$_SESSION['flashmessage'] = $clang->gT("Survey text elements successfully saved.");
}
} elseif ($action == "insertsurvey" && $_SESSION['USER_RIGHT_CREATE_SURVEY']) {
$dateformatdetails = getDateFormatData($_SESSION['dateformat']);
// $_POST['language']
$supportedLanguages = getLanguageData();
$numberformatid = $supportedLanguages[$_POST['language']]['radixpoint'];
if ($_POST['url'] == 'http://') {
$_POST['url'] = "";
}
if (!$_POST['surveyls_title']) {
$databaseoutput .= "<script type=\"text/javascript\">\n<!--\n alert(\"" . $clang->gT("Survey could not be created because it did not have a title", "js") . "\")\n //-->\n</script>\n";
} else {
// Get random ids until one is found that is not used
do {
$surveyid = sRandomChars(5, '123456789');
$isquery = "SELECT sid FROM " . db_table_name('surveys') . " WHERE sid={$surveyid}";
$isresult = db_execute_assoc($isquery);
// Checked
} while ($isresult->RecordCount() > 0);
if (!isset($_POST['template'])) {
$_POST['template'] = 'default';
}
if ($_SESSION['USER_RIGHT_SUPERADMIN'] != 1 && $_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] != 1 && !hasTemplateManageRights($_SESSION['loginID'], $_POST['template'])) {
$_POST['template'] = "default";
}
// insert base language into surveys_language_settings
if ($filterxsshtml) {
require_once "../classes/inputfilter/class.inputfilter_clean.php";
$myFilter = new InputFilter('', '', 1, 1, 1);
$_POST['surveyls_title'] = $myFilter->process($_POST['surveyls_title']);
/**
* The new one...
* * Function to insert Participant data while auto creating token if non is supported...
* @param $sUser
* @param $sPass
* @param $iVid
* @param $sParticipantData (FIRSTNAME;LASTNAME;EMAIL;LANG;TOKEN;VALIDFROM;VALIDTO;attrib1,attrib2,attrib3,attrib4,attrib5::)
* @return unknown_type
*/
function insertParticipants($iVid, $sParticipantData)
{
global $connect;
global $dbprefix;
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
include "lsrc.config.php";
//$this = new lsrcHelper();
// check for appropriate rights
// if(!$this->checkUser($sUser, $sPass))
// {
// throw new SoapFault("Authentication: ", "User or password wrong");
// exit;
// }
$this->debugLsrc("wir sind in " . __FUNCTION__ . " Line " . __LINE__ . ", {$iVid}, {$sParticipantData} ");
// check if there is a $iVid, else abort
if (!isset($iVid) || $iVid == '' || $iVid == 0) {
return 0;
}
// check if the Survey we want to populate with data and tokens already exists, else -> Fault
if (!$this->surveyExists($iVid)) {
$this->debugLsrc("wir sind in " . __FUNCTION__ . " Line " . __LINE__ . ", survey does not exist ");
return 0;
}
$this->createTokenTable($iVid);
//set the Seperators to default if nothing is set in the lsrc.config.php
if (!isset($sDatasetSeperator) || $sDatasetSeperator == '') {
$sDatasetSeperator = "::";
}
if (!isset($sDatafieldSeperator) || $sDatafieldSeperator == '') {
$sDatafieldSeperator = ";";
}
// prepare to fill the table lime_tokens_*
// this is sensitiv, if the Seperator is not the defined one, almost everything could happen, BE AWARE OF YOUR SEPERATOR!...
$asDataset = explode($sDatasetSeperator, $sParticipantData);
// write the tokens to the token_table
$iCountParticipants = count($asDataset);
$iInsertedParticipants = 0;
foreach ($asDataset as $sData) {
//some extra sql statement comes in here later
$attributes = '';
$attributesData = '';
$validity = '';
$validityData = '';
if ($sData != '') {
$asDatafield = explode($sDatafieldSeperator, $sData);
$checkCnt = 1;
$iDataLength = count($asDatafield);
for ($n = 0; $n >= $iDataLength; ++$n) {
if ($asDatafield[$n] == '') {
$asDatafield[$n] = null;
}
}
// token generieren
while ($checkCnt > 0) {
$value = sRandomChars(10);
//change sRandomChars value for different tokenlength (up to 36 chars max.)
$cQuery = "select token from " . $dbprefix . "tokens_" . $iVid . " where token = '" . $value . "'; ";
$result = db_execute_assoc($cQuery);
$checkCnt = $result->RecordCount();
}
if (!isset($asDatafield[4]) || $asDatafield[4] == '') {
$asDatafield[4] = $value;
}
//set session language if no language is set
if (!isset($asDatafield[3]) || $asDatafield[3] == '') {
$asDatafield[3] = $_SESSION['lang'];
}
//Begin to prepare our statement here. One array for the columns to insert and a parallel array with the values.
$insertColumns = array('firstname', 'lastname', 'email', 'language', 'token');
$insertValues = array($asDatafield[0], $asDatafield[1], $asDatafield[2], $asDatafield[3], $asDatafield[4]);
if (isset($asDatafield[5]) && $asDatafield[5] != null) {
//$validity .= ',validfrom';
//$validityData .=",'$asDatafield[5]'";
$insertColumns[] = 'validfrom';
$insertValues[] = $asDatafield[5];
}
if (isset($asDatafield[6]) && $asDatafield[5] != null) {
//$validity .= ',validuntil';
//$validityData .=",'$asDatafield[6]'";
$insertColumns[] = 'validuntil';
$insertValues[] = $asDatafield[6];
}
if (isset($asDatafield[7]) && $asDatafield[7] != '') {
$asAttributes = explode(",", $asDatafield[7]);
$n = 0;
foreach ($asAttributes as $attribute) {
++$n;
//$check = "SELECT attribute_$n FROM {$dbprefix}_tokens_$iVid ";
$sql = "ALTER TABLE {$dbprefix}tokens_{$iVid} ADD COLUMN attribute_{$n} VARCHAR(255); ";
//$attributes.=",attribute_$n";
//$attributesData.= ",'$attribute'";
$insertColumns[] = "attribute_{$n}";
$insertValues[] = $attribute;
$this->debugLsrc("wir sind in " . __FUNCTION__ . " Line " . __LINE__ . ", Attribute_{$n} mit {$attribute} anlegen ,sql: {$sql}");
//modify_database("","$sql");
$connect->Execute($sql);
}
}
/*$sInsertParti = "INSERT INTO ".$dbprefix."tokens_".$iVid
."(firstname,lastname,email,token,"
."language $validity $attributes) "
."VALUES ('{$asDatafield[0]}', '{$asDatafield[1]}' , '{$asDatafield[2]}', '{$asDatafield[4]}' , "
."'{$asDatafield[3]}' $validityData $attributesData) ";*/
$sInsertParti = "INSERT INTO {$dbprefix}tokens_{$iVid} (" . implode(',', $insertColumns) . ") VALUES (" . trim(str_repeat('?,', count($insertColumns)), ',') . ");";
$this->debugLsrc("{$sInsertParti}");
// $sInsertParti = "INSERT INTO ".$dbprefix."tokens_".$iVid
// ."(firstname,lastname,email,emailstatus,token,"
// ."language,sent,completed,attribute_1,attribute_2,mpid)"
// ."VALUES ('".$asDatafield[0]."' ,
// '".$asDatafield[1]."' , '".$asDatafield[2]."' , 'OK' , '".$asDatafield[5]."',
// '".$_SESSION['lang']."', 'N', 'N', '".$asDatafield[3]."' , '".$asDatafield[4]."' , NULL); ";
//
if ($connect->Execute($sInsertParti, $insertValues)) {
++$iInsertedParticipants;
// check participants eMail status and set it
// see http://data.iana.org/TLD/tlds-alpha-by-domain.txt
$maxrootdomainlength = 32;
if (1 == preg_match("/^[_a-zA-Z0-9-]+(\\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\\.[a-zA-Z0-9-]+)*\\.(([0-9]{1,3})|([a-zA-Z]{2," . $maxrootdomainlength . "}))\$/ix", $asDatafield[2])) {
$this->changeTable("tokens_" . $iVid, "emailstatus", "OK", "email='{$asDatafield[2]}'");
}
// if(isset($asDatafield[7]) && $asDatafield[7]!='')
// {
// $asAttributes = explode(",", $asDatafield[7]);
// $n=0;
