function showsaveform()
{
//Show 'SAVE FORM' only when click the 'Save so far' button the first time, or when duplicate is found on SAVE FORM.
global $thistpl, $errormsg, $thissurvey, $surveyid, $clang, $clienttoken, $relativeurl, $thisstep;
sendcacheheaders();
doHeader();
foreach (file("{$thistpl}/startpage.pstpl") as $op) {
echo templatereplace($op);
}
echo "\n\n<!-- JAVASCRIPT FOR CONDITIONAL QUESTIONS -->\n" . "\t<script type='text/javascript'>\n" . "\t<!--\n" . "function checkconditions(value, name, type, evt_type)\n" . "\t{\n" . "\t}\n" . "\t//-->\n" . "\t</script>\n\n";
echo "<form method='post' action='{$relativeurl}/index.php'>\n";
//PRESENT OPTIONS SCREEN
if (isset($errormsg) && $errormsg != "") {
$errormsg .= "<p>" . $clang->gT("Please try again.") . "</p>";
}
foreach (file("{$thistpl}/save.pstpl") as $op) {
echo templatereplace($op);
}
//END
echo "<input type='hidden' name='sid' value='{$surveyid}' />\n";
echo "<input type='hidden' name='thisstep' value='", $thisstep, "' />\n";
echo "<input type='hidden' name='token' value='", $clienttoken, "' />\n";
echo "<input type='hidden' name='saveprompt' value='Y' />\n";
echo "</form>";
foreach (file("{$thistpl}/endpage.pstpl") as $op) {
echo templatereplace($op);
}
echo "</html>\n";
exit;
}
/*
* LimeSurvey
* Copyright (C) 2007 The LimeSurvey Project Team / Carsten Schmitz
* All rights reserved.
* License: GNU/GPL License v2 or later, see LICENSE.php
* LimeSurvey is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*
* $Id: listcolumn.php 11664 2011-12-16 05:19:42Z tmswhite $
*/
include_once "login_check.php";
sendcacheheaders();
if (!isset($surveyid)) {
$surveyid = returnglobal('sid');
}
if (!isset($column)) {
$column = returnglobal('column');
}
if (!isset($order)) {
$order = returnglobal('order');
}
if (!isset($sql)) {
$sql = $_SESSION['sql'];
}
if (!$surveyid) {
//NOSID
exit;
function createinsertquery()
{
global $thissurvey, $timeadjust, $move, $thisstep;
global $deletenonvalues, $thistpl;
global $surveyid, $connect, $clang, $postedfieldnames, $bFinalizeThisAnswer;
require_once "classes/inputfilter/class.inputfilter_clean.php";
$myFilter = new InputFilter('', '', 1, 1, 1);
$fieldmap = createFieldMap($surveyid);
//Creates a list of the legitimate questions for this survey
if (isset($_SESSION['insertarray']) && is_array($_SESSION['insertarray'])) {
$inserts = array_unique($_SESSION['insertarray']);
$colnames_hidden = array();
foreach ($inserts as $value) {
//Work out if the field actually exists in this survey
$fieldexists = '';
if (isset($fieldmap[$value])) {
$fieldexists = $fieldmap[$value];
}
//Iterate through possible responses
if (isset($_SESSION[$value]) && !empty($fieldexists)) {
//Only create column name and data entry if there is actually data!
