0) { error_reporting(E_ALL); //For debug purposes - switch on in config.phh } if (ini_get("max_execution_time")<120) @set_time_limit(120); // Maximum execution time - works only if safe_mode is off @ini_set("memory_limit",$memorylimit); // Set Memory Limit for big surveys // Now check for PHP & db version // Do not localize/translate this! $ver = explode( '.', PHP_VERSION ); $ver_num = $ver[0] . $ver[1] . $ver[2]; $dieoutput=''; $maildebug=''; if ( $ver_num < 432 ) { $dieoutput .= 'This script needs PHP 4.3.2 or above! Your version: '.phpversion().'
'; } if (!function_exists('mb_convert_encoding')) { $dieoutput .= "This script needs the PHP Multibyte String Functions library installed: See FAQ and PHP documentation
"; } if ($dieoutput!='') die($dieoutput); ################################################################################## ## DO NOT EDIT BELOW HERE ################################################################################## require_once ($rootdir.'/classes/adodb/adodb.inc.php'); require_once ($rootdir.'/classes/phpmailer/class.phpmailer.php'); require_once ($rootdir.'/classes/php-gettext/gettextinc.php'); require_once ($rootdir.'/classes/core/surveytranslator.php'); require_once ($rootdir.'/classes/core/sanitize.php'); $dbprefix=strtolower($dbprefix); define("_PHPVERSION", phpversion()); if($_SERVER['SERVER_SOFTWARE'] == "Xitami") //Deal with Xitami Issue { $_SERVER['PHP_SELF'] = substr($_SERVER['SERVER_URL'], 0, -1) .$_SERVER['SCRIPT_NAME']; } /* * $sourcefrom variable checks the location of the current script against * the administration directory, and if the current script is running * in the administration directory, it is set to "admin". Otherwise it is set * to "public". When $sourcefrom is "admin" certain administration only functions * are loaded. */ $scriptlocation=realpath("."); $slashlesspath=str_replace(array("\\", "/"), "", $scriptlocation); $slashlesshome=str_replace(array("\\", "/"), "", $homedir); // Uncomment the following line for debug purposes // echo $slashlesspath." - ".$slashlesshome; if (eregi($slashlesshome, $slashlesspath) || eregi("dump", $_SERVER['PHP_SELF'])) { if (!eregi($slashlesshome."install", $slashlesspath)) { $sourcefrom="admin"; } else { $sourcefrom="install"; } } else { $sourcefrom="public"; } // Set path for captcha verification.php if ($sourcefrom == "admin") { $captchapath='../'; } else { $captchapath=''; } //BEFORE SESSIONCONTOL BECAUSE OF THE CONNECTION //CACHE DATA $connect=&ADONewConnection($databasetype); $database_exists = FALSE; switch ($databasetype) { case "mysql" :if ($databaseport!="default") {$dbport="$databaselocation:$databaseport";} else {$dbport=$databaselocation;} break; case "odbc_mssql": $dbport="Driver={SQL Server};Server=$databaselocation;Database=".$databasename; break; case "postgres": if ($databaseport!="default") {$dbport="$databaselocation:$databaseport";} else {$dbport=$databaselocation;} break; default: safe_die("Unknown database type"); } // Now try connecting to the database if (@$connect->Connect($dbport, $databaseuser, $databasepass, $databasename)) { $database_exists = TRUE;} else { // If that doesnt work try connection without database-name $connect->database = ''; if ($databasetype=='odbc_mssql') {$dbport="Driver={SQL Server};Server=$databaselocation;";} if (!@$connect->Connect($dbport, $databaseuser, $databasepass)) { safe_die("Can't connect to LimeSurvey database. Reason: ".$connect->ErrorMsg()); } } // AdoDB seems to be defaulting to ADODB_FETCH_NUM and we want to be sure that the right default mode is set $connect->SetFetchMode(ADODB_FETCH_ASSOC); $dbexistsbutempty=($database_exists && checkifemptydb()); if ($databasetype=='mysql') { if ($debug>1) { @$connect->Execute("SET SESSION SQL_MODE='STRICT_ALL_TABLES,ANSI'"); } //for development - use mysql in the strictest mode //Checked $infoarray=$connect->ServerInfo(); if (version_compare ($infoarray['version'],'4.1','<')) { safe_die ("
Error: You need at least MySQL version 4.1 to run LimeSurvey"); } @$connect->Execute("SET CHARACTER SET 'utf8'"); //Checked } // Setting dateformat for mssql driver. It seems if you don't do that the in- and output format could be different if ($databasetype=='odbc_mssql') { @$connect->Execute('SET DATEFORMAT ymd;'); //Checked } // Check if the DB is up to date If ($dbexistsbutempty && $sourcefrom=='admin') { die ("
The LimeSurvey database does exist but it seems to be empty. Please run the install script to create the necessary tables."); } // Check if the DB is up to date If (!$dbexistsbutempty && $sourcefrom=='admin') { $usquery = "SELECT stg_value FROM ".db_table_name("settings_global")." where stg_name='DBVersion'"; $usresult = db_execute_assoc($usquery,'',true); //checked if (!$usresult) { die ("
The configured LimeSurvey database does not seem to exist and the LimeSurvey tables weren't found.
Please check the online manual for installation instructions.
If you already edited config.php please run the installation script."); } $usrow = $usresult->FetchRow(); if (intval($usrow['stg_value'])<$dbversionnumber) { die ("
The LimeSurvey database is not up to date.
Please run the installation script to upgrade your database."); } if (is_dir($homedir."/install") && $debug<2) { die ("
Everything is fine - you just forgot to delete or rename your LimeSurvey installation directory (/admin/install).
Please do so since it may be a security risk."); } } //Admin menus and standards //IF THIS IS AN ADMIN SCRIPT, RUN THE SESSIONCONTROL SCRIPT if ($sourcefrom == "admin") { include(dirname(__FILE__)."/admin/sessioncontrol.php"); /** * @param string $htmlheader * This is the html header text for all administration pages * */ $htmlheader = getAdminHeader(); } //SET LANGUAGE DIRECTORY if ($sourcefrom == "admin") { $langdir="$publicurl/locale/".$_SESSION['adminlang']."/help"; $langdirlocal="$rootdir/locale/".$_SESSION['adminlang']."/help"; if (!is_dir($langdirlocal)) // is_dir only works on local dirs { $langdir="$publicurl/locale/en/help"; //default to english if there is no matching language dir } } //SET LOCAL TIME if (substr($timeadjust,1,1)!='-' && substr($timeadjust,1,1)!='+') {$timeadjust='+'.$timeadjust.' hours';} // SITE STYLES $setfont = ""; $singleborderstyle = "style='border: 1px solid #111111'"; /** * showadminmenu() function returns html text for the administration button bar * @global string $homedir * @global string $scriptname * @global string $surveyid * @global string $setfont * @global string $imagefiles * @return string $adminmenu */ function showadminmenu() { global $homedir, $scriptname, $surveyid, $setfont, $imagefiles, $clang, $debug; $adminmenu = "\n"; if ($_SESSION['pw_notify'] && $debug<2) {$adminmenu .="";} $adminmenu .="\t\n" . "\t\t\n" . "\n" . "
".$clang->gT("Warning: You are still using the default password ('password'). Please change your password and re-login again.")."
\n" . "\t\t\t\n" . "\t\t\t\n" . "\t\t\t\t\n" . "\t\t\t\n" . "\t\t\t\n" . "\t\t\t\t\n"; } if(isset($_SESSION['loginID'])) //ADDED by Moses to prevent errors by reading db while not logged in. { $adminmenu .= "\t\t\t\t\n"; } $adminmenu .= "\t\t\t\n" . "\t\t
\n" . "\t\t\t\t".$clang->gT("Administration").""; if(isset($_SESSION['loginID'])) { $adminmenu .= " -- ".$clang->gT("Logged in as"). ": ". $_SESSION['user'] .""."\n"; } $adminmenu .= "\t\t\t\t
\n" . "\t\t\t\t\tgTview("Default Administration Page")."\"" . "onmouseout=\"hideTooltip()\" onmouseover=\"showTooltip(event,'".$clang->gT("Default Administration Page", "js")."');return false\">" . "".$clang->gT("Default Administration Page")."\n"; $adminmenu .= "\t\t\t\t\t\n" . "\t\t\t\t\t\n"; // edit users $adminmenu .= "\t\t\t\t\tgTview("Create/Edit Users")."\" " . "onmouseout=\"hideTooltip()\"" . "onmouseover=\"showTooltip(event,'".$clang->gT("Create/Edit Users", "js")."');return false\">" . "".$clang->gT("Create/Edit Users").""; $adminmenu .="gTview("Create/Edit Groups")."\" " . "onmouseout=\"hideTooltip()\"" . "onmouseover=\"showTooltip(event,'".$clang->gT("Create/Edit Groups", "js")."');return false\">" . "".$clang->gT("Create/Edit Groups")."\n" ; // check settings //"\t\t\t\t\t\n". $adminmenu .= "gTview("Show System Summary")."\" " . "onmouseout=\"hideTooltip()\"" . "onmouseover=\"showTooltip(event,'".$clang->gT("Show System Summary", "js")."');return false\">" . "\t\t\t\t\t". $clang->gT("Show System Summary")."" . "\t\t\t\t\t\n"; // check data cosistency if($_SESSION['USER_RIGHT_CONFIGURATOR'] == 1) { $adminmenu .= "gTview("Check Data Integrity")."\" ". "onmouseout=\"hideTooltip()\"" ."onmouseover=\"showTooltip(event,'".$clang->gT("Check Data Integrity", "js")."');return false\">". "".$clang->gT("Check Data Integrity")."\n"; } else { $adminmenu .= "\t\t\t\t\t\n"; } // list surveys $adminmenu .= "gTview("List Surveys")."\" " ."onmouseout=\"hideTooltip()\"" ."onmouseover=\"showTooltip(event,'".$clang->gT("List Surveys", "js")."');return false\">\n" ."".$clang->gT("List Surveys")."" ."" ; // db backup & label editor if($_SESSION['USER_RIGHT_CONFIGURATOR'] == 1) { $adminmenu .= "gTview("Backup Entire Database")."\" " . "onclick=\"window.open('$scriptname?action=dumpdb', '_self')\"" . "onmouseout=\"hideTooltip()\"" . "onmouseover=\"showTooltip(event,'".$clang->gT("Backup Entire Database", "js")."');return false\">" ."". $clang->gT("Backup Entire Database")."($surveyid)" ."\n" . "\t\t\t\t\t\n"; } else { $adminmenu .= "\t\t\t\t\t\n"; } if($_SESSION['USER_RIGHT_MANAGE_LABEL'] == 1) { $adminmenu .= "gTview("Edit/Add Label Sets")."\" " . "onmouseout=\"hideTooltip()\"" . "onmouseover=\"showTooltip(event,'".$clang->gT("Edit/Add Label Sets", "js")."');return false\">" . "". $clang->gT("Edit/Add Label Sets")."\n" . "\t\t\t\t\t\n"; } else { $adminmenu .= "\t\t\t\t\t\n"; } if($_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] == 1) { $adminmenu .= "gTview("Template Editor")."\" " . "onmouseout=\"hideTooltip()\"" . "onmouseover=\"showTooltip(event,'".$clang->gT("Template Editor", "js")."');return false\">" . "". $clang->gT("Template Editor")."\n" . "\t\t\t\t\n" . "gTview("Show Help")."\" " . "onmouseout=\"hideTooltip()\"" . "onmouseover=\"showTooltip(event,'".$clang->gT("Show Help", "js")."');return false\">" . "" . "\t\t\t\t\tgTview("Logout")."\" " . "onmouseout=\"hideTooltip()\"" . "onmouseover=\"showTooltip(event,'".$clang->gT("Logout", "js")."');return false\">" . "".$clang->gT("Logout")."" . "\t\t\t\t\t\n"; if($_SESSION['USER_RIGHT_CREATE_SURVEY'] == 1) { $adminmenu .= "gTview("Create or Import New Survey")."\" " . "onmouseout=\"hideTooltip()\"" . "onmouseover=\"showTooltip(event,'".$clang->gT("Create or Import New Survey", "js")."');return false\">" . "". $clang->gT("Create or Import New Survey")."\n"; } $adminmenu .= "\t\t\t\t\t".$clang->gT("Surveys").":" . "\t\t\t\t\t\n" . "\t\t\t\t
\n" . "\t
\n"; return $adminmenu; } //DATA TYPES $qtypeselect = getqtypelist(); function &db_execute_num($sql,$inputarr=false) { global $connect; // Todo: Set fetchmode to previous state after changing //$oldfetchmode= $connect->SetFetchMode(ADODB_FETCH_NUM); $dataset=$connect->Execute($sql,$inputarr); //Checked //$connect->SetFetchMode($oldfetchmode); return $dataset; } function &db_select_limit_num($sql,$numrows=-1,$offset=-1,$inputarr=false) { global $connect; $dataset=$connect->SelectLimit($sql,$numrows=-1,$offset=-1,$inputarr=false) or safe_die($sql); return $dataset; } function &db_execute_assoc($sql,$inputarr=false,$silent=false) { global $connect; // Todo: Set fetchmode to previous state after changing // $oldfetchmode= $connect->SetFetchMode(ADODB_FETCH_ASSOC); $dataset=$connect->Execute($sql,$inputarr); //Checked if (!$silent && !$dataset) {safe_die($connect->ErrorMsg().':'.$sql);} // $connect->SetFetchMode($oldfetchmode); return $dataset; } function &db_select_limit_assoc($sql,$numrows=-1,$offset=-1,$inputarr=false,$dieonerror=true) { global $connect; $connect->SetFetchMode(ADODB_FETCH_ASSOC); $dataset=$connect->SelectLimit($sql,$numrows,$offset,$inputarr=false); if (!$dataset && $dieonerror) {safe_die($connect->ErrorMsg().':'.$sql);} return $dataset; } function db_quote_id($id) // This functions quotes fieldnames accordingly { global $databasetype; // WE DONT HAVE nor USE other thing that alfanumeric characters in the field names // $quote = $connect->nameQuote; // return $quote.str_replace($quote,$quote.$quote,$id).$quote; switch ($databasetype) { case "mysql" : return "`".$id."`"; break; case "odbc_mssql" : return "[".$id."]"; break; case "postgres": return "\"".$id."\""; break; default: return "`".$id."`"; } } function db_random() { global $connect,$databasetype; if ($databasetype=='odbc_mssql') {$srandom='NEWID()';} else {$srandom=$connect->random;} return $srandom; } function db_quote($str) // This functions escapes the string only inside { global $connect; return $connect->escape($str); } function db_quoteall($str,$ispostvar=false) // This functions escapes the string inside and puts quotes around the string according to the used db type // IF you are quoting a variable from a POST/GET then set $ispostvar to true so it doesnt get quoted twice. { global $connect; if ($ispostvar) { return $connect->qstr($str, get_magic_quotes_gpc());} else {return $connect->qstr($str);} } function db_table_name($name) { global $dbprefix; return db_quote_id($dbprefix.$name); } function db_table_name_nq($name) //returns the table name without quotes { global $dbprefix; return $dbprefix.$name; } /* * Return a sql statement for finding LIKE named tables */ function db_select_tables_like($table) { global $databasetype; switch ($databasetype) { case 'mysql' : return "SHOW TABLES LIKE '$table'"; case 'odbc_mssql' : return "SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES where TABLE_TYPE='BASE TABLE' and TABLE_NAME LIKE '$table'"; case 'postgres' : return "SELECT table_name FROM information_schema.tables WHERE table_schema = 'public' and table_name like '$table'"; default: safe_die ("Couldn't create 'select tables like' query for connection type 'databaseType'"); } } /* * Return a boolean stating if the table(s) exist(s) * Accepts '%' in names since it uses the 'like' statement */ function db_tables_exist($table) { global $connect; $surveyHasTokensTblQ = db_select_tables_like("$table"); $surveyHasTokensTblResult = db_execute_num($surveyHasTokensTblQ); //Checked if ($surveyHasTokensTblResult->RecordCount() >= 1) { return TRUE; } else { return FALSE; } } /** * getsurveylist() Queries the database (survey table) for a list of existing surveys * @global string $surveyid * @global string $dbprefix * @global string $scriptname * @return string This string is returned containing formatted list of existing surveys * */ function getsurveylist() { global $surveyid, $dbprefix, $scriptname, $connect, $clang; $surveyidquery = "SELECT a.sid, a.owner_id, surveyls_title, surveyls_description, a.admin, a.active, surveyls_welcometext, a.useexpiry, a.expires, " . "a.adminemail, a.private, a.faxto, a.format, a.template, a.url, " . "a.language, a.datestamp, a.ipaddr, a.refurl, a.usecookie, a.notification, a.allowregister, a.attribute1, a.attribute2, " . "a.allowsave, a.autoredirect, a.allowprev, a.datecreated FROM ".db_table_name('surveys')." AS a " . "INNER JOIN ".db_table_name('surveys_languagesettings')." on (surveyls_survey_id=a.sid and surveyls_language=a.language) "; if ($_SESSION['USER_RIGHT_SUPERADMIN'] != 1) { $surveyidquery .= " INNER JOIN ".db_table_name('surveys_rights')." AS b ON a.sid = b.sid "; $surveyidquery .= "WHERE b.uid =".$_SESSION['loginID']; } $surveyidquery .= " order by active DESC, surveyls_title"; $surveyidresult = db_execute_num($surveyidquery); //Checked if (!$surveyidresult) {return "Database Error";} $surveyselecter = ""; $surveynames = $surveyidresult->GetRows(); $activesurveys=''; $inactivesurveys=''; if ($surveynames) { foreach($surveynames as $sv) { if($sv[5]!='Y') { $inactivesurveys .= "\t\t\t\n"; $surveyselecter .= $inactivesurveys . "\t\t\t"; } if (!isset($svexist)) {$surveyselecter = "\t\t\t\n".$surveyselecter;} else {$surveyselecter = "\t\t\t\n".$surveyselecter;} return $surveyselecter; } /** * getquestions() queries the database for a list of all questions matching the current survey sid * @global string $surveyid * @global string $gid * @global string $qid * @global string $dbprefix * @global string $scriptname * @return This string is returned containing formatted list of questions to current survey */ function getquestions($surveyid,$gid,$selectedqid) { global $dbprefix, $scriptname, $connect, $clang; //MOD for multilanguage surveys $s_lang = GetBaseLanguageFromSurveyID($surveyid); $qquery = 'SELECT * FROM '.db_table_name('questions')." WHERE sid=$surveyid AND gid=$gid AND language='{$s_lang}'"; $qresult = db_execute_assoc($qquery); //checked $qrows = $qresult->GetRows(); // Perform a case insensitive natural sort on group name then question title of a multidimensional array usort($qrows, 'CompareGroupThenTitle'); if (!isset($questionselecter)) {$questionselecter="";} foreach ($qrows as $qrow) { $qrow['title'] = strip_tags($qrow['title']); $questionselecter .