// foreach($asAttributes as $attribute)
// {
//
// ++$n;
// //$check = "SELECT attribute_$n FROM {$dbprefix}_tokens_$iVid ";
//
// $sql = "ALTER TABLE {$dbprefix}tokens_$iVid ADD COLUMN attribute_$n VARCHAR(255); ";
// $attributes.=",attribute_$n";
// $attributesData.= ",'$attribute'";
//
// $this->debugLsrc("wir sind in ".__FUNCTION__." Line ".__LINE__.", Attribute_$n mit $attribute anlegen ,sql: $sql");
// //modify_database("","$sql");
// $connect->Execute($sql);
//
//
// $insert = "UPDATE {$dbprefix}tokens_$iVid "
// . " SET attribute_$n='$attribute' WHERE token='$asDatafield[4]' ";
//
// $this->debugLsrc("$insert");
// $connect->Execute($insert);
// }
// }
}
}
}
return "" . $iCountParticipants . "Datasets given, " . $iInsertedParticipants . " rows inserted. ";
}
//Check if this email already exists in token database
$query = "SELECT email FROM {$dbprefix}tokens_$surveyid\n"
. "WHERE email = ".db_quoteall(sanitize_email(returnglobal('register_email')));
$result = $connect->Execute($query) or safe_die ($query."<br />".$connect->ErrorMsg()); //Checked
if (($result->RecordCount()) > 0)
{
$register_errormsg=$clang->gT("The email you used has already been registered.");
include "index.php";
exit;
}
$mayinsert = false;
while ($mayinsert != true)
{
$newtoken = sRandomChars(15);
$ntquery = "SELECT * FROM {$dbprefix}tokens_$surveyid WHERE token='$newtoken'";
$ntresult = $connect->Execute($ntquery); //Checked
if (!$ntresult->RecordCount()) {$mayinsert = true;}
}
$postfirstname=sanitize_xss_string(strip_tags(returnglobal('register_firstname')));
$postlastname=sanitize_xss_string(strip_tags(returnglobal('register_lastname')));
/*$postattribute1=sanitize_xss_string(strip_tags(returnglobal('register_attribute1')));
$postattribute2=sanitize_xss_string(strip_tags(returnglobal('register_attribute2'))); */
//Insert new entry into tokens db
$query = "INSERT INTO {$dbprefix}tokens_$surveyid\n"
. "(firstname, lastname, email, emailstatus, token)\n"
. "VALUES (?, ?, ?, ?, ?)";
$result = $connect->Execute($query, array($postfirstname,
$sTransLinks = true;
}
// Start the HTML
if ($action == 'importsurvey') {
$importsurvey = "<div class='header ui-widget-header'>" . $clang->gT("Import survey") . "</div>\n";
$importingfrom = "http";
} elseif ($action == 'copysurvey') {
$importsurvey = "<div class='header ui-widget-header'>" . $clang->gT("Copy survey") . "</div>\n";
$copyfunction = true;
}
// Start traitment and messagebox
$importsurvey .= "<div class='messagebox ui-corner-all'>\n";
$importerror = false;
// Put a var for continue
if ($action == 'importsurvey') {
$the_full_file_path = $tempdir . "/" . sRandomChars(20) . '_' . $_FILES['the_file']['name'];
if (!@move_uploaded_file($_FILES['the_file']['tmp_name'], $the_full_file_path)) {
$importsurvey .= "<div class='errorheader'>" . $clang->gT("Error") . "</div>\n";
$importsurvey .= sprintf($clang->gT("An error occurred uploading your file. This may be caused by incorrect permissions in your %s folder."), $tempdir) . "<br /><br />\n";
$importsurvey .= "<input type='submit' value='" . $clang->gT("Main Admin Screen") . "' onclick=\"window.open('{$scriptname}', '_self')\"><br /><br />\n";
$importerror = true;
} else {
$importsurvey .= "<div class='successheader'>" . $clang->gT("Success") . "</div> <br />\n";
$importsurvey .= $clang->gT("File upload succeeded.") . "<br /><br />\n";
$importsurvey .= $clang->gT("Reading file..") . "<br />\n";
$sFullFilepath = $the_full_file_path;
$aPathInfo = pathinfo($sFullFilepath);
if (isset($aPathInfo['extension'])) {
$sExtension = $aPathInfo['extension'];
} else {
$sExtension = "";
"saved_date"=>date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust));
if ($connect->AutoExecute("{$dbprefix}saved_control", $scdata,'INSERT'))
{
$scid = $connect->Insert_ID("{$dbprefix}saved_control","scid");
$dataentryoutput .= "<font class='successtitle'>".$clang->gT("Your survey responses have been saved successfully. You will be sent a confirmation e-mail. Please make sure to save your password, since we will not be able to retrieve it for you.")."</font><br />\n";
$tkquery = "SELECT * FROM ".db_table_name("tokens_$surveyid");
if ($tkresult = $connect->Execute($tkquery)) //If the query fails, assume no tokens table exists
{
$tokendata = array (
"firstname"=> $saver['identifier'],
"lastname"=> $saver['identifier'],
"email"=>$saver['email'],
"token"=>sRandomChars(15),
"language"=>$saver['language'],
"sent"=>date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i", $timeadjust),
"completed"=>"N");
$connect->AutoExecute(db_table_name("tokens_".$surveyid), $tokendata,'INSERT');
$dataentryoutput .= "<font class='successtitle'>".$clang->gT("A token entry for the saved survey has been created too.")."</font><br />\n";
}
if ($saver['email'])
{
//Send email
if (validate_email($saver['email']) && !returnglobal('redo'))
{
$subject=$clang->gT("Saved Survey Details");
$message=$clang->gT("Thank you for saving your survey in progress. The following details can be used to return to this survey and continue where you left off. Please keep this e-mail for your reference - we cannot retrieve the password for you.");
/**
* Add a case to the system based on a sample record
*
* @param int $sample_id The sample id
* @param int $questionnaire_id The questionnaire id
* @param int $operator_id The operator id (Default NULL)
* @param int $testing 0 if a live case otherwise 1 for a testing case
* @param int $current_outcome_id The current outcome id (defaults to 1 - not attempted)
* @param bool $addlimeattributes If true, add sample values as lime attributes
*
* @return int The case id
*/
function add_case($sample_id, $questionnaire_id, $operator_id = "NULL", $testing = 0, $current_outcome_id = 1, $addlimeattributes = false)
{
global $db;
$ttries = 0;
do {
$token = sRandomChars();
$sql = "SELECT count(*) as c\r\n\t\t\tFROM `case`\r\n\t\t\tWHERE token = '{$token}'";
$ttries++;
} while ($db->GetOne($sql) > 0 && $ttries < 10);
$sql = "INSERT INTO `case` (case_id, sample_id, questionnaire_id, last_call_id, current_operator_id, current_call_id, current_outcome_id,token)\r\n\t\tVALUES (NULL, {$sample_id}, {$questionnaire_id}, NULL, {$operator_id}, NULL, '{$current_outcome_id}','{$token}')";
$db->Execute($sql);
$case_id = $db->Insert_ID();
//if this sample is set as testing, assign internal numbers as numbers
if ($testing == 1) {
$db->Execute("SET @row := 0");
$sql = "INSERT INTO contact_phone (case_id,priority,phone,description)\r\n\t\t\tSELECT {$case_id} as case_id,@row := @row + 1 AS priority,IFNULL(SUBSTRING_INDEX(e.extension,'/',-1),'312345678') as phone, CONCAT(o.firstName, ' ', o.lastName)\r\n FROM operator as o\r\n LEFT JOIN `extension` as e ON (e.current_operator_id = o.operator_id)\r\n WHERE o.enabled = 1";
$db->Execute($sql);
} else {
//add any phone numbers to contact phone
//$db->Execute("SET @row := 0");
