function modlabelsetanswers($lid)
{
global $dbprefix, $connect, $clang, $labelsoutput, $databasetype, $filterxsshtml,$postsortorder;
$qulabelset = "SELECT * FROM ".db_table_name('labelsets')." WHERE lid='$lid'";
$rslabelset = db_execute_assoc($qulabelset) or safe_die($connect->ErrorMsg());
$rwlabelset=$rslabelset->FetchRow();
$lslanguages=explode(" ", trim($rwlabelset['languages']));
if (!isset($_POST['method'])) {
$_POST['method'] = $clang->gT("Save");
}
switch($_POST['method'])
{
case $clang->gT("Add new label", "unescaped"):
if (isset($_POST['insertcode']) && $_POST['insertcode']!='')
{
$_SESSION['nextlabelcode']=getNextCode($_POST['insertcode']);
$_POST['insertcode'] = db_quoteall($_POST['insertcode'],true);
// check that the code doesn't exist yet
$query = "SELECT code FROM ".db_table_name('labels')." WHERE lid='$lid' AND code=".$_POST['insertcode'];
$result = $connect->Execute($query);
$codeoccurences=$result->RecordCount();
if ($codeoccurences == 0)
{
$query = "select max(sortorder) as maxorder from ".db_table_name('labels')." where lid='$lid'";
$result = $connect->Execute($query);
$newsortorder=sprintf("%05d", $result->fields['maxorder']+1);
if ($filterxsshtml)
{
require_once("../classes/inputfilter/class.inputfilter_clean.php");
$myFilter = new InputFilter('','',1,1,1);
$_POST['inserttitle']=$myFilter->process($_POST['inserttitle']);
}
else
{
$_POST['inserttitle'] = html_entity_decode($_POST['inserttitle'], ENT_QUOTES, "UTF-8");
}
// Fix bug with FCKEditor saving strange BR types
$_POST['inserttitle']=fix_FCKeditor_text($_POST['inserttitle']);
$_POST['inserttitle'] = db_quoteall($_POST['inserttitle'],true);
$_POST['insertassessmentvalue']=(int)$_POST['insertassessmentvalue'];
foreach ($lslanguages as $lslanguage)
{
db_switchIDInsert('labels',true);
$query = "INSERT INTO ".db_table_name('labels')." (lid, code, title, sortorder,language, assessment_value) VALUES ($lid, {$_POST['insertcode']}, {$_POST['inserttitle']}, '$newsortorder','$lslanguage',{$_POST['insertassessmentvalue']})";
if (!$result = $connect->Execute($query))
{
$labelsoutput.= "<script type=\"text/javascript\">\n<!--\n alert(\"".$clang->gT("Failed to insert label", "js")." - ".$query." - ".$connect->ErrorMsg()."\")\n //-->\n</script>\n";
}
db_switchIDInsert('labels',false);
}
}
else
{
$labelsoutput.= "<script type=\"text/javascript\">\n<!--\n alert(\"".$clang->gT("This label code is already used in this labelset. Please choose another code or rename the existing one.", "js")."\")\n //-->\n</script>\n";
}
}
break;
// Save all labels with one button
case $clang->gT("Save Changes", "unescaped"):
//Determine autoids by evaluating the hidden field
$sortorderids=explode(' ', trim($_POST['sortorderids']));
$codeids=explode(' ', trim($_POST['codeids']));
$count=0;
// Quote each code_codeid first
foreach ($codeids as $codeid)
{
$_POST['code_'.$codeid] = db_quoteall($_POST['code_'.$codeid],true);
if (isset($_POST['oldcode_'.$codeid])) $_POST['oldcode_'.$codeid] = db_quoteall($_POST['oldcode_'.$codeid],true);
// Get the code values to check for duplicates
$codevalues[] = $_POST['code_'.$codeid];
}
// Check that there is no code duplicate
