "; $count = 1; foreach($shifts as $shift) @@ -257,12 +257,12 @@ if ($questionnaire_id != false)
" . T_("Day") . "" . T_("Start") . "" . T_("End") . "" . T_("Use shift?") . "
-

"/>

-

-

-

+

"/>

+

+

+

- " . T_("Add a sample to this questionnaire:") . ""; ?>
-

+
-
-
-
-
- +
+
+
+
+

-
-"; $count = 0; foreach($availabilitys as $availability) @@ -149,11 +149,11 @@ translate_array($daysofweek,array("description")); ?>
" . T_("Day") . "" . T_("Start") . "" . T_("End") . "
-
-

"/>

- +
+

"/>

+
-
-

"/> +

"/>

-
- -

-

"/>

+

+

"/>

- " . T_("The file does not contain at least caseid, starttime and endtime columns. Please try again.") ."

"; @@ -258,11 +258,11 @@ else

-

-

"/>

+

+

"/>

-
-"; $count = 0; foreach($shifts as $shift) @@ -131,10 +131,10 @@ translate_array($daysofweek,array("description")); ?>
" . T_("Day") . "" . T_("Start") . "" . T_("End") . "
-
-

"/>

+
+

"/>

-

- editor("information",get_setting("information")); ?> - "/>

+ editor("information",get_setting("information")); ?> + "/>

- - -GetAll($sql); if ($a) { ?> -

- + -

-

-

+

+

+

-

- -

- -

-

-

"; display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,false,array("value",DEFAULT_TIME_ZONE)); ?>

-

" />

+

+ +

+ +

+

+

"; display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,false,array("value",DEFAULT_TIME_ZONE)); ?>

+

" />

-
- -

-

+

+

-

-

-

-

"/>

+

+

+

"/>

-

-

-

+

" . T_("Create an instrument in Limesurvey") .""; } ?>

-

- + array(array("tokens","-","Source"), ?>

-

-

-

+

+

+

-

editor("rs_project_end","",$ckeditorConfig); ?>

-

editor("info","",$ckeditorConfig);?>

-

"/>

+

editor("rs_project_end","",$ckeditorConfig); ?>

+

editor("info","",$ckeditorConfig);?>

+

"/>

- - - -

- +GetAll($sql); ?> -

-

.

-

+

+

.

+

-

- -

- -

-

-

"; display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,false,array("value",DEFAULT_TIME_ZONE)); ?>

- -

-

- -

-

-

-

-

" />

+

+ +

+ +

+

+

"; display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,false,array("value",DEFAULT_TIME_ZONE)); ?>

+ +

+

+ +

+

+

+

+

" />

- - -" . T_("Add an availability group to this questionnaire:") . ""; ?>
-

+
- +

-
" . T_("Go back") . "

"; echo "

" . T_("Edit instrument in Limesurvey") . "

"; ?> -
-

-

/>

-

/>

-

/>

- -

editor("rs_intro",$rs['rs_intro'],$ckeditorConfig);?>

-

editor("rs_project_intro",$rs['rs_project_intro'],$ckeditorConfig);?>

-

editor("rs_callback",$rs['rs_callback'],$ckeditorConfig);?>

-

editor("rs_answeringmachine",$rs['rs_answeringmachine'],$ckeditorConfig);?>

- " . T_("Edit respondent selection instrument in Limesurvey") . "

"; } ?> -

editor("rs_project_end",$rs['rs_project_end'],$ckeditorConfig); ?>

-

editor("info",$rs['info'],$ckeditorConfig); ?>

-

"/>

+ +

+

/>

+

/>

+

/>

+ +

editor("rs_intro",$rs['rs_intro'],$ckeditorConfig);?>

+

editor("rs_project_intro",$rs['rs_project_intro'],$ckeditorConfig);?>

+

editor("rs_callback",$rs['rs_callback'],$ckeditorConfig);?>

+

editor("rs_answeringmachine",$rs['rs_answeringmachine'],$ckeditorConfig);?>

+ " . T_("Edit respondent selection instrument in Limesurvey") . "

"; } ?> +

editor("rs_project_end",$rs['rs_project_end'],$ckeditorConfig); ?>

+

editor("info",$rs['info'],$ckeditorConfig); ?>

+

"/>

-

-
- -
+ +GetAll($sql),"svar","svar",true,false,false,false,false); ?>
- - - "/>

+ + + "/>

-

-
-
-
- - - - "/>

+
+
+
+ + + + "/>

-

-
-
-
- -
-
- +
+
+
+ +
+
+ - -
- + +
+ - - - + +
- - - - - "/>

+ + + + + "/>

-

-
- - "/> +
+ + "/>

-
-"; $count = 0; foreach($shifts as $shift) @@ -131,10 +131,10 @@ translate_array($daysofweek,array("description")); ?>
" . T_("Day") . "" . T_("Start") . "" . T_("End") . "
-
-

"/>

+
+

"/>

-

- -"/>

+ +"/>

-
- -

"/>

+

"/>

-

- "/> + "/>

-
- -

"/>

+

"/>

- -

"/>

+

"/>

- " . T_("Assign this case to operator (will appear as next case for them)") . ""; ?>
- -