= "\t\t\n".$questionselecter; } return $questionselecter; } // Gets number of groups inside a particular survey function getGroupSum($surveyid, $lang) { global $surveyid,$dbprefix ; $sumquery3 = "SELECT * FROM ".db_table_name('groups')." WHERE sid=$surveyid AND language='".$lang."'"; //Getting a count of questions for this survey $sumresult3 = db_execute_assoc($sumquery3); //Checked $groupscount = $sumresult3->RecordCount(); return $groupscount ; } // Gets number of questions inside a particular group function getQuestionSum($surveyid, $groupid) { global $surveyid,$dbprefix ; $s_lang = GetBaseLanguageFromSurveyID($surveyid); $sumquery3 = "SELECT * FROM ".db_table_name('questions')." WHERE gid=$groupid and sid=$surveyid AND language='{$s_lang}'"; //Getting a count of questions for this survey $sumresult3 = db_execute_assoc($sumquery3); //Checked $questionscount = $sumresult3->RecordCount(); return $questionscount ; } /** * getMaxgrouporder($surveyid) queries the database for the maximum sortorder of a group. * @global string $surveyid */ function getMaxgrouporder($surveyid) { global $surveyid ; $s_lang = GetBaseLanguageFromSurveyID($surveyid); $max_sql = "SELECT max( group_order ) AS max FROM ".db_table_name('groups')." WHERE sid =$surveyid AND language='{$s_lang}'" ; $max_result =db_execute_assoc($max_sql) ; //Checked $maxrow = $max_result->FetchRow() ; $current_max = $maxrow['max']; if($current_max=="") { return "0" ; } else return ++$current_max ; } /** * getGroupOrder($surveyid,$gid) queries the database for the sortorder of a group. */ function getGroupOrder($surveyid,$gid) { $s_lang = GetBaseLanguageFromSurveyID($surveyid); $grporder_sql = "SELECT group_order FROM ".db_table_name('groups')." WHERE sid =$surveyid AND language='{$s_lang}' AND gid=$gid" ; $grporder_result =db_execute_assoc($grporder_sql); //Checked $grporder_row = $grporder_result->FetchRow() ; $group_order = $grporder_row['group_order']; if($group_order=="") { return "0" ; } else return $group_order ; } /** * getMaxquestionorder($gid) queries the database for the maximum sortorder of a question. * @global string $surveyid */ function getMaxquestionorder($gid) { global $surveyid ; $gid=sanitize_int($gid); $s_lang = GetBaseLanguageFromSurveyID($surveyid); $max_sql = "SELECT max( question_order ) AS max FROM ".db_table_name('questions')." WHERE gid='$gid' AND language='$s_lang'"; $max_result =db_execute_assoc($max_sql) ; //Checked $maxrow = $max_result->FetchRow() ; $current_max = $maxrow['max']; if($current_max=="") { return "0" ; } else return $current_max ; } /** * getanswers() queries the database for a list of all answers matching the current question qid * @global string $surveyid * @global string $gid * @global string $qid * @global string $dbprefix * @global string $code * @return This string is returned containing formatted list of answers matching current qid */ function getanswers() { global $surveyid, $gid, $qid, $code, $dbprefix, $connect, $clang; $qid=sanitize_int($qid); $s_lang = GetBaseLanguageFromSurveyID($surveyid); $aquery = "SELECT code, answer FROM ".db_table_name('answers')." WHERE qid=$qid AND language='$s_lang' ORDER BY sortorder, answer"; $aresult = db_execute_assoc($aquery); //Checked $answerselecter = ""; while ($arow = $aresult->FetchRow()) { $answerselecter .= "\t\t\n".$answerselecter;} return $answerselecter; } /** * getqtypelist() Returns list of question types available in LimeSurvey. Edit this if you are adding a new * question type * @global string $publicurl * @global string $sourcefrom * @param string $SelectedCode Value of the Question Type (defaults to "T") * @param string $ReturnType Type of output from this function (defaults to selector) * @return depending on $ReturnType param, returns a straight "array" of question types, or an list */ function getqtypelist($SelectedCode = "T", $ReturnType = "selector") { global $publicurl; global $sourcefrom, $clang; if ($sourcefrom == "admin") { $qtypes = array( "1"=>$clang->gT("Array (Flexible Labels) Dual Scale"), "5"=>$clang->gT("5 Point Choice"), "A"=>$clang->gT("Array (5 Point Choice)"), "B"=>$clang->gT("Array (10 Point Choice)"), "C"=>$clang->gT("Array (Yes/No/Uncertain)"), "D"=>$clang->gT("Date"), "E"=>$clang->gT("Array (Increase, Same, Decrease)"), "F"=>$clang->gT("Array (Flexible Labels)"), "G"=>$clang->gT("Gender"), "H"=>$clang->gT("Array (Flexible Labels) by Column"), "I"=>$clang->gT("Language Switch"), "K"=>$clang->gT("Multiple Numerical Input"), "L"=>$clang->gT("List (Radio)"), "M"=>$clang->gT("Multiple Options"), "N"=>$clang->gT("Numerical Input"), "O"=>$clang->gT("List With Comment"), "P"=>$clang->gT("Multiple Options With Comments"), "Q"=>$clang->gT("Multiple Short Text"), "R"=>$clang->gT("Ranking"), "S"=>$clang->gT("Short Free Text"), "T"=>$clang->gT("Long Free Text"), "U"=>$clang->gT("Huge Free Text"), "W"=>$clang->gT("List (Flexible Labels) (Dropdown)"), "X"=>$clang->gT("Boilerplate Question"), "Y"=>$clang->gT("Yes/No"), "Z"=>$clang->gT("List (Flexible Labels) (Radio)"), "!"=>$clang->gT("List (Dropdown)") // "^"=>$clang->gT("Slider"), ); asort($qtypes); if ($ReturnType == "array") {return $qtypes;} $qtypeselecter = ""; foreach($qtypes as $TypeCode=>$TypeDescription) { $qtypeselecter .= "\t\t formatted list of notification methods for current survey */ function getNotificationlist($notificationcode) { global $clang; $ntypes = array( "0"=>$clang->gT("No email notification"), "1"=>$clang->gT("Basic email notification"), "2"=>$clang->gT("Detailed email notification with result codes") ); if (!isset($ntypeselector)) {$ntypeselector="";} foreach($ntypes as $ntcode=>$ntdescription) { $ntypeselector .= "\t\t formatted list of groups to current survey */ function getgrouplist($gid) { global $surveyid, $dbprefix, $scriptname, $connect, $clang; $groupselecter=""; $gid=sanitize_int($gid); $surveyid=sanitize_int($surveyid); if (!$surveyid) {$surveyid=returnglobal('sid');} $s_lang = GetBaseLanguageFromSurveyID($surveyid); $gidquery = "SELECT gid, group_name FROM ".db_table_name('groups')." WHERE sid='{$surveyid}' AND language='{$s_lang}' ORDER BY group_order"; $gidresult = db_execute_num($gidquery) or safe_die("Couldn't get group list in common.php
$gidquery
".$connect->ErrorMsg()); //Checked while($gv = $gidresult->FetchRow()) { $groupselecter .= "\t\t\n"; } if ($groupselecter) { if (!isset($gvexist)) {$groupselecter = "\t\t\n".$groupselecter;} else {$groupselecter .= "\t\t\n";} } return $groupselecter; } function getgrouplist2($gid) { global $surveyid, $dbprefix, $connect, $clang; $groupselecter = ""; if (!$surveyid) {$surveyid=returnglobal('sid');} $s_lang = GetBaseLanguageFromSurveyID($surveyid); $gidquery = "SELECT gid, group_name FROM ".db_table_name('groups')." WHERE sid=$surveyid AND language='{$s_lang}' ORDER BY group_order"; $gidresult = db_execute_num($gidquery) or safe_die("Plain old did not work!"); //Checked while ($gv = $gidresult->FetchRow()) { $groupselecter .= "\t\t\n"; } if ($groupselecter) { if (!$gvexist) {$groupselecter = "\t\t\n".$groupselecter;} else {$groupselecter .= "\t\t\n";} } return $groupselecter; } function getgrouplist3($gid) { global $surveyid, $dbprefix, $connect; if (!$surveyid) {$surveyid=returnglobal('sid');} $groupselecter = ""; $s_lang = GetBaseLanguageFromSurveyID($surveyid); $gidquery = "SELECT gid, group_name FROM ".db_table_name('groups')." WHERE sid=$surveyid AND language='{$s_lang}' ORDER BY group_order"; $gidresult = db_execute_num($gidquery) or safe_die("Plain old did not work!"); //Checked while ($gv = $gidresult->FetchRow()) { $groupselecter .= "\t\t\n"; } return $groupselecter; } function getgrouplistlang($gid, $language) { global $surveyid, $scriptname, $connect, $clang; $groupselecter=""; if (!$surveyid) {$surveyid=returnglobal('sid');} $gidquery = "SELECT gid, group_name FROM ".db_table_name('groups')." WHERE sid=$surveyid AND language='".$language."' ORDER BY group_order"; $gidresult = db_execute_num($gidquery) or safe_die("Couldn't get group list in common.php
$gidquery
".$connect->ErrorMsg()); //Checked while($gv = $gidresult->FetchRow()) { $groupselecter .= "\t\t\n"; } if ($groupselecter) { if (!isset($gvexist)) {$groupselecter = "\t\t\n".$groupselecter;} else {$groupselecter .= "\t\t\n";} } return $groupselecter; } function getuserlist($outputformat='fullinfoarray') { global $dbprefix, $connect; global $usercontrolSameGroupPolicy; if (isset($_SESSION['loginID'])) { $myuid=sanitize_int($_SESSION['loginID']); } if ($_SESSION['USER_RIGHT_SUPERADMIN'] != 1 && isset($usercontrolSameGroupPolicy) && $usercontrolSameGroupPolicy === true) { if (isset($myuid)) { // List users from same group as me + all my childs $uquery = "SELECT u.* FROM ".db_table_name('users')." AS u, ".db_table_name('user_in_groups')." AS ga ,".db_table_name('user_in_groups')." AS gb WHERE u.uid=$myuid OR (ga.ugid=gb.ugid AND ( (gb.uid=$myuid AND u.uid=ga.uid) OR (u.parent_id=$myuid) ) ) GROUP BY u.uid"; } else { return Array(); // Or die maybe } } else { $uquery = "SELECT * FROM ".db_table_name('users')." ORDER BY uid"; } $uresult = db_execute_assoc($uquery); //Checked if ($uresult->RecordCount()==0) //user is not in a group and usercontrolSameGroupPolicy is activated - at least show his own userinfo { $uquery = "SELECT u.* FROM ".db_table_name('users')." AS u WHERE u.uid=".$myuid; $uresult = db_execute_assoc($uquery);//Checked } $userlist = array(); $userlist[0] = "Reserved for logged in user"; while ($srow = $uresult->FetchRow()) { if ($outputformat != 'onlyuidarray') { if ($srow['uid'] != $_SESSION['loginID']) { $userlist[] = array("user"=>$srow['users_name'], "uid"=>$srow['uid'], "email"=>$srow['email'], "password"=>$srow['password'], "full_name"=>$srow['full_name'], "parent_id"=>$srow['parent_id'], "create_survey"=>$srow['create_survey'], "configurator"=>$srow['configurator'], "create_user"=>$srow['create_user'], "delete_user"=>$srow['delete_user'], "superadmin"=>$srow['superadmin'], "manage_template"=>$srow['manage_template'], "manage_label"=>$srow['manage_label']); //added by Dennis modified by Moses } else { $userlist[0] = array("user"=>$srow['users_name'], "uid"=>$srow['uid'], "email"=>$srow['email'], "password"=>$srow['password'], "full_name"=>$srow['full_name'], "parent_id"=>$srow['parent_id'], "create_survey"=>$srow['create_survey'], "configurator"=>$srow['configurator'], "create_user"=>$srow['create_user'], "delete_user"=>$srow['delete_user'], "superadmin"=>$srow['superadmin'], "manage_template"=>$srow['manage_template'], "manage_label"=>$srow['manage_label']); } } else { if ($srow['uid'] != $_SESSION['loginID']) { $userlist[] = $srow['uid']; } else { $userlist[0] = $srow['uid']; } } } return $userlist; } function gettemplatelist() { global $publicdir; if (!$publicdir) {$publicdir=dirname(getcwd());} $tloc="$publicdir/templates"; if ($handle = opendir($tloc)) { while (false !== ($file = readdir($handle))) { if (!is_file("$tloc/$file") && $file != "." && $file != ".." && $file!=".svn") { $list_of_files[] = $file; } } closedir($handle); } usort($list_of_files, 'StandardSort'); return $list_of_files; } function getSurveyInfo($surveyid, $languagecode='') // Gets all survey infos in one big array including the language specific settings // if $languagecode is not set then the base language from the survey is used // { global $dbprefix, $siteadminname, $siteadminemail, $connect, $languagechanger; $surveyid=sanitize_int($surveyid); $languagecode=sanitize_languagecode($languagecode); $thissurvey=false; // if no language code is set then get the base language one if (!isset($languagecode) || $languagecode=='') { $languagecode=GetBaseLanguageFromSurveyID($surveyid);; } $query="SELECT * FROM ".db_table_name('surveys').",".db_table_name('surveys_languagesettings')." WHERE sid=$surveyid and surveyls_survey_id=$surveyid and surveyls_language='$languagecode'"; $result=db_execute_assoc($query) or safe_die ("Couldn't access survey settings
$query
".$connect->ErrorMsg()); //Checked while ($row=$result->FetchRow()) { $thissurvey=$row; // now create some stupid array translations // Newly added surveysettings don't have to be added specifically - these will be available by field name automatically $thissurvey["name"]=$thissurvey['surveyls_title']; $thissurvey["description"]=$thissurvey['surveyls_description']; $thissurvey["welcome"]=$thissurvey['surveyls_welcometext']; $thissurvey["templatedir"]=$thissurvey['template']; $thissurvey["adminname"]=$thissurvey['admin']; $thissurvey["tablename"]=$dbprefix."survey_".$thissurvey['sid']; $thissurvey["urldescrip"]=$thissurvey['surveyls_urldescription']; $thissurvey["sendnotification"]=$thissurvey['notification']; $thissurvey["expiry"]=$thissurvey['expires']; $thissurvey["email_invite_subj"]=$thissurvey['surveyls_email_invite_subj']; $thissurvey["email_invite"]=$thissurvey['surveyls_email_invite']; $thissurvey["email_remind_subj"]=$thissurvey['surveyls_email_remind_subj']; $thissurvey["email_remind"]=$thissurvey['surveyls_email_remind']; $thissurvey["email_confirm_subj"]=$thissurvey['surveyls_email_confirm_subj']; $thissurvey["email_confirm"]=$thissurvey['surveyls_email_confirm']; $thissurvey["email_register_subj"]=$thissurvey['surveyls_email_register_subj']; $thissurvey["email_register"]=$thissurvey['surveyls_email_register']; if (!isset($thissurvey['adminname'])) {$thissurvey['adminname']=$siteadminname;} if (!isset($thissurvey['adminemail'])) {$thissurvey['adminemail']=$siteadminemail;} if (!isset($thissurvey['urldescrip'])) {$thissurvey['urldescrip']=$thissurvey['url'];} } //not sure this should be here... ToDo: Find a better place if (function_exists('makelanguagechanger')) $languagechanger = makelanguagechanger(); return $thissurvey; } function getlabelsets($languages=null) // Returns a list with label sets // if the $languages paramter is provided then only labelset containing all of the languages in the paramter are provided { global $dbprefix, $connect, $surveyid; if ($languages){ $languages=sanitize_languagecodeS($languages); $languagesarray=explode(' ',trim($languages)); } $query = "SELECT ".db_table_name('labelsets').".lid as lid, label_name FROM ".db_table_name('labelsets'); if ($languages){ $query .=" where "; foreach ($languagesarray as $item) { $query .=" ((languages like '% $item %') or (languages='$item') or (languages like '% $item') or (languages like '$item %')) and "; } $query .=" 1=1 "; } $query .=" order by label_name"; $result = db_execute_assoc($query) or safe_die ("Couldn't get list of label sets
$query
".$connect->ErrorMsg()); //Checked $labelsets=array(); while ($row=$result->FetchRow()) { $labelsets[] = array($row['lid'], $row['lid'].": ".$row['label_name']); } return $labelsets; } function checkactivations() { global $dbprefix, $connect; $tablelist = $connect->MetaTables(); $tablenames[] = "ListofTables"; //dummy entry because in_array never finds the first one! foreach ($tablelist as $tbl) { $tablenames[] = $tbl; } $caquery = "SELECT sid FROM ".db_table_name('surveys')." WHERE active='Y'"; $caresult = db_execute_assoc($caquery); //Checked if (!$caresult) {return "Database Error";} while ($carow = $caresult->FetchRow()) { $surveyname = "{$dbprefix}survey_{$carow['sid']}"; if (!in_array($surveyname, $tablenames)) { $udquery = "UPDATE ".db_table_name('surveys')." SET active='N' WHERE sid={$carow['sid']}"; $udresult = $connect->Execute($udquery); //Checked } } } function checkifemptydb() { global $connect, $dbprefix; $tablelist = $connect->MetaTables('TABLES'); if ( in_array($dbprefix.'surveys',$tablelist) ) {Return(false);} else {Return(true);} } function checkfortables() { global $scriptname, $dbprefix, $setfont, $connect, $clang; $alltables=array("{$dbprefix}surveys", "{$dbprefix}groups", "{$dbprefix}questions", "{$dbprefix}answers", "{$dbprefix}conditions", "{$dbprefix}users", "{$dbprefix}labelsets", "{$dbprefix}labels"); $tables = $connect->MetaTables(); foreach($alltables as $at) { if (!sql_table_exists($at, $tables)) { $checkfields="Y"; } } if (!isset($checkfields)) {$checkfields="";} if ($checkfields=="Y") { echo "
\n" ."\n" ."\t\n" ."\t\n" ."
" .$clang->gT("LimeSurvey Setup")."
$setfont\n" ."\t\t" .$clang->gT("Error")."
\n" ."\t\t" .$clang->gT("It appears as if some tables or fields are missing from your database.")."