$sql = "SELECT sv.val as phone\r\n\t\t\tFROM sample_var as sv, sample_import_var_restrict as sivr\r\n\t\t\tWHERE sv.sample_id = '{$sample_id}'\r\n\t\t\tAND sv.var_id = sivr.var_id\r\n\t\t\tAND sv.val > 0\r\n\t\t\tAND sv.val is NOT NULL\r\n\t\t\tAND sv.val != \"\"\r\n\t\t\tAND sivr.`type` IN (2,3)\r\n\t\t\tORDER BY sivr.`type` DESC";
$r5 = $db->GetAll($sql);
if (!empty($r5)) {
$i = 1;
foreach ($r5 as $r5v) {
$tnum = preg_replace("/[^0-9]/", "", $r5v['phone']);
if (empty($tnum)) {
$tnum = "88888888";
}
//handle error condition
$sql = "INSERT INTO contact_phone (case_id,priority,phone,description)\r\n\t\t\t\t\tVALUES ({$case_id},{$i},{$tnum},'')";
$db->Execute($sql);
$i++;
}
} else {
$sql = "INSERT INTO contact_phone (case_id,priority,phone,description)\r\n\t\t\t\tVALUES ({$case_id},1,88888888,'test only')";
$db->Execute($sql);
}
}
//add respondent details to respondent (if such details exist in the sample)
$sql = "INSERT INTO respondent (case_id,firstName,lastName,Time_zone_name) \r\n\t\tSELECT {$case_id} as case_id, IFNULL(s1.val,'') as firstName, IFNULL(s2.val,'') as lastName, s3.Time_zone_name as Time_zone_name \r\n\t\tFROM sample as s3\r\n\t\tLEFT JOIN (sample_var as s2 , sample_import_var_restrict as sivr2) on (s2.sample_id = '{$sample_id}' and s2.var_id = sivr2.var_id and sivr2.type = 7) \r\n\t\tLEFT JOIN (sample_var as s1 , sample_import_var_restrict as sivr1) on (s1.sample_id = '{$sample_id}' and s1.var_id = sivr1.var_id and sivr1.type = 6) \r\n\t\tWHERE s3.sample_id = '{$sample_id}'";
$db->Execute($sql);
//add resopndent to Lime Survey token table for this questionnaire
//first we need to get the limesurvey survey id
if (!$db->HasFailedTrans()) {
$sql = "SELECT lime_sid\r\n\t\t\tFROM questionnaire\r\n\t\t\tWHERE questionnaire_id = '{$questionnaire_id}'";
$lime_sid = $db->GetOne($sql);
if ($lime_sid) {
$lfirstname = "''";
$llastname = "''";
$lemail = "''";
if ($addlimeattributes) {
$lfirstname = $db->qstr($db->GetOne("SELECT sv.val \r\n\t\t\t\t\t\t\t\tFROM sample_var as sv, sample_import_var_restrict as s \r\n\t\t\t\t\t\t\t\tWHERE sv.var_id = s.var_id\r\n\t\t\t\t\t\t\t\tAND sv.sample_id = '{$sample_id}'\r\n\t\t\t\t\t\t\t\tAND s.type = '6'"));
$llastname = $db->qstr($db->GetOne("SELECT sv.val \r\n\t\t\t\t\t\t\t\tFROM sample_var as sv, sample_import_var_restrict as s \r\n\t\t\t\t\t\t\t\tWHERE sv.var_id = s.var_id\r\n\t\t\t\t\t\t\t\tAND sv.sample_id = '{$sample_id}'\r\n\t\t\t\t\t\t\t\tAND s.type = '7'"));
$lemail = $db->qstr($db->GetOne("SELECT sv.val \r\n\t\t\t\t\t\t\t\tFROM sample_var as sv, sample_import_var_restrict as s \r\n\t\t\t\t\t\t\t\tWHERE sv.var_id = s.var_id\r\n\t\t\t\t\t\t\t\tAND sv.sample_id = '{$sample_id}'\r\n\t\t\t\t\t\t\t\tAND s.type = '8'"));
}
$sql = "INSERT INTO " . LIME_PREFIX . "tokens_{$lime_sid} (tid,firstname,lastname,email,token,language,sent,completed,mpid)\r\n\t\t\tVALUES (NULL,{$lfirstname},{$llastname},{$lemail},'{$token}','" . DEFAULT_LOCALE . "','N','N',NULL)";
$db->Execute($sql);
$tid = $db->Insert_Id();
if ($addlimeattributes) {
//also add sample values as attributes
//match by name
$sql = "SELECT attributedescriptions\r\n\t\t\t\t\tFROM " . LIME_PREFIX . "surveys\r\n\t\t\t\t\tWHERE sid = '{$lime_sid}'";
$names = $db->GetOne($sql);
$attdescriptiondata = explode("\n", $names);
$atts = array();
foreach ($attdescriptiondata as $attdescription) {
if (!empty($attdescription)) {
$atts['attribute_' . substr($attdescription, 10, strpos($attdescription, '=') - 10)] = substr($attdescription, strpos($attdescription, '=') + 1);
}
}
foreach ($atts as $key => $val) {
$lval = $db->GetOne("SELECT sv.val \r\n\t\t\t\t\t\t\t\tFROM sample_var as sv, sample_import_var_restrict as s \r\n\t\t\t\t\t\t\t\tWHERE sv.var_id = s.var_id\r\n\t\t\t\t\t\t\t\tAND sv.sample_id = '{$sample_id}'\r\n\t\t\t\t\t\t\t\tAND s.var LIKE '{$val}'");
$lval = $db->qstr($lval);
$sql = "UPDATE " . LIME_PREFIX . "tokens_{$lime_sid}\r\n\t\t\t\t\t\tSET {$key} = {$lval}\r\n\t\t\t\t\t\tWHERE tid = '{$tid}'";
$db->Execute($sql);
}
}
}
}
return $case_id;
}
}
$isAuthenticated = false;
}
} else {
// User already exists
$isAuthenticated = true;
}
if ($isAuthenticated === true) {
// user exists and was authenticated by webserver
$fields = $result->FetchRow();
$_SESSION['loginID'] = intval($fields['uid']);
$_SESSION['user'] = $fields['users_name'];
$_SESSION['adminlang'] = $fields['lang'];
$_SESSION['htmleditormode'] = $fields['htmleditormode'];
$_SESSION['dateformat'] = $fields['dateformat'];
$_SESSION['checksessionpost'] = sRandomChars(10);
$_SESSION['pw_notify'] = false;
$clang = new limesurvey_lang($_SESSION['adminlang']);
$login = true;
$loginsummary .= "<br /><span style='font-weight:bold;'>" . sprintf($clang->gT("Welcome %s!"), $_SESSION['user']) . "</span><br />";
$loginsummary .= $clang->gT("You logged in successfully.");
if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] && strpos($_SERVER['QUERY_STRING'], "action=logout") === FALSE) {
$_SESSION['metaHeader'] = "<meta http-equiv=\"refresh\"" . " content=\"1;URL={$scriptname}?" . $_SERVER['QUERY_STRING'] . "\" />";
$loginsummary .= "<p><font size='1'><i>" . $clang->gT("Reloading screen. Please wait.") . "</i></font>\n";
}
$loginsummary .= "<br /><br />\n";
GetSessionUserRights($_SESSION['loginID']);
}
}
} elseif ($action == "logout") {
killSession();
if (substr($line, $length - 1, 1) == ';') {
$line = substr($line, 0, $length - 1);
// strip ;
$command .= $line;
$command = str_replace('prefix_', $dbprefix, $command);
// Table prefixes
$command = str_replace('$defaultuser', $defaultuser, $command);
// variables By Moses
$command = str_replace('$defaultpass', SHA256::hashing($defaultpass), $command);
// variables By Moses
$command = str_replace('$siteadminname', $siteadminname, $command);
$command = str_replace('$siteadminemail', $siteadminemail, $command);
// variables By Moses
$command = str_replace('$defaultlang', $defaultlang, $command);
// variables By Moses
$command = str_replace('$sessionname', 'ls' . sRandomChars(20, '123456789'), $command);
$command = str_replace('$databasetabletype', $databasetabletype, $command);
if (!$connect->Execute($command, false)) {
print "\n" . $clang->gT("Executing") . "....." . $command . "..." . $clang->gT('Failed! Reason:') . "\n" . $connect->ErrorMsg() . "\n\n";
$success = 1;
}
$command = '';
} else {
$command .= $line;
}
}
}
$connect->SetFetchMode(ADODB_FETCH_ASSOC);
if ($success == 0) {
print "Database {$databasename} on {$databasetype} POPULATED";
print "\n\neverything went fine";
function setUserRightsCas($user, $role = "")
{
include_once "../config-defaults.php";
//include("../config.php"); //Not needed since config-defaults includes config.php
$_SESSION['user'] = $user;
$_SESSION['loginID'] = 1;
$_SESSION['dateformat'] = 1;
$_SESSION['adminlang'] = $defaultlang;
$_SESSION['htmleditormode'] = 'default';
$_SESSION['checksessionpost'] = sRandomChars(10);
$_SESSION['pw_notify'] = false;
switch ($role) {
case "admin":
//echo "hallo";
$_SESSION['USER_RIGHT_CREATE_SURVEY'] = 1;
$_SESSION['USER_RIGHT_CONFIGURATOR'] = 1;
$_SESSION['USER_RIGHT_CREATE_USER'] = 1;
$_SESSION['USER_RIGHT_DELETE_USER'] = 1;