if (count(array_unique($codevalues)) == count($codevalues))
{
if ($filterxsshtml)
{
require_once("../classes/inputfilter/class.inputfilter_clean.php");
$myFilter = new InputFilter('','',1,1,1);
}
foreach ($sortorderids as $sortorderid)
{
$orderid=substr($sortorderid,strrpos($sortorderid,'_')+1,20);
foreach ($lslanguages as $langid)
{
$sortorderid = $langid . '_' . $orderid;
if ($filterxsshtml)
{
$_POST['title_'.$sortorderid]=$myFilter->process($_POST['title_'.$sortorderid]);
}
else
{
$_POST['title_'.$sortorderid] = html_entity_decode($_POST['title_'.$sortorderid], ENT_QUOTES, "UTF-8");
}
// Fix bug with FCKEditor saving strange BR types
$_POST['title_'.$sortorderid]=fix_FCKeditor_text($_POST['title_'.$sortorderid]);
$_POST['title_'.$sortorderid] = db_quoteall($_POST['title_'.$sortorderid],true);
$query = "UPDATE ".db_table_name('labels')." SET code=".$_POST['code_'.$codeids[$count]].", title={$_POST['title_'.$sortorderid]}, assessment_value={$_POST['assessmentvalue_'.$codeids[$count]]} WHERE lid=$lid AND sortorder=$orderid AND language='$langid'";
if (!$result = $connect->Execute($query))
// if update didn't work we assume the label does not exist and insert it
{
$query = "insert into ".db_table_name('labels')." (code,title,lid,sortorder,language) VALUES (".$_POST['code_'.$codeids[$count]].", {$_POST['title_'.$sortorderid]}, $lid , $orderid , '$langid')";
if (!$result = $connect->Execute($query))
{
$labelsoutput.= "<script type=\"text/javascript\">\n<!--\n alert(\"".$clang->gT("Failed to update label","js")." - ".$query." - ".$connect->ErrorMsg()."\")\n //-->\n</script>\n";
}
}
}
$count++;
if ($count>count($codeids)-1) {$count=0;}
}
fixorder($lid);
}
else
{
$labelsoutput.= "<script type=\"text/javascript\">\n<!--\n alert(\"".$clang->gT("Can't update labels because you are using duplicated codes","js")."\")\n //-->\n</script>\n";
}
break;
// Pressing the Up button
case $clang->gT("Up", "unescaped"):
$newsortorder=$postsortorder-1;
$oldsortorder=$postsortorder;
$cdquery = "UPDATE ".db_table_name('labels')." SET sortorder=-1 WHERE lid=$lid AND sortorder=$newsortorder";
$cdresult=$connect->Execute($cdquery) or safe_die($connect->ErrorMsg());
$cdquery = "UPDATE ".db_table_name('labels')." SET sortorder=$newsortorder WHERE lid=$lid AND sortorder=$oldsortorder";
$cdresult=$connect->Execute($cdquery) or safe_die($connect->ErrorMsg());
$cdquery = "UPDATE ".db_table_name('labels')." SET sortorder='$oldsortorder' WHERE lid=$lid AND sortorder=-1";
$cdresult=$connect->Execute($cdquery) or safe_die($connect->ErrorMsg());
break;
// Pressing the Down button
case $clang->gT("Dn", "unescaped"):
$newsortorder=$postsortorder+1;
$oldsortorder=$postsortorder;
$cdquery = "UPDATE ".db_table_name('labels')." SET sortorder=-1 WHERE lid=$lid AND sortorder='$newsortorder'";
$cdresult=$connect->Execute($cdquery) or safe_die($connect->ErrorMsg());
$cdquery = "UPDATE ".db_table_name('labels')." SET sortorder='$newsortorder' WHERE lid=$lid AND sortorder=$oldsortorder";
$cdresult=$connect->Execute($cdquery) or safe_die($connect->ErrorMsg());
$cdquery = "UPDATE ".db_table_name('labels')." SET sortorder=$oldsortorder WHERE lid=$lid AND sortorder=-1";
