/**
* Create a DB user
*
* @return unknown_type
*/
public function createNewUser()
{
// Do nothing if the user to be added is not DB type
if (flattenText(Yii::app()->request->getPost('user_type')) != 'DB') {
return;
}
$oEvent = $this->getEvent();
$new_user = flattenText(Yii::app()->request->getPost('new_user'), false, true);
$new_email = flattenText(Yii::app()->request->getPost('new_email'), false, true);
if (!validateEmailAddress($new_email)) {
$oEvent->set('errorCode', self::ERROR_INVALID_EMAIL);
$oEvent->set('errorMessageTitle', gT("Failed to add user"));
$oEvent->set('errorMessageBody', gT("The email address is not valid."));
return;
}
$new_full_name = flattenText(Yii::app()->request->getPost('new_full_name'), false, true);
$new_pass = createPassword();
$iNewUID = User::model()->insertUser($new_user, $new_pass, $new_full_name, Yii::app()->session['loginID'], $new_email);
if (!$iNewUID) {
$oEvent->set('errorCode', self::ERROR_ALREADY_EXISTING_USER);
$oEvent->set('errorMessageTitle', '');
$oEvent->set('errorMessageBody', gT("Failed to add user"));
return;
}
Permission::model()->setGlobalPermission($iNewUID, 'auth_db');
$oEvent->set('newUserID', $iNewUID);
$oEvent->set('newPassword', $new_pass);
$oEvent->set('newEmail', $new_email);
$oEvent->set('newFullName', $new_full_name);
$oEvent->set('errorCode', self::ERROR_NONE);
}
public function validateAttribute($object, $attribute)
{
if ($object->{$attribute} == '' && $this->allowEmpty) {
return;
}
if ($this->allowMultiple) {
$aEmailAdresses = explode(';', $object->{$attribute});
} else {
$aEmailAdresses = array($object->{$attribute});
}
foreach ($aEmailAdresses as $sEmailAddress) {
if (!validateEmailAddress($sEmailAddress)) {
$this->addError($object, $attribute, gT('Invalid email address.'));
return;
}
}
return;
}
foreach ($_POST as $key => $value) {
$_POST[$key] = removeEmailInjection(trim($value));
}
// Check the required fields and make sure they match our needs
foreach ($requiredInputs as $field) {
// the field has been submitted
if (!array_key_exists($field, $_POST)) {
array_push($Validation, $field);
}
// check if there is information in the field
if ($_POST[$field] == '') {
array_push($Validation, $field);
}
// validate the email address supplied
if ($field == 'email') {
if (!validateEmailAddress($_POST[$field])) {
array_push($Validation, $field);
}
}
}
// basic validation result
if (count($Validation) == 0) {
// Prepare our content string
$emailContent = 'New Website Comment: ' . "\n\n";
// simple email content
foreach ($_POST as $key => $value) {
if ($key != 'submit') {
$emailContent .= $key . ': ' . $value . "\n";
}
}
// if validation passed the right way, then send the email
/**
* Modify User POST
*/
function moduser()
{
$clang = Yii::app()->lang;
$postuser = Yii::app()->request->getPost("user");
$postemail = Yii::app()->request->getPost("email");
$postuserid = Yii::app()->request->getPost("uid");
$postfull_name = Yii::app()->request->getPost("full_name");
$display_user_password_in_html = Yii::app()->getConfig("display_user_password_in_html");
$addsummary = '';
$aViewUrls = array();
$sresult = User::model()->findAllByAttributes(array('uid' => $postuserid, 'parent_id' => Yii::app()->session['loginID']));
$sresultcount = count($sresult);
if ((Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1 || $postuserid == Yii::app()->session['loginID'] || $sresultcount > 0 && Yii::app()->session['USER_RIGHT_CREATE_USER']) && !(Yii::app()->getConfig("demoMode") == true && $postuserid == 1)) {
$users_name = html_entity_decode($postuser, ENT_QUOTES, 'UTF-8');
$email = html_entity_decode($postemail, ENT_QUOTES, 'UTF-8');
$sPassword = html_entity_decode(Yii::app()->request->getPost('pass'), ENT_QUOTES, 'UTF-8');
if ($sPassword == '%%unchanged%%') {
$sPassword = '';
}
$full_name = html_entity_decode($postfull_name, ENT_QUOTES, 'UTF-8');
if (!validateEmailAddress($email)) {
$aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Editing user"), $clang->gT("Could not modify user data."), "warningheader", $clang->gT("Email address is not valid."), $this->getController()->createUrl('admin/user/modifyuser'), $clang->gT("Back"), array('uid' => $postuserid));
} else {
if (empty($sPassword)) {
$uresult = User::model()->updateByPk($postuserid, array('email' => $this->escape($email), 'full_name' => $this->escape($full_name)));
} else {
$uresult = User::model()->updateByPk($postuserid, array('email' => $this->escape($email), 'full_name' => $this->escape($full_name), 'password' => hash('sha256', $sPassword)));
}
if (empty($sPassword)) {
$extra = $clang->gT("Username") . ": {$users_name}<br />" . $clang->gT("Password") . ": (" . $clang->gT("Unchanged") . ")<br />\n";
$aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Editing user"), $clang->gT("Success!"), "successheader", $extra);
} elseif ($uresult && !empty($sPassword)) {
if ($sPassword != 'password') {
Yii::app()->session['pw_notify'] = FALSE;
}
if ($sPassword == 'password') {
Yii::app()->session['pw_notify'] = TRUE;
}
if ($display_user_password_in_html === true) {
$displayedPwd = $sPassword;
} else {
$displayedPwd = preg_replace('/./', '*', $sPassword);
}
$extra = $clang->gT("Username") . ": {$users_name}<br />" . $clang->gT("Password") . ": {$displayedPwd}<br />\n";
$aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Editing user"), $clang->gT("Success!"), "successheader", $extra);
} else {
// Username and/or email adress already exists.
$aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect($clang->gT("Editing user"), $clang->gT("Could not modify user data. Email address already exists."), 'warningheader');
}
}
}
$this->_renderWrappedTemplate('user', $aViewUrls);
}
/**
* import from csv
*/
function import($iSurveyId)
{
$clang = $this->getController()->lang;
$iSurveyId = (int) $iSurveyId;
if (!Permission::model()->hasSurveyPermission($iSurveyId, 'tokens', 'import')) {
Yii::app()->session['flashmessage'] = $clang->gT("You do not have sufficient rights to access this page.");
$this->getController()->redirect(array("/admin/survey/sa/view/surveyid/{$iSurveyId}"));
}
// CHECK TO SEE IF A TOKEN TABLE EXISTS FOR THIS SURVEY
$bTokenExists = tableExists('{{tokens_' . $iSurveyId . '}}');
if (!$bTokenExists) {
self::_newtokentable($iSurveyId);
}
App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('adminscripts') . 'tokensimport.js');
$aEncodings = aEncodingsArray();
if (Yii::app()->request->getPost('submit')) {
if (Yii::app()->request->getPost('csvcharset') && Yii::app()->request->getPost('csvcharset')) {
$uploadcharset = Yii::app()->request->getPost('csvcharset');
if (!array_key_exists($uploadcharset, $aEncodings)) {
$uploadcharset = 'auto';
}
$filterduplicatetoken = Yii::app()->request->getPost('filterduplicatetoken') && Yii::app()->request->getPost('filterduplicatetoken') == 'on';
$filterblankemail = Yii::app()->request->getPost('filterblankemail') && Yii::app()->request->getPost('filterblankemail') == 'on';
}
$attrfieldnames = getAttributeFieldNames($iSurveyId);
$duplicatelist = array();
$invalidemaillist = array();
$invalidformatlist = array();
$firstline = array();
$sPath = Yii::app()->getConfig('tempdir');
$sFileTmpName = $_FILES['the_file']['tmp_name'];
$sFilePath = $sPath . '/' . randomChars(20);
if (!@move_uploaded_file($sFileTmpName, $sFilePath)) {
$aData['sError'] = $clang->gT("Upload file not found. Check your permissions and path ({$sFilePath}) for the upload directory");
$aData['aEncodings'] = $aEncodings;
$aData['iSurveyId'] = $aData['surveyid'] = $iSurveyId;
$aData['thissurvey'] = getSurveyInfo($iSurveyId);
$this->_renderWrappedTemplate('token', array('tokenbar', 'csvupload'), $aData);
} else {
$xz = 0;
$recordcount = 0;
$xv = 0;
// This allows to read file with MAC line endings too
@ini_set('auto_detect_line_endings', true);
// open it and trim the ednings
$tokenlistarray = file($sFilePath);
$sBaseLanguage = Survey::model()->findByPk($iSurveyId)->language;
if (!Yii::app()->request->getPost('filterduplicatefields') || Yii::app()->request->getPost('filterduplicatefields') && count(Yii::app()->request->getPost('filterduplicatefields')) == 0) {
$filterduplicatefields = array('firstname', 'lastname', 'email');
} else {
$filterduplicatefields = Yii::app()->request->getPost('filterduplicatefields');
}
$separator = returnGlobal('separator');
foreach ($tokenlistarray as $buffer) {
$buffer = @mb_convert_encoding($buffer, "UTF-8", $uploadcharset);
if ($recordcount == 0) {
// Parse first line (header) from CSV
$buffer = removeBOM($buffer);
// We alow all field except tid because this one is really not needed.
$allowedfieldnames = array('participant_id', 'firstname', 'lastname', 'email', 'emailstatus', 'token', 'language', 'blacklisted', 'sent', 'remindersent', 'remindercount', 'validfrom', 'validuntil', 'completed', 'usesleft');
$allowedfieldnames = array_merge($attrfieldnames, $allowedfieldnames);
// Some header don't have same column name
$aReplacedFields = array('invited' => 'sent');
switch ($separator) {
case 'comma':
$separator = ',';
break;
case 'semicolon':
$separator = ';';
break;
default:
$comma = substr_count($buffer, ',');
$semicolon = substr_count($buffer, ';');
if ($semicolon > $comma) {
$separator = ';';
} else {
$separator = ',';
}
}
$firstline = str_getcsv($buffer, $separator, '"');
$firstline = array_map('trim', $firstline);
$ignoredcolumns = array();
// Now check the first line for invalid fields
foreach ($firstline as $index => $fieldname) {
$firstline[$index] = preg_replace("/(.*) <[^,]*>\$/", "\$1", $fieldname);
$fieldname = $firstline[$index];
if (!in_array($fieldname, $allowedfieldnames)) {
$ignoredcolumns[] = $fieldname;
}
if (array_key_exists($fieldname, $aReplacedFields)) {
$firstline[$index] = $aReplacedFields[$fieldname];
}
}
if (!in_array('firstname', $firstline) || !in_array('lastname', $firstline) || !in_array('email', $firstline)) {
$recordcount = count($tokenlistarray);
break;
}
} else {
$line = str_getcsv($buffer, $separator, '"');
if (count($firstline) != count($line)) {
$invalidformatlist[] = $recordcount;
$recordcount++;
continue;
}
$writearray = array_combine($firstline, $line);
//kick out ignored columns
foreach ($ignoredcolumns as $column) {
unset($writearray[$column]);
}
$dupfound = false;
$invalidemail = false;
if ($filterduplicatetoken != false) {
$dupquery = "SELECT count(tid) from {{tokens_" . intval($iSurveyId) . "}} where 1=1";
foreach ($filterduplicatefields as $field) {
if (isset($writearray[$field])) {
$dupquery .= " and " . Yii::app()->db->quoteColumnName($field) . " = " . Yii::app()->db->quoteValue($writearray[$field]);
}
}
$dupresult = Yii::app()->db->createCommand($dupquery)->queryScalar();
if ($dupresult > 0) {
$dupfound = true;
$duplicatelist[] = Yii::app()->db->quoteValue($writearray['firstname']) . " " . Yii::app()->db->quoteValue($writearray['lastname']) . " (" . Yii::app()->db->quoteValue($writearray['email']) . ")";
}
}
$writearray['email'] = trim($writearray['email']);
//treat blank emails
if ($filterblankemail && $writearray['email'] == '') {
$invalidemail = true;
$invalidemaillist[] = $line[0] . " " . $line[1] . " ( )";
}
if ($writearray['email'] != '') {
$aEmailAddresses = explode(';', $writearray['email']);
foreach ($aEmailAddresses as $sEmailaddress) {
if (!validateEmailAddress($sEmailaddress)) {
$invalidemail = true;
$invalidemaillist[] = $line[0] . " " . $line[1] . " (" . $line[2] . ")";
}
}
}
if (isset($writearray['token'])) {
$writearray['token'] = sanitize_token($writearray['token']);
}
if (!$dupfound && !$invalidemail) {
// unset all empty value
foreach ($writearray as $key => $value) {
if ($writearray[$key] == "") {
unset($writearray[$key]);
}
if (substr($value, 0, 1) == '"' && substr($value, -1) == '"') {
// Fix CSV quote
$value = substr($value, 1, -1);
}
}
// Some default value : to be moved to Token model rules in future release ?
// But think we have to accept invalid email etc ... then use specific scenario
$writearray['emailstatus'] = isset($writearray['emailstatus']) ? $writearray['emailstatus'] : "OK";
$writearray['language'] = isset($writearray['language']) ? $writearray['language'] : $sBaseLanguage;
$oToken = Token::create($iSurveyId);
foreach ($writearray as $key => $value) {
//if(in_array($key,$oToken->attributes)) Not needed because we filter attributes before
$oToken->{$key} = $value;
}
$ir = $oToken->save();
if (!$ir) {
$duplicatelist[] = $writearray['firstname'] . " " . $writearray['lastname'] . " (" . $writearray['email'] . ")";
} else {
$xz++;
}
}
$xv++;
}
$recordcount++;
}
$recordcount = $recordcount - 1;
unlink($sFilePath);
$aData['tokenlistarray'] = $tokenlistarray;
$aData['xz'] = $xz;
$aData['xv'] = $xv;
$aData['recordcount'] = $recordcount;
$aData['firstline'] = $firstline;
$aData['duplicatelist'] = $duplicatelist;
$aData['invalidformatlist'] = $invalidformatlist;
$aData['invalidemaillist'] = $invalidemaillist;
$aData['thissurvey'] = getSurveyInfo($iSurveyId);
$aData['iSurveyId'] = $aData['surveyid'] = $iSurveyId;
$this->_renderWrappedTemplate('token', array('tokenbar', 'csvpost'), $aData);
}
} else {
$aData['aEncodings'] = $aEncodings;
$aData['iSurveyId'] = $iSurveyId;
$aData['thissurvey'] = getSurveyInfo($iSurveyId);
$aData['surveyid'] = $iSurveyId;
$aTokenTableFields = getTokenFieldsAndNames($iSurveyId);
unset($aTokenTableFields['sent']);
unset($aTokenTableFields['remindersent']);
unset($aTokenTableFields['remindercount']);
unset($aTokenTableFields['usesleft']);
foreach ($aTokenTableFields as $sKey => $sValue) {
if ($sValue['description'] != $sKey) {
$sValue['description'] .= ' - ' . $sKey;
}
$aNewTokenTableFields[$sKey] = $sValue['description'];
}
$aData['aTokenTableFields'] = $aNewTokenTableFields;
$this->_renderWrappedTemplate('token', array('tokenbar', 'csvupload'), $aData);
}
}
/**
* register::index()
* Process register form data and take appropriate action
* @return
*/
function actionIndex($surveyid = null)
{
Yii::app()->loadHelper('database');
Yii::app()->loadHelper('replacements');
$postlang = Yii::app()->request->getPost('lang');
if ($surveyid == null) {
$surveyid = Yii::app()->request->getPost('sid');
}
if (!$surveyid) {
Yii::app()->request->redirect(Yii::app()->baseUrl);
}
// Get passed language from form, so that we dont loose this!
if (!isset($postlang) || $postlang == "" || !$postlang) {
$baselang = Survey::model()->findByPk($surveyid)->language;
Yii::import('application.libraries.Limesurvey_lang');
Yii::app()->lang = new Limesurvey_lang($baselang);
$clang = Yii::app()->lang;
} else {
Yii::import('application.libraries.Limesurvey_lang');
Yii::app()->lang = new Limesurvey_lang($postlang);
$clang = Yii::app()->lang;
$baselang = $postlang;
}
$thissurvey = getSurveyInfo($surveyid, $baselang);
$register_errormsg = "";
// Check the security question's answer
if (function_exists("ImageCreate") && isCaptchaEnabled('registrationscreen', $thissurvey['usecaptcha'])) {
if (!isset($_POST['loadsecurity']) || !isset($_SESSION['survey_' . $surveyid]['secanswer']) || Yii::app()->request->getPost('loadsecurity') != $_SESSION['survey_' . $surveyid]['secanswer']) {
$register_errormsg .= $clang->gT("The answer to the security question is incorrect.") . "<br />\n";
}
}
//Check that the email is a valid style address
if (!validateEmailAddress(Yii::app()->request->getPost('register_email'))) {
$register_errormsg .= $clang->gT("The email you used is not valid. Please try again.");
}
// Check for additional fields
$attributeinsertdata = array();
foreach (GetParticipantAttributes($surveyid) as $field => $data) {
if (empty($data['show_register']) || $data['show_register'] != 'Y') {
continue;
}
$value = sanitize_xss_string(Yii::app()->request->getPost('register_' . $field));
if (trim($value) == '' && $data['mandatory'] == 'Y') {
$register_errormsg .= sprintf($clang->gT("%s cannot be left empty"), $thissurvey['attributecaptions'][$field]);
}
$attributeinsertdata[$field] = $value;
}
if ($register_errormsg != "") {
$_SESSION['survey_' . $surveyid]['register_errormsg'] = $register_errormsg;
Yii::app()->request->redirect(Yii::app()->createUrl('survey/index/sid/' . $surveyid));
}
//Check if this email already exists in token database
$query = "SELECT email FROM {{tokens_{$surveyid}}}\n" . "WHERE email = '" . sanitize_email(Yii::app()->request->getPost('register_email')) . "'";
$usrow = Yii::app()->db->createCommand($query)->queryRow();
if ($usrow) {
$register_errormsg = $clang->gT("The email you used has already been registered.");
$_SESSION['survey_' . $surveyid]['register_errormsg'] = $register_errormsg;
Yii::app()->request->redirect(Yii::app()->createUrl('survey/index/sid/' . $surveyid));
//include "index.php";
//exit;
}
$mayinsert = false;
// Get the survey settings for token length
//$this->load->model("surveys_model");
$tlresult = Survey::model()->findAllByAttributes(array("sid" => $surveyid));
if (isset($tlresult[0])) {
$tlrow = $tlresult[0];
} else {
$tlrow = $tlresult;
}
$tokenlength = $tlrow['tokenlength'];
//if tokenlength is not set or there are other problems use the default value (15)
if (!isset($tokenlength) || $tokenlength == '') {
$tokenlength = 15;
}
while ($mayinsert != true) {
$newtoken = randomChars($tokenlength);
$ntquery = "SELECT * FROM {{tokens_{$surveyid}}} WHERE token='{$newtoken}'";
$usrow = Yii::app()->db->createCommand($ntquery)->queryRow();
if (!$usrow) {
$mayinsert = true;
}
}
$postfirstname = sanitize_xss_string(strip_tags(Yii::app()->request->getPost('register_firstname')));
$postlastname = sanitize_xss_string(strip_tags(Yii::app()->request->getPost('register_lastname')));
$starttime = sanitize_xss_string(Yii::app()->request->getPost('startdate'));
$endtime = sanitize_xss_string(Yii::app()->request->getPost('enddate'));
/*$postattribute1=sanitize_xss_string(strip_tags(returnGlobal('register_attribute1')));
$postattribute2=sanitize_xss_string(strip_tags(returnGlobal('register_attribute2'))); */
// Insert new entry into tokens db
Tokens_dynamic::sid($thissurvey['sid']);
$token = new Tokens_dynamic();
$token->firstname = $postfirstname;
$token->lastname = $postlastname;
$token->email = Yii::app()->request->getPost('register_email');
$token->emailstatus = 'OK';
$token->token = $newtoken;
if ($starttime && $endtime) {
$token->validfrom = $starttime;
$token->validuntil = $endtime;
}
foreach ($attributeinsertdata as $k => $v) {
$token->{$k} = $v;
}
$result = $token->save();
/**
$result = $connect->Execute($query, array($postfirstname,
$postlastname,
returnGlobal('register_email'),
'OK',
$newtoken)
// $postattribute1, $postattribute2)
) or safeDie ($query."<br />".$connect->ErrorMsg()); //Checked - According to adodb docs the bound variables are quoted automatically
*/
$tid = getLastInsertID($token->tableName());
$fieldsarray["{ADMINNAME}"] = $thissurvey['adminname'];
$fieldsarray["{ADMINEMAIL}"] = $thissurvey['adminemail'];
$fieldsarray["{SURVEYNAME}"] = $thissurvey['name'];
$fieldsarray["{SURVEYDESCRIPTION}"] = $thissurvey['description'];
$fieldsarray["{FIRSTNAME}"] = $postfirstname;
$fieldsarray["{LASTNAME}"] = $postlastname;
$fieldsarray["{EXPIRY}"] = $thissurvey["expiry"];
$message = $thissurvey['email_register'];
$subject = $thissurvey['email_register_subj'];
$from = "{$thissurvey['adminname']} <{$thissurvey['adminemail']}>";
if (getEmailFormat($surveyid) == 'html') {
$useHtmlEmail = true;
$surveylink = $this->createAbsoluteUrl($surveyid . '/lang-' . $baselang . '/tk-' . $newtoken);
$optoutlink = $this->createAbsoluteUrl('optout/local/' . $surveyid . '/' . $baselang . '/' . $newtoken);
$optinlink = $this->createAbsoluteUrl('optin/local/' . $surveyid . '/' . $baselang . '/' . $newtoken);
$fieldsarray["{SURVEYURL}"] = "<a href='{$surveylink}'>" . $surveylink . "</a>";
$fieldsarray["{OPTOUTURL}"] = "<a href='{$optoutlink}'>" . $optoutlink . "</a>";
$fieldsarray["{OPTINURL}"] = "<a href='{$optinlink}'>" . $optinlink . "</a>";
} else {
$useHtmlEmail = false;
$fieldsarray["{SURVEYURL}"] = $this->createAbsoluteUrl('' . $surveyid . '/lang-' . $baselang . '/tk-' . $newtoken);
$fieldsarray["{OPTOUTURL}"] = $this->createAbsoluteUrl('optout/local/' . $surveyid . '/' . $baselang . '/' . $newtoken);
$fieldsarray["{OPTINURL}"] = $this->createAbsoluteUrl('optin/local/' . $surveyid . '/' . $baselang . '/' . $newtoken);
}
$message = ReplaceFields($message, $fieldsarray);
$subject = ReplaceFields($subject, $fieldsarray);
$html = "";
//Set variable
$sitename = Yii::app()->getConfig('sitename');
if (SendEmailMessage($message, $subject, Yii::app()->request->getPost('register_email'), $from, $sitename, $useHtmlEmail, getBounceEmail($surveyid))) {
// TLR change to put date into sent
$today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i", Yii::app()->getConfig('timeadjust'));
$query = "UPDATE {{tokens_{$surveyid}}}\n" . "SET sent='{$today}' WHERE tid={$tid}";
$result = dbExecuteAssoc($query) or show_error("Unable to execute this query : {$query}<br />");
//Checked
$html = "<center>" . $clang->gT("Thank you for registering to participate in this survey.") . "<br /><br />\n" . $clang->gT("An email has been sent to the address you provided with access details for this survey. Please follow the link in that email to proceed.") . "<br /><br />\n" . $clang->gT("Survey administrator") . " {ADMINNAME} ({ADMINEMAIL})";
$html = ReplaceFields($html, $fieldsarray);
$html .= "<br /><br /></center>\n";
} else {
$html = "Email Error";
}
//PRINT COMPLETED PAGE
if (!$thissurvey['template']) {
$thistpl = getTemplatePath(validateTemplateDir('default'));
} else {
$thistpl = getTemplatePath(validateTemplateDir($thissurvey['template']));
}
sendCacheHeaders();
doHeader();
Yii::app()->lang = $clang;
// fetch the defined variables and pass it to the header footer templates.
$redata = compact(array_keys(get_defined_vars()));
$this->_printTemplateContent($thistpl . '/startpage.pstpl', $redata, __LINE__);
$this->_printTemplateContent($thistpl . '/survey.pstpl', $redata, __LINE__);
echo $html;
$this->_printTemplateContent($thistpl . '/endpage.pstpl', $redata, __LINE__);
doFooter();
}
/**
* Create a LDAP user
*
* @param string $new_user
* @return null|string New user ID
*/
private function _createNewUser($new_user)
{
$oEvent = $this->getEvent();
// Get configuration settings:
$ldapserver = $this->get('server');
$ldapport = $this->get('ldapport');
$ldapmode = $this->get('ldapmode');
$searchuserattribute = $this->get('searchuserattribute');
$extrauserfilter = $this->get('extrauserfilter');
$usersearchbase = $this->get('usersearchbase');
$binddn = $this->get('binddn');
$bindpwd = $this->get('bindpwd');
$mailattribute = $this->get('mailattribute');
$fullnameattribute = $this->get('fullnameattribute');
// Try to connect
$ldapconn = $this->createConnection();
if (!is_resource($ldapconn)) {
$oEvent->set('errorCode', self::ERROR_LDAP_CONNECTION);
$oEvent->set('errorMessageTitle', '');
$oEvent->set('errorMessageBody', $ldapconn['errorMessage']);
return null;
}
if (empty($ldapmode) || $ldapmode == 'simplebind') {
$oEvent->set('errorCode', self::ERROR_LDAP_MODE);
$oEvent->set('errorMessageTitle', gT("Failed to add user"));
$oEvent->set('errorMessageBody', gT("Simple bind LDAP configuration doesn't allow LDAP user creation"));
return null;
}
// Search email address and full name
if (empty($binddn)) {
// There is no account defined to do the LDAP search,
// let's use anonymous bind instead
$ldapbindsearch = @ldap_bind($ldapconn);
} else {
// An account is defined to do the LDAP search, let's use it
$ldapbindsearch = @ldap_bind($ldapconn, $binddn, $bindpwd);
}
if (!$ldapbindsearch) {
$oEvent->set('errorCode', self::ERROR_LDAP_NO_BIND);
$oEvent->set('errorMessageTitle', gT('Could not connect to LDAP server.'));
$oEvent->set('errorMessageBody', gT(ldap_error($ldapconn)));
ldap_close($ldapconn);
// all done? close connection
return null;
}
// Now prepare the search fitler
if ($extrauserfilter != "") {
$usersearchfilter = "(&({$searchuserattribute}={$new_user}){$extrauserfilter})";
} else {
$usersearchfilter = "({$searchuserattribute}={$new_user})";
}
// Search for the user
$dnsearchres = ldap_search($ldapconn, $usersearchbase, $usersearchfilter, array($mailattribute, $fullnameattribute));
$rescount = ldap_count_entries($ldapconn, $dnsearchres);
if ($rescount == 1) {
$userentry = ldap_get_entries($ldapconn, $dnsearchres);
$new_email = flattenText($userentry[0][$mailattribute][0]);
$new_full_name = flattenText($userentry[0][strtolower($fullnameattribute)][0]);
} else {
$oEvent->set('errorCode', self::ERROR_LDAP_NO_SEARCH_RESULT);
$oEvent->set('errorMessageTitle', gT('Username not found in LDAP server'));
$oEvent->set('errorMessageBody', gT('Verify username and try again'));
ldap_close($ldapconn);
// all done? close connection
return null;
}
if (!validateEmailAddress($new_email)) {
$oEvent->set('errorCode', self::ERROR_INVALID_EMAIL);
$oEvent->set('errorMessageTitle', gT("Failed to add user"));
$oEvent->set('errorMessageBody', gT("The email address is not valid."));
return null;
}
$new_pass = createPassword();
// If user is being auto created we set parent ID to 1 (admin user)
if (isset(Yii::app()->session['loginID'])) {
$parentID = Yii::app()->session['loginID'];
} else {
$parentID = 1;
}
$iNewUID = User::model()->insertUser($new_user, $new_pass, $new_full_name, $parentID, $new_email);
if (!$iNewUID) {
$oEvent->set('errorCode', self::ERROR_ALREADY_EXISTING_USER);
$oEvent->set('errorMessageTitle', '');
$oEvent->set('errorMessageBody', gT("Failed to add user"));
return null;
}
Permission::model()->setGlobalPermission($iNewUID, 'auth_ldap');
$oEvent->set('newUserID', $iNewUID);
$oEvent->set('newPassword', $new_pass);
$oEvent->set('newEmail', $new_email);
$oEvent->set('newFullName', $new_full_name);
$oEvent->set('errorCode', self::ERROR_NONE);
return $iNewUID;
}
/**
* This event is fired by when a response is submitted
* available for a survey.