"/>

+

"/>

- " . T_("Add a Timezone:") . ""; ?>

- - "/>

+ + "/>

- S S -fetch() ) { @@ -564,7 +563,7 @@ function display_calendar($respondent_id, $questionnaire_id, $year = false, $mon - " . date('l j F Y',mktime(0,0,0,$month,$day,$year)) . ""; } diff --git a/functions/functions.client.php b/functions/functions.client.php index 6eff5078..d1ec7479 100644 --- a/functions/functions.client.php +++ b/functions/functions.client.php @@ -1,4 +1,4 @@ -"; - <? if (empty($title)) print "queXS"; else print "queXS: $title"; ?> -<?php if (empty($title)) print "queXS"; else print "queXS: $title"; ?> +"; if ($javascript) @@ -67,7 +67,7 @@ print ""; if (!$body) return; ?> -"; else print ""; } @@ -83,7 +83,7 @@ function xhtml_foot() - Date: Thu, 24 Jan 2013 15:50:52 +1100 Subject: [PATCH 06/40] Replace case_id as token with random token in functions.operator --- functions/functions.limesurvey.php | 23 ------------------- functions/functions.operator.php | 37 ++++++++++++++++++++++++++---- 2 files changed, 33 insertions(+), 27 deletions(-) diff --git a/functions/functions.limesurvey.php b/functions/functions.limesurvey.php index 48bd5d92..f2e51479 100644 --- a/functions/functions.limesurvey.php +++ b/functions/functions.limesurvey.php @@ -271,29 +271,6 @@ function getRandomID() } -/** -* Creates a random sequence of characters -* -* @param mixed $length Length of resulting string -* @param string $pattern To define which characters should be in the resulting string -* -* From Limesurvey -*/ -function sRandomChars($length = 15,$pattern="23456789abcdefghijkmnpqrstuvwxyz") -{ - $patternlength = strlen($pattern)-1; - for($i=0;$i<$length;$i++) - { - if(isset($key)) - $key .= $pattern{rand(0,$patternlength)}; - else - $key = $pattern{rand(0,$patternlength)}; - } - return $key; -} - - - /** * Taken from admin/database.php in the LimeSurvey package diff --git a/functions/functions.operator.php b/functions/functions.operator.php index 23c7bbd9..6cbad231 100644 --- a/functions/functions.operator.php +++ b/functions/functions.operator.php @@ -43,6 +43,26 @@ include_once(dirname(__FILE__).'/../config.inc.php'); */ include_once(dirname(__FILE__).'/../db.inc.php'); +/** +* Creates a random sequence of characters +* +* @param mixed $length Length of resulting string +* @param string $pattern To define which characters should be in the resulting string +* +* From Limesurvey +*/ +function sRandomChars($length = 15,$pattern="23456789abcdefghijkmnpqrstuvwxyz") +{ + $patternlength = strlen($pattern)-1; + for($i=0;$i<$length;$i++) + { + if(isset($key)) + $key .= $pattern{rand(0,$patternlength)}; + else + $key = $pattern{rand(0,$patternlength)}; + } + return $key; +} /** * Check if the project associated with this case is using @@ -496,8 +516,10 @@ function get_case_id($operator_id, $create = false) if (!empty($r3)) { - $sql = "INSERT INTO `case` (case_id, sample_id, questionnaire_id, last_call_id, current_operator_id, current_call_id, current_outcome_id) - VALUES (NULL, {$r3['sample_id']}, {$r3['questionnaire_id']} , NULL, $operator_id, NULL, 1)"; + $token = sRandomChars(); + + $sql = "INSERT INTO `case` (case_id, sample_id, questionnaire_id, last_call_id, current_operator_id, current_call_id, current_outcome_id,token) + VALUES (NULL, {$r3['sample_id']}, {$r3['questionnaire_id']} , NULL, $operator_id, NULL, 1, '$token')"; $db->Execute($sql); @@ -576,7 +598,7 @@ function get_case_id($operator_id, $create = false) if ($lime_sid) { $sql = "INSERT INTO ".LIME_PREFIX."tokens_$lime_sid (tid,firstname,lastname,email,token,language,sent,completed,mpid) - VALUES (NULL,'','','',$case_id,'".DEFAULT_LOCALE."','N','N',NULL)"; + VALUES (NULL,'','','','$token','".DEFAULT_LOCALE."','N','N',NULL)"; $db->Execute($sql); } @@ -1113,14 +1135,21 @@ function get_limesurvey_url($operator_id) if ($case_id) { + $sql = "SELECT token + FROM `case` + WHERE case_id = $case_id"; + + $token = $db->GetOne($sql); + $sid = get_limesurvey_id($operator_id); - $url = LIME_URL . "index.php?loadall=reload&sid=$sid&token=$case_id&lang=" . DEFAULT_LOCALE; + $url = LIME_URL . "index.php?loadall=reload&sid=$sid&token=$token&lang=" . DEFAULT_LOCALE; $questionnaire_id = get_questionnaire_id($operator_id); //get prefills $sql = "SELECT lime_sgqa,value FROM questionnaire_prefill WHERE questionnaire_id = '$questionnaire_id'"; + $pf = $db->GetAll($sql); if (!empty($pf)) From f0eec4518668e5866de485496060893fafd30bc8 Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Thu, 24 Jan 2013 15:52:14 +1100 Subject: [PATCH 07/40] Update token in quotareport --- admin/quotareport.