$colnames[] = $value;
//If deletenonvalues is ON, delete any values that shouldn't exist
if ($deletenonvalues == 1 && !checkconfield($value)) {
$values[] = 'NULL';
$colnames_hidden[] = $value;
} elseif ($_SESSION[$value] == '' && $fieldexists['type'] == 'D' || $_SESSION[$value] == '' && $fieldexists['type'] == 'K' || $_SESSION[$value] == '' && $fieldexists['type'] == 'N') {
// most databases do not allow to insert an empty value into a datefield,
// therefore if no date was chosen in a date question the insert value has to be NULL
$values[] = 'NULL';
} else {
// Empty the 'Other' field if a value other than '-oth-' was set for the main field (prevent invalid other values being saved - for example if Javascript fails to hide the 'Other' input field)
if ($fieldexists['type'] == '!' && $fieldmap[$value]['aid'] == 'other' && isset($_POST[substr($value, 0, strlen($value) - 5)]) && $_POST[substr($value, 0, strlen($value) - 5)] != '-oth-') {
$_SESSION[$value] = '';
} elseif ($fieldexists['type'] == 'N') {
$_SESSION[$value] = sanitize_float($_SESSION[$value]);
} elseif ($fieldexists['type'] == 'D' && is_array($postedfieldnames) && in_array($value, $postedfieldnames)) {
// convert the date to the right DB Format but only if it was posted
$dateformatdatat = getDateFormatData($thissurvey['surveyls_dateformat']);
$datetimeobj = new Date_Time_Converter($_SESSION[$value], $dateformatdatat['phpdate']);
$_SESSION[$value] = $datetimeobj->convert("Y-m-d");
$_SESSION[$value] = $connect->BindDate($_SESSION[$value]);
}
$values[] = $connect->qstr($_SESSION[$value], get_magic_quotes_gpc());
}
}
}
if ($thissurvey['datestamp'] == "Y") {
$_SESSION['datestamp'] = date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust);
}
// First compute the submitdate
if ($thissurvey['private'] == "Y" && $thissurvey['datestamp'] == "N") {
// In case of anonymous answers survey with no datestamp
// then the the answer submutdate gets a conventional timestamp
// 1st Jan 1980
$mysubmitdate = date("Y-m-d H:i:s", mktime(0, 0, 0, 1, 1, 1980));
} else {
$mysubmitdate = date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust);
}
// CHECK TO SEE IF ROW ALREADY EXISTS
// srid (=Survey Record ID ) is set when the there were already answers saved for that survey
if (!isset($_SESSION['srid'])) {
//Prepare row insertion
if (!isset($colnames) || !is_array($colnames)) {
echo submitfailed();
exit;
}
// INSERT NEW ROW
$query = "INSERT INTO " . db_quote_id($thissurvey['tablename']) . "\n" . "(" . implode(', ', array_map('db_quote_id', $colnames));
$query .= "," . db_quote_id('lastpage');
if ($thissurvey['datestamp'] == "Y") {
$query .= "," . db_quote_id('datestamp');
$query .= "," . db_quote_id('startdate');
}
if ($thissurvey['ipaddr'] == "Y") {
$query .= "," . db_quote_id('ipaddr');
}
$query .= "," . db_quote_id('startlanguage');
if ($thissurvey['refurl'] == "Y") {
$query .= "," . db_quote_id('refurl');
}
if ($bFinalizeThisAnswer === true && $thissurvey['format'] != "A") {
$query .= "," . db_quote_id('submitdate');
}
$query .= ") ";
$query .= "VALUES (" . implode(", ", $values);
$query .= "," . ($thisstep + 1);
if ($thissurvey['datestamp'] == "Y") {
$query .= ", '" . $_SESSION['datestamp'] . "'";
$query .= ", '" . $_SESSION['datestamp'] . "'";
}
if ($thissurvey['ipaddr'] == "Y") {
$query .= ", '" . $_SERVER['REMOTE_ADDR'] . "'";
}
$query .= ", '" . $_SESSION['s_lang'] . "'";
if ($thissurvey['refurl'] == "Y") {
$query .= ", '" . $_SESSION['refurl'] . "'";
}
if ($bFinalizeThisAnswer === true && $thissurvey['format'] != "A") {
// is if a ALL-IN-ONE survey, we don't set the submit date before the data is validated
$query .= ", " . $connect->DBDate($mysubmitdate);
}
$query .= ")";
} else {
// UPDATE EXISTING ROW
// Updates only the MODIFIED fields posted on current page.
