function survey_funct() { // get global user object global $user; // set connection var global $db; // get current time $time_now = date("Y-m-d H:i:s"); // protect from unauthorized access if (!isset($user) or !isset($_POST['formSurveyFunction'])) { logout(); die; } // set empty survey $session_survey = new Survey(); $session_survey = get_session_survey(); $survey_id = $_POST['formSurveyFunction']; if ($survey_id != "") { $session_survey->get_from_db($survey_id); } // get the function $function = ''; foreach ($_POST as $key => $post) { if ($post != $survey_id) { $function = substr($key, 10); } } if ($function == 'Print') { $_SESSION['survey_id'] = $survey_id; header('location: ' . ROOT_DIR . '?print=survey_print'); die; } elseif ($function == 'Remove') { if ($session_survey->getId() != NULL) { //query to delete survey $session_survey->setIsActive(0); $session_survey->update_in_db(); } $cookie_key = 'msg'; $cookie_value = 'Вие успешно изтрихте Ваша анкета!'; setcookie($cookie_key, $cookie_value, time() + 1); header('Location: ' . ROOT_DIR . '?page=admin_survey'); die; } elseif ($function == 'Reset') { if (isset($_SESSION['session_survey'])) { unset($_SESSION['session_survey']); } if (isset($_SESSION['session_groups'])) { unset($_SESSION['session_groups']); } if (isset($_SESSION['session_answers'])) { unset($_SESSION['session_answers']); } if (isset($_SESSION['session_question'])) { unset($_SESSION['session_question']); } header('location: ' . ROOT_DIR . '?page=survey_edit'); die; } elseif ($function == 'Edit') { // check if post a survey id and asign if (!isset($_POST['formSurveyFunction'])) { // or go back $cookie_key = 'msg'; $cookie_value = 'Не е избрана анкета!'; setcookie($cookie_key, $cookie_value, time() + 1); header('Location: ' . ROOT_DIR . '?page=admin_survey'); die; } $session_survey->get_from_db(intval($_POST['formSurveyFunction'])); // check for illegal access if ($session_survey->getCreatedBy() != $user->getId() && $user->getAdmin() != 1) { error('Опит за неоторизиран достъп!'); $cookie_key = 'msg'; $cookie_value = 'Опит за неоторизиран достъп!'; setcookie($cookie_key, $cookie_value, time() + 1); header('Location: ' . ROOT_DIR . '?page=admin_survey'); die; } $_SESSION['session_survey'] = serialize($session_survey); $session_groups = array(); $session_groups['type'] = ''; $session_groups['student'] = get_survey_student_groups($session_survey->getId()); $session_groups['staff'] = get_survey_staff_groups($session_survey->getId()); $session_groups['local'] = get_survey_local_groups($session_survey->getId()); $_SESSION['session_groups'] = serialize($session_groups); $cookie_key = 'msg'; $cookie_value = 'Вие избрахте анкета за редакция!'; setcookie($cookie_key, $cookie_value, time() + 1); header('Location: ' . ROOT_DIR . '?page=survey_edit'); die; } elseif ($function == 'Save') { // check for answers $session_answers = array(); $session_answers = get_session_answers(); $available_from = $_POST['formSurveyFromDate'] . " " . $_POST['formSurveyFromHour'] . ":00"; $available_due = $_POST['formSurveyDueDate'] . " " . $_POST['formSurveyDueHour'] . ":00"; $title = $_POST['formSurveyTitle']; $status = $_POST['formSurveyStatus']; $session_survey->setIsActive(1); $session_survey->setCreatedOn($time_now); $session_survey->setLastEditedOn($time_now); $session_survey->setAvailableFrom($available_from); $session_survey->setAvailableDue($available_due); $session_survey->setTitle(htmlspecialchars($title)); $session_survey->setStatus($status); $_SESSION['session_survey'] = serialize($session_survey); // check for groups $session_groups = array(); $session_groups = get_session_groups(); if (empty($session_groups['student']) && empty($session_groups['staff']) && empty($session_groups['staff_departments']) && empty($session_groups['local'])) { $cookie_key = 'msg'; $cookie_value = 'Моля, добавете поне една анкетна група!'; setcookie($cookie_key, $cookie_value, time() + 1); header('Location: ' . ROOT_DIR . '?page=survey_edit'); die; } if (isset($session_groups['staff_departments']) && is_array($session_groups['staff_departments'])) { if (is_array($session_groups['staff'])) { $session_groups['staff'] = array_merge($session_groups['staff'], $session_groups['staff_departments']); } else { $session_groups['staff'] = $session_groups['staff_departments']; } } $session_survey->setStudentGroups(serialize($session_groups['student'])); $session_survey->setStaffGroups(serialize($session_groups['staff'])); $session_survey->setLocalGroups(serialize($session_groups['local'])); if ($session_survey->getId() != NULL) { $session_survey->update_in_db(); $_SESSION['session_survey'] = serialize($session_survey); $cookie_key = 'msg'; $cookie_value = 'Вие успешно добавихте/редактирахте анкета!'; setcookie($cookie_key, $cookie_value, time() + 1); header('Location: ' . ROOT_DIR . '?page=survey_edit'); die; } else { $cookie_key = 'msg'; $cookie_value = 'Моля, добавете поне един елемент към анкетата!'; setcookie($cookie_key, $cookie_value, time() + 1); header('Location: ' . ROOT_DIR . '?page=survey_edit'); die; } unset($_SESSION['session_groups']); } elseif ($function == 'VoteDelete') { if (!isset($_SESSION['session_user']) || !isset($_SESSION['session_user'])) { logout(); die; } $survey_id = $_POST['formSurveyFunction']; $session_user = new User(); $session_user = unserialize($_SESSION['session_user']); $user_id = $session_user->getId(); $time_now = date("Y-m-d H:i:s"); $sql = "UPDATE votes\r\n SET is_active = '0'\r\n last_edited_ob = '{$time_now}'\r\n WHERE is_active = '1'\r\n AND user_id = '{$user_id}'\r\n AND survey_id = '{$survey_id}'"; try { $db->exec($sql); $info = "Delete vote in db for user:"******" for survey: {$survey_id}"; info($info); } catch (PDOException $e) { $error = "Delete vote in db error:" . $e->getTraceAsString(); error($error); } $cookie_key = 'msg'; $cookie_value = 'Вие успешно изтрихте вот на потребителя!'; setcookie($cookie_key, $cookie_value, time() + 1); header('Location: ' . ROOT_DIR . '?page=survey_user'); die; } elseif ($function == 'UserView') { $survey_id = $_POST['formSurveyFunction']; $_SESSION['surveyUserViewSurveyId'] = $survey_id; var_dump($_SESSION); header('Location: ' . ROOT_DIR . '?page=survey'); die; } elseif ($function == 'UserVote') { $survey_id = $_POST['formSurveyFunction']; $_SESSION['surveyUserViewSurveyId'] = $survey_id; var_dump($_SESSION); header('Location: ' . ROOT_DIR . '?page=survey'); die; } elseif ($function == 'PrintExcel') { // get global user object global $user; // get survey id $survey_id = $_POST['formSurveyFunction']; // check if the user is the surveyCreator or systemAdmin $survey = new Survey(); $survey->get_from_db($survey_id); if (intval($survey->getCreatedBy()) != $user->getId() && $user->getAdmin() != 1) { logout(); die; } header('Location: ' . ROOT_DIR . 'functions/print/excel/surveyReport.php?survey_id=' . $survey_id); die; } elseif ($function == 'UserVoteDelele') { // get global user object global $user; // secure the function if ($user->getAdmin() != 1) { logout(); die; } $user_id = $_GET['user_id']; $survey_id = $_POST['formSurveyFunction']; $surveyFunctions = new SurveyFunctions(); $surveyFunctions->get_from_db($survey_id); $surveyVotes = array(); $surveyVotes = $surveyFunctions->getVotesByUser($user_id); $user = new User(); $user->get_from_db($user_id); if (!empty($surveyVotes)) { foreach ($surveyVotes as $surveyVoteId) { $surveyVote = new Vote(); $surveyVote->get_from_db($surveyVoteId); $surveyVote->setIsActive(0); $surveyVote->update_in_db(); } $cookieKey = 'msg'; $cookieValue = 'Гласуването на съответния потребител беше успешно изтрито!'; setcookie($cookieKey, $cookieValue, time() + 1); header('Location: ' . ROOT_DIR . '?page=admin_system_user_edit'); die; } $cookieKey = 'msg'; $cookieValue = 'Няма налично гласуването за съответния потребител!'; setcookie($cookieKey, $cookieValue, time() + 1); header('Location: ' . ROOT_DIR . '?page=admin_system_user_edit'); die; } die; }
<?php // get session vars global $user; $session_survey = new Survey(); $session_question = new Question(); $session_groups = array(); $session_answers = array(); $session_survey = get_session_survey(); $session_question = get_session_question(); $session_groups = get_session_groups(); $session_answers = get_session_answers(); ?> <script type="text/javascript" src="<?php echo ROOT_DIR; ?> js/jquery-1.9.1.js"></script> <script type="text/javascript" src="<?php echo ROOT_DIR; ?> js/jquery-ui.js"></script> <div class="ac"> <div class="accordion"> <h3 class="no-float ac" id="survey_data"><?php echo SURVEY_QUESTION_PAGE_SURVEY_DATA; ?> </h3> <div class="ac"> <form id="formSurvey" class="form ac" action="<?php echo ROOT_DIR . '?page=survey_edit&funct=survey_funct';