Beispiel #1
0
    if (survey_status_is_test($status)) {
        if (isset($_REQUEST['test']) && $_REQUEST['test']) {
            $isActive = true;
        } else {
            $isActive = false;
        }
    } else {
        if (STATUS_OPEN !== survey_open($open_date, $close_date)) {
            $isActive = false;
        } else {
            $isActive = true;
        }
    }
}
if (!$isActive) {
    echo mkerror(_('Error processing survey: Survey is not active.'));
    return;
}
if ($request_referer == $ESPCONFIG['autopub_url']) {
    $request_referer .= "?name={$name}";
}
// let's build the correct return/submit/resume link
$action = $ESPCONFIG['proto'] . $_SERVER['HTTP_HOST'] . htmlspecialchars($_SERVER['PHP_SELF']);
$query_string = "";
// we need to remove "sec=xx" from the query string, otherwise
// the resume link will contain this also and the user will always
// return to the same filled in section
if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) {
    $query_string = $_SERVER['QUERY_STRING'];
}
$query_string = preg_replace('/sec=\\d+/s', '', $query_string);
Beispiel #2
0
/* $Id$ */
/* vim: set tabstop=4 shiftwidth=4 expandtab: */
// Written by James Flemer
// For eGrad2000.com
// <*****@*****.**>
if (!defined('ESP-FIRST-INCLUDED')) {
    echo "In order to conduct surveys, please include phpESP.first.php in your php script, not handler-prefix.php!";
    exit;
}
if (defined('ESP-HANDLER-PREFIX')) {
    return;
}
define('ESP-HANDLER-PREFIX', true);
$GLOBALS['errmsg'] = '';
if (isset($_REQUEST['results']) || isset($_REQUEST['results'])) {
    $GLOBALS['errmsg'] = mkerror(_('Error processing survey: Security violation.'));
    return;
}
if (isset($sid) && !empty($sid)) {
    $sid = intval($sid);
} else {
    if (isset($_REQUEST['sid']) && !empty($_REQUEST['sid'])) {
        $sid = intval($_REQUEST['sid']);
    }
}
if (!isset($sid) || empty($sid)) {
    blur('/public/dashboard.php');
    assert('false; // NOTREACHED');
}
if (!isset($_css)) {
    $_css = "";
Beispiel #3
0
                } else {
                    array_push($sqlv, _addslashes($post[$f]));
                }
            }
        }
        array_push($sqlf, 'realm');
        array_push($sqlv, _addslashes($signup_realm));
        $sqlf = implode(',', $sqlf);
        $sqlv = implode(',', $sqlv);
        $sql = "INSERT INTO " . $GLOBALS['ESPCONFIG']['respondent_table'] . " ({$sqlf}) VALUES ({$sqlv})";
        /* execute statement */
        $res = execute_sql($sql);
        if (!$res) {
            $msg = '<font color="red">' . _('Request failed, please choose a different username.') . '</font>';
            if ($GLOBALS['ESPCONFIG']['DEBUG']) {
                $msg .= mkerror(ErrorNo() . ': ' . ErrorMsg());
            }
            break;
        }
        $msg = '<font color="blue">' . sprintf(_('Your account, %s, has been created!'), htmlspecialchars($post['username'])) . '</font>';
        foreach ($fields as $f) {
            $post[$f] = null;
            unset($post[$f]);
        }
    }
} while (0);
$rqd = '<font color="red">*</font>';
if (!$embed) {
    ?>
<html>
<head>
Beispiel #4
0
        }
        if (isset($_SESSION['raw_password'])) {
            $raw_password = $_SESSION['raw_password'];
        } else {
            $raw_password = "";
        }
    }
    $password = _addslashes($raw_password);
    if (!manage_auth($username, $password, $raw_password)) {
        exit;
    }
} else {
    $_SESSION['acl'] = array('username' => 'none', 'pdesign' => array('none'), 'pdata' => array('none'), 'pstatus' => array('none'), 'pall' => array('none'), 'pgroup' => array('none'), 'puser' => array('none'), 'superuser' => 'Y', 'disabled' => 'N');
}
if ($_SESSION['acl']['superuser'] != 'Y') {
    exit;
}
foreach ($ESPCONFIG as $name => $value) {
    if (substr($name, -6) == "_table") {
        $newvalue = str_replace($DB_PREFIX, "", $value);
        print "<br \\>Renaming {$value} to {$new_prefix}{$newvalue} ... ";
        $sql = "RENAME TABLE {$value} TO {$new_prefix}{$newvalue}";
        $result = execute_sql($sql);
        if (!$result) {
            echo mkerror(_('FAILED'));
        } else {
            echo _('DONE');
        }
    }
}
echo "<br><a href=\"manage.php\">" . _('Go back to Management Interface') . "</a>\n";
Beispiel #5
0
function handleChangePassword()
{
    // are we in change password mode?
    $showChangePassword = $GLOBALS['ESPCONFIG']['dashboard_allow_change_password'] && empty($_REQUEST['doChangePasswordCancel']) && is_session_authenticated() && isset($_REQUEST['doChangePassword']) ? true : false;
    // are we also changing the password?
    $handleChangePassword = $showChangePassword && get_current_respondent($respondent) && !empty($_REQUEST['oldPassword']) && !empty($_REQUEST['newPassword']) && !empty($_REQUEST['newPasswordConfirm']) ? true : false;
    // if changing, handle it
    if ($handleChangePassword) {
        $isAuthenticated = authenticate($respondent['username'], $_REQUEST['oldPassword'], $realms);
        $isAuthenticated = 1 === count($realms) ? $isAuthenticated : false;
        $isMatch = 0 === strcmp($_REQUEST['newPassword'], $_REQUEST['newPasswordConfirm']) ? true : false;
        // if the old password authenticates and the confirmation password matches, go change
        if ($isAuthenticated && $isMatch) {
            // if password changes successfully, drop out of show change password mode
            $ok = change_password($respondent['username'], $respondent['realm'], $_REQUEST['newPassword']);
            if ($ok) {
                $showChangePassword = false;
            } else {
                $GLOBALS['errmsg'] = mkerror(_('Unable to change your password; contact an administrator'));
            }
            // if the old password authenticates but the confirmation doesn't match
        } else {
            if ($isAuthenticated && !$isMatch) {
                $GLOBALS['errmsg'] = mkerror(_('Passwords do not match; check your typing'));
                // otherwise, bad original password, puke
            } else {
                $GLOBALS['errmsg'] = mkerror(_('Old password incorrect; check your typing'));
            }
        }
    }
    // if we're showing the change password form, do so
    if ($showChangePassword) {
        paint_header();
        echo '<div class="dashboardPanel">' . '<h1>' . _('Change My Password') . '</h1>' . render_passwd_change_form() . '</div>';
        paint_footer();
        exit;
    }
}