\n" ."\t\t\n" ."\t
\n" ."\n"; exit; } } function sql_table_exists($tableName, $tables) { return(in_array($tableName, $tables)); } ################################################################################ # Compares two elements from an array (passed by the usort function) # and returns -1, 0 or 1 depending on the result of the comparison of # the sort order of the group_order and question_order field function CompareGroupThenTitle($a, $b) { if (isset($a["group_order"]) && isset($b["group_order"])) { $GroupResult = strnatcasecmp($a["group_order"], $b["group_order"]); } else { $GroupResult = ""; } if ($GroupResult == 0) { $TitleResult = strnatcasecmp($a["question_order"], $b["question_order"]); return $TitleResult; } return $GroupResult; } function StandardSort($a, $b) { return strnatcasecmp($a, $b); } function conditionscount($qid) { global $dbprefix, $connect; $qid=sanitize_int($qid); $query="SELECT COUNT(*) FROM ".db_table_name('conditions')." WHERE qid=$qid"; $result=db_execute_num($query) or safe_die ("Couldn't get conditions
$query
".$connect->ErrorMsg()); list($count) = $result->FetchRow(); return $count; } function keycontroljs() { $kcjs=" "; return $kcjs; } function fixsortorderAnswers($qid) //Function rewrites the sortorder for a group of answers { global $dbprefix, $connect, $surveyid; $qid=sanitize_int($qid); $baselang = GetBaseLanguageFromSurveyID($surveyid); $cdresult = db_execute_num("SELECT qid, code, sortorder FROM ".db_table_name('answers')." WHERE qid={$qid} and language='{$baselang}' ORDER BY sortorder"); //Checked $position=0; while ($cdrow=$cdresult->FetchRow()) { $cd2query="UPDATE ".db_table_name('answers')." SET sortorder={$position} WHERE qid={$cdrow[0]} AND code='{$cdrow[1]}' AND sortorder={$cdrow[2]} "; $cd2result=$connect->Execute($cd2query) or safe_die ("Couldn't update sortorder
$cd2query
".$connect->ErrorMsg()); //Checked $position++; } } function fixsortorderQuestions($qid,$gid=0) //Function rewrites the sortorder for questions { global $dbprefix, $connect, $surveyid; $qid=sanitize_int($qid); $gid=sanitize_int($gid); $baselang = GetBaseLanguageFromSurveyID($surveyid); if ($gid == 0) { $result = db_execute_assoc("SELECT gid FROM ".db_table_name('questions')." WHERE qid='{$qid}' and language='{$baselang}'"); //Checked $row=$result->FetchRow(); $gid=$row['gid']; } $cdresult = db_execute_assoc("SELECT qid FROM ".db_table_name('questions')." WHERE gid='{$gid}' and language='{$baselang}' ORDER BY question_order, title ASC"); //Checked $position=0; while ($cdrow=$cdresult->FetchRow()) { $cd2query="UPDATE ".db_table_name('questions')." SET question_order='{$position}' WHERE qid='{$cdrow['qid']}' "; $cd2result = $connect->Execute($cd2query) or safe_die ("Couldn't update question_order
$cd2query
".$connect->ErrorMsg()); //Checked $position++; } } function shiftorderQuestions($sid,$gid,$shiftvalue) //Function shifts the sortorder for questions { global $dbprefix, $connect, $surveyid; $sid=sanitize_int($sid); $gid=sanitize_int($gid); $shiftvalue=sanitize_int($shiftvalue); $baselang = GetBaseLanguageFromSurveyID($surveyid); $cdresult = db_execute_assoc("SELECT qid FROM ".db_table_name('questions')." WHERE gid='{$gid}' and language='{$baselang}' ORDER BY question_order, title ASC"); //Checked $position=$shiftvalue; while ($cdrow=$cdresult->FetchRow()) { $cd2query="UPDATE ".db_table_name('questions')." SET question_order='{$position}' WHERE qid='{$cdrow['qid']}' "; $cd2result = $connect->Execute($cd2query) or safe_die ("Couldn't update question_order
$cd2query
".$connect->ErrorMsg()); //Checked $position++; } } function fixsortorderGroups() //Function rewrites the sortorder for groups { global $dbprefix, $connect, $surveyid; $baselang = GetBaseLanguageFromSurveyID($surveyid); $cdresult = db_execute_assoc("SELECT gid FROM ".db_table_name('groups')." WHERE language='{$baselang}' ORDER BY group_order, group_name"); //Checked $position=0; while ($cdrow=$cdresult->FetchRow()) { $cd2query="UPDATE ".db_table_name('groups')." SET group_order='{$position}' WHERE gid='{$cdrow['gid']}' "; $cd2result = $connect->Execute($cd2query) or safe_die ("Couldn't update group_order
$cd2query
".$connect->ErrorMsg()); //Checked $position++; } } function fixmovedquestionConditions($qid,$oldgid,$newgid) //Function rewrites the cfieldname for a question after group change { global $dbprefix, $connect, $surveyid; $qid=sanitize_int($qid); $oldgid=sanitize_int($oldgid); $newgid=sanitize_int($newgid); $cresult = db_execute_assoc("SELECT cid, cfieldname FROM ".db_table_name('conditions')." WHERE cqid={$qid}"); //Checked while ($crow=$cresult->FetchRow()) { $mycid=$crow['cid']; $mycfieldname=$crow['cfieldname']; $cfnregs=""; if (ereg($surveyid."X".$oldgid."X".$qid."(.*)", $mycfieldname, $cfnregs) > 0) { $newcfn=$surveyid."X".$newgid."X".$qid.$cfnregs[1]; $c2query="UPDATE ".db_table_name('conditions') ." SET cfieldname='{$newcfn}' WHERE cid={$mycid}"; $c2result=$connect->Execute($c2query) //Checked or safe_die ("Couldn't update conditions
$c2query
".$connect->ErrorMsg()); } } } function browsemenubar() { global $surveyid, $scriptname, $imagefiles, $homeurl, $clang, $sumrows5; //BROWSE MENU BAR $browsemenubar = "\t\n" . "\t\t\n" . "\t\t\tgTview("Return to Survey Administration")."\" " . "onmouseover=\"showTooltip(event,'".$clang->gT("Return to Survey Administration", "js")."')\">" . "\n" . "\t\t\t\n" . "\t\t\t\n" . "\t\t\tgTview("Show summary information")."\" " . " onmouseover=\"showTooltip(event,'".$clang->gT("Show summary information", "js")."')\"" . ">\n"; if (count(GetAdditionalLanguagesFromSurveyID($surveyid)) == 0) { $browsemenubar .="\t\t\tgTview("Display Responses")."\" " . "onmouseover=\"showTooltip(event,'".$clang->gT("Display Responses", "js")."')\">" . "\n"; } else { $browsemenubar .= "gTview("Display Responses")."\" " . "onmouseover=\"showTooltip(event,'".$clang->gT("Display Responses", "js")."');return false\">" .""; $tmp_survlangs = GetAdditionalLanguagesFromSurveyID($surveyid); $baselang = GetBaseLanguageFromSurveyID($surveyid); $tmp_survlangs[] = $baselang; rsort($tmp_survlangs); $browsemenubar .="
"; foreach ($tmp_survlangs as $tmp_lang) { $browsemenubar .= ""; } $browsemenubar .= "
".$clang->gT("Please select a language:")."
".getLanguageNameFromCode($tmp_lang,false)."
".$clang->gT("Cancel")."
"; $tmp_pheight = getPopupHeight(); $browsemenubar .= ""; } $browsemenubar .= "\t\t\tgTview("Display Last 50 Responses")."\" " . "onmouseout=\"hideTooltip()\" onmouseover=\"showTooltip(event,'".$clang->gT("Display Last 50 Responses", "js")."')\">" . "\n" . "\t\t\tgTview("Dataentry Screen for Survey")."\" " . " onmouseover=\"showTooltip(event,'".$clang->gT("Dataentry Screen for Survey", "js")."')\">" . "\n" . "\t\t\tgTview("Get statistics from these responses")."\" " ."onmouseout=\"hideTooltip()\" onmouseover=\"showTooltip(event,'".$clang->gT("Get statistics from these responses", "js")."')\">" ."\n" . "\t\t\t\n"; if ($sumrows5['export'] == "1" || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $browsemenubar .= "\t\t\tgTview("Export Results to Application")."\" " . "onmouseover=\"showTooltip(event,'".$clang->gT("Export Results to Application", "js")."')\">" . "\n" . "\t\t\tgTview("Export result to a SPSS command file")."\" " . "onmouseover=\"showTooltip(event,'".$clang->gT("Export result to a SPSS command file", "js")."')\">" . "". $clang->gT("Export result to a SPSS command file")."\n"; } $browsemenubar .= "\t\t\tgTview("Import answers from a deactivated survey table")."\" " . " onmouseover=\"showTooltip(event,'".$clang->gT("Import answers from a deactivated survey table", "js")."')\" >" . "\n" . "\t\t\t\n" . "\t\t\tgTview("View Saved but not submitted Responses")."\" " . " onmouseover=\"showTooltip(event,'".$clang->gT("View Saved but not submitted Responses", "js")."')\" >" . "\n" . "\t\t\tgTview("Import a VV survey file")."\" " . " onmouseover=\"showTooltip(event,'".$clang->gT("Import a VV survey file", "js")."')\">\n" . "\n"; if ($sumrows5['export'] == "1" || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $browsemenubar .= "\t\t\tgTview("Export a VV survey file")."\" " . " onmouseover=\"showTooltip(event,'".$clang->gT("Export a VV survey file", "js")."')\">" . "\n"; } $browsemenubar .= "\t\t\n" . "\t\n"; return $browsemenubar; } function returnglobal($stringname) { if (isset($_REQUEST[$stringname])) { if ($stringname == "sid" || $stringname == "gid" || $stringname == "qid" || $stringname == "tid" || $stringname == "lid" || $stringname == "ugid"|| $stringname == "thisstep" || $stringname == "qaid" || $stringname == "scid") { return sanitize_int($_REQUEST[$stringname]); } elseif ($stringname =="lang" || $stringname =="adminlang") { return sanitize_languagecode($_REQUEST[$stringname]); } elseif ($stringname =="htmleditormode") { return sanitize_paranoid_string($_REQUEST[$stringname]); } return $_REQUEST[$stringname]; } else return NULL; } function sendcacheheaders() { global $embedded; if ( $embedded ) return; if (!headers_sent()) { header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header("Cache-Control: no-store, no-cache, must-revalidate"); // HTTP/1.1 header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); header('Content-Type: text/html; charset=utf-8'); } } function getLegitQids($surveyid) { global $dbprefix; $surveyid=sanitize_int($surveyid); //GET LIST OF LEGIT QIDs FOR TESTING LATER $lq = "SELECT DISTINCT qid FROM ".db_table_name('questions')." WHERE sid=$surveyid AND language='".$_SESSION['s_lang']."'"; $lr = db_execute_num($lq); //Checked return array_merge(array("DUMMY ENTRY"), $lr->GetRows()); } function returnquestiontitlefromfieldcode($fieldcode) { // Performance optimized : Nov 13, 2006 // Performance Improvement : 37% // Optimized By : swales global $dbprefix, $surveyid, $connect, $clang; if (!isset($fieldcode)) {return $clang->gT("Preset");} if ($fieldcode == "token") {return $clang->gT("Token");} if ($fieldcode == "datestamp") {return $clang->gT("Date Stamp");} if ($fieldcode == "ipaddr") {return $clang->gT("IP Address");} if ($fieldcode == "refurl") {return $clang->gT("Referring URL");} //Find matching information; $details=arraySearchByKey($fieldcode, createFieldMap($surveyid), "fieldname", 1); $fqid=$details['qid']; $qq = "SELECT question, other FROM ".db_table_name('questions')." WHERE qid=$fqid AND language='".$_SESSION['s_lang']."'"; $qr = db_execute_assoc($qq); //Checked if (!$qr) { echo ""; $qname="[QID: $fqid]"; } else { while($qrow=$qr->FetchRow()) { $qname=strip_tags($qrow['question']); } } if (isset($details['aid']) && $details['aid']) //Add answer if necessary (array type questions) { $qq = "SELECT answer FROM ".db_table_name('answers')." WHERE qid=$fqid AND code='{$details['aid']}' AND language='".$_SESSION['s_lang']."'"; $qr = db_execute_assoc($qq) or safe_die ("ERROR: ".$connect->ErrorMsg()."
$qq"); //Checked while($qrow=$qr->FetchRow()) { $qname.=" [".$qrow['answer']."]"; } } if (substr($fieldcode, -5) == "other") { $qname .= " [Other]"; } return $qname; } function getsidgidqidaidtype($fieldcode) { // use simple parsing to get {sid}, {gid} // and what may be {qid} or {qid}{aid} combination list($fsid, $fgid, $fqid) = split("X", $fieldcode); $fsid=sanitize_int($fsid); $fgid=sanitize_int($fgid); if (!$fqid) {$fqid=0;} $fqid=sanitize_int($fqid); // try a true parsing of fieldcode (can separate qid from aid) // but fails for type M and type P multiple choice // questions because the SESSION fieldcode is combined // and we want here to pass only the sidXgidXqid for type M and P $fields=arraySearchByKey($fieldcode, createFieldMap($fsid), "fieldname", 1); if (count($fields) != 0) { $aRef['sid']=$fields['sid']; $aRef['gid']=$fields['gid']; $aRef['qid']=$fields['qid']; $aRef['aid']=$fields['aid']; $aRef['type']=$fields['type']; } else { // either the fielcode doesn't match a question // or it is a type M or P question $aRef['sid']=$fsid; $aRef['gid']=$fgid; $aRef['qid']=sanitize_int($fqid); $s_lang = GetBaseLanguageFromSurveyID($fsid); $query = "SELECT type FROM ".db_table_name('questions')." WHERE qid=".$fqid." AND language='".$s_lang."'"; $result = db_execute_assoc($query) or safe_die ("Couldn't get question type - getsidgidqidaidtype() in common.php
".$connect->ErrorMsg()); //Checked if ( $result->RecordCount() == 0 ) { // question doesn't exist return Array(); } else { // certainly is type M or P while($row=$result->FetchRow()) { $aRef['type']=$row['type']; } } } //return array("sid"=>$fsid, "gid"=>$fgid, "qid"=>$fqid); return $aRef; } /* * * */ function getextendedanswer($fieldcode, $value, $format='') { // Performance optimized : Nov 13, 2006 // Performance Improvement : 36% // Optimized By : swales global $dbprefix, $surveyid, $connect, $clang, $action; // use Survey base language if s_lang isn't set in _SESSION (when browsing answers) $s_lang = GetBaseLanguageFromSurveyID($surveyid); if (!isset($action) || (isset($action) && $action!='browse') ) { if (isset($_SESSION['s_lang'])) $s_lang = $_SESSION['s_lang']; //This one does not work in admin mode when you browse a particular answer } //Fieldcode used to determine question, $value used to match against answer code //Returns NULL if question type does not suit if (substr_count($fieldcode, "X") > 1) //Only check if it looks like a real fieldcode { $fields=arraySearchByKey($fieldcode, createFieldMap($surveyid), "fieldname", 1); //Find out the question type $query = "SELECT type, lid, lid1 FROM ".db_table_name('questions')." WHERE qid={$fields['qid']} AND language='".$s_lang."'"; $result = db_execute_assoc($query) or safe_die ("Couldn't get question type - getextendedanswer() in common.php
".$connect->ErrorMsg()); //Checked while($row=$result->FetchRow()) { $this_type=$row['type']; $this_lid=$row['lid']; $this_lid1=$row['lid1']; } // while switch($this_type) { case "L": case "!": case "O": case "^": case "I": case "R": $query = "SELECT code, answer FROM ".db_table_name('answers')." WHERE qid={$fields['qid']} AND code='".$connect->escape($value)."' AND language='".$s_lang."'"; $result = db_execute_assoc($query) or safe_die ("Couldn't get answer type L - getextendedanswer() in common.php
$query
".$connect->ErrorMsg()); //Checked while($row=$result->FetchRow()) { $this_answer=$row['answer']; } // while if ($value == "-oth-") { $this_answer=$clang->gT("Other"); } break; case "M": case "J": case "P": switch($value) { case "Y": $this_answer=$clang->gT("Yes"); break; } break; case "Y": switch($value) { case "Y": $this_answer=$clang->gT("Yes"); break; case "N": $this_answer=$clang->gT("No"); break; default: $this_answer=$clang->gT("No answer"); } break; case "G": switch($value) { case "M": $this_answer=$clang->gT("Male"); break; case "F": $this_answer=$clang->gT("Female"); break; default: $this_answer=$clang->gT("No answer"); } break; case "C": switch($value) { case "Y": $this_answer=$clang->gT("Yes"); break; case "N": $this_answer=$clang->gT("No"); break; case "U": $this_answer=$clang->gT("Uncertain"); break; } break; case "E": switch($value) { case "I": $this_answer=$clang->gT("Increase"); break; case "D": $this_answer=$clang->gT("Decrease"); break; case "S": $this_answer=$clang->gT("Same"); break; } break; case "F": case "H": case "W": case "Z": case "1": $query = "SELECT title FROM ".db_table_name('labels')." WHERE ((lid=$this_lid) OR (lid=$this_lid1)) AND code='".$connect->escape($value)."' AND language='".$s_lang."'"; $result = db_execute_assoc($query) or safe_die ("Couldn't get answer type F/H - getextendedanswer() in common.php"); //Checked while($row=$result->FetchRow()) { $this_answer=$row['title']; } // while break; default: ; } // switch } if (isset($this_answer)) { if ($format != 'INSERTANS') { return $this_answer." [$value]"; } else { return strip_tags($this_answer); } } else { return $value; } } function validate_email($email) { // Create the syntactical validation regular expression // Validate the syntax // see http://data.iana.org/TLD/tlds-alpha-by-domain.txt $maxrootdomainlength = 6; return ( ! preg_match("/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,".$maxrootdomainlength."}))$/ix", $email)) ? FALSE : TRUE; } function validate_templatedir($templatename) { global $publicdir, $defaulttemplate; if (is_dir("$publicdir/templates/{$templatename}/")) { return $templatename; } else { return $defaulttemplate; } } function crlf_lineendings($text) { $text=str_replace("\r\n", "~~~~", $text); //First replace any good line endings with ~~~~ $text=str_replace("\n", "~~~~", $text); //Then replace any solitary \n's with ~~~~ $text=str_replace("\r", "~~~~", $text); //Then replace any solitary \r's with ~~~~ $text=str_replace("~~~~", "\r\n", $text); //Finally replace all ~~~~'s with \r\n return $text; } //This function generates an array containing the fieldcode, and matching data in the same //order as the activate script // @param: $force_refresh - Forces to really refresh the array, not just take the session copy function createFieldMap($surveyid, $style="null", $force_refresh=false) { global $dbprefix, $connect, $globalfieldmap, $clang; $surveyid=sanitize_int($surveyid); //checks to see if fieldmap has already been built for this page. if (isset($globalfieldmap) && $globalfieldmap[0] == $surveyid && $force_refresh==false) { return $globalfieldmap[1]; } //Check for any additional fields for this survey and create necessary fields (token and datestamp and ipaddr) $pquery = "SELECT private, datestamp, ipaddr, refurl FROM ".db_table_name('surveys')." WHERE sid=$surveyid"; $presult=db_execute_assoc($pquery); //Checked $counter=0; while($prow=$presult->FetchRow()) { if ($prow['private'] == "N") { $fieldmap[]=array("fieldname"=>"token", "type"=>"", "sid"=>$surveyid, "gid"=>"", "qid"=>"", "aid"=>""); if ($style == "full") { $fieldmap[$counter]['title']=""; $fieldmap[$counter]['question']="token"; $fieldmap[$counter]['group_name']=""; } $counter++; } if ($prow['datestamp'] == "Y") { $fieldmap[]=array("fieldname"=>"datestamp", "type"=>"", "sid"=>$surveyid, "gid"=>"", "qid"=>"", "aid"=>""); if ($style == "full") { $fieldmap[$counter]['title']=""; $fieldmap[$counter]['question']="datestamp"; $fieldmap[$counter]['group_name']=""; } $counter++; } if ($prow['ipaddr'] == "Y") { $fieldmap[]=array("fieldname"=>"ipaddr", "type"=>"", "sid"=>$surveyid, "gid"=>"", "qid"=>"", "aid"=>""); if ($style == "full") { $fieldmap[$counter]['title']=""; $fieldmap[$counter]['question']="ipaddr"; $fieldmap[$counter]['group_name']=""; } $counter++; } // Add 'refurl' to fieldmap. if ($prow['refurl'] == "Y") { $fieldmap[]=array("fieldname"=>"refurl", "type"=>"", "sid"=>$surveyid, "gid"=>"", "qid"=>"", "aid"=>""); if ($style == "full") { $fieldmap[$counter]['title']=""; $fieldmap[$counter]['question']="refurl"; $fieldmap[$counter]['group_name']=""; } $counter++; } } //Get list of questions $s_lang = GetBaseLanguageFromSurveyID($surveyid); $aquery = "SELECT * FROM ".db_table_name('questions').", ".db_table_name('groups') ." WHERE ".db_table_name('questions').".gid=".db_table_name('groups').".gid AND " .db_table_name('questions').".sid=$surveyid AND " .db_table_name('questions').".language='{$s_lang}' AND " .db_table_name('groups').".language='{$s_lang}' " ." ORDER BY {$dbprefix}groups.group_order, title"; $aresult = db_execute_assoc($aquery) or safe_die ("Couldn't get list of questions in createFieldMap function.
