/** * register::index() * Process register form data and take appropriate action * @return */ function actionIndex($surveyid = null) { Yii::app()->loadHelper('database'); Yii::app()->loadHelper('replacements'); $postlang = Yii::app()->request->getPost('lang'); if ($surveyid == null) { $surveyid = Yii::app()->request->getPost('sid'); } if (!$surveyid) { Yii::app()->request->redirect(Yii::app()->baseUrl); } // Get passed language from form, so that we dont loose this! if (!isset($postlang) || $postlang == "" || !$postlang) { $baselang = Survey::model()->findByPk($surveyid)->language; Yii::import('application.libraries.Limesurvey_lang'); Yii::app()->lang = new Limesurvey_lang($baselang); $clang = Yii::app()->lang; } else { Yii::import('application.libraries.Limesurvey_lang'); Yii::app()->lang = new Limesurvey_lang($postlang); $clang = Yii::app()->lang; $baselang = $postlang; } $thissurvey = getSurveyInfo($surveyid, $baselang); $register_errormsg = ""; // Check the security question's answer if (function_exists("ImageCreate") && isCaptchaEnabled('registrationscreen', $thissurvey['usecaptcha'])) { if (!isset($_POST['loadsecurity']) || !isset($_SESSION['survey_' . $surveyid]['secanswer']) || Yii::app()->request->getPost('loadsecurity') != $_SESSION['survey_' . $surveyid]['secanswer']) { $register_errormsg .= $clang->gT("The answer to the security question is incorrect.") . "<br />\n"; } } //Check that the email is a valid style address if (!validateEmailAddress(Yii::app()->request->getPost('register_email'))) { $register_errormsg .= $clang->gT("The email you used is not valid. Please try again."); } // Check for additional fields $attributeinsertdata = array(); foreach (GetParticipantAttributes($surveyid) as $field => $data) { if (empty($data['show_register']) || $data['show_register'] != 'Y') { continue; } $value = sanitize_xss_string(Yii::app()->request->getPost('register_' . $field)); if (trim($value) == '' && $data['mandatory'] == 'Y') { $register_errormsg .= sprintf($clang->gT("%s cannot be left empty"), $thissurvey['attributecaptions'][$field]); } $attributeinsertdata[$field] = $value; } if ($register_errormsg != "") { $_SESSION['survey_' . $surveyid]['register_errormsg'] = $register_errormsg; Yii::app()->request->redirect(Yii::app()->createUrl('survey/index/sid/' . $surveyid)); } //Check if this email already exists in token database $query = "SELECT email FROM {{tokens_{$surveyid}}}\n" . "WHERE email = '" . sanitize_email(Yii::app()->request->getPost('register_email')) . "'"; $usrow = Yii::app()->db->createCommand($query)->queryRow(); if ($usrow) { $register_errormsg = $clang->gT("The email you used has already been registered."); $_SESSION['survey_' . $surveyid]['register_errormsg'] = $register_errormsg; Yii::app()->request->redirect(Yii::app()->createUrl('survey/index/sid/' . $surveyid)); //include "index.php"; //exit; } $mayinsert = false; // Get the survey settings for token length //$this->load->model("surveys_model"); $tlresult = Survey::model()->findAllByAttributes(array("sid" => $surveyid)); if (isset($tlresult[0])) { $tlrow = $tlresult[0]; } else { $tlrow = $tlresult; } $tokenlength = $tlrow['tokenlength']; //if tokenlength is not set or there are other problems use the default value (15) if (!isset($tokenlength) || $tokenlength == '') { $tokenlength = 15; } while ($mayinsert != true) { $newtoken = randomChars($tokenlength); $ntquery = "SELECT * FROM {{tokens_{$surveyid}}} WHERE token='{$newtoken}'"; $usrow = Yii::app()->db->createCommand($ntquery)->queryRow(); if (!