include "editansweroptions.php";
}
// ============= EDIT SUBQUESTIONS ======================================
if ($action == 'editsubquestions') {
include "editsubquestions.php";
}
// *************************************************
// Survey Rights Start ****************************
// *************************************************
if ($action == "addsurveysecurity") {
$addsummary = "<div class='header ui-widget-header'>" . $clang->gT("Add User") . "</div>\n";
$addsummary .= "<div class=\"messagebox ui-corner-all\">\n";
$query = "SELECT sid, owner_id FROM " . db_table_name('surveys') . " WHERE sid = {$surveyid} AND owner_id = " . $_SESSION['loginID'] . " AND owner_id != " . $postuserid;
$result = db_execute_assoc($query);
//Checked
if ($result->RecordCount() > 0 && in_array($postuserid, getuserlist('onlyuidarray')) || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1) {
if ($postuserid > 0) {
$isrquery = "INSERT INTO {$dbprefix}survey_permissions (sid,uid,permission,read_p) VALUES ({$surveyid},{$postuserid},'survey',1)";
$isrresult = $connect->Execute($isrquery);
//Checked
if ($isrresult) {
$addsummary .= "<div class=\"successheader\">" . $clang->gT("User added.") . "</div>\n";
$addsummary .= "<br /><form method='post' action='{$scriptname}?sid={$surveyid}'>" . "<input type='submit' value='" . $clang->gT("Set survey permissions") . "' />" . "<input type='hidden' name='action' value='setsurveysecurity' />" . "<input type='hidden' name='uid' value='{$postuserid}' />" . "</form>\n";
} else {
// Username already exists.
$addsummary .= "<div class=\"warningheader\">" . $clang->gT("Failed to add user.") . "</div>\n" . "<br />" . $clang->gT("Username already exists.") . "<br />\n";
$addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('{$scriptname}?sid={$surveyid}&action=surveysecurity', '_top')\" value=\"" . $clang->gT("Continue") . "\"/>\n";
}
} else {
$addsummary .= "<div class=\"warningheader\">" . $clang->gT("Failed to add user.") . "</div>\n" . "<br />" . $clang->gT("No Username selected.") . "<br />\n";
$addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('{$scriptname}?sid={$surveyid}&action=surveysecurity', '_top')\" value=\"" . $clang->gT("Continue") . "\"/>\n";
last($userid, $bikenum);
} else {
last($userid);
}
break;
case "stands":
logrequest($userid, $action);
checksession();
checkprivileges($userid);
liststands();
break;
case "userlist":
logrequest($userid, $action);
checksession();
checkprivileges($userid);
getuserlist();
break;
case "userstats":
logrequest($userid, $action);
checksession();
checkprivileges($userid);
getuserstats();
break;
case "usagestats":
logrequest($userid, $action);
checksession();
checkprivileges($userid);
getusagestats();
break;
case "edituser":
logrequest($userid, $action);
$uquery = "INSERT INTO {$dbprefix}users (users_name, password,full_name,parent_id,lang,email,create_survey,create_user,delete_user,superadmin,configurator,manage_template,manage_label)\n VALUES ('" . db_quote($new_user) . "', '" . SHA256::hashing($new_pass) . "', '" . db_quote($new_full_name) . "', {$_SESSION['loginID']}, 'auto', '" . db_quote($new_email) . "',0,0,0,0,0,0,0)";
$uresult = $connect->Execute($uquery);
//Checked
if ($uresult) {
$newqid = $connect->Insert_ID("{$dbprefix}users", "uid");
// add default template to template rights for user
$template_query = "INSERT INTO {$dbprefix}templates_rights VALUES('{$newqid}','default','1')";
$connect->Execute($template_query);
//Checked
// add new user to userlist