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/admin/quotareport.php b/admin/quotareport.php index 358b22df..2b87b3e9 100644 --- a/admin/quotareport.php +++ b/admin/quotareport.php @@ -270,7 +270,7 @@ if ($questionnaire_id) JOIN `sample` as sam ON (c.sample_id = sam.sample_id AND sam.import_id = '$sample_import_id') WHERE ".implode(' AND ',$sqlq)." "." AND submitdate IS NOT NULL - AND s.token = c.case_id"; + AND s.token = c.token"; $rs = $db->GetRow($sql); From 6674326c8b0893a8e8f71604353020703ad7b002 Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Thu, 24 Jan 2013 16:04:44 +1100 Subject: [PATCH 08/40] Replaced case_id as token with token --- CHANGELOG | 1 + include/limesurvey/admin/browse.php | 10 +++++----- include/limesurvey/admin/export_data_functions.php | 2 +- include/limesurvey/admin/exportresults.php | 13 +++++++------ include/limesurvey/admin/statistics_function.php | 10 +++++----- include/limesurvey/admin/vvexport.php | 2 +- .../classes/expressions/LimeExpressionManager.php | 2 +- include/limesurvey/index.php | 2 +- include/limesurvey/quexs.php | 8 +++++++- 9 files changed, 29 insertions(+), 21 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index efd92290..c7263c03 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ queXS 1.7.0 - Changes since 1.6.1 New Feature: Replace queXS caseid as token with a random token to allow for safe external access +Fixed Bug: Replaced php short tags with long tags Database updates: diff --git a/include/limesurvey/admin/browse.php b/include/limesurvey/admin/browse.php index 6d81353a..ef9d2bdf 100644 --- a/include/limesurvey/admin/browse.php +++ b/include/limesurvey/admin/browse.php @@ -197,7 +197,7 @@ if ($subaction == "id") if ($qfs != false) { //Limit responses by questionnaire and/or sample - $query .= " JOIN `case` AS c ON (s.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $query .= " JOIN `case` AS c ON (s.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $query .= " JOIN `sample` AS ss ON (ss.sample_id = c.sample_id AND ss.import_id = '{$qfs[1]}') "; } @@ -592,7 +592,7 @@ elseif ($subaction == "all") if ($qfs != false) { //Limit responses by questionnaire and/or sample - $sql_from .= " JOIN `case` AS c ON ({$surveytable}.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $sql_from .= " JOIN `case` AS c ON ({$surveytable}.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $sql_from .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -639,7 +639,7 @@ elseif ($subaction == "all") if ($qfs != false) { //Limit responses by questionnaire and/or sample - $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $dtquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -669,7 +669,7 @@ elseif ($subaction == "all") if ($qfs != false) { //Limit responses by questionnaire and/or sample - $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $dtquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -702,7 +702,7 @@ elseif ($subaction == "all") if ($qfs != false) { //Limit responses by questionnaire and/or sample - $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $dtquery .= " JOIN `case` AS c ON ({$surveytable}.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $dtquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } diff --git a/include/limesurvey/admin/export_data_functions.php b/include/limesurvey/admin/export_data_functions.php index daa5fc90..3a3544a3 100644 --- a/include/limesurvey/admin/export_data_functions.php +++ b/include/limesurvey/admin/export_data_functions.php @@ -460,7 +460,7 @@ function spss_getquery() { if ($qfs != false) { //Limit responses by questionnaire and/or sample - $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } diff --git a/include/limesurvey/admin/exportresults.php b/include/limesurvey/admin/exportresults.php index ffbc42d8..07662bdd 100644 --- a/include/limesurvey/admin/exportresults.php +++ b/include/limesurvey/admin/exportresults.php @@ -425,14 +425,15 @@ if ($tokenTableExists && $thissurvey['anonymized']=='N' && isset($_POST['attribu if (in_array('callattempts',$_POST['attribute_select'])) { $dquery .= ", (SELECT COUNT(c.call_attempt_id) - FROM call_attempt as c - WHERE c.case_id = {$dbprefix}survey_$surveyid.token) as callattempts "; + FROM call_attempt as c, `case` as ca + WHERE c.case_id = ca.case_id AND ca.token = {$dbprefix}survey_$surveyid.token) as callattempts "; } if (in_array('messagesleft',$_POST['attribute_select'])) { $dquery .= ", (SELECT COUNT(c2.call_id) - FROM `call` as c2 - WHERE c2.case_id = {$dbprefix}survey_$surveyid.token + FROM `call` as c2, `case` as ca2 + WHERE ca2.case_id = c2.case_id + AND ca2.token = {$dbprefix}survey_$surveyid.token AND c2.outcome_id = 23) as messagesleft "; } if (in_array('token',$_POST['attribute_select'])) @@ -477,7 +478,7 @@ if ($tokenTableExists && $thissurvey['anonymized']=='N' && isset($_POST['attribu { $dquery .= ", ( SELECT sv.val FROM sample_var as sv, `case` as c3 - WHERE c3.case_id = {$dbprefix}survey_$surveyid.token + WHERE c3.token = {$dbprefix}survey_$surveyid.token AND c3.sample_id = sv.sample_id AND sv.var LIKE '$attr_name') as attribute_$i "; @@ -505,7 +506,7 @@ $qfs = questionnaireSampleFilterstate(); if ($qfs != false) { //Limit responses by questionnaire and/or sample - $dquery .