$usrow) { $mayinsert = true; } } $postfirstname = sanitize_xss_string(strip_tags(Yii::app()->request->getPost('register_firstname'))); $postlastname = sanitize_xss_string(strip_tags(Yii::app()->request->getPost('register_lastname'))); $starttime = sanitize_xss_string(Yii::app()->request->getPost('startdate')); $endtime = sanitize_xss_string(Yii::app()->request->getPost('enddate')); /*$postattribute1=sanitize_xss_string(strip_tags(returnGlobal('register_attribute1'))); $postattribute2=sanitize_xss_string(strip_tags(returnGlobal('register_attribute2'))); */ // Insert new entry into tokens db Tokens_dynamic::sid($thissurvey['sid']); $token = new Tokens_dynamic(); $token->firstname = $postfirstname; $token->lastname = $postlastname; $token->email = Yii::app()->request->getPost('register_email'); $token->emailstatus = 'OK'; $token->token = $newtoken; if ($starttime && $endtime) { $token->validfrom = $starttime; $token->validuntil = $endtime; } foreach ($attributeinsertdata as $k => $v) { $token->{$k} = $v; } $result = $token->save(); /** $result = $connect->Execute($query, array($postfirstname, $postlastname, returnGlobal('register_email'), 'OK', $newtoken) // $postattribute1, $postattribute2) ) or safeDie ($query."<br />".$connect->ErrorMsg()); //Checked - According to adodb docs the bound variables are quoted automatically */ $tid = getLastInsertID($token->tableName()); $fieldsarray["{ADMINNAME}"] = $thissurvey['adminname']; $fieldsarray["{ADMINEMAIL}"] = $thissurvey['adminemail']; $fieldsarray["{SURVEYNAME}"] = $thissurvey['name']; $fieldsarray["{SURVEYDESCRIPTION}"] = $thissurvey['description']; $fieldsarray["{FIRSTNAME}"] = $postfirstname; $fieldsarray["{LASTNAME}"] = $postlastname; $fieldsarray["{EXPIRY}"] = $thissurvey["expiry"]; $message = $thissurvey['email_register']; $subject = $thissurvey['email_register_subj']; $from = "{$thissurvey['adminname']} <{$thissurvey['adminemail']}>"; if (getEmailFormat($surveyid) == 'html') { $useHtmlEmail = true; $surveylink = $this->createAbsoluteUrl($surveyid . '/lang-' . $baselang . '/tk-' . $newtoken); $optoutlink = $this->createAbsoluteUrl('optout/local/' . $surveyid . '/' . $baselang . '/' . $newtoken); $optinlink = $this->createAbsoluteUrl('optin/local/' . $surveyid . '/' . $baselang . '/' . $newtoken); $fieldsarray["{SURVEYURL}"] = "<a href='{$surveylink}'>" . $surveylink . "</a>"; $fieldsarray["{OPTOUTURL}"] = "<a href='{$optoutlink}'>" . $optoutlink . "</a>"; $fieldsarray["{OPTINURL}"] = "<a href='{$optinlink}'>" . $optinlink . "</a>"; } else { $useHtmlEmail = false; $fieldsarray["{SURVEYURL}"] = $this->createAbsoluteUrl('' . $surveyid . '/lang-' . $baselang . '/tk-' . $newtoken); $fieldsarray["{OPTOUTURL}"] = $this->createAbsoluteUrl('optout/local/' . $surveyid . '/' . $baselang . '/' . $newtoken); $fieldsarray["{OPTINURL}"] = $this->createAbsoluteUrl('optin/local/' . $surveyid . '/' . $baselang . '/' . $newtoken); } $message = ReplaceFields($message, $fieldsarray); $subject = ReplaceFields($subject, $fieldsarray); $html = ""; //Set variable $sitename = Yii::app()->getConfig('sitename'); if (SendEmailMessage($message, $subject, Yii::app()->request->getPost('register_email'), $from, $sitename, $useHtmlEmail, getBounceEmail($surveyid))) { // TLR change to put date into sent $today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i", Yii::app()->getConfig('timeadjust')); $query = "UPDATE {{tokens_{$surveyid}}}\n" . "SET sent='{$today}' WHERE tid={$tid}"; $result = dbExecuteAssoc($query) or show_error("Unable to execute this query : {$query}<br />"); //Checked $html = "<center>" . $clang->gT("Thank you for registering to participate in this survey.") . "<br /><br />\n" . $clang->gT("An email has been sent to the address you provided with access details for this survey. Please follow the link in that email to proceed.") . "<br /><br />\n" . $clang->gT("Survey administrator") . " {ADMINNAME} ({ADMINEMAIL})"; $html = ReplaceFields($html, $fieldsarray); $html .= "<br /><br /></center>\n"; } else { $html = "Email Error"; } //PRINT COMPLETED PAGE if (!$thissurvey['template']) { $thistpl = getTemplatePath(validateTemplateDir('default')); } else { $thistpl = getTemplatePath(validateTemplateDir($thissurvey['template'])); } sendCacheHeaders(); doHeader(); Yii::app()->lang = $clang; // fetch the defined variables and pass it to the header footer templates. $redata = compact(array_keys(get_defined_vars())); $this->_printTemplateContent($thistpl . '/startpage.pstpl', $redata, __LINE__); $this->_printTemplateContent($thistpl . '/survey.pstpl', $redata, __LINE__); echo $html; $this->_printTemplateContent($thistpl . '/endpage.pstpl', $redata, __LINE__); doFooter(); }
