if (survey_status_is_test($status)) { if (isset($_REQUEST['test']) && $_REQUEST['test']) { $isActive = true; } else { $isActive = false; } } else { if (STATUS_OPEN !== survey_open($open_date, $close_date)) { $isActive = false; } else { $isActive = true; } } } if (!$isActive) { echo mkerror(_('Error processing survey: Survey is not active.')); return; } if ($request_referer == $ESPCONFIG['autopub_url']) { $request_referer .= "?name={$name}"; } // let's build the correct return/submit/resume link $action = $ESPCONFIG['proto'] . $_SERVER['HTTP_HOST'] . htmlspecialchars($_SERVER['PHP_SELF']); $query_string = ""; // we need to remove "sec=xx" from the query string, otherwise // the resume link will contain this also and the user will always // return to the same filled in section if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) { $query_string = $_SERVER['QUERY_STRING']; } $query_string = preg_replace('/sec=\\d+/s', '', $query_string);
/* $Id$ */ /* vim: set tabstop=4 shiftwidth=4 expandtab: */ // Written by James Flemer // For eGrad2000.com // <*****@*****.**> if (!defined('ESP-FIRST-INCLUDED')) { echo "In order to conduct surveys, please include phpESP.first.php in your php script, not handler-prefix.php!"; exit; } if (defined('ESP-HANDLER-PREFIX')) { return; } define('ESP-HANDLER-PREFIX', true); $GLOBALS['errmsg'] = ''; if (isset($_REQUEST['results']) || isset($_REQUEST['results'])) { $GLOBALS['errmsg'] = mkerror(_('Error processing survey: Security violation.')); return; } if (isset($sid) && !empty($sid)) { $sid = intval($sid); } else { if (isset($_REQUEST['sid']) && !empty($_REQUEST['sid'])) { $sid = intval($_REQUEST['sid']); } } if (!isset($sid) || empty($sid)) { blur('/public/dashboard.php'); assert('false; // NOTREACHED'); } if (!isset($_css)) { $_css = "";
} else { array_push($sqlv, _addslashes($post[$f])); } } } array_push($sqlf, 'realm'); array_push($sqlv, _addslashes($signup_realm)); $sqlf = implode(',', $sqlf); $sqlv = implode(',', $sqlv); $sql = "INSERT INTO " . $GLOBALS['ESPCONFIG']['respondent_table'] . " ({$sqlf}) VALUES ({$sqlv})"; /* execute statement */ $res = execute_sql($sql); if (!$res) { $msg = '<font color="red">' . _('Request failed, please choose a different username.') . '</font>'; if ($GLOBALS['ESPCONFIG']['DEBUG']) { $msg .= mkerror(ErrorNo() . ': ' . ErrorMsg()); } break; } $msg = '<font color="blue">' . sprintf(_('Your account, %s, has been created!'), htmlspecialchars($post['username'])) . '</font>'; foreach ($fields as $f) { $post[$f] = null; unset($post[$f]); } } } while (0); $rqd = '<font color="red">*</font>'; if (!$embed) { ?> <html> <head>
} if (isset($_SESSION['raw_password'])) { $raw_password = $_SESSION['raw_password']; } else { $raw_password = ""; } } $password = _addslashes($raw_password); if (!manage_auth($username, $password, $raw_password)) { exit; } } else { $_SESSION['acl'] = array('username' => 'none', 'pdesign' => array('none'), 'pdata' => array('none'), 'pstatus' => array('none'), 'pall' => array('none'), 'pgroup' => array('none'), 'puser' => array('none'), 'superuser' => 'Y', 'disabled' => 'N'); } if ($_SESSION['acl']['superuser'] != 'Y') { exit; } foreach ($ESPCONFIG as $name => $value) { if (substr($name, -6) == "_table") { $newvalue = str_replace($DB_PREFIX, "", $value); print "<br \\>Renaming {$value} to {$new_prefix}{$newvalue} ... "; $sql = "RENAME TABLE {$value} TO {$new_prefix}{$newvalue}"; $result = execute_sql($sql); if (!$result) { echo mkerror(_('FAILED')); } else { echo _('DONE'); } } } echo "<br><a href=\"manage.php\">" . _('Go back to Management Interface') . "</a>\n";
function handleChangePassword() { // are we in change password mode? $showChangePassword = $GLOBALS['ESPCONFIG']['dashboard_allow_change_password'] && empty($_REQUEST['doChangePasswordCancel']) && is_session_authenticated() && isset($_REQUEST['doChangePassword']) ? true : false; // are we also changing the password? $handleChangePassword = $showChangePassword && get_current_respondent($respondent) && !empty($_REQUEST['oldPassword']) && !empty($_REQUEST['newPassword']) && !empty($_REQUEST['newPasswordConfirm']) ? true : false; // if changing, handle it if ($handleChangePassword) { $isAuthenticated = authenticate($respondent['username'], $_REQUEST['oldPassword'], $realms); $isAuthenticated = 1 === count($realms) ? $isAuthenticated : false; $isMatch = 0 === strcmp($_REQUEST['newPassword'], $_REQUEST['newPasswordConfirm']) ? true : false; // if the old password authenticates and the confirmation password matches, go change if ($isAuthenticated && $isMatch) { // if password changes successfully, drop out of show change password mode $ok = change_password($respondent['username'], $respondent['realm'], $_REQUEST['newPassword']); if ($ok) { $showChangePassword = false; } else { $GLOBALS['errmsg'] = mkerror(_('Unable to change your password; contact an administrator')); } // if the old password authenticates but the confirmation doesn't match } else { if ($isAuthenticated && !$isMatch) { $GLOBALS['errmsg'] = mkerror(_('Passwords do not match; check your typing')); // otherwise, bad original password, puke } else { $GLOBALS['errmsg'] = mkerror(_('Old password incorrect; check your typing')); } } } // if we're showing the change password form, do so if ($showChangePassword) { paint_header(); echo '<div class="dashboardPanel">' . '<h1>' . _('Change My Password') . '</h1>' . render_passwd_change_form() . '</div>'; paint_footer(); exit; } }