function modlabelsetanswers($lid) { global $dbprefix, $connect, $clang, $labelsoutput, $databasetype, $filterxsshtml,$postsortorder; $qulabelset = "SELECT * FROM ".db_table_name('labelsets')." WHERE lid='$lid'"; $rslabelset = db_execute_assoc($qulabelset) or safe_die($connect->ErrorMsg()); $rwlabelset=$rslabelset->FetchRow(); $lslanguages=explode(" ", trim($rwlabelset['languages'])); if (!isset($_POST['method'])) { $_POST['method'] = $clang->gT("Save"); } switch($_POST['method']) { case $clang->gT("Add new label", "unescaped"): if (isset($_POST['insertcode']) && $_POST['insertcode']!='') { $_SESSION['nextlabelcode']=getNextCode($_POST['insertcode']); $_POST['insertcode'] = db_quoteall($_POST['insertcode'],true); // check that the code doesn't exist yet $query = "SELECT code FROM ".db_table_name('labels')." WHERE lid='$lid' AND code=".$_POST['insertcode']; $result = $connect->Execute($query); $codeoccurences=$result->RecordCount(); if ($codeoccurences == 0) { $query = "select max(sortorder) as maxorder from ".db_table_name('labels')." where lid='$lid'"; $result = $connect->Execute($query); $newsortorder=sprintf("%05d", $result->fields['maxorder']+1); if ($filterxsshtml) { require_once("../classes/inputfilter/class.inputfilter_clean.php"); $myFilter = new InputFilter('','',1,1,1); $_POST['inserttitle']=$myFilter->process($_POST['inserttitle']); } else { $_POST['inserttitle'] = html_entity_decode($_POST['inserttitle'], ENT_QUOTES, "UTF-8"); } // Fix bug with FCKEditor saving strange BR types $_POST['inserttitle']=fix_FCKeditor_text($_POST['inserttitle']); $_POST['inserttitle'] = db_quoteall($_POST['inserttitle'],true); $_POST['insertassessmentvalue']=(int)$_POST['insertassessmentvalue']; foreach ($lslanguages as $lslanguage) { db_switchIDInsert('labels',true); $query = "INSERT INTO ".db_table_name('labels')." (lid, code, title, sortorder,language, assessment_value) VALUES ($lid, {$_POST['insertcode']}, {$_POST['inserttitle']}, '$newsortorder','$lslanguage',{$_POST['insertassessmentvalue']})"; if (!$result = $connect->Execute($query)) { $labelsoutput.= "<script type=\"text/javascript\">\n<!--\n alert(\"".$clang->gT("Failed to insert label", "js")." - ".$query." - ".$connect->ErrorMsg()."\")\n //-->\n</script>\n"; } db_switchIDInsert('labels',false); } } else { $labelsoutput.= "<script type=\"text/javascript\">\n<!--\n alert(\"".$clang->gT("This label code is already used in this labelset. Please choose another code or rename the existing one.", "js")."\")\n //-->\n</script>\n"; } } break; // Save all labels with one button case $clang->gT("Save Changes", "unescaped"): //Determine autoids by evaluating the hidden field $sortorderids=explode(' ', trim($_POST['sortorderids'])); $codeids=explode(' ', trim($_POST['codeids'])); $count=0; // Quote each code_codeid first foreach ($codeids as $codeid) { $_POST['code_'.$codeid] = db_quoteall($_POST['code_'.$codeid],true); if (isset($_POST['oldcode_'.$codeid])) $_POST['oldcode_'.$codeid] = db_quoteall($_POST['oldcode_'.$codeid],true); // Get the code values to check for duplicates $codevalues[] = $_POST['code_'.$codeid]; } // Check that there is no code duplicate if (count(array_unique($codevalues)) == count($codevalues)) { if ($filterxsshtml) { require_once("../classes/inputfilter/class.inputfilter_clean.php"); $myFilter = new InputFilter('','',1,1,1); } foreach ($sortorderids as $sortorderid) { $orderid=substr($sortorderid,strrpos($sortorderid,'_')+1,20); foreach ($lslanguages as $langid) { $sortorderid = $langid . '_' . $orderid; if ($filterxsshtml) { $_POST['title_'.$sortorderid]=$myFilter->process($_POST['title_'.$sortorderid]); } else { $_POST['title_'.$sortorderid] = html_entity_decode($_POST['title_'.$sortorderid], ENT_QUOTES, "UTF-8"); } // Fix bug with FCKEditor saving strange BR types $_POST['title_'.$sortorderid]=fix_FCKeditor_text($_POST['title_'.$sortorderid]); $_POST['title_'.$sortorderid] = db_quoteall($_POST['title_'.