/** * Add new token form */ function addnew($iSurveyId) { // CHECK TO SEE IF A TOKEN TABLE EXISTS FOR THIS SURVEY $bTokenExists = tableExists('{{tokens_' . $iSurveyId . '}}'); if (!$bTokenExists) { self::_newtokentable($iSurveyId); } $iSurveyId = sanitize_int($iSurveyId); Yii::app()->loadHelper("surveytranslator"); $dateformatdetails = getDateFormatData(Yii::app()->session['dateformat']); if (!hasSurveyPermission($iSurveyId, 'tokens', 'create')) { die("no permissions"); // TODO Replace } if (Yii::app()->request->getPost('subaction') == 'inserttoken') { $clang = $this->getController()->lang; Yii::import('application.libraries.Date_Time_Converter'); //Fix up dates and match to database format if (trim(Yii::app()->request->getPost('validfrom')) == '') { $validfrom = null; } else { $datetimeobj = new Date_Time_Converter(trim(Yii::app()->request->getPost('validfrom')), $dateformatdetails['phpdate'] . ' H:i'); $validfrom = $datetimeobj->convert('Y-m-d H:i:s'); } if (trim(Yii::app()->request->getPost('validuntil')) == '') { $validuntil = null; } else { $datetimeobj = new Date_Time_Converter(trim(Yii::app()->request->getPost('validuntil')), $dateformatdetails['phpdate'] . ' H:i'); $validuntil = $datetimeobj->convert('Y-m-d H:i:s'); } $sanitizedtoken = sanitize_token(Yii::app()->request->getPost('token')); /* Mdekker: commented out this block as it doesn't respect tokenlength * or existing tokens and was always handled by the tokenify action as * the ui still suggests if (empty($sanitizedtoken)) { $isvalidtoken = false; while ($isvalidtoken == false) { $newtoken = randomChars(15); if (!isset($existingtokens[$newtoken])) { $isvalidtoken = true; $existingtokens[$newtoken] = null; } } $sanitizedtoken = $newtoken; } */ $aData = array('firstname' => Yii::app()->request->getPost('firstname'), 'lastname' => Yii::app()->request->getPost('lastname'), 'email' => sanitize_email(Yii::app()->request->getPost('email')), 'emailstatus' => Yii::app()->request->getPost('emailstatus'), 'token' => $sanitizedtoken, 'language' => sanitize_languagecode(Yii::app()->request->getPost('language')), 'sent' => Yii::app()->request->getPost('sent'), 'remindersent' => Yii::app()->request->getPost('remindersent'), 'completed' => Yii::app()->request->getPost('completed'), 'usesleft' => Yii::app()->request->getPost('usesleft'), 'validfrom' => $validfrom, 'validuntil' => $validuntil); // add attributes $attrfieldnames = Survey::model()->findByPk($iSurveyId)->tokenAttributes; $aTokenFieldNames = Yii::app()->db->getSchema()->getTable("{{tokens_{$iSurveyId}}}", true); $aTokenFieldNames = array_keys($aTokenFieldNames->columns); foreach ($attrfieldnames as $attr_name => $desc) { if (!in_array($attr_name, $aTokenFieldNames)) { continue; } $value = Yii::app()->getRequest()->getPost($attr_name); if ($desc['mandatory'] == 'Y' && trim($value) == '') { $this->getController()->error(sprintf($clang->gT('%s cannot be empty'), $desc['description'])); } $aData[$attr_name] = Yii::app()->getRequest()->getPost($attr_name); } $udresult = Tokens_dynamic::model($iSurveyId)->findAll("token <> '' and token = '{$sanitizedtoken}'"); if (count($udresult) == 0) { // AutoExecute $token = new Tokens_dynamic(); foreach ($aData as $k => $v) { $token->{$k} = $v; } $inresult = $token->save(); $aData['success'] = true; } else { $aData['success'] = false; } $aData['thissurvey'] = getSurveyInfo($iSurveyId); $aData['surveyid'] = $iSurveyId; $this->_renderWrappedTemplate('token', array('tokenbar', 'addtokenpost'), $aData); } else { self::_handletokenform($iSurveyId, "addnew"); } }