public function DoReg()
{
$fname = Database::prepData($_POST['first_name']);
$lname = Database::prepData($_POST['last_name']);
$email = Database::prepData($_POST['email']);
$pass1 = Database::prepData($_POST['password']);
$pass2 = Database::prepData($_POST['password2']);
$phone = Database::prepData($_POST['phone']);
$gender = Database::prepData($_POST['gender']);
//Validation for email and password
if ($pass1 != $pass2) {
$_SESSION['err'][] = "<li>Passwords do not match! </li>";
}
if ($this->emailExits($email)) {
$_SESSION['err'][] = "<li>Email already exists! </li>";
}
//Add new user if there are no errors
if (count($_SESSION['err']) == 0) {
$pass = md5($pass1);
$code = randomkey();
$sql = "INSERT INTO `user`(`first_name`, `last_name`, `email`, `password`, `phone`, `is_activated`, `user_category_id`, `gender`,activation_code) VALUES('{$fname}','{$lname}','{$email}','{$pass}',{$phone}',0,2,'{$gender}','{$code}')";
Database::performQuery($sql);
$_SESSION['name'] = $fname . ' ' . $lname;
$_SESSION['email'] = $email1;
$_SESSION['user_id'] = self::SetUserId($email);
$_SESSION['live'] = 1;
redirect_to(BASE_URL . '/?go=regPhoto');
} else {
redirect_to(BASE_URL . '/?go=reg');
}
}
/**
* The new one...
* * Function to insert Participant data while auto creating token if non is supported...
* @param $sUser
* @param $sPass
* @param $iVid
* @param $sParticipantData (FIRSTNAME;LASTNAME;EMAIL;LANG;TOKEN;VALIDFROM;VALIDTO;attrib1,attrib2,attrib3,attrib4,attrib5::)
* @return unknown_type
*/
function insertParticipants($iVid, $sParticipantData)
{
global $connect;
global $dbprefix;
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
include "lsrc.config.php";
//$this = new lsrcHelper();
// check for appropriate rights
// if(!$this->checkUser($sUser, $sPass))
// {
// throw new SoapFault("Authentication: ", "User or password wrong");
// exit;
// }
$this->debugLsrc("wir sind in " . __FUNCTION__ . " Line " . __LINE__ . ", {$iVid}, {$sParticipantData} ");
// check if there is a $iVid, else abort
if (!isset($iVid) || $iVid == '' || $iVid == 0) {
return 0;
}
// check if the Survey we want to populate with data and tokens already exists, else -> Fault
if (!$this->surveyExists($iVid)) {
$this->debugLsrc("wir sind in " . __FUNCTION__ . " Line " . __LINE__ . ", survey does not exist ");
return 0;
}
$this->createTokenTable($iVid);
//set the Seperators to default if nothing is set in the lsrc.config.php
if (!isset($sDatasetSeperator) || $sDatasetSeperator == '') {
$sDatasetSeperator = "::";
}
if (!isset($sDatafieldSeperator) || $sDatafieldSeperator == '') {
$sDatafieldSeperator = ";";
}
// prepare to fill the table lime_tokens_*
// this is sensitiv, if the Seperator is not the defined one, almost everything could happen, BE AWARE OF YOUR SEPERATOR!...
$asDataset = explode($sDatasetSeperator, $sParticipantData);
// write the tokens to the token_table
$iCountParticipants = count($asDataset);
$iInsertedParticipants = 0;
foreach ($asDataset as $sData) {
//some extra sql statement comes in here later
$attributes = '';
$attributesData = '';
$validity = '';
$validityData = '';
if ($sData != '') {
$asDatafield = explode($sDatafieldSeperator, $sData);
$checkCnt = 1;
$iDataLength = count($asDatafield);
for ($n = 0; $n >= $iDataLength; ++$n) {
if ($asDatafield[$n] == '') {
$asDatafield[$n] = null;
}
}
// token generieren
while ($checkCnt > 0) {
$value = randomkey(10);
//change randomkey value for different tokenlength (up to 36 chars max.)
$cQuery = "select token from " . $dbprefix . "tokens_" . $iVid . " where token = '" . $value . "'; ";
$result = db_execute_assoc($cQuery);
$checkCnt = $result->RecordCount();
}
if (!isset($asDatafield[4]) || $asDatafield[4] == '') {
$asDatafield[4] = $value;
}
//set session language if no language is set
if (!isset($asDatafield[3]) || $asDatafield[3] == '') {
$asDatafield[3] = $_SESSION['lang'];
}
//Begin to prepare our statement here. One array for the columns to insert and a parallel array with the values.
