include "editansweroptions.php"; } // ============= EDIT SUBQUESTIONS ====================================== if ($action == 'editsubquestions') { include "editsubquestions.php"; } // ************************************************* // Survey Rights Start **************************** // ************************************************* if ($action == "addsurveysecurity") { $addsummary = "<div class='header ui-widget-header'>" . $clang->gT("Add User") . "</div>\n"; $addsummary .= "<div class=\"messagebox ui-corner-all\">\n"; $query = "SELECT sid, owner_id FROM " . db_table_name('surveys') . " WHERE sid = {$surveyid} AND owner_id = " . $_SESSION['loginID'] . " AND owner_id != " . $postuserid; $result = db_execute_assoc($query); //Checked if ($result->RecordCount() > 0 && in_array($postuserid, getuserlist('onlyuidarray')) || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { if ($postuserid > 0) { $isrquery = "INSERT INTO {$dbprefix}survey_permissions (sid,uid,permission,read_p) VALUES ({$surveyid},{$postuserid},'survey',1)"; $isrresult = $connect->Execute($isrquery); //Checked if ($isrresult) { $addsummary .= "<div class=\"successheader\">" . $clang->gT("User added.") . "</div>\n"; $addsummary .= "<br /><form method='post' action='{$scriptname}?sid={$surveyid}'>" . "<input type='submit' value='" . $clang->gT("Set survey permissions") . "' />" . "<input type='hidden' name='action' value='setsurveysecurity' />" . "<input type='hidden' name='uid' value='{$postuserid}' />" . "</form>\n"; } else { // Username already exists. $addsummary .= "<div class=\"warningheader\">" . $clang->gT("Failed to add user.") . "</div>\n" . "<br />" . $clang->gT("Username already exists.") . "<br />\n"; $addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('{$scriptname}?sid={$surveyid}&action=surveysecurity', '_top')\" value=\"" . $clang->gT("Continue") . "\"/>\n"; } } else { $addsummary .= "<div class=\"warningheader\">" . $clang->gT("Failed to add user.") . "</div>\n" . "<br />" . $clang->gT("No Username selected.") . "<br />\n"; $addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('{$scriptname}?sid={$surveyid}&action=surveysecurity', '_top')\" value=\"" . $clang->gT("Continue") . "\"/>\n";
last($userid, $bikenum); } else { last($userid); } break; case "stands": logrequest($userid, $action); checksession(); checkprivileges($userid); liststands(); break; case "userlist": logrequest($userid, $action); checksession(); checkprivileges($userid); getuserlist(); break; case "userstats": logrequest($userid, $action); checksession(); checkprivileges($userid); getuserstats(); break; case "usagestats": logrequest($userid, $action); checksession(); checkprivileges($userid); getusagestats(); break; case "edituser": logrequest($userid, $action);
$uquery = "INSERT INTO {$dbprefix}users (users_name, password,full_name,parent_id,lang,email,create_survey,create_user,delete_user,superadmin,configurator,manage_template,manage_label)\n VALUES ('" . db_quote($new_user) . "', '" . SHA256::hashing($new_pass) . "', '" . db_quote($new_full_name) . "', {$_SESSION['loginID']}, 'auto', '" . db_quote($new_email) . "',0,0,0,0,0,0,0)"; $uresult = $connect->Execute($uquery); //Checked if ($uresult) { $newqid = $connect->Insert_ID("{$dbprefix}users", "uid"); // add default template to template rights for user $template_query = "INSERT INTO {$dbprefix}templates_rights VALUES('{$newqid}','default','1')"; $connect->Execute($template_query); //Checked // add new user to userlist $squery = "SELECT uid, users_name, password, parent_id, email, create_survey, configurator, create_user, delete_user, superadmin, manage_template, manage_label FROM " . db_table_name('users') . " WHERE uid='{$newqid}'"; //added by Dennis $sresult = db_execute_assoc($squery); //Checked $srow = $sresult->FetchRow(); $userlist = getuserlist(); array_push($userlist, array("user" => $srow['users_name'], "uid" => $srow['uid'], "email" => $srow['email'], "password" => $srow["password"], "parent_id" => $srow['parent_id'], "create_survey" => $srow['create_survey'], "configurator" => $srow['configurator'], "create_user" => $srow['create_user'], "delete_user" => $srow['delete_user'], "superadmin" => $srow['superadmin'], "manage_template" => $srow['manage_template'], "manage_label" => $srow['manage_label'])); // send Mail $body = sprintf($clang->gT("Hello %s,", 'unescaped'), $new_full_name) . "<br /><br />\n"; $body .= sprintf($clang->gT("this is an automated email to notify that a user has been created for you on the site '%s'.", 'unescaped'), $sitename) . "<br /><br />\n"; $body .= $clang->gT("You can use now the following credentials to log into the site:", 'unescaped') . "<br />\n"; $body .= $clang->gT("Username", 'unescaped') . ": " . $new_user . "<br />\n"; if ($useWebserverAuth === false) { // authent is not delegated to web server // send password (if authorized by config) if ($display_user_password_in_email === true) { $body .= $clang->gT("Password", 'unescaped') . ": " . $new_pass . "<br />\n"; } else { $body .= $clang->gT("Password", 'unescaped') . ": " . $clang->gT("Please ask your LimeSurvey administrator for your password.") . "<br />\n"; } }