$squery = "SELECT uid, users_name, password, parent_id, email, create_survey, configurator, create_user, delete_user, superadmin, manage_template, manage_label FROM " . db_table_name('users') . " WHERE uid='{$newqid}'";
//added by Dennis
$sresult = db_execute_assoc($squery);
//Checked
$srow = $sresult->FetchRow();
$userlist = getuserlist();
array_push($userlist, array("user" => $srow['users_name'], "uid" => $srow['uid'], "email" => $srow['email'], "password" => $srow["password"], "parent_id" => $srow['parent_id'], "create_survey" => $srow['create_survey'], "configurator" => $srow['configurator'], "create_user" => $srow['create_user'], "delete_user" => $srow['delete_user'], "superadmin" => $srow['superadmin'], "manage_template" => $srow['manage_template'], "manage_label" => $srow['manage_label']));
// send Mail
$body = sprintf($clang->gT("Hello %s,", 'unescaped'), $new_full_name) . "<br /><br />\n";
$body .= sprintf($clang->gT("this is an automated email to notify that a user has been created for you on the site '%s'.", 'unescaped'), $sitename) . "<br /><br />\n";
$body .= $clang->gT("You can use now the following credentials to log into the site:", 'unescaped') . "<br />\n";
$body .= $clang->gT("Username", 'unescaped') . ": " . $new_user . "<br />\n";
if ($useWebserverAuth === false) {
// authent is not delegated to web server
// send password (if authorized by config)
if ($display_user_password_in_email === true) {
$body .= $clang->gT("Password", 'unescaped') . ": " . $new_pass . "<br />\n";
} else {
$body .= $clang->gT("Password", 'unescaped') . ": " . $clang->gT("Please ask your LimeSurvey administrator for your password.") . "<br />\n";
}
}
/**
* Retrieve a HTML <OPTION> list of survey admin users
*
* @param mixed $bIncludeOwner If the survey owner should be included
* @param mixed $bIncludeSuperAdmins If Super admins should be included
* @return string
*/
function sGetSurveyUserlist($bIncludeOwner = true, $bIncludeSuperAdmins = true)
{
global $surveyid, $dbprefix, $scriptname, $connect, $clang, $usercontrolSameGroupPolicy;
$surveyid = sanitize_int($surveyid);
$sSurveyIDQuery = "SELECT a.uid, a.users_name, a.full_name FROM " . db_table_name('users') . " AS a\n LEFT OUTER JOIN (SELECT uid AS id FROM " . db_table_name('survey_permissions') . " WHERE sid = {$surveyid}) AS b ON a.uid = b.id\n WHERE id IS NULL ";
if (!$bIncludeSuperAdmins) {
$sSurveyIDQuery .= 'and superadmin=0 ';
}
$sSurveyIDQuery .= 'ORDER BY a.users_name';
$surveyidresult = db_execute_assoc($sSurveyIDQuery);
//Checked
if (!$surveyidresult) {
return "Database Error";
}
$surveyselecter = "";
$surveynames = $surveyidresult->GetRows();
if (isset($usercontrolSameGroupPolicy) && $usercontrolSameGroupPolicy == true) {
$authorizedUsersList = getuserlist('onlyuidarray');
}
if ($surveynames) {
foreach ($surveynames as $sv) {
if (!isset($usercontrolSameGroupPolicy) || $usercontrolSameGroupPolicy == false || in_array($sv['uid'], $authorizedUsersList)) {
$surveyselecter .= "<option";
$surveyselecter .= " value='{$sv['uid']}'>{$sv['users_name']} {$sv['full_name']}</option>\n";
}
}
}
if (!isset($svexist)) {
$surveyselecter = "<option value='-1' selected='selected'>" . $clang->gT("Please choose...") . "</option>\n" . $surveyselecter;
} else {
$surveyselecter = "<option value='-1'>" . $clang->gT("None") . "</option>\n" . $surveyselecter;
}
return $surveyselecter;
}
}
// *************************************************
// Survey Rights Start ****************************
// *************************************************
if($action == "addsurveysecurity")
{