$cdresult=$connect->Execute($cdquery) or safe_die($connect->ErrorMsg());
break;
// Delete Button
case $clang->gT("Del", "unescaped"):
$query = "DELETE FROM ".db_table_name('labels')." WHERE lid=$lid AND sortorder='{$postsortorder}'";
if (!$result = $connect->Execute($query))
{
$labelsoutput.= "<script type=\"text/javascript\">\n<!--\n alert(\"".$clang->gT("Failed to delete label","js")." - ".$query." - ".$connect->ErrorMsg()."\")\n //-->\n</script>\n";
}
fixorder($lid);
break;
}
}
}
}
if ($errorstring != '') {
$quotasoutput .= "<script type=\"text/javascript\">\n<!--\n alert(\"" . $clang->gT("Quota could not be added.\\n\\nIt is missing a quota message for the following languages", "js") . ":\\n" . $errorstring . "\")\n //-->\n</script>\n";
} else {
require_once "../classes/inputfilter/class.inputfilter_clean.php";
$myFilter = new InputFilter('', '', 1, 1, 1);
foreach ($langs as $lang) {
//Clean XSS
if ($filterxsshtml) {
$_POST['quotals_message_' . $lang] = $myFilter->process($_POST['quotals_message_' . $lang]);
} else {
$_POST['quotals_message_' . $lang] = html_entity_decode($_POST['quotals_message_' . $lang], ENT_QUOTES, "UTF-8");
}
// Fix bug with FCKEditor saving strange BR types
$_POST['quotals_message_' . $lang] = fix_FCKeditor_text($_POST['quotals_message_' . $lang]);
//Check to see if a matching language exists, and if not, INSERT one (no update possible)
$query = "SELECT * FROM " . db_table_name('quota_languagesettings') . "\n WHERE quotals_quota_id = " . db_quote($_POST['quota_id'], true) . "\n AND quotals_language = '{$lang}'";
$result = db_execute_assoc($query) or safe_die($connect->ErrorMsg());
if ($result->RecordCount() > 0) {
//Now save the language to the database:
$query = "UPDATE " . db_table_name('quota_languagesettings') . "\n SET quotals_name='" . db_quote($_POST['quota_name'], true) . "',\n quotals_message='" . db_quote($_POST['quotals_message_' . $lang], true) . "'\n WHERE quotals_quota_id =" . db_quote($_POST['quota_id'], true) . "\n AND quotals_language = '{$lang}'";
$connect->Execute($query) or safe_die($connect->ErrorMsg());
} else {
/* If there is no matching record for this language, create one */
$query = "INSERT INTO " . db_table_name('quota_languagesettings') . "\n (quotals_quota_id,quotals_language,quotals_name,quotals_message,quotals_url,quotals_urldescrip)\n VALUES ('" . db_quote($_POST['quota_id']) . "', '{$lang}', '" . db_quote($_POST['quota_name'], true) . "',\n '" . db_quote($_POST['quotals_message_' . $lang], true) . "', '" . QUEXS_URL . "rs_quota_end.php" . "',\n '" . QUEXS_URL . "rs_quota_end.php" . "')";
$connect->Execute($query) or safe_die($connect->ErrorMsg());
}
}
}
//End insert language based components
if (trim($_POST['startdate']) == '') {
$_POST['startdate'] = null;
} else {
$datetimeobj = new Date_Time_Converter($_POST['startdate'], "d.m.Y H:i");
$browsedatafield = $datetimeobj->convert("Y-m-d H:i:s");
$_POST['startdate'] = $browsedatafield;
}