$insertColumns = array('firstname', 'lastname', 'email', 'language', 'token');
$insertValues = array($asDatafield[0], $asDatafield[1], $asDatafield[2], $asDatafield[3], $asDatafield[4]);
if (isset($asDatafield[5]) && $asDatafield[5] != null) {
//$validity .= ',validfrom';
//$validityData .=",'$asDatafield[5]'";
$insertColumns[] = 'validfrom';
$insertValues[] = $asDatafield[5];
}
if (isset($asDatafield[6]) && $asDatafield[5] != null) {
//$validity .= ',validuntil';
//$validityData .=",'$asDatafield[6]'";
$insertColumns[] = 'validuntil';
$insertValues[] = $asDatafield[6];
}
if (isset($asDatafield[7]) && $asDatafield[7] != '') {
$asAttributes = explode(",", $asDatafield[7]);
$n = 0;
foreach ($asAttributes as $attribute) {
++$n;
//$check = "SELECT attribute_$n FROM {$dbprefix}_tokens_$iVid ";
$sql = "ALTER TABLE {$dbprefix}tokens_{$iVid} ADD COLUMN attribute_{$n} VARCHAR(255); ";
//$attributes.=",attribute_$n";
//$attributesData.= ",'$attribute'";
$insertColumns[] = "attribute_{$n}";
$insertValues[] = $attribute;
$this->debugLsrc("wir sind in " . __FUNCTION__ . " Line " . __LINE__ . ", Attribute_{$n} mit {$attribute} anlegen ,sql: {$sql}");
//modify_database("","$sql");
$connect->Execute($sql);
}
}
/*$sInsertParti = "INSERT INTO ".$dbprefix."tokens_".$iVid
."(firstname,lastname,email,token,"
."language $validity $attributes) "
."VALUES ('{$asDatafield[0]}', '{$asDatafield[1]}' , '{$asDatafield[2]}', '{$asDatafield[4]}' , "
."'{$asDatafield[3]}' $validityData $attributesData) ";*/
$sInsertParti = "INSERT INTO {$dbprefix}tokens_{$iVid} (" . implode(',', $insertColumns) . ") VALUES (" . trim(str_repeat('?,', count($insertColumns)), ',') . ");";
$this->debugLsrc("{$sInsertParti}");
// $sInsertParti = "INSERT INTO ".$dbprefix."tokens_".$iVid
// ."(firstname,lastname,email,emailstatus,token,"
// ."language,sent,completed,attribute_1,attribute_2,mpid)"
// ."VALUES ('".$asDatafield[0]."' ,
// '".$asDatafield[1]."' , '".$asDatafield[2]."' , 'OK' , '".$asDatafield[5]."',
// '".$_SESSION['lang']."', 'N', 'N', '".$asDatafield[3]."' , '".$asDatafield[4]."' , NULL); ";
//
if ($connect->Execute($sInsertParti, $insertValues)) {
++$iInsertedParticipants;
// check participants eMail status and set it
// see http://data.iana.org/TLD/tlds-alpha-by-domain.txt
$maxrootdomainlength = 32;
if (1 == preg_match("/^[_a-zA-Z0-9-]+(\\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\\.[a-zA-Z0-9-]+)*\\.(([0-9]{1,3})|([a-zA-Z]{2," . $maxrootdomainlength . "}))\$/ix", $asDatafield[2])) {
$this->changeTable("tokens_" . $iVid, "emailstatus", "OK", "email='{$asDatafield[2]}'");
}
// if(isset($asDatafield[7]) && $asDatafield[7]!='')
// {
// $asAttributes = explode(",", $asDatafield[7]);
// $n=0;
// foreach($asAttributes as $attribute)
// {
//
// ++$n;
// //$check = "SELECT attribute_$n FROM {$dbprefix}_tokens_$iVid ";
//
// $sql = "ALTER TABLE {$dbprefix}tokens_$iVid ADD COLUMN attribute_$n VARCHAR(255); ";
// $attributes.=",attribute_$n";
// $attributesData.= ",'$attribute'";
//
// $this->debugLsrc("wir sind in ".__FUNCTION__." Line ".__LINE__.", Attribute_$n mit $attribute anlegen ,sql: $sql");
// //modify_database("","$sql");
// $connect->Execute($sql);
//
//
// $insert = "UPDATE {$dbprefix}tokens_$iVid "
// . " SET attribute_$n='$attribute' WHERE token='$asDatafield[4]' ";
//
// $this->debugLsrc("$insert");
// $connect->Execute($insert);
// }
// }
}
}
}
return "" . $iCountParticipants . "Datasets given, " . $iInsertedParticipants . " rows inserted. ";
}
if ($register_errormsg != "") {
include "index.php";
exit;
}
//Check if this email already exists in token database
$query = "SELECT email FROM {$dbprefix}tokens_{$surveyid}\n" . "WHERE email = " . db_quoteall(sanitize_email(returnglobal('register_email')));
$result = $connect->Execute($query) or safe_die($query . "<br />" . $connect->ErrorMsg());