$_SESSION['USER_RIGHT_SUPERADMIN'] = 1;
$_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] = 1;
$_SESSION['USER_RIGHT_MANAGE_LABEL'] = 1;
break;
default:
//echo "default";
$_SESSION['USER_RIGHT_CREATE_SURVEY'] = 1;
$_SESSION['USER_RIGHT_CONFIGURATOR'] = 1;
$_SESSION['USER_RIGHT_CREATE_USER'] = 0;
$_SESSION['USER_RIGHT_DELETE_USER'] = 0;
$_SESSION['USER_RIGHT_SUPERADMIN'] = 0;
$_SESSION['USER_RIGHT_MANAGE_TEMPLATE'] = 1;
$_SESSION['USER_RIGHT_MANAGE_LABEL'] = 1;
break;
}
}
@session_name($stg_SessionName . '-runtime-' . $surveyid);
}
} else {
@session_name($stg_SessionName . '-runtime-publicportal');
}
} else {
session_name("LimeSurveyRuntime-{$surveyid}");
}
session_set_cookie_params(0, $relativeurl . '/admin/');
@session_start();
if (empty($_SESSION) || !isset($_SESSION['fieldname'])) {
die("You don't have a valid session !");
}
$baselang = GetBaseLanguageFromSurveyID($surveyid);
$clang = new limesurvey_lang($baselang);
$randfilename = 'futmp_' . sRandomChars(15);
$sTempUploadDir = $tempdir . '/upload/';
$randfileloc = $sTempUploadDir . $randfilename;
$filename = $_FILES['uploadfile']['name'];
$size = 0.001 * $_FILES['uploadfile']['size'];
$valid_extensions = strtolower($_POST['valid_extensions']);
$maxfilesize = (int) $_POST['max_filesize'];
$preview = $_POST['preview'];
$fieldname = $_POST['fieldname'];
$aFieldMap = createFieldMap($surveyid);
if (!isset($aFieldMap[$fieldname])) {
die;
}
$aAttributes = getQuestionAttributes($aFieldMap[$fieldname]['qid'], $aFieldMap[$fieldname]['type']);
$valid_extensions_array = explode(",", $aAttributes['allowed_filetypes']);
$valid_extensions_array = array_map('trim', $valid_extensions_array);
/**
* Run an arbitrary sequence of semicolon-delimited SQL commands
*
* Assumes that the input text (file or string) consists of
* a number of SQL statements ENDING WITH SEMICOLONS. The
* semicolons MUST be the last character in a line.
* Lines that are blank or that start with "#" or "--" (postgres) are ignored.
* Only tested with mysql dump files (mysqldump -p -d limesurvey)
* Function kindly borrowed by Moodle
* @uses $dbprefix
* @param string $sqlfile The path where a file with sql commands can be found on the server.
* @param string $sqlstring If no path is supplied then a string with semicolon delimited sql
* commands can be supplied in this argument.
* @return bool Returns true if database was modified successfully.
*/
function modify_database($sqlfile = '', $sqlstring = '')
{
global $dbprefix;
global $defaultuser;
global $defaultpass;
global $siteadminemail;
global $siteadminname;
global $defaultlang;
global $codeString;
global $rootdir, $homedir;
global $connect;
global $clang;
global $modifyoutput;
global $databasetabletype;
require_once $homedir . "/classes/core/sha256.php";
$success = true;
// Let's be optimistic
$modifyoutput = '';
if (!empty($sqlfile)) {
if (!is_readable($sqlfile)) {
$success = false;
echo '<p>Tried to modify database, but "' . $sqlfile . '" doesn\'t exist!</p>';
return $success;
} else {
$lines = file($sqlfile);
}
} else {
$sqlstring = trim($sqlstring);
if ($sqlstring[strlen($sqlstring) - 1] != ";") {
$sqlstring .= ";";
// add it in if it's not there.
}
$lines[] = $sqlstring;
}
$command = '';
foreach ($lines as $line) {
$line = rtrim($line);
$length = strlen($line);
if ($length and $line[0] != '#' and substr($line, 0, 2) != '--') {
if (substr($line, $length - 1, 1) == ';') {
$line = substr($line, 0, $length - 1);
// strip ;
$command .= $line;
$command = str_replace('prefix_', $dbprefix, $command);
// Table prefixes
$command = str_replace('$defaultuser', $defaultuser, $command);
$command = str_replace('$defaultpass', SHA256::hashing($defaultpass), $command);
$command = str_replace('$siteadminname', $siteadminname, $command);
$command = str_replace('$siteadminemail', $siteadminemail, $command);
$command = str_replace('$defaultlang', $defaultlang, $command);
$command = str_replace('$sessionname', 'ls' . sRandomChars(20, '123456789'), $command);
$command = str_replace('$databasetabletype', $databasetabletype, $command);
if (!db_execute_num($command)) {
//Checked
$command = htmlspecialchars($command);
$modifyoutput .= "<br />" . sprintf($clang->gT("SQL command failed: %s Reason: %s"), "<span style='font-size:10px;'>" . $command . "</span>", "<span style='color:#ee0000;font-size:10px;'>" . $connect->ErrorMsg() . "</span><br/>");
$success = false;
} else {
$command = htmlspecialchars($command);
$modifyoutput .= ". ";
}
$command = '';
} else {
$command .= $line;
}
}
}
return $success;
}
/**
* Cleanse the $_POSTed data and update $_SESSION variables accordingly
*/
static function ProcessCurrentResponses()
{
$LEM =& LimeExpressionManager::singleton();
if (!isset($LEM->currentQset)) {
return array();
}
$updatedValues = array();
$radixchange = $LEM->surveyOptions['radix'] == ',' ? true : false;
foreach ($LEM->currentQset as $qinfo) {
$relevant = false;
$qid = $qinfo['info']['qid'];
$gseq = $qinfo['info']['gseq'];
$relevant = isset($_POST['relevance' . $qid]) ? $_POST['relevance' . $qid] == 1 : false;
$grelevant = isset($_POST['relevanceG' . $gseq]) ? $_POST['relevanceG' . $gseq] == 1 : false;
$_SESSION['relevanceStatus'][$qid] = $relevant;
$_SESSION['relevanceStatus']['G' . $gseq] = $grelevant;
foreach (explode('|', $qinfo['sgqa']) as $sq) {
$sqrelevant = true;
if (isset($LEM->subQrelInfo[$qid][$sq]['rowdivid'])) {
$rowdivid = $LEM->subQrelInfo[$qid][$sq]['rowdivid'];
if ($rowdivid != '' && isset($_POST['relevance' . $rowdivid])) {
$sqrelevant = $_POST['relevance' . $rowdivid] == 1;
$_SESSION['relevanceStatus'][$rowdivid] = $sqrelevant;
}
}
$type = $qinfo['info']['type'];
if ($relevant && $grelevant && $sqrelevant) {
if ($qinfo['info']['hidden'] && !isset($_POST[$sq])) {
$value = isset($_SESSION[$sq]) ? $_SESSION[$sq] : '';
// if always hidden, use the default value, if any, unless value was changed via POST
} else {
$value = isset($_POST[$sq]) ? $_POST[$sq] : '';
}
if ($radixchange && isset($LEM->knownVars[$sq]['onlynum']) && $LEM->knownVars[$sq]['onlynum'] == '1') {
// convert from comma back to decimal
$value = implode('.', explode(',', $value));
}
switch ($type) {
case 'D':
//DATE
if (trim($value) == "") {
$value = "";
} else {
$dateformatdatat = getDateFormatData($LEM->surveyOptions['surveyls_dateformat']);
$datetimeobj = new Date_Time_Converter($value, $dateformatdatat['phpdate']);
$value = $datetimeobj->convert("Y-m-d");
}
break;
case 'N':
//NUMERICAL QUESTION TYPE
//NUMERICAL QUESTION TYPE
case 'K':
//MULTIPLE NUMERICAL QUESTION
if (trim($value) == "") {
$value = "";
} else {
$value = sanitize_float($value);
}
break;
case '|':
//File Upload
if (!preg_match('/_filecount$/', $sq)) {
$json = $value;
$phparray = json_decode(stripslashes($json));
// if the files have not been saved already,
// move the files from tmp to the files folder
$tmp = $LEM->surveyOptions['tempdir'] . '/upload/';
if (!is_null($phparray) && count($phparray) > 0) {
// Move the (unmoved, temp) files from temp to files directory.