/** * Retrieve a HTML <OPTION> list of survey admin users * * @param mixed $bIncludeOwner If the survey owner should be included * @param mixed $bIncludeSuperAdmins If Super admins should be included * @return string */ function sGetSurveyUserlist($bIncludeOwner = true, $bIncludeSuperAdmins = true) { global $surveyid, $dbprefix, $scriptname, $connect, $clang, $usercontrolSameGroupPolicy; $surveyid = sanitize_int($surveyid); $sSurveyIDQuery = "SELECT a.uid, a.users_name, a.full_name FROM " . db_table_name('users') . " AS a\n LEFT OUTER JOIN (SELECT uid AS id FROM " . db_table_name('survey_permissions') . " WHERE sid = {$surveyid}) AS b ON a.uid = b.id\n WHERE id IS NULL "; if (!$bIncludeSuperAdmins) { $sSurveyIDQuery .= 'and superadmin=0 '; } $sSurveyIDQuery .= 'ORDER BY a.users_name'; $surveyidresult = db_execute_assoc($sSurveyIDQuery); //Checked if (!$surveyidresult) { return "Database Error"; } $surveyselecter = ""; $surveynames = $surveyidresult->GetRows(); if (isset($usercontrolSameGroupPolicy) && $usercontrolSameGroupPolicy == true) { $authorizedUsersList = getuserlist('onlyuidarray'); } if ($surveynames) { foreach ($surveynames as $sv) { if (!isset($usercontrolSameGroupPolicy) || $usercontrolSameGroupPolicy == false || in_array($sv['uid'], $authorizedUsersList)) { $surveyselecter .= "<option"; $surveyselecter .= " value='{$sv['uid']}'>{$sv['users_name']} {$sv['full_name']}</option>\n"; } } } if (!isset($svexist)) { $surveyselecter = "<option value='-1' selected='selected'>" . $clang->gT("Please choose...") . "</option>\n" . $surveyselecter; } else { $surveyselecter = "<option value='-1'>" . $clang->gT("None") . "</option>\n" . $surveyselecter; } return $surveyselecter; }
} // ************************************************* // Survey Rights Start **************************** // ************************************************* if($action == "addsurveysecurity") { $addsummary = "<div class='header ui-widget-header'>".$clang->gT("Add User")."</div>\n"; $addsummary .= "<div class=\"messagebox ui-corner-all\">\n"; $query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND owner_id = ".$_SESSION['loginID']." AND owner_id != ".$postuserid; $result = db_execute_assoc($query); //Checked if( ($result->RecordCount() > 0 && in_array($postuserid,getuserlist('onlyuidarray'))) || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { if($postuserid > 0){ $isrquery = "INSERT INTO {$dbprefix}survey_permissions (sid,uid,permission,read_p) VALUES ({$surveyid},{$postuserid},'survey',1)"; $isrresult = $connect->Execute($isrquery); //Checked if($isrresult) { $addsummary .= "<div class=\"successheader\">".$clang->gT("User added.")."</div>\n"; $addsummary .= "<br /><form method='post' action='$scriptname?sid={$surveyid}'>" ."<input type='submit' value='".$clang->gT("Set survey permissions")."' />" ."<input type='hidden' name='action' value='setsurveysecurity' />" ."<input type='hidden' name='uid' value='{$postuserid}' />"
//Checked while ($gnrow = $gnresult->FetchRow()) { $partial_responses = $gnrow[0]; } $gnquery = "SELECT count(id) FROM " . db_table_name("survey_" . $rows['sid']); $gnresult = db_execute_num($gnquery); //Checked while ($gnrow = $gnresult->FetchRow()) { $responses = $gnrow[0]; } } else { $status = $clang->gT("Inactive"); } $datetimeobj = new Date_Time_Converter($rows['datecreated'], "Y-m-d H:i:s"); $datecreated = $datetimeobj->convert($dateformatdetails['phpdate']); if (in_array($rows['owner_id'], getuserlist('onlyuidarray'))) { $ownername = $rows['users_name']; } else { $ownername = "---"; } $questionsCount = 0; $questionsCountQuery = "SELECT * FROM " . db_table_name('questions') . " WHERE sid={$rows['sid']} AND language='" . $rows['language'] . "'"; //Getting a count of questions for this survey $questionsCountResult = $connect->Execute($questionsCountQuery); //Checked $questionsCount = $questionsCountResult->RecordCount(); $listsurveys .= "<tr>"; if ($rows['active'] == "Y") { if ($rows['expires'] != '' && $rows['expires'] < date_shift(date("Y-m-d H:i:s"), "Y-m-d", $timeadjust)) { $listsurveys .= "<td><img src='{$imageurl}/expired.png' " . "alt='" . $clang->gT("This survey is active but expired.") . "' /></td>"; } else {
if (isset($_REQUEST['survey_id'])) { $intSurveyId = sanitize_int($_REQUEST['survey_id']); } $owner_id = $_SESSION['loginID']; header('Content-type: application/json'); $query = "UPDATE " . db_table_name('surveys') . " SET owner_id = {$intNewOwner} WHERE sid={$intSurveyId}"; if (bHasGlobalPermission("USER_RIGHT_SUPERADMIN")) { $query .= ";"; } else { $query .= " AND owner_id={$owner_id};"; } $result = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); $query = "SELECT b.users_name FROM " . db_table_name('surveys') . " as a" . " INNER JOIN " . db_table_name('users') . " as b ON a.owner_id = b.uid WHERE sid={$intSurveyId} AND owner_id={$intNewOwner};"; $result = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); $intRecordCount = $result->RecordCount(); $aUsers = array('record_count' => $intRecordCount); if ($result->RecordCount() > 0) { while ($rows = $result->FetchRow()) { $aUsers['newowner'] = $rows['users_name']; } } $ajaxoutput = ls_json_encode($aUsers) . "\n"; } elseif ($action == "ajaxgetusers") { header('Content-type: application/json'); $aSeenUsers = getuserlist(); $aUsers = array(); foreach ($aSeenUsers as $userline) { $aUsers[] = array($userline['uid'], $userline['user']); } $ajaxoutput = ls_json_encode($aUsers) . "\n"; }