* @param PluginEvent $event
*/
public function afterSurveyComplete()
{
// This method will send a notification email
$event = $this->getEvent();
$surveyId = $event->get('surveyId');
// Only process the afterSurveyComplete if the plugin is Enabled for this survey and if the survey is Active
if ($this->get('emailCount', 'Survey', $surveyId) < 1 || Survey::model()->findByPk($surveyId)->active != "Y") {
// leave gracefully
return true;
}
// Retrieve response and survey properties
$responseId = $event->get('responseId');
$response = $this->pluginManager->getAPI()->getResponse($surveyId, $responseId);
$sitename = $this->pluginManager->getAPI()->getConfigKey('sitename');
$surveyInfo = getSurveyInfo($surveyId);
$adminemail = $surveyInfo['adminemail'];
$bounce_email = $surveyInfo['bounce_email'];
$isHtmlEmail = $surveyInfo['htmlemail'] == 'Y';
$baseLang = $surveyInfo['language'];
for ($i = 1; $i <= $this->get('emailCount', 'Survey', $surveyId); $i++) {
// Let's check if there is at least a valid destination email address
$aTo = array();
$aAttachTo = array();
$aDestEmail = explode(';', $this->pluginManager->getAPI()->EMevaluateExpression($this->get('emailDestinations_' . $i, 'Survey', $surveyId)));
$aDestEmail = array_map('trim', $aDestEmail);
$aUploadQuestions = explode(';', $this->pluginManager->getAPI()->EMevaluateExpression($this->get('emailAttachFiles_' . $i, 'Survey', $surveyId)));
$aUploadQuestions = array_map('trim', $aUploadQuestions);
// prepare an array of valid destination email addresses
foreach ($aDestEmail as $destemail) {
if (validateEmailAddress($destemail)) {
$aTo[] = $destemail;
}
}
// prepare an array of valid attached files from upload-questions
foreach ($aUploadQuestions as $uploadQuestion) {
$sgqa = 0;
$qtype = '';
if (isset($response[$uploadQuestion])) {
// get SGQA code from question-code. Ther might be a better way to do this though...
$sgqa = $this->pluginManager->getAPI()->EMevaluateExpression('{' . $uploadQuestion . '.sgqa}');
$qtype = $this->pluginManager->getAPI()->EMevaluateExpression('{' . $uploadQuestion . '.type}');
}
// Only add the file if question is relevant
if ($sgqa != 0 && $qtype == "|" && \LimeExpressionManager::QuestionIsRelevant($sgqa)) {
$aFiles = json_decode($response[$uploadQuestion]);
if (!is_null($aFiles) && is_array($aFiles)) {
foreach ($aFiles as $file) {
if (property_exists($file, 'name') && property_exists($file, 'filename')) {
$name = $file->name;
$filename = $file->filename;
$aAttachTo[] = array(0 => $this->pluginManager->getAPI()->getConfigKey('uploaddir') . "/surveys/{$surveyId}/files/" . $filename, 1 => $name);
}
}
}
}
}
if (count($aTo) >= 1) {
// Retrieve the language to use for the notification email
$emailLang = $this->get('emailLang_' . $i, 'Survey', $surveyId);
if ($emailLang == '--') {
// in this case let's select the language used when submitting the response
$emailLang = $response['startlanguage'];
}
$subjectTemplate = $this->get("emailSubject_{$i}_{$emailLang}", 'Survey', $surveyId);
if ($subjectTemplate == "") {
// If subject is not translated, use subject and body from the baseLang
$emailLang = $baseLang;
$subjectTemplate = $this->get("emailSubject_{$i}_{$emailLang}", 'Survey', $surveyId);
}
// Process the email subject and body through ExpressionManager
$subject = $this->pluginManager->getAPI()->EMevaluateExpression($subjectTemplate);
// Prepare an {ANSWERTABLE} variable
if ($surveyInfo['datestamp'] == 'N') {
//$aFilteredFields=array('id', 'submitdate', 'lastpage', 'startlanguage');
// Let's filter submitdate if survey is not datestampped
$aFilteredFields = array('submitdate');
} else {
//$aFilteredFields=array('id', 'lastpage', 'startlanguage');
$aFilteredFields = array();
}
$replacementfields = array('ANSWERTABLE' => $this->translateAnswerTable($surveyId, $responseId, $emailLang, $isHtmlEmail, $aFilteredFields));
// Process emailBody through EM and replace {ANSWERTABLE}
$body = \LimeExpressionManager::ProcessString($this->get("emailBody_{$i}_{$emailLang}", 'Survey', $surveyId), NULL, $replacementfields);
// At last it's time to send the email
SendEmailMessage($body, $subject, $aTo, $adminemail, $sitename, $isHtmlEmail, $bounce_email, $aAttachTo);
}
// END BLOCK 'if' aTo[] not emtpy
}
// END BLOCK 'for' emailCount
}
private function _saveSettings()
{
if ($_POST['action'] !== "globalsettingssave") {
return;
}
if (!Permission::model()->hasGlobalPermission('settings', 'update')) {
$this->getController()->redirect(array('/admin'));
}
$clang = $this->getController()->lang;
Yii::app()->loadHelper('surveytranslator');
$maxemails = $_POST['maxemails'];
if (sanitize_int($_POST['maxemails']) < 1) {
$maxemails = 1;
}
$defaultlang = sanitize_languagecode($_POST['defaultlang']);
$aRestrictToLanguages = explode(' ', sanitize_languagecodeS($_POST['restrictToLanguages']));
if (!in_array($defaultlang, $aRestrictToLanguages)) {
// Force default language in restrictToLanguages
$aRestrictToLanguages[] = $defaultlang;
}
if (count(array_diff(array_keys(getLanguageData(false, Yii::app()->session['adminlang'])), $aRestrictToLanguages)) == 0) {
$aRestrictToLanguages = '';
} else {
$aRestrictToLanguages = implode(' ', $aRestrictToLanguages);
}
setGlobalSetting('defaultlang', $defaultlang);
setGlobalSetting('restrictToLanguages', trim($aRestrictToLanguages));
setGlobalSetting('sitename', strip_tags($_POST['sitename']));
setGlobalSetting('updatecheckperiod', (int) $_POST['updatecheckperiod']);
setGlobalSetting('updatenotification', strip_tags($_POST['updatenotification']));
setGlobalSetting('defaulthtmleditormode', sanitize_paranoid_string($_POST['defaulthtmleditormode']));
setGlobalSetting('defaultquestionselectormode', sanitize_paranoid_string($_POST['defaultquestionselectormode']));
setGlobalSetting('defaulttemplateeditormode', sanitize_paranoid_string($_POST['defaulttemplateeditormode']));
setGlobalSetting('defaulttemplate', sanitize_paranoid_string($_POST['defaulttemplate']));
setGlobalSetting('admintheme', sanitize_paranoid_string($_POST['admintheme']));
setGlobalSetting('adminthemeiconsize', trim(file_get_contents(Yii::app()->getConfig("styledir") . DIRECTORY_SEPARATOR . sanitize_paranoid_string($_POST['admintheme']) . DIRECTORY_SEPARATOR . 'iconsize')));
setGlobalSetting('emailmethod', strip_tags($_POST['emailmethod']));
setGlobalSetting('emailsmtphost', strip_tags(returnGlobal('emailsmtphost')));
if (returnGlobal('emailsmtppassword') != 'somepassword') {
setGlobalSetting('emailsmtppassword', strip_tags(returnGlobal('emailsmtppassword')));
}
setGlobalSetting('bounceaccounthost', strip_tags(returnGlobal('bounceaccounthost')));
setGlobalSetting('bounceaccounttype', strip_tags(returnGlobal('bounceaccounttype')));
setGlobalSetting('bounceencryption', strip_tags(returnGlobal('bounceencryption')));
setGlobalSetting('bounceaccountuser', strip_tags(returnGlobal('bounceaccountuser')));
if (returnGlobal('bounceaccountpass') != 'enteredpassword') {
setGlobalSetting('bounceaccountpass', strip_tags(returnGlobal('bounceaccountpass')));
}
setGlobalSetting('emailsmtpssl', sanitize_paranoid_string(Yii::app()->request->getPost('emailsmtpssl', '')));
setGlobalSetting('emailsmtpdebug', sanitize_int(Yii::app()->request->getPost('emailsmtpdebug', '0')));
setGlobalSetting('emailsmtpuser', strip_tags(returnGlobal('emailsmtpuser')));
setGlobalSetting('filterxsshtml', strip_tags($_POST['filterxsshtml']));
$warning = '';
// make sure emails are valid before saving them
if (Yii::app()->request->getPost('siteadminbounce', '') == '' || validateEmailAddress(Yii::app()->request->getPost('siteadminbounce'))) {
setGlobalSetting('siteadminbounce', strip_tags(Yii::app()->request->getPost('siteadminbounce')));
} else {
$warning .= $clang->gT("Warning! Admin bounce email was not saved because it was not valid.") . '<br/>';
}
if (Yii::app()->request->getPost('siteadminemail', '') == '' || validateEmailAddress(Yii::app()->request->getPost('siteadminemail'))) {
setGlobalSetting('siteadminemail', strip_tags(Yii::app()->request->getPost('siteadminemail')));
} else {
$warning .= $clang->gT("Warning! Admin email was not saved because it was not valid.") . '<br/>';
}
setGlobalSetting('siteadminname', strip_tags($_POST['siteadminname']));
setGlobalSetting('shownoanswer', sanitize_int($_POST['shownoanswer']));
setGlobalSetting('showxquestions', $_POST['showxquestions']);
setGlobalSetting('showgroupinfo', $_POST['showgroupinfo']);
setGlobalSetting('showqnumcode', $_POST['showqnumcode']);
$repeatheadingstemp = (int) $_POST['repeatheadings'];
if ($repeatheadingstemp == 0) {
$repeatheadingstemp = 25;
}
setGlobalSetting('repeatheadings', $repeatheadingstemp);
setGlobalSetting('maxemails', sanitize_int($maxemails));
$iSessionExpirationTime = (int) $_POST['iSessionExpirationTime'];
if ($iSessionExpirationTime == 0) {
$iSessionExpirationTime = 7200;
}
setGlobalSetting('iSessionExpirationTime', $iSessionExpirationTime);
setGlobalSetting('ipInfoDbAPIKey', $_POST['ipInfoDbAPIKey']);
setGlobalSetting('googleMapsAPIKey', $_POST['googleMapsAPIKey']);
setGlobalSetting('googleanalyticsapikey', $_POST['googleanalyticsapikey']);
setGlobalSetting('googletranslateapikey', $_POST['googletranslateapikey']);
setGlobalSetting('force_ssl', $_POST['force_ssl']);
setGlobalSetting('surveyPreview_require_Auth', $_POST['surveyPreview_require_Auth']);
setGlobalSetting('RPCInterface', $_POST['RPCInterface']);
setGlobalSetting('rpc_publish_api', (bool) $_POST['rpc_publish_api']);
//added by Gaurang 2014-04-14
setGlobalSetting('Project_Manager', (int) $_POST['Project_Manager']);
//setGlobalSetting('Sales_Person', (int) $_POST['Sales_Person']);
setGlobalSetting('Own_Panel', (int) $_POST['Own_Panel']);
// EOF Gaurang
//added by Gaurang 2014-04-17
// set global status of project
setGlobalSetting('project_status_run', (int) $_POST['project_status_run']);
setGlobalSetting('project_status_test', (int) $_POST['project_status_test']);
setGlobalSetting('project_status_hold', (int) $_POST['project_status_hold']);
setGlobalSetting('project_status_completed', (int) $_POST['project_status_completed']);
setGlobalSetting('project_status_closed', (int) $_POST['project_status_closed']);
// set global status of redirection
setGlobalSetting('redirect_status_completed', (int) $_POST['redirect_status_completed']);
setGlobalSetting('redirect_status_disqual', (int) $_POST['redirect_status_disqual']);
setGlobalSetting('redirect_status_qf', (int) $_POST['redirect_status_qf']);
setGlobalSetting('redirect_status_redirected', (int) $_POST['redirect_status_redirected']);
setGlobalSetting('redirect_status_rej_fail', (int) $_POST['redirect_status_rej_fail']);
setGlobalSetting('redirect_status_rej_incosist', (int) $_POST['redirect_status_rej_incosist']);
setGlobalSetting('redirect_status_rej_poor', (int) $_POST['redirect_status_rej_poor']);
setGlobalSetting('redirect_status_rej_quality', (int) $_POST['redirect_status_rej_quality']);
setGlobalSetting('redirect_status_rej_speed', (int) $_POST['redirect_status_rej_speed']);
// EOF Gaurang
$savetime = (double) $_POST['timeadjust'] * 60 . ' minutes';
//makes sure it is a number, at least 0
if (substr($savetime, 0, 1) != '-' && substr($savetime, 0, 1) != '+') {
$savetime = '+' . $savetime;
}
setGlobalSetting('timeadjust', $savetime);
setGlobalSetting('usercontrolSameGroupPolicy', strip_tags($_POST['usercontrolSameGroupPolicy']));
Yii::app()->session['flashmessage'] = $warning . $clang->gT("Global settings were saved.");
$url = htmlspecialchars_decode(Yii::app()->session['refurl']);
if ($url) {
Yii::app()->getController()->redirect($url);
}
}
/**
* import from csv
*/
function import($iSurveyId)
{
$iSurveyId = (int) $iSurveyId;
if (!Permission::model()->hasSurveyPermission($iSurveyId, 'tokens', 'import')) {
Yii::app()->session['flashmessage'] = gT("You do not have sufficient rights to access this page.");
$this->getController()->redirect(array("/admin/survey/sa/view/surveyid/{$iSurveyId}"));
}
// CHECK TO SEE IF A TOKEN TABLE EXISTS FOR THIS SURVEY
$bTokenExists = tableExists('{{tokens_' . $iSurveyId . '}}');
if (!$bTokenExists) {
self::_newtokentable($iSurveyId);
}
App()->getClientScript()->registerScriptFile(Yii::app()->getConfig('adminscripts') . 'tokensimport.js');
$aEncodings = aEncodingsArray();
if (Yii::app()->request->isPostRequest) {
$sUploadCharset = Yii::app()->request->getPost('csvcharset');
if (!array_key_exists($sUploadCharset, $aEncodings)) {
$sUploadCharset = 'auto';
}
$bFilterDuplicateToken = Yii::app()->request->getPost('filterduplicatetoken');
$bFilterBlankEmail = Yii::app()->request->getPost('filterblankemail');
$bAllowInvalidEmail = Yii::app()->request->getPost('allowinvalidemail');
$aAttrFieldNames = getAttributeFieldNames($iSurveyId);
$aDuplicateList = array();
$aInvalidEmailList = array();
$aInvalidFormatList = array();
$aModelErrorList = array();
$aFirstLine = array();
$oFile = CUploadedFile::getInstanceByName("the_file");
$sPath = Yii::app()->getConfig('tempdir');
$sFileName = $sPath . '/' . randomChars(20);
//$sFileTmpName=$oFile->getTempName();
/* More way to validate CSV ?
$aCsvMimetypes = array(
'text/csv',
'text/plain',
'application/csv',
'text/comma-separated-values',
'application/excel',
'application/vnd.ms-excel',
'application/vnd.msexcel',
'text/anytext',
'application/octet-stream',
'application/txt',
);
*/
if (strtolower($oFile->getExtensionName()) != 'csv') {
Yii::app()->setFlashMessage(gT("Only CSV files are allowed."), 'error');
} elseif (!@$oFile->saveAs($sFileName)) {
Yii::app()->setFlashMessage(sprintf(gT("Upload file not found. Check your permissions and path (%s) for the upload directory"), $sPath), 'error');
} else {
$iRecordImported = 0;
$iRecordCount = 0;
$iRecordOk = 0;
$iInvalidEmailCount = 0;
// Count invalid email imported
// This allows to read file with MAC line endings too
@ini_set('auto_detect_line_endings', true);
// open it and trim the ednings
$aTokenListArray = file($sFileName);
$sBaseLanguage = Survey::model()->findByPk($iSurveyId)->language;
if (!Yii::app()->request->getPost('filterduplicatefields') || Yii::app()->request->getPost('filterduplicatefields') && count(Yii::app()->request->getPost('filterduplicatefields')) == 0) {
$aFilterDuplicateFields = array('firstname', 'lastname', 'email');
} else {
$aFilterDuplicateFields = Yii::app()->request->getPost('filterduplicatefields');
}
$sSeparator = Yii::app()->request->getPost('separator');
foreach ($aTokenListArray as $buffer) {
$buffer = @mb_convert_encoding($buffer, "UTF-8", $sUploadCharset);
if ($iRecordCount == 0) {
// Parse first line (header) from CSV
$buffer = removeBOM($buffer);
// We alow all field except tid because this one is really not needed.
$aAllowedFieldNames = Token::model($iSurveyId)->tableSchema->getColumnNames();
if (($kTid = array_search('tid', $aAllowedFieldNames)) !== false) {
unset($aAllowedFieldNames[$kTid]);
}
// Some header don't have same column name
$aReplacedFields = array('invited' => 'sent', 'reminded' => 'remindersent');
switch ($sSeparator) {
case 'comma':
$sSeparator = ',';
break;
case 'semicolon':
$sSeparator = ';';
break;
default:
$comma = substr_count($buffer, ',');
$semicolon = substr_count($buffer, ';');
if ($semicolon > $comma) {
$sSeparator = ';';
} else {
$sSeparator = ',';
}
}
$aFirstLine = str_getcsv($buffer, $sSeparator, '"');
$aFirstLine = array_map('trim', $aFirstLine);
$aIgnoredColumns = array();
// Now check the first line for invalid fields
foreach ($aFirstLine as $index => $sFieldname) {
$aFirstLine[$index] = preg_replace("/(.*) <[^,]*>\$/", "\$1", $sFieldname);
$sFieldname = $aFirstLine[$index];
if (!in_array($sFieldname, $aAllowedFieldNames)) {
$aIgnoredColumns[] = $sFieldname;
}
if (array_key_exists($sFieldname, $aReplacedFields)) {
$aFirstLine[$index] = $aReplacedFields[$sFieldname];
}
}
} else {
$line = str_getcsv($buffer, $sSeparator, '"');
if (count($aFirstLine) != count($line)) {
$aInvalidFormatList[] = sprintf(gt("Line %s"), $iRecordCount);
$iRecordCount++;
continue;
}
$aWriteArray = array_combine($aFirstLine, $line);
//kick out ignored columns
foreach ($aIgnoredColumns as $column) {
unset($aWriteArray[$column]);
}
$bDuplicateFound = false;
$bInvalidEmail = false;
$aWriteArray['email'] = isset($aWriteArray['email']) ? trim($aWriteArray['email']) : "";
$aWriteArray['firstname'] = isset($aWriteArray['firstname']) ? $aWriteArray['firstname'] : "";
$aWriteArray['lastname'] = isset($aWriteArray['lastname']) ? $aWriteArray['lastname'] : "";
$aWriteArray['language'] = isset($aWriteArray['language']) ? $aWriteArray['language'] : $sBaseLanguage;
if ($bFilterDuplicateToken) {
$aParams = array();
$oCriteria = new CDbCriteria();
$oCriteria->condition = "";
foreach ($aFilterDuplicateFields as $field) {
if (isset($aWriteArray[$field])) {
$oCriteria->addCondition("{$field} = :{$field}");
$aParams[":{$field}"] = $aWriteArray[$field];
}
}
if (!empty($aParams)) {
$oCriteria->params = $aParams;
}
$dupresult = TokenDynamic::model($iSurveyId)->count($oCriteria);
if ($dupresult > 0) {
$bDuplicateFound = true;
$aDuplicateList[] = sprintf(gt("Line %s : %s %s (%s)"), $iRecordCount, $aWriteArray['firstname'], $aWriteArray['lastname'], $aWriteArray['email']);
}
}
//treat blank emails
if (!$bDuplicateFound && $bFilterBlankEmail && $aWriteArray['email'] == '') {
$bInvalidEmail = true;
$aInvalidEmailList[] = sprintf(gt("Line %s : %s %s"), $iRecordCount, CHtml::encode($aWriteArray['firstname']), CHtml::encode($aWriteArray['lastname']));
}
if (!$bDuplicateFound && $aWriteArray['email'] != '') {
$aEmailAddresses = explode(';', $aWriteArray['email']);
foreach ($aEmailAddresses as $sEmailaddress) {
if (!validateEmailAddress($sEmailaddress)) {
if ($bAllowInvalidEmail) {
$iInvalidEmailCount++;
if (empty($aWriteArray['emailstatus']) || strtoupper($aWriteArray['emailstatus'] == "OK")) {
$aWriteArray['emailstatus'] = "invalid";
}
} else {
$bInvalidEmail = true;
$aInvalidEmailList[] = sprintf(gt("Line %s : %s %s (%s)"), $iRecordCount, CHtml::encode($aWriteArray['firstname']), CHtml::encode($aWriteArray['lastname']), CHtml::encode($aWriteArray['email']));
}
}
}
}
if (!$bDuplicateFound && !$bInvalidEmail && isset($aWriteArray['token'])) {
$aWriteArray['token'] = sanitize_token($aWriteArray['token']);
// We allways search for duplicate token (it's in model. Allow to reset or update token ?
if (Token::model($iSurveyId)->count("token=:token", array(":token" => $aWriteArray['token']))) {
$bDuplicateFound = true;
$aDuplicateList[] = sprintf(gt("Line %s : %s %s (%s) - token : %s"), $iRecordCount, CHtml::encode($aWriteArray['firstname']), CHtml::encode($aWriteArray['lastname']), CHtml::encode($aWriteArray['email']), CHtml::encode($aWriteArray['token']));
}
}
if (!$bDuplicateFound && !$bInvalidEmail) {
// unset all empty value
foreach ($aWriteArray as $key => $value) {
if ($aWriteArray[$key] == "") {
unset($aWriteArray[$key]);
}
if (substr($value, 0, 1) == '"' && substr($value, -1) == '"') {
// Fix CSV quote
$value = substr($value, 1, -1);
}
}
// Some default value : to be moved to Token model rules in future release ?
// But think we have to accept invalid email etc ... then use specific scenario
$oToken = Token::create($iSurveyId);
if ($bAllowInvalidEmail) {
$oToken->scenario = 'allowinvalidemail';
}
foreach ($aWriteArray as $key => $value) {
$oToken->{$key} = $value;
}
if (!$oToken->save()) {
tracevar($oToken->getErrors());
$aModelErrorList[] = sprintf(gt("Line %s : %s"), $iRecordCount, Chtml::errorSummary($oToken));
} else {
$iRecordImported++;
}
}
$iRecordOk++;
}
$iRecordCount++;
}
$iRecordCount = $iRecordCount - 1;
unlink($sFileName);
$aData['aTokenListArray'] = $aTokenListArray;
// Big array in memory, just for success ?