// Check all possible file uploads
for ($i = 0; $i < count($phparray); $i++) {
if (file_exists($tmp . $phparray[$i]->filename)) {
$sDestinationFileName = 'fu_' . sRandomChars(15);
if (!is_dir($LEM->surveyOptions['target'])) {
mkdir($LEM->surveyOptions['target'], 0777, true);
}
if (!rename($tmp . $phparray[$i]->filename, $LEM->surveyOptions['target'] . $sDestinationFileName)) {
echo "Error moving file to target destination";
}
$phparray[$i]->filename = $sDestinationFileName;
}
}
$value = ls_json_encode($phparray);
// so that EM doesn't try to parse it.
}
}
break;
}
$_SESSION[$sq] = $value;
$_update = array('type' => $type, 'value' => $value);
$updatedValues[$sq] = $_update;
$LEM->updatedValues[$sq] = $_update;
} else {
// irrelevant, so database will be NULLed separately
// Must unset the value, rather than setting to '', so that EM can re-use the default value as needed.
unset($_SESSION[$sq]);
$_update = array('type' => $type, 'value' => NULL);
$updatedValues[$sq] = $_update;
$LEM->updatedValues[$sq] = $_update;
}
}
}
if (isset($_POST['timerquestion'])) {
$_SESSION[$_POST['timerquestion']] = sanitize_float($_POST[$_POST['timerquestion']]);
}
return $updatedValues;
}
function createinsertquery()
{
global $thissurvey, $timeadjust, $move, $thisstep;
global $deletenonvalues, $thistpl, $tempdir, $uploaddir;
global $surveyid, $connect, $clang, $postedfieldnames, $bFinalizeThisAnswer;
require_once "classes/inputfilter/class.inputfilter_clean.php";
$myFilter = new InputFilter('', '', 1, 1, 1);
$fieldmap = createFieldMap($surveyid);
//Creates a list of the legitimate questions for this survey
if (isset($_SESSION['insertarray']) && is_array($_SESSION['insertarray'])) {
$inserts = array_unique($_SESSION['insertarray']);
$colnames_hidden = array();
foreach ($inserts as $value) {
//Work out if the field actually exists in this survey
$fieldexists = '';
if (isset($fieldmap[$value])) {
$fieldexists = $fieldmap[$value];
}
//Iterate through possible responses
if (isset($_SESSION[$value]) && !empty($fieldexists)) {
//Only create column name and data entry if there is actually data!
$colnames[] = $value;
//If deletenonvalues is ON, delete any values that shouldn't exist
// we only do this at stubmit time so that we don't delete default values
// morover, doing this only once reduces the perfomance impact
if ($move == "movesubmit" && $deletenonvalues == 1 && !checkconfield($value)) {
$values[] = 'NULL';
$colnames_hidden[] = $value;
} elseif ($_SESSION[$value] == '' && $fieldexists['type'] == 'D' || $_SESSION[$value] == '' && $fieldexists['type'] == 'K' || $_SESSION[$value] == '' && $fieldexists['type'] == 'N') {
// most databases do not allow to insert an empty value into a datefield,
// therefore if no date was chosen in a date question the insert value has to be NULL
$values[] = 'NULL';
} else {
if ($fieldexists['type'] == '|' && strpos($fieldexists['fieldname'], "_filecount") === false) {
$fieldname = $fieldexists['fieldname'];
$target = "{$uploaddir}/surveys/{$thissurvey['sid']}/files/";
$json = $_SESSION[$value];
$phparray = json_decode(stripslashes($json));
// if the files have not been saved already,
// move the files from tmp to the files folder
$tmp = $tempdir . '/upload/';
if (!is_null($phparray) && count($phparray) > 0 && file_exists($tmp . $phparray[0]->filename)) {
// move files from temp to files directory
for ($i = 0; $i < count($phparray); $i++) {
$sDestinationFileName = 'fu_' . sRandomChars(15);
if (!rename($tmp . $phparray[$i]->filename, $target . $sDestinationFileName)) {
echo "Error moving file to its destination";
}
$phparray[$i]->filename = $sDestinationFileName;
}
$_SESSION[$value] = json_encode($phparray);
}
$values[] = $connect->qstr($_SESSION[$value], get_magic_quotes_gpc());
// filename is changed from undefined to a random value
// update uses $_POST for saving responses
$_POST[$value] = $_SESSION[$value];
} else {
// Empty the 'Other' field if a value other than '-oth-' was set for the main field (prevent invalid other values being saved - for example if Javascript fails to hide the 'Other' input field)
if ($fieldexists['type'] == '!' && $fieldmap[$value]['aid'] == 'other' && isset($_POST[substr($value, 0, strlen($value) - 5)]) && $_POST[substr($value, 0, strlen($value) - 5)] != '-oth-') {
$_SESSION[$value] = '';
} elseif ($fieldexists['type'] == 'N' || $fieldexists['type'] == 'K') {
$_SESSION[$value] = sanitize_float($_SESSION[$value]);
} elseif ($fieldexists['type'] == 'D' && is_array($postedfieldnames) && in_array($value, $postedfieldnames)) {
// convert the date to the right DB Format but only if it was posted
$dateformatdatat = getDateFormatData($thissurvey['surveyls_dateformat']);
$datetimeobj = new Date_Time_Converter($_SESSION[$value], $dateformatdatat['phpdate']);
$_SESSION[$value] = $datetimeobj->convert("Y-m-d");
$_SESSION[$value] = $connect->BindDate($_SESSION[$value]);
}
$values[] = $connect->qstr($_SESSION[$value], get_magic_quotes_gpc());
}
}
}
}
if ($thissurvey['datestamp'] == "Y") {
$_SESSION['datestamp'] = date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust);
}
// First compute the submitdate
if ($thissurvey['anonymized'] == "Y" && $thissurvey['datestamp'] == "N") {
// In case of anonymized responses survey with no datestamp
// then the the answer submutdate gets a conventional timestamp
// 1st Jan 1980
$mysubmitdate = date("Y-m-d H:i:s", mktime(0, 0, 0, 1, 1, 1980));
} else {
$mysubmitdate = date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust);
}
// CHECK TO SEE IF ROW ALREADY EXISTS
// srid (=Survey Record ID ) is set when the there were already answers saved for that survey
if (!isset($_SESSION['srid'])) {
//Prepare row insertion
if (!isset($colnames) || !is_array($colnames)) {
echo submitfailed();
exit;
}
// INSERT NEW ROW
$query = "INSERT INTO " . db_quote_id($thissurvey['tablename']) . "\n" . "(" . implode(', ', array_map('db_quote_id', $colnames));
$query .= "," . db_quote_id('lastpage');
if ($thissurvey['datestamp'] == "Y") {
$query .= "," . db_quote_id('datestamp');
$query .= "," . db_quote_id('startdate');
}
if ($thissurvey['ipaddr'] == "Y") {
$query .= "," . db_quote_id('ipaddr');
}
$query .= "," . db_quote_id('startlanguage');
if ($thissurvey['refurl'] == "Y") {
$query .= "," . db_quote_id('refurl');
}
if ($bFinalizeThisAnswer === true && $thissurvey['format'] != "A") {
$query .= "," . db_quote_id('submitdate');
}
$query .= ") ";
$query .= "VALUES (" . implode(", ", $values);
$query .= "," . ($thisstep + 1);
if ($thissurvey['datestamp'] == "Y") {
$query .= ", '" . $_SESSION['datestamp'] . "'";
$query .= ", '" . $_SESSION['datestamp'] . "'";
}
if ($thissurvey['ipaddr'] == "Y") {
$query .= ", '" . $_SERVER['REMOTE_ADDR'] . "'";
}
$query .= ", '" . $_SESSION['s_lang'] . "'";
if ($thissurvey['refurl'] == "Y") {
$query .= ", '" . $_SESSION['refurl'] . "'";
}
if ($bFinalizeThisAnswer === true && $thissurvey['format'] != "A") {
// is if a ALL-IN-ONE survey, we don't set the submit date before the data is validated
$query .= ", " . $connect->DBDate($mysubmitdate);
}
$query .= ")";
} else {
// UPDATE EXISTING ROW
// Updates only the MODIFIED fields posted on current page.