$insertarray = array('sid' => $surveyid, 'owner_id' => $_SESSION['loginID'], 'admin' => $_POST['admin'], 'active' => 'N', 'expires' => $_POST['expires'], 'startdate' => $_POST['startdate'], 'adminemail' => $_POST['adminemail'], 'bounce_email' => $_POST['bounce_email'], 'anonymized' => $_POST['anonymized'], 'faxto' => $_POST['faxto'], 'format' => $_POST['format'], 'savetimings' => $_POST['savetimings'], 'template' => $_POST['template'], 'language' => $_POST['language'], 'datestamp' => $_POST['datestamp'], 'ipaddr' => $_POST['ipaddr'], 'refurl' => $_POST['refurl'], 'usecookie' => $_POST['usecookie'], 'emailnotificationto' => $_POST['emailnotificationto'], 'allowregister' => $_POST['allowregister'], 'allowsave' => $_POST['allowsave'], 'navigationdelay' => $_POST['navigationdelay'], 'autoredirect' => $_POST['autoredirect'], 'showxquestions' => $_POST['showxquestions'], 'showgroupinfo' => $_POST['showgroupinfo'], 'showqnumcode' => $_POST['showqnumcode'], 'shownoanswer' => $_POST['shownoanswer'], 'showwelcome' => $_POST['showwelcome'], 'allowprev' => $_POST['allowprev'], 'allowjumps' => $_POST['allowjumps'], 'nokeyboard' => $_POST['nokeyboard'], 'showprogress' => $_POST['showprogress'], 'printanswers' => $_POST['printanswers'], 'datecreated' => date("Y-m-d"), 'listpublic' => $_POST['public'], 'htmlemail' => $_POST['htmlemail'], 'tokenanswerspersistence' => $_POST['tokenanswerspersistence'], 'alloweditaftercompletion' => $_POST['alloweditaftercompletion'], 'usecaptcha' => $_POST['usecaptcha'], 'publicstatistics' => $_POST['publicstatistics'], 'publicgraphs' => $_POST['publicgraphs'], 'assessments' => $_POST['assessments'], 'emailresponseto' => $_POST['emailresponseto'], 'tokenlength' => $_POST['tokenlength']);
$dbtablename = db_table_name_nq('surveys');
$isquery = $connect->GetInsertSQL($dbtablename, $insertarray);
$isresult = $connect->Execute($isquery) or safe_die($isquery . "<br />" . $connect->ErrorMsg());
// Checked
// Fix bug with FCKEditor saving strange BR types
$_POST['surveyls_title'] = fix_FCKeditor_text($_POST['surveyls_title']);
$_POST['description'] = fix_FCKeditor_text($_POST['description']);
$_POST['welcome'] = fix_FCKeditor_text($_POST['welcome']);
$bplang = new limesurvey_lang($_POST['language']);
$aDefaultTexts = aTemplateDefaultTexts($bplang, 'unescaped');
$is_html_email = false;
if (isset($_POST['htmlemail']) && $_POST['htmlemail'] == "Y") {
$is_html_email = true;
$aDefaultTexts['admin_detailed_notification'] = $aDefaultTexts['admin_detailed_notification_css'] . conditional_nl2br($aDefaultTexts['admin_detailed_notification'], $is_html_email, 'unescaped');
}
$insertarray = array('surveyls_survey_id' => $surveyid, 'surveyls_language' => $_POST['language'], 'surveyls_title' => $_POST['surveyls_title'], 'surveyls_description' => $_POST['description'], 'surveyls_welcometext' => $_POST['welcome'], 'surveyls_urldescription' => $_POST['urldescrip'], 'surveyls_endtext' => $_POST['endtext'], 'surveyls_url' => $_POST['url'], 'surveyls_email_invite_subj' => $aDefaultTexts['invitation_subject'], 'surveyls_email_invite' => conditional_nl2br($aDefaultTexts['invitation'], $is_html_email, 'unescaped'), 'surveyls_email_remind_subj' => $aDefaultTexts['reminder_subject'], 'surveyls_email_remind' => conditional_nl2br($aDefaultTexts['reminder'], $is_html_email, 