if (survey_status_is_test($status)) {
if (isset($_REQUEST['test']) && $_REQUEST['test']) {
$isActive = true;
} else {
$isActive = false;
}
} else {
if (STATUS_OPEN !== survey_open($open_date, $close_date)) {
$isActive = false;
} else {
$isActive = true;
}
}
}
if (!$isActive) {
echo mkerror(_('Error processing survey: Survey is not active.'));
return;
}
if ($request_referer == $ESPCONFIG['autopub_url']) {
$request_referer .= "?name={$name}";
}
// let's build the correct return/submit/resume link
$action = $ESPCONFIG['proto'] . $_SERVER['HTTP_HOST'] . htmlspecialchars($_SERVER['PHP_SELF']);
$query_string = "";
// we need to remove "sec=xx" from the query string, otherwise
// the resume link will contain this also and the user will always
// return to the same filled in section
if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) {
$query_string = $_SERVER['QUERY_STRING'];
}
$query_string = preg_replace('/sec=\\d+/s', '', $query_string);
/* $Id$ */
/* vim: set tabstop=4 shiftwidth=4 expandtab: */
// Written by James Flemer
// For eGrad2000.com
// <*****@*****.**>
if (!defined('ESP-FIRST-INCLUDED')) {
echo "In order to conduct surveys, please include phpESP.first.php in your php script, not handler-prefix.php!";
exit;
}
if (defined('ESP-HANDLER-PREFIX')) {
return;
}
define('ESP-HANDLER-PREFIX', true);
$GLOBALS['errmsg'] = '';
if (isset($_REQUEST['results']) || isset($_REQUEST['results'])) {
$GLOBALS['errmsg'] = mkerror(_('Error processing survey: Security violation.'));
return;
}
if (isset($sid) && !empty($sid)) {
$sid = intval($sid);
} else {
if (isset($_REQUEST['sid']) && !empty($_REQUEST['sid'])) {
$sid = intval($_REQUEST['sid']);
}
}
if (!isset($sid) || empty($sid)) {
blur('/public/dashboard.php');
assert('false; // NOTREACHED');
}
if (!isset($_css)) {
$_css = "";
} else {
array_push($sqlv, _addslashes($post[$f]));
}
}
}
array_push($sqlf, 'realm');
array_push($sqlv, _addslashes($signup_realm));
$sqlf = implode(',', $sqlf);
$sqlv = implode(',', $sqlv);
$sql = "INSERT INTO " . $GLOBALS['ESPCONFIG']['respondent_table'] . " ({$sqlf}) VALUES ({$sqlv})";
/* execute statement */
$res = execute_sql($sql);
if (!$res) {
$msg = '<font color="red">' . _('Request failed, please choose a different username.') . '</font>';
if ($GLOBALS['ESPCONFIG']['DEBUG']) {
$msg .= mkerror(ErrorNo() . ': ' . ErrorMsg());
}
break;
}
$msg = '<font color="blue">' . sprintf(_('Your account, %s, has been created!'), htmlspecialchars($post['username'])) . '</font>';
foreach ($fields as $f) {
$post[$f] = null;
unset($post[$f]);
}
}
} while (0);
$rqd = '<font color="red">*</font>';
if (!$embed) {
?>
<html>
<head>
}
if (isset($_SESSION['raw_password'])) {
$raw_password = $_SESSION['raw_password'];
} else {
$raw_password = "";
}
}
$password = _addslashes($raw_password);
if (!manage_auth($username, $password, $raw_password)) {
exit;
}
} else {
$_SESSION['acl'] = array('username' => 'none', 'pdesign' => array('none'), 'pdata' => array('none'), 'pstatus' => array('none'), 'pall' => array('none'), 'pgroup' => array('none'), 'puser' => array('none'), 'superuser' => 'Y', 'disabled' => 'N');
}
if ($_SESSION['acl']['superuser'] != 'Y') {
exit;
}
foreach ($ESPCONFIG as $name => $value) {
if (substr($name, -6) == "_table") {
$newvalue = str_replace($DB_PREFIX, "", $value);
print "<br \\>Renaming {$value} to {$new_prefix}{$newvalue} ... ";
$sql = "RENAME TABLE {$value} TO {$new_prefix}{$newvalue}";
$result = execute_sql($sql);
if (!$result) {
echo mkerror(_('FAILED'));
} else {
echo _('DONE');
}
}
}
echo "<br><a href=\"manage.php\">" . _('Go back to Management Interface') . "</a>\n";
function handleChangePassword()
{
// are we in change password mode?
$showChangePassword = $GLOBALS['ESPCONFIG']['dashboard_allow_change_password'] && empty($_REQUEST['doChangePasswordCancel']) && is_session_authenticated() && isset($_REQUEST['doChangePassword']) ? true : false;
// are we also changing the password?
$handleChangePassword = $showChangePassword && get_current_respondent($respondent) && !empty($_REQUEST['oldPassword']) && !empty($_REQUEST['newPassword']) && !empty($_REQUEST['newPasswordConfirm']) ? true : false;
// if changing, handle it
if ($handleChangePassword) {
$isAuthenticated = authenticate($respondent['username'], $_REQUEST['oldPassword'], $realms);
$isAuthenticated = 1 === count($realms) ? $isAuthenticated : false;
$isMatch = 0 === strcmp($_REQUEST['newPassword'], $_REQUEST['newPasswordConfirm']) ? true : false;
// if the old password authenticates and the confirmation password matches, go change
if ($isAuthenticated && $isMatch) {
// if password changes successfully, drop out of show change password mode
$ok = change_password($respondent['username'], $respondent['realm'], $_REQUEST['newPassword']);
if ($ok) {
$showChangePassword = false;
} else {
$GLOBALS['errmsg'] = mkerror(_('Unable to change your password; contact an administrator'));
}
// if the old password authenticates but the confirmation doesn't match
} else {
if ($isAuthenticated && !$isMatch) {
$GLOBALS['errmsg'] = mkerror(_('Passwords do not match; check your typing'));
// otherwise, bad original password, puke
} else {
$GLOBALS['errmsg'] = mkerror(_('Old password incorrect; check your typing'));
}
}
}
// if we're showing the change password form, do so
if ($showChangePassword) {
paint_header();
echo '<div class="dashboardPanel">' . '<h1>' . _('Change My Password') . '</h1>' . render_passwd_change_form() . '</div>';
paint_footer();
exit;
}
}