$query
".$connect->ErrorMsg()); //Checked while ($arow=$aresult->FetchRow()) //With each question, create the appropriate field(s) { if ($arow['type'] != "M" && $arow['type'] != "A" && $arow['type'] != "B" && $arow['type'] !="C" && $arow['type'] != "E" && $arow['type'] != "F" && $arow['type'] != "H" && $arow['type'] !="P" && $arow['type'] != "R" && $arow['type'] != "Q" && $arow['type'] != "J" && $arow['type'] != "K" && $arow['type'] != "^" && $arow['type'] != "1") { $fieldmap[]=array("fieldname"=>"{$arow['sid']}X{$arow['gid']}X{$arow['qid']}", "type"=>"{$arow['type']}", "sid"=>$surveyid, "gid"=>$arow['gid'], "qid"=>$arow['qid'], "aid"=>""); if ($style == "full") { $fieldmap[$counter]['title']=$arow['title']; $fieldmap[$counter]['question']=$arow['question']; $fieldmap[$counter]['group_name']=$arow['group_name']; } $counter++; switch($arow['type']) { case "L": //RADIO LIST case "!": //DROPDOWN LIST case "W": //FLEXIBLE DROPDOWN LIST case "Z": //FLEXIBLE RADIO LIST if ($arow['other'] == "Y") { $fieldmap[]=array("fieldname"=>"{$arow['sid']}X{$arow['gid']}X{$arow['qid']}other", "type"=>$arow['type'], "sid"=>$surveyid, "gid"=>$arow['gid'], "qid"=>$arow['qid'], "aid"=>"other"); // dgk bug fix line above. aid should be set to "other" for export to append to the field name in the header line. if ($style == "full") { $fieldmap[$counter]['title']=$arow['title']; $fieldmap[$counter]['question']=$arow['question']."[".$clang->gT("Other")."]"; $fieldmap[$counter]['group_name']=$arow['group_name']; } $counter++; } break; case "O": //DROPDOWN LIST WITH COMMENT $fieldmap[]=array("fieldname"=>"{$arow['sid']}X{$arow['gid']}X{$arow['qid']}comment", "type"=>$arow['type'], "sid"=>$surveyid, "gid"=>$arow['gid'], "qid"=>$arow['qid'], "aid"=>"comment"); // dgk bug fix line below. aid should be set to "comment" for export to append to the field name in the header line. Also needed set the type element correctly. if ($style == "full") { $fieldmap[$counter]['title']=$arow['title']; $fieldmap[$counter]['question']=$arow['question']."[".$clang->gT("Comment")."]"; $fieldmap[$counter]['group_name']=$arow['group_name']; } $counter++; break; } } elseif ($arow['type'] == "M" || $arow['type'] == "A" || $arow['type'] == "B" || $arow['type'] == "C" || $arow['type'] == "E" || $arow['type'] == "F" || $arow['type'] == "H" || $arow['type'] == "P" || $arow['type'] == "^" || $arow['type'] == "J") { //MULTI ENTRY $abquery = "SELECT ".db_table_name('answers').".*, ".db_table_name('questions').".other\n" ." FROM ".db_table_name('answers').", ".db_table_name('questions') ." WHERE sid=$surveyid AND ".db_table_name('answers').".qid=".db_table_name('questions').".qid " . "AND ".db_table_name('questions').".language='".$s_lang."'" ." AND ".db_table_name('answers').".language='".$s_lang."'" ." AND ".db_table_name('questions').".qid={$arow['qid']} " ." ORDER BY ".db_table_name('answers').".sortorder, ".db_table_name('answers').".answer"; $abresult=db_execute_assoc($abquery) or safe_die ("Couldn't get list of answers in createFieldMap function (case M/A/B/C/E/F/H/P)
$abquery
".$connect->ErrorMsg()); //Checked while ($abrow=$abresult->FetchRow()) { $fieldmap[]=array("fieldname"=>"{$arow['sid']}X{$arow['gid']}X{$arow['qid']}{$abrow['code']}", "type"=>$arow['type'], "sid"=>$surveyid, "gid"=>$arow['gid'], "qid"=>$arow['qid'], "aid"=>$abrow['code']); if ($abrow['other']=="Y") {$alsoother="Y";} if ($style == "full") { $fieldmap[$counter]['title']=$arow['title']; $fieldmap[$counter]['question']=$arow['question']."[".$abrow['answer']."]"; $fieldmap[$counter]['group_name']=$arow['group_name']; } $counter++; if ($arow['type'] == "P") { $fieldmap[]=array("fieldname"=>"{$arow['sid']}X{$arow['gid']}X{$arow['qid']}{$abrow['code']}comment", "type"=>$arow['type'], "sid"=>$surveyid, "gid"=>$arow['gid'], "qid"=>$arow['qid'], "aid"=>"comment"); if ($style == "full") { $fieldmap[$counter]['title']=$arow['title']; $fieldmap[$counter]['question']=$arow['question']."[comment]"; $fieldmap[$counter]['group_name']=$arow['group_name']; } $counter++; } } if ((isset($alsoother) && $alsoother=="Y") && ($arow['type']=="M" || $arow['type']=="P")) { $fieldmap[]=array("fieldname"=>"{$arow['sid']}X{$arow['gid']}X{$arow['qid']}other", "type"=>$arow['type'], "sid"=>$surveyid, "gid"=>$arow['gid'], "qid"=>$arow['qid'], "aid"=>"other"); if ($style == "full") { $fieldmap[$counter]['title']=$arow['title']; $fieldmap[$counter]['question']=$arow['question']."[".$clang->gT("Other")."]"; $fieldmap[$counter]['group_name']=$arow['group_name']; } $counter++; if ($arow['type']=="P") { $fieldmap[]=array("fieldname"=>"{$arow['sid']}X{$arow['gid']}X{$arow['qid']}othercomment", "type"=>$arow['type'], "sid"=>$surveyid, "gid"=>$arow['gid'], "qid"=>$arow['qid'], "aid"=>"othercomment"); if ($style == "full") { $fieldmap[$counter]['title']=$arow['title']; $fieldmap[$counter]['question']=$arow['question']."[".$clang->gT("Other")."comment]"; $fieldmap[$counter]['group_name']=$arow['group_name']; } $counter++; } } } elseif ($arow['type'] == "Q" || $arow['type'] == "K") { $abquery = "SELECT ".db_table_name('answers').".*, ".db_table_name('questions').".other FROM " .db_table_name('answers').", ".db_table_name('questions')." WHERE sid=$surveyid AND " .db_table_name('answers').".qid=".db_table_name('questions').".qid AND " .db_table_name('answers').".language='".$s_lang."' AND " .db_table_name('questions').".language='".$s_lang."' AND " .db_table_name('questions').".qid={$arow['qid']} ORDER BY ".db_table_name('answers').".sortorder, ".db_table_name('answers').".answer"; $abresult=db_execute_assoc($abquery) or safe_die ("Couldn't get list of answers in createFieldMap function (type Q)
$abquery
".$connect->ErrorMsg()); //Checked while ($abrow=$abresult->FetchRow()) { $fieldmap[]=array("fieldname"=>"{$arow['sid']}X{$arow['gid']}X{$arow['qid']}{$abrow['code']}", "type"=>$arow['type'], "sid"=>$surveyid, "gid"=>$arow['gid'], "qid"=>$arow['qid'], "aid"=>$abrow['code']); if ($style == "full") { $fieldmap[$counter]['title']=$arow['title']; $fieldmap[$counter]['question']=$arow['question']."[".$abrow['answer']."]"; $fieldmap[$counter]['group_name']=$arow['group_name']; } $counter++; } } elseif ($arow['type'] == "1") { $abquery = "SELECT a.*, q.other, q.lid, q.lid1 FROM {$dbprefix}answers as a, {$dbprefix}questions as q" ." WHERE a.qid=q.qid AND sid=$surveyid AND q.qid={$arow['qid']} " ." AND a.language='".$s_lang. "' " ." AND q.language='".$s_lang. "' " ." ORDER BY a.sortorder, a.answer"; $abresult=db_execute_assoc($abquery) or safe_die ("Couldn't get perform answers query
$abquery
".$connect->ErrorMsg()); //Checked $abcount=$abresult->RecordCount(); while ($abrow=$abresult->FetchRow()) { $abmultiscalequery = "SELECT l.* FROM {$dbprefix}questions as q, {$dbprefix}labels as l, {$dbprefix}answers as a" ." WHERE a.qid=q.qid AND sid=$surveyid AND q.qid={$arow['qid']} " ." AND l.lid=q.lid AND sid=$surveyid AND q.qid={$arow['qid']}" ." AND l.language='".$s_lang. "' " ." AND a.language='".$s_lang. "' " ." AND q.language='".$s_lang. "' "; $abmultiscaleresult=db_execute_assoc($abmultiscalequery) or safe_die ("Couldn't get perform answers query
$abquery
".$connect->ErrorMsg()); //Checked $abmultiscalecount=$abmultiscaleresult->RecordCount(); //if ($abmultiscalecount>0) if ($abmultiscaleresultrow=$abmultiscaleresult->FetchRow()) { $fieldmap[]=array("fieldname"=>"{$arow['sid']}X{$arow['gid']}X{$arow['qid']}{$abrow['code']}#0", "type"=>$arow['type'], "sid"=>$surveyid, "gid"=>$arow['gid'], "qid"=>$arow['qid'], "aid"=>$abrow['code'], "lid"=>$abmultiscaleresultrow["lid"], "lid1"=>$arow["lid1"]); if ($style == "full") { $fieldmap[$counter]['title']=$arow['title']; $fieldmap[$counter]['question']=$arow['question']."[".$abrow['answer']."]"; $fieldmap[$counter]['group_name']=$arow['group_name']; } $counter++; } // multi-scale $abmultiscalequery = "SELECT l.* FROM {$dbprefix}questions as q, {$dbprefix}labels as l, {$dbprefix}answers as a" ." WHERE a.qid=q.qid AND sid=$surveyid AND q.qid={$arow['qid']} " ." AND l.lid=q.lid1 AND sid=$surveyid AND q.qid={$arow['qid']}" ." AND l.language='".$s_lang. "' " ." AND a.language='".$s_lang. "' " ." AND q.language='".$s_lang. "' "; $abmultiscaleresult=db_execute_assoc($abmultiscalequery) or safe_die ("Couldn't get perform answers query
$abquery
".$connect->ErrorMsg()); //Checked $abmultiscalecount=$abmultiscaleresult->RecordCount(); if ($abmultiscaleresultrow=$abmultiscaleresult->FetchRow()) { $fieldmap[]=array("fieldname"=>"{$arow['sid']}X{$arow['gid']}X{$arow['qid']}{$abrow['code']}#1", "type"=>$arow['type'], "sid"=>$surveyid, "gid"=>$arow['gid'], "qid"=>$arow['qid'], "aid"=>$abrow['code'], "lid"=>$abmultiscaleresultrow["lid"], "lid1"=>$arow["lid1"]); if ($style == "full") { $fieldmap[$counter]['title']=$arow['title']; $fieldmap[$counter]['question']=$arow['question']."[".$abrow['answer']."]"; $fieldmap[$counter]['group_name']=$arow['group_name']; } $counter++; } } } elseif ($arow['type'] == "R") { //MULTI ENTRY $abquery = "SELECT ".db_table_name('answers').".*, ".db_table_name('questions').".other FROM " .db_table_name('answers').", ".db_table_name('questions')." WHERE " .db_table_name('answers').".qid=".db_table_name('questions').".qid AND sid=$surveyid AND " .db_table_name('answers').".language='".$s_lang."' AND " .db_table_name('questions').".language='".$s_lang."' AND" .db_table_name('questions').".qid={$arow['qid']} ORDER BY ".db_table_name('answers') .".sortorder, ".db_table_name('answers').".answer"; $abresult=db_execute_assoc($abquery) or safe_die ("Couldn't get list of answers in createFieldMap function (type R)
$abquery
".$connect->ErrorMsg()); //Checked $abcount=$abresult->RecordCount(); for ($i=1; $i<=$abcount; $i++) { $fieldmap[]=array("fieldname"=>"{$arow['sid']}X{$arow['gid']}X{$arow['qid']}$i", "type"=>$arow['type'], "sid"=>$surveyid, "gid"=>$arow['gid'], "qid"=>$arow['qid'], "aid"=>$i); if ($style == "full") { $fieldmap[$counter]['title']=$arow['title']; $fieldmap[$counter]['question']=$arow['question']."[$i]"; $fieldmap[$counter]['group_name']=$arow['group_name']; } $counter++; } } } if (isset($fieldmap)) { $globalfieldmap[0] = $surveyid; $globalfieldmap[1] = $fieldmap; return $fieldmap; } } function arraySearchByKey($needle, $haystack, $keyname, $maxanswers="") { $output=array(); foreach($haystack as $hay) { if (array_key_exists($keyname, $hay)) { if ($hay[$keyname] == $needle) { if ($maxanswers == 1) { return $hay; } else { $output[]=$hay; } } } } return $output; } function templatereplace($line) { // Performance optimized : Nov 10, 2006 // Performance Improvement : 49% // Optimized By : swales global $surveylist, $sitename, $clienttoken; global $thissurvey, $imagefiles, $defaulttemplate; global $percentcomplete, $move; global $groupname, $groupdescription, $question; global $questioncode, $answer, $navigator; global $help, $totalquestions, $surveyformat; global $completed, $register_errormsg; global $notanswered, $privacy, $surveyid; global $publicurl, $templatedir, $token; global $assessments, $s_lang; global $errormsg, $clang; global $saved_id; global $totalBoilerplatequestions, $relativeurl; global $languagechanger; global $printoutput, $captchapath, $loadname; if (stripos ($line,"")) { $line=str_ireplace("", "\n" ."", $line); } // If there are non-bracketed replacements to be made do so above this line. // Only continue in this routine if there are bracketed items to replace {} if (strpos($line, "{") === false) { return $line; } if (strpos($line, "{SURVEYLISTHEADING}") !== false) $line=str_replace("{SURVEYLISTHEADING}", $surveylist['listheading'], $line); if (strpos($line, "{SURVEYLIST}") !== false) $line=str_replace("{SURVEYLIST}", $surveylist['list'], $line); if (strpos($line, "{NOSURVEYID}") !== false) $line=str_replace("{NOSURVEYID}", $surveylist['nosid'], $line); if (strpos($line, "{SURVEYCONTACT}") !== false) $line=str_replace("{SURVEYCONTACT}", $surveylist['contact'], $line); if (strpos($line, "{SITENAME}") !== false) $line=str_replace("{SITENAME}", $sitename, $line); if (strpos($line, "{SURVEYLIST}") !== false) $line=str_replace("{SURVEYLIST}", $surveylist, $line); if (strpos($line, "{CHECKJAVASCRIPT}") !== false) $line=str_replace("{CHECKJAVASCRIPT}", "", $line); if (strpos($line, "{ANSWERTABLE}") !== false) $line=str_replace("{ANSWERTABLE}", $printoutput, $line); if (strpos($line, "{SURVEYNAME}") !== false) $line=str_replace("{SURVEYNAME}", $thissurvey['name'], $line); if (strpos($line, "{SURVEYDESCRIPTION}") !== false) $line=str_replace("{SURVEYDESCRIPTION}", $thissurvey['description'], $line); if (strpos($line, "{WELCOME}") !== false) $line=str_replace("{WELCOME}", $thissurvey['welcome'], $line); if (strpos($line, "{LANGUAGECHANGER}") !== false) $line=str_replace("{LANGUAGECHANGER}", $languagechanger, $line); if (strpos($line, "{PERCENTCOMPLETE}") !== false) $line=str_replace("{PERCENTCOMPLETE}", $percentcomplete, $line); if (strpos($line, "{GROUPNAME}") !== false) $line=str_replace("{GROUPNAME}", $groupname, $line); if (strpos($line, "{GROUPDESCRIPTION}") !== false) $line=str_replace("{GROUPDESCRIPTION}", $groupdescription, $line); if (strpos($line, "{QUESTION}") !== false) $line=str_replace("{QUESTION}", $question, $line); if (strpos($line, "{QUESTION_CODE}") !== false) $line=str_replace("{QUESTION_CODE}", $questioncode, $line); if (strpos($line, "{ANSWER}") !== false) $line=str_replace("{ANSWER}", $answer, $line); $totalquestionsAsked = $totalquestions - $totalBoilerplatequestions; if ($totalquestionsAsked < 1) { if (strpos($line, "{THEREAREXQUESTIONS}") !== false) $line=str_replace("{THEREAREXQUESTIONS}", $clang->gT("There are no questions in this survey"), $line); //Singular } if ($totalquestionsAsked == 1) { if (strpos($line, "{THEREAREXQUESTIONS}") !== false) $line=str_replace("{THEREAREXQUESTIONS}", $clang->gT("There is 1 question in this survey"), $line); //Singular } else { if (strpos($line, "{THEREAREXQUESTIONS}") !== false) $line=str_replace("{THEREAREXQUESTIONS}", $clang->gT("There are {NUMBEROFQUESTIONS} questions in this survey."), $line); //Note this line MUST be before {NUMBEROFQUESTIONS} } if (strpos($line, "{NUMBEROFQUESTIONS}") !== false) $line=str_replace("{NUMBEROFQUESTIONS}", $totalquestionsAsked, $line); if (strpos($line, "{TOKEN}") !== false) { if (isset($token)) { $line=str_replace("{TOKEN}", $token, $line); } elseif (isset($clienttoken)) { $line=str_replace("{TOKEN}", htmlentities($clienttoken,ENT_QUOTES,'UTF-8'), $line); } else { $line=str_replace("{TOKEN}",'', $line); } } if (strpos($line, "{SID}") !== false) $line=str_replace("{SID}", $surveyid, $line); if ($help) { if (strpos($line, "{QUESTIONHELP}") !== false) $line=str_replace("{QUESTIONHELP}", "Help".$help, $line); if (strpos($line, "{QUESTIONHELPPLAINTEXT}") !== false) $line=str_replace("{QUESTIONHELPPLAINTEXT}", strip_tags(addslashes($help)), $line); } else { if (strpos($line, "{QUESTIONHELP}") !== false) $line=str_replace("{QUESTIONHELP}", $help, $line); if (strpos($line, "{QUESTIONHELPPLAINTEXT}") !== false) $line=str_replace("{QUESTIONHELPPLAINTEXT}", strip_tags(addslashes($help)), $line); } while (strpos($line, "{INSERTANS:") !== false) { $answreplace=substr($line, strpos($line, "{INSERTANS:"), strpos($line, "}", strpos($line, "{INSERTANS:"))-strpos($line, "{INSERTANS:")+1); $answreplace2=substr($answreplace, 11, strpos($answreplace, "}", strpos($answreplace, "{INSERTANS:"))-11); $answreplace3=strip_tags(retrieve_Answer($answreplace2)); $line=str_replace($answreplace, $answreplace3, $line); } if (strpos($line, "{NAVIGATOR}") !== false) $line=str_replace("{NAVIGATOR}", $navigator, $line); if (strpos($line, "{SUBMITBUTTON}") !== false) { $submitbutton=""; $line=str_replace("{SUBMITBUTTON}", $submitbutton, $line); } if (strpos($line, "{COMPLETED}") !== false) $line=str_replace("{COMPLETED}", $completed, $line); if (strpos($line, "{URL}") !== false) { if ($thissurvey['url']!=""){$linkreplace="{$thissurvey['urldescrip']}";} else {$linkreplace="";} $line=str_replace("{URL}", $linkreplace, $line); $line=str_replace("{SAVEDID}",$saved_id, $line); // to activate the SAVEDID in the END URL if (isset($clienttoken)) {$token=$clienttoken;} else {$token='';} $line=str_replace("{TOKEN}",urlencode($token), $line); // to activate the TOKEN in the END URL $line=str_replace("{SID}", $surveyid, $line); // to activate the SID in the RND URL } if (strpos($line, "{PRIVACY}") !== false) { $line=str_replace("{PRIVACY}", $privacy, $line); } if (strpos($line, "{PRIVACYMESSAGE}") !== false) { $line=str_replace("{PRIVACYMESSAGE}", "".$clang->gT("A Note On Privacy")."