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $dquery .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $dquery .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } diff --git a/include/limesurvey/admin/statistics_function.php b/include/limesurvey/admin/statistics_function.php index e2104717..1e7f82a2 100644 --- a/include/limesurvey/admin/statistics_function.php +++ b/include/limesurvey/admin/statistics_function.php @@ -510,7 +510,7 @@ if ($qfs != false) { //Limit responses by questionnaire and/or sample - $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -1143,7 +1143,7 @@ if ($qfs != false) { //Limit responses by questionnaire and/or sample - $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -1207,7 +1207,7 @@ if ($qfs != false) { //Limit responses by questionnaire and/or sample - $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -1237,7 +1237,7 @@ if ($qfs != false) { //Limit responses by questionnaire and/or sample - $querystarter .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $querystarter .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $querystarter .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } @@ -1957,7 +1957,7 @@ if ($qfs != false) { //Limit responses by questionnaire and/or sample - $querylimit .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $querylimit .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $querylimit .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } diff --git a/include/limesurvey/admin/vvexport.php b/include/limesurvey/admin/vvexport.php index 44166ee5..53ce7274 100644 --- a/include/limesurvey/admin/vvexport.php +++ b/include/limesurvey/admin/vvexport.php @@ -123,7 +123,7 @@ elseif (isset($surveyid) && $surveyid) if ($qfs != false) { //Limit responses by questionnaire and/or sample - $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.case_id AND c.questionnaire_id = '{$qfs[0]}') "; + $query .= " JOIN `case` AS c ON ({$dbprefix}survey_$surveyid.token = c.token AND c.questionnaire_id = '{$qfs[0]}') "; if ($qfs[1] != 0) //if a sample is selected $query .= " JOIN `sample` AS s ON (s.sample_id = c.sample_id AND s.import_id = '{$qfs[1]}') "; } diff --git a/include/limesurvey/classes/expressions/LimeExpressionManager.php b/include/limesurvey/classes/expressions/LimeExpressionManager.php index d43c27d0..d6af41a0 100644 --- a/include/limesurvey/classes/expressions/LimeExpressionManager.php +++ b/include/limesurvey/classes/expressions/LimeExpressionManager.php @@ -3419,7 +3419,7 @@ $sql = "SELECT sv.var,sv.val FROM sample_var as sv, `case` as c WHERE c.sample_id = sv.sample_id - AND c.case_id = {$_SESSION['token']}"; + AND c.token = {$_SESSION['token']}"; $queXSrs = $connect->GetAssoc($sql); diff --git a/include/limesurvey/index.php b/include/limesurvey/index.php index ebb255ce..0524e2c1 100644 --- a/include/limesurvey/index.php +++ b/include/limesurvey/index.php @@ -2649,7 +2649,7 @@ function check_quota($checkaction,$surveyid) $querysel = "SELECT id FROM ".db_table_name('survey_'.$surveyid)." AS s JOIN `case` AS cq ON (cq.case_id = '$case_id') JOIN sample AS sampt ON (sampt.sample_id = cq.sample_id) - JOIN `case` AS c ON (c.case_id = s.token AND c.questionnaire_id = cq.questionnaire_id) + JOIN `case` AS c ON (c.token = s.token AND c.questionnaire_id = cq.questionnaire_id) JOIN `sample` as sam ON (c.sample_id = sam.sample_id AND sam.import_id = sampt.import_id) WHERE ".implode(' AND ',$querycond)." "." AND s.submitdate IS NOT NULL"; diff --git a/include/limesurvey/quexs.php b/include/limesurvey/quexs.php index dd961f46..5e3647f9 100644 --- a/include/limesurvey/quexs.php +++ b/include/limesurvey/quexs.php @@ -753,8 +753,14 @@ function get_start_interview_url() if ($case_id) { + $sql = "SELECT token + FROM `case` + WHERE case_id = $case_id"; + + $token = $db->GetOne($sql); + $sid = get_limesurvey_id($operator_id); - $url = LIME_URL . "index.php?loadall=reload&sid=$sid&token=$case_id&lang=" . DEFAULT_LOCALE; + $url = LIME_URL . "index.php?loadall=reload&sid=$sid&token=$token&lang=" . DEFAULT_LOCALE; $questionnaire_id = get_questionnaire_id($operator_id); //get prefills From 870078c8c30c1a3b3d7d6e42d5fcbfb1c9e7535d Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Thu, 24 Jan 2013 16:05:15 +1100 Subject: [PATCH 09/40] Some short tags that got missed --- voip/downloadvoipclient.php | 3 +-- voip/startvoipprocess.php | 2 +- voip/voipwatch.php | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/voip/downloadvoipclient.php b/voip/downloadvoipclient.php index c3048b62..70b2b84b 100644 --- a/voip/downloadvoipclient.php +++ b/voip/downloadvoipclient.php @@ -1,5 +1,4 @@ - Date: Thu, 24 Jan 2013 16:11:03 +1100 Subject: [PATCH 10/40] Last lot of short tags replaced --- display/index.php | 2 +- include/limesurvey/quexs.