}
}
} elseif ($action == "assessmentupdate") {
if ($filterxsshtml) {
require_once "../classes/inputfilter/class.inputfilter_clean.php";
$myFilter = new InputFilter('', '', 1, 1, 1);
}
foreach ($assessmentlangs as $assessmentlang) {
if (!isset($_POST['gid'])) {
$_POST['gid'] = 0;
}
if ($filterxsshtml) {
$_POST['name_' . $assessmentlang] = $myFilter->process($_POST['name_' . $assessmentlang]);
$_POST['assessmentmessage_' . $assessmentlang] = $myFilter->process($_POST['assessmentmessage_' . $assessmentlang]);
}
$query = "UPDATE {$dbprefix}assessments\n\t\t\t SET scope='" . db_quote($_POST['scope'], true) . "',\n\t\t\t gid=" . sanitize_int($_POST['gid']) . ",\n\t\t\t minimum='" . sanitize_signedint($_POST['minimum']) . "',\n\t\t\t maximum='" . sanitize_signedint($_POST['maximum']) . "',\n\t\t\t name='" . db_quote($_POST['name_' . $assessmentlang], true) . "',\n\t\t\t message='" . db_quote($_POST['assessmentmessage_' . $assessmentlang], true) . "'\n\t\t\t WHERE language='{$assessmentlang}' and id=" . sanitize_int($_POST['id']);
$result = $connect->Execute($query) or safe_die("Error updating<br />{$query}<br />" . $connect->ErrorMsg());
}
} elseif ($action == "assessmentdelete") {
$query = "DELETE FROM {$dbprefix}assessments\n\t\t\t\t WHERE id=" . sanitize_int($_POST['id']);
$result = $connect->Execute($query);
}
$assessmentsoutput = PrepareEditorScript();
$assessmentsoutput .= "<script type=\"text/javascript\">\n <!-- \n var strnogroup='" . $clang->gT("There are no groups available.", "js") . "';\n --></script>\n";
$assessmentsoutput .= "<div class='menubar'>\n" . "\t<div class='menubar-title'>\n" . "<strong>" . $clang->gT("Assessments") . "</strong>\n";
$assessmentsoutput .= "\t</div>\n" . "\t<div class='menubar-main'>\n" . "<div class='menubar-left'>\n" . "\t<a href=\"#\" onclick=\"window.open('{$scriptname}?sid={$surveyid}', '_top')\" title='" . $clang->gTview("Return to survey administration") . "'>" . "<img name='Administration' src='{$imagefiles}/home.png' alt='" . $clang->gT("Return to survey administration") . "' /></a>\n" . "\t<img src='{$imagefiles}/blank.gif' alt='' width='11' />\n" . "\t<img src='{$imagefiles}/seperator.gif' alt='' />\n";
if ($surveyinfo['assessments'] != 'Y') {
$assessmentsoutput .= '<span style="font-size:11px;">' . sprintf($clang->gT("Notice: Assessment mode for this survey is not activated. You can activate it in the %s survey settings %s (tab 'Notification & data management')."), '<a href="admin.php?action=editsurvey&sid=' . $surveyid . '">', '</a>') . '</span>';
}
$assessmentsoutput .= "</div>\n" . "\t</div>\n" . "</div>\n";
$assessmentsoutput .= "<p style='margin:0;font-size:1px;line-height:1px;height:1px;'> </p>";
}
foreach ($assessmentlangs as $assessmentlang)
{
if (!isset($_POST['gid'])) $_POST['gid']=0;
if ($filterxsshtml)
{
$_POST['name_'.$assessmentlang]=$myFilter->process($_POST['name_'.$assessmentlang]);
$_POST['assessmentmessage_'.$assessmentlang]=$myFilter->process($_POST['assessmentmessage_'.$assessmentlang]);
}
$query = "UPDATE {$dbprefix}assessments
SET scope='".db_quote($_POST['scope'],true)."',
gid=".sanitize_int($_POST['gid']).",
minimum='".sanitize_signedint($_POST['minimum'])."',
maximum='".sanitize_signedint($_POST['maximum'])."',
name='".db_quote($_POST['name_'.$assessmentlang],true)."',
message='".db_quote($_POST['assessmentmessage_'.$assessmentlang],true)."'
WHERE language='$assessmentlang' and id=".sanitize_int($_POST['id']);
$result = $connect->Execute($query) or safe_die("Error updating<br />$query<br />".$connect->ErrorMsg());
}
} elseif ($action == "assessmentdelete" && bHasSurveyPermission($surveyid, 'assessments','delete')) {
$query = "DELETE FROM {$dbprefix}assessments
WHERE id=".sanitize_int($_POST['id']);
$result=$connect->Execute($query);
}
if (bHasSurveyPermission($surveyid, 'assessments','read'))
{
$assessmentsoutput=PrepareEditorScript();