".$clang->gT("This survey is anonymous.")."
".$clang->gT("The record kept of your survey responses does not contain any identifying information about you unless a specific question in the survey has asked for this. If you have responded to a survey that used an identifying token to allow you to access the survey, you can rest assured that the identifying token is not kept with your responses. It is managed in a separate database, and will only be updated to indicate that you have (or haven't) completed this survey. There is no way of matching identification tokens with survey responses in this survey."), $line); } if (strpos($line, "{CLEARALL}") !== false) { $clearall = "\t\t\t\t\t
" . "gT("Are you sure you want to clear all your responses?")."\")'>[" . $clang->gT("Exit and Clear Survey")."]
\n"; $line=str_replace("{CLEARALL}", $clearall, $line); } // --> START NEW FEATURE - SAVE if (strpos($line, "{DATESTAMP}") !== false) { if (isset($_SESSION['datestamp'])) { $line=str_replace("{DATESTAMP}", $_SESSION['datestamp'], $line); } else { $line=str_replace("{DATESTAMP}", "-", $line); } } // <-- END NEW FEATURE - SAVE if (strpos($line, "{SAVE}") !== false) { //Set up save/load feature if ($thissurvey['allowsave'] == "Y") { // Find out if the user has any saved data if (!isset($_SESSION['step']) || !$_SESSION['step']) //First page, show LOAD { $saveall = ""; } elseif (isset($_SESSION['scid']) && (isset($move) && $move == "movelast")) //Already saved and on Submit Page, dont show Save So Far button { $saveall=""; } else { $saveall= ""; // Show Save So Far button } } else { $saveall=""; } $line=str_replace("{SAVE}", $saveall, $line); } if (strpos($line, "{TEMPLATEURL}") !== false) { if ($thissurvey['templatedir']) { $templateurl="$publicurl/templates/".validate_templatedir($thissurvey['templatedir'])."/"; } else { $templateurl="$publicurl/templates/{$defaulttemplate}/"; } $line=str_replace("{TEMPLATEURL}", $templateurl, $line); } if (strpos($line, "{SUBMITCOMPLETE}") !== false) $line=str_replace("{SUBMITCOMPLETE}", "".$clang->gT("Thank You!")."

".$clang->gT("You have completed answering the questions in this survey.")."

".$clang->gT("Click on 'Submit' now to complete the process and save your answers."), $line); if (strpos($line, "{SUBMITREVIEW}") !== false) { if (isset($thissurvey['allowprev']) && $thissurvey['allowprev'] == "N") { $strreview = ""; } else { $strreview=$clang->gT("If you want to check any of the answers you have made, and/or change them, you can do that now by clicking on the [<< prev] button and browsing through your responses."); } $line=str_replace("{SUBMITREVIEW}", $strreview, $line); } if (isset($_SESSION['thistoken'])) { if (strpos($line, "{TOKEN:FIRSTNAME}") !== false) $line=str_replace("{TOKEN:FIRSTNAME}", $_SESSION['thistoken']['firstname'], $line); if (strpos($line, "{TOKEN:LASTNAME}") !== false) $line=str_replace("{TOKEN:LASTNAME}", $_SESSION['thistoken']['lastname'], $line); if (strpos($line, "{TOKEN:EMAIL}") !== false) $line=str_replace("{TOKEN:EMAIL}", $_SESSION['thistoken']['email'], $line); if (strpos($line, "{TOKEN:ATTRIBUTE_1}") !== false) $line=str_replace("{TOKEN:ATTRIBUTE_1}", $_SESSION['thistoken']['attribute_1'], $line); if (strpos($line, "{TOKEN:ATTRIBUTE_2}") !== false) $line=str_replace("{TOKEN:ATTRIBUTE_2}", $_SESSION['thistoken']['attribute_2'], $line); } else { if (strpos($line, "{TOKEN:FIRSTNAME}") !== false) $line=str_replace("{TOKEN:FIRSTNAME}", "", $line); if (strpos($line, "{TOKEN:LASTNAME}") !== false) $line=str_replace("{TOKEN:LASTNAME}", "", $line); if (strpos($line, "{TOKEN:EMAIL}") !== false) $line=str_replace("{TOKEN:EMAIL}", "", $line); if (strpos($line, "{TOKEN:ATTRIBUTE_1}") !== false) $line=str_replace("{TOKEN:ATTRIBUTE_1}", "", $line); if (strpos($line, "{TOKEN:ATTRIBUTE_2}") !== false) $line=str_replace("{TOKEN:ATTRIBUTE_2}", "", $line); } if (strpos($line, "{ANSWERSCLEARED}") !== false) $line=str_replace("{ANSWERSCLEARED}", $clang->gT("Answers Cleared"), $line); if (strpos($line, "{RESTART}") !== false) { if ($thissurvey['active'] == "N") { $line=str_replace("{RESTART}", "".$clang->gT("Restart this Survey")."", $line); } else { $restart_extra = ""; $restart_token = returnglobal('token'); if (!empty($restart_token)) $restart_extra .= "&token=".urlencode($restart_token); if (!empty($_GET['lang'])) $restart_extra .= "&lang=".returnglobal('lang'); $line=str_replace("{RESTART}", "".$clang->gT("Restart this Survey")."", $line); } } if (strpos($line, "{CLOSEWINDOW}") !== false) $line=str_replace("{CLOSEWINDOW}", "".$clang->gT("Close this Window")."", $line); if (strpos($line, "{SAVEERROR}") !== false) $line=str_replace("{SAVEERROR}", $errormsg, $line); if (strpos($line, "{SAVEHEADING}") !== false) $line=str_replace("{SAVEHEADING}", $clang->gT("Save Your Unfinished Survey"), $line); if (strpos($line, "{SAVEMESSAGE}") !== false) $line=str_replace("{SAVEMESSAGE}", $clang->gT("Enter a name and password for this survey and click save below.")."
\n".$clang->gT("Your survey will be saved using that name and password, and can be completed later by logging in with the same name and password.")."

\n".$clang->gT("If you give an email address, an email containing the details will be sent to you."), $line); if (strpos($line, "{RETURNTOSURVEY}") !== false) { $savereturn = "gT("Return To Survey").""; $line=str_replace("{RETURNTOSURVEY}", $savereturn, $line); } if (strpos($line, "{SAVEFORM}") !== false) { //SAVE SURVEY DETAILS $saveform = "\n"; } $saveform .= "\n" . "\n" . "
".$clang->gT("Name").":".$clang->gT("Password").":".$clang->gT("Repeat Password").":".$clang->gT("Your Email").":gT("Security Question").":
"; $line=str_replace("{SAVEFORM}", $saveform, $line); } if (strpos($line, "{LOADERROR}") !== false) $line=str_replace("{LOADERROR}", $errormsg, $line); if (strpos($line, "{LOADHEADING}") !== false) $line=str_replace("{LOADHEADING}", $clang->gT("Load A Previously Saved Survey"), $line); if (strpos($line, "{LOADMESSAGE}") !== false) $line=str_replace("{LOADMESSAGE}", $clang->gT("You can load a survey that you have previously saved from this screen.")."
".$clang->gT("Type in the 'name' you used to save the survey, and the password.")."
", $line); if (strpos($line, "{LOADFORM}") !== false) { //LOAD SURVEY DETAILS $loadform = "\n" . "\n"; if (function_exists("ImageCreate") && captcha_enabled('saveandloadscreen',$thissurvey['usecaptcha'])) { $loadform .="\n"; } $loadform .="\n" . "
".$clang->gT("Saved name").":
".$clang->gT("Password").":
".$clang->gT("Security Question").":
\n"; $line=str_replace("{LOADFORM}", $loadform, $line); } //REGISTER SURVEY DETAILS if (strpos($line, "{REGISTERERROR}") !== false) $line=str_replace("{REGISTERERROR}", $register_errormsg, $line); if (strpos($line, "{REGISTERMESSAGE1}") !== false) $line=str_replace("{REGISTERMESSAGE1}", $clang->gT("You must be registered to complete this survey"), $line); if (strpos($line, "{REGISTERMESSAGE2}") !== false) $line=str_replace("{REGISTERMESSAGE2}", $clang->gT("You may register for this survey if you wish to take part.")."
\n".$clang->gT("Enter your details below, and an email containing the link to participate in this survey will be sent immediately."), $line); if (strpos($line, "{REGISTERFORM}") !== false) { $registerform="
\n" ."\n" ."" ."\n" ."\n" ."\n"; } $registerform .= "\n"; if(isset($thissurvey['attribute1']) && $thissurvey['attribute1']) { $registerform .= "\n" ."\n" ."
" ."\n" .$clang->gT("First Name").":".$clang->gT("Last Name").":".$clang->gT("Email Address").":gT("Security Question").":
".$thissurvey['attribute1'].":\n" ."gT("Continue")."' />" ."
\n" ."
\n"; $line=str_replace("{REGISTERFORM}", $registerform, $line); } if (strpos($line, "{ASSESSMENTS}") !== false) $line=str_replace("{ASSESSMENTS}", $assessments, $line); if (strpos($line, "{ASSESSMENT_HEADING}") !== false) $line=str_replace("{ASSESSMENT_HEADING}", $clang->gT("Your Assessment"), $line); //queXS Addition include_once("quexs.php"); $line = quexs_template_replace($line); return $line; } function getSavedCount($surveyid) { //This function returns a count of the number of saved responses to a survey global $dbprefix, $connect; $surveyid=sanitize_int($surveyid); $query = "SELECT COUNT(*) FROM ".db_table_name('saved_control')." WHERE sid=$surveyid"; $result=db_execute_num($query) or safe_die ("Couldn't get saved summary
$query
".$connect->ErrorMsg()); //Checked list($count) = $result->FetchRow(); return $count; } function GetBaseLanguageFromSurveyID($surveyid) { global $connect; //This function loads the local language file applicable to a survey $surveylanguage='en'; $surveyid=sanitize_int($surveyid); $query = "SELECT language FROM ".db_table_name('surveys')." WHERE sid=$surveyid"; $result = db_execute_num($query); //Checked while ($result && ($row=$result->FetchRow())) {$surveylanguage = $row[0];} return $surveylanguage; } function GetAdditionalLanguagesFromSurveyID($surveyid) { global $connect; $surveyid=sanitize_int($surveyid); //This function loads the local language file applicable to a survey $query = "SELECT additional_languages FROM ".db_table_name('surveys')." WHERE sid=$surveyid"; $result = db_execute_num($query); while ($result && ($row=$result->FetchRow())) {$surveylanguage = $row[0];} if (isset($surveylanguage) && $surveylanguage !="") $additional_languages = explode(" ", trim($surveylanguage)); if (!isset($additional_languages) || $additional_languages==false) { $additional_languages = array();} return $additional_languages; } //For multilanguage surveys // If null or 0 is given for $surveyid then the default language from config-defaults.php is returned function SetSurveyLanguage($surveyid, $language)// SetSurveyLanguage($surveyid) { global $rootdir, $defaultlang; $surveyid=sanitize_int($surveyid); require_once($rootdir.'/classes/core/language.php'); if (isset($surveyid) && $surveyid>0) { // see if language actually is present in survey $query = "SELECT language, additional_languages FROM ".db_table_name('surveys')." WHERE sid=$surveyid"; $result = db_execute_assoc($query); //Checked while ($result && ($row=$result->FetchRow())) { $additional_languages = $row['additional_languages']; $default_language = $row['language']; } //echo "Language: ".$language."
Default language: ".$default_language."
Available languages: ".$additional_languages."
"; if ((isset($additional_languages) && strpos($additional_languages, $language) === false) or (isset($default_language) && $default_language == $language) or !isset($language)) { // Language not supported, or default language for survey, fall back to survey's default language $_SESSION['s_lang'] = $default_language; //echo "Language not supported, resorting to ".$_SESSION['s_lang']."
"; } else { $_SESSION['s_lang'] = $language; //echo "Language will be set to ".$_SESSION['s_lang']."
"; } $clang = new limesurvey_lang($_SESSION['s_lang']); } else { $clang = new limesurvey_lang($defaultlang); } return $clang; } function buildLabelSetCheckSumArray() { global $connect; // BUILD CHECKSUMS FOR ALL EXISTING LABEL SETS $query = "SELECT lid FROM ".db_table_name('labelsets')." ORDER BY lid"; $result = db_execute_assoc($query) or safe_die("safe_died collecting labelset ids
$query
".$connect->ErrorMsg()); //Checked $csarray=array(); while ($row=$result->FetchRow()) { $thisset=""; $query2 = "SELECT code, title, sortorder, language FROM ".db_table_name('labels')." WHERE lid={$row['lid']} ORDER BY language, sortorder, code"; $result2 = db_execute_num($query2) or safe_die("safe_died querying labelset $lid
$query2
".$connect->ErrorMsg()); //Checked while($row2=$result2->FetchRow()) { $thisset .= implode('.', $row2); } // while $csarray[$row['lid']]=dechex(crc32($thisset)*1); } return $csarray; } function getQuestionAttributes($qid) { global $dbprefix, $connect; $qid=sanitize_int($qid); $query = "SELECT * FROM ".db_table_name('question_attributes')." WHERE qid=$qid"; $result = db_execute_assoc($query) or safe_die("Error finding question attributes"); //Checked $qid_attributes=array(); while ($row=$result->FetchRow()) { $qid_attributes[]=$row; } //echo "
";print_r($qid_attributes);echo "
"; return $qid_attributes; } function questionAttributes() { //For each question attribute include a key: // name - the display name // types - a string with one character representing each question typ to which the attribute applies // help - a short explanation $qattributes[]=array("name"=>"answer_width", "types"=>"ABCEF1", "help"=>"The percentage width of the answer column"); $qattributes[]=array("name"=>"display_columns", "types"=>"LMZG", "help"=>"Number of columns to display"); $qattributes[]=array("name"=>"array_filter", "types"=>"ABCEF", "help"=>"Filter an Array's Answers from a Multiple Options Question"); $qattributes[]=array("name"=>"display_rows", "types"=>"TU", "help"=>"How many rows to display"); $qattributes[]=array("name"=>"hide_tip", "types"=>"!LMOPWZK", "help"=>"Hide the tip that is normally supplied with question"); $qattributes[]=array("name"=>"code_filter", "types"=>"WZ", "help"=>"Filter the available answers by this value"); $qattributes[]=array("name"=>"max_answers", "types"=>"MP", "help"=>"Limit the number of possible answers"); $qattributes[]=array("name"=>"maximum_chars", "types"=>"STUNQK", "help"=>"Maximum Characters Allowed"); $qattributes[]=array("name"=>"random_order", "types"=>"!LMOPQKRWZFHABCE1", "help"=>"Present Answers in random order"); $qattributes[]=array("name"=>"text_input_width", "types"=>"NSTU", "help"=>"Width of text input box"); $qattributes[]=array("name"=>"numbers_only", "types"=>"Q", "help"=>"Allow only numerical input"); $qattributes[]=array("name"=>"max_num_value", "types"=>"K", "help"=>"Maximum numeric value of multiple numeric input"); $qattributes[]=array("name"=>"equals_num_value", "types"=>"K", "help"=>"Multiple numeric inputs must equal this value"); $qattributes[]=array("name"=>"min_num_value", "types"=>"K", "help"=>"Multiple numeric inputs must be greater than this value"); $qattributes[]=array("name"=>"prefix", "types"=>"KNSQ", "help"=>"Add a prefix to the answer field"); $qattributes[]=array("name"=>"suffix", "types"=>"KNSQ", "help"=>"Add a suffix to the answer field"); $qattributes[]=array("name"=>"dropdown_dates", "types"=>"D", "help"=>"Use dropdown dates layout instead of calendar popup"); $qattributes[]=array("name"=>"exclude_all_others", "types"=>"M", "help"=>"Excludes all other options if this is selected"); $qattributes[]=array("name"=>"use_dropdown", "types"=>"1", "help"=>"Use Dual Dropdown instead of Dual Scale"); $qattributes[]=array("name"=>"dropdown_prepostfix", "types"=>"1", "help"=>"Prefix|Suffix for dropdown lists"); $qattributes[]=array("name"=>"dualscale_headerA", "types"=>"1", "help"=>"Header for Column A"); $qattributes[]=array("name"=>"dualscale_headerB", "types"=>"1", "help"=>"Header for Column B"); $qattributes[]=array("name"=>"dropdown_separators", "types"=>"1", "help"=>"Post-Answer-Separator|Inter-Dropdownlist-Separator for dropdown lists"); $qattributes[]=array("name"=>"other_replace_text", "types"=>"LMPWZ!", "help"=>"Replaces the 'other' label with text"); /* -- > Commented out since not yet used $qattributes[]=array("name"=>"permission", "types"=>"5DGL!OMPQNRSTUYABCEFHWZ", "help"=>"Flexible attribute for permissions"); $qattributes[]=array("name"=>"default_value", "types"=>"^", "help"=>"What value to use as the default"); $qattributes[]=array("name"=>"minimum_value", "types"=>"^", "help"=>"The lowest value on the slider"); $qattributes[]=array("name"=>"maximum_value", "types"=>"^", "help"=>"The highest value on the slider"); // $qattributes[]=array("name"=>"left_label", // "types"=>"^", // "help"=>"The label to the left of the slider"); // $qattributes[]=array("name"=>"centre_label", // "types"=>"^" // "help"=>"The centre label on the slider"); // $qattributes[]=array("name"=>"right_label", // "types"=>"^", // "help"=>"The ") */ //This builds a more useful array (don't modify) foreach($qattributes as $qa) { for ($i=0; $i<=strlen($qa['types'])-1; $i++) { $qat[substr($qa['types'], $i, 1)][]=array("name"=>$qa['name'], "help"=>$qa['help']); } } return $qat; } // make sure the given string (which comes from a POST or GET variable) // is safe to use in MySQL. This does nothing if gpc_magic_quotes is on. function auto_escape($str) { global $connect; if (!get_magic_quotes_gpc()) { return $connect->escape($str); } return $str; } // the opposite of the above: takes a POST or GET variable which may or // may not have been 'auto-quoted', and return the *unquoted* version. // this is useful when the value is destined for a web page (eg) not // a SQL query. function auto_unescape($str) { if (!isset($str)) {return null;}; if (!get_magic_quotes_gpc()) return $str; return stripslashes($str); } // make a string safe to include in an HTML 'value' attribute. function html_escape($str) { // escape newline characters, too, in case we put a value from // a TEXTAREA into an value attribute. return str_replace(array("\x0A","\x0D"),array(" "," "), htmlspecialchars( $str, ENT_QUOTES )); } // make a string safe to include in a JavaScript String parameter. function javascript_escape($str, $strip_tags=false, $htmldecode=false) { $new_str =''; if ($htmldecode==true) { $str=html_entity_decode_php4($str); } if ($strip_tags==true) { $str=strip_tags($str); } return str_replace('\'',"\\'",$str); } // This function returns the header as result string // If you want to echo the header use doHeader() ! function getHeader() { global $embedded, $surveyid, $rooturl,$defaultlang; if (isset($_SESSION['s_lang']) && $_SESSION['s_lang']) { $surveylanguage= $_SESSION['s_lang']; } elseif (isset($surveyid) && $surveyid) { $surveylanguage=GetBaseLanguageFromSurveyID($surveyid); } else { $surveylanguage=$defaultlang; } if ( !$embedded ) { $header= "\n" . "\n" . "" // . "\n" // . "\n" // . "\n" . "\n" . "\n" . "\n"; return $header; } global $embedded_headerfunc; if ( function_exists( $embedded_headerfunc ) ) return $embedded_headerfunc(); } function doHeader() { echo getHeader(); } function doAdminFooter() { echo getAdminFooter(); } function getAdminFooter($url, $explanation) { global $versionnumber, $buildnumber, $setfont, $imagefiles, $clang; if ($buildnumber != "") { $buildtext="($buildnumber)"; } else { $buildtext=""; } $strHTMLFooter = "
\n" . "\t\t\t
LimeSurvey - ".$clang->gT("Online Manual")."