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/display/index.php b/display/index.php index c3bba3fb..e503bc27 100644 --- a/display/index.php +++ b/display/index.php @@ -1,4 +1,4 @@ - Date: Thu, 24 Jan 2013 16:23:24 +1100 Subject: [PATCH 11/40] Added separate case id output to token output --- include/limesurvey/admin/exportresults.php | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/include/limesurvey/admin/exportresults.php b/include/limesurvey/admin/exportresults.php index 07662bdd..53a58da6 100644 --- a/include/limesurvey/admin/exportresults.php +++ b/include/limesurvey/admin/exportresults.php @@ -254,7 +254,8 @@ $quexsfilterstate = questionnaireSampleFilterstate(); $exportoutput .= "\n"; } - $exportoutput .= "\n" + $exportoutput .= "\n" + ."\n" ."\n" ."\n"; @@ -422,6 +423,10 @@ else $dquery = "SELECT $selectfields"; if ($tokenTableExists && $thissurvey['anonymized']=='N' && isset($_POST['attribute_select']) && is_array($_POST['attribute_select'])) { + if (in_array('caseid',$_POST['attribute_select'])) + { + $dquery .= ", c.case_id "; + } if (in_array('callattempts',$_POST['attribute_select'])) { $dquery .= ", (SELECT COUNT(c.call_attempt_id) @@ -531,6 +536,11 @@ for ($i=0; $i<$fieldcount; $i++) if ($type == "csv") {$firstline .= "\"".$elang->gT("Number of answering machine messages left")."\"$separator";} else {$firstline .= $elang->gT("Number of answering machine messages left")."$separator";} } + elseif ($fieldinfo == "caseid") + { + if ($type == "csv") {$firstline .= "\"".$elang->gT("Case ID")."\"$separator";} + else {$firstline .= $elang->gT("Case ID")."$separator";} + } elseif ($fieldinfo == "email") { if ($type == "csv") {$firstline .= "\"".$elang->gT("Email address")."\"$separator";} @@ -548,8 +558,8 @@ for ($i=0; $i<$fieldcount; $i++) } elseif ($fieldinfo == "token") { - if ($type == "csv") {$firstline .= "\"".$elang->gT("Case ID")."\"$separator";} - else {$firstline .= $elang->gT("Case ID")."$separator";} + if ($type == "csv") {$firstline .= "\"".$elang->gT("Token")."\"$separator";} + else {$firstline .= $elang->gT("Token")."$separator";} } elseif (substr($fieldinfo,0,10)=="attribute_") { From 9694ec704c3708897c2632a26dfbb565c12a1207 Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Fri, 25 Jan 2013 15:30:59 +1100 Subject: [PATCH 12/40] Fixed expression manager selection by token Fixed export notices about array --- include/limesurvey/admin/exportresults.php | 15 +++++++++++++-- .../classes/expressions/LimeExpressionManager.php | 2 +- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/include/limesurvey/admin/exportresults.php b/include/limesurvey/admin/exportresults.php index 53a58da6..56efb414 100644 --- a/include/limesurvey/admin/exportresults.php +++ b/include/limesurvey/admin/exportresults.php @@ -425,7 +425,9 @@ if ($tokenTableExists && $thissurvey['anonymized']=='N' && isset($_POST['attribu { if (in_array('caseid',$_POST['attribute_select'])) { - $dquery .= ", c.case_id "; + $dquery .= ", (SELECT c4.case_id + FROM `case` as c4 + WHERE c4.token = {$dbprefix}survey_$surveyid.token) as caseid "; } if (in_array('callattempts',$_POST['attribute_select'])) { @@ -834,7 +836,7 @@ elseif ($answers == "long") //chose complete answers $fqid=0; // By default fqid is set to zero $field=$dresult->FetchField($i); $fieldinfo=$field->name; - if ($fieldinfo != "startlanguage" && $fieldinfo != "id" && $fieldinfo != "datestamp" && $fieldinfo != "startdate" && $fieldinfo != "ipaddr" && $fieldinfo != "refurl" && $fieldinfo != "token" && $fieldinfo != "firstname" && $fieldinfo != "lastname" && $fieldinfo != "email" && (substr($fieldinfo,0,10)!="attribute_") && $fieldinfo != "completed") + if ($fieldinfo != "startlanguage" && $fieldinfo != "id" && $fieldinfo != "datestamp" && $fieldinfo != "startdate" && $fieldinfo != "ipaddr" && $fieldinfo != "refurl" && $fieldinfo != "token" && $fieldinfo != "firstname" && $fieldinfo != "lastname" && $fieldinfo != "email" && (substr($fieldinfo,0,10)!