//Checked
if ($result->RecordCount() > 0) {
$register_errormsg = $clang->gT("The email you used has already been registered.");
include "index.php";
exit;
}
$mayinsert = false;
while ($mayinsert != true) {
$newtoken = randomkey(15);
$ntquery = "SELECT * FROM {$dbprefix}tokens_{$surveyid} WHERE token='{$newtoken}'";
$ntresult = $connect->Execute($ntquery);
//Checked
if (!$ntresult->RecordCount()) {
$mayinsert = true;
}
}
$postfirstname = sanitize_xss_string(strip_tags(returnglobal('register_firstname')));
$postlastname = sanitize_xss_string(strip_tags(returnglobal('register_lastname')));
/*$postattribute1=sanitize_xss_string(strip_tags(returnglobal('register_attribute1')));
$postattribute2=sanitize_xss_string(strip_tags(returnglobal('register_attribute2'))); */
//Insert new entry into tokens db
$query = "INSERT INTO {$dbprefix}tokens_{$surveyid}\n" . "(firstname, lastname, email, emailstatus, token)\n" . "VALUES (?, ?, ?, ?, ?)";
$result = $connect->Execute($query, array($postfirstname, $postlastname, returnglobal('register_email'), 'OK', $newtoken)) or safe_die($query . "<br />" . $connect->ErrorMsg());
//Checked - According to adodb docs the bound variables are quoted automatically
function setUserRightsCas($user, $role = "")
{
include_once "../config-defaults.php";
//include("../config.php"); //Not needed since config-defaults includes config.php
$_SESSION['user'] = $user;
$_SESSION['loginID'] = 1;
$_SESSION['dateformat'] = 1;
$_SESSION['adminlang'] = $defaultlang;
$_SESSION['htmleditormode'] = 'default';
$_SESSION['checksessionpost'] = randomkey(10);
$_SESSION['pw_notify'] = false;
switch ($role) {
case "admin":
//echo "hallo";
$_SESSION['USER_RIGHT_CREATE_SURVEY'] = 1;
$_SESSION['USER_RIGHT_CONFIGURATOR'] = 1;
$_SESSION['USER_RIGHT_CREATE_USER'] = 1;
$_SESSION['USER_RIGHT_DELETE_USER'] = 1;
$_SESSION['USER_RIGHT_SUPERADMIN'] = 1;
$_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] = 1;
$_SESSION['USER_RIGHT_MANAGE_LABEL'] = 1;
break;
default:
//echo "default";
$_SESSION['USER_RIGHT_CREATE_SURVEY'] = 1;
$_SESSION['USER_RIGHT_CONFIGURATOR'] = 1;
$_SESSION['USER_RIGHT_CREATE_USER'] = 0;
$_SESSION['USER_RIGHT_DELETE_USER'] = 0;
$_SESSION['USER_RIGHT_SUPERADMIN'] = 0;
$_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] = 1;
$_SESSION['USER_RIGHT_MANAGE_LABEL'] = 1;
break;
}
}
if (!isset($tokenlength) || $tokenlength == '') {
$tokenlength = 15;
}
// select all existing tokens
$ntquery = "SELECT token FROM " . db_table_name("tokens_{$surveyid}") . " group by token";
$ntresult = db_execute_assoc($ntquery);
while ($tkrow = $ntresult->FetchRow()) {
$existingtokens[$tkrow['token']] = null;
}
$newtokencount = 0;
$tkquery = "SELECT tid FROM " . db_table_name("tokens_{$surveyid}") . " WHERE token IS NULL OR token=''";
$tkresult = db_execute_assoc($tkquery) or safe_die("Mucked up!<br />{$tkquery}<br />" . $connect->ErrorMsg());
while ($tkrow = $tkresult->FetchRow()) {
$isvalidtoken = false;
while ($isvalidtoken == false) {
$newtoken = randomkey($tokenlength);
if (!isset($existingtokens[$newtoken])) {
$isvalidtoken = true;
$existingtokens[$newtoken] = null;
}
}
$itquery = "UPDATE " . db_table_name("tokens_{$surveyid}") . " SET token='{$newtoken}' WHERE tid={$tkrow['tid']}";
$itresult = $connect->Execute($itquery);
$newtokencount++;
}
$message = str_replace("{TOKENCOUNT}", $newtokencount, $clang->gT("{TOKENCOUNT} tokens have been created"));
$tokenoutput .= "<div class='successheader'>{$message}</div>\n";
}
$tokenoutput .= "</div>\n";
}
if ($subaction == "delete" && (bHasRight($surveyid, 'edit_survey_property') || bHasRight($surveyid, 'activate_survey'))) {
} else {
//get one time pw from db
$srow = $result->FetchRow();
$otpw = $srow['one_time_pw'];