$aData['iRecordImported'] = $iRecordImported;
$aData['iRecordOk'] = $iRecordOk;
$aData['iRecordCount'] = $iRecordCount;
$aData['aFirstLine'] = $aFirstLine;
// Seem not needed
$aData['aDuplicateList'] = $aDuplicateList;
$aData['aInvalidFormatList'] = $aInvalidFormatList;
$aData['aInvalidEmailList'] = $aInvalidEmailList;
$aData['aModelErrorList'] = $aModelErrorList;
$aData['iInvalidEmailCount'] = $iInvalidEmailCount;
$aData['thissurvey'] = getSurveyInfo($iSurveyId);
$aData['iSurveyId'] = $aData['surveyid'] = $iSurveyId;
$this->_renderWrappedTemplate('token', array('tokenbar', 'csvpost'), $aData);
Yii::app()->end();
}
}
// If there are error with file : show the form
$aData['aEncodings'] = $aEncodings;
$aData['iSurveyId'] = $iSurveyId;
$aData['thissurvey'] = getSurveyInfo($iSurveyId);
$aData['surveyid'] = $iSurveyId;
$aTokenTableFields = getTokenFieldsAndNames($iSurveyId);
unset($aTokenTableFields['sent']);
unset($aTokenTableFields['remindersent']);
unset($aTokenTableFields['remindercount']);
unset($aTokenTableFields['usesleft']);
foreach ($aTokenTableFields as $sKey => $sValue) {
if ($sValue['description'] != $sKey) {
$sValue['description'] .= ' - ' . $sKey;
}
$aNewTokenTableFields[$sKey] = $sValue['description'];
}
$aData['aTokenTableFields'] = $aNewTokenTableFields;
$this->_renderWrappedTemplate('token', array('tokenbar', 'csvupload'), $aData);
}
/**
* import from csv
*/
function import($iSurveyId)
{
// CHECK TO SEE IF A TOKEN TABLE EXISTS FOR THIS SURVEY
$bTokenExists = tableExists('{{tokens_' . $iSurveyId . '}}');
if (!$bTokenExists) {
self::_newtokentable($iSurveyId);
}
$clang = $this->getController()->lang;
$iSurveyId = (int) $iSurveyId;
if (!hasSurveyPermission($iSurveyId, 'tokens', 'create')) {
die('access denied');
}
$this->getController()->_js_admin_includes(Yii::app()->getConfig('adminscripts') . 'tokens.js');
$aEncodings = array("armscii8" => $clang->gT("ARMSCII-8 Armenian"), "ascii" => $clang->gT("US ASCII"), "auto" => $clang->gT("Automatic"), "big5" => $clang->gT("Big5 Traditional Chinese"), "binary" => $clang->gT("Binary pseudo charset"), "cp1250" => $clang->gT("Windows Central European"), "cp1251" => $clang->gT("Windows Cyrillic"), "cp1256" => $clang->gT("Windows Arabic"), "cp1257" => $clang->gT("Windows Baltic"), "cp850" => $clang->gT("DOS West European"), "cp852" => $clang->gT("DOS Central European"), "cp866" => $clang->gT("DOS Russian"), "cp932" => $clang->gT("SJIS for Windows Japanese"), "dec8" => $clang->gT("DEC West European"), "eucjpms" => $clang->gT("UJIS for Windows Japanese"), "euckr" => $clang->gT("EUC-KR Korean"), "gb2312" => $clang->gT("GB2312 Simplified Chinese"), "gbk" => $clang->gT("GBK Simplified Chinese"), "geostd8" => $clang->gT("GEOSTD8 Georgian"), "greek" => $clang->gT("ISO 8859-7 Greek"), "hebrew" => $clang->gT("ISO 8859-8 Hebrew"), "hp8" => $clang->gT("HP West European"), "keybcs2" => $clang->gT("DOS Kamenicky Czech-Slovak"), "koi8r" => $clang->gT("KOI8-R Relcom Russian"), "koi8u" => $clang->gT("KOI8-U Ukrainian"), "latin1" => $clang->gT("cp1252 West European"), "latin2" => $clang->gT("ISO 8859-2 Central European"), "latin5" => $clang->gT("ISO 8859-9 Turkish"), "latin7" => $clang->gT("ISO 8859-13 Baltic"), "macce" => $clang->gT("Mac Central European"), "macroman" => $clang->gT("Mac West European"), "sjis" => $clang->gT("Shift-JIS Japanese"), "swe7" => $clang->gT("7bit Swedish"), "tis620" => $clang->gT("TIS620 Thai"), "ucs2" => $clang->gT("UCS-2 Unicode"), "ujis" => $clang->gT("EUC-JP Japanese"), "utf8" => $clang->gT("UTF-8 Unicode"));
if (Yii::app()->request->getPost('submit')) {
if (Yii::app()->request->getPost('csvcharset') && Yii::app()->request->getPost('csvcharset')) {
$uploadcharset = Yii::app()->request->getPost('csvcharset');
if (!array_key_exists($uploadcharset, $aEncodings)) {
$uploadcharset = 'auto';
}
$filterduplicatetoken = Yii::app()->request->getPost('filterduplicatetoken') && Yii::app()->request->getPost('filterduplicatetoken') == 'on';
$filterblankemail = Yii::app()->request->getPost('filterblankemail') && Yii::app()->request->getPost('filterblankemail') == 'on';
}
$attrfieldnames = getAttributeFieldNames($iSurveyId);
$duplicatelist = array();
$invalidemaillist = array();
$invalidformatlist = array();
$firstline = array();
$sPath = Yii::app()->getConfig('tempdir');
$sFileName = $_FILES['the_file']['name'];
$sFileTmpName = $_FILES['the_file']['tmp_name'];
$sFilePath = $sPath . '/' . $sFileName;
if (!@move_uploaded_file($sFileTmpName, $sFilePath)) {
$aData['sError'] = $clang->gT("Upload file not found. Check your permissions and path ({$sFilePath}) for the upload directory");
$aData['aEncodings'] = $aEncodings;
$aData['iSurveyId'] = $aData['surveyid'] = $iSurveyId;
$aData['thissurvey'] = getSurveyInfo($iSurveyId);
$this->_renderWrappedTemplate('token', array('tokenbar', 'csvupload'), $aData);
} else {
$xz = 0;
$recordcount = 0;
$xv = 0;
// This allows to read file with MAC line endings too
@ini_set('auto_detect_line_endings', true);
// open it and trim the ednings
$tokenlistarray = file($sFilePath);
$sBaseLanguage = Survey::model()->findByPk($iSurveyId)->language;
if (!Yii::app()->request->getPost('filterduplicatefields') || Yii::app()->request->getPost('filterduplicatefields') && count(Yii::app()->request->getPost('filterduplicatefields')) == 0) {
$filterduplicatefields = array('firstname', 'lastname', 'email');
} else {
$filterduplicatefields = Yii::app()->request->getPost('filterduplicatefields');
}
$separator = returnGlobal('separator');
foreach ($tokenlistarray as $buffer) {
$buffer = @mb_convert_encoding($buffer, "UTF-8", $uploadcharset);
$firstname = "";
$lastname = "";
$email = "";
$emailstatus = "OK";
$token = "";
$language = "";
$attribute1 = "";
$attribute2 = "";
//Clear out values from the last path, in case the next line is missing a value
if ($recordcount == 0) {
// Pick apart the first line
$buffer = removeBOM($buffer);
$allowedfieldnames = array('firstname', 'lastname', 'email', 'emailstatus', 'token', 'language', 'validfrom', 'validuntil', 'usesleft');
$allowedfieldnames = array_merge($attrfieldnames, $allowedfieldnames);
switch ($separator) {
case 'comma':
$separator = ',';
break;
case 'semicolon':
$separator = ';';
break;
default:
$comma = substr_count($buffer, ',');
$semicolon = substr_count($buffer, ';');
if ($semicolon > $comma) {
$separator = ';';
} else {
$separator = ',';
}
}
$firstline = convertCSVRowToArray($buffer, $separator, '"');
$firstline = array_map('trim', $firstline);
$ignoredcolumns = array();
//now check the first line for invalid fields
foreach ($firstline as $index => $fieldname) {
$firstline[$index] = preg_replace("/(.*) <[^,]*>\$/", "\$1", $fieldname);
$fieldname = $firstline[$index];
if (!in_array($fieldname, $allowedfieldnames)) {
$ignoredcolumns[] = $fieldname;
}
}
if (!in_array('firstname', $firstline) || !in_array('lastname', $firstline) || !in_array('email', $firstline)) {
$recordcount = count($tokenlistarray);
break;
}
} else {
$line = convertCSVRowToArray($buffer, $separator, '"');
if (count($firstline) != count($line)) {
$invalidformatlist[] = $recordcount;
$recordcount++;
continue;
}
$writearray = array_combine($firstline, $line);
//kick out ignored columns
foreach ($ignoredcolumns as $column) {
unset($writearray[$column]);
}
$dupfound = false;
$invalidemail = false;
if ($filterduplicatetoken != false) {
$dupquery = "SELECT count(tid) from {{tokens_" . intval($iSurveyId) . "}} where 1=1";
foreach ($filterduplicatefields as $field) {
if (isset($writearray[$field])) {
$dupquery .= " and " . Yii::app()->db->quoteColumnName($field) . " = " . Yii::app()->db->quoteValue($writearray[$field]);
}
}
$dupresult = Yii::app()->db->createCommand($dupquery)->queryScalar();
if ($dupresult > 0) {
$dupfound = true;
$duplicatelist[] = Yii::app()->db->quoteValue($writearray['firstname']) . " " . Yii::app()->db->quoteValue($writearray['lastname']) . " (" . Yii::app()->db->quoteValue($writearray['email']) . ")";
}
}
$writearray['email'] = trim($writearray['email']);
//treat blank emails
if ($filterblankemail && $writearray['email'] == '') {
$invalidemail = true;
$invalidemaillist[] = $line[0] . " " . $line[1] . " ( )";
}
if ($writearray['email'] != '') {
$aEmailAddresses = explode(';', $writearray['email']);
foreach ($aEmailAddresses as $sEmailaddress) {
if (!validateEmailAddress($sEmailaddress)) {
$invalidemail = true;
$invalidemaillist[] = $line[0] . " " . $line[1] . " (" . $line[2] . ")";
}
}
}
if (!isset($writearray['token'])) {
$writearray['token'] = '';
} else {
$writearray['token'] = sanitize_token($writearray['token']);
}
if (!$dupfound && !$invalidemail) {
if (!isset($writearray['emailstatus']) || $writearray['emailstatus'] == '') {
$writearray['emailstatus'] = "OK";
}
if (!isset($writearray['usesleft']) || $writearray['usesleft'] == '') {
$writearray['usesleft'] = 1;
}
if (!isset($writearray['language']) || $writearray['language'] == "") {
$writearray['language'] = $sBaseLanguage;
}
if (isset($writearray['validfrom']) && trim($writearray['validfrom'] == '')) {
unset($writearray['validfrom']);
}
if (isset($writearray['validuntil']) && trim($writearray['validuntil'] == '')) {
unset($writearray['validuntil']);
}
// sanitize it before writing into table
foreach ($writearray as $key => $value) {
if (substr($value, 0, 1) == '"' && substr($value, -1) == '"') {
$value = substr($value, 1, -1);
}
$sanitizedArray[Yii::app()->db->quoteColumnName($key)] = Yii::app()->db->quoteValue($value);
}
$iq = "INSERT INTO {{tokens_{$iSurveyId}}} \n" . "(" . implode(',', array_keys($writearray)) . ") \n" . "VALUES (" . implode(",", $sanitizedArray) . ")";
$ir = Yii::app()->db->createCommand($iq)->execute();
if (!$ir) {
$duplicatelist[] = $writearray['firstname'] . " " . $writearray['lastname'] . " (" . $writearray['email'] . ")";
} else {
$xz++;
}
}
$xv++;
}
$recordcount++;
}
$recordcount = $recordcount - 1;
unlink($sFilePath);
$aData['tokenlistarray'] = $tokenlistarray;
$aData['xz'] = $xz;
$aData['xv'] = $xv;
$aData['recordcount'] = $recordcount;
$aData['firstline'] = $firstline;
$aData['duplicatelist'] = $duplicatelist;
$aData['invalidformatlist'] = $invalidformatlist;
$aData['invalidemaillist'] = $invalidemaillist;
$aData['thissurvey'] = getSurveyInfo($iSurveyId);
$aData['iSurveyId'] = $aData['surveyid'] = $iSurveyId;
$this->_renderWrappedTemplate('token', array('tokenbar', 'csvpost'), $aData);
}
} else {
$aData['aEncodings'] = $aEncodings;
$aData['iSurveyId'] = $iSurveyId;
$aData['thissurvey'] = getSurveyInfo($iSurveyId);
$aData['surveyid'] = $iSurveyId;
$this->_renderWrappedTemplate('token', array('tokenbar', 'csvupload'), $aData);
}
}
/**
* Validate a register form
* @param $iSurveyId Survey Id to register
* @return array of errors when try to register (empty array => no error)
*/
public function getRegisterErrors($iSurveyId)
{
$aSurveyInfo = getSurveyInfo($iSurveyId, App()->language);
// Check the security question's answer
if (function_exists("ImageCreate") && isCaptchaEnabled('registrationscreen', $aSurveyInfo['usecaptcha'])) {
$sLoadsecurity = Yii::app()->request->getPost('loadsecurity', '');
$sSecAnswer = isset($_SESSION['survey_' . $iSurveyId]['secanswer']) ? $_SESSION['survey_' . $iSurveyId]['secanswer'] : "";
if ($sLoadsecurity != $sSecAnswer) {
$this->aRegisterErrors[] = gT("The answer to the security question is incorrect.");
}
}
$aFieldValue = $this->getFieldValue($iSurveyId);
$aRegisterAttributes = $this->getExtraAttributeInfo($iSurveyId);
//Check that the email is a valid style address
if ($aFieldValue['sEmail'] == "") {
$this->aRegisterErrors[] = gT("You must enter a valid email. Please try again.");
} elseif (!validateEmailAddress($aFieldValue['sEmail'])) {
$this->aRegisterErrors[] = gT("The email you used is not valid. Please try again.");
}
//Check and validate attribute
foreach ($aRegisterAttributes as $key => $aAttribute) {
if ($aAttribute['show_register'] == 'Y' && $aAttribute['mandatory'] == 'Y' && empty($aFieldValue['aAttribute'][$key])) {
$this->aRegisterErrors[] = sprintf(gT("%s cannot be left empty") . ".", $aAttribute['caption']);
}
}
}
case 'admin':
if (in_array($_POST['role'], array('admin', 'content-creator'))) {
$permission = true;
}
break;
case 'content-creator':
if (in_array($_POST['role'], array('content-creator'))) {
$permission = true;
}
break;
default:
break;
}
if ($permission) {
//debugBreak();
$response = validateEmailAddress("c52G6yeXPCx9k7FF2bnNwZC2CLn8447ArGwGKFj2E", "free-cupones.com", $_POST['email']);
$invitecode = randomString(50);
if (!empty($response->isValid)) {
if (strtoupper($response->isValid) == 'NO') {
$json->status = 'ERROR';
$json->message = 'Invalid email address';
} else {
$response = sendEmail("c52G6yeXPCx9k7FF2bnNwZC2CLn8447ArGwGKFj2E", "free-cupones.com", "engine", "en", "invite", $_POST['email'], array('role' => $_POST['role'], 'sendingdomain' => $_SERVER['SERVER_NAME'], 'invitecode' => $invitecode, 'name' => $session->fb->profile->name));
$obj = new stdClass();
$obj->role = $_POST['role'];
$obj->byName = $session->fb->profile->name;
$obj->byId = $session->fb->profile->id;
$dt = new DateTime();
$obj->added = $dt->format('Y-m-d H:i');
$obj->expiresIn = 172800;
$memcache->set($invitecode, $obj, 0, $obj->expiresIn);
/**
* register::index()
* Process register form data and take appropriate action
* @return
*/
function actionIndex($iSurveyID = null)
{
Yii::app()->loadHelper('database');
Yii::app()->loadHelper('replacements');
$sLanguage = Yii::app()->request->getParam('lang', '');
if ($iSurveyID == null) {
$iSurveyID = Yii::app()->request->getPost('sid');
}
if (!$iSurveyID) {
$this->redirect(Yii::app()->baseUrl);
}
if ($sLanguage == "") {
$sBaseLanguage = Survey::model()->findByPk($iSurveyID)->language;
} else {
$sBaseLanguage = $sLanguage;
}
Yii::import('application.libraries.Limesurvey_lang');
Yii::app()->lang = new Limesurvey_lang($sBaseLanguage);
$clang = Yii::app()->lang;
$thissurvey = getSurveyInfo($iSurveyID, $sBaseLanguage);
$register_errormsg = "";
// Check the security question's answer
if (function_exists("ImageCreate") && isCaptchaEnabled('registrationscreen', $thissurvey['usecaptcha'])) {
if (!isset($_POST['loadsecurity']) || !isset($_SESSION['survey_' . $iSurveyID]['secanswer']) || Yii::app()->request->getPost('loadsecurity') != $_SESSION['survey_' . $iSurveyID]['secanswer']) {
$register_errormsg .= $clang->gT("The answer to the security question is incorrect.") . "<br />\n";
}
}
//Check that the email is a valid style address
if (!validateEmailAddress(Yii::app()->request->getPost('register_email'))) {
$register_errormsg .= $clang->gT("The email you used is not valid. Please try again.");
}
// Check for additional fields
$attributeinsertdata = array();
foreach (GetParticipantAttributes($iSurveyID) as $field => $data) {
if (empty($data['show_register']) || $data['show_register'] != 'Y') {
continue;
}
$value = sanitize_xss_string(Yii::app()->request->getPost('register_' . $field));
if (trim($value) == '' && $data['mandatory'] == 'Y') {
$register_errormsg .= sprintf($clang->gT("%s cannot be left empty"), $thissurvey['attributecaptions'][$field]);
}
$attributeinsertdata[$field] = $value;
}
if ($register_errormsg != "") {
$_SESSION['survey_' . $iSurveyID]['register_errormsg'] = $register_errormsg;
$this->redirect($this->createUrl("survey/index/sid/{$iSurveyID}", array('lang' => $sBaseLanguage)));
}
//Check if this email already exists in token database
$oToken = TokenDynamic::model($iSurveyID)->find('email=:email', array(':email' => Yii::app()->request->getPost('register_email')));
if ($oToken) {
$register_errormsg = $clang->gT("The email you used has already been registered.");
$_SESSION['survey_' . $iSurveyID]['register_errormsg'] = $register_errormsg;
$this->redirect($this->createUrl("survey/index/sid/{$iSurveyID}", array('lang' => $sBaseLanguage)));
//include "index.php";
//exit;
}
$mayinsert = false;
// Get the survey settings for token length
$tokenlength = $thissurvey['tokenlength'];
//if tokenlength is not set or there are other problems use the default value (15)
if (!isset($tokenlength) || $tokenlength == '') {
$tokenlength = 15;
}
while ($mayinsert != true) {
$newtoken = randomChars($tokenlength);
$oTokenExist = TokenDynamic::model($iSurveyID)->find('token=:token', array(':token' => $newtoken));
if (!$oTokenExist) {
$mayinsert = true;
}
}
$postfirstname = sanitize_xss_string(strip_tags(Yii::app()->request->getPost('register_firstname')));
$postlastname = sanitize_xss_string(strip_tags(Yii::app()->request->getPost('register_lastname')));
$starttime = sanitize_xss_string(Yii::app()->request->getPost('startdate'));
$endtime = sanitize_xss_string(Yii::app()->request->getPost('enddate'));
/*$postattribute1=sanitize_xss_string(strip_tags(returnGlobal('register_attribute1')));
$postattribute2=sanitize_xss_string(strip_tags(returnGlobal('register_attribute2'))); */
// Insert new entry into tokens db
$oToken = Token::create($thissurvey['sid']);
$oToken->firstname = $postfirstname;
$oToken->lastname = $postlastname;
$oToken->email = Yii::app()->request->getPost('register_email');
$oToken->emailstatus = 'OK';
$oToken->token = $newtoken;
if ($starttime && $endtime) {
$oToken->validfrom = $starttime;
$oToken->validuntil = $endtime;
}
$oToken->setAttributes($attributeinsertdata, false);
$result = $oToken->save();
//$tid = $oToken->tid;// Not needed any more
$fieldsarray["{ADMINNAME}"] = $thissurvey['adminname'];
$fieldsarray["{ADMINEMAIL}"] = $thissurvey['adminemail'];
$fieldsarray["{SURVEYNAME}"] = $thissurvey['name'];
$fieldsarray["{SURVEYDESCRIPTION}"] = $thissurvey['description'];
$fieldsarray["{FIRSTNAME}"] = $postfirstname;
$fieldsarray["{LASTNAME}"] = $postlastname;
$fieldsarray["{EXPIRY}"] = $thissurvey["expiry"];
$fieldsarray["{TOKEN}"] = $oToken->token;
$fieldsarray["{EMAIL}"] = $oToken->email;
$token = $oToken->token;
$message = $thissurvey['email_register'];
$subject = $thissurvey['email_register_subj'];
$from = "{$thissurvey['adminname']} <{$thissurvey['adminemail']}>";
$surveylink = $this->createAbsoluteUrl("/survey/index/sid/{$iSurveyID}", array('lang' => $sBaseLanguage, 'token' => $newtoken));
$optoutlink = $this->createAbsoluteUrl("/optout/tokens/surveyid/{$iSurveyID}", array('langcode' => $sBaseLanguage, 'token' => $newtoken));
$optinlink = $this->createAbsoluteUrl("/optin/tokens/surveyid/{$iSurveyID}", array('langcode' => $sBaseLanguage, 'token' => $newtoken));
if (getEmailFormat($iSurveyID) == 'html') {
$useHtmlEmail = true;
$fieldsarray["{SURVEYURL}"] = "<a href='{$surveylink}'>" . $surveylink . "</a>";
$fieldsarray["{OPTOUTURL}"] = "<a href='{$optoutlink}'>" . $optoutlink . "</a>";
$fieldsarray["{OPTINURL}"] = "<a href='{$optinlink}'>" . $optinlink . "</a>";
} else {
$useHtmlEmail = false;
$fieldsarray["{SURVEYURL}"] = $surveylink;
$fieldsarray["{OPTOUTURL}"] = $optoutlink;
$fieldsarray["{OPTINURL}"] = $optinlink;
}
$message = ReplaceFields($message, $fieldsarray);
$subject = ReplaceFields($subject, $fieldsarray);
$html = "";
//Set variable
$sitename = Yii::app()->getConfig('sitename');
if (SendEmailMessage($message, $subject, Yii::app()->request->getPost('register_email'), $from, $sitename, $useHtmlEmail, getBounceEmail($iSurveyID))) {
// TLR change to put date into sent
$today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i", Yii::app()->getConfig('timeadjust'));
$oToken->sent = $today;
$oToken->save();
$html = "<div id='wrapper' class='message tokenmessage'>" . "<p>" . $clang->gT("Thank you for registering to participate in this survey.") . "</p>\n" . "<p>" . $clang->gT("An email has been sent to the address you provided with access details for this survey. Please follow the link in that email to proceed.") . "</p>\n" . "<p>" . $clang->gT("Survey administrator") . " {ADMINNAME} ({ADMINEMAIL})</p>" . "</div>\n";
$html = ReplaceFields($html, $fieldsarray);
} else {
$html = "Email Error";
}
//PRINT COMPLETED PAGE
if (!$thissurvey['template']) {
$thistpl = getTemplatePath(validateTemplateDir('default'));
} else {
$thistpl = getTemplatePath(validateTemplateDir($thissurvey['template']));
}
// Same fix than http://bugs.limesurvey.org/view.php?id=8441
ob_start(function ($buffer, $phase) {
App()->getClientScript()->render($buffer);
App()->getClientScript()->reset();
return $buffer;
});
ob_implicit_flush(false);
sendCacheHeaders();
doHeader();
Yii::app()->lang = $clang;
// fetch the defined variables and pass it to the header footer templates.
$redata = compact(array_keys(get_defined_vars()));
$this->_printTemplateContent($thistpl . '/startpage.pstpl', $redata, __LINE__);
$this->_printTemplateContent($thistpl . '/survey.pstpl', $redata, __LINE__);
echo $html;
$this->_printTemplateContent($thistpl . '/endpage.pstpl', $redata, __LINE__);
doFooter();
ob_flush();
}
/**
* Modify User POST
*/
public function moduser()
{
$postuserid = (int) Yii::app()->request->getPost("uid");
$postuser = flattenText(Yii::app()->request->getPost("user"));
$postemail = flattenText(Yii::app()->request->getPost("email"));
$postfull_name = flattenText(Yii::app()->request->getPost("full_name"));
$display_user_password_in_html = Yii::app()->getConfig("display_user_password_in_html");
$addsummary = '';
$aViewUrls = array();
$sresult = User::model()->findAllByAttributes(array('uid' => $postuserid, 'parent_id' => Yii::app()->session['loginID']));
$sresultcount = count($sresult);
if ((Permission::model()->hasGlobalPermission('superadmin', 'read') || $postuserid == Yii::app()->session['loginID'] || $sresultcount > 0 && Permission::model()->hasGlobalPermission('users', 'update')) && !(Yii::app()->getConfig("demoMode") == true && $postuserid == 1)) {
$users_name = html_entity_decode($postuser, ENT_QUOTES, 'UTF-8');
$email = html_entity_decode($postemail, ENT_QUOTES, 'UTF-8');
$sPassword = Yii::app()->request->getPost('password');
$full_name = html_entity_decode($postfull_name, ENT_QUOTES, 'UTF-8');
if (!validateEmailAddress($email)) {
Yii::app()->setFlashMessage(gT("Could not modify user data.") . ' ' . gT("Email address is not valid."), 'error');
$this->getController()->redirect(array("/admin/user/sa/modifyuser/uid/" . $postuserid));
} else {
$oRecord = User::model()->findByPk($postuserid);
$oRecord->email = $email;
$oRecord->full_name = $full_name;
if (!empty($sPassword)) {
$oRecord->password = hash('sha256', $sPassword);
}
$uresult = $oRecord->save();
// store result of save in uresult
if (empty($sPassword)) {
Yii::app()->setFlashMessage(gT("Success!") . ' <br/> ' . gT("Password") . ": (" . gT("Unchanged") . ")", 'success');
$this->getController()->redirect(array("/admin/user/sa/modifyuser/uid/" . $postuserid));
} elseif ($uresult && !empty($sPassword)) {
Yii::app()->session['pw_notify'] = $sPassword != '';
if ($display_user_password_in_html === true) {
$displayedPwd = htmlentities($sPassword);
} else {
$displayedPwd = preg_replace('/./', '*', $sPassword);
}
Yii::app()->setFlashMessage(gT("Success!") . ' <br/> ' . gT("Password") . ": " . $displayedPwd, 'success');
$this->getController()->redirect(array("/admin/user/sa/modifyuser/uid/" . $postuserid));
} else {
//Saving the user failed for some reason, message about email is not helpful here
// Username and/or email adress already exists.
Yii::app()->setFlashMessage(gT("Could not modify user data."), 'error');
$this->getController()->redirect(array("/admin/user/sa/modifyuser/uid/" . $postuserid));
}
}
} else {
Yii::app()->setFlashMessage(gT("Could not modify user data."), 'error');
$this->getController()->redirect(array("/admin/"));
}
$aData = array();
$aData['fullpagebar']['continuebutton']['url'] = 'admin/user/sa/index';
$this->_renderWrappedTemplate('user', $aViewUrls, $aData);
}
/**
* Modify User POST
*/
function moduser()
{
$postuserid = (int) Yii::app()->request->getPost("uid");
$postuser = flattenText(Yii::app()->request->getPost("user"));
$postemail = flattenText(Yii::app()->request->getPost("email"));
$postfull_name = flattenText(Yii::app()->request->getPost("full_name"));
$display_user_password_in_html = Yii::app()->getConfig("display_user_password_in_html");
$addsummary = '';
$aViewUrls = array();
$sresult = User::model()->findAllByAttributes(array('uid' => $postuserid, 'parent_id' => Yii::app()->session['loginID']));
$sresultcount = count($sresult);
if ((Permission::model()->hasGlobalPermission('superadmin', 'read') || $postuserid == Yii::app()->session['loginID'] || $sresultcount > 0 && Permission::model()->hasGlobalPermission('users', 'update')) && !(Yii::app()->getConfig("demoMode") == true && $postuserid == 1)) {
$users_name = html_entity_decode($postuser, ENT_QUOTES, 'UTF-8');
$email = html_entity_decode($postemail, ENT_QUOTES, 'UTF-8');
$sPassword = html_entity_decode(Yii::app()->request->getPost('pass'), ENT_QUOTES, 'UTF-8');
if ($sPassword == '%%unchanged%%') {
$sPassword = '';
}
$full_name = html_entity_decode($postfull_name, ENT_QUOTES, 'UTF-8');
if (!validateEmailAddress($email)) {
$aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect(gT("Editing user"), gT("Could not modify user data."), "text-warning", gT("Email address is not valid."), $this->getController()->createUrl('admin/user/modifyuser'), gT("Back"), array('uid' => $postuserid));
} else {
$oRecord = User::model()->findByPk($postuserid);
$oRecord->email = $this->escape($email);
$oRecord->full_name = $this->escape($full_name);
if (!empty($sPassword)) {
$oRecord->password = hash('sha256', $sPassword);
}
$uresult = $oRecord->save();
// store result of save in uresult
if (empty($sPassword)) {
$extra = gT("Username") . ": {$oRecord->users_name}<br />" . gT("Password") . ": (" . gT("Unchanged") . ")<br />\n";
$aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect(gT("Editing user"), gT("Success!"), "text-success", $extra);
} elseif ($uresult && !empty($sPassword)) {
if ($sPassword != 'password') {
Yii::app()->session['pw_notify'] = FALSE;
}
if ($sPassword == 'password') {
Yii::app()->session['pw_notify'] = TRUE;
}
if ($display_user_password_in_html === true) {
$displayedPwd = htmlentities($sPassword);
} else {
$displayedPwd = preg_replace('/./', '*', $sPassword);
}
$extra = gT("Username") . ": {$oRecord->users_name}<br />" . gT("Password") . ": {$displayedPwd}<br />\n";
$aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect(gT("Editing user"), gT("Success!"), "text-success", $extra);
} else {
//Saving the user failed for some reason, message about email is not helpful here
// Username and/or email adress already exists.