if (isset($postedfieldnames) && $postedfieldnames) {
$query = "UPDATE {$thissurvey['tablename']} SET ";
$query .= " lastpage = '" . $thisstep . "',";
if ($thissurvey['datestamp'] == "Y") {
$query .= " datestamp = '" . $_SESSION['datestamp'] . "',";
}
if ($thissurvey['ipaddr'] == "Y") {
$query .= " ipaddr = '" . $_SERVER['REMOTE_ADDR'] . "',";
}
// is if a ALL-IN-ONE survey, we don't set the submit date before the data is validated
if ($bFinalizeThisAnswer === true && $thissurvey['format'] != "A") {
$query .= " submitdate = " . $connect->DBDate($mysubmitdate) . ", ";
}
// Resets fields hidden due to conditions
if ($deletenonvalues == 1) {
$hiddenfields = array_unique(array_values($colnames_hidden));
foreach ($hiddenfields as $hiddenfield) {
//$fieldinfo = arraySearchByKey($hiddenfield, $fieldmap, "fieldname", 1);
//if ($fieldinfo['type']=='D' || $fieldinfo['type']=='N' || $fieldinfo['type']=='K')
//{
$query .= db_quote_id($hiddenfield) . " = NULL,";
//}
//else
//{
// $query .= db_quote_id($hiddenfield)." = '',";
//}
}
} else {
$hiddenfields = array();
}
$fields = $postedfieldnames;
$fields = array_unique($fields);
$fields = array_diff($fields, $hiddenfields);
// Do not take fields that are hidden
foreach ($fields as $field) {
if (!empty($field)) {
$fieldinfo = $fieldmap[$field];
if (!isset($_POST[$field])) {
$_POST[$field] = '';
}
//fixed numerical question fields. They have to be NULL instead of '' to avoid database errors
if ($_POST[$field] == '' && $fieldinfo['type'] == 'D' || $_POST[$field] == '' && $fieldinfo['type'] == 'N' || $_POST[$field] == '' && $fieldinfo['type'] == 'K') {
$query .= db_quote_id($field) . " = NULL,";
} else {
// Empty the 'Other' field if a value other than '-oth-' was set for the main field (prevent invalid other values being saved - for example if Javascript fails to hide the 'Other' input field)
if ($fieldinfo['type'] == '!' && $fieldmap[$field]['aid'] == 'other' && $_POST[substr($field, 0, strlen($field) - 5)] != '-oth-') {
$qfield = "''";
} elseif ($fieldinfo['type'] == 'N') {
$qfield = db_quoteall(sanitize_float($_POST[$field]));
} elseif ($fieldinfo['type'] == 'D') {
$dateformatdatat = getDateFormatData($thissurvey['surveyls_dateformat']);
$datetimeobj = new Date_Time_Converter($_POST[$field], $dateformatdatat['phpdate']);
$qfield = db_quoteall($connect->BindDate($datetimeobj->convert("Y-m-d")));
} else {
$qfield = db_quoteall($_POST[$field], true);
}
$query .= db_quote_id($field) . " = " . $qfield . ",";
}
}
}
$query .= "WHERE id=" . $_SESSION['srid'];
$query = str_replace(",WHERE", " WHERE", $query);
// remove comma before WHERE clause
} else {
$query = "";
if ($bFinalizeThisAnswer === true) {
$query = "UPDATE {$thissurvey['tablename']} SET ";
$query .= " submitdate = " . $connect->DBDate($mysubmitdate);
$query .= " WHERE id=" . $_SESSION['srid'];
}
}
}
//DEBUG START
//echo $query;
//DEBUG END
return $query;
} else {
sendcacheheaders();
doHeader();
foreach (file("{$thistpl}/startpage.pstpl") as $op) {
echo templatereplace($op);
}
echo "<br /><center><font face='verdana' size='2'><font color='red'><strong>" . $clang->gT("Error") . "</strong></font><br /><br />\n";
echo $clang->gT("Cannot submit results - there are none to submit.") . "<br /><br />\n";
echo "<font size='1'>" . $clang->gT("This error can occur if you have already submitted your responses and pressed 'refresh' on your browser. In this case, your responses have already been saved.") . "<br /><br />" . $clang->gT("If you receive this message in the middle of completing a survey, you should choose '<- BACK' on your browser and then refresh/reload the previous page. While you will lose answers from the last page all your others will still exist. This problem can occur if the webserver is suffering from overload or excessive use. We apologise for this problem.") . "<br />\n";
echo "</font></center><br /><br />";
exit;
}
}
/**
* check_quota() returns quota information for the current survey
* @param string $checkaction - action the function must take after completing:
* enforce: Enforce the quota action
* return: Return the updated quota array from getQuotaAnswers()
* @param string $surveyid - Survey identification number
* @return array - nested array, Quotas->Members->Fields, includes quota status and which members matched in session.
