/**
* @package chamilo.survey
* @author Arnaud Ligot <*****@*****.**>
* @version $Id: $
*
* A small peace of code to enable user to access images included into survey
* which are accessible by non authenticated users. This file is included
* by document/download.php
*/
function check_download_survey($course, $invitation, $doc_url)
{
require_once 'survey.lib.php';
// Getting all the course information
$_course = CourseManager::get_course_information($course);
$course_id = $_course['real_id'];
// Database table definitions
$table_survey = Database::get_course_table(TABLE_SURVEY);
$table_survey_question = Database::get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database::get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_survey_invitation = Database::get_course_table(TABLE_SURVEY_INVITATION);
// Now we check if the invitationcode is valid
$sql = "SELECT * FROM {$table_survey_invitation}\n\t WHERE\n\t c_id = {$course_id} AND\n\t invitation_code = '" . Database::escape_string($invitation) . "'";
$result = Database::query($sql);
if (Database::num_rows($result) < 1) {
Display::display_error_message(get_lang('WrongInvitationCode'), false);
Display::display_footer();
exit;
}
$survey_invitation = Database::fetch_assoc($result);
// Now we check if the user already filled the survey
if ($survey_invitation['answered'] == 1) {
Display::display_error_message(get_lang('YouAlreadyFilledThisSurvey'), false);
Display::display_footer();
exit;
}
// Very basic security check: check if a text field from a survey/answer/option contains the name of the document requested
// Fetch survey ID
// If this is the case there will be a language choice
$sql = "SELECT * FROM {$table_survey}\n\t WHERE\n\t c_id = {$course_id} AND\n\t code='" . Database::escape_string($survey_invitation['survey_code']) . "'";
$result = Database::query($sql);
if (Database::num_rows($result) > 1) {
if ($_POST['language']) {
$survey_invitation['survey_id'] = $_POST['language'];
} else {
echo '<form id="language" name="language" method="POST" action="' . api_get_self() . '?course=' . $_GET['course'] . '&invitationcode=' . $_GET['invitationcode'] . '">';
echo ' <select name="language">';
while ($row = Database::fetch_assoc($result)) {
echo '<option value="' . $row['survey_id'] . '">' . $row['lang'] . '</option>';
}
echo '</select>';
echo ' <input type="submit" name="Submit" value="' . get_lang('Ok') . '" />';
echo '</form>';
display::display_footer();
exit;
}
} else {
$row = Database::fetch_assoc($result);
$survey_invitation['survey_id'] = $row['survey_id'];
}
$sql = "SELECT count(*)\n\t FROM {$table_survey}\n\t WHERE\n\t c_id = {$course_id} AND\n\t survey_id = " . $survey_invitation['survey_id'] . " AND (\n title LIKE '%{$doc_url}%'\n or subtitle LIKE '%{$doc_url}%'\n or intro LIKE '%{$doc_url}%'\n or surveythanks LIKE '%{$doc_url}%'\n )\n\t\t UNION\n\t\t SELECT count(*)\n\t\t FROM {$table_survey_question}\n\t\t WHERE\n\t\t c_id = {$course_id} AND\n\t\t survey_id = " . $survey_invitation['survey_id'] . " AND (\n survey_question LIKE '%{$doc_url}%'\n or survey_question_comment LIKE '%{$doc_url}%'\n )\n\t\t UNION\n\t\t SELECT count(*)\n\t\t FROM {$table_survey_question_option}\n\t\t WHERE\n\t\t c_id = {$course_id} AND\n\t\t survey_id = " . $survey_invitation['survey_id'] . " AND (\n option_text LIKE '%{$doc_url}%'\n )";
$result = Database::query($sql);
if (Database::num_rows($result) == 0) {
Display::display_error_message(get_lang('WrongInvitationCode'), false);
Display::display_footer();
exit;
}
return $_course;
}