\n" . "\t\t\t
".$clang->gT("Support this project - Donate to ")."LimeSurvey
\n" . "\t\t\t
LimeSurvey
".$clang->gT('Version')." $versionnumber $buildtext
" . "
\n"; return $strHTMLFooter; } function doAdminHeader() { echo getAdminHeader(); } function getAdminHeader($meta=false) { global $sitename, $admintheme, $rooturl; if (!isset($_SESSION['adminlang']) || $_SESSION['adminlang']=='') {$_SESSION['adminlang']='en';} $strAdminHeader="\n" ."\n" . "\n" . "\n" . "$sitename\n"; if ($meta) { $strAdminHeader.=$meta; } $strAdminHeader.="\n" . "\n" . "\n" . "\n" . "\n" . "\n" . "\n" . "\n" . "\n" . "" . "\n\n" . "
\n" . "\t\t$sitename\n" . "
\n"; return $strAdminHeader; } // This function returns the Footer as result string // If you want to echo the Footer use doFooter() ! function getFooter() { global $embedded; if ( !$embedded ) { return "\n"; } global $embedded_footerfunc; if ( function_exists( $embedded_footerfunc ) ) return $embedded_footerfunc(); } function doFooter() { echo getFooter(); } // This function replaces field names in a text with the related values // (e.g. for email and template functions) function ReplaceFields ($text,$fieldsarray) { foreach ( $fieldsarray as $key => $value ) { $text=str_replace($key, $value, $text); } return $text; } function MailTextMessage($body, $subject, $to, $from, $sitename, $ishtml=false, $bouncemail=null) { // This function mails a text $body to the recipient $to. YOu can use more than one // recipient when using a comma separated string with recipients. global $emailmethod, $emailsmtphost, $emailsmtpuser, $emailsmtppassword, $defaultlang, $rootdir, $maildebug, $maildebugbody; //if ($ishtml) {$body=htmlwrap($body,110);} if (is_null($bouncemail) ) { $sender=$from; } else { $sender=$bouncemail; } $mail = new PHPMailer; if (!$mail->SetLanguage($defaultlang,$rootdir.'/classes/phpmailer/language/')) { $mail->SetLanguage('en',$rootdir.'/classes/phpmailer/language/'); } $mail->CharSet = "UTF-8"; if (isset($emailsmtpssl) && $emailsmtpssl==1) {$mail->Protocol = "ssl";} $fromname=''; $fromemail=$from; if (strpos($from,'<')) { $fromemail=substr($from,strpos($from,'<')+1,strpos($from,'>')-1-strpos($from,'<')); $fromname=trim(substr($from,0, strpos($from,'<')-1)); } $sendername=''; $senderemail=$sender; if (strpos($sender,'<')) { $senderemail=substr($sender,strpos($sender,'<')+1,strpos($sender,'>')-1-strpos($sender,'<')); $sendername=trim(substr($sender,0, strpos($sender,'<')-1)); } $mail->Mailer = $emailmethod; if ($emailmethod=="smtp") { $mail->Host = $emailsmtphost; $mail->Username =$emailsmtpuser; $mail->Password =$emailsmtppassword; if ($emailsmtpuser!="") {$mail->SMTPAuth = true;} } $mail->From = $fromemail; $mail->Sender = $senderemail; // Sets Return-Path for error notifications $toemails = explode(";", $to); foreach ($toemails as $singletoemail) { if (strpos($singletoemail, '<') ) { $toemail=substr($singletoemail,strpos($singletoemail,'<')+1,strpos($singletoemail,'>')-1-strpos($singletoemail,'<')); $toname=trim(substr($singletoemail,0, strpos($singletoemail,'<')-1)); $mail->AddAddress($toemail,$toname); } else { $mail->AddAddress($singletoemail); } } $mail->FromName = $fromname; $mail->AddCustomHeader("X-Surveymailer: $sitename:Emailer (LimeSurvey.sourceforge.net)"); if (get_magic_quotes_gpc() != "0") {$body = stripcslashes($body);} $textbody = strip_tags($body); $textbody = str_replace(""", '"', $textbody); if ($ishtml) { $mail->IsHTML(true); $mail->Body = $body; $mail->AltBody = strip_tags(br2nl(html_entity_decode_php4($textbody))); } else { $mail->IsHTML(false); $mail->Body = $textbody; } if (trim($subject)!='') {$mail->Subject = "=?UTF-8?B?" . base64_encode($subject) . "?=";} $sent=$mail->Send(); $maildebug=$mail->ErrorInfo; $maildebugbody=$mail->Body; return $sent; } // This functions removes all tags, CRs, linefeeds and other strange chars from a given text function FlattenText($texttoflatten) { $nicetext = strip_tags($texttoflatten); $nicetext = str_replace("\"", "`", $nicetext); $nicetext = str_replace("'", "`", $nicetext); $nicetext = str_replace("\r", "", $nicetext); $nicetext = trim(str_replace("\n", "", $nicetext)); return $nicetext; } /** * getreferringurl() returns the reffering URL */ function getreferringurl() { global $clang,$stripQueryFromRefurl; if (isset($_SESSION['refurl'])) { return; // do not overwrite refurl } // refurl is not set in session, read it from server variable if(isset($_SERVER["HTTP_REFERER"])) { if(!ereg($_SERVER["SERVER_NAME"], $_SERVER["HTTP_REFERER"])) { if (!isset($stripQueryFromRefurl) || !$stripQueryFromRefurl) { $_SESSION['refurl'] = $_SERVER["HTTP_REFERER"]; } else { $aRefurl = explode("?",$_SERVER["HTTP_REFERER"]); $_SESSION['refurl'] = $aRefurl[0]; } } else { $_SESSION['refurl'] = $clang->gT("Local Submission"); } } else { $_SESSION['refurl'] = null; } } function getRandomID() { // Create a random survey ID - based on code from Ken Lyle // Random sid/ question ID generator... $totalChar = 5; // number of chars in the sid $salt = "123456789"; // This is the char. that is possible to use srand((double)microtime()*1000000); // start the random generator $sid=""; // set the inital variable for ($i=0;$i<$totalChar;$i++) // loop and create sid $sid = $sid . substr ($salt, rand() % strlen($salt), 1); return $sid; } /** * getArrayFiltersForGroup() queries the database and produces a list of array_filter questions and targets with in the same group * @global string $surveyid * @global string $gid * @global string $dbprefix * @return returns an nested array which contains arrays with the keys: question id (qid), question manditory, target type (type), and list_filter id (fid) */ function getArrayFiltersForGroup($surveyid,$gid) { // TODO: Check list_filter values to make sure questions are previous? global $dbprefix; $surveyid=sanitize_int($surveyid); $gid=sanitize_int($gid); // Get All Questions in Current Group $qquery = "SELECT * FROM ".db_table_name('questions')." WHERE sid='$surveyid' AND gid='$gid' AND language='".$_SESSION['s_lang']."' ORDER BY qid"; $qresult = db_execute_assoc($qquery); //Checked $grows = array(); //Create an empty array in case query not return any rows // Store each result as an array with in the $grows array while ($qrow = $qresult->FetchRow()) { $grows[$qrow['qid']] = array('qid' => $qrow['qid'],'type' => $qrow['type'], 'mandatory' => $qrow['mandatory'], 'title' => $qrow['title']); } $attrmach = array(); // Stores Matches of filters that have their values as questions with in current group $grows2 = $grows; foreach ($grows as $qrow) // Cycle through questions to see if any have list_filter attributes { $qquery = "SELECT value FROM ".db_table_name('question_attributes')." WHERE attribute='array_filter' AND qid='".$qrow['qid']."'"; $qresult = db_execute_num($qquery); //Checked if ($qresult->RecordCount() == 1) // We Found a array_filter attribute { $val = $qresult->FetchRow(); // Get the Value of the Attribute ( should be a previous question's title in same group ) foreach ($grows2 as $avalue) { if ($avalue['title'] == $val[0]) { $filter = array('qid' => $qrow['qid'], 'mandatory' => $qrow['mandatory'], 'type' => $avalue['type'], 'fid' => $avalue['qid']); array_push($attrmach,$filter); } } reset($grows2); } } return $attrmach; } /** * getArrayFiltersForQuestion($qid) finds out if a question has an array_filter attribute and what codes where selected on target question * @global string $surveyid * @global string $gid * @global string $dbprefix * @return returns an array of codes that were selected else returns false */ function getArrayFiltersForQuestion($qid) { // TODO: Check list_filter values to make sure questions are previous? global $surveyid, $dbprefix; $qid=sanitize_int($qid); $query = "SELECT value FROM ".db_table_name('question_attributes')." WHERE attribute='array_filter' AND qid='".$qid."'"; $result = db_execute_assoc($query); //Checked if ($result->RecordCount() == 1) // We Found a array_filter attribute { $val = $result->FetchRow(); // Get the Value of the Attribute ( should be a previous question's title in same group ) foreach ($_SESSION['fieldarray'] as $fields) { if ($fields[2] == $val['value']) { // we found the target question, now we need to know what the answers where, we know its a multi! $fields[0]=sanitize_int($fields[0]); $query = "SELECT code FROM ".db_table_name('answers')." where qid='{$fields[0]}' AND language='".$_SESSION['s_lang']."' order by sortorder"; $qresult = db_execute_assoc($query); //Checked $selected = array(); while ($code = $qresult->fetchRow()) { if ($_SESSION[$fields[1].$code['code']] == "Y") array_push($selected,$code['code']); } return $selected; } } return false; } return false; } /** * getArrayFiltersForQuestion($qid) finds out if a question is in the currect group or not for array filter * @global string $surveyid * @global string $gid * @global string $dbprefix * @return returns true if its not in currect group and false if it is.. */ function getArrayFiltersOutGroup($qid) { // TODO: Check list_filter values to make sure questions are previous? global $surveyid, $dbprefix, $gid; $qid=sanitize_int($qid); $query = "SELECT value FROM ".db_table_name('question_attributes')." WHERE attribute='array_filter' AND qid='".$qid."'"; $result = db_execute_assoc($query); //Checked if ($result->RecordCount() == 1) // We Found a array_filter attribute { $val = $result->FetchRow(); // Get the Value of the Attribute ( should be a previous question's title in same group ) // we found the target question, now we need to know what the answers where, we know its a multi! $query = "SELECT gid FROM ".db_table_name('questions')." where title='{$val['value']}' AND language='".$_SESSION['s_lang']."' AND sid = $surveyid"; $qresult = db_execute_assoc($query); //Checked if ($qresult->RecordCount() == 1) { $val2 = $qresult->FetchRow(); if ($val2['gid'] != $gid) return true; if ($val2['gid'] == $gid) return false; } return false; } return false; } /** * Run an arbitrary sequence of semicolon-delimited SQL commands * * Assumes that the input text (file or string) consists of * a number of SQL statements ENDING WITH SEMICOLONS. The * semicolons MUST be the last character in a line. * Lines that are blank or that start with "#" or "--" (postgres) are ignored. * Only tested with mysql dump files (mysqldump -p -d limesurvey) * Function kindly borrowed by Moodle * @uses $dbprefix * @param string $sqlfile The path where a file with sql commands can be found on the server. * @param string $sqlstring If no path is supplied then a string with semicolon delimited sql * commands can be supplied in this argument. * @return bool Returns true if database was modified successfully. */ function modify_database($sqlfile='', $sqlstring='') { global $dbprefix; global $defaultuser; global $defaultpass; global $siteadminemail; global $siteadminname; global $defaultlang; global $codeString; global $rootdir; global $connect; global $clang; global $modifyoutput; global $databasetabletype; require_once($rootdir."/admin/classes/core/sha256.php"); $success = true; // Let's be optimistic $modifyoutput=''; if (!empty($sqlfile)) { if (!is_readable($sqlfile)) { $success = false; echo '

Tried to modify database, but "'. $sqlfile .'" doesn\'t exist!

'; return $success; } else { $lines = file($sqlfile); } } else { $sqlstring = trim($sqlstring); if ($sqlstring{strlen($sqlstring)-1} != ";") { $sqlstring .= ";"; // add it in if it's not there. } $lines[] = $sqlstring; } $command = ''; foreach ($lines as $line) { $line = rtrim($line); $length = strlen($line); if ($length and $line[0] <> '#' and substr($line,0,2) <> '--') { if (substr($line, $length-1, 1) == ';') { $line = substr($line, 0, $length-1); // strip ; $command .= $line; $command = str_replace('prefix_', $dbprefix, $command); // Table prefixes $command = str_replace('$defaultuser', $defaultuser, $command); // variables By Moses $command = str_replace('$defaultpass', SHA256::hash($defaultpass), $command); // variables By Moses $command = str_replace('$siteadminname', $siteadminname, $command); $command = str_replace('$siteadminemail', $siteadminemail, $command); // variables By Moses $command = str_replace('$defaultlang', $defaultlang, $command); // variables By Moses $command = str_replace('$sessionname', 'ls'.getRandomID().getRandomID().getRandomID().getRandomID(), $command); // variables By Moses $command = str_replace('$databasetabletype', $databasetabletype, $command); if (! db_execute_num($command)) { //Checked $modifyoutput .="
".$clang->gT("Executing").".....".$command."...".$clang->gT("Failed! Reason: ").$connect->ErrorMsg().""; $success = false; } else { $modifyoutput .="
".$clang->gT("Executing").".....".$command."...".$clang->gT("Success!").""; } $command = ''; } else { $command .= $line; } } } return $success; } // unsets all Session variables to kill session function killSession() //added by Dennis { // Delete the Session Cookie $CookieInfo = session_get_cookie_params(); if ( (empty($CookieInfo['domain'])) && (empty($CookieInfo['secure'])) ) { setcookie(session_name(), '', time()-3600, $CookieInfo['path']); } elseif (empty($CookieInfo['secure'])) { setcookie(session_name(), '', time()-3600, $CookieInfo['path'], $CookieInfo['domain']); } else { setcookie(session_name(), '', time()-3600, $CookieInfo['path'], $CookieInfo['domain'], $CookieInfo['secure']); } unset($_COOKIE[session_name()]); foreach ($_SESSION as $key =>$value) { //echo $key." = ".$value."