="attribute_") && $fieldinfo != "completed" && $fieldinfo != "caseid" && $fieldinfo != "callattempts" && $fieldinfo != "messagesleft") { $fielddata=$fieldmap[$fieldinfo]; $fqid=$fielddata['qid']; @@ -855,6 +857,15 @@ elseif ($answers == "long") //chose complete answers { switch($fieldinfo) { + case "caseid": + $ftitle=$elang->gT("Case ID").":"; + break; + case "callattempts": + $ftitle=$elang->gT("Number of call attempts").":"; + break; + case "messagesleft": + $ftitle=$elang->gT("Number of answering machine messages left").":"; + break; case "datestamp": $ftitle=$elang->gT("Date Last Action").":"; break; diff --git a/include/limesurvey/classes/expressions/LimeExpressionManager.php b/include/limesurvey/classes/expressions/LimeExpressionManager.php index d6af41a0..175265e4 100644 --- a/include/limesurvey/classes/expressions/LimeExpressionManager.php +++ b/include/limesurvey/classes/expressions/LimeExpressionManager.php @@ -3419,7 +3419,7 @@ $sql = "SELECT sv.var,sv.val FROM sample_var as sv, `case` as c WHERE c.sample_id = sv.sample_id - AND c.token = {$_SESSION['token']}"; + AND c.token = '{$_SESSION['token']}'"; $queXSrs = $connect->GetAssoc($sql); From 075cd0a1a9d688c15c5ce6306b71e2b8f8ebd269 Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Fri, 25 Jan 2013 15:35:02 +1100 Subject: [PATCH 13/40] Added mysql code to allow for accessing pre-token cases --- CHANGELOG | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG b/CHANGELOG index c7263c03..60a6891f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -8,6 +8,10 @@ Database updates: ALTER TABLE `case` ADD `token` VARCHAR( 36 ) NOT NULL ; ALTER TABLE `case` ADD UNIQUE (`token`); +To allow for accessing existing cases in new system, need to assign a "token" for each case + +UPDATE `case` SET token = case_id; + queXS 1.6.1 - Changes since 1.6.0 New Feature: Include paradata/metadata in data output (number call attempts, number of answering machine messages and all sample variables) From 8eef600032ea9532eb70025c21840fc16b224e7c Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Tue, 29 Jan 2013 10:59:26 +1100 Subject: [PATCH 14/40] Add example htaccess files for security of directories --- include/limesurvey/.htaccess.example | 4 ++++ include/limesurvey/admin/.htaccess.example | 5 +++++ 2 files changed, 9 insertions(+) create mode 100644 include/limesurvey/.htaccess.example create mode 100644 include/limesurvey/admin/.htaccess.example diff --git a/include/limesurvey/.htaccess.example b/include/limesurvey/.htaccess.example new file mode 100644 index 00000000..a1c5bab2 --- /dev/null +++ b/include/limesurvey/.htaccess.example @@ -0,0 +1,4 @@ +AuthType None +Satisfy Any +Order Deny, Allow +Allow from All diff --git a/include/limesurvey/admin/.htaccess.example b/include/limesurvey/admin/.htaccess.example new file mode 100644 index 00000000..416f0f13 --- /dev/null +++ b/include/limesurvey/admin/.htaccess.example @@ -0,0 +1,5 @@ +AuthType Basic +AuthName "queXS CATI: Authentication Required" +AuthUserFile /var/opt/quexs/htpasswd +AuthGroupFile /var/opt/quexs/htgroup +require group admin From 61a7ac0803d0b0d85b1203b62277df7c5048e741 Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Tue, 29 Jan 2013 12:00:46 +1100 Subject: [PATCH 15/40] Added new outcome codes and sample variable type --- CHANGELOG | 14 +++++++++++++- admin/databasestrings.php | 3 +++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 60a6891f..1f5d8bf0 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -8,10 +8,22 @@ Database updates: ALTER TABLE `case` ADD `token` VARCHAR( 36 ) NOT NULL ; ALTER TABLE `case` ADD UNIQUE (`token`); -To allow for accessing existing cases in new system, need to assign a "token" for each case +To allow for accessing existing cases in new system, need to assign a "token" for each case: UPDATE `case` SET token = case_id; +New outcomes for email invitation and online self completion: + +INSERT INTO `outcome` (`outcome_id`, `aapor_id`, `description`, `default_delay_minutes`, `outcome_type_id`, `tryanother`, `contacted`, `tryagain`, `eligible`, `require_note`, `calc`) VALUES +(34, '1.1', 'Self completed online', 0, 4, 0, 1, 1, 1, 0, 'I'), +(35, '2.36', 'Self completion email invitation sent', 10080, 1, 0, 1, 1, 1, 0, 'O'); + +New sample variable type (Email address): + +INSERT INTO `sample_var_type` (`type`, `description`, `table`) VALUES +(8, 'Email address', ''); + + queXS 1.6.1 - Changes since 1.6.0 New Feature: Include paradata/metadata in data output (number call attempts, number of answering machine messages and all sample variables) diff --git a/admin/databasestrings.php b/admin/databasestrings.php index 52dcd1b4..18002cc4 100755 --- a/admin/databasestrings.php +++ b/admin/databasestrings.php @@ -85,5 +85,8 @@ T_("State"); T_("Postcode"); T_("Respondent first name"); T_("Respondent last name"); +T_("Email address"); +T_("Self completion email invitation sent"); +T_("Self completed online"); ?