$aViewUrls['mboxwithredirect'][] = $this->_messageBoxWithRedirect(gT("Editing user"), gT("Could not modify user data."), 'text-warning');
}
}
} else {
Yii::app()->setFlashMessage(gT("You do not have sufficient rights to access this page."), 'error');
}
$aData['fullpagebar']['continuebutton']['url'] = 'admin/user/sa/index';
$this->_renderWrappedTemplate('user', $aViewUrls, $aData);
}
private function _saveSettings()
{
if ($_POST['action'] !== "globalsettingssave") {
return;
}
if (!Permission::model()->hasGlobalPermission('settings', 'update')) {
$this->getController()->redirect(array('/admin'));
}
Yii::app()->loadHelper('surveytranslator');
$iPDFFontSize = sanitize_int($_POST['pdffontsize']);
if ($iPDFFontSize < 1) {
$iPDFFontSize = 9;
}
$iPDFLogoWidth = sanitize_int($_POST['pdflogowidth']);
if ($iPDFLogoWidth < 1) {
$iPDFLogoWidth = 50;
}
$maxemails = $_POST['maxemails'];
if (sanitize_int($_POST['maxemails']) < 1) {
$maxemails = 1;
}
$defaultlang = sanitize_languagecode($_POST['defaultlang']);
$aRestrictToLanguages = explode(' ', sanitize_languagecodeS($_POST['restrictToLanguages']));
if (!in_array($defaultlang, $aRestrictToLanguages)) {
// Force default language in restrictToLanguages
$aRestrictToLanguages[] = $defaultlang;
}
if (count(array_diff(array_keys(getLanguageData(false, Yii::app()->session['adminlang'])), $aRestrictToLanguages)) == 0) {
$aRestrictToLanguages = '';
} else {
$aRestrictToLanguages = implode(' ', $aRestrictToLanguages);
}
setGlobalSetting('defaultlang', $defaultlang);
setGlobalSetting('restrictToLanguages', trim($aRestrictToLanguages));
setGlobalSetting('sitename', strip_tags($_POST['sitename']));
setGlobalSetting('defaulthtmleditormode', sanitize_paranoid_string($_POST['defaulthtmleditormode']));
setGlobalSetting('defaultquestionselectormode', sanitize_paranoid_string($_POST['defaultquestionselectormode']));
setGlobalSetting('defaulttemplateeditormode', sanitize_paranoid_string($_POST['defaulttemplateeditormode']));
if (!Yii::app()->getConfig('demoMode')) {
$sTemplate = Yii::app()->getRequest()->getPost("defaulttemplate");
if (array_key_exists($sTemplate, getTemplateList())) {
setGlobalSetting('defaulttemplate', $sTemplate);
}
}
setGlobalSetting('admintheme', sanitize_paranoid_string($_POST['admintheme']));
setGlobalSetting('adminthemeiconsize', trim(file_get_contents(Yii::app()->getConfig("styledir") . DIRECTORY_SEPARATOR . sanitize_paranoid_string($_POST['admintheme']) . DIRECTORY_SEPARATOR . 'iconsize')));
setGlobalSetting('emailmethod', strip_tags($_POST['emailmethod']));
setGlobalSetting('emailsmtphost', strip_tags(returnGlobal('emailsmtphost')));
if (returnGlobal('emailsmtppassword') != 'somepassword') {
setGlobalSetting('emailsmtppassword', strip_tags(returnGlobal('emailsmtppassword')));
}
setGlobalSetting('bounceaccounthost', strip_tags(returnGlobal('bounceaccounthost')));
setGlobalSetting('bounceaccounttype', strip_tags(returnGlobal('bounceaccounttype')));
setGlobalSetting('bounceencryption', strip_tags(returnGlobal('bounceencryption')));
setGlobalSetting('bounceaccountuser', strip_tags(returnGlobal('bounceaccountuser')));
if (returnGlobal('bounceaccountpass') != 'enteredpassword') {
setGlobalSetting('bounceaccountpass', strip_tags(returnGlobal('bounceaccountpass')));
}
setGlobalSetting('emailsmtpssl', sanitize_paranoid_string(Yii::app()->request->getPost('emailsmtpssl', '')));
setGlobalSetting('emailsmtpdebug', sanitize_int(Yii::app()->request->getPost('emailsmtpdebug', '0')));
setGlobalSetting('emailsmtpuser', strip_tags(returnGlobal('emailsmtpuser')));
setGlobalSetting('filterxsshtml', strip_tags($_POST['filterxsshtml']));
$warning = '';
// make sure emails are valid before saving them
if (Yii::app()->request->getPost('siteadminbounce', '') == '' || validateEmailAddress(Yii::app()->request->getPost('siteadminbounce'))) {
setGlobalSetting('siteadminbounce', strip_tags(Yii::app()->request->getPost('siteadminbounce')));
} else {
$warning .= gT("Warning! Admin bounce email was not saved because it was not valid.") . '<br/>';
}
if (Yii::app()->request->getPost('siteadminemail', '') == '' || validateEmailAddress(Yii::app()->request->getPost('siteadminemail'))) {
setGlobalSetting('siteadminemail', strip_tags(Yii::app()->request->getPost('siteadminemail')));
} else {
$warning .= gT("Warning! Admin email was not saved because it was not valid.") . '<br/>';
}
setGlobalSetting('siteadminname', strip_tags($_POST['siteadminname']));
setGlobalSetting('shownoanswer', sanitize_int($_POST['shownoanswer']));
setGlobalSetting('showxquestions', $_POST['showxquestions']);
setGlobalSetting('showgroupinfo', $_POST['showgroupinfo']);
setGlobalSetting('showqnumcode', $_POST['showqnumcode']);
$repeatheadingstemp = (int) $_POST['repeatheadings'];
if ($repeatheadingstemp == 0) {
$repeatheadingstemp = 25;
}
setGlobalSetting('repeatheadings', $repeatheadingstemp);
setGlobalSetting('maxemails', sanitize_int($maxemails));
$iSessionExpirationTime = (int) $_POST['iSessionExpirationTime'];
if ($iSessionExpirationTime == 0) {
$iSessionExpirationTime = 7200;
}
setGlobalSetting('iSessionExpirationTime', $iSessionExpirationTime);
setGlobalSetting('ipInfoDbAPIKey', $_POST['ipInfoDbAPIKey']);
setGlobalSetting('pdffontsize', $iPDFFontSize);
setGlobalSetting('pdfshowheader', $_POST['pdfshowheader']);
setGlobalSetting('pdflogowidth', $iPDFLogoWidth);
setGlobalSetting('pdfheadertitle', $_POST['pdfheadertitle']);
setGlobalSetting('pdfheaderstring', $_POST['pdfheaderstring']);
setGlobalSetting('googleMapsAPIKey', $_POST['googleMapsAPIKey']);
setGlobalSetting('googleanalyticsapikey', $_POST['googleanalyticsapikey']);
setGlobalSetting('googletranslateapikey', $_POST['googletranslateapikey']);
setGlobalSetting('force_ssl', $_POST['force_ssl']);
setGlobalSetting('surveyPreview_require_Auth', $_POST['surveyPreview_require_Auth']);
setGlobalSetting('RPCInterface', $_POST['RPCInterface']);
setGlobalSetting('rpc_publish_api', (bool) $_POST['rpc_publish_api']);
$savetime = (double) $_POST['timeadjust'] * 60 . ' minutes';
//makes sure it is a number, at least 0
if (substr($savetime, 0, 1) != '-' && substr($savetime, 0, 1) != '+') {
$savetime = '+' . $savetime;
}
setGlobalSetting('timeadjust', $savetime);
setGlobalSetting('usercontrolSameGroupPolicy', strip_tags($_POST['usercontrolSameGroupPolicy']));
Yii::app()->session['flashmessage'] = $warning . gT("Global settings were saved.");
$url = htmlspecialchars_decode(Yii::app()->session['refurl']);
if ($url) {
Yii::app()->getController()->redirect($url);
}
}
/**
* Send a submit notification to the email address specified in the notifications tab in the survey settings
*/
function sendSubmitNotifications($surveyid)
{
global $thissurvey, $debug;
global $homeurl, $maildebug, $tokensexist;
$clang = Yii::app()->lang;
$sitename = Yii::app()->getConfig("sitename");
$bIsHTML = $thissurvey['htmlemail'] == 'Y';
$aReplacementVars = array();
if ($thissurvey['allowsave'] == "Y" && isset($_SESSION['survey_' . $surveyid]['scid'])) {
$aReplacementVars['RELOADURL'] = "" . Yii::app()->getController()->createUrl("/survey/index/sid/{$surveyid}/loadall/reload/scid/" . $_SESSION['survey_' . $surveyid]['scid'] . "/loadname/" . urlencode($_SESSION['survey_' . $surveyid]['holdname']) . "/loadpass/" . urlencode($_SESSION['survey_' . $surveyid]['holdpass']));
if ($bIsHTML) {
$aReplacementVars['RELOADURL'] = "<a href='{$aReplacementVars['RELOADURL']}'>{$aReplacementVars['RELOADURL']}</a>";
}
} else {
$aReplacementVars['RELOADURL'] = '';
}
if (!isset($_SESSION['survey_' . $surveyid]['srid'])) {
$srid = null;
} else {
$srid = $_SESSION['survey_' . $surveyid]['srid'];
}
$aReplacementVars['ADMINNAME'] = $thissurvey['adminname'];
$aReplacementVars['ADMINEMAIL'] = $thissurvey['adminemail'];
$aReplacementVars['VIEWRESPONSEURL'] = "{$homeurl}/admin.php?action=browse&sid={$surveyid}&subaction=id&id=" . $srid;
$aReplacementVars['EDITRESPONSEURL'] = "{$homeurl}/admin.php?action=dataentry&sid={$surveyid}&subaction=edit&surveytable=survey_{$surveyid}&id=" . $srid;
$aReplacementVars['STATISTICSURL'] = "{$homeurl}/admin.php?action=statistics&sid={$surveyid}";
if ($bIsHTML) {
$aReplacementVars['VIEWRESPONSEURL'] = "<a href='{$aReplacementVars['VIEWRESPONSEURL']}'>{$aReplacementVars['VIEWRESPONSEURL']}</a>";
$aReplacementVars['EDITRESPONSEURL'] = "<a href='{$aReplacementVars['EDITRESPONSEURL']}'>{$aReplacementVars['EDITRESPONSEURL']}</a>";
$aReplacementVars['STATISTICSURL'] = "<a href='{$aReplacementVars['STATISTICSURL']}'>{$aReplacementVars['STATISTICSURL']}</a>";
}
$aReplacementVars['ANSWERTABLE'] = '';
$aEmailResponseTo = array();
$aEmailNotificationTo = array();
$sResponseData = "";
if (!empty($thissurvey['emailnotificationto'])) {
$aRecipient = explode(";", $thissurvey['emailnotificationto']);
foreach ($aRecipient as $sRecipient) {
$sRecipient = ReplaceFields($sRecipient, array('ADMINEMAIL' => $thissurvey['adminemail']), true);
// Only need INSERTANS, ADMINMAIL and TOKEN
if (validateEmailAddress($sRecipient)) {
$aEmailNotificationTo[] = $sRecipient;
}
}
}
if (!empty($thissurvey['emailresponseto'])) {
if (isset($_SESSION['survey_' . $surveyid]['token']) && $_SESSION['survey_' . $surveyid]['token'] != '' && tableExists('{{tokens_' . $surveyid . '}}')) {
//Gather token data for tokenised surveys
$_SESSION['survey_' . $surveyid]['thistoken'] = getTokenData($surveyid, $_SESSION['survey_' . $surveyid]['token']);
} elseif ($_SESSION['survey_' . $surveyid]['insertarray'][0] == 'token') {
unset($_SESSION['survey_' . $surveyid]['insertarray'][0]);
}
//Make an array of email addresses to send to
$aRecipient = explode(";", $thissurvey['emailresponseto']);
foreach ($aRecipient as $sRecipient) {
$sRecipient = ReplaceFields($sRecipient, array('ADMINEMAIL' => $thissurvey['adminemail']), true);
// Only need INSERTANS, ADMINMAIL and TOKEN
if (validateEmailAddress($sRecipient)) {
$aEmailResponseTo[] = $sRecipient;
}
}
$aFullResponseTable = getFullResponseTable($surveyid, $_SESSION['survey_' . $surveyid]['srid'], $_SESSION['survey_' . $surveyid]['s_lang']);
$ResultTableHTML = "<table class='printouttable' >\n";
$ResultTableText = "\n\n";
$oldgid = 0;
$oldqid = 0;
foreach ($aFullResponseTable as $sFieldname => $fname) {
if (substr($sFieldname, 0, 4) == 'gid_') {
$ResultTableHTML .= "\t<tr class='printanswersgroup'><td colspan='2'>{$fname[0]}</td></tr>\n";
$ResultTableText .= "\n{$fname[0]}\n\n";
} elseif (substr($sFieldname, 0, 4) == 'qid_') {
$ResultTableHTML .= "\t<tr class='printanswersquestionhead'><td colspan='2'>{$fname[0]}</td></tr>\n";
$ResultTableText .= "\n{$fname[0]}\n";
} else {
$ResultTableHTML .= "\t<tr class='printanswersquestion'><td>{$fname[0]} {$fname[1]}</td><td class='printanswersanswertext'>{$fname[2]}</td></tr>";
$ResultTableText .= " {$fname[0]} {$fname[1]}: {$fname[2]}\n";
}
}
$ResultTableHTML .= "</table>\n";
$ResultTableText .= "\n\n";
if ($bIsHTML) {
$aReplacementVars['ANSWERTABLE'] = $ResultTableHTML;
} else {
$aReplacementVars['ANSWERTABLE'] = $ResultTableText;
}
}
$sFrom = $thissurvey['adminname'] . ' <' . $thissurvey['adminemail'] . '>';
$redata = compact(array_keys(get_defined_vars()));
if (count($aEmailNotificationTo) > 0) {
$sMessage = templatereplace($thissurvey['email_admin_notification'], $aReplacementVars, $redata, 'frontend_helper[1398]', $thissurvey['anonymized'] == "Y");
$sSubject = templatereplace($thissurvey['email_admin_notification_subj'], $aReplacementVars, $redata, 'frontend_helper[1399]', $thissurvey['anonymized'] == "Y");
foreach ($aEmailNotificationTo as $sRecipient) {
if (!SendEmailMessage($sMessage, $sSubject, $sRecipient, $sFrom, $sitename, true, getBounceEmail($surveyid))) {
if ($debug > 0) {
echo '<br />Email could not be sent. Reason: ' . $maildebug . '<br/>';
}
}
}
}
if (count($aEmailResponseTo) > 0) {
$sMessage = templatereplace($thissurvey['email_admin_responses'], $aReplacementVars, $redata, 'frontend_helper[1414]', $thissurvey['anonymized'] == "Y");
$sSubject = templatereplace($thissurvey['email_admin_responses_subj'], $aReplacementVars, $redata, 'frontend_helper[1415]', $thissurvey['anonymized'] == "Y");
foreach ($aEmailResponseTo as $sRecipient) {
if (!SendEmailMessage($sMessage, $sSubject, $sRecipient, $sFrom, $sitename, true, getBounceEmail($surveyid))) {
if ($debug > 0) {
echo '<br />Email could not be sent. Reason: ' . $maildebug . '<br/>';
}
}
}
}
}
function uploadCSV()
{
$clang = $this->getController()->lang;
unset(Yii::app()->session['summary']);
$characterset = Yii::app()->request->getPost('characterset');
$separator = Yii::app()->request->getPost('separatorused');
$newarray = Yii::app()->request->getPost('newarray');
$mappedarray = Yii::app()->request->getPost('mappedarray', false);
$filterblankemails = Yii::app()->request->getPost('filterbea');
$overwrite = Yii::app()->request->getPost('overwrite');
$sFilePath = Yii::app()->getConfig('tempdir') . '/' . basename(Yii::app()->request->getPost('fullfilepath'));
$errorinupload = "";
$recordcount = 0;
$mandatory = 0;
$mincriteria = 0;
$imported = 0;
$dupcount = 0;
$overwritten = 0;
$dupreason = "nameemail";
//Default duplicate comparison method
$duplicatelist = array();
$invalidemaillist = array();
$invalidformatlist = array();
$invalidattribute = array();
$invalidparticipantid = array();
$aGlobalErrors = array();
/* If no mapped array */
if (!$mappedarray) {
$mappedarray = array();
}
/* Adjust system settings to read file with MAC line endings */
@ini_set('auto_detect_line_endings', true);
/* Open the uploaded file into an array */
$tokenlistarray = file($sFilePath);
// open it and trim the endings
$separator = Yii::app()->request->getPost('separatorused');
$uploadcharset = Yii::app()->request->getPost('characterset');
/* The $newarray contains a list of fields that will be used
to create new attributes */
if (!empty($newarray)) {
/* Create a new entry in the lime_participant_attribute_names table,
and it's associated lime_participant_attribute_names_lang table
for each NEW attribute being created in this import process */
foreach ($newarray as $key => $value) {
$aData = array('attribute_type' => 'TB', 'attribute_name' => $value, 'visible' => 'FALSE');
$insertid = ParticipantAttributeName::model()->storeAttributeCSV($aData);
/* Keep a record of the attribute_id for this new attribute
in the $mappedarray string. For example, if the new attribute
has attribute_id of 35 and is called "gender",
$mappedarray['35']='gender' */
$mappedarray[$insertid] = $value;
}
}
if (!isset($uploadcharset)) {
$uploadcharset = 'auto';
}
foreach ($tokenlistarray as $buffer) {
//Iterate through the CSV file line by line
$buffer = @mb_convert_encoding($buffer, "UTF-8", $uploadcharset);
$firstname = "";
$lastname = "";
$email = "";
$language = "";
if ($recordcount == 0) {
//The first time we iterate through the file we look at the very
//first line, which contains field names, not values to import
// Pick apart the first line
$buffer = removeBOM($buffer);
$attrid = ParticipantAttributeName::model()->getAttributeID();
$allowedfieldnames = array('participant_id', 'firstname', 'lastname', 'email', 'language', 'blacklisted');
$aFilterDuplicateFields = array('firstname', 'lastname', 'email');
if (!empty($mappedarray)) {
foreach ($mappedarray as $key => $value) {
array_push($allowedfieldnames, strtolower($value));
}
}
//For Attributes
switch ($separator) {
case 'comma':
$separator = ',';
break;
case 'semicolon':
$separator = ';';
break;
default:
$comma = substr_count($buffer, ',');
$semicolon = substr_count($buffer, ';');
if ($semicolon > $comma) {
$separator = ';';
} else {
$separator = ',';
}
}
$firstline = convertCSVRowToArray($buffer, $separator, '"');
$firstline = array_map('trim', $firstline);
$ignoredcolumns = array();
//now check the first line for invalid fields
foreach ($firstline as $index => $fieldname) {
$firstline[$index] = preg_replace("/(.*) <[^,]*>\$/", "\$1", $fieldname);
$fieldname = $firstline[$index];
if (!in_array(strtolower($fieldname), $allowedfieldnames) && !in_array($fieldname, $mappedarray)) {
$ignoredcolumns[] = $fieldname;
} else {
$firstline[$index] = strtolower($fieldname);
}
}
if (!in_array('firstname', $firstline) && !in_array('lastname', $firstline) && !in_array('email', $firstline) && !in_array('participant_id', $firstline)) {
$recordcount = count($tokenlistarray);
break;
}
} else {
// After looking at the first line, we now import the actual values
$line = convertCSVRowToArray($buffer, $separator, '"');
if (count($firstline) != count($line)) {
$invalidformatlist[] = $recordcount;
continue;
}
$writearray = array_combine($firstline, $line);
//kick out ignored columns
foreach ($ignoredcolumns as $column) {
unset($writearray[$column]);
}
// Add aFilterDuplicateFields not in CSV to writearray : quick fix
foreach ($aFilterDuplicateFields as $sFilterDuplicateField) {
if (!in_array($sFilterDuplicateField, $firstline)) {
$writearray[$sFilterDuplicateField] = "";
}
}
$invalidemail = false;
$dupfound = false;
$thisduplicate = 0;
//Check for duplicate participants
$aData = array('firstname' => $writearray['firstname'], 'lastname' => $writearray['lastname'], 'email' => $writearray['email'], 'owner_uid' => Yii::app()->session['loginID']);
//HACK - converting into SQL instead of doing an array search
if (in_array('participant_id', $firstline)) {
$dupreason = "participant_id";
$aData = "participant_id = " . Yii::app()->db->quoteValue($writearray['participant_id']);
} else {
$dupreason = "nameemail";
$aData = "firstname = " . Yii::app()->db->quoteValue($writearray['firstname']) . " AND lastname = " . Yii::app()->db->quoteValue($writearray['lastname']) . " AND email = " . Yii::app()->db->quoteValue($writearray['email']) . " AND owner_uid = '" . Yii::app()->session['loginID'] . "'";
}
//End of HACK
$aData = Participant::model()->checkforDuplicate($aData, "participant_id");
if ($aData !== false) {
$thisduplicate = 1;
$dupcount++;
if ($overwrite == "true") {
//Although this person already exists, we want to update the mapped attribute values
if (!empty($mappedarray)) {
//The mapped array contains the attributes we are
//saving in this import
foreach ($mappedarray as $attid => $attname) {
if (!empty($attname)) {
$bData = array('participant_id' => $aData, 'attribute_id' => $attid, 'value' => $writearray[strtolower($attname)]);
ParticipantAttribute::model()->updateParticipantAttributeValue($bData);
} else {
//If the value is empty, don't write the value
}
}
$overwritten++;
}
}
}
if ($thisduplicate == 1) {
$dupfound = true;
$duplicatelist[] = $writearray['firstname'] . " " . $writearray['lastname'] . " (" . $writearray['email'] . ")";
}
//Checking the email address is in a valid format
$invalidemail = false;
$writearray['email'] = trim($writearray['email']);
if ($writearray['email'] != '') {
$aEmailAddresses = explode(';', $writearray['email']);
// Ignore additional email addresses
$sEmailaddress = $aEmailAddresses[0];
if (!validateEmailAddress($sEmailaddress)) {
$invalidemail = true;
$invalidemaillist[] = $line[0] . " " . $line[1] . " (" . $line[2] . ")";
}
}
if (!$dupfound && !$invalidemail) {
//If it isn't a duplicate value or an invalid email, process the entry as a new participant
//First, process the known fields
if (!isset($writearray['participant_id']) || $writearray['participant_id'] == "") {
$uuid = $this->gen_uuid();
//Generate a UUID for the new participant
$writearray['participant_id'] = $uuid;
}
if (isset($writearray['emailstatus']) && trim($writearray['emailstatus'] == '')) {
unset($writearray['emailstatus']);
}
if (!isset($writearray['language']) || $writearray['language'] == "") {
$writearray['language'] = "en";
}
if (!isset($writearray['blacklisted']) || $writearray['blacklisted'] == "") {
$writearray['blacklisted'] = "N";
}
$writearray['owner_uid'] = Yii::app()->session['loginID'];
if (isset($writearray['validfrom']) && trim($writearray['validfrom'] == '')) {
unset($writearray['validfrom']);
}
if (isset($writearray['validuntil']) && trim($writearray['validuntil'] == '')) {
unset($writearray['validuntil']);
}
$dontimport = false;
if ($filterblankemails == "accept" && $writearray['email'] == "" || $writearray['firstname'] == "" || $writearray['lastname'] == "") {
//The mandatory fields of email, firstname and lastname
//must be filled, but one or more are empty
$mandatory++;
$dontimport = true;
} else {
foreach ($writearray as $key => $value) {
if (!empty($mappedarray)) {
//The mapped array contains the attributes we are
//saving in this import
if (in_array($key, $allowedfieldnames)) {
foreach ($mappedarray as $attid => $attname) {
if (strtolower($attname) == $key) {
if (!empty($value)) {
$aData = array('participant_id' => $writearray['participant_id'], 'attribute_id' => $attid, 'value' => $value);
ParticipantAttributeName::model()->saveParticipantAttributeValue($aData);
} else {
//If the value is empty, don't write the value
}
}
}
}
}
}
}
//If any of the mandatory fields are blank, then don't import this user
if (!$dontimport) {
Participant::model()->insertParticipantCSV($writearray);
$imported++;
}
}
$mincriteria++;
}
$recordcount++;
}
unlink($sFilePath);
$aData = array();
$aData['clang'] = $clang;
$aData['recordcount'] = $recordcount - 1;
$aData['duplicatelist'] = $duplicatelist;
$aData['mincriteria'] = $mincriteria;
$aData['imported'] = $imported;
$aData['errorinupload'] = $errorinupload;
$aData['invalidemaillist'] = $invalidemaillist;
$aData['mandatory'] = $mandatory;
$aData['invalidattribute'] = $invalidattribute;
$aData['invalidparticipantid'] = $invalidparticipantid;
$aData['overwritten'] = $overwritten;
$aData['dupreason'] = $dupreason;
$aData['aGlobalErrors'] = $aGlobalErrors;
$this->getController()->renderPartial('/admin/participants/uploadSummary_view', $aData);
}
/**
* This function checks the email, if it's in a valid format
* @param $sEmail
* @return bool
*/
protected function _checkEmailFormat($sEmail)
{
if ($sEmail != '') {
$aEmailAddresses = explode(';', $sEmail);
// Ignore additional email addresses
$sEmailaddress = $aEmailAddresses[0];
if (!validateEmailAddress($sEmailaddress)) {
return false;
}
return true;
}
return false;
}
/**
* Send a submit notification to the email address specified in the notifications tab in the survey settings
*/
function sendSubmitNotifications($surveyid)
{
// @todo: Remove globals
global $thissurvey, $maildebug, $tokensexist;
if (trim($thissurvey['adminemail']) == '') {
return;
}
$homeurl = Yii::app()->createAbsoluteUrl('/admin');
$clang = Yii::app()->lang;
$sitename = Yii::app()->getConfig("sitename");
$debug = Yii::app()->getConfig('debug');
$bIsHTML = $thissurvey['htmlemail'] == 'Y';
$aReplacementVars = array();
if ($thissurvey['allowsave'] == "Y" && isset($_SESSION['survey_' . $surveyid]['scid'])) {
$aReplacementVars['RELOADURL'] = "" . Yii::app()->getController()->createUrl("/survey/index/sid/{$surveyid}/loadall/reload/scid/" . $_SESSION['survey_' . $surveyid]['scid'] . "/loadname/" . urlencode($_SESSION['survey_' . $surveyid]['holdname']) . "/loadpass/" . urlencode($_SESSION['survey_' . $surveyid]['holdpass']) . "/lang/" . urlencode($clang->langcode));
if ($bIsHTML) {
$aReplacementVars['RELOADURL'] = "<a href='{$aReplacementVars['RELOADURL']}'>{$aReplacementVars['RELOADURL']}</a>";
}
} else {
$aReplacementVars['RELOADURL'] = '';
}
if (!isset($_SESSION['survey_' . $surveyid]['srid'])) {
$srid = null;
} else {
$srid = $_SESSION['survey_' . $surveyid]['srid'];
}
$aReplacementVars['ADMINNAME'] = $thissurvey['adminname'];
$aReplacementVars['ADMINEMAIL'] = $thissurvey['adminemail'];
$aReplacementVars['VIEWRESPONSEURL'] = Yii::app()->createAbsoluteUrl("/admin/responses/sa/view/surveyid/{$surveyid}/id/{$srid}");
$aReplacementVars['EDITRESPONSEURL'] = Yii::app()->createAbsoluteUrl("/admin/dataentry/sa/editdata/subaction/edit/surveyid/{$surveyid}/id/{$srid}");
$aReplacementVars['STATISTICSURL'] = Yii::app()->createAbsoluteUrl("/admin/statistics/sa/index/surveyid/{$surveyid}");
if ($bIsHTML) {
$aReplacementVars['VIEWRESPONSEURL'] = "<a href='{$aReplacementVars['VIEWRESPONSEURL']}'>{$aReplacementVars['VIEWRESPONSEURL']}</a>";
$aReplacementVars['EDITRESPONSEURL'] = "<a href='{$aReplacementVars['EDITRESPONSEURL']}'>{$aReplacementVars['EDITRESPONSEURL']}</a>";
$aReplacementVars['STATISTICSURL'] = "<a href='{$aReplacementVars['STATISTICSURL']}'>{$aReplacementVars['STATISTICSURL']}</a>";
}
$aReplacementVars['ANSWERTABLE'] = '';
$aEmailResponseTo = array();
$aEmailNotificationTo = array();
$sResponseData = "";
if (!empty($thissurvey['emailnotificationto'])) {
$aRecipient = explode(";", ReplaceFields($thissurvey['emailnotificationto'], array('ADMINEMAIL' => $thissurvey['adminemail']), true));
foreach ($aRecipient as $sRecipient) {
$sRecipient = trim($sRecipient);
if (validateEmailAddress($sRecipient)) {
$aEmailNotificationTo[] = $sRecipient;
}
}
}
if (!empty($thissurvey['emailresponseto'])) {
// there was no token used so lets remove the token field from insertarray
if (!isset($_SESSION['survey_' . $surveyid]['token']) && $_SESSION['survey_' . $surveyid]['insertarray'][0] == 'token') {
unset($_SESSION['survey_' . $surveyid]['insertarray'][0]);
}
//Make an array of email addresses to send to
$aRecipient = explode(";", ReplaceFields($thissurvey['emailresponseto'], array('ADMINEMAIL' => $thissurvey['adminemail']), true));
foreach ($aRecipient as $sRecipient) {
$sRecipient = trim($sRecipient);
if (validateEmailAddress($sRecipient)) {
$aEmailResponseTo[] = $sRecipient;
}
}
$aFullResponseTable = getFullResponseTable($surveyid, $_SESSION['survey_' . $surveyid]['srid'], $_SESSION['survey_' . $surveyid]['s_lang']);
$ResultTableHTML = "<table class='printouttable' >\n";
$ResultTableText = "\n\n";
$oldgid = 0;
$oldqid = 0;
foreach ($aFullResponseTable as $sFieldname => $fname) {
if (substr($sFieldname, 0, 4) == 'gid_') {
$ResultTableHTML .= "\t<tr class='printanswersgroup'><td colspan='2'>" . strip_tags($fname[0]) . "</td></tr>\n";
$ResultTableText .= "\n{$fname[0]}\n\n";
} elseif (substr($sFieldname, 0, 4) == 'qid_') {
$ResultTableHTML .= "\t<tr class='printanswersquestionhead'><td colspan='2'>" . strip_tags($fname[0]) . "</td></tr>\n";
$ResultTableText .= "\n{$fname[0]}\n";
} else {
$ResultTableHTML .= "\t<tr class='printanswersquestion'><td>" . strip_tags("{$fname[0]} {$fname[1]}") . "</td><td class='printanswersanswertext'>" . CHtml::encode($fname[2]) . "</td></tr>\n";
$ResultTableText .= " {$fname[0]} {$fname[1]}: {$fname[2]}\n";
}
}
$ResultTableHTML .= "</table>\n";
$ResultTableText .= "\n\n";
if ($bIsHTML) {
$aReplacementVars['ANSWERTABLE'] = $ResultTableHTML;
} else {
$aReplacementVars['ANSWERTABLE'] = $ResultTableText;
}
}
$sFrom = $thissurvey['adminname'] . ' <' . $thissurvey['adminemail'] . '>';
$aAttachments = unserialize($thissurvey['attachments']);
$aRelevantAttachments = array();
/*
* Iterate through attachments and check them for relevance.