//check if passed password and one time password from database DON'T match
if ($pw != $otpw) {
//no match -> warning
$loginsummary = "<p>" . $clang->gT("Passed single-use password was wrong or user doesn't exist") . "<br />";
$loginsummary .= "<br /><br /><a href='{$scriptname}'>" . $clang->gT("Continue") . "</a><br /> \n";
} else {
//delete one time password in database
$uquery = "UPDATE " . db_table_name('users') . "\n\t\t\t\t\tSET one_time_pw=''\n\t\t\t\t\tWHERE users_name='" . db_quote($user) . "'";
$uresult = $connect->Execute($uquery);
//data necessary for following functions
$_SESSION['user'] = $srow['users_name'];
$_SESSION['checksessionpost'] = randomkey(10);
$_SESSION['loginID'] = $srow['uid'];
$_SESSION['dateformat'] = $srow['dateformat'];
$_SESSION['htmleditormode'] = $srow['htmleditormode'];
$_SESSION['full_name'] = $srow['full_name'];
GetSessionUserRights($_SESSION['loginID']);
// Check if the user has changed his default password
if (strtolower($srow['password']) == 'password') {
$_SESSION['pw_notify'] = true;
} else {
$_SESSION['pw_notify'] = false;
}
//delete passed information
unset($_GET['user']);
unset($_GET['onepass']);
}
} else {
$utquery .= "SET completed='Y'\n";
}
$utquery .= "WHERE token='{$_POST['token']}'";
$utresult = $connect->Execute($utquery) or safe_die("Couldn't update tokens table!<br />\n{$utquery}<br />\n" . $connect->ErrorMsg());
}
if (isset($_POST['save']) && $_POST['save'] == "on") {
$srid = $connect->Insert_ID();
//CREATE ENTRY INTO "saved_control"
$scdata = array("sid" => $surveyid, "srid" => $srid, "identifier" => $saver['identifier'], "access_code" => $password, "email" => $saver['email'], "ip" => $_SERVER['REMOTE_ADDR'], "refurl" => getenv("HTTP_REFERER"), 'saved_thisstep' => 0, "status" => "S", "saved_date" => date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust));
if ($connect->AutoExecute("{$dbprefix}saved_control", $scdata, 'INSERT')) {
$scid = $connect->Insert_ID("{$dbprefix}saved_control", "scid");
$dataentryoutput .= "<font class='successtitle'>" . $clang->gT("Your survey responses have been saved successfully. You will be sent a confirmation e-mail. Please make sure to save your password, since we will not be able to retrieve it for you.") . "</font><br />\n";
$tkquery = "SELECT * FROM " . db_table_name("tokens_{$surveyid}");
if ($tkresult = $connect->Execute($tkquery)) {
$tokendata = array("firstname" => $saver['identifier'], "lastname" => $saver['identifier'], "email" => $saver['email'], "token" => randomkey(15), "language" => $saver['language'], "sent" => date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i", $timeadjust), "completed" => "N");
$connect->AutoExecute(db_table_name("tokens_" . $surveyid), $tokendata, 'INSERT');
$dataentryoutput .= "<font class='successtitle'>" . $clang->gT("A token entry for the saved survey has been created too.") . "</font><br />\n";
}
if ($saver['email']) {
//Send email
if (validate_email($saver['email']) && !returnglobal('redo')) {
$subject = $clang->gT("Saved Survey Details");
$message = $clang->gT("Thank you for saving your survey in progress. The following details can be used to return to this survey and continue where you left off. Please keep this e-mail for your reference - we cannot retrieve the password for you.");
$message .= "\n\n" . $thissurvey['name'] . "\n\n";
$message .= $clang->gT("Name") . ": " . $saver['identifier'] . "\n";
$message .= $clang->gT("Password") . ": " . $saver['password'] . "\n\n";
$message .= $clang->gT("Reload your survey by clicking on the following link (or pasting it into your browser):") . ":\n";
$message .= $publicurl . "/index.php?sid={$surveyid}&loadall=reload&scid=" . $scid . "&lang=" . urlencode($saver['language']) . "&loadname=" . urlencode($saver['identifier']) . "&loadpass="******"&token=" . $tokendata['token'];