"; unset($_SESSION[$key]); } $_SESSION = array(); // redundant with previous lines session_unset(); session_destroy(); } // set the rights of a user and his children function setuserrights($uid, $rights) { global $connect; $uid=sanitize_int($uid); $updates = "create_survey=".$rights['create_survey'] . ", create_user=".$rights['create_user'] . ", delete_user=".$rights['delete_user'] . ", superadmin=".$rights['superadmin'] . ", configurator=".$rights['configurator'] . ", manage_template=".$rights['manage_template'] . ", manage_label=".$rights['manage_label']; $uquery = "UPDATE ".db_table_name('users')." SET ".$updates." WHERE uid = ".$uid; return $connect->Execute($uquery); //Checked } // set the rights for a survey function setsurveyrights($uids, $rights) { global $connect, $surveyid; $uids=array_map('sanitize_int',$uids); $uids_implode = implode(" OR uid = ", $uids); $updates = "edit_survey_property=".$rights['edit_survey_property'] . ", define_questions=".$rights['define_questions'] . ", browse_response=".$rights['browse_response'] . ", export=".$rights['export'] . ", delete_survey=".$rights['delete_survey'] . ", activate_survey=".$rights['activate_survey']; $uquery = "UPDATE ".db_table_name('surveys_rights')." SET ".$updates." WHERE sid = {$surveyid} AND uid = ".$uids_implode; // TODO return $connect->Execute($uquery); //Checked } function createPassword() { $pwchars = "abcdefhjmnpqrstuvwxyz23456789"; $password_length = 8; $passwd = ''; for ($i=0; $i<$password_length; $i++) { $passwd .= $pwchars[floor(rand(0,strlen($pwchars)-1))]; } return $passwd; } function getgroupuserlist() { global $ugid, $dbprefix, $scriptname, $connect, $clang; $ugid=sanitize_int($ugid); $surveyidquery = "SELECT a.uid, a.users_name FROM ".db_table_name('users')." AS a LEFT JOIN (SELECT uid AS id FROM ".db_table_name('user_in_groups')." WHERE ugid = {$ugid}) AS b ON a.uid = b.id WHERE id IS NULL ORDER BY a.users_name"; $surveyidresult = db_execute_assoc($surveyidquery); //Checked if (!$surveyidresult) {return "Database Error";} $surveyselecter = ""; $surveynames = $surveyidresult->GetRows(); if ($surveynames) { foreach($surveynames as $sv) { $surveyselecter .= "\t\t\tgT("Please Choose...")."\n".$surveyselecter; return $surveyselecter; } function getsurveyuserlist() { global $surveyid, $dbprefix, $scriptname, $connect, $clang, $usercontrolSameGroupPolicy; $surveyid=sanitize_int($surveyid); $surveyidquery = "SELECT a.uid, a.users_name FROM ".db_table_name('users')." AS a LEFT OUTER JOIN (SELECT uid AS id FROM ".db_table_name('surveys_rights')." WHERE sid = {$surveyid}) AS b ON a.uid = b.id WHERE id IS NULL ORDER BY a.users_name"; $surveyidresult = db_execute_assoc($surveyidquery); //Checked if (!$surveyidresult) {return "Database Error";} $surveyselecter = ""; $surveynames = $surveyidresult->GetRows(); if (isset($usercontrolSameGroupPolicy) && $usercontrolSameGroupPolicy === true) { $authorizedUsersList = getuserlist('onlyuidarray'); } if ($surveynames) { foreach($surveynames as $sv) { if (!isset($usercontrolSameGroupPolicy) || $usercontrolSameGroupPolicy === false || in_array($sv['uid'],$authorizedUsersList)) { $surveyselecter .= "\t\t\tgT("Please Choose...")."\n".$surveyselecter;} else {$surveyselecter = "\t\t\t\n".$surveyselecter;} return $surveyselecter; } function getsurveyusergrouplist($outputformat='htmloptions') { global $surveyid, $dbprefix, $scriptname, $connect, $clang, $usercontrolSameGroupPolicy; $surveyid=sanitize_int($surveyid); //$surveyidquery = "SELECT a.ugid, a.name, MAX(d.ugid) AS da FROM ".db_table_name('user_groups')." AS a LEFT JOIN (SELECT b.ugid FROM ".db_table_name('user_in_groups')." AS b LEFT JOIN (SELECT * FROM ".db_table_name('surveys_rights')." WHERE sid = {$surveyid}) AS c ON b.uid = c.uid WHERE c.uid IS NULL) AS d ON a.ugid = d.ugid GROUP BY a.ugid, a.name HAVING da IS NOT NULL"; //n.b: the original query (above) uses 'da' in the HAVING clause. MS SQL Server doesn't like that, and forces you to redeclare the expression used in the select. Stupid, stupid, SQL Server. // I'm hoping this will not bork MySQL. If it does, we'll need to drop a switch in here. $surveyidquery = "SELECT a.ugid, a.name, MAX(d.ugid) AS da FROM ".db_table_name('user_groups')." AS a LEFT JOIN (SELECT b.ugid FROM ".db_table_name('user_in_groups')." AS b LEFT JOIN (SELECT * FROM ".db_table_name('surveys_rights')." WHERE sid = {$surveyid}) AS c ON b.uid = c.uid WHERE c.uid IS NULL) AS d ON a.ugid = d.ugid GROUP BY a.ugid, a.name HAVING MAX(d.ugid) IS NOT NULL"; $surveyidresult = db_execute_assoc($surveyidquery); //Checked if (!$surveyidresult) {return "Database Error";} $surveyselecter = ""; $surveynames = $surveyidresult->GetRows(); if (isset($usercontrolSameGroupPolicy) && $usercontrolSameGroupPolicy === true) { $authorizedGroupsList=getusergrouplist('simplegidarray'); } if ($surveynames) { foreach($surveynames as $sv) { if (!isset($usercontrolSameGroupPolicy) || $usercontrolSameGroupPolicy === false || in_array($sv['ugid'],$authorizedGroupsList)) { $surveyselecter .= "\t\t\tgT("Please Choose...")."\n".$surveyselecter;} else {$surveyselecter = "\t\t\t\n".$surveyselecter;} if ($outputformat == 'simpleugidarray') { return $simpleugidarray; } else { return $surveyselecter; } } function getusergrouplist($outputformat='optionlist') { global $dbprefix, $scriptname, $connect, $clang; //$squery = "SELECT ugid, name FROM ".db_table_name('user_groups') ." WHERE owner_id = {$_SESSION['loginID']} ORDER BY name"; $squery = "SELECT a.ugid, a.name, a.owner_id, b.uid FROM ".db_table_name('user_groups') ." AS a LEFT JOIN ".db_table_name('user_in_groups') ." AS b ON a.ugid = b.ugid WHERE uid = {$_SESSION['loginID']} ORDER BY name"; $sresult = db_execute_assoc($squery); //Checked if (!$sresult) {return "Database Error";} $selecter = ""; $groupnames = $sresult->GetRows(); $simplegidarray=array(); if ($groupnames) { foreach($groupnames as $gn) { $selecter .= "\t\t\t\n".$selecter;} //else {$selecter = "\t\t\t\n".$selecter;} if ($outputformat == 'simplegidarray') { return $simplegidarray; } else { return $selecter; } } function languageDropdown($surveyid,$selected) { $slangs = GetAdditionalLanguagesFromSurveyID($surveyid); $baselang = GetBaseLanguageFromSurveyID($surveyid); array_unshift($slangs,$baselang); $html = ""; return $html; } function languageDropdownClean($surveyid,$selected) { $slangs = GetAdditionalLanguagesFromSurveyID($surveyid); $baselang = GetBaseLanguageFromSurveyID($surveyid); array_unshift($slangs,$baselang); $html = ""; return $html; } function include2var($file) //This function includes a file but doesn't output it - instead it writes it into the return variable // by Carsten Schmitz { ob_start(); include $file; $output = ob_get_contents(); @ob_end_clean(); return $output; } function BuildCSVFromQuery($Query) { global $dbprefix, $connect; $QueryResult = db_execute_assoc($Query) or safe_die ("ERROR: $QueryResult
".$connect->ErrorMsg()); //safe preg_match('/FROM (\w+)( |,)/i', $Query, $MatchResults); $TableName = $MatchResults[1];; if ($dbprefix) { $TableName = substr($TableName, strlen($dbprefix), strlen($TableName)); } $Output = "\n#\n# " . strtoupper($TableName) . " TABLE\n#\n"; $HeaderDone = false; $ColumnNames = ""; while ($Row = $QueryResult->FetchRow()) { if (!$HeaderDone) { foreach ($Row as $Key=>$Value) { $ColumnNames .= CSVEscape($Key).","; //Add all the column names together } $ColumnNames = substr($ColumnNames, 0, -1); //strip off last comma space $Output .= "$ColumnNames\n"; $HeaderDone=true; } $ColumnValues = ""; foreach ($Row as $Key=>$Value) { $Value=str_replace("\r\n", "\n", $Value); $Value=str_replace("\r", "\n", $Value); $ColumnValues .= CSVEscape($Value) . ","; } $ColumnValues = substr($ColumnValues, 0, -1); //strip off last comma space $Output .= str_replace("\n","\\n","$ColumnValues")."\n"; } return $Output; } function CSVEscape($str) { return '"' . str_replace('"','""', $str) . '"'; } function convertCSVRowToArray($string, $seperator, $quotechar) { $fields=preg_split('/,(?=([^"]*"[^"]*")*(?![^"]*"))/',trim($string)); $fields=array_map('CSVUnquote',$fields); return $fields; } function CSVUnquote($field) // This function removes surrounding and masking quotes from the CSV field // c_schmitz { //print $field.":"; $field = preg_replace ("/^\040*\"/", "", $field); $field = preg_replace ("/\"\040*$/", "", $field); $field=str_replace('""','"',$field); //print $field."\n"; return $field; } /** * CleanLanguagesFromSurvey() removes any languages from survey tables that are not in the passed list * @param string $sid - the currently selected survey * @param string $availlangs - space seperated list of additional languages in survey * @return bool - always returns true */ function CleanLanguagesFromSurvey($sid, $availlangs) { global $connect; $sid=sanitize_int($sid); $baselang = GetBaseLanguageFromSurveyID($sid); if (!empty($availlangs) && $availlangs != " ") { $availlangs=sanitize_languagecodeS($availlangs); $langs = explode(" ",$availlangs); if($langs[count($langs)-1] == "") array_pop($langs); } $sqllang = "language <> '".$baselang."' ";; if (!empty($availlangs) && $availlangs != " ") { foreach ($langs as $lang) { $sqllang .= "and language <> '".$lang."' "; } } // Remove From Answers Table $query = "SELECT qid FROM ".db_table_name('questions')." WHERE sid='{$sid}' and ($sqllang)"; $qidresult = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); //Checked while ($qrow = $qidresult->FetchRow()) { $myqid = $qrow[0]; $query = "DELETE FROM ".db_table_name('answers')." WHERE qid='$myqid' and ($sqllang)"; $connect->Execute($query) or safe_die($connect->ErrorMsg()); //Checked } // Remove From Questions Table $query = "DELETE FROM ".db_table_name('questions')." WHERE sid='{$sid}' and ($sqllang)"; $connect->Execute($query) or safe_die($connect->ErrorMsg()); //Checked // Remove From Groups Table $query = "DELETE FROM ".db_table_name('groups')." WHERE sid='{$sid}' and ($sqllang)"; $connect->Execute($query) or safe_die($connect->ErrorMsg()); //Checked return true; } /** * FixLanguageConsistency() fixes missing groups,questions,answers for languages on a survey * @param string $sid - the currently selected survey * @param string $availlangs - space seperated list of additional languages in survey * @return bool - always returns true */ function FixLanguageConsistency($sid, $availlangs) { global $connect, $databasetype; if (!empty($availlangs) && $availlangs != " ") { $availlangs=sanitize_languagecodeS($availlangs); $langs = explode(" ",$availlangs); if($langs[count($langs)-1] == "") array_pop($langs); } else { return true; } $baselang = GetBaseLanguageFromSurveyID($sid); $sid=sanitize_int($sid); $query = "SELECT * FROM ".db_table_name('groups')." WHERE sid='{$sid}' AND language='{$baselang}' ORDER BY group_order"; $result = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); //Checked if ($result->RecordCount() > 0) { while($group = $result->FetchRow()) { foreach ($langs as $lang) { $query = "SELECT gid FROM ".db_table_name('groups')." WHERE sid='{$sid}' AND gid='{$group['gid']}' AND language='{$lang}'"; $gresult = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); //Checked if ($gresult->RecordCount() < 1) { if ($databasetype=='odbc_mssql') {$connect->Execute("SET IDENTITY_INSERT ".db_table_name('groups')." ON");} //Checked $query = "INSERT INTO ".db_table_name('groups')." (gid,sid,group_name,group_order,description,language) VALUES('{$group['gid']}','{$group['sid']}',".db_quoteall($group['group_name']).",'{$group['group_order']}',".db_quoteall($group['description']).",'{$lang}')"; $connect->Execute($query) or safe_die($connect->ErrorMsg()); //Checked if ($databasetype=='odbc_mssql') {$connect->Execute("SET IDENTITY_INSERT ".db_table_name('groups')." OFF");} //Checked } } reset($langs); } } $quests = array(); $query = "SELECT * FROM ".db_table_name('questions')." WHERE sid='{$sid}' AND language='{$baselang}' ORDER BY question_order"; $result = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); //Checked if ($result->RecordCount() > 0) { while($question = $result->FetchRow()) { array_push($quests,$question['qid']); foreach ($langs as $lang) { $query = "SELECT qid FROM ".db_table_name('questions')." WHERE sid='{$sid}' AND qid='{$question['qid']}' AND language='{$lang}'"; $gresult = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); //Checked if ($gresult->RecordCount() < 1) { if ($databasetype=='odbc_mssql') {@$connect->Execute("SET IDENTITY_INSERT ".db_table_name('questions')." ON");} //Checked $query = "INSERT INTO ".db_table_name('questions')." (qid,sid,gid,type,title,question,preg,help,other,mandatory,lid,question_order,language) VALUES('{$question['qid']}','{$question['sid']}','{$question['gid']}','{$question['type']}',".db_quoteall($question['title']).",".db_quoteall($question['question']).",".db_quoteall($question['preg']).",".db_quoteall($question['help']).",'{$question['other']}','{$question['mandatory']}','{$question['lid']}','{$question['question_order']}','{$lang}')"; $connect->Execute($query) or safe_die($query."
".$connect->ErrorMsg()); //Checked if ($databasetype=='odbc_mssql') {$connect->Execute("SET IDENTITY_INSERT ".db_table_name('questions')." OFF");} //Checked } } reset($langs); } $sqlans = ""; foreach ($quests as $quest) { $sqlans .= " OR qid = '".$quest."' "; } $query = "SELECT * FROM ".db_table_name('answers')." WHERE language='{$baselang}' and (".trim($sqlans,' OR').") ORDER BY qid, code"; $result = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); //Checked if ($result->RecordCount() > 0) { while($answer = $result->FetchRow()) { foreach ($langs as $lang) { $query = "SELECT qid FROM ".db_table_name('answers')." WHERE code='{$answer['code']}' AND qid='{$answer['qid']}' AND language='{$lang}'"; $gresult = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); //Checked if ($gresult->RecordCount() < 1) { if ($databasetype=='odbc_mssql') {@$connect->Execute("SET IDENTITY_INSERT ".db_table_name('answers')." ON");} //Checked $query = "INSERT INTO ".db_table_name('answers')." (qid,code,answer,default_value,sortorder,language) VALUES('{$answer['qid']}',".db_quoteall($answer['code']).",".db_quoteall($answer['answer']).",".db_quoteall($answer['default_value']).",'{$answer['sortorder']}','{$lang}')"; $connect->Execute($query) or safe_die($connect->ErrorMsg()); //Checked if ($databasetype=='odbc_mssql') {$connect->Execute("SET IDENTITY_INSERT ".db_table_name('answers')." OFF");} //Checked } } reset($langs); } } } return true; } /** * GetGroupDepsForConditions() get Dependencies between groups caused by conditions * @param string $sid - the currently selected survey * @param string $depgid - (optionnal) get only the dependencies applying to the group with gid depgid * @param string $targgid - (optionnal) get only the dependencies for groups dependents on group targgid * @param string $index-by - (optionnal) "by-depgid" for result indexed with $res[$depgid][$targgid] * "by-targgid" for result indexed with $res[$targgid][$depgid] * @return array - returns an array describing the conditions or NULL if no dependecy is found * * Example outupt assumin $index-by="by-depgid": *Array *( * [125] => Array // Group Id 125 is dependent on * ( * [123] => Array // Group Id 123 * ( * [depgpname] => G3 // GID-125 has name G3 * [targetgpname] => G1 // GID-123 has name G1 * [conditions] => Array * ( * [189] => Array // Because Question Id 189 * ( * [0] => 9 // Have condition 9 set * [1] => 10 // and condition 10 set * [2] => 14 // and condition 14 set * ) * * ) * * ) * * [124] => Array // GID 125 is also dependent on GID 124 * ( * [depgpname] => G3 * [targetgpname] => G2 * [conditions] => Array * ( * [189] => Array // Because Question Id 189 have conditions set * ( * [0] => 11 * ) * * [215] => Array // And because Question Id 215 have conditions set * ( * [0] => 12 * ) * * ) * * ) * * ) * *) * * Usage example: * * Get all group dependencies for SID $sid indexed by depgid: * $result=GetGroupDepsForConditions($sid); * * Get all group dependencies for GID $gid in survey $sid indexed by depgid: * $result=GetGroupDepsForConditions($sid,$gid); * * Get all group dependents on group $gid in survey $sid indexed by targgid: * $result=GetGroupDepsForConditions($sid,"all",$gid,"by-targgid"); */ function GetGroupDepsForConditions($sid,$depgid="all",$targgid="all",$indexby="by-depgid") { global $connect, $clang; $sid=sanitize_int($sid); $condarray = Array(); $sqldepgid=""; $sqltarggid=""; if ($depgid != "all") { $depgid = sanitize_int($depgid); $sqldepgid="AND tq.gid=$depgid";} if ($targgid != "all") {$targgid = sanitize_int($targgid); $sqltarggid="AND tq2.gid=$targgid";} $baselang = GetBaseLanguageFromSurveyID($sid); $condquery = "SELECT tg.gid as depgid, tg.group_name as depgpname, " . "tg2.gid as targgid, tg2.group_name as targgpname, tq.qid as depqid, tc.cid FROM " . db_table_name('conditions')." AS tc, " . db_table_name('questions')." AS tq, " . db_table_name('questions')." AS tq2, " . db_table_name('groups')." AS tg ," . db_table_name('groups')." AS tg2 " . "WHERE tq.language='{$baselang}' AND tq2.language='{$baselang}' AND tg.language='{$baselang}' AND tg2.language='{$baselang}' AND tc.qid = tq.qid AND tq.sid=$sid " . "AND tq.gid = tg.gid AND tg2.gid = tq2.gid " . "AND tq2.qid=tc.cqid AND tq.gid != tg2.gid $sqldepgid $sqltarggid"; $condresult=db_execute_assoc($condquery) or safe_die($connect->ErrorMsg()); //Checked if ($condresult->RecordCount() > 0) { while ($condrow = $condresult->FetchRow()) { switch ($indexby) { case "by-depgid": $depgid=$condrow['depgid']; $targetgid=$condrow['targgid']; $depqid=$condrow['depqid']; $cid=$condrow['cid']; $condarray[$depgid][$targetgid]['depgpname'] = $condrow['depgpname']; $condarray[$depgid][$targetgid]['targetgpname'] = $condrow['targgpname']; $condarray[$depgid][$targetgid]['conditions'][$depqid][]=$cid; break; case "by-targgid": $depgid=$condrow['depgid']; $targetgid=$condrow['targgid']; $depqid=$condrow['depqid']; $cid=$condrow['cid']; $condarray[$targetgid][$depgid]['depgpname'] = $condrow['depgpname']; $condarray[$targetgid][$depgid]['targetgpname'] = $condrow['targgpname']; $condarray[$targetgid][$depgid]['conditions'][$depqid][] = $cid; break; } } return $condarray; } return null; } /** * GetQuestDepsForConditions() get Dependencies between groups caused by conditions * @param string $sid - the currently selected survey * @param string $gid - (optionnal) only search dependecies inside the Group Id $gid * @param string $depqid - (optionnal) get only the dependencies applying to the question with qid depqid * @param string $targqid - (optionnal) get only the dependencies for questions dependents on question Id targqid * @param string $index-by - (optionnal) "by-depqid" for result indexed with $res[$depqid][$targqid] * "by-targqid" for result indexed with $res[$targqid][$depqid] * @return array - returns an array describing the conditions or NULL if no dependecy is found * * Example outupt assumin $index-by="by-depqid": *Array *( * [184] => Array // Question Id 184 * ( * [183] => Array // Depends on Question Id 183 * ( * [0] => 5 // Because of condition Id 5 * ) * * ) * *) * * Usage example: * * Get all questions dependencies for Survey $sid and group $gid indexed by depqid: * $result=GetQuestDepsForConditions($sid,$gid); * * Get all questions dependencies for question $qid in survey/group $sid/$gid indexed by depqid: * $result=GetGroupDepsForConditions($sid,$gid,$qid); * * Get all questions dependents on question $qid in survey/group $sid/$gid indexed by targqid: * $result=GetGroupDepsForConditions($sid,$gid,"all",$qid,"by-targgid"); */ function GetQuestDepsForConditions($sid,$gid="all",$depqid="all",$targqid="all",$indexby="by-depqid", $searchscope="samegroup") { global $connect, $clang; $condarray = Array(); $baselang = GetBaseLanguageFromSurveyID($sid); $sqlgid=""; $sqldepqid=""; $sqltargqid=""; $sqlsearchscope=""; if ($gid != "all") {$gid = sanitize_int($gid); $sqlgid="AND tq.gid=$gid";} if ($depqid != "all") {$depqid = sanitize_int($depqid); $sqldepqid="AND tq.qid=$depqid";} if ($targqid != "all") {$targqid = sanitize_int($targqid); $sqltargqid="AND tq2.qid=$targqid";} if ($searchscope == "samegroup") {$sqlsearchscope="AND tq2.gid=tq.gid";} $condquery = "SELECT tq.qid as depqid, tq2.qid as targqid, tc.cid FROM " . db_table_name('conditions')." AS tc, " . db_table_name('questions')." AS tq, " . db_table_name('questions')." AS tq2 " . "WHERE tq.language='{$baselang}' AND tq2.language='{$baselang}' AND tc.qid = tq.qid AND tq.sid=$sid " . "AND tq2.qid=tc.cqid $sqlsearchscope $sqlgid $sqldepqid $sqltargqid"; $condresult=db_execute_assoc($condquery) or safe_die($connect->ErrorMsg()); //Checked if ($condresult->RecordCount() > 0) { while ($condrow = $condresult->FetchRow()) { $depqid=$condrow['depqid']; $targetqid=$condrow['targqid']; $condid=$condrow['cid']; switch ($indexby) { case "by-depqid": $condarray[$depqid][$targetqid][] = $condid; break; case "by-targqid": $condarray[$targetqid][$depqid][] = $condid; break; } } return $condarray; } return null; } /** * checkMovequestionConstraintsForConditions() * @param string $sid - the currently selected survey * @param string $qid - qid of the question you want to check possible moves * @param string $newgid - (optionnal) get only constraints when trying to move to this particular GroupId * otherwise, get all moves constraints for this question * * @return array - returns an array describing the conditions * Array * ( * ['notAbove'] = null | Array * ( * Array ( gid1, group_order1, qid1, cid1 ) * ) * ['notBelow'] = null | Array * ( * Array ( gid2, group_order2, qid2, cid2 ) * ) * ) * * This should be read as: * - this question can't be move above group gid1 in position group_order1 because of the condition cid1 on question qid1 * - this question can't be move below group gid2 in position group_order2 because of the condition cid2 on question qid2 * */ function checkMovequestionConstraintsForConditions($sid,$qid,$newgid="all") { global $connect; $resarray=Array(); $resarray['notAbove']=null; // defaults to no constraint $resarray['notBelow']=null; // defaults to no constraint $sid=sanitize_int($sid); $qid=sanitize_int($qid); if ($newgid != "all") { $newgid=sanitize_int($newgid); $newgorder=getGroupOrder($sid,$newgid); } else { $neworder=""; // Not used in this case } $baselang = GetBaseLanguageFromSurveyID($sid); // First look for 'my dependencies': questions on which I have set conditions $condquery = "SELECT tq.qid as depqid, tq.gid as depgid, tg.group_order as depgorder, " . "tq2.qid as targqid, tq2.gid as targgid, tg2.group_order as targgorder, " . "tc.cid FROM " . db_table_name('conditions')." AS tc, " . db_table_name('questions')." AS tq, " . db_table_name('questions')." AS tq2, " . db_table_name('groups')." AS tg, " . db_table_name('groups')." AS tg2 " . "WHERE tq.language='{$baselang}' AND tq2.language='{$baselang}' AND tc.qid = tq.qid AND tq.sid=$sid " . "AND tq2.qid=tc.cqid AND tg.gid=tq.gid AND tg2.gid=tq2.gid AND tq.qid=$qid ORDER BY tg2.group_order DESC"; $condresult=db_execute_assoc($condquery) or safe_die($connect->ErrorMsg()); //Checked if ($condresult->RecordCount() > 0) { while ($condrow = $condresult->FetchRow() ) { // This Question can go up to the minimum GID on the 1st row $depqid=$condrow['depqid']; $depgid=$condrow['depgid']; $depgorder=$condrow['depgorder']; $targetqid=$condrow['targqid']; $targetgid=$condrow['targgid']; $targetgorder=$condrow['targgorder']; $condid=$condrow['cid']; //echo "This question can't go above to GID=$targetgid/order=$targetgorder because of CID=$condid"; if ($newgid != "all") { // Get only constraints when trying to move to this group if ($newgorder < $targetgorder) { $resarray['notAbove'][]=Array($targetgid,$targetgorder,$depqid,$condid); } } else { // get all moves constraints $resarray['notAbove'][]=Array($targetgid,$targetgorder,$depqid,$condid); } } } // Secondly look for 'questions dependent on me': questions that have conditions on my answers $condquery = "SELECT tq.qid as depqid, tq.gid as depgid, tg.group_order as depgorder, " . "tq2.qid as targqid, tq2.gid as targgid, tg2.group_order as targgorder, " . "tc.cid FROM " . db_table_name('conditions')." AS tc, " . db_table_name('questions')." AS tq, " . db_table_name('questions')." AS tq2, " . db_table_name('groups')." AS tg, " . db_table_name('groups')." AS tg2 " . "WHERE tq.language='{$baselang}' AND tq2.language='{$baselang}' AND tc.qid = tq.qid AND tq.sid=$sid " . "AND tq2.qid=tc.cqid AND tg.gid=tq.gid AND tg2.gid=tq2.gid AND tq2.qid=$qid ORDER BY tg.group_order"; $condresult=db_execute_assoc($condquery) or safe_die($connect->ErrorMsg()); //Checked if ($condresult->RecordCount() > 0) { while ($condrow = $condresult->FetchRow()) { // This Question can go down to the maximum GID on the 1st row $depqid=$condrow['depqid']; $depgid=$condrow['depgid']; $depgorder=$condrow['depgorder']; $targetqid=$condrow['targqid']; $targetgid=$condrow['targgid']; $targetgorder=$condrow['targgorder']; $condid=$condrow['cid']; //echo "This question can't go below to GID=$depgid/order=$depgorder because of CID=$condid"; if ($newgid != "all") { // Get only constraints when trying to move to this group if ($newgorder > $depgorder) { $resarray['notBelow'][]=Array($depgid,$depgorder,$depqid,$condid); } } else { // get all moves constraints $resarray['notBelow'][]=Array($depgid,$depgorder,$depqid,$condid); } } } return $resarray; } // array_combine function is PHP5 only so we have to provide // our own in case it doesn't exist as in PHP 4 if (!function_exists('array_combine')) { function array_combine($a, $b) { $c = array(); if (is_array($a) && is_array($b)) while (list(, $va) = each($a)) if (list(, $vb) = each($b)) $c[$va] = $vb; else break 1; return $c; } } if (!function_exists("stripos")) { function stripos($str,$needle,$offset=0) { return strpos(strtolower($str),strtolower($needle),$offset); } } if(!function_exists('str_ireplace')) { function str_ireplace($search,$replace,$subject) { $search = preg_quote($search, "/"); return preg_replace("/".$search."/i", $replace, $subject); } } function incompleteAnsFilterstate() { global $filterout_incomplete_answers; $letsfliter=''; $letsfilter = returnglobal('filterinc'); //read get/post filterinc // first let's initialize the incompleteanswers session variable if ($letsfilter != '') { // use the read value if not empty $_SESSION['incompleteanswers']=$letsfilter; } elseif (!isset($_SESSION['incompleteanswers'])) { // sets default variable value from config file $_SESSION['incompleteanswers'] = $filterout_incomplete_answers; } if ($_SESSION['incompleteanswers']=='filter') { return true; } elseif ($_SESSION['incompleteanswers']=='show') { return false; } else { // last resort is to prevent filtering return false; } } /** * captcha_enabled($screen, $usecaptchamode) * @param string $screen - the screen name for which to test captcha activation * * @return boolean - returns true if captcha must be enabled **/ function captcha_enabled($screen, $captchamode='') { switch($screen) { case 'registrationscreen': if ($captchamode == 'A' || $captchamode == 'B' || $captchamode == 'D' || $captchamode == 'R') { return true; } else { return false; } break; case 'surveyaccessscreen': if ($captchamode == 'A' || $captchamode == 'B' || $captchamode == 'C' || $captchamode == 'X') { return true; } else { return false; } break; case 'saveandloadscreen': if ($captchamode == 'A' || $captchamode == 'C' || $captchamode == 'D' || $captchamode == 'S') { return true; } else { return false; } return true; break; default: return true; break; } } // used for import[survey|questions|groups] function convertCsvreturn2return($string) { return str_replace('\n', "\n", $string); } // Checks that each object from an array of CSV data // [question-rows,answer-rows,labelsets-row] // supports iat least a given language // // param: // $csvarray : array with a line of csv data per row // $idkeysarray: array of integers giving the csv-row numbers of the object keys // $langfieldnum: integer giving the csv-row number of the language(s) filed // ==> the language field can be a single language code or a // space separated language code list // $langcode: the language code to be tested // $hasheader: if we should strip off the first line (if it contains headers) // function bDoesImportarraySupportsLanguage($csvarray,$idkeysarray,$langfieldnum,$langcode, $hasheader = false) { // An array with one row per object id and langsupport status as value $objlangsupportarray=Array(); if ($hasheader === true) { // stripping first row to skip headers if any array_shift($csvarray); } foreach ($csvarray as $csvrow) { $rowcontents = convertCSVRowToArray($csvrow,',','"'); $rowid = ""; foreach ($idkeysarray as $idfieldnum) { $rowid .= $rowcontents[$idfieldnum]."-"; } $rowlangarray = split (" ", $rowcontents[$langfieldnum]); if (!isset($objlangsupportarray[$rowid])) { if (array_search($langcode,$rowlangarray)!== false) { $objlangsupportarray[$rowid] = "true"; } else { $objlangsupportarray[$rowid] = "false"; } } else { if ($objlangsupportarray[$rowid] == "false" && array_search($langcode,$rowlangarray) !== false) { $objlangsupportarray[$rowid] = "true"; } } } // end foreach rown // If any of the object doesn't support the given language, return false if (array_search("false",$objlangsupportarray) === false) { return true; } else { return false; } } // returns the answerText from session vraiable corresponding to a question code // function retrieve_Answer($code) { //This function checks to see if there is an answer saved in the survey session //data that matches the $code. If it does, it returns that data. //It is used when building a questions text to allow incorporating the answer //to an earlier question into the text of a later question. //IE: Q1: What is your name? [Jason] // Q2: Hi [Jason] how are you ? //This function is called from the retriveAnswers function. global $dbprefix, $connect, $clang; //Find question details if (isset($_SESSION[$code])) { $questiondetails=getsidgidqidaidtype($code); //the getsidgidqidaidtype function is in common.php and returns //a SurveyID, GroupID, QuestionID and an Answer code //extracted from a "fieldname" - ie: 1X2X3a // also returns question type if ($questiondetails['type'] == "M" || $questiondetails['type'] == "P") { $query="SELECT * FROM {$dbprefix}answers WHERE qid='".$questiondetails['qid']."' AND language='".$_SESSION['s_lang']."'"; $result=db_execute_assoc($query) or safe_die("Error getting answer
$query
".$connect->ErrorMsg()); //Checked while($row=$result->FetchRow()) { if (isset($_SESSION[$code.$row['code']]) && $_SESSION[$code.$row['code']] == "Y") { $returns[] = $row['answer']; } } if (isset($_SESSION[$code."other"]) && $_SESSION[$code."other"]) { $returns[]=$_SESSION[$code."other"]; } if (isset($returns)) { $return=implode(", ", $returns); if (strpos($return, ",")) { $return=substr_replace($return, " &", strrpos($return, ","), 1); } } else { $return=$clang->gT("No answer"); } } elseif (!$_SESSION[$code]) { $return=$clang->gT("No answer"); } else { $return=getextendedanswer($code, $_SESSION[$code], 'INSERTANS'); } } else { $return=$clang->gT("Error") . "($code)"; } return html_escape($return); } // returns true if thesurvey has a token table defined function bHasSurveyGotTokentable($thesurvey, $sid=null) { global $connect; if (is_array($thesurvey)) { $surveyid = $thesurvey['sid']; } elseif (!is_null($sid)) { $surveyid = $sid; } $tablelist = $connect->MetaTables() or safe_die ("Error getting tokens
".$connect->ErrorMsg()); foreach ($tablelist as $tbl) { if (db_quote_id($tbl) == db_table_name('tokens_'.$surveyid)) { return true; } } return false; } // Returns false if the survey is anonymous, but answers must be datestamp // and a token table exists: in this case the completed field of a token // will contain 'Y' instead of the submitted date to ensure privacy // Returns true otherwise function bIsTokenCompletedDatestamped($thesurvey) { if ($thesurvey['private'] == 'Y' && bHasSurveyGotTokentable($thesurvey) ) { return false; } else { return true; } } function date_shift($date, $dformat, $shift) /* example usage $date = "2006-12-31 21:00"; $shift "+6 hours"; // could be days, weeks... see function strtotime() for usage echo sql_date_shift($date, "Y-m-d H:i:s", $shift); // will output: 2007-01-01 03:00:00 */ { return date($dformat, strtotime($shift, strtotime($date))); } function mydebug($strOutput) { $datei = fopen("d:\debug.txt","a+"); fwrite($datei, "$strOutput \n"); fclose($datei); } function mydebug_var($strOutput) { $datei = fopen("d:\debug.txt","a+"); fwrite($datei, var_export($strOutput, TRUE)); fwrite($datei, "\n"); fclose($datei); } // getBounceEmail: returns email used to receive error notifications function getBounceEmail($surveyid) { $surveyInfo=getSurveyInfo($surveyid); if ($surveyInfo['bounce_email'] == '') { return null; // will be converted to from in MailText } else { return $surveyInfo['bounce_email']; } } // getEmailFormat: returns email format for the survey // returns 'text' or 'html' function getEmailFormat($surveyid) { $surveyInfo=getSurveyInfo($surveyid); if ($surveyInfo['htmlemail'] == 'Y') { return 'html'; } else { return 'text'; } } // Check if user has manage rights for a template function hasTemplateManageRights($userid, $templatefolder) { global $connect; global $dbprefix; $userid=sanitize_int($userid); $templatefolder=sanitize_paranoid_string($templatefolder); $query = "SELECT ".db_quote_id('use')." FROM {$dbprefix}templates_rights WHERE uid=".$userid." AND folder LIKE '".$templatefolder."'"; $result = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); //Safe if ($result->RecordCount() == 0) return false; $row = $result->FetchRow(); return $row["use"]; } // This function creates an incrementing answer code based on the previous source-code function getNextCode($sourcecode) { $i=1; $found=true; $foundnumber=-1; while ($i<=strlen($sourcecode) && $found) { $found=is_numeric(substr($sourcecode,-$i)); if ($found) { $foundnumber=substr($sourcecode,-$i); $i++; } } if ($foundnumber==-1) { return($sourcecode); } else { $foundnumber++; $result=substr($sourcecode,0,strlen($sourcecode)-$i+1).$foundnumber; return($result); } } // translink function translink($type, $oldid,$newid,$text) { if (!isset($_POST['translinksfields'])) { return $text; } if ($type == 'survey') { $pattern = "upload/surveys/$oldid/"; $replace = "upload/surveys/$newid/"; return ereg_replace($pattern, $replace, $text); } elseif ($type == 'label') { $pattern = "upload/labels/$oldid/"; $replace = "upload/labels/$newid/"; return ereg_replace($pattern, $replace, $text); } else { return $text; } } function transInsertAns($newsid,$oldsid,$fieldnames) { global $connect, $dbprefix; if (!isset($_POST['translinksfields'])) { return; } $newsid=sanitize_int($newsid); $oldsid=sanitize_int($oldsid); $sql = "SELECT qid, language, question, help from {$dbprefix}questions WHERE sid=".$newsid." AND question LIKE '%{INSERTANS:".$oldsid."X%' OR help LIKE '%{INSERTANS:".$oldsid."X%'"; $res = db_execute_assoc($sql) or safe_die("Can't read question table in transInsertAns ".$connect->ErrorMsg()); // Checked while ($qentry = $res->FetchRow()) { $question = $qentry['question']; $help = $qentry['help']; $qid = $qentry['qid']; $language = $qentry['language']; foreach ($fieldnames as $fnrow) { $pattern = "\{INSERTANS:".$fnrow['oldfieldname']."\}"; $replacement = "\{INSERTANS:".$fnrow['newfieldname']."\}"; $question=ereg_replace($pattern, $replacement, $question); $help=ereg_replace($pattern, $replacement, $help); } if (strcmp($question,$qentry['question']) !=0 || strcmp($help,$qentry['help']) !=0) { // Update Field $sqlupdate = "UPDATE {$dbprefix}questions SET question='".$question."', help='".$help."' WHERE qid=$qid AND language='$language'"; $updateres=$connect->Execute($sqlupdate) or safe_die ("Couldn't update INSERTANS in question
$sqlupdate
".$connect->ErrorMsg()); //Checked } // Enf if modified } // end while qentry } function hasResources($id,$type='survey') { global $publicdir; $dirname = "$publicdir/upload"; if ($type == 'survey') { $dirname .= "/surveys/$id"; } elseif ($type == 'label') { $dirname .= "/labels/$id"; } else { return false; } if (is_dir($dirname) && $dh=opendir($dirname)) { while(($entry = readdir($dh)) !== false) { if($entry !== '.' && $entry !== '..') { return true; break; } } closedir($dh); } else { return false; } return false; } function randomkey($length) { $pattern = "23456789abcdefghijkmnpqrstuvwxyz"; $patternlength = strlen($pattern)-1; for($i=0;$i<$length;$i++) { if(isset($key)) $key .= $pattern{rand(0,$patternlength)}; else $key = $pattern{rand(0,$patternlength)}; } return $key; } function conditional_nl2br($mytext,$ishtml) { if ($ishtml === true) { // $mytext has been processed by clang->gT with html mode // and thus \n has already been translated to return str_replace(' ', '
',$mytext); } else { return $mytext; } } function conditional2_nl2br($mytext,$ishtml) { if ($ishtml === true) { return str_replace("\n", '
',$mytext); } else { return $mytext; } } function br2nl( $data ) { return preg_replace( '!!iU', "\n", $data ); } function getPopupHeight() { global $clang, $surveyid; $rowheight = 20; $height = 0; $bottomPad = 15; // header text height $htext = ceil(strlen($clang->gT("Please select a language:")) / 17); $height += $rowheight * $htext; // language list height $survlangs = GetAdditionalLanguagesFromSurveyID($surveyid); $baselang = GetBaseLanguageFromSurveyID($surveyid); $survlangs[] = $baselang; foreach ($survlangs as $lang) { $ltext = ceil(strlen(getLanguageNameFromCode($lang,false)) / 17); $height += $rowheight * $ltext; if ($ltext > 1) $height += ($ltext * 3); } // footer height $ftext = ceil(count($clang->gT("Cancel")) / 17); $height += $rowheight * $ftext; $height += $bottomPad; return $height; } function safe_die($text) { //Only allowed tag:
$textarray=explode('
',$text); array_map('htmlspecialchars',$textarray); die(implode( '
',$textarray)); } ?>