*/
function check_quota($checkaction, $surveyid)
{
if (!isset($_SESSION['s_lang'])) {
return;
}
global $thistpl, $clang, $clienttoken, $publicurl;
$global_matched = false;
$quota_info = getQuotaInformation($surveyid, $_SESSION['s_lang']);
$x = 0;
if (count($quota_info) > 0) {
// Check each quota on saved data to see if it is full
$querycond = array();
foreach ($quota_info as $quota) {
if (count($quota['members']) > 0) {
$fields_list = array();
// Keep a list of fields for easy reference
$y = 0;
// We need to make the conditions for the select statement here
// I'm supporting more than one field for a question/answer, not sure if this is necessary.
unset($querycond);
foreach ($quota['members'] as $member) {
$fields_query = array();
$select_query = " (";
foreach ($member['fieldnames'] as $fieldname) {
$fields_list[] = $fieldname;
$fields_query[] = db_quote_id($fieldname) . " = '{$member['value']}'";
// Check which quota fields and codes match in session, for later use.
// Incase of multiple fields for an answer - only needs to match once.
if (isset($_SESSION[$fieldname]) && $_SESSION[$fieldname] == $member['value']) {
$quota_info[$x]['members'][$y]['insession'] = "true";
}
}
$select_query .= implode(' OR ', $fields_query) . ' )';
$querycond[] = $select_query;
unset($fields_query);
$y++;
}
// Lets only continue if any of the quota fields is in the posted page
$matched_fields = false;
if (isset($_POST['fieldnames'])) {
$posted_fields = explode("|", $_POST['fieldnames']);
foreach ($fields_list as $checkfield) {
if (in_array($checkfield, $posted_fields)) {
$matched_fields = true;
$global_matched = true;
}
}
}
// A field was submitted that is part of the quota
if ($matched_fields == true) {
// Check the status of the quota, is it full or not
$querysel = "SELECT id FROM " . db_table_name('survey_' . $surveyid) . "\n\t\t\t\t\t WHERE " . implode(' AND ', $querycond) . " " . "\n\t\t\t\t\t\t\t\t AND submitdate IS NOT NULL";
$result = db_execute_assoc($querysel) or safe_die($connect->ErrorMsg());
//Checked
$quota_check = $result->FetchRow();
if ($result->RecordCount() >= $quota['Limit']) {
// Now we have to check if the quota matches in the current session
// This will let us know if this person is going to exceed the quota
$counted_matches = 0;
foreach ($quota_info[$x]['members'] as $member) {
if (isset($member['insession']) && $member['insession'] == "true") {
$counted_matches++;
}
}
if ($counted_matches == count($quota['members'])) {
// They are going to exceed the quota if data is submitted
$quota_info[$x]['status'] = "matched";
} else {
$quota_info[$x]['status'] = "notmatched";
}
} else {
// Quota is no in danger of being exceeded.
$quota_info[$x]['status'] = "notmatched";
}
}
}
$x++;
}
} else {
return false;
}
// Now we have all the information we need about the quotas and their status.
// Lets see what we should do now
if ($checkaction == 'return') {
return $quota_info;
} else {
if ($global_matched == true && $checkaction == 'enforce') {
// Need to add quota action enforcement here.
reset($quota_info);
$tempmsg = "";
$found = false;
foreach ($quota_info as $quota) {
if (isset($quota['status']) && $quota['status'] == "matched" && (isset($quota['Action']) && $quota['Action'] == "1")) {
// If a token is used then mark the token as completed
if (isset($clienttoken) && $clienttoken) {
submittokens(true);
}
session_destroy();
sendcacheheaders();
if ($quota['AutoloadUrl'] == 1 && $quota['Url'] != "") {
header("Location: " . $quota['Url']);
}
doHeader();
echo templatereplace(file_get_contents("{$thistpl}/startpage.pstpl"));
echo "\t<div class='quotamessage'>\n";
echo "\t" . $quota['Message'] . "<br /><br />\n";
echo "\t<a href='" . $quota['Url'] . "'>" . $quota['UrlDescrip'] . "</a><br />\n";
echo "\t</div>\n";
echo templatereplace(file_get_contents("{$thistpl}/endpage.pstpl"));
doFooter();
exit;
}
if (isset($quota['status']) && $quota['status'] == "matched" && (isset($quota['Action']) && $quota['Action'] == "2")) {