$sortorderid],true); $query = "UPDATE ".db_table_name('labels')." SET code=".$_POST['code_'.$codeids[$count]].", title={$_POST['title_'.$sortorderid]}, assessment_value={$_POST['assessmentvalue_'.$codeids[$count]]} WHERE lid=$lid AND sortorder=$orderid AND language='$langid'"; if (!$result = $connect->Execute($query)) // if update didn't work we assume the label does not exist and insert it { $query = "insert into ".db_table_name('labels')." (code,title,lid,sortorder,language) VALUES (".$_POST['code_'.$codeids[$count]].", {$_POST['title_'.$sortorderid]}, $lid , $orderid , '$langid')"; if (!$result = $connect->Execute($query)) { $labelsoutput.= "<script type=\"text/javascript\">\n<!--\n alert(\"".$clang->gT("Failed to update label","js")." - ".$query." - ".$connect->ErrorMsg()."\")\n //-->\n</script>\n"; } } } $count++; if ($count>count($codeids)-1) {$count=0;} } fixorder($lid); } else { $labelsoutput.= "<script type=\"text/javascript\">\n<!--\n alert(\"".$clang->gT("Can't update labels because you are using duplicated codes","js")."\")\n //-->\n</script>\n"; } break; // Pressing the Up button case $clang->gT("Up", "unescaped"): $newsortorder=$postsortorder-1; $oldsortorder=$postsortorder; $cdquery = "UPDATE ".db_table_name('labels')." SET sortorder=-1 WHERE lid=$lid AND sortorder=$newsortorder"; $cdresult=$connect->Execute($cdquery) or safe_die($connect->ErrorMsg()); $cdquery = "UPDATE ".db_table_name('labels')." SET sortorder=$newsortorder WHERE lid=$lid AND sortorder=$oldsortorder"; $cdresult=$connect->Execute($cdquery) or safe_die($connect->ErrorMsg()); $cdquery = "UPDATE ".db_table_name('labels')." SET sortorder='$oldsortorder' WHERE lid=$lid AND sortorder=-1"; $cdresult=$connect->Execute($cdquery) or safe_die($connect->ErrorMsg()); break; // Pressing the Down button case $clang->gT("Dn", "unescaped"): $newsortorder=$postsortorder+1; $oldsortorder=$postsortorder; $cdquery = "UPDATE ".db_table_name('labels')." SET sortorder=-1 WHERE lid=$lid AND sortorder='$newsortorder'"; $cdresult=$connect->Execute($cdquery) or safe_die($connect->ErrorMsg()); $cdquery = "UPDATE ".db_table_name('labels')." SET sortorder='$newsortorder' WHERE lid=$lid AND sortorder=$oldsortorder"; $cdresult=$connect->Execute($cdquery) or safe_die($connect->ErrorMsg()); $cdquery = "UPDATE ".db_table_name('labels')." SET sortorder=$oldsortorder WHERE lid=$lid AND sortorder=-1"; $cdresult=$connect->Execute($cdquery) or safe_die($connect->ErrorMsg()); break; // Delete Button case $clang->gT("Del", "unescaped"): $query = "DELETE FROM ".db_table_name('labels')." WHERE lid=$lid AND sortorder='{$postsortorder}'"; if (!$result = $connect->Execute($query)) { $labelsoutput.= "<script type=\"text/javascript\">\n<!--\n alert(\"".$clang->gT("Failed to delete label","js")." - ".$query." - ".$connect->ErrorMsg()."\")\n //-->\n</script>\n"; } fixorder($lid); break; } }
} } if ($errorstring != '') { $quotasoutput .= "<script type=\"text/javascript\">\n<!--\n alert(\"" . $clang->gT("Quota could not be added.\\n\\nIt is missing a quota message for the following languages", "js") . ":\\n" . $errorstring . "\")\n //-->\n</script>\n"; } else { require_once "../classes/inputfilter/class.inputfilter_clean.php"; $myFilter = new InputFilter('', '', 1, 1, 1); foreach ($langs as $lang) { //Clean XSS if ($filterxsshtml) { $_POST['quotals_message_' . $lang] = $myFilter->process($_POST['quotals_message_' . $lang]); } else { $_POST['quotals_message_' . $lang] = html_entity_decode($_POST['quotals_message_' . $lang], ENT_QUOTES, "UTF-8"); } // Fix bug with FCKEditor saving strange BR types $_POST['quotals_message_' . $lang] = fix_FCKeditor_text($_POST['quotals_message_' . $lang]); //Check to see if a matching language exists, and if not, INSERT one (no update possible) $query = "SELECT * FROM " . db_table_name('quota_languagesettings') . "\n WHERE quotals_quota_id = " . db_quote($_POST['quota_id'], true) . "\n AND