*/
if (isset($aAttachments['admin_notification'])) {
foreach ($aAttachments['admin_notification'] as $aAttachment) {
$relevance = $aAttachment['relevance'];
// If the attachment is relevant it will be added to the mail.
if (LimeExpressionManager::ProcessRelevance($relevance) && file_exists($aAttachment['url'])) {
$aRelevantAttachments[] = $aAttachment['url'];
}
}
}
$redata = compact(array_keys(get_defined_vars()));
if (count($aEmailNotificationTo) > 0) {
$sMessage = templatereplace($thissurvey['email_admin_notification'], $aReplacementVars, $redata, 'frontend_helper[1398]', $thissurvey['anonymized'] == "Y", NULL, array(), true);
$sSubject = templatereplace($thissurvey['email_admin_notification_subj'], $aReplacementVars, $redata, 'frontend_helper[1399]', $thissurvey['anonymized'] == "Y", NULL, array(), true);
foreach ($aEmailNotificationTo as $sRecipient) {
if (!SendEmailMessage($sMessage, $sSubject, $sRecipient, $sFrom, $sitename, true, getBounceEmail($surveyid), $aRelevantAttachments)) {
if ($debug > 0) {
echo '<br />Email could not be sent. Reason: ' . $maildebug . '<br/>';
}
}
}
}
$aRelevantAttachments = array();
/*
* Iterate through attachments and check them for relevance.
*/
if (isset($aAttachments['detailed_admin_notification'])) {
foreach ($aAttachments['detailed_admin_notification'] as $aAttachment) {
$relevance = $aAttachment['relevance'];
// If the attachment is relevant it will be added to the mail.
if (LimeExpressionManager::ProcessRelevance($relevance) && file_exists($aAttachment['url'])) {
$aRelevantAttachments[] = $aAttachment['url'];
}
}
}
if (count($aEmailResponseTo) > 0) {
$sMessage = templatereplace($thissurvey['email_admin_responses'], $aReplacementVars, $redata, 'frontend_helper[1414]', $thissurvey['anonymized'] == "Y", NULL, array(), true);
$sSubject = templatereplace($thissurvey['email_admin_responses_subj'], $aReplacementVars, $redata, 'frontend_helper[1415]', $thissurvey['anonymized'] == "Y", NULL, array(), true);
foreach ($aEmailResponseTo as $sRecipient) {
if (!SendEmailMessage($sMessage, $sSubject, $sRecipient, $sFrom, $sitename, true, getBounceEmail($surveyid), $aRelevantAttachments)) {
if ($debug > 0) {
echo '<br />Email could not be sent. Reason: ' . $maildebug . '<br/>';
}
}
}
}
}
public function beforeSurveyPage()
{
$oEvent = $this->event;
$iSurveyId = $oEvent->get('surveyId');
self::__init();
$bUse=$this->get('bUse', 'Survey', $iSurveyId);
if(is_null($bUse))
$bUse=$this->bUse;
if(!$bUse)
return;
$sToken= Yii::app()->request->getParam('token');
if($iSurveyId && !$sToken)// Test invalid token ?
{
// Get the survey model
$oSurvey=Survey::model()->find("sid=:sid",array(':sid'=>$iSurveyId));
if($oSurvey && $oSurvey->active=="Y" && $oSurvey->allowregister=="Y" && tableExists("tokens_{$iSurveyId}"))
{
// Fill parameters
$bShowTokenForm=$this->get('bShowTokenForm', 'Survey', $iSurveyId);
if(is_null($bShowTokenForm))
$bShowTokenForm=$this->bShowTokenForm;
$bShowTokenForm=$this->get('use', 'Survey', $iSurveyId);
if(is_null($bShowTokenForm))
$bShowTokenForm=$this->bUse;
Yii::app()->getClientScript()->registerCssFile(Yii::app()->getConfig('publicurl')."plugins/replaceRegister/css/register.css");
// We can go
$sLanguage = Yii::app()->request->getParam('lang','');
if ($sLanguage=="" )
{
$sLanguage = Survey::model()->findByPk($iSurveyId)->language;
}
$aSurveyInfo=getSurveyInfo($iSurveyId,$sLanguage);
$sAction= Yii::app()->request->getParam('action','view') ;
$sHtmlRegistererror="";
$sHtmlRegistermessage1=gT("You must be registered to complete this survey");;
$sHtmlRegistermessage2=gT("You may register for this survey if you wish to take part.")."<br />\n".gT("Enter your details below, and an email containing the link to participate in this survey will be sent immediately.");
$sHtmlRegisterform="";
$sHtml="";
$bShowForm=true;
$bValidMail=false;
$bTokenCreate=true;
$aExtraParams=array();
$aRegisterError=array();
$sR_email= Yii::app()->request->getPost('register_email');
$sR_firstname= sanitize_xss_string(Yii::app()->request->getPost('register_firstname',""));
$sR_lastname= sanitize_xss_string(Yii::app()->request->getPost('register_lastname',""));
$sR_lastname= sanitize_xss_string(Yii::app()->request->getPost('register_lastname',""));
$aR_attribute=array();
$aR_attributeGet=array();
$aExtraParams=array();
$aMail=array();
foreach ($aSurveyInfo['attributedescriptions'] as $field => $aAttribute)
{
if (!empty($aAttribute['show_register']) && $aAttribute['show_register'] == 'Y')
{
$aR_attribute[$field]= sanitize_xss_string(Yii::app()->request->getPost('register_'.$field),"");// Need to be filtered ?
}
elseif($aAttribute['description']==sanitize_paranoid_string($aAttribute['description']) && trim(Yii::app()->request->getQuery($aAttribute['description'],"")) )
{
$aR_attributeGet[$field]= sanitize_xss_string(trim(Yii::app()->request->getQuery($aAttribute['description'],"")));// Allow prefill with URL (TODO: add an option)
$aExtraParams[$aAttribute['description']]=sanitize_xss_string(trim(Yii::app()->request->getParam($aAttribute['description'],"")));
}
}
if($sAction=='register' && !is_null($sR_email) && Yii::app()->request->getPost('changelang')!='changelang')
{
$bShowForm=false;
// captcha
$sLoadsecurity=Yii::app()->request->getPost('loadsecurity');
$sSecAnswer=(isset($_SESSION['survey_'.$iSurveyId]['secanswer']))?$_SESSION['survey_'.$iSurveyId]['secanswer']:"";
$bShowForm=false;
$bNoError=true;
// Copy paste RegisterController
if($sR_email)
{
//Check that the email is a valid style addressattribute_2
if (!validateEmailAddress($sR_email))
{
$aRegisterError[]= gT("The email you used is not valid. Please try again.");
}
}
else
{
$aRegisterError[]= gT("The email you used is not valid. Please try again.");// Empty email
}
// Fill and validate mandatory extra attribute
foreach ($aSurveyInfo['attributedescriptions'] as $field => $aAttribute)
{
if (!empty($aAttribute['show_register']) && $aAttribute['show_register'] == 'Y' && $aAttribute['mandatory'] == 'Y' && ($aR_attribute[$field]=="" || is_null($aR_attribute[$field])) )
{
$aRegisterError[]= sprintf(gT("%s cannot be left empty").".", $aSurveyInfo['attributecaptions'][$field]);
}
}
// Check the security question's answer : at end because the security question is the last one
if (function_exists("ImageCreate") && isCaptchaEnabled('registrationscreen',$aSurveyInfo['usecaptcha']) )
{
if (!$sLoadsecurity || !$sSecAnswer || $sLoadsecurity != $sSecAnswer)
{
$aRegisterError[]= gT("The answer to the security question is incorrect.");
}
}
if(count($aRegisterError)==0)
{
//Check if this email already exists in token database
$oToken=TokenDynamic::model($iSurveyId)->find('email=:email',array(':email'=>$sR_email));
if ($oToken)
{
if($oToken->usesleft<1 && $aSurveyInfo['alloweditaftercompletion']!='Y')
{
$aRegisterError="The e-mail address you have entered is already registered an the questionnaire has been completed.";
}
elseif(strtolower(substr(trim($oToken->emailstatus),0,6))==="optout")// And global blacklisting ?
{
$aRegisterError="This email address is already registered but someone ask to don't receive new email again.";
}
elseif(!$oToken->emailstatus && $oToken->emailstatus!="OK")
{
$aRegisterError="This email address is already registered but the email adress was bounced.";
}
else
{
$iTokenId=$oToken->tid;
$aMail['subject']=$aSurveyInfo['email_register_subj'];
$aMail['message']=$aSurveyInfo['email_register'];
$aMail['information']="The address you have entered is already registered. An email has been sent to this address with a link that gives you access to the survey.";
// Did we update the token ? Setting ?
}
}
else
{
$oToken= Token::create($iSurveyId);
$oToken->firstname = $sR_firstname;
$oToken->lastname = $sR_lastname;
$oToken->email = $sR_email;
$oToken->emailstatus = 'OK';
$oToken->language = $sLanguage;
$oToken->setAttributes($aR_attribute);
$oToken->setAttributes($aR_attributeGet);// Need an option
if ($aSurveyInfo['startdate'])
{
$oToken->validfrom = $aSurveyInfo['startdate'];
}
if ($aSurveyInfo['expires'])
{
$oToken->validuntil = $aSurveyInfo['expires'];
}
$oToken->save();
$iTokenId=$oToken->tid;
TokenDynamic::model($iSurveyId)->createToken($iTokenId);// Review if really create a token
$aMail['subject']=$aSurveyInfo['email_register_subj'];
$aMail['message']=$aSurveyInfo['email_register'];
$aMail['information']=gT("An email has been sent to the address you provided with access details for this survey. Please follow the link in that email to proceed.");
}
}
}
if($aMail && $oToken)
{
$aReplacementFields=array();
$aReplacementFields["{ADMINNAME}"]=$aSurveyInfo['adminname'];
$aReplacementFields["{ADMINEMAIL}"]=$aSurveyInfo['adminemail'];
$aReplacementFields["{SURVEYNAME}"]=$aSurveyInfo['name'];
$aReplacementFields["{SURVEYDESCRIPTION}"]=$aSurveyInfo['description'];
$aReplacementFields["{EXPIRY}"]=$aSurveyInfo["expiry"];
$oToken=TokenDynamic::model($iSurveyId)->findByPk($iTokenId);
foreach($oToken->attributes as $attribute=>$value){
$aReplacementFields["{".strtoupper($attribute)."}"]=$value;
}
$sToken=$oToken->token;
$aMail['subject']=preg_replace("/{TOKEN:([A-Z0-9_]+)}/","{"."$1"."}",$aMail['subject']);
$aMail['message']=preg_replace("/{TOKEN:([A-Z0-9_]+)}/","{"."$1"."}",$aMail['message']);
$surveylink = App()->createAbsoluteUrl("/survey/index/sid/{$iSurveyId}",array('lang'=>$sLanguage,'token'=>$sToken));
$optoutlink = App()->createAbsoluteUrl("/optout/tokens/surveyid/{$iSurveyId}",array('langcode'=>$sLanguage,'token'=>$sToken));
$optinlink = App()->createAbsoluteUrl("/optin/tokens/surveyid/{$iSurveyId}",array('langcode'=>$sLanguage,'token'=>$sToken));
if (getEmailFormat($iSurveyId) == 'html')
{
$useHtmlEmail = true;
$aReplacementFields["{SURVEYURL}"]="<a href='$surveylink'>".$surveylink."</a>";
$aReplacementFields["{OPTOUTURL}"]="<a href='$optoutlink'>".$optoutlink."</a>";
$aReplacementFields["{OPTINURL}"]="<a href='$optinlink'>".$optinlink."</a>";
}
else
{
$useHtmlEmail = false;
$aReplacementFields["{SURVEYURL}"]= $surveylink;
$aReplacementFields["{OPTOUTURL}"]= $optoutlink;
$aReplacementFields["{OPTINURL}"]= $optinlink;
}
// Allow barebone link for all URL
$aMail['message'] = str_replace("@@SURVEYURL@@", $surveylink, $aMail['message']);
$aMail['message'] = str_replace("@@OPTOUTURL@@", $optoutlink, $aMail['message']);
$aMail['message'] = str_replace("@@OPTINURL@@", $optinlink, $aMail['message']);
// Replace the fields
$aMail['subject']=ReplaceFields($aMail['subject'], $aReplacementFields);
$aMail['message']=ReplaceFields($aMail['message'], $aReplacementFields);
// We have it, then try to send the mail.
$from = "{$aSurveyInfo['adminname']} <{$aSurveyInfo['adminemail']}>";
$sitename = Yii::app()->getConfig('sitename');
if (SendEmailMessage($aMail['message'], $aMail['subject'], $sR_email, $from, $sitename,$useHtmlEmail,getBounceEmail($iSurveyId)))
{
// TLR change to put date into sent
$today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i", Yii::app()->getConfig('timeadjust'));
$oToken->sent=$today;
$oToken->save();
$sReturnHtml="<div id='wrapper' class='message tokenmessage'>"
. "<p>".gT("Thank you for registering to participate in this survey.")."</p>\n"
. "<p>".$aMail['information']."</p>\n"
. "<p>".gT("Survey administrator")." {ADMINNAME} ({ADMINEMAIL})</p>"
. "</div>\n";
}
else
{
$sReturnHtml="<div id='wrapper' class='message tokenmessage'>"
. "<p>".gT("Thank you for registering to participate in this survey.")."</p>\n"
. "<p>"."We can not sent you an email actually, please contact the survey administrator"."</p>\n"
. "<p>".gT("Survey administrator")." {ADMINNAME} ({ADMINEMAIL})</p>"
. "</div>\n";
}
$sReturnHtml=ReplaceFields($sReturnHtml, $aReplacementFields);
$sTemplatePath=$aData['templatedir'] = getTemplatePath($aSurveyInfo['template']);
ob_start(function($buffer, $phase) {
App()->getClientScript()->render($buffer);
App()->getClientScript()->reset();
return $buffer;
});
ob_implicit_flush(false);
sendCacheHeaders();
doHeader();
$aData['thissurvey'] = $aSurveyInfo;
$aData['thissurvey'] = $aSurveyInfo;
echo templatereplace(file_get_contents($sTemplatePath.'/startpage.pstpl'),array(), $aData);
echo templatereplace(file_get_contents($sTemplatePath.'/survey.pstpl'),array(), $aData);
echo $sReturnHtml;
echo templatereplace(file_get_contents($sTemplatePath.'/endpage.pstpl'),array(), $aData);
doFooter();
ob_flush();
App()->end();
}
if($bShowForm || count($aRegisterError))
{
// Language ?
if(count($aRegisterError)==1){
$sHtmlRegistererror="<p class='error error-register'><strong>{$aRegisterError[0]}</strong></p>";
}elseif(count($aRegisterError)>1){
$sHtmlRegistererror="<ul class='error error-register error-list'>";
foreach ($aRegisterError as $sRegisterError)
$sHtmlRegistererror.="<li><strong>{$sRegisterError}</strong></li>";
$sHtmlRegistererror.="</ul>";
}
$aExtraParams['action']='register';
$aExtraParams['lang']=$sLanguage;
$sHtmlRegisterform = CHtml::form(Yii::app()->createUrl("/survey/index/sid/{$iSurveyId}",$aExtraParams), 'post');
$sHtmlRegisterform.="<table class='register'><tbody>\n";
$sHtmlRegisterform.= "<tr><th><label for='register_firstname'>".gT("First name") . "</label></th><td>".CHtml::textField('register_firstname',htmlentities($sR_firstname, ENT_QUOTES, 'UTF-8'),array('class'=>'text'))."</td></tr>\n";
$sHtmlRegisterform.= "<tr><th><label for='register_lastname'>".gT("Last name") . "</label></th><td>".CHtml::textField('register_lastname',htmlentities($sR_lastname, ENT_QUOTES, 'UTF-8'),array('class'=>'text'))."</td></tr>\n";
$sHtmlRegisterform.= "<tr class='mandatory'><th><label for='register_email'>".gT("Email address") . "</label></th><td>".CHtml::textField('register_email',htmlentities($sR_email, ENT_QUOTES, 'UTF-8'),array('class'=>'text'))."</td></tr>\n";
// Extra attribute
foreach ($aSurveyInfo['attributedescriptions'] as $field => $aAttribute)
{
if (!empty($aAttribute['show_register']) && $aAttribute['show_register'] == 'Y')
{
$sHtmlRegisterform.= "<tr".($aAttribute['mandatory'] == 'Y' ? " class='mandatory'" : '')."><th><label for='register_{$field}'>".$aSurveyInfo['attributecaptions'][$field].($aAttribute['mandatory'] == 'Y' ? ' *' : '')."</label></th><td>".CHtml::textField('register_'.$field,htmlentities($aR_attribute[$field], ENT_QUOTES, 'UTF-8'),array('class'=>'text'))."</td></tr>\n";
}
}
if (function_exists("ImageCreate") && isCaptchaEnabled('registrationscreen', $aSurveyInfo['usecaptcha']))
$sHtmlRegisterform.= "<tr><th><label for='loadsecurity'>" . gT("Security question") . "</label></th><td><img src='".Yii::app()->getController()->createUrl("/verification/image/sid/{$iSurveyId}")."' alt='' /><input type='text' size='5' maxlength='3' name='loadsecurity' id='loadsecurity' value='' /></td></tr>\n";
$sHtmlRegisterform.= "<tr><td></td><td>".CHtml::submitButton(gT("Continue"))."</td></tr>";
$sHtmlRegisterform.= "</tbody></table>\n";
$sHtmlRegisterform.= makeLanguageChangerSurvey($sLanguage);// Need to be inside the form
$sHtmlRegisterform.= CHtml::endForm();
}
$sTemplatePath=$aData['templatedir'] = getTemplatePath($aSurveyInfo['template']);
ob_start(function($buffer, $phase) {
App()->getClientScript()->render($buffer);
App()->getClientScript()->reset();
return $buffer;
});
ob_implicit_flush(false);
sendCacheHeaders();
doHeader();
// Get the register.pstpl file content, but remplace default by own string
$sHtmlRegister=file_get_contents($sTemplatePath.'/register.pstpl');
$sHtmlRegister= str_replace("{REGISTERERROR}",$sHtmlRegistererror,$sHtmlRegister);
$sHtmlRegister= str_replace("{REGISTERMESSAGE1}",$sHtmlRegistermessage1,$sHtmlRegister);
$sHtmlRegister= str_replace("{REGISTERMESSAGE2}",$sHtmlRegistermessage2,$sHtmlRegister);
$sHtmlRegister= str_replace("{REGISTERFORM}",$sHtmlRegisterform,$sHtmlRegister);
$aData['thissurvey'] = $aSurveyInfo;
echo templatereplace(file_get_contents($sTemplatePath.'/startpage.pstpl'),array(), $aData);
echo templatereplace(file_get_contents($sTemplatePath.'/survey.pstpl'),array(), $aData);
echo templatereplace($sHtmlRegister);
echo templatereplace(file_get_contents($sTemplatePath.'/endpage.pstpl'),array(), $aData);
doFooter();
ob_flush();
App()->end();
}
}
}
function sendExternalEmails($aEmailAddresses, $iDocumentID, $sDocumentName, $sComment, &$aEmailErrors)
{
global $default;
$oSendingUser = User::get($_SESSION['userID']);
// Create email content
/*
$sMessage = '<font face="arial" size="2">';
$sMessage .= sprintf(_kt("Your colleague, %s, wishes you to view the document entitled '%s'."), $oSendingUser->getName(), $sDocumentName);
$sMessage .= " \n";
$sMessage .= _kt('Click on the hyperlink below to view it.') . '<br><br>';
$sMsgEnd = '<br><br>' . _kt('Comments') . ':<br>' . $sComment;
$sMsgEnd .= '</font>';
$sTitle = sprintf(_kt("Link (ID %s): %s from %s"), $iDocumentID, $sDocumentName, $oSendingUser->getName());
*/
$sTitle = sprintf(_kt("%s wants to share a document using KnowledgeTree"), $oSendingUser->getName());
$sMessage = '<br>
    ' . _kt('Hello') . ',
<br />
<br />
    ' . sprintf(_kt('A KnowledgeTree user, %s, wants to share a document with you entitled "%s".'), $oSendingUser->getName(), $sDocumentName) . '
<br />
<br />
    <b>' . _kt('Message') . ':</b>
<br />
<br />
    ' . $sComment . '
<br />
<br />
    ' . _kt('<b>KnowledgeTree is easy to use open source document management software</b><br />    that helps businesses collaborate, securely store all critical documents, address<br />    compliance challenges, and improve business processes.') . '
<br />
<br />';
$sEmail = null;
$sEmailFrom = null;
$oConfig =& KTConfig::getSingleton();
if (!$oConfig->get('email/sendAsSystem')) {
$sEmail = $oSendingUser->getEmail();
$sEmailFrom = $oSendingUser->getName();
}
$oEmail = new Email($sEmail, $sEmailFrom);
$iCounter = 0;
foreach ($aEmailAddresses as $sAddress) {
if (validateEmailAddress($sAddress)) {
// Add to list of addresses
$sDestEmails .= empty($sDestEmails) ? $sAddress : ', ' . $sAddress;
// Create uniqueish temporary session id
$session = 'ktext_' . $iDocumentID . time() . $iCounter++;
// Create download link
$oDownloadManager = new KTDownloadManager();
$oDownloadManager->set_session($session);
$link = $oDownloadManager->allow_download($iDocumentID);
// $link = "<a href=\"{$link}\">{$link}</a>";
$links = '    <a href="http://www.knowledgetree.com/products">' . _kt('Learn More') . '</a>';
$links .= " | <a href=\"{$link}\">" . _kt('View Document') . "</a>";
$links .= ' | <a href="http://www.knowledgetree.com/node/39">' . _kt('Download Free Trial') . '</a><br /><br />';
// $sMsg = $sMessage.$link.$sMsgEnd;
$sMsg = $sMessage . $links;
$res = $oEmail->send(array($sAddress), $sTitle, $sMsg);
if (PEAR::isError($res)) {
$default->log->error($res->getMessage());
$aEmailErrors[] = $res->getMessage();
} else {
if ($res === false) {
$default->log->error("Error sending email ({$sTitle}) to {$sAddress}");
$aEmailErrors[] = "Error sending email ({$sTitle}) to {$sAddress}";
}
}
}
$default->log->info("Send email ({$sTitle}) to external addresses {$sDestEmails}");
// emailed link transaction
// need a document to do this.
$oDocument =& Document::get($iDocumentID);
$oDocumentTransaction = new DocumentTransaction($oDocument, sprintf(_kt("Document link emailed to external addresses %s. "), $sDestEmails) . $sComment, 'ktcore.transactions.email_link');
if ($oDocumentTransaction->create()) {
$default->log->debug("emailBL.php created email link document transaction for document ID={$iDocumentID}");
} else {
$default->log->error("emailBL.php couldn't create email link document transaction for document ID={$iDocumentID}");
}
}
}
/**
* import from csv
*/
public function import($iSurveyId)
{
$aData = array();
$iSurveyId = (int) $iSurveyId;
if (!Permission::model()->hasSurveyPermission($iSurveyId, 'tokens', 'import')) {
Yii::app()->session['flashmessage'] = gT("You do not have permission to access this page.");
$this->getController()->redirect(array("/admin/survey/sa/view/surveyid/{$iSurveyId}"));
}
// CHECK TO SEE IF A TOKEN TABLE EXISTS FOR THIS SURVEY
$bTokenExists = tableExists('{{tokens_' . $iSurveyId . '}}');
if (!$bTokenExists) {
self::_newtokentable($iSurveyId);
}
$surveyinfo = Survey::model()->findByPk($iSurveyId)->surveyinfo;
$aData['sidemenu']['state'] = false;
$aData["surveyinfo"] = $surveyinfo;
$aData['title_bar']['title'] = $surveyinfo['surveyls_title'] . "(" . gT("ID") . ":" . $iSurveyId . ")";
$aData['sidemenu']["token_menu"] = TRUE;
$aData['token_bar']['closebutton']['url'] = 'admin/tokens/sa/index/surveyid/' . $iSurveyId;
$this->registerScriptFile('ADMIN_SCRIPT_PATH', 'tokensimport.js');
$aEncodings = aEncodingsArray();
if (Yii::app()->request->isPostRequest) {
$sUploadCharset = Yii::app()->request->getPost('csvcharset');
if (!array_key_exists($sUploadCharset, $aEncodings)) {
$sUploadCharset = 'auto';
}
$bFilterDuplicateToken = Yii::app()->request->getPost('filterduplicatetoken');
$bFilterBlankEmail = Yii::app()->request->getPost('filterblankemail');
$bAllowInvalidEmail = Yii::app()->request->getPost('allowinvalidemail');
$aAttrFieldNames = getAttributeFieldNames($iSurveyId);
$aDuplicateList = array();
$aInvalidTokenList = array();
$aInvalidEmailList = array();
$aInvalidFormatList = array();
$aModelErrorList = array();
$aFirstLine = array();
$oFile = CUploadedFile::getInstanceByName("the_file");
$sPath = Yii::app()->getConfig('tempdir');
$sFileName = $sPath . '/' . randomChars(20);
if ($_FILES['the_file']['error'] == 1 || $_FILES['the_file']['error'] == 2) {
Yii::app()->setFlashMessage(sprintf(gT("Sorry, this file is too large. Only files up to %01.2f MB are allowed."), getMaximumFileUploadSize() / 1024 / 1024), 'error');
} elseif (strtolower($oFile->getExtensionName()) != 'csv') {
Yii::app()->setFlashMessage(gT("Only CSV files are allowed."), 'error');
} elseif (!@$oFile->saveAs($sFileName)) {
Yii::app()->setFlashMessage(sprintf(gT("Upload file not found. Check your permissions and path (%s) for the upload directory"), $sPath), 'error');
} else {
$iRecordImported = 0;
$iRecordCount = 0;
$iRecordOk = 0;
$iInvalidEmailCount = 0;
// Count invalid email imported
// This allows to read file with MAC line endings too
@ini_set('auto_detect_line_endings', true);
// open it and trim the ednings
$aTokenListArray = file($sFileName);
$sBaseLanguage = Survey::model()->findByPk($iSurveyId)->language;
if (!Yii::app()->request->getPost('filterduplicatefields') || Yii::app()->request->getPost('filterduplicatefields') && count(Yii::app()->request->getPost('filterduplicatefields')) == 0) {
$aFilterDuplicateFields = array('firstname', 'lastname', 'email');
} else {
$aFilterDuplicateFields = Yii::app()->request->getPost('filterduplicatefields');
}
$sSeparator = Yii::app()->request->getPost('separator');
$aMissingAttrFieldName = $aInvalideAttrFieldName = array();
foreach ($aTokenListArray as $buffer) {
$buffer = @mb_convert_encoding($buffer, "UTF-8", $sUploadCharset);
if ($iRecordCount == 0) {
// Parse first line (header) from CSV
$buffer = removeBOM($buffer);
// We alow all field except tid because this one is really not needed.