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents("{$thistpl}/startpage.pstpl"));
echo "\t<div class='quotamessage'>\n";
echo "\t" . $quota['Message'] . "<br /><br />\n";
echo "\t<a href='" . $quota['Url'] . "'>" . $quota['UrlDescrip'] . "</a><br />\n";
echo "<form method='post' action='{$publicurl}/index.php' id='limesurvey' name='limesurvey'><input type=\"hidden\" name=\"move\" value=\"movenext\" id=\"movenext\" /><input class='submit' accesskey='p' type='button' onclick=\"javascript:document.limesurvey.move.value = 'moveprev'; document.limesurvey.submit();\" value=' << " . $clang->gT("Previous") . " ' name='move2' />\n\t\t\t\t\t<input type='hidden' name='thisstep' value='" . $_SESSION['step'] . "' id='thisstep' />\n\t\t\t\t\t<input type='hidden' name='sid' value='" . returnglobal('sid') . "' id='sid' />\n\t\t\t\t\t<input type='hidden' name='token' value='" . $clienttoken . "' id='token' /></form>\n";
echo "\t</div>\n";
echo templatereplace(file_get_contents("{$thistpl}/endpage.pstpl"));
doFooter();
exit;
}
}
} else {
// Unknown value
return false;
}
}
}
/**
* Shows the welcome page, used in group by group and question by question mode
*/
function display_first_page()
{
global $clang, $thistpl, $token, $surveyid, $thissurvey, $navigator, $publicurl;
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents("{$thistpl}/startpage.pstpl"));
echo "\n<form method='post' action='{$publicurl}/index.php' id='limesurvey' name='limesurvey' autocomplete='off'>\n";
echo "\n\n<!-- START THE SURVEY -->\n";
echo templatereplace(file_get_contents("{$thistpl}/welcome.pstpl")) . "\n";
if ($thissurvey['anonymized'] == "Y") {
echo templatereplace(file_get_contents("{$thistpl}/privacy.pstpl")) . "\n";
}
$navigator = surveymover();
echo templatereplace(file_get_contents("{$thistpl}/navigator.pstpl"));
if ($thissurvey['active'] != "Y") {
echo "<p style='text-align:center' class='error'>" . $clang->gT("This survey is currently not active. You will not be able to save your responses.") . "</p>\n";
}
echo "\n<input type='hidden' name='sid' value='{$surveyid}' id='sid' />\n";
if (isset($token) && !empty($token)) {
echo "\n<input type='hidden' name='token' value='{$token}' id='token' />\n";
}
echo "\n<input type='hidden' name='lastgroupname' value='_WELCOME_SCREEN_' id='lastgroupname' />\n";
//This is to ensure consistency with mandatory checks, and new group test
$loadsecurity = returnglobal('loadsecurity');
if (isset($loadsecurity)) {
echo "\n<input type='hidden' name='loadsecurity' value='{$loadsecurity}' id='loadsecurity' />\n";
}
echo "\n</form>\n";
echo templatereplace(file_get_contents("{$thistpl}/endpage.pstpl"));
doFooter();
}
function display_first_page()
{
global $clang, $thistpl, $token, $surveyid, $thissurvey, $navigator, $publicurl;
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents("{$thistpl}/startpage.pstpl"));
echo "\n<form method='post' action='{$publicurl}/index.php' id='limesurvey' name='limesurvey' autocomplete='off'>\n";
echo "\n\n<!-- START THE SURVEY -->\n";
echo templatereplace(file_get_contents("{$thistpl}/welcome.pstpl")) . "\n";
if ($thissurvey['private'] == "Y") {
echo templatereplace(file_get_contents("{$thistpl}/privacy.pstpl")) . "\n";
}
$navigator = surveymover();
echo templatereplace(file_get_contents("{$thistpl}/navigator.pstpl"));
if ($thissurvey['active'] != "Y") {
echo "<center><font color='red' size='2'>" . $clang->gT("This survey is not currently active. You will not be able to save your responses.") . "</font></center>\n";
}
echo "\n<input type='hidden' name='sid' value='{$surveyid}' id='sid' />\n";
echo "\n<input type='hidden' name='token' value='{$token}' id='token' />\n";
echo "\n<input type='hidden' name='lastgroupname' value='_WELCOME_SCREEN_' id='lastgroupname' />\n";
//This is to ensure consistency with mandatory checks, and new group test
echo "\n</form>\n";
echo templatereplace(file_get_contents("{$thistpl}/endpage.pstpl"));
doFooter();
}