> From 01cd69c0fc7e8f83b12f6effe62d14b40fd5111f Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Wed, 30 Jan 2013 15:45:24 +1100 Subject: [PATCH 16/40] Add specification for storing self completion details Allow for self completion without using interviewer argument to Limesurvey (need to update to take details from database) --- CHANGELOG | 5 ++++ functions/functions.operator.php | 4 +-- include/limesurvey/group.php | 42 ++++++++++++++++++++++---------- include/limesurvey/index.php | 34 ++++++++++++++++++++------ include/limesurvey/quexs.php | 36 ++++++++++++++++++++++++--- 5 files changed, 95 insertions(+), 26 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 1f5d8bf0..ca5e5fa0 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -23,6 +23,11 @@ New sample variable type (Email address): INSERT INTO `sample_var_type` (`type`, `description`, `table`) VALUES (8, 'Email address', ''); +Specify details of respondent self completion: + +ALTER TABLE `questionnaire` ADD `lime_mode` VARCHAR( 64 ) NULL COMMENT 'Limesurvey mode for respondent self completion' AFTER `info` , +ADD `lime_template` VARCHAR( 128 ) NULL COMMENT 'Limesurvey template for respondent self completion' AFTER `lime_mode` , +ADD `lime_endurl` VARCHAR( 256 ) NULL COMMENT 'Forwarding end URL for respondent self completion' AFTER `lime_template` ; queXS 1.6.1 - Changes since 1.6.0 diff --git a/functions/functions.operator.php b/functions/functions.operator.php index 6cbad231..597fe83e 100644 --- a/functions/functions.operator.php +++ b/functions/functions.operator.php @@ -1099,7 +1099,7 @@ function get_respondentselection_url($operator_id,$escape = true,$interface2 = f { $sid = get_limesurvey_id($operator_id,true); //true for RS if ($sid != false && !empty($sid) && $sid != 'NULL') - $url = LIME_URL . "index.php?loadall=reload" . $amp . "sid=$sid" . $amp . "token=$call_id" . $amp . "lang=" . DEFAULT_LOCALE; + $url = LIME_URL . "index.php?interviewer=interviewer&loadall=reload" . $amp . "sid=$sid" . $amp . "token=$call_id" . $amp . "lang=" . DEFAULT_LOCALE; else { if ($interface2) @@ -1142,7 +1142,7 @@ function get_limesurvey_url($operator_id) $token = $db->GetOne($sql); $sid = get_limesurvey_id($operator_id); - $url = LIME_URL . "index.php?loadall=reload&sid=$sid&token=$token&lang=" . DEFAULT_LOCALE; + $url = LIME_URL . "index.php?interviewer=interviewer&loadall=reload&sid=$sid&token=$token&lang=" . DEFAULT_LOCALE; $questionnaire_id = get_questionnaire_id($operator_id); //get prefills diff --git a/include/limesurvey/group.php b/include/limesurvey/group.php index fa41d0af..ba449634 100644 --- a/include/limesurvey/group.php +++ b/include/limesurvey/group.php @@ -19,19 +19,26 @@ require_once("save.php"); // for supporting functions only // $LEMdebugLevel - customizable debugging for Lime Expression Manager $LEMdebugLevel=0; // LEM_DEBUG_TIMING; // (LEM_DEBUG_TIMING + LEM_DEBUG_VALIDATION_SUMMARY + LEM_DEBUG_VALIDATION_DETAIL); $LEMskipReprocessing=false; // true if used GetLastMoveResult to avoid generation of unneeded extra JavaScript -switch ($thissurvey['format']) + +if ($interviewer) { - case "A": //All in one - $surveyMode='survey'; - break; - default: - case "S": //One at a time - $surveyMode='question'; - break; - case "G": //Group at a time - $surveyMode='group'; - break; + switch ($thissurvey['format']) + { + case "A": //All in one + $surveyMode='survey'; + break; + default: + case "S": //One at a time + $surveyMode='question'; + break; + case "G": //Group at a time + $surveyMode='group'; + break; + } } +else + $surveyMode='survey'; + $radix=getRadixPointData($thissurvey['surveyls_numberformat']); $radix = $radix['seperator']; @@ -461,8 +468,17 @@ else include_once("quexs.php"); $quexs_url = get_start_interview_url(); $url = str_replace("{STARTINTERVIEWURL}", $quexs_url, $url); - - $end_url = get_end_interview_url(); + + if ($interviewer) + { + $end_url = get_end_interview_url(); + } + else + { + $url = get_end_interview_url($clienttoken); + quexs_completed_by_respondent($surveyid,$clienttoken); + } + $url = str_replace("{ENDINTERVIEWURL}", $end_url, $url); header("Location: {$url}"); diff --git a/include/limesurvey/index.php b/include/limesurvey/index.php index 0524e2c1..7f9a01b2 100644 --- a/include/limesurvey/index.php +++ b/include/limesurvey/index.php @@ -56,6 +56,7 @@ if (isset($_GET['loadall']) && $_GET['loadall'] == "reload" && isset($_GET['toke //Must destroy the session session_unset(); } + //end queXS Addition //LimeExpressionManager::SetSurveyId($surveyid); // must be called early - it clears internal cache if a new survey is being used @@ -120,6 +121,21 @@ if ( $embedded && $embedded_inc != '' ) require_once( $embedded_inc ); } +//queXS Addition +//see who is doing this survey - an interviewer or the respondent directly +$interviewer=returnglobal('interviewer'); +if (!empty($interviewer) || (isset($_SESSION['interviewer']) && $_SESSION['interviewer'] == true)) +{ + $interviewer = true; + $_SESSION['interviewer'] = true; +} +else +{ + $interviewer = false; +} + + + //CHECK FOR REQUIRED INFORMATION (sid) if (!$surveyid || !$surveyexists) { @@ -512,16 +528,20 @@ else - -//SET THE TEMPLATE DIRECTORY -if (!$thissurvey['templatedir']) +if ($interviewer) { - $thistpl=sGetTemplatePath($defaulttemplate); + //SET THE TEMPLATE DIRECTORY + if (!