private function storeAnswer($primkey, $variable, $answer, $striptags = true) { global $engine; $localdb = null; if (Config::useTransactions() == true) { global $transdb; $localdb = $transdb; } else { global $db; $localdb = $db; } $dirty = $this->getDirty(); $prim = $primkey; $var = $variable; //$engine->prefixVariableName($variable); $ans = $answer; if ($ans == "" && $ans !== 0) { // preserve '0' as answer $ans = null; } $version = getSurveyVersion(); $language = getSurveyLanguage(); $mode = getSurveyMode(); $suid = getSurvey(); // set session language/mode here if changed through routing! if ($ans != null) { if (strtoupper($variable) == strtoupper(VARIABLE_LANGUAGE)) { $_SESSION['PARAMS'][SESSION_PARAM_LANGUAGE] = $ans; } else { if (strtoupper($variable) == strtoupper(VARIABLE_MODE)) { $_SESSION['PARAMS'][SESSION_PARAM_MODE] = $ans; } else { if (strtoupper($variable) == strtoupper(VARIABLE_VERSION)) { $_SESSION['PARAMS'][SESSION_PARAM_VERSION] = $ans; } else { if (strtoupper($variable) == strtoupper(VARIABLE_TEMPLATE)) { $_SESSION['PARAMS'][SESSION_PARAM_TEMPLATE] = $ans; } } } } } /* set attributes for data record processing in export */ $this->suid = $suid; $this->primkey = $prim; $this->language = $language; $this->mode = $mode; $this->version = $version; $this->ts = date("Y-m-d h:i:s", time()); if (Config::prepareDataQueries() == false) { global $survey; $key = $survey->getDataEncryptionKey(); if ($ans == null && $ans !== 0) { $answer = 'null'; } else { $answer = '"' . prepareDatabaseString($ans, $striptags) . '"'; if ($key != "") { $answer = "aes_encrypt('" . prepareDatabaseString($ans, $striptags) . "', '" . $key . "')"; } } $queryparams = 'suid, primkey, variablename, answer, dirty, version, language, mode'; $queryvalues = prepareDatabaseString($suid); $queryvalues .= ",'" . prepareDatabaseString($prim) . "'"; $queryvalues .= ",'" . prepareDatabaseString($var) . "'"; $queryvalues .= "," . $answer; $queryvalues .= "," . prepareDatabaseString($dirty); $queryvalues .= "," . prepareDatabaseString($version); $queryvalues .= "," . prepareDatabaseString($language); $queryvalues .= "," . prepareDatabaseString($mode); $query = 'REPLACE INTO ' . Config::dbSurveyData() . '_data (' . $queryparams . ') VALUES (' . $queryvalues . ')'; //echo $query; if ($localdb->executeQuery($query)) { $this->variable["answer"] = $ans; // hook for extra storage if (function_exists("storeAnswerExtra")) { storeAnswerExtra($query); } return true; } return false; } else { $bp = new BindParam(); $bp->add(MYSQL_BINDING_STRING, $suid); $bp->add(MYSQL_BINDING_STRING, $prim); $bp->add(MYSQL_BINDING_STRING, $var); $bp->add(MYSQL_BINDING_STRING, $ans); $bp->add(MYSQL_BINDING_INTEGER, $dirty); $bp->add(MYSQL_BINDING_INTEGER, $version); $bp->add(MYSQL_BINDING_INTEGER, $language); $bp->add(MYSQL_BINDING_INTEGER, $mode); global $survey; $key = $survey->getDataEncryptionKey(); $answer = "?"; if ($key != "") { $answer = "aes_encrypt(?, '" . $key . "')"; } $queryparams = 'suid, primkey, variablename, answer, dirty, version, language, mode'; $queryvalues = '?,?,?,' . $answer . ',?,?,?,?'; $query = 'REPLACE INTO ' . Config::dbSurveyData() . '_data (' . $queryparams . ') VALUES (' . $queryvalues . ')'; if ($localdb->executeBoundQuery($query, $bp->get())) { $this->variable["answer"] = $ans; // hook for extra storage if (function_exists("storeAnswerExtra")) { storeAnswerExtra($queryparams, $queryvalues, $bp); } return true; } return false; } }
function showQuestion($variablename, $rgid, $template = "") { /* log entry (single entry for all variable(s) * in case of a group statement) */ $this->logAction($rgid, ACTION_ENTRY); /* update state */ $this->setDisplayed($variablename); $this->setRgid($rgid); $this->setTemplate($template); /* update state for sub display info */ $this->setSubDisplays($this->getSubDisplays()); /* unlock */ $this->unlock(); /* show question(s) */ /* ini_set('output_buffering', 'off'); ini_set('zlib.output_compression', false); while (@ob_end_flush()); ini_set('implicit_flush', true); ob_implicit_flush(true); header('Content-type: text/plain'); header('Cache-control: no-cache'); $multiplier = 8; $size = 1024 * $multiplier; for ($i = 1; $i <= $size; $i++) { echo "."; } */ /* DATA FLOODER, then no need to build the screen */ if ($this->getFlooding() == true) { return; } //ob_flush(); //flush(); header("X-XSS-Protection: 0"); // for chrome xx protection feature echo $this->display->showQuestion($variablename, $rgid, $template); // using transactions, then commit now after we started outputting if (Config::useTransactions() == true) { doCommit(); } }
} echo "<html><body><font face=arial>NubiS could not locate its configuration file (conf.php).</font></body></html>"; doExit(); } else { $contents = file_get_contents("errorsms.html"); if ($contents != "") { echo str_replace('$Error$', 'NubiS could not access the database. <br/>Please verify your configuration settings in the conf.php file.', $contents); doExit(); } echo "<html><body><font face=arial>NubiS could not access the database. Please verify your configuration settings in the conf.php file.</font></body></html>"; doExit(); } } } } if ($_SESSION['SYSTEM_ENTRY'] != USCIC_SMS && Config::useTransactions() == true) { $transdb = new Database(); $transdb->beginTransaction(); } ini_set("error_reporting", "ALL"); /* startup */ require 'action.php'; require 'login.php'; /* SMS admin extensions */ if ($_SESSION['SYSTEM_ENTRY'] == USCIC_SMS) { require 'sms.php'; require 'sysadmin.php'; require "compiler.php"; require "checker.php"; require "track.php"; require 'supervisor.php';