quotals_language = '{$lang}'"; $result = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); if ($result->RecordCount() > 0) { //Now save the language to the database: $query = "UPDATE " . db_table_name('quota_languagesettings') . "\n SET quotals_name='" . db_quote($_POST['quota_name'], true) . "',\n quotals_message='" . db_quote($_POST['quotals_message_' . $lang], true) . "'\n WHERE quotals_quota_id =" . db_quote($_POST['quota_id'], true) . "\n AND quotals_language = '{$lang}'"; $connect->Execute($query) or safe_die($connect->ErrorMsg()); } else { /* If there is no matching record for this language, create one */ $query = "INSERT INTO " . db_table_name('quota_languagesettings') . "\n (quotals_quota_id,quotals_language,quotals_name,quotals_message,quotals_url,quotals_urldescrip)\n VALUES ('" . db_quote($_POST['quota_id']) . "', '{$lang}', '" . db_quote($_POST['quota_name'], true) . "',\n '" . db_quote($_POST['quotals_message_' . $lang], true) . "', '" . QUEXS_URL . "rs_quota_end.php" . "',\n '" . QUEXS_URL . "rs_quota_end.php" . "')"; $connect->Execute($query) or safe_die($connect->ErrorMsg()); } } } //End insert language based components
if (trim($_POST['startdate']) == '') { $_POST['startdate'] = null; } else { $datetimeobj = new Date_Time_Converter($_POST['startdate'], "d.m.Y H:i"); $browsedatafield = $datetimeobj->convert("Y-m-d H:i:s"); $_POST['startdate'] = $browsedatafield; } $insertarray = array('sid' => $surveyid, 'owner_id' => $_SESSION['loginID'], 'admin' => $_POST['admin'], 'active' => 'N', 'expires' => $_POST['expires'], 'startdate' => $_POST['startdate'], 'adminemail' => $_POST['adminemail'], 'bounce_email' => $_POST['bounce_email'], 'anonymized' => $_POST['anonymized'], 'faxto' => $_POST['faxto'], 'format' => $_POST['format'], 'savetimings' => $_POST['savetimings'], 'template' => $_POST['template'], 'language' => $_POST['language'], 'datestamp' => $_POST['datestamp'], 'ipaddr' => $_POST['ipaddr'], 'refurl' => $_POST['refurl'], 'usecookie' => $_POST['usecookie'], 'emailnotificationto' => $_POST['emailnotificationto'], 'allowregister' => $_POST['allowregister'], 'allowsave' => $_POST['allowsave'], 'navigationdelay' => $_POST['navigationdelay'], 'autoredirect' => $_POST['autoredirect'], 'showxquestions' => $_POST['showxquestions'], 'showgroupinfo' => $_POST['showgroupinfo'], 'showqnumcode' => $_POST['showqnumcode'], 'shownoanswer' => $_POST['shownoanswer'], 'showwelcome' => $_POST['showwelcome'], 'allowprev' => $_POST['allowprev'], 'allowjumps' => $_POST['allowjumps'], 'nokeyboard' => $_POST['nokeyboard'], 'showprogress' => $_POST['showprogress'], 'printanswers' => $_POST['printanswers'], 'datecreated' => date("Y-m-d"), 'listpublic' => $_POST['public'], 'htmlemail' => $_POST['htmlemail'], 'tokenanswerspersistence' => $_POST['tokenanswerspersistence'], 'alloweditaftercompletion' => $_POST['alloweditaftercompletion'], 'usecaptcha' => $_POST['usecaptcha'], 'publicstatistics' => $_POST['publicstatistics'], 'publicgraphs' => $_POST['publicgraphs'], 'assessments' => $_POST['assessments'], 'emailresponseto' => $_POST['emailresponseto'], 'tokenlength' => $_POST['tokenlength']); $dbtablename = db_table_name_nq('surveys'); $isquery = $connect->GetInsertSQL($dbtablename, $insertarray); $isresult = $connect->Execute($isquery) or safe_die($isquery . "<br />" . $connect->ErrorMsg()); // Checked // Fix bug with FCKEditor saving strange BR types $_POST['surveyls_title'] = fix_FCKeditor_text($_POST['surveyls_title']); $_POST['description'] = fix_FCKeditor_text($_POST['description']); $_POST['welcome'] = fix_FCKeditor_text($_POST['welcome']); $bplang = new limesurvey_lang($_POST['language']); $aDefaultTexts = aTemplateDefaultTexts($bplang, 'unescaped'); $is_html_email = false; if (isset($_POST['htmlemail']) && $_POST['htmlemail'] == "Y") { $is_html_email = true; $aDefaultTexts['admin_detailed_notification'] = $aDefaultTexts['admin_detailed_notification_css'] . conditional_nl2br($aDefaultTexts['admin_detailed_notification'], $is_html_email, 