if (isset($postedfieldnames) && $postedfieldnames) {
$query = "UPDATE {$thissurvey['tablename']} SET ";
$query .= " lastpage = '" . $thisstep . "',";
if ($thissurvey['datestamp'] == "Y") {
$query .= " datestamp = '" . $_SESSION['datestamp'] . "',";
}
if ($thissurvey['ipaddr'] == "Y") {
$query .= " ipaddr = '" . $_SERVER['REMOTE_ADDR'] . "',";
}
// is if a ALL-IN-ONE survey, we don't set the submit date before the data is validated
if ($bFinalizeThisAnswer === true && $thissurvey['format'] != "A") {
$query .= " submitdate = " . $connect->DBDate($mysubmitdate) . ", ";
}
// Resets fields hidden due to conditions
if ($deletenonvalues == 1) {
$hiddenfields = array_unique(array_values($colnames_hidden));
foreach ($hiddenfields as $hiddenfield) {
//$fieldinfo = arraySearchByKey($hiddenfield, $fieldmap, "fieldname", 1);
//if ($fieldinfo['type']=='D' || $fieldinfo['type']=='N' || $fieldinfo['type']=='K')
//{
$query .= db_quote_id($hiddenfield) . " = NULL,";
//}
//else
//{
// $query .= db_quote_id($hiddenfield)." = '',";
//}
}
} else {
$hiddenfields = array();
}
$fields = $postedfieldnames;
$fields = array_unique($fields);
$fields = array_diff($fields, $hiddenfields);
// Do not take fields that are hidden
foreach ($fields as $field) {
if (!empty($field)) {
$fieldinfo = $fieldmap[$field];
if (!isset($_POST[$field])) {
$_POST[$field] = '';
}
//fixed numerical question fields. They have to be NULL instead of '' to avoid database errors
if ($_POST[$field] == '' && $fieldinfo['type'] == 'D' || $_POST[$field] == '' && $fieldinfo['type'] == 'N' || $_POST[$field] == '' && $fieldinfo['type'] == 'K') {
$query .= db_quote_id($field) . " = NULL,";
} else {
// Empty the 'Other' field if a value other than '-oth-' was set for the main field (prevent invalid other values being saved - for example if Javascript fails to hide the 'Other' input field)
if ($fieldinfo['type'] == '!' && $fieldmap[$field]['aid'] == 'other' && $_POST[substr($field, 0, strlen($field) - 5)] != '-oth-') {
$qfield = "''";
} elseif ($fieldinfo['type'] == 'N' || $fieldinfo['type'] == 'K') {
$qfield = db_quoteall(sanitize_float($_POST[$field]));
} elseif ($fieldinfo['type'] == 'D') {
$dateformatdatat = getDateFormatData($thissurvey['surveyls_dateformat']);
$datetimeobj = new Date_Time_Converter($_POST[$field], $dateformatdatat['phpdate']);
$qfield = db_quoteall($connect->BindDate($datetimeobj->convert("Y-m-d")));
} else {
$qfield = db_quoteall($_POST[$field], true);
}
$query .= db_quote_id($field) . " = " . $qfield . ",";
}
}
}
$query .= "WHERE id=" . $_SESSION['srid'];
$query = str_replace(",WHERE", " WHERE", $query);
// remove comma before WHERE clause
} else {
$query = "";
if ($bFinalizeThisAnswer === true) {
$query = "UPDATE {$thissurvey['tablename']} SET ";
$query .= " submitdate = " . $connect->DBDate($mysubmitdate);
$query .= " WHERE id=" . $_SESSION['srid'];
}
}
}
return $query;
} else {
sendcacheheaders();
doHeader();
foreach (file("{$thistpl}/startpage.pstpl") as $op) {
echo templatereplace($op);
}
echo "<br /><center><font face='verdana' size='2'><font color='red'><strong>" . $clang->gT("Error") . "</strong></font><br /><br />\n";
echo $clang->gT("Cannot submit results - there are none to submit.") . "<br /><br />\n";
echo "<font size='1'>" . $clang->gT("This error can occur if you have already submitted your responses and pressed 'refresh' on your browser. In this case, your responses have already been saved.") . "<br /><br />" . $clang->gT("If you receive this message in the middle of completing a survey, you should choose '<- BACK' on your browser and then refresh/reload the previous page. While you will lose answers from the last page all your others will still exist. This problem can occur if the webserver is suffering from overload or excessive use. We apologise for this problem.") . "<br />\n";
echo "</font></center><br /><br />";
exit;
}
}
function savescript($postvars = array())
{
$username = $this->session->userdata('user_name');
if (empty($username) || is_null($username)) {
$this->commonhelper->deletesession($_SERVER['REMOTE_ADDR']);
#die("Error: Session expired kindly re-login");
}
$go_SuccessNewlimesurveycreated = $this->lang->line('go_SuccessNewlimesurveycreated');
$go_Erroronsavingdatacontactyoursupport = $this->lang->line('go_Erroronsavingdatacontactyoursupport');
$go_Errornodatatoprocess = $this->lang->line('go_Errornodatatoprocess');
if (!empty($postvars)) {
if ($postvars['script_type'] == 'default') {
if ($this->commonhelper->checkIfTenant($this->session->userdata('user_group'))) {
$accounts = $this->session->userdata('user_group');
} else {
if (array_key_exists('accounts', $postvars)) {
$accounts = $postvars['accounts'];
} else {
$accounts = $this->session->userdata('user_group');
}
}
$data['vicidial_scripts'] = array('data' => array('script_id' => $postvars['script_id'], 'script_name' => $postvars['script_name'], 'script_comments' => $postvars['script_comments'], 'active' => $postvars['active'], 'script_text' => $postvars['script_text'], 'user_group' => $accounts));
$data['go_scripts'] = array('data' => array('account_num' => $accounts, 'script_id' => $postvars['script_id'], 'campaign_id' => $postvars['campaign_id'], 'surveyid' => ''));
$data['vicidial_campaigns'] = array('data' => array('campaign_script' => $postvars['script_id']), 'condition' => array('campaign_id' => $postvars['campaign_id']));
$result = $this->go_script->savedefaultscript($data);
die($result);
} else {
$rootdir = $this->config->item('lime_path') . "/limesurvey";
require_once $rootdir . '/classes/adodb/adodb.inc.php';
require_once $rootdir . '/common_functions_ci.php';
require_once $rootdir . '/admin/admin_functions.php';
require_once $rootdir . '/classes/core/sanitize.php';
require_once $rootdir . '/classes/core/language.php';
require_once $rootdir . '/admin/classes/core/sha256.php';
$clang = new limesurvey_lang('en');
require_once $rootdir . '/classes/core/surveytranslator_ci.php';
do {
$surveyid = sRandomChars(5, '123456789');
$this->go_script->limesurveyDB->where(array('sid' => $surveyid));
$isexist = $this->go_script->limesurveyDB->get('lime_surveys');
} while ($isexist->num_rows > 0);
$userInfo = $this->go_script->collectfromviciuser($username);
if ($userInfo->num_rows() > 0) {
$userDetail = $userInfo->result();
$viciemail = $userDetail[0]->email;
$viciuseralias = $userDetail[0]->user;
$vicipass = $userDetail[0]->pass;
$vicicompany = $userDetail[0]->full_name;
#$viciuser = $userDetail[0]->user_group;
if ($this->commonhelper->checkIfTenant($this->session->userdata('user_group'))) {
$viciuser = $userDetail[0]->user_group;
} else {
$viciuser = "******";
}
}
$userInfo = $this->go_script->collectfromlimesurvey($viciuseralias);
$userlevel = $this->session->userdata('users_level');
if ($userInfo->num_rows() < 1) {