$thissurvey['templatedir']) + { + $thistpl=sGetTemplatePath($defaulttemplate); + } + else + { + $thistpl=sGetTemplatePath($thissurvey['templatedir']); + } } else -{ - $thistpl=sGetTemplatePath($thissurvey['templatedir']); -} + $thistpl=sGetTemplatePath('sherpa'); diff --git a/include/limesurvey/quexs.php b/include/limesurvey/quexs.php index 0efbdf64..0d2bb8ea 100644 --- a/include/limesurvey/quexs.php +++ b/include/limesurvey/quexs.php @@ -36,6 +36,30 @@ require_once(dirname(__FILE__).'/../../config.inc.php'); +/** + * Set the case as completed by respondent + * + * @param int $surveyid The limesurvey survey id + * @param string $clienttoken The token + * + * @return none + * @author Adam Zammit + * @since 2013-01-30 + */ +function quexs_completed_by_respondent($surveyid,$clienttoken) +{ + $db = newADOConnection(DB_TYPE); + $db->Connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); + $db->SetFetchMode(ADODB_FETCH_ASSOC); + + $sql = "UPDATE `case` + SET current_outcome_id = 34 + WHERE token = '$clienttoken'"; + + $db->Execute($sql); +} + + /** * Get the number of answering messages left for this case * @@ -715,7 +739,7 @@ function get_respondent_selection_url() { $sid = get_limesurvey_id($operator_id,true); //true for RS if ($sid != false && !empty($sid) && $sid != 'NULL') - $url = LIME_URL . "index.php?loadall=reload&sid=$sid&token=$call_id&lang=" . DEFAULT_LOCALE; + $url = LIME_URL . "index.php?interviewer=interviewer&loadall=reload&sid=$sid&token=$call_id&lang=" . DEFAULT_LOCALE; else $url = 'rs_intro.php'; } @@ -727,11 +751,15 @@ function get_respondent_selection_url() /** * Get the URL to end the interview * + * @param string $token The token if ended by the respondent, blank if ended by the interviewer * @return string The URL to end the interview */ -function get_end_interview_url() +function get_end_interview_url($token = "") { - return QUEXS_URL . "rs_project_end.php"; + if ($token == "") + return QUEXS_URL . "rs_project_end.php"; + else + return "http://www.google.com.au"; } /** @@ -760,7 +788,7 @@ function get_start_interview_url() $token = $db->GetOne($sql); $sid = get_limesurvey_id($operator_id); - $url = LIME_URL . "index.php?loadall=reload&sid=$sid&token=$token&lang=" . DEFAULT_LOCALE; + $url = LIME_URL . "index.php?interviewer=interviewer&loadall=reload&sid=$sid&token=$token&lang=" . DEFAULT_LOCALE; $questionnaire_id = get_questionnaire_id($operator_id); //get prefills From bc56e1031156d7b9db756ddf2731fdfb36ae90d6 Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Wed, 30 Jan 2013 16:24:26 +1100 Subject: [PATCH 17/40] Added respondent self completion details to new questionnaire's (need to add to modify) --- admin/new.php | 34 ++++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/admin/new.php b/admin/new.php index 89ab8a29..fac19006 100644 --- a/admin/new.php +++ b/admin/new.php @@ -68,12 +68,25 @@ if (isset($_POST['import_file'])) $testing = 0; $rs = 0; $lime_sid = 0; + $respsc = 0; $lime_rs_sid = "NULL"; if (isset($_POST['ras'])) $ras = 1; if (isset($_POST['rws'])) $rws = 1; if (isset($_POST['testing'])) $testing = 1; + if (isset($_POST['respsc'])) $respsc = 1; if ($_POST['selectrs'] != "none") $rs = 1; + $lime_mode = "NULL"; + $lime_template = "NULL"; + $lime_endurl = "NULL"; + + if ($respsc == 1) + { + $lime_mode = $db->qstr($_POST['lime_mode'],get_magic_quotes_gpc()); + $lime_template = $db->qstr($_POST['lime_template'],get_magic_quotes_gpc()); + $lime_endurl = $db->qstr($_POST['lime_endurl'],get_magic_quotes_gpc()); + } + $name = $db->qstr($_POST['description'],get_magic_quotes_gpc()); $rs_intro = $db->qstr(html_entity_decode($_POST['rs_intro'],get_magic_quotes_gpc())); $rs_project_intro = $db->qstr(html_entity_decode($_POST['rs_project_intro'],get_magic_quotes_gpc())); @@ -91,8 +104,8 @@ if (isset($_POST['import_file'])) $lime_rs_sid = bigintval($_POST['selectrs']); } - $sql = "INSERT INTO questionnaire (questionnaire_id,description,lime_sid,restrict_appointments_shifts,restrict_work_shifts,respondent_selection,rs_intro,rs_project_intro,rs_project_end,rs_callback,rs_answeringmachine,testing,lime_rs_sid,info) - VALUES (NULL,$name,'$lime_sid','$ras','$rws','$rs',$rs_intro,$rs_project_intro,$rs_project_end,$rs_callback,$rs_answeringmachine,'$testing',$lime_rs_sid,$info)"; + $sql = "INSERT INTO questionnaire (questionnaire_id,description,lime_sid,restrict_appointments_shifts,restrict_work_shifts,respondent_selection,rs_intro,rs_project_intro,rs_project_end,rs_callback,rs_answeringmachine,testing,lime_rs_sid,info,lime_mode,lime_template,lime_endurl) + VALUES (NULL,$name,'$lime_sid','$ras','$rws','$rs',$rs_intro,$rs_project_intro,$rs_project_end,$rs_callback,$rs_answeringmachine,'$testing',$lime_rs_sid,$info,$lime_mode,$lime_template,$lime_endurl)"; $rs = $db->Execute($sql); @@ -179,6 +192,23 @@ $ckeditorConfig = array("toolbar" => array(array("tokens","-","Source"),

+

+