'unescaped'); } $insertarray = array('surveyls_survey_id' => $surveyid, 'surveyls_language' => $_POST['language'], 'surveyls_title' => $_POST['surveyls_title'], 'surveyls_description' => $_POST['description'], 'surveyls_welcometext' => $_POST['welcome'], 'surveyls_urldescription' => $_POST['urldescrip'], 'surveyls_endtext' => $_POST['endtext'], 'surveyls_url' => $_POST['url'], 'surveyls_email_invite_subj' => $aDefaultTexts['invitation_subject'], 'surveyls_email_invite' => conditional_nl2br($aDefaultTexts['invitation'], $is_html_email, 'unescaped'), 'surveyls_email_remind_subj' => $aDefaultTexts['reminder_subject'], 'surveyls_email_remind' => conditional_nl2br($aDefaultTexts['reminder'], $is_html_email, 'unescaped'), 'surveyls_email_confirm_subj' => $aDefaultTexts['confirmation_subject'], 'surveyls_email_confirm' => conditional_nl2br($aDefaultTexts['confirmation'], $is_html_email, 'unescaped'), 'surveyls_email_register_subj' => $aDefaultTexts['registration_subject'], 'surveyls_email_register' => conditional_nl2br($aDefaultTexts['registration'], $is_html_email, 'unescaped'), 'email_admin_notification_subj' => $aDefaultTexts['admin_notification_subject'], 'email_admin_notification' => conditional_nl2br($aDefaultTexts['admin_notification'], $is_html_email, 'unescaped'), 'email_admin_responses_subj' => $aDefaultTexts['admin_detailed_notification_subject'], 'email_admin_responses' => $aDefaultTexts['admin_detailed_notification'], 'surveyls_dateformat' => $_POST['dateformat'], 'surveyls_numberformat' => $numberformatid); $dbtablename = db_table_name_nq('surveys_languagesettings'); $isquery = $connect->GetInsertSQL($dbtablename, $insertarray); $isresult = $connect->Execute($isquery) or safe_die($isquery . "<br />" . $connect->ErrorMsg()); // Checked unset($bplang); $_SESSION['flashmessage'] = $clang->gT("Survey was successfully added."); // Update survey permissions
function modlabelsetanswers($lid) { global $dbprefix, $connect, $clang, $labelsoutput, $databasetype, $filterxsshtml, $postsortorder; $ajax = false; if (isset($_POST['ajax']) && $_POST['ajax'] == "1") { $ajax = true; } if (!isset($_POST['method'])) { $_POST['method'] = $clang->gT("Save"); } $data = json_decode(html_entity_decode($_POST['dataToSend'], ENT_QUOTES, "UTF-8")); if ($ajax) { $lid = insertlabelset(); } if (count(array_unique($data->{'codelist'})) == count($data->{'codelist'})) { if ($filterxsshtml) { require_once "../classes/inputfilter/class.inputfilter_clean.php"; $myFilter = new InputFilter('', '', 1, 1, 1); } $query = "DELETE FROM " . db_table_name('labels') . " WHERE lid = {$lid}"; $result = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); foreach ($data->{'codelist'} as $index => $codeid) { $codeObj = $data->{$codeid}; $actualcode = db_quoteall($codeObj->{'code'}, true); $codeid = db_quoteall($codeid, true); $assessmentvalue = (int) $codeObj->{'assessmentvalue'}; foreach ($data->{'langs'} as $lang) { $strTemp = 'text_' . $lang; $title = $codeObj->{$strTemp}; if ($filterxsshtml) { $title = $myFilter->process($title); } else { $title = html_entity_decode($title, ENT_QUOTES, "UTF-8"); } // Fix bug with FCKEditor saving strange BR types $title = fix_FCKeditor_text($title); $title = db_quoteall($title, true); $sort_order = db_quoteall($index); $lang = db_quoteall($lang); $query = "INSERT INTO " . db_table_name('labels') . " (lid,code,title,sortorder, assessment_value, language)\n VALUES({$lid},{$actualcode},{$title},{$sort_order},{$assessmentvalue},{$lang})"; $result = db_execute_assoc($query) or safe_die($connect->ErrorMsg()); } } $_SESSION['flashmessage'] = $clang->gT("Labels sucessfully updated"); } else { $labelsoutput .= "<script type=\"text/javascript\">\n<!--\n alert(\"" . $clang->gT("Can't update labels because you are using duplicated codes", "js") . "\")\n //-->\n</script>\n"; } if ($ajax) { die; } }