$aAllowedFieldNames = Token::model($iSurveyId)->tableSchema->getColumnNames();
if (($kTid = array_search('tid', $aAllowedFieldNames)) !== false) {
unset($aAllowedFieldNames[$kTid]);
}
// Some header don't have same column name
$aReplacedFields = array('invited' => 'sent', 'reminded' => 'remindersent');
switch ($sSeparator) {
case 'comma':
$sSeparator = ',';
break;
case 'semicolon':
$sSeparator = ';';
break;
default:
$comma = substr_count($buffer, ',');
$semicolon = substr_count($buffer, ';');
if ($semicolon > $comma) {
$sSeparator = ';';
} else {
$sSeparator = ',';
}
}
$aFirstLine = str_getcsv($buffer, $sSeparator, '"');
$aFirstLine = array_map('trim', $aFirstLine);
$aIgnoredColumns = array();
// Now check the first line for invalid fields
foreach ($aFirstLine as $index => $sFieldname) {
$aFirstLine[$index] = preg_replace("/(.*) <[^,]*>\$/", "\$1", $sFieldname);
$sFieldname = $aFirstLine[$index];
if (!in_array($sFieldname, $aAllowedFieldNames)) {
$aIgnoredColumns[] = $sFieldname;
}
if (array_key_exists($sFieldname, $aReplacedFields)) {
$aFirstLine[$index] = $aReplacedFields[$sFieldname];
}
// Attribute not in list
if (strpos($aFirstLine[$index], 'attribute_') !== false and !in_array($aFirstLine[$index], $aAttrFieldNames) and Yii::app()->request->getPost('showwarningtoken')) {
$aInvalideAttrFieldName[] = $aFirstLine[$index];
}
}
//compare attributes with source csv
if (Yii::app()->request->getPost('showwarningtoken')) {
$aMissingAttrFieldName = array_diff($aAttrFieldNames, $aFirstLine);
// get list of mandatory attributes
$allAttrFieldNames = GetParticipantAttributes($iSurveyId);
//if it isn't mandantory field we don't need to show in warning
if (!empty($aAttrFieldNames)) {
if (!empty($aMissingAttrFieldName)) {
foreach ($aMissingAttrFieldName as $index => $AttrFieldName) {
if (isset($allAttrFieldNames[$AttrFieldName]) and strtolower($allAttrFieldNames[$AttrFieldName]["mandatory"]) != "y") {
unset($aMissingAttrFieldName[$index]);
}
}
}
if (isset($aInvalideAttrFieldName) and !empty($aInvalideAttrFieldName)) {
foreach ($aInvalideAttrFieldName as $index => $AttrFieldName) {
if (isset($allAttrFieldNames[$AttrFieldName]) and strtolower($allAttrFieldNames[$AttrFieldName]["mandatory"]) != "y") {
unset($aInvalideAttrFieldName[$index]);
}
}
}
}
}
} else {
$line = str_getcsv($buffer, $sSeparator, '"');
if (count($aFirstLine) != count($line)) {
$aInvalidFormatList[] = sprintf(gT("Line %s"), $iRecordCount);
$iRecordCount++;
continue;
}
$aWriteArray = array_combine($aFirstLine, $line);
//kick out ignored columns
foreach ($aIgnoredColumns as $column) {
unset($aWriteArray[$column]);
}
$bDuplicateFound = false;
$bInvalidEmail = false;
$bInvalidToken = false;
$aWriteArray['email'] = isset($aWriteArray['email']) ? trim($aWriteArray['email']) : "";
$aWriteArray['firstname'] = isset($aWriteArray['firstname']) ? $aWriteArray['firstname'] : "";
$aWriteArray['lastname'] = isset($aWriteArray['lastname']) ? $aWriteArray['lastname'] : "";
$aWriteArray['language'] = isset($aWriteArray['language']) ? $aWriteArray['language'] : $sBaseLanguage;
if ($bFilterDuplicateToken) {
$aParams = array();
$oCriteria = new CDbCriteria();
$oCriteria->condition = "";
foreach ($aFilterDuplicateFields as $field) {
if (isset($aWriteArray[$field])) {
$oCriteria->addCondition("{$field} = :{$field}");
$aParams[":{$field}"] = $aWriteArray[$field];
}
}
if (!empty($aParams)) {
$oCriteria->params = $aParams;
}
$dupresult = TokenDynamic::model($iSurveyId)->count($oCriteria);
if ($dupresult > 0) {
$bDuplicateFound = true;
$aDuplicateList[] = sprintf(gT("Line %s : %s %s (%s)"), $iRecordCount, $aWriteArray['firstname'], $aWriteArray['lastname'], $aWriteArray['email']);
}
}
//treat blank emails
if (!$bDuplicateFound && $bFilterBlankEmail && $aWriteArray['email'] == '') {
$bInvalidEmail = true;
$aInvalidEmailList[] = sprintf(gT("Line %s : %s %s"), $iRecordCount, CHtml::encode($aWriteArray['firstname']), CHtml::encode($aWriteArray['lastname']));
}
if (!$bDuplicateFound && $aWriteArray['email'] != '') {
$aEmailAddresses = preg_split("/(,|;)/", $aWriteArray['email']);
foreach ($aEmailAddresses as $sEmailaddress) {
if (!validateEmailAddress($sEmailaddress)) {
if ($bAllowInvalidEmail) {
$iInvalidEmailCount++;
if (empty($aWriteArray['emailstatus']) || strtoupper($aWriteArray['emailstatus'] == "OK")) {
$aWriteArray['emailstatus'] = "invalid";
}
} else {
$bInvalidEmail = true;
$aInvalidEmailList[] = sprintf(gT("Line %s : %s %s (%s)"), $iRecordCount, CHtml::encode($aWriteArray['firstname']), CHtml::encode($aWriteArray['lastname']), CHtml::encode($aWriteArray['email']));
}
}
}
}
if (!$bDuplicateFound && !$bInvalidEmail && isset($aWriteArray['token']) && trim($aWriteArray['token']) != '') {
if (trim($aWriteArray['token']) != sanitize_token($aWriteArray['token'])) {
$aInvalidTokenList[] = sprintf(gT("Line %s : %s %s (%s) - token : %s"), $iRecordCount, CHtml::encode($aWriteArray['firstname']), CHtml::encode($aWriteArray['lastname']), CHtml::encode($aWriteArray['email']), CHtml::encode($aWriteArray['token']));
$bInvalidToken = true;
}
// We allways search for duplicate token (it's in model. Allow to reset or update token ?
if (Token::model($iSurveyId)->count("token=:token", array(":token" => $aWriteArray['token']))) {
$bDuplicateFound = true;
$aDuplicateList[] = sprintf(gT("Line %s : %s %s (%s) - token : %s"), $iRecordCount, CHtml::encode($aWriteArray['firstname']), CHtml::encode($aWriteArray['lastname']), CHtml::encode($aWriteArray['email']), CHtml::encode($aWriteArray['token']));
}
}
if (!$bDuplicateFound && !$bInvalidEmail && !$bInvalidToken) {
// unset all empty value
foreach ($aWriteArray as $key => $value) {
if ($aWriteArray[$key] == "") {
unset($aWriteArray[$key]);
}
if (substr($value, 0, 1) == '"' && substr($value, -1) == '"') {
// Fix CSV quote
$value = substr($value, 1, -1);
}
}
// Some default value : to be moved to Token model rules in future release ?
// But think we have to accept invalid email etc ... then use specific scenario
$oToken = Token::create($iSurveyId);
if ($bAllowInvalidEmail) {
$oToken->scenario = 'allowinvalidemail';
}
foreach ($aWriteArray as $key => $value) {
$oToken->{$key} = $value;
}
if (!$oToken->save()) {
$errors = $oToken->getErrors();
$aModelErrorList[] = sprintf(gT("Line %s : %s"), $iRecordCount, print_r($errors, true));
} else {
$iRecordImported++;
}
}
$iRecordOk++;
}
$iRecordCount++;
}
$iRecordCount = $iRecordCount - 1;
unlink($sFileName);
$aData['aTokenListArray'] = $aTokenListArray;
// Big array in memory, just for success ?
$aData['iRecordImported'] = $iRecordImported;
$aData['iRecordOk'] = $iRecordOk;
$aData['iRecordCount'] = $iRecordCount;
$aData['aFirstLine'] = $aFirstLine;
// Seem not needed
$aData['aDuplicateList'] = $aDuplicateList;
$aData['aInvalidTokenList'] = $aInvalidTokenList;
$aData['aInvalidFormatList'] = $aInvalidFormatList;
$aData['aInvalidEmailList'] = $aInvalidEmailList;
$aData['aModelErrorList'] = $aModelErrorList;
$aData['iInvalidEmailCount'] = $iInvalidEmailCount;
$aData['thissurvey'] = getSurveyInfo($iSurveyId);
$aData['iSurveyId'] = $aData['surveyid'] = $iSurveyId;
$aData['aInvalideAttrFieldName'] = $aInvalideAttrFieldName;
$aData['aMissingAttrFieldName'] = $aMissingAttrFieldName;
$this->_renderWrappedTemplate('token', array('csvimportresult'), $aData);
Yii::app()->end();
}
}
// If there are error with file : show the form
$aData['aEncodings'] = $aEncodings;
asort($aData['aEncodings']);
$aData['iSurveyId'] = $iSurveyId;
$aData['thissurvey'] = getSurveyInfo($iSurveyId);
$aData['surveyid'] = $iSurveyId;
$aTokenTableFields = getTokenFieldsAndNames($iSurveyId);
unset($aTokenTableFields['sent']);
unset($aTokenTableFields['remindersent']);
unset($aTokenTableFields['remindercount']);
unset($aTokenTableFields['usesleft']);
foreach ($aTokenTableFields as $sKey => $sValue) {
if ($sValue['description'] != $sKey) {
$sValue['description'] .= ' - ' . $sKey;
}
$aNewTokenTableFields[$sKey] = $sValue['description'];
}
$aData['aTokenTableFields'] = $aNewTokenTableFields;
// Get default character set from global settings
$thischaracterset = getGlobalSetting('characterset');
// If no encoding was set yet, use the old "auto" default
if ($thischaracterset == "") {
$thischaracterset = "auto";
}
$aData['thischaracterset'] = $thischaracterset;
$this->_renderWrappedTemplate('token', array('csvupload'), $aData);
}
/**
* Saves the new survey after the creation screen is submitted
*
* @param $iSurveyID The survey id to be used for the new survey. If already taken a new random one will be used.
*/
function insert($iSurveyID = null)
{
if (Permission::model()->hasGlobalPermission('surveys', 'create')) {
// Check if survey title was set
if (!$_POST['surveyls_title']) {
Yii::app()->session['flashmessage'] = gT("Survey could not be created because it did not have a title");
redirect($this->getController()->createUrl('admin'));
return;
}
Yii::app()->loadHelper("surveytranslator");
// If start date supplied convert it to the right format
$aDateFormatData = getDateFormatData(Yii::app()->session['dateformat']);
$sStartDate = $_POST['startdate'];
if (trim($sStartDate) != '') {
Yii::import('application.libraries.Date_Time_Converter');
$converter = new Date_Time_Converter($sStartDate, $aDateFormatData['phpdate'] . ' H:i:s');
$sStartDate = $converter->convert("Y-m-d H:i:s");
}
// If expiry date supplied convert it to the right format
$sExpiryDate = $_POST['expires'];
if (trim($sExpiryDate) != '') {
Yii::import('application.libraries.Date_Time_Converter');
$converter = new Date_Time_Converter($sExpiryDate, $aDateFormatData['phpdate'] . ' H:i:s');
$sExpiryDate = $converter->convert("Y-m-d H:i:s");
}
$iTokenLength = $_POST['tokenlength'];
//token length has to be at least 5, otherwise set it to default (15)
if ($iTokenLength < 5) {
$iTokenLength = 15;
}
if ($iTokenLength > 36) {
$iTokenLength = 36;
}
// Insert base settings into surveys table
$aInsertData = array('expires' => $sExpiryDate, 'startdate' => $sStartDate, 'template' => App()->request->getPost('template'), 'owner_id' => Yii::app()->session['loginID'], 'admin' => App()->request->getPost('admin'), 'active' => 'N', 'anonymized' => App()->request->getPost('anonymized'), 'faxto' => App()->request->getPost('faxto'), 'format' => App()->request->getPost('format'), 'savetimings' => App()->request->getPost('savetimings'), 'language' => App()->request->getPost('language'), 'datestamp' => App()->request->getPost('datestamp'), 'ipaddr' => App()->request->getPost('ipaddr'), 'refurl' => App()->request->getPost('refurl'), 'usecookie' => App()->request->getPost('usecookie'), 'emailnotificationto' => App()->request->getPost('emailnotificationto'), 'allowregister' => App()->request->getPost('allowregister'), 'allowsave' => App()->request->getPost('allowsave'), 'navigationdelay' => App()->request->getPost('navigationdelay'), 'autoredirect' => App()->request->getPost('autoredirect'), 'showxquestions' => App()->request->getPost('showxquestions'), 'showgroupinfo' => App()->request->getPost('showgroupinfo'), 'showqnumcode' => App()->request->getPost('showqnumcode'), 'shownoanswer' => App()->request->getPost('shownoanswer'), 'showwelcome' => App()->request->getPost('showwelcome'), 'allowprev' => App()->request->getPost('allowprev'), 'questionindex' => App()->request->getPost('questionindex'), 'nokeyboard' => App()->request->getPost('nokeyboard'), 'showprogress' => App()->request->getPost('showprogress'), 'printanswers' => App()->request->getPost('printanswers'), 'listpublic' => App()->request->getPost('public'), 'htmlemail' => App()->request->getPost('htmlemail'), 'sendconfirmation' => App()->request->getPost('sendconfirmation'), 'tokenanswerspersistence' => App()->request->getPost('tokenanswerspersistence'), 'alloweditaftercompletion' => App()->request->getPost('alloweditaftercompletion'), 'usecaptcha' => App()->request->getPost('usecaptcha'), 'publicstatistics' => App()->request->getPost('publicstatistics'), 'publicgraphs' => App()->request->getPost('publicgraphs'), 'assessments' => App()->request->getPost('assessments'), 'emailresponseto' => App()->request->getPost('emailresponseto'), 'tokenlength' => $iTokenLength);
$warning = '';
// make sure we only update emails if they are valid
if (Yii::app()->request->getPost('adminemail', '') == '' || validateEmailAddress(Yii::app()->request->getPost('adminemail'))) {
$aInsertData['adminemail'] = Yii::app()->request->getPost('adminemail');
} else {
$aInsertData['adminemail'] = '';
$warning .= gT("Warning! Notification email was not updated because it was not valid.") . '<br/>';
}
if (Yii::app()->request->getPost('bounce_email', '') == '' || validateEmailAddress(Yii::app()->request->getPost('bounce_email'))) {
$aInsertData['bounce_email'] = Yii::app()->request->getPost('bounce_email');
} else {
$aInsertData['bounce_email'] = '';
$warning .= gT("Warning! Bounce email was not updated because it was not valid.") . '<br/>';
}
if (!is_null($iSurveyID)) {
$aInsertData['wishSID'] = $iSurveyID;
}
$iNewSurveyid = Survey::model()->insertNewSurvey($aInsertData);
if (!$iNewSurveyid) {
die('Survey could not be created.');
}
// Prepare locale data for surveys_language_settings table
$sTitle = $_POST['surveyls_title'];
$sDescription = $_POST['description'];
$sWelcome = $_POST['welcome'];
$sURLDescription = $_POST['urldescrip'];
$sTitle = html_entity_decode($sTitle, ENT_QUOTES, "UTF-8");
$sDescription = html_entity_decode($sDescription, ENT_QUOTES, "UTF-8");
$sWelcome = html_entity_decode($sWelcome, ENT_QUOTES, "UTF-8");
$sURLDescription = html_entity_decode($sURLDescription, ENT_QUOTES, "UTF-8");
// Fix bug with FCKEditor saving strange BR types
$sTitle = fixCKeditorText($sTitle);
$sDescription = fixCKeditorText($sDescription);
$sWelcome = fixCKeditorText($sWelcome);
// Insert base language into surveys_language_settings table
$aInsertData = array('surveyls_survey_id' => $iNewSurveyid, 'surveyls_title' => $sTitle, 'surveyls_description' => $sDescription, 'surveyls_welcometext' => $sWelcome, 'surveyls_language' => $_POST['language'], 'surveyls_urldescription' => $_POST['urldescrip'], 'surveyls_endtext' => $_POST['endtext'], 'surveyls_url' => $_POST['url'], 'surveyls_dateformat' => (int) $_POST['dateformat'], 'surveyls_numberformat' => (int) $_POST['numberformat']);
$langsettings = new SurveyLanguageSetting();
$langsettings->insertNewSurvey($aInsertData);
Yii::app()->session['flashmessage'] = $warning . gT("Survey was successfully added.");
// Update survey permissions
Permission::model()->giveAllSurveyPermissions(Yii::app()->session['loginID'], $iNewSurveyid);
$this->getController()->redirect(array('admin/survey/sa/view/surveyid/' . $iNewSurveyid));
}
}
/**
* Database::index()
*
* @param mixed $sa
* @return
*/
function index($sa = null)
{
$sAction = Yii::app()->request->getPost('action');
$clang = $this->getController()->lang;
$iSurveyID = returnGlobal('sid');
$iQuestionGroupID = returnGlobal('gid');
$iQuestionID = returnGlobal('qid');
$sDBOutput = '';
$oFixCKeditor = new LSYii_Validators();
$oFixCKeditor->fixCKeditor = true;
$oFixCKeditor->xssfilter = false;
if ($sAction == "updatedefaultvalues" && Permission::model()->hasSurveyPermission($iSurveyID, 'surveycontent', 'update')) {
$aSurveyLanguages = Survey::model()->findByPk($iSurveyID)->additionalLanguages;
$sBaseLanguage = Survey::model()->findByPk($iSurveyID)->language;
array_unshift($aSurveyLanguages, $sBaseLanguage);
Question::model()->updateAll(array('same_default' => Yii::app()->request->getPost('samedefault') ? 1 : 0), 'sid=:sid ANd qid=:qid', array(':sid' => $iSurveyID, ':qid' => $iQuestionID));
$arQuestion = Question::model()->findByAttributes(array('qid' => $iQuestionID));
$sQuestionType = $arQuestion['type'];
$aQuestionTypeList = getQuestionTypeList('', 'array');
if ($aQuestionTypeList[$sQuestionType]['answerscales'] > 0 && $aQuestionTypeList[$sQuestionType]['subquestions'] == 0) {
for ($iScaleID = 0; $iScaleID < $aQuestionTypeList[$sQuestionType]['answerscales']; $iScaleID++) {
foreach ($aSurveyLanguages as $sLanguage) {
if (!is_null(Yii::app()->request->getPost('defaultanswerscale_' . $iScaleID . '_' . $sLanguage))) {
$this->_updateDefaultValues($iQuestionID, 0, $iScaleID, '', $sLanguage, Yii::app()->request->getPost('defaultanswerscale_' . $iScaleID . '_' . $sLanguage), true);
}
if (!is_null(Yii::app()->request->getPost('other_' . $iScaleID . '_' . $sLanguage))) {
$this->_updateDefaultValues($iQuestionID, 0, $iScaleID, 'other', $sLanguage, Yii::app()->request->getPost('other_' . $iScaleID . '_' . $sLanguage), true);
}
}
}
}
if ($aQuestionTypeList[$sQuestionType]['subquestions'] > 0) {
foreach ($aSurveyLanguages as $sLanguage) {
$arQuestions = Question::model()->findAllByAttributes(array('sid' => $iSurveyID, 'gid' => $iQuestionGroupID, 'parent_qid' => $iQuestionID, 'language' => $sLanguage, 'scale_id' => 0));
for ($iScaleID = 0; $iScaleID < $aQuestionTypeList[$sQuestionType]['subquestions']; $iScaleID++) {
foreach ($arQuestions as $aSubquestionrow) {
if (!is_null(Yii::app()->request->getPost('defaultanswerscale_' . $iScaleID . '_' . $sLanguage . '_' . $aSubquestionrow['qid']))) {
$this->_updateDefaultValues($iQuestionID, $aSubquestionrow['qid'], $iScaleID, '', $sLanguage, Yii::app()->request->getPost('defaultanswerscale_' . $iScaleID . '_' . $sLanguage . '_' . $aSubquestionrow['qid']), true);
}
}
}
}
}
if ($aQuestionTypeList[$sQuestionType]['answerscales'] == 0 && $aQuestionTypeList[$sQuestionType]['subquestions'] == 0) {
foreach ($aSurveyLanguages as $sLanguage) {
// Qick and dirty insert for yes/no defaul value
// write the the selectbox option, or if "EM" is slected, this value to table
if ($sQuestionType == 'Y') {
/// value for all langs
if (Yii::app()->request->getPost('samedefault') == 1) {
$sLanguage = $aSurveyLanguages[0];
// turn
} else {
$sCurrentLang = $sLanguage;
// edit the next lines
}
if (Yii::app()->request->getPost('defaultanswerscale_0_' . $sLanguage) == 'EM') {
// Case EM, write expression to database
$this->_updateDefaultValues($iQuestionID, 0, 0, '', $sLanguage, Yii::app()->request->getPost('defaultanswerscale_0_' . $sLanguage . '_EM'), true);
} else {
// Case "other", write list value to database
$this->_updateDefaultValues($iQuestionID, 0, 0, '', $sLanguage, Yii::app()->request->getPost('defaultanswerscale_0_' . $sLanguage), true);
}
///// end yes/no
} else {
if (!is_null(Yii::app()->request->getPost('defaultanswerscale_0_' . $sLanguage . '_0'))) {
$this->_updateDefaultValues($iQuestionID, 0, 0, '', $sLanguage, Yii::app()->request->getPost('defaultanswerscale_0_' . $sLanguage . '_0'), true);
}
}
}
}
Yii::app()->session['flashmessage'] = $clang->gT("Default value settings were successfully saved.");
LimeExpressionManager::SetDirtyFlag();
if ($sDBOutput != '') {
echo $sDBOutput;
} else {
$this->getController()->redirect(array('admin/survey/sa/view/surveyid/' . $iSurveyID . '/gid/' . $iQuestionGroupID . '/qid/' . $iQuestionID));
}
}
if ($sAction == "updateansweroptions" && Permission::model()->hasSurveyPermission($iSurveyID, 'surveycontent', 'update')) {
Yii::app()->loadHelper('database');
$aSurveyLanguages = Survey::model()->findByPk($iSurveyID)->additionalLanguages;
$sBaseLanguage = Survey::model()->findByPk($iSurveyID)->language;
array_unshift($aSurveyLanguages, $sBaseLanguage);
$arQuestion = Question::model()->findByAttributes(array('qid' => $iQuestionID));
$sQuestionType = $arQuestion['type'];
// Checked)
$aQuestionTypeList = getQuestionTypeList('', 'array');
$iScaleCount = $aQuestionTypeList[$sQuestionType]['answerscales'];
//First delete all answers
Answer::model()->deleteAllByAttributes(array('qid' => $iQuestionID));
LimeExpressionManager::RevertUpgradeConditionsToRelevance($iSurveyID);
for ($iScaleID = 0; $iScaleID < $iScaleCount; $iScaleID++) {
$iMaxCount = (int) Yii::app()->request->getPost('answercount_' . $iScaleID);
for ($iSortOrderID = 1; $iSortOrderID < $iMaxCount; $iSortOrderID++) {
$sCode = sanitize_paranoid_string(Yii::app()->request->getPost('code_' . $iSortOrderID . '_' . $iScaleID));
if (Yii::app()->request->getPost('oldcode_' . $iSortOrderID . '_' . $iScaleID)) {
$sOldCode = sanitize_paranoid_string(Yii::app()->request->getPost('oldcode_' . $iSortOrderID . '_' . $iScaleID));
if ($sCode !== $sOldCode) {
Condition::model()->updateAll(array('value' => $sCode), 'cqid=:cqid AND value=:value', array(':cqid' => $iQuestionID, ':value' => $sOldCode));
}
}
$iAssessmentValue = (int) Yii::app()->request->getPost('assessment_' . $iSortOrderID . '_' . $iScaleID);
foreach ($aSurveyLanguages as $sLanguage) {
$sAnswerText = Yii::app()->request->getPost('answer_' . $sLanguage . '_' . $iSortOrderID . '_' . $iScaleID);
// Fix bug with FCKEditor saving strange BR types
$sAnswerText = $oFixCKeditor->fixCKeditor($sAnswerText);
// Now we insert the answers
$iInsertCount = Answer::model()->insertRecords(array('code' => $sCode, 'answer' => $sAnswerText, 'qid' => $iQuestionID, 'sortorder' => $iSortOrderID, 'language' => $sLanguage, 'assessment_value' => $iAssessmentValue, 'scale_id' => $iScaleID));
if (!$iInsertCount) {
Yii::app()->setFlashMessage($clang->gT("Failed to update answers"), 'error');
}
}
// foreach ($alllanguages as $language)
if (isset($sOldCode) && $sCode !== $sOldCode) {
Condition::model()->updateAll(array('value' => $sCode), 'cqid=:cqid AND value=:value', array(':cqid' => $iQuestionID, ':value' => $sOldCode));
}
}
// for ($sortorderid=0;$sortorderid<$maxcount;$sortorderid++)
}
// for ($scale_id=0;
LimeExpressionManager::UpgradeConditionsToRelevance($iSurveyID);
if (!Yii::app()->request->getPost('bFullPOST')) {
Yii::app()->setFlashMessage($clang->gT("Not all answer options were saved. This usually happens due to server limitations ( PHP setting max_input_vars) - please contact your system administrator."));
} else {
Yii::app()->session['flashmessage'] = $clang->gT("Answer options were successfully saved.");
}
LimeExpressionManager::SetDirtyFlag();
if ($sDBOutput != '') {
echo $sDBOutput;
} else {
$this->getController()->redirect(array('/admin/questions/sa/answeroptions/surveyid/' . $iSurveyID . '/gid/' . $iQuestionGroupID . '/qid/' . $iQuestionID));
}
}
if ($sAction == "updatesubquestions" && Permission::model()->hasSurveyPermission($iSurveyID, 'surveycontent', 'update')) {
Yii::app()->loadHelper('database');
$aSurveyLanguages = Survey::model()->findByPk($iSurveyID)->additionalLanguages;
$sBaseLanguage = Survey::model()->findByPk($iSurveyID)->language;
array_unshift($aSurveyLanguages, $sBaseLanguage);
$arQuestion = Question::model()->findByAttributes(array('qid' => $iQuestionID));
$sQuestionType = $arQuestion['type'];
// Checked
$aQuestionTypeList = getQuestionTypeList('', 'array');
$iScaleCount = $aQuestionTypeList[$sQuestionType]['subquestions'];
$clang = $this->getController()->lang;
// First delete any deleted ids
$aDeletedQIDs = explode(' ', trim(Yii::app()->request->getPost('deletedqids')));
LimeExpressionManager::RevertUpgradeConditionsToRelevance($iSurveyID);
$aDeletedQIDs = array_unique($aDeletedQIDs, SORT_NUMERIC);
foreach ($aDeletedQIDs as $iDeletedQID) {
$iDeletedQID = (int) $iDeletedQID;
if ($iDeletedQID > 0) {
// don't remove undefined
$iInsertCount = Question::model()->deleteAllByAttributes(array('qid' => $iDeletedQID));
if (!$iInsertCount) {
Yii::app()->setFlashMessage($clang->gT("Failed to delete answer"), 'error');
}
}
}
//Determine ids by evaluating the hidden field
$aRows = array();
$aCodes = array();
$aOldCodes = array();
foreach ($_POST as $sPOSTKey => $sPOSTValue) {
$sPOSTKey = explode('_', $sPOSTKey);
if ($sPOSTKey[0] == 'answer') {
$aRows[$sPOSTKey[3]][$sPOSTKey[1]][$sPOSTKey[2]] = $sPOSTValue;
}
if ($sPOSTKey[0] == 'code') {
$aCodes[$sPOSTKey[2]][] = $sPOSTValue;
}
if ($sPOSTKey[0] == 'oldcode') {
$aOldCodes[$sPOSTKey[2]][] = $sPOSTValue;
}
}
$aInsertQID = array();
for ($iScaleID = 0; $iScaleID < $iScaleCount; $iScaleID++) {
foreach ($aSurveyLanguages as $sLanguage) {
$iPosition = 0;
foreach ($aRows[$iScaleID][$sLanguage] as $subquestionkey => $subquestionvalue) {
if (substr($subquestionkey, 0, 3) != 'new') {
$oSubQuestion = Question::model()->find("qid=:qid AND language=:language", array(":qid" => $subquestionkey, ':language' => $sLanguage));
$oSubQuestion->question_order = $iPosition + 1;
$oSubQuestion->title = $aCodes[$iScaleID][$iPosition];
$oSubQuestion->question = $subquestionvalue;
$oSubQuestion->scale_id = $iScaleID;
} else {
if (!isset($aInsertQID[$iScaleID][$iPosition])) {
$oSubQuestion = new Question();
$oSubQuestion->sid = $iSurveyID;
$oSubQuestion->gid = $iQuestionGroupID;
$oSubQuestion->question_order = $iPosition + 1;
$oSubQuestion->title = $aCodes[$iScaleID][$iPosition];
$oSubQuestion->question = $subquestionvalue;
$oSubQuestion->parent_qid = $iQuestionID;
$oSubQuestion->language = $sLanguage;
$oSubQuestion->scale_id = $iScaleID;
} else {
$oSubQuestion = Question::model()->find("qid=:qid AND language=:language", array(":qid" => $aInsertQID[$iScaleID][$iPosition], ':language' => $sLanguage));
if (!$oSubQuestion) {
$oSubQuestion = new Question();
}
$oSubQuestion->sid = $iSurveyID;
$oSubQuestion->qid = $aInsertQID[$iScaleID][$iPosition];
$oSubQuestion->gid = $iQuestionGroupID;
$oSubQuestion->question_order = $iPosition + 1;
$oSubQuestion->title = $aCodes[$iScaleID][$iPosition];
$oSubQuestion->question = $subquestionvalue;
$oSubQuestion->parent_qid = $iQuestionID;
$oSubQuestion->language = $sLanguage;
$oSubQuestion->scale_id = $iScaleID;
}
}
$bSubQuestionResult = $oSubQuestion->save();
if ($bSubQuestionResult) {
if (substr($subquestionkey, 0, 3) != 'new' && isset($aOldCodes[$iScaleID][$iPosition]) && $aCodes[$iScaleID][$iPosition] !== $aOldCodes[$iScaleID][$iPosition]) {
Condition::model()->updateAll(array('cfieldname' => '+' . $iSurveyID . 'X' . $iQuestionGroupID . 'X' . $iQuestionID . $aCodes[$iScaleID][$iPosition], 'value' => $aCodes[$iScaleID][$iPosition]), 'cqid=:cqid AND cfieldname=:cfieldname AND value=:value', array(':cqid' => $iQuestionID, ':cfieldname' => $iSurveyID . 'X' . $iQuestionGroupID . 'X' . $iQuestionID, ':value' => $aOldCodes[$iScaleID][$iPosition]));
}
if (!isset($aInsertQID[$iScaleID][$iPosition])) {
$aInsertQID[$iScaleID][$iPosition] = $oSubQuestion->qid;
}
} else {
$aErrors = $oSubQuestion->getErrors();
if (count($aErrors)) {
//$sErrorMessage=$clang->gT("Question could not be updated with this errors:");
foreach ($aErrors as $sAttribute => $aStringErrors) {
foreach ($aStringErrors as $sStringErrors) {
Yii::app()->setFlashMessage(sprintf($clang->gT("Error on %s for subquestion %s: %s"), $sAttribute, $aCodes[$iScaleID][$iPosition], $sStringErrors), 'error');
}
}
} else {
Yii::app()->setFlashMessage(sprintf($clang->gT("Subquestions %s could not be updated."), $aCodes[$iScaleID][$iPosition]), 'error');
}
}
$iPosition++;
}
}
}
LimeExpressionManager::UpgradeConditionsToRelevance($iSurveyID);
// Do it only if there are no error ?