# create new limesurvey user
$newUser = array('users_name' => $viciuseralias, 'password' => SHA256::hashing($vicipass), 'full_name' => $vicicompany, 'parent_id' => '1', 'lang' => 'auto', 'email' => $viciemail, 'create_survey' => '1', 'create_user' => '1', 'delete_user' => '1', 'configurator' => '1', 'manage_template' => '1', 'manage_label' => '1');
$this->go_script->insertTolimesurvey($newUser, 'lime_users', $newId);
if (!empty($newId)) {
$this->go_script->insertTolimesurvey(array('uid' => $newId, 'folder' => 'default', 'use' => '1'), 'lime_templates_rights');
}
$uid = $newId;
} else {
$userDetail = $userInfo->result();
$uid = $userDetail[0]->uid;
}
$aDefaultTexts = aTemplateDefaultTexts($clang, 'unescaped');
$languagedetails = getLanguageDetails($postvars['lang'], $clang);
$aDefaultTexts['admin_detailed_notification'] = $aDefaultTexts['admin_detailed_notification_css'] . $aDefaultTexts['admin_detailed_notification'];
$this->go_script->limesurveyDB->where(array('sid' => $surveyid));
$group = $this->go_script->limesurveyDB->get('lime_groups');
$count = $group->num_rows();
$count++;
if ($count < 100) {
$lastGroup = "0{$count}";
} elseif ($count < 10) {
$lastGroup = "00{$count}";
}
$data['limesurvey'] = array('lime_surveys' => array('data' => array(array('sid' => $surveyid, 'owner_id' => $uid, 'admin' => $vicicompany, 'adminemail' => $viciemail, 'active' => 'N', 'format' => 'G', 'language' => $postvars['lang'], 'datecreated' => date('Y-m-d'), 'htmlemail' => 'Y', 'usecaptcha' => 'D', 'bounce_email' => $viciemail))), 'lime_surveys_languagesettings' => array('data' => array(array('surveyls_survey_id' => $surveyid, 'surveyls_language' => $postvars['lang'], 'surveyls_title' => $postvars['script_name'], 'surveyls_email_invite_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['invitation_subject'])), 'surveyls_email_invite' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['invitation'])), 'surveyls_email_remind_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['reminder_subject'])), 'surveyls_email_remind' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['reminder'])), 'surveyls_email_confirm_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['confirmation_subject'])), 'surveyls_email_confirm' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['confirmation'])), 'surveyls_email_register_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['registration_subject'])), 'surveyls_email_register' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['registration'])), 'email_admin_notification_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['admin_notification_subject'])), 'email_admin_notification' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['admin_notification'])), 'email_admin_responses_subj' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['admin_detailed_notification_subject'])), 'email_admin_responses' => str_replace("'", "\\'", str_replace("\n", "<br />", $aDefaultTexts['admin_detailed_notification'])), 'surveyls_dateformat' => $languagedetails['dateformat'], 'surveyls_description' => $postvars['script_comments'], 'surveyls_welcometext' => $postvars['welcome_message'], 'surveyls_endtext' => $postvars['end_message'], 'surveyls_url' => $postvars['survey_url'], 'surveyls_urldescription' => $postvars['survey_url_desc']))), 'lime_survey_permissions' => array('data' => array(array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'assessments', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'translations', 'create_p' => '0', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'quotas', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'responses', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '1', 'export_p' => '1'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'statistics', 'create_p' => '0', 'read_p' => '1', 'update_p' => '0', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveyactivation', 'create_p' => '0', 'read_p' => '0', 'update_p' => '1', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveycontent', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '1', 'export_p' => '1'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'survey', 'create_p' => '0', 'read_p' => '1', 'update_p' => '0', 'delete_p' => '1', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveylocale', 'create_p' => '0', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveysecurity', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'surveysettings', 'create_p' => '0', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '0', 'import_p' => '0', 'export_p' => '0'), array('sid' => $surveyid, 'uid' => $uid, 'permission' => 'tokens', 'create_p' => '1', 'read_p' => '1', 'update_p' => '1', 'delete_p' => '1', 'import_p' => '1', 'export_p' => '1'))), 'lime_groups' => array('data' => array(array('sid' => $surveyid, 'group_name' => "{$vicicompany} Group {$lastGroup}", 'description' => "{$vicicompany} Group {$lastGroup}", 'language' => $postvars['lang']))), 'lime_questions' => array('format_data' => array("lime_groups_0"), 'data' => array(array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q1', 'question' => 'Lead ID:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '0', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'), array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q2', 'question' => 'Firstname:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '1', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'), array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q3', 'question' => 'Lastname:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '2', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'), array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q4', 'question' => 'Phone Number:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '3', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'), array('parent_qid' => '0', 'sid' => $surveyid, 'gid' => "{lime_groups_0}", 'type' => 'T', 'title' => 'Q5', 'question' => 'Address:', 'preg' => '', 'help' => '', 'other' => 'N', 'mandatory' => 'N', 'question_order' => '4', 'language' => $postvars['lang'], 'scale_id' => '0', 'same_default' => '0'))));
// end lime survey collected data
$script_text = '<iframe src="' . $this->config->item('base_url') . '/limesurvey/index.php?sid=' . $surveyid . '&lang=' . $postvars['lang'] . '&' . $surveyid . 'X{lime_groups_0}X{lime_questions_0}=--A--lead_id--B--&' . $surveyid . 'X{lime_groups_0}X{lime_questions_1}=--A--first_name--B--&' . $surveyid . 'X{lime_groups_0}X{lime_questions_2}=--A--last_name--B--&' . $surveyid . 'X{lime_groups_0}X{lime_questions_3}=--A--phone_number--B--&' . $surveyid . 'X{lime_groups_0}X{lime_questions_4}=--A--address1--B--&lead_id=--A--lead_id--B--&first_name=--A--first_name--B--&last_name=--A--last_name--B--&phone_number=--A--phone_number--B--&address1=--A--address1--B--" style="background-color:transparent;" scrolling="auto" frameborder="0" allowtransparency="true" id="popupFrame" name="popupFrame" width="--A--script_width--B--" height="--A--script_height--B--" STYLE="z-index:17"></iframe>';