'unescaped'), 'surveyls_email_confirm_subj' => $aDefaultTexts['confirmation_subject'], 'surveyls_email_confirm' => conditional_nl2br($aDefaultTexts['confirmation'], $is_html_email, 'unescaped'), 'surveyls_email_register_subj' => $aDefaultTexts['registration_subject'], 'surveyls_email_register' => conditional_nl2br($aDefaultTexts['registration'], $is_html_email, 'unescaped'), 'email_admin_notification_subj' => $aDefaultTexts['admin_notification_subject'], 'email_admin_notification' => conditional_nl2br($aDefaultTexts['admin_notification'], $is_html_email, 'unescaped'), 'email_admin_responses_subj' => $aDefaultTexts['admin_detailed_notification_subject'], 'email_admin_responses' => $aDefaultTexts['admin_detailed_notification'], 'surveyls_dateformat' => $_POST['dateformat'], 'surveyls_numberformat' => $numberformatid);
$dbtablename = db_table_name_nq('surveys_languagesettings');
$isquery = $connect->GetInsertSQL($dbtablename, $insertarray);
$isresult = $connect->Execute($isquery) or safe_die($isquery . "<br />" . $connect->ErrorMsg());
// Checked
unset($bplang);
$_SESSION['flashmessage'] = $clang->gT("Survey was successfully added.");
// Update survey permissions
function modlabelsetanswers($lid)
{
global $dbprefix, $connect, $clang, $labelsoutput, $databasetype, $filterxsshtml, $postsortorder;
$ajax = false;
if (isset($_POST['ajax']) && $_POST['ajax'] == "1") {
$ajax = true;
}
if (!isset($_POST['method'])) {
$_POST['method'] = $clang->gT("Save");
}
$data = json_decode(html_entity_decode($_POST['dataToSend'], ENT_QUOTES, "UTF-8"));
if ($ajax) {
$lid = insertlabelset();
}
if (count(array_unique($data->{'codelist'})) == count($data->{'codelist'})) {
if ($filterxsshtml) {
require_once "../classes/inputfilter/class.inputfilter_clean.php";
$myFilter = new InputFilter('', '', 1, 1, 1);
}
$query = "DELETE FROM " . db_table_name('labels') . " WHERE lid = {$lid}";
$result = db_execute_assoc($query) or safe_die($connect->ErrorMsg());
foreach ($data->{'codelist'} as $index => $codeid) {
$codeObj = $data->{$codeid};
$actualcode = db_quoteall($codeObj->{'code'}, true);
$codeid = db_quoteall($codeid, true);
$assessmentvalue = (int) $codeObj->{'assessmentvalue'};
foreach ($data->{'langs'} as $lang) {
$strTemp = 'text_' . $lang;
$title = $codeObj->{$strTemp};
if ($filterxsshtml) {
$title = $myFilter->process($title);
} else {
$title = html_entity_decode($title, ENT_QUOTES, "UTF-8");
}
// Fix bug with FCKEditor saving strange BR types
$title = fix_FCKeditor_text($title);
$title = db_quoteall($title, true);
$sort_order = db_quoteall($index);
$lang = db_quoteall($lang);
$query = "INSERT INTO " . db_table_name('labels') . " (lid,code,title,sortorder, assessment_value, language)\n VALUES({$lid},{$actualcode},{$title},{$sort_order},{$assessmentvalue},{$lang})";
$result = db_execute_assoc($query) or safe_die($connect->ErrorMsg());
}
}
$_SESSION['flashmessage'] = $clang->gT("Labels sucessfully updated");
} else {
$labelsoutput .= "<script type=\"text/javascript\">\n<!--\n alert(\"" . $clang->gT("Can't update labels because you are using duplicated codes", "js") . "\")\n //-->\n</script>\n";
}
if ($ajax) {
die;
}
}