if (!isset($aErrors) || !count($aErrors)) {
if (!Yii::app()->request->getPost('bFullPOST')) {
Yii::app()->session['flashmessage'] = $clang->gT("Not all subquestions were saved. This usually happens due to server limitations ( PHP setting max_input_vars) - please contact your system administrator.");
} else {
Yii::app()->session['flashmessage'] = $clang->gT("Subquestions were successfully saved.");
}
}
//$action='editsubquestions';
LimeExpressionManager::SetDirtyFlag();
if ($sDBOutput != '') {
echo $sDBOutput;
} else {
$this->getController()->redirect(array('/admin/questions/sa/subquestions/surveyid/' . $iSurveyID . '/gid/' . $iQuestionGroupID . '/qid/' . $iQuestionID));
}
}
if (in_array($sAction, array('insertquestion', 'copyquestion')) && Permission::model()->hasSurveyPermission($iSurveyID, 'surveycontent', 'create')) {
$sBaseLanguage = Survey::model()->findByPk($iSurveyID)->language;
if (strlen(Yii::app()->request->getPost('title')) < 1) {
Yii::app()->setFlashMessage($clang->gT("The question could not be added. You must enter at least a question code."), 'error');
} else {
if (Yii::app()->request->getPost('questionposition', "") != "") {
$iQuestionOrder = intval(Yii::app()->request->getPost('questionposition'));
//Need to renumber all questions on or after this
$sQuery = "UPDATE {{questions}} SET question_order=question_order+1 WHERE gid=:gid AND question_order >= :order";
Yii::app()->db->createCommand($sQuery)->bindValues(array(':gid' => $iQuestionGroupID, ':order' => $iQuestionOrder))->query();
} else {
$iQuestionOrder = getMaxQuestionOrder($iQuestionGroupID, $iSurveyID);
$iQuestionOrder++;
}
$sQuestionText = Yii::app()->request->getPost('question_' . $sBaseLanguage, '');
$sQuestionHelp = Yii::app()->request->getPost('help_' . $sBaseLanguage, '');
// Fix bug with FCKEditor saving strange BR types : in rules ?
$sQuestionText = $oFixCKeditor->fixCKeditor($sQuestionText);
$sQuestionHelp = $oFixCKeditor->fixCKeditor($sQuestionHelp);
$iQuestionID = 0;
$oQuestion = new Question();
$oQuestion->sid = $iSurveyID;
$oQuestion->gid = $iQuestionGroupID;
$oQuestion->type = Yii::app()->request->getPost('type');
$oQuestion->title = Yii::app()->request->getPost('title');
$oQuestion->question = $sQuestionText;
$oQuestion->preg = Yii::app()->request->getPost('preg');
$oQuestion->help = $sQuestionHelp;
$oQuestion->other = Yii::app()->request->getPost('other');
$oQuestion->mandatory = Yii::app()->request->getPost('mandatory');
$oQuestion->relevance = Yii::app()->request->getPost('relevance');
$oQuestion->question_order = $iQuestionOrder;
$oQuestion->language = $sBaseLanguage;
$oQuestion->save();
if ($oQuestion) {
$iQuestionID = $oQuestion->qid;
}
$aErrors = $oQuestion->getErrors();
if (count($aErrors)) {
foreach ($aErrors as $sAttribute => $aStringErrors) {
foreach ($aStringErrors as $sStringErrors) {
Yii::app()->setFlashMessage(sprintf($clang->gT("Question could not be created with error on %s: %s"), $sAttribute, $sStringErrors), 'error');
}
}
}
// Add other languages
if ($iQuestionID) {
$addlangs = Survey::model()->findByPk($iSurveyID)->additionalLanguages;
foreach ($addlangs as $alang) {
if ($alang != "") {
$langqid = 0;
$oQuestion = new Question();
$oQuestion->qid = $iQuestionID;
$oQuestion->sid = $iSurveyID;
$oQuestion->gid = $iQuestionGroupID;
$oQuestion->type = Yii::app()->request->getPost('type');
$oQuestion->title = Yii::app()->request->getPost('title');
$oQuestion->question = Yii::app()->request->getPost('question_' . $alang);
$oQuestion->preg = Yii::app()->request->getPost('preg');
$oQuestion->help = Yii::app()->request->getPost('help_' . $alang);
$oQuestion->other = Yii::app()->request->getPost('other');
$oQuestion->mandatory = Yii::app()->request->getPost('mandatory');
$oQuestion->relevance = Yii::app()->request->getPost('relevance');
$oQuestion->question_order = $iQuestionOrder;
$oQuestion->language = $alang;
switchMSSQLIdentityInsert('questions', true);
// Not sure for this one ?
$oQuestion->save();
switchMSSQLIdentityInsert('questions', false);
if ($oQuestion) {
$langqid = $oQuestion->qid;
}
$aErrors = $oQuestion->getErrors();
if (count($aErrors)) {
foreach ($aErrors as $sAttribute => $aStringErrors) {
foreach ($aStringErrors as $sStringErrors) {
Yii::app()->setFlashMessage(sprintf($clang->gT("Question in language %s could not be created with error on %s: %s"), $alang, $sAttribute, $sStringErrors), 'error');
}
}
}
# if (!$langqid)
# {
# Yii::app()->setFlashMessage($clang->gT("Question in language %s could not be created."),'error');
# }
}
}
}
if (!$iQuestionID) {
Yii::app()->setFlashMessage($clang->gT("Question could not be created."), 'error');
} else {
if ($sAction == 'copyquestion') {
if (returnGlobal('copysubquestions') == "Y") {
$aSQIDMappings = array();
$r1 = Question::model()->getSubQuestions(returnGlobal('oldqid'));
while ($qr1 = $r1->read()) {
$qr1['parent_qid'] = $iQuestionID;
if (isset($aSQIDMappings[$qr1['qid']])) {
$qr1['qid'] = $aSQIDMappings[$qr1['qid']];
} else {
$oldqid = $qr1['qid'];
unset($qr1['qid']);
}
$qr1['gid'] = $iQuestionGroupID;
$iInsertID = Question::model()->insertRecords($qr1);
if (!isset($qr1['qid'])) {
$aSQIDMappings[$oldqid] = $iInsertID;
}
}
}
if (returnGlobal('copyanswers') == "Y") {
$r1 = Answer::model()->getAnswers(returnGlobal('oldqid'));
while ($qr1 = $r1->read()) {
Answer::model()->insertRecords(array('qid' => $iQuestionID, 'code' => $qr1['code'], 'answer' => $qr1['answer'], 'assessment_value' => $qr1['assessment_value'], 'sortorder' => $qr1['sortorder'], 'language' => $qr1['language'], 'scale_id' => $qr1['scale_id']));
}
}
if (returnGlobal('copyattributes') == "Y") {
$oOldAttributes = QuestionAttribute::model()->findAll("qid=:qid", array("qid" => returnGlobal('oldqid')));
foreach ($oOldAttributes as $oOldAttribute) {
$attribute = new QuestionAttribute();
$attribute->qid = $iQuestionID;
$attribute->value = $oOldAttribute->value;
$attribute->attribute = $oOldAttribute->attribute;
$attribute->language = $oOldAttribute->language;
$attribute->save();
}
}
} else {
$qattributes = questionAttributes();
$validAttributes = $qattributes[Yii::app()->request->getPost('type')];
$aLanguages = array_merge(array(Survey::model()->findByPk($iSurveyID)->language), Survey::model()->findByPk($iSurveyID)->additionalLanguages);
foreach ($validAttributes as $validAttribute) {
if ($validAttribute['i18n']) {
foreach ($aLanguages as $sLanguage) {
$value = Yii::app()->request->getPost($validAttribute['name'] . '_' . $sLanguage);
$iInsertCount = QuestionAttribute::model()->findAllByAttributes(array('attribute' => $validAttribute['name'], 'qid' => $iQuestionID, 'language' => $sLanguage));
if (count($iInsertCount) > 0) {
if ($value != '') {
QuestionAttribute::model()->updateAll(array('value' => $value), 'attribute=:attribute AND qid=:qid AND language=:language', array(':attribute' => $validAttribute['name'], ':qid' => $iQuestionID, ':language' => $sLanguage));
} else {
QuestionAttribute::model()->deleteAll('attribute=:attribute AND qid=:qid AND language=:language', array(':attribute' => $validAttribute['name'], ':qid' => $iQuestionID, ':language' => $sLanguage));
}
} elseif ($value != '') {
$attribute = new QuestionAttribute();
$attribute->qid = $iQuestionID;
$attribute->value = $value;
$attribute->attribute = $validAttribute['name'];
$attribute->language = $sLanguage;
$attribute->save();
}
}
} else {
$value = Yii::app()->request->getPost($validAttribute['name']);
if ($validAttribute['name'] == 'multiflexible_step' && trim($value) != '') {
$value = floatval($value);
if ($value == 0) {
$value = 1;
}
}
$iInsertCount = QuestionAttribute::model()->findAllByAttributes(array('attribute' => $validAttribute['name'], 'qid' => $iQuestionID));
if (count($iInsertCount) > 0) {
if ($value != $validAttribute['default'] && trim($value) != "") {
QuestionAttribute::model()->updateAll(array('value' => $value), 'attribute=:attribute AND qid=:qid', array(':attribute' => $validAttribute['name'], ':qid' => $iQuestionID));
} else {
QuestionAttribute::model()->deleteAll('attribute=:attribute AND qid=:qid', array(':attribute' => $validAttribute['name'], ':qid' => $iQuestionID));
}
} elseif ($value != $validAttribute['default'] && trim($value) != "") {
$attribute = new QuestionAttribute();
$attribute->qid = $iQuestionID;
$attribute->value = $value;
$attribute->attribute = $validAttribute['name'];
$attribute->save();
}
}
}
}
Question::model()->updateQuestionOrder($iQuestionGroupID, $iSurveyID);
Yii::app()->session['flashmessage'] = $clang->gT("Question was successfully added.");
}
}
LimeExpressionManager::SetDirtyFlag();
// so refreshes syntax highlighting
if ($sDBOutput != '') {
echo $sDBOutput;
} else {
$this->getController()->redirect(array('admin/survey/sa/view/surveyid/' . $iSurveyID . '/gid/' . $iQuestionGroupID . '/qid/' . $iQuestionID));
}
}
if ($sAction == "updatequestion" && Permission::model()->hasSurveyPermission($iSurveyID, 'surveycontent', 'update')) {
LimeExpressionManager::RevertUpgradeConditionsToRelevance($iSurveyID);
$cqr = Question::model()->findByAttributes(array('qid' => $iQuestionID));
$oldtype = $cqr['type'];
$oldgid = $cqr['gid'];
// Remove invalid question attributes on saving
$qattributes = questionAttributes();
$criteria = new CDbCriteria();
$criteria->compare('qid', $iQuestionID);
if (isset($qattributes[Yii::app()->request->getPost('type')])) {
$validAttributes = $qattributes[Yii::app()->request->getPost('type')];
foreach ($validAttributes as $validAttribute) {
$criteria->compare('attribute', '<>' . $validAttribute['name']);
}
}
QuestionAttribute::model()->deleteAll($criteria);
$aLanguages = array_merge(array(Survey::model()->findByPk($iSurveyID)->language), Survey::model()->findByPk($iSurveyID)->additionalLanguages);
//now save all valid attributes
$validAttributes = $qattributes[Yii::app()->request->getPost('type')];
foreach ($validAttributes as $validAttribute) {
if ($validAttribute['i18n']) {
foreach ($aLanguages as $sLanguage) {
// TODO sanitise XSS
$value = Yii::app()->request->getPost($validAttribute['name'] . '_' . $sLanguage);
$iInsertCount = QuestionAttribute::model()->findAllByAttributes(array('attribute' => $validAttribute['name'], 'qid' => $iQuestionID, 'language' => $sLanguage));
if (count($iInsertCount) > 0) {
if ($value != '') {
QuestionAttribute::model()->updateAll(array('value' => $value), 'attribute=:attribute AND qid=:qid AND language=:language', array(':attribute' => $validAttribute['name'], ':qid' => $iQuestionID, ':language' => $sLanguage));
} else {
QuestionAttribute::model()->deleteAll('attribute=:attribute AND qid=:qid AND language=:language', array(':attribute' => $validAttribute['name'], ':qid' => $iQuestionID, ':language' => $sLanguage));
}
} elseif ($value != '') {
$attribute = new QuestionAttribute();
$attribute->qid = $iQuestionID;
$attribute->value = $value;
$attribute->attribute = $validAttribute['name'];
$attribute->language = $sLanguage;
$attribute->save();
}
}
} else {
$value = Yii::app()->request->getPost($validAttribute['name']);
if ($validAttribute['name'] == 'multiflexible_step' && trim($value) != '') {
$value = floatval($value);
if ($value == 0) {
$value = 1;
}
}
$iInsertCount = QuestionAttribute::model()->findAllByAttributes(array('attribute' => $validAttribute['name'], 'qid' => $iQuestionID));
if (count($iInsertCount) > 0) {
if ($value != $validAttribute['default'] && trim($value) != "") {
QuestionAttribute::model()->updateAll(array('value' => $value), 'attribute=:attribute AND qid=:qid', array(':attribute' => $validAttribute['name'], ':qid' => $iQuestionID));
} else {
QuestionAttribute::model()->deleteAll('attribute=:attribute AND qid=:qid', array(':attribute' => $validAttribute['name'], ':qid' => $iQuestionID));
}
} elseif ($value != $validAttribute['default'] && trim($value) != "") {
$attribute = new QuestionAttribute();
$attribute->qid = $iQuestionID;
$attribute->value = $value;
$attribute->attribute = $validAttribute['name'];
$attribute->save();
}
}
}
$aQuestionTypeList = getQuestionTypeList('', 'array');
// These are the questions types that have no answers and therefore we delete the answer in that case
$iAnswerScales = $aQuestionTypeList[Yii::app()->request->getPost('type')]['answerscales'];
$iSubquestionScales = $aQuestionTypeList[Yii::app()->request->getPost('type')]['subquestions'];
// These are the questions types that have the other option therefore we set everything else to 'No Other'
if (Yii::app()->request->getPost('type') != "L" && Yii::app()->request->getPost('type') != "!" && Yii::app()->request->getPost('type') != "P" && Yii::app()->request->getPost('type') != "M") {
$_POST['other'] = 'N';
}
// These are the questions types that have no validation - so zap it accordingly
if (Yii::app()->request->getPost('type') == "!" || Yii::app()->request->getPost('type') == "L" || Yii::app()->request->getPost('type') == "M" || Yii::app()->request->getPost('type') == "P" || Yii::app()->request->getPost('type') == "F" || Yii::app()->request->getPost('type') == "H" || Yii::app()->request->getPost('type') == "X" || Yii::app()->request->getPost('type') == "") {
$_POST['preg'] = '';
}
// These are the questions types that have no mandatory property - so zap it accordingly
if (Yii::app()->request->getPost('type') == "X" || Yii::app()->request->getPost('type') == "|") {
$_POST['mandatory'] = 'N';
}
if ($oldtype != Yii::app()->request->getPost('type')) {
// TMSW Condition->Relevance: Do similar check via EM, but do allow such a change since will be easier to modify relevance
//Make sure there are no conditions based on this question, since we are changing the type
$ccresult = Condition::model()->findAllByAttributes(array('cqid' => $iQuestionID));
$cccount = count($ccresult);
foreach ($ccresult as $ccr) {
$qidarray[] = $ccr['qid'];
}
if (isset($qidarray) && $qidarray) {
$qidlist = implode(", ", $qidarray);
}
}
if (isset($cccount) && $cccount) {
Yii::app()->setFlashMessage($clang->gT("Question could not be updated. There are conditions for other questions that rely on the answers to this question and changing the type will cause problems. You must delete these conditions before you can change the type of this question."), 'error');
} else {
if (isset($iQuestionGroupID) && $iQuestionGroupID != "") {
// $array_result=checkMoveQuestionConstraintsForConditions(sanitize_int($surveyid),sanitize_int($qid), sanitize_int($gid));
// // If there is no blocking conditions that could prevent this move
//
// if (is_null($array_result['notAbove']) && is_null($array_result['notBelow']))
// {
$aSurveyLanguages = Survey::model()->findByPk($iSurveyID)->additionalLanguages;
$sBaseLanguage = Survey::model()->findByPk($iSurveyID)->language;
array_push($aSurveyLanguages, $sBaseLanguage);
foreach ($aSurveyLanguages as $qlang) {
if (isset($qlang) && $qlang != "") {
// é to é and & to & : really needed ? Why not for answers ? (130307)
$sQuestionText = Yii::app()->request->getPost('question_' . $qlang, '');
$sQuestionHelp = Yii::app()->request->getPost('help_' . $qlang, '');
// Fix bug with FCKEditor saving strange BR types : in rules ?
$sQuestionText = $oFixCKeditor->fixCKeditor($sQuestionText);
$sQuestionHelp = $oFixCKeditor->fixCKeditor($sQuestionHelp);
$udata = array('type' => Yii::app()->request->getPost('type'), 'title' => Yii::app()->request->getPost('title'), 'question' => $sQuestionText, 'preg' => Yii::app()->request->getPost('preg'), 'help' => $sQuestionHelp, 'gid' => $iQuestionGroupID, 'other' => Yii::app()->request->getPost('other'), 'mandatory' => Yii::app()->request->getPost('mandatory'), 'relevance' => Yii::app()->request->getPost('relevance'));
if ($oldgid != $iQuestionGroupID) {
if (getGroupOrder($iSurveyID, $oldgid) > getGroupOrder($iSurveyID, $iQuestionGroupID)) {
// TMSW Condition->Relevance: What is needed here?
// Moving question to a 'upper' group
// insert question at the end of the destination group
// this prevent breaking conditions if the target qid is in the dest group
$insertorder = getMaxQuestionOrder($iQuestionGroupID, $iSurveyID) + 1;
$udata = array_merge($udata, array('question_order' => $insertorder));
} else {
// Moving question to a 'lower' group
// insert question at the beginning of the destination group
shiftOrderQuestions($iSurveyID, $iQuestionGroupID, 1);
// makes 1 spare room for new question at top of dest group
$udata = array_merge($udata, array('question_order' => 0));
}
}
//$condn = array('sid' => $surveyid, 'qid' => $qid, 'language' => $qlang);
$oQuestion = Question::model()->findByPk(array("qid" => $iQuestionID, 'language' => $qlang));
foreach ($udata as $k => $v) {
$oQuestion->{$k} = $v;
}
$uqresult = $oQuestion->save();
//($uqquery); // or safeDie ("Error Update Question: ".$uqquery."<br />"); // Checked)
if (!$uqresult) {
$bOnError = true;
$aErrors = $oQuestion->getErrors();
if (count($aErrors)) {
foreach ($aErrors as $sAttribute => $aStringErrors) {
foreach ($aStringErrors as $sStringErrors) {
Yii::app()->setFlashMessage(sprintf($clang->gT("Question could not be updated with error on %s: %s"), $sAttribute, $sStringErrors), 'error');
}
}
} else {
Yii::app()->setFlashMessage($clang->gT("Question could not be updated."), 'error');
}
}
}
}
// Update the group ID on subquestions, too
if ($oldgid != $iQuestionGroupID) {
Question::model()->updateAll(array('gid' => $iQuestionGroupID), 'qid=:qid and parent_qid>0', array(':qid' => $iQuestionID));
// if the group has changed then fix the sortorder of old and new group
Question::model()->updateQuestionOrder($oldgid, $iSurveyID);
Question::model()->updateQuestionOrder($iQuestionGroupID, $iSurveyID);
// If some questions have conditions set on this question's answers
// then change the cfieldname accordingly
fixMovedQuestionConditions($iQuestionID, $oldgid, $iQuestionGroupID);
}
if ($oldtype != Yii::app()->request->getPost('type')) {
Question::model()->updateAll(array('type' => Yii::app()->request->getPost('type')), 'parent_qid=:qid', array(':qid' => $iQuestionID));
}
Answer::model()->deleteAllByAttributes(array('qid' => $iQuestionID), 'scale_id >= :scale_id', array(':scale_id' => $iAnswerScales));
// Remove old subquestion scales
Question::model()->deleteAllByAttributes(array('parent_qid' => $iQuestionID), 'scale_id >= :scale_id', array(':scale_id' => $iSubquestionScales));
if (!isset($bOnError) || !$bOnError) {
// This really a quick hack and need a better system
Yii::app()->setFlashMessage($clang->gT("Question was successfully saved."));
}
// }
// else
// {
//
// // There are conditions constraints: alert the user
// $errormsg="";
// if (!is_null($array_result['notAbove']))
// {
// $errormsg.=$clang->gT("This question relies on other question's answers and can't be moved above groupId:","js")
// . " " . $array_result['notAbove'][0][0] . " " . $clang->gT("in position","js")." ".$array_result['notAbove'][0][1]."\\n"
// . $clang->gT("See conditions:")."\\n";
//
// foreach ($array_result['notAbove'] as $notAboveCond)
// {
// $errormsg.="- cid:". $notAboveCond[3]."\\n";
// }
//
// }
// if (!is_null($array_result['notBelow']))
// {
// $errormsg.=$clang->gT("Some questions rely on this question's answers. You can't move this question below groupId:","js")
// . " " . $array_result['notBelow'][0][0] . " " . $clang->gT("in position","js")." ".$array_result['notBelow'][0][1]."\\n"
// . $clang->gT("See conditions:")."\\n";
//
// foreach ($array_result['notBelow'] as $notBelowCond)
// {
// $errormsg.="- cid:". $notBelowCond[3]."\\n";
// }
// }
//
// $databaseoutput .= "<script type=\"text/javascript\">\n<!--\n alert(\"$errormsg\")\n //-->\n</script>\n";
// $gid= $oldgid; // group move impossible ==> keep display on oldgid
// }
} else {
Yii::app()->setFlashMessage($clang->gT("Question could not be updated"), 'error');
}
}
LimeExpressionManager::UpgradeConditionsToRelevance($iSurveyID);
if ($sDBOutput != '') {
echo $sDBOutput;
} else {
if (Yii::app()->request->getPost('redirection') == "edit") {
$this->getController()->redirect(array('admin/questions/sa/editquestion/surveyid/' . $iSurveyID . '/gid/' . $iQuestionGroupID . '/qid/' . $iQuestionID));
} else {
$this->getController()->redirect(array('admin/survey/sa/view/surveyid/' . $iSurveyID . '/gid/' . $iQuestionGroupID . '/qid/' . $iQuestionID));
}
}
}
if ($sAction == "updatesurveylocalesettings" && Permission::model()->hasSurveyPermission($iSurveyID, 'surveylocale', 'update')) {
$languagelist = Survey::model()->findByPk($iSurveyID)->additionalLanguages;
$languagelist[] = Survey::model()->findByPk($iSurveyID)->language;
Yii::app()->loadHelper('database');
foreach ($languagelist as $langname) {
if ($langname) {
$url = Yii::app()->request->getPost('url_' . $langname);
if ($url == 'http://') {
$url = "";
}
$sURLDescription = html_entity_decode(Yii::app()->request->getPost('urldescrip_' . $langname), ENT_QUOTES, "UTF-8");
$sURL = html_entity_decode(Yii::app()->request->getPost('url_' . $langname), ENT_QUOTES, "UTF-8");
// Fix bug with FCKEditor saving strange BR types
$short_title = Yii::app()->request->getPost('short_title_' . $langname);
$description = Yii::app()->request->getPost('description_' . $langname);
$welcome = Yii::app()->request->getPost('welcome_' . $langname);
$endtext = Yii::app()->request->getPost('endtext_' . $langname);
$short_title = $oFixCKeditor->fixCKeditor($short_title);
$description = $oFixCKeditor->fixCKeditor($description);
$welcome = $oFixCKeditor->fixCKeditor($welcome);
$endtext = $oFixCKeditor->fixCKeditor($endtext);
$data = array('surveyls_title' => $short_title, 'surveyls_description' => $description, 'surveyls_welcometext' => $welcome, 'surveyls_endtext' => $endtext, 'surveyls_url' => $sURL, 'surveyls_urldescription' => $sURLDescription, 'surveyls_dateformat' => Yii::app()->request->getPost('dateformat_' . $langname), 'surveyls_numberformat' => Yii::app()->request->getPost('numberformat_' . $langname));
$SurveyLanguageSetting = SurveyLanguageSetting::model()->findByPk(array('surveyls_survey_id' => $iSurveyID, 'surveyls_language' => $langname));
$SurveyLanguageSetting->attributes = $data;
$SurveyLanguageSetting->save();
// save the change to database
}
}
Yii::app()->session['flashmessage'] = $clang->gT("Survey text elements successfully saved.");
if ($sDBOutput != '') {
echo $sDBOutput;
} else {
$this->getController()->redirect(array('admin/survey/sa/view/surveyid/' . $iSurveyID));
}
}
if (($sAction == "updatesurveysettingsandeditlocalesettings" || $sAction == "updatesurveysettings") && Permission::model()->hasSurveyPermission($iSurveyID, 'surveysettings', 'update')) {
// Save plugin settings.