$data['vicidial'] = array('vicidial_scripts' => array('format_data' => array("lime_groups_0", "lime_questions_0", "lime_questions_1", "lime_questions_2", "lime_questions_3", "lime_questions_4"), 'data' => array(array('script_id' => $postvars['script_id'], 'script_name' => $postvars['script_name'], 'script_text' => $script_text, 'active' => 'N', 'user_group' => $viciuser))), 'go_scripts' => array('data' => array(array('account_num' => $viciuser, 'script_id' => $postvars['script_id'], 'campaign_id' => $postvars['campaign_id'], 'surveyid' => $surveyid))), 'vicidial_campaigns' => array('condition' => array("campaign_id" => $postvars['campaign_id']), 'data' => array(array('campaign_script' => $postvars['script_id']))));
// saving the script data
$result = $this->go_script->saveadvancescript($data);
if ($result) {
die('' . $this->lang->line("go_success_new_lime_survey") . '');
//die("Success: New limesurvey created");
} else {
die('' . $this->lang->line("go_error_saving_data_support") . '');
//die("Error on saving data contact your support");
}
}
} else {
die('' . $this->lang->line("go_error_no_data_process") . '');
//die("Error: no data to process");
}
}
$utresult = $connect->Execute($utquery) or safe_die("Couldn't update tokens table!<br />\n{$utquery}<br />\n" . $connect->ErrorMsg());
// save submitdate into survey table
$srid = $connect->Insert_ID();
$sdquery = "UPDATE {$dbprefix}survey_{$surveyid} SET submitdate=" . db_quoteall($submitdate, true) . " WHERE id={$srid}\n";
$sdresult = $connect->Execute($sdquery) or safe_die("Couldn't set submitdate response in survey table!<br />\n{$sdquery}<br />\n" . $connect->ErrorMsg());
}
if (isset($_POST['save']) && $_POST['save'] == "on") {
$srid = $connect->Insert_ID();
//CREATE ENTRY INTO "saved_control"
$scdata = array("sid" => $surveyid, "srid" => $srid, "identifier" => $saver['identifier'], "access_code" => $password, "email" => $saver['email'], "ip" => $_SERVER['REMOTE_ADDR'], "refurl" => getenv("HTTP_REFERER"), 'saved_thisstep' => 0, "status" => "S", "saved_date" => date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust));
if ($connect->AutoExecute("{$dbprefix}saved_control", $scdata, 'INSERT')) {
$scid = $connect->Insert_ID("{$dbprefix}saved_control", "scid");
$dataentryoutput .= "<font class='successtitle'>" . $clang->gT("Your survey responses have been saved successfully. You will be sent a confirmation e-mail. Please make sure to save your password, since we will not be able to retrieve it for you.") . "</font><br />\n";
$tkquery = "SELECT * FROM " . db_table_name("tokens_{$surveyid}");
if ($tkresult = $connect->Execute($tkquery)) {
$tokendata = array("firstname" => $saver['identifier'], "lastname" => $saver['identifier'], "email" => $saver['email'], "token" => sRandomChars(15), "language" => $saver['language'], "sent" => date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i", $timeadjust), "completed" => "N");
$connect->AutoExecute(db_table_name("tokens_" . $surveyid), $tokendata, 'INSERT');
$dataentryoutput .= "<font class='successtitle'>" . $clang->gT("A token entry for the saved survey has been created too.") . "</font><br />\n";
}
if ($saver['email']) {
//Send email
if (validate_email($saver['email']) && !returnglobal('redo')) {
$subject = $clang->gT("Saved Survey Details");
$message = $clang->gT("Thank you for saving your survey in progress. The following details can be used to return to this survey and continue where you left off. Please keep this e-mail for your reference - we cannot retrieve the password for you.");
$message .= "\n\n" . $thissurvey['name'] . "\n\n";
$message .= $clang->gT("Name") . ": " . $saver['identifier'] . "\n";
$message .= $clang->gT("Password") . ": " . $saver['password'] . "\n\n";
$message .= $clang->gT("Reload your survey by clicking on the following link (or pasting it into your browser):") . "\n";
$message .= $publicurl . "/index.php?sid={$surveyid}&loadall=reload&scid=" . $scid . "&lang=" . urlencode($saver['language']) . "&loadname=" . urlencode($saver['identifier']) . "&loadpass="******"&token=" . $tokendata['token'];
/**
* This function returns a new random sid if the existing one is taken,
* otherwise it returns the old one.
*
* @param mixed $oldsid
*/
function GetNewSurveyID($oldsid)
{
global $connect, $dbprefix;
$isresult = $connect->GetOne("SELECT sid FROM {$dbprefix}surveys WHERE sid=$oldsid");
if (!is_null($isresult))
{
// Get new random ids until one is found that is not used
do
{
$newsid = sRandomChars(5,'123456789');
$isresult = $connect->GetOne("SELECT sid FROM {$dbprefix}surveys WHERE sid=$newsid");
}
while (!is_null($isresult));
return $newsid;
}
else
{
return $oldsid;
}
}
$data[$attr_name]=$_POST[$attr_name];
}
$tblInsert=db_table_name('tokens_'.$surveyid);
$amount = sanitize_int($_POST['amount']);
$tokenlength = sanitize_int($_POST['tokenlen']);
for ($i=0; $i<$amount;$i++){
$dataToInsert = $data;
$dataToInsert['firstname'] = str_replace('{TOKEN_COUNTER}',"$i",$dataToInsert['firstname']);
$dataToInsert['lastname'] = str_replace('{TOKEN_COUNTER}',"$i",$dataToInsert['lastname']);
$dataToInsert['email'] = str_replace('{TOKEN_COUNTER}',"$i",$dataToInsert['email']);
$isvalidtoken = false;
while ($isvalidtoken == false)
{
$newtoken = sRandomChars($tokenlength);
if (!isset($existingtokens[$newtoken])) {
$isvalidtoken = true;
$existingtokens[$newtoken]=null;
}
}
$dataToInsert['token'] = $newtoken;
$tblInsert=db_table_name('tokens_'.$surveyid);
$inresult = $connect->AutoExecute($tblInsert, $dataToInsert, 'INSERT') or safe_die ("Add new record failed:<br />\n$inquery<br />\n".$connect->ErrorMsg());
}
$tokenoutput .= "\t\t<div class='successheader'>".$clang->gT("Success")."</div>\n"
."\t\t<br />".$clang->gT("New dummy tokens were added.")."<br /><br />\n"
."\t\t<input type='button' value='".$clang->gT("Display tokens")."' onclick=\"window.open('$scriptname?action=tokens&sid=$surveyid&subaction=browse', '_top')\" /><br />\n";
$tokenoutput .= "\t</div>";
else
{
session_name("LimeSurveyRuntime-$surveyid");
}
session_set_cookie_params(0,$relativeurl.'/admin/');
@session_start();
if (empty($_SESSION) || !isset($_SESSION['fieldname']))
{
die("You don't have a valid session !");
}
$baselang = GetBaseLanguageFromSurveyID($surveyid);
$clang = new limesurvey_lang($baselang);
$randfilename = sRandomChars(15);
$sTempUploadDir = $tempdir.'/upload/';
$randfileloc = $sTempUploadDir . $randfilename;
$filename = $_FILES['uploadfile']['name'];
$size = 0.001 * $_FILES['uploadfile']['size'];
$valid_extensions = strtolower($_POST['valid_extensions']);
$maxfilesize = (int) $_POST['max_filesize'];
$preview = $_POST['preview'];
$fieldname = $_POST['fieldname'];
$aFieldMap=createFieldMap($surveyid);
if (!isset($aFieldMap[$fieldname])) die();
$aAttributes=getQuestionAttributes($aFieldMap[$fieldname]['qid'],$aFieldMap[$fieldname]['type']);
$valid_extensions_array = explode(",", $aAttributes['allowed_filetypes']);
$valid_extensions_array = array_map('trim',$valid_extensions_array);