$addsummary = "<div class='header ui-widget-header'>".$clang->gT("Add User")."</div>\n";
$addsummary .= "<div class=\"messagebox ui-corner-all\">\n";
$query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND owner_id = ".$_SESSION['loginID']." AND owner_id != ".$postuserid;
$result = db_execute_assoc($query); //Checked
if( ($result->RecordCount() > 0 && in_array($postuserid,getuserlist('onlyuidarray'))) ||
$_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
{
if($postuserid > 0){
$isrquery = "INSERT INTO {$dbprefix}survey_permissions (sid,uid,permission,read_p) VALUES ({$surveyid},{$postuserid},'survey',1)";
$isrresult = $connect->Execute($isrquery); //Checked
if($isrresult)
{
$addsummary .= "<div class=\"successheader\">".$clang->gT("User added.")."</div>\n";
$addsummary .= "<br /><form method='post' action='$scriptname?sid={$surveyid}'>"
."<input type='submit' value='".$clang->gT("Set survey permissions")."' />"
."<input type='hidden' name='action' value='setsurveysecurity' />"
."<input type='hidden' name='uid' value='{$postuserid}' />"
//Checked
while ($gnrow = $gnresult->FetchRow()) {
$partial_responses = $gnrow[0];
}
$gnquery = "SELECT count(id) FROM " . db_table_name("survey_" . $rows['sid']);
$gnresult = db_execute_num($gnquery);
//Checked
while ($gnrow = $gnresult->FetchRow()) {
$responses = $gnrow[0];
}
} else {
$status = $clang->gT("Inactive");
}
$datetimeobj = new Date_Time_Converter($rows['datecreated'], "Y-m-d H:i:s");
$datecreated = $datetimeobj->convert($dateformatdetails['phpdate']);
if (in_array($rows['owner_id'], getuserlist('onlyuidarray'))) {
$ownername = $rows['users_name'];
} else {
$ownername = "---";
}
$questionsCount = 0;
$questionsCountQuery = "SELECT * FROM " . db_table_name('questions') . " WHERE sid={$rows['sid']} AND language='" . $rows['language'] . "'";
//Getting a count of questions for this survey
$questionsCountResult = $connect->Execute($questionsCountQuery);
//Checked
$questionsCount = $questionsCountResult->RecordCount();
$listsurveys .= "<tr>";
if ($rows['active'] == "Y") {
if ($rows['expires'] != '' && $rows['expires'] < date_shift(date("Y-m-d H:i:s"), "Y-m-d", $timeadjust)) {
$listsurveys .= "<td><img src='{$imageurl}/expired.png' " . "alt='" . $clang->gT("This survey is active but expired.") . "' /></td>";
} else {
if (isset($_REQUEST['survey_id'])) {
$intSurveyId = sanitize_int($_REQUEST['survey_id']);
}
$owner_id = $_SESSION['loginID'];
header('Content-type: application/json');
$query = "UPDATE " . db_table_name('surveys') . " SET owner_id = {$intNewOwner} WHERE sid={$intSurveyId}";
if (bHasGlobalPermission("USER_RIGHT_SUPERADMIN")) {
$query .= ";";
} else {
$query .= " AND owner_id={$owner_id};";
}
$result = db_execute_assoc($query) or safe_die($connect->ErrorMsg());
$query = "SELECT b.users_name FROM " . db_table_name('surveys') . " as a" . " INNER JOIN " . db_table_name('users') . " as b ON a.owner_id = b.uid WHERE sid={$intSurveyId} AND owner_id={$intNewOwner};";
$result = db_execute_assoc($query) or safe_die($connect->ErrorMsg());
$intRecordCount = $result->RecordCount();
$aUsers = array('record_count' => $intRecordCount);
if ($result->RecordCount() > 0) {
while ($rows = $result->FetchRow()) {
$aUsers['newowner'] = $rows['users_name'];
}
}
$ajaxoutput = ls_json_encode($aUsers) . "\n";
} elseif ($action == "ajaxgetusers") {
header('Content-type: application/json');
$aSeenUsers = getuserlist();
$aUsers = array();
foreach ($aSeenUsers as $userline) {
$aUsers[] = array($userline['uid'], $userline['user']);
}
$ajaxoutput = ls_json_encode($aUsers) . "\n";
}