$pluginSettings = App()->request->getPost('plugin', array());
foreach ($pluginSettings as $plugin => $settings) {
$settingsEvent = new PluginEvent('newSurveySettings');
$settingsEvent->set('settings', $settings);
$settingsEvent->set('survey', $iSurveyID);
App()->getPluginManager()->dispatchEvent($settingsEvent, $plugin);
}
Yii::app()->loadHelper('surveytranslator');
Yii::app()->loadHelper('database');
$formatdata = getDateFormatData(Yii::app()->session['dateformat']);
$expires = $_POST['expires'];
if (trim($expires) == "") {
$expires = null;
} else {
Yii::app()->loadLibrary('Date_Time_Converter');
$datetimeobj = new date_time_converter($expires, $formatdata['phpdate'] . ' H:i');
//new Date_Time_Converter($expires, $formatdata['phpdate'].' H:i');
$expires = $datetimeobj->convert("Y-m-d H:i:s");
}
$startdate = $_POST['startdate'];
if (trim($startdate) == "") {
$startdate = null;
} else {
Yii::app()->loadLibrary('Date_Time_Converter');
$datetimeobj = new date_time_converter($startdate, $formatdata['phpdate'] . ' H:i');
//new Date_Time_Converter($startdate,$formatdata['phpdate'].' H:i');
$startdate = $datetimeobj->convert("Y-m-d H:i:s");
}
//make sure only numbers are passed within the $_POST variable
$tokenlength = (int) $_POST['tokenlength'];
//token length has to be at least 5, otherwise set it to default (15)
if ($tokenlength < 5) {
$tokenlength = 15;
}
if ($tokenlength > 36) {
$tokenlength = 36;
}
cleanLanguagesFromSurvey($iSurveyID, Yii::app()->request->getPost('languageids'));
fixLanguageConsistency($iSurveyID, Yii::app()->request->getPost('languageids'));
$Survey = Survey::model()->findByPk($iSurveyID);
// Validate template : accepted: user have rigth to read template OR template are not updated : else set to the default from config
$template = Yii::app()->request->getPost('template');
if (!Permission::model()->hasGlobalPermission('superadmin', 'read') && !Permission::model()->hasGlobalPermission('templates', 'read') && !hasTemplateManageRights(Yii::app()->session['loginID'], $template) && $template != $Survey->template) {
$template = Yii::app()->getConfig('defaulttemplate');
}
$aURLParams = json_decode(Yii::app()->request->getPost('allurlparams'), true);
SurveyURLParameter::model()->deleteAllByAttributes(array('sid' => $iSurveyID));
if (isset($aURLParams)) {
foreach ($aURLParams as $aURLParam) {
$aURLParam['parameter'] = trim($aURLParam['parameter']);
if ($aURLParam['parameter'] == '' || !preg_match('/^[a-zA-Z_][a-zA-Z0-9_]*$/', $aURLParam['parameter']) || $aURLParam['parameter'] == 'sid' || $aURLParam['parameter'] == 'newtest' || $aURLParam['parameter'] == 'token' || $aURLParam['parameter'] == 'lang') {
continue;
// this parameter name seems to be invalid - just ignore it
}
unset($aURLParam['act']);
unset($aURLParam['title']);
unset($aURLParam['id']);
if ($aURLParam['targetqid'] == '') {
$aURLParam['targetqid'] = NULL;
}
if ($aURLParam['targetsqid'] == '') {
$aURLParam['targetsqid'] = NULL;
}
$aURLParam['sid'] = $iSurveyID;
$param = new SurveyURLParameter();
foreach ($aURLParam as $k => $v) {
$param->{$k} = $v;
}
$param->save();
}
}
$updatearray = array('admin' => Yii::app()->request->getPost('admin'), 'expires' => $expires, 'startdate' => $startdate, 'anonymized' => Yii::app()->request->getPost('anonymized'), 'faxto' => Yii::app()->request->getPost('faxto'), 'format' => Yii::app()->request->getPost('format'), 'savetimings' => Yii::app()->request->getPost('savetimings'), 'template' => $template, 'assessments' => Yii::app()->request->getPost('assessments'), 'language' => Yii::app()->request->getPost('language'), 'additional_languages' => Yii::app()->request->getPost('languageids'), 'datestamp' => Yii::app()->request->getPost('datestamp'), 'ipaddr' => Yii::app()->request->getPost('ipaddr'), 'refurl' => Yii::app()->request->getPost('refurl'), 'publicgraphs' => Yii::app()->request->getPost('publicgraphs'), 'usecookie' => Yii::app()->request->getPost('usecookie'), 'allowregister' => Yii::app()->request->getPost('allowregister'), 'allowsave' => Yii::app()->request->getPost('allowsave'), 'navigationdelay' => Yii::app()->request->getPost('navigationdelay'), 'printanswers' => Yii::app()->request->getPost('printanswers'), 'publicstatistics' => Yii::app()->request->getPost('publicstatistics'), 'autoredirect' => Yii::app()->request->getPost('autoredirect'), 'showxquestions' => Yii::app()->request->getPost('showxquestions'), 'showgroupinfo' => Yii::app()->request->getPost('showgroupinfo'), 'showqnumcode' => Yii::app()->request->getPost('showqnumcode'), 'shownoanswer' => Yii::app()->request->getPost('shownoanswer'), 'showwelcome' => Yii::app()->request->getPost('showwelcome'), 'allowprev' => Yii::app()->request->getPost('allowprev'), 'questionindex' => Yii::app()->request->getPost('questionindex'), 'nokeyboard' => Yii::app()->request->getPost('nokeyboard'), 'showprogress' => Yii::app()->request->getPost('showprogress'), 'listpublic' => Yii::app()->request->getPost('public'), 'htmlemail' => Yii::app()->request->getPost('htmlemail'), 'sendconfirmation' => Yii::app()->request->getPost('sendconfirmation'), 'tokenanswerspersistence' => Yii::app()->request->getPost('tokenanswerspersistence'), 'alloweditaftercompletion' => Yii::app()->request->getPost('alloweditaftercompletion'), 'usecaptcha' => Yii::app()->request->getPost('usecaptcha'), 'emailresponseto' => trim(Yii::app()->request->getPost('emailresponseto')), 'emailnotificationto' => trim(Yii::app()->request->getPost('emailnotificationto')), 'googleanalyticsapikey' => trim(Yii::app()->request->getPost('googleanalyticsapikey')), 'googleanalyticsstyle' => trim(Yii::app()->request->getPost('googleanalyticsstyle')), 'tokenlength' => $tokenlength);
$warning = '';
// make sure we only update admin email if it is valid
if (Yii::app()->request->getPost('adminemail', '') == '' || validateEmailAddress(Yii::app()->request->getPost('adminemail'))) {
$updatearray['adminemail'] = Yii::app()->request->getPost('adminemail');
} else {
$warning .= $clang->gT("Warning! Notification email was not updated because it was not valid.") . '<br/>';
}
// make sure we only update bounce email if it is valid
if (Yii::app()->request->getPost('bounce_email', '') == '' || validateEmailAddress(Yii::app()->request->getPost('bounce_email'))) {
$updatearray['bounce_email'] = Yii::app()->request->getPost('bounce_email');
} else {
$warning .= $clang->gT("Warning! Bounce email was not updated because it was not valid.") . '<br/>';
}
// use model
foreach ($updatearray as $k => $v) {
$Survey->{$k} = $v;
}
$Survey->save();
# Survey::model()->updateByPk($surveyid, $updatearray);
$sqlstring = "surveyls_survey_id=:sid AND surveyls_language <> :base ";
$params = array(':sid' => $iSurveyID, ':base' => Survey::model()->findByPk($iSurveyID)->language);
$i = 100000;
foreach (Survey::model()->findByPk($iSurveyID)->additionalLanguages as $langname) {
if ($langname) {
$sqlstring .= "AND surveyls_language <> :{$i} ";
$params[':' . $i] = $langname;
}
$i++;
}
SurveyLanguageSetting::model()->deleteAll($sqlstring, $params);
$usresult = true;
foreach (Survey::model()->findByPk($iSurveyID)->additionalLanguages as $langname) {
if ($langname) {
$oLanguageSettings = SurveyLanguageSetting::model()->find('surveyls_survey_id=:surveyid AND surveyls_language=:langname', array(':surveyid' => $iSurveyID, ':langname' => $langname));
if (!$oLanguageSettings) {
$oLanguageSettings = new SurveyLanguageSetting();
$languagedetails = getLanguageDetails($langname);
$insertdata = array('surveyls_survey_id' => $iSurveyID, 'surveyls_language' => $langname, 'surveyls_title' => '', 'surveyls_dateformat' => $languagedetails['dateformat']);
foreach ($insertdata as $k => $v) {
$oLanguageSettings->{$k} = $v;
}
$usresult = $oLanguageSettings->save();
}
}
}
if ($usresult) {
Yii::app()->session['flashmessage'] = $warning . $clang->gT("Survey settings were successfully saved.");
} else {
Yii::app()->session['flashmessage'] = $clang->gT("Error:") . '<br>' . $clang->gT("Survey could not be updated.");
}
if (Yii::app()->request->getPost('action') == "updatesurveysettingsandeditlocalesettings") {
$this->getController()->redirect(array('admin/survey/sa/editlocalsettings/surveyid/' . $iSurveyID));
} else {
$this->getController()->redirect(array('admin/survey/sa/view/surveyid/' . $iSurveyID));
}
}
if (!$sAction) {
$this->getController()->redirect(array("/admin"), "refresh");
}
}
/**
* Validate an list of email addresses - either as array or as semicolon-limited text
* @returns List with valid email addresses - invalid email addresses are filtered - false if none of the email addresses are valid
*
* @param mixed $sEmailAddresses Email address to check
*/
function validateEmailAddresses($aEmailAddressList)
{
$aOutList = false;
if (!is_array($aEmailAddressList)) {
$aEmailAddressList = explode(';', $aEmailAddressList);
}
foreach ($aEmailAddressList as $sEmailAddress) {
$sEmailAddress = trim($sEmailAddress);
if (validateEmailAddress($sEmailAddress)) {
$aOutList = $sEmailAddress;
}
}
return $aOutList;
}
function savedcontrol()
{
//This data will be saved to the "saved_control" table with one row per response.
// - a unique "saved_id" value (autoincremented)
// - the "sid" for this survey
// - the "srid" for the survey_x row id
// - "saved_thisstep" which is the step the user is up to in this survey
// - "saved_ip" which is the ip address of the submitter
// - "saved_date" which is the date ofthe saved response
// - an "identifier" which is like a username
// - a "password"
// - "fieldname" which is the fieldname of the saved response
// - "value" which is the value of the response
//We start by generating the first 5 values which are consistent for all rows.
global $surveyid, $thissurvey, $errormsg, $publicurl, $sitename, $clang, $clienttoken, $thisstep;
$timeadjust = getGlobalSetting('timeadjust');
//Check that the required fields have been completed.
$errormsg = '';
if (empty($_POST['savename'])) {
$errormsg .= $clang->gT("You must supply a name for this saved session.") . "<br />\n";
}
if (empty($_POST['savepass'])) {
$errormsg .= $clang->gT("You must supply a password for this saved session.") . "<br />\n";
}
if (empty($_POST['savepass']) || empty($_POST['savepass2']) || $_POST['savepass'] != $_POST['savepass2']) {
$errormsg .= $clang->gT("Your passwords do not match.") . "<br />\n";
}
// if security question asnwer is incorrect
if (function_exists("ImageCreate") && isCaptchaEnabled('saveandloadscreen', $thissurvey['usecaptcha'])) {
if (empty($_POST['loadsecurity']) || !isset($_SESSION['survey_' . $surveyid]['secanswer']) || $_POST['loadsecurity'] != $_SESSION['survey_' . $surveyid]['secanswer']) {
$errormsg .= $clang->gT("The answer to the security question is incorrect.") . "<br />\n";
}
}
if (!empty($errormsg)) {
return;
}
$duplicate = SavedControl::model()->findByAttributes(array('sid' => $surveyid, 'identifier' => $_POST['savename']));
if (!empty($duplicate) && $duplicate->count() > 0) {
$errormsg .= $clang->gT("This name has already been used for this survey. You must use a unique save name.") . "<br />\n";
return;
} else {
//INSERT BLANK RECORD INTO "survey_x" if one doesn't already exist
if (!isset($_SESSION['survey_' . $surveyid]['srid'])) {
$today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust);
$sdata = array("datestamp" => $today, "ipaddr" => getIPAddress(), "startlanguage" => $_SESSION['survey_' . $surveyid]['s_lang'], "refurl" => getenv("HTTP_REFERER"));
if (SurveyDynamic::model($thissurvey['sid'])->insert($sdata)) {
$srid = getLastInsertID('{{survey_' . $surveyid . '}}');
$_SESSION['survey_' . $surveyid]['srid'] = $srid;
} else {
safeDie("Unable to insert record into survey table.<br /><br />");
}
}
//CREATE ENTRY INTO "saved_control"
$today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust);
$saved_control = new SavedControl();
$saved_control->sid = $surveyid;
$saved_control->srid = $_SESSION['survey_' . $surveyid]['srid'];
$saved_control->identifier = $_POST['savename'];
// Binding does escape, so no quoting/escaping necessary
$saved_control->access_code = md5($_POST['savepass']);
$saved_control->email = $_POST['saveemail'];
$saved_control->ip = getIPAddress();
$saved_control->saved_thisstep = $thisstep;
$saved_control->status = 'S';
$saved_control->saved_date = $today;
$saved_control->refurl = getenv('HTTP_REFERER');
if ($saved_control->save()) {
$scid = getLastInsertID('{{saved_control}}');
$_SESSION['survey_' . $surveyid]['scid'] = $scid;
} else {
safeDie("Unable to insert record into saved_control table.<br /><br />");
}
$_SESSION['survey_' . $surveyid]['holdname'] = $_POST['savename'];
//Session variable used to load answers every page. Unsafe - so it has to be taken care of on output
$_SESSION['survey_' . $surveyid]['holdpass'] = $_POST['savepass'];
//Session variable used to load answers every page. Unsafe - so it has to be taken care of on output
//Email if needed
if (isset($_POST['saveemail']) && validateEmailAddress($_POST['saveemail'])) {
$subject = $clang->gT("Saved Survey Details") . " - " . $thissurvey['name'];
$message = $clang->gT("Thank you for saving your survey in progress. The following details can be used to return to this survey and continue where you left off. Please keep this e-mail for your reference - we cannot retrieve the password for you.");
$message .= "\n\n" . $thissurvey['name'] . "\n\n";
$message .= $clang->gT("Name") . ": " . $_POST['savename'] . "\n";
$message .= $clang->gT("Password") . ": " . $_POST['savepass'] . "\n\n";
$message .= $clang->gT("Reload your survey by clicking on the following link (or pasting it into your browser):") . "\n";
$message .= Yii::app()->getController()->createAbsoluteUrl("/survey/index/sid/{$surveyid}/loadall/reload/scid/{$scid}/loadname/" . rawurlencode($_POST['savename']) . "/loadpass/" . rawurlencode($_POST['savepass']) . "/lang/" . rawurlencode($clang->langcode));
if ($clienttoken) {
$message .= "/token/" . rawurlencode($clienttoken);
}
$from = "{$thissurvey['adminname']} <{$thissurvey['adminemail']}>";
if (SendEmailMessage($message, $subject, $_POST['saveemail'], $from, $sitename, false, getBounceEmail($surveyid))) {
$emailsent = "Y";
} else {
$errormsg .= $clang->gT('Error: Email failed, this may indicate a PHP Mail Setup problem on the server. Your survey details have still been saved, however you will not get an email with the details. You should note the "name" and "password" you just used for future reference.');
if (trim($thissurvey['adminemail']) == '') {
$errormsg .= $clang->gT('(Reason: Admin email address empty)');
}
}
}
return $clang->gT('Your survey was successfully saved.');
}
}
/**
* dataentry::insert()
* insert new dataentry
* @return
*/
public function insert()
{
$clang = Yii::app()->lang;
$subaction = Yii::app()->request->getPost('subaction');
$surveyid = Yii::app()->request->getPost('sid');
$lang = isset($_POST['lang']) ? Yii::app()->request->getPost('lang') : NULL;
$aData = array('surveyid' => $surveyid, 'lang' => $lang, 'clang' => $clang);
if (hasSurveyPermission($surveyid, 'responses', 'read')) {
if ($subaction == "insert" && hasSurveyPermission($surveyid, 'responses', 'create')) {
$surveytable = "{{survey_{$surveyid}}}";
$thissurvey = getSurveyInfo($surveyid);
$errormsg = "";
Yii::app()->loadHelper("database");
$aViewUrls['display']['menu_bars']['browse'] = $clang->gT("Data entry");
$aDataentryoutput = '';
$aDataentrymsgs = array();
$hiddenfields = '';
$lastanswfortoken = '';
// check if a previous answer has been submitted or saved
$rlanguage = '';
if (isset($_POST['token'])) {
$tokencompleted = "";
$tcquery = "SELECT completed from {{tokens_{$surveyid}}} WHERE token='{$_POST['token']}'";
//dbQuoteAll($_POST['token'],true);
$tcresult = dbExecuteAssoc($tcquery);
$tcresult = $tcresult->readAll();
$tccount = count($tcresult);
foreach ($tcresult as $tcrow) {
$tokencompleted = $tcrow['completed'];
}
if ($tccount < 1) {
// token doesn't exist in token table
$lastanswfortoken = 'UnknownToken';
} elseif ($thissurvey['anonymized'] == "Y") {
// token exist but survey is anonymous, check completed state
if ($tokencompleted != "" && $tokencompleted != "N") {
// token is completed
$lastanswfortoken = 'PrivacyProtected';
}
} else {
// token is valid, survey not anonymous, try to get last recorded response id
$aquery = "SELECT id,startlanguage FROM {$surveytable} WHERE token='" . $_POST['token'] . "'";
//dbQuoteAll($_POST['token'],true);
$aresult = dbExecuteAssoc($aquery);
foreach ($aresult->readAll() as $arow) {
if ($tokencompleted != "N") {
$lastanswfortoken = $arow['id'];
}
$rlanguage = $arow['startlanguage'];
}
}
}
// First Check if the survey uses tokens and if a token has been provided
if (tableExists('{{tokens_' . $thissurvey['sid'] . '}}') && !$_POST['token']) {
$errormsg = CHtml::tag('div', array('class' => 'warningheader'), $clang->gT("Error"));
$errormsg .= CHtml::tag('p', array(), $clang->gT("This is a closed-access survey, so you must supply a valid token. Please contact the administrator for assistance."));
} elseif (tableExists('{{tokens_' . $thissurvey['sid'] . '}}') && $lastanswfortoken == 'UnknownToken') {
$errormsg = CHtml::tag('div', array('class' => 'warningheader'), $clang->gT("Error"));
$errormsg .= CHtml::tag('p', array(), $clang->gT("The token you have provided is not valid or has already been used."));
} elseif (tableExists('{{tokens_' . $thissurvey['sid'] . '}}') && $lastanswfortoken != '') {
$errormsg = CHtml::tag('div', array('class' => 'warningheader'), $clang->gT("Error"));
$errormsg .= CHtml::tag('p', array(), $clang->gT("There is already a recorded answer for this token"));
if ($lastanswfortoken != 'PrivacyProtected') {
$errormsg .= "<br /><br />" . $clang->gT("Follow the following link to update it") . ":\n";
$errormsg .= CHtml::link("[id:{$lastanswfortoken}]", Yii::app()->baseUrl . ('/admin/dataentry/editdata/subaction/edit/id/' . $lastanswfortoken . '/surveyid/' . $surveyid . '/lang/' . $rlanguage), array('title' => $clang->gT("Edit this entry")));
} else {
$errormsg .= "<br /><br />" . $clang->gT("This surveys uses anonymized responses, so you can't update your response.") . "\n";
}
} else {
$last_db_id = 0;
if (isset($_POST['save']) && $_POST['save'] == "on") {
$aData['save'] = TRUE;
$saver['identifier'] = $_POST['save_identifier'];
$saver['language'] = $_POST['save_language'];
$saver['password'] = $_POST['save_password'];
$saver['passwordconfirm'] = $_POST['save_confirmpassword'];
$saver['email'] = $_POST['save_email'];
if (!returnGlobal('redo')) {
$password = md5($saver['password']);
} else {
$password = $saver['password'];
}
$errormsg = "";
if (!$saver['identifier']) {
$errormsg .= $clang->gT("Error") . ": " . $clang->gT("You must supply a name for this saved session.");
}
if (!$saver['password']) {
$errormsg .= $clang->gT("Error") . ": " . $clang->gT("You must supply a password for this saved session.");
}
if ($saver['password'] != $saver['passwordconfirm']) {
$errormsg .= $clang->gT("Error") . ": " . $clang->gT("Your passwords do not match.");
}
$aData['errormsg'] = $errormsg;
if ($errormsg) {
foreach ($_POST as $key => $val) {
if (substr($key, 0, 4) != "save" && $key != "action" && $key != "sid" && $key != "datestamp" && $key != "ipaddr") {
$hiddenfields .= CHtml::hiddenField($key, $val);
//$aDataentryoutput .= "<input type='hidden' name='$key' value='$val' />\n";
}
}
}
}
//BUILD THE SQL TO INSERT RESPONSES
$baselang = Survey::model()->findByPk($surveyid)->language;
$fieldmap = createFieldMap($surveyid, 'full', false, false, getBaseLanguageFromSurveyID($surveyid));
$insert_data = array();
$_POST['startlanguage'] = $baselang;
if ($thissurvey['datestamp'] == "Y") {
$_POST['startdate'] = $_POST['datestamp'];
}
if (isset($_POST['closerecord'])) {
if ($thissurvey['datestamp'] == "Y") {
$_POST['submitdate'] = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", Yii::app()->getConfig('timeadjust'));
} else {
$_POST['submitdate'] = date("Y-m-d H:i:s", mktime(0, 0, 0, 1, 1, 1980));
}
}
foreach ($fieldmap as $irow) {
$fieldname = $irow['fieldname'];
if (isset($_POST[$fieldname])) {
if ($_POST[$fieldname] == "" && ($irow['type'] == 'D' || $irow['type'] == 'N' || $irow['type'] == 'K')) {
// can't add '' in Date column
// Do nothing
} else {
if ($irow['type'] == '|') {
if (!strpos($irow['fieldname'], "_filecount")) {
$json = $_POST[$fieldname];
$phparray = json_decode(stripslashes($json));
$filecount = 0;
for ($i = 0; $filecount < count($phparray); $i++) {
if ($_FILES[$fieldname . "_file_" . $i]['error'] != 4) {
$target = Yii::app()->getConfig('uploaddir') . "/surveys/" . $thissurvey['sid'] . "/files/" . randomChars(20);
$size = 0.001 * $_FILES[$fieldname . "_file_" . $i]['size'];
$name = rawurlencode($_FILES[$fieldname . "_file_" . $i]['name']);
if (move_uploaded_file($_FILES[$fieldname . "_file_" . $i]['tmp_name'], $target)) {
$phparray[$filecount]->filename = basename($target);
$phparray[$filecount]->name = $name;
$phparray[$filecount]->size = $size;
$pathinfo = pathinfo($_FILES[$fieldname . "_file_" . $i]['name']);
$phparray[$filecount]->ext = $pathinfo['extension'];
$filecount++;
}
}
}
$insert_data[$fieldname] = ls_json_encode($phparray);
} else {
$insert_data[$fieldname] = count($phparray);
}
} elseif ($irow['type'] == 'D') {
Yii::app()->loadLibrary('Date_Time_Converter');
$qidattributes = getQuestionAttributeValues($irow['qid'], $irow['type']);
$dateformatdetails = getDateFormatDataForQID($qidattributes, $thissurvey);
$datetimeobj = new Date_Time_Converter($_POST[$fieldname], $dateformatdetails['phpdate']);
$insert_data[$fieldname] = $datetimeobj->convert("Y-m-d H:i:s");
} else {
$insert_data[$fieldname] = $_POST[$fieldname];
}
}
}
}
Survey_dynamic::sid($surveyid);
$new_response = new Survey_dynamic();
foreach ($insert_data as $column => $value) {
$new_response->{$column} = $value;
}
$new_response->save();
$last_db_id = $new_response->getPrimaryKey();
if (isset($_POST['closerecord']) && isset($_POST['token']) && $_POST['token'] != '') {
// get submit date
if (isset($_POST['closedate'])) {
$submitdate = $_POST['closedate'];
} else {
$submitdate = dateShift(date("Y-m-d H:i:s"), "Y-m-d", $timeadjust);
}
// check how many uses the token has left
$usesquery = "SELECT usesleft FROM {{tokens_}}{$surveyid} WHERE token='" . $_POST['token'] . "'";
$usesresult = dbExecuteAssoc($usesquery);
$usesrow = $usesresult->readAll();
//$usesresult->row_array()
if (isset($usesrow)) {
$usesleft = $usesrow[0]['usesleft'];
}
// query for updating tokens
$utquery = "UPDATE {{tokens_{$surveyid}}}\n";
if (isTokenCompletedDatestamped($thissurvey)) {
if (isset($usesleft) && $usesleft <= 1) {
$utquery .= "SET usesleft=usesleft-1, completed='{$submitdate}'\n";
} else {
$utquery .= "SET usesleft=usesleft-1\n";
}
} else {
if (isset($usesleft) && $usesleft <= 1) {
$utquery .= "SET usesleft=usesleft-1, completed='Y'\n";
} else {
$utquery .= "SET usesleft=usesleft-1\n";
}
}
$utquery .= "WHERE token='" . $_POST['token'] . "'";
$utresult = dbExecuteAssoc($utquery);
//Yii::app()->db->Execute($utquery) or safeDie ("Couldn't update tokens table!<br />\n$utquery<br />\n".Yii::app()->db->ErrorMsg());
// save submitdate into survey table
$srid = Yii::app()->db->getLastInsertID();
// Yii::app()->db->getLastInsertID();
$sdquery = "UPDATE {{survey_{$surveyid}}} SET submitdate='" . $submitdate . "' WHERE id={$srid}\n";
$sdresult = dbExecuteAssoc($sdquery) or safeDie("Couldn't set submitdate response in survey table!<br />\n{$sdquery}<br />\n");
$last_db_id = Yii::app()->db->getLastInsertID();
}
if (isset($_POST['save']) && $_POST['save'] == "on") {
$srid = Yii::app()->db->getLastInsertID();
//Yii::app()->db->getLastInsertID();
$aUserData = Yii::app()->session;
//CREATE ENTRY INTO "saved_control"
$saved_control_table = '{{saved_control}}';
$columns = array("sid", "srid", "identifier", "access_code", "email", "ip", "refurl", 'saved_thisstep', "status", "saved_date");
$values = array("'" . $surveyid . "'", "'" . $srid . "'", "'" . $saver['identifier'] . "'", "'" . $password . "'", "'" . $saver['email'] . "'", "'" . $aUserData['ip_address'] . "'", "'" . getenv("HTTP_REFERER") . "'", 0, "'" . "S" . "'", "'" . dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", "'" . Yii::app()->getConfig('timeadjust')) . "'");
$SQL = "INSERT INTO {$saved_control_table}\n (" . implode(',', $columns) . ")\n VALUES\n (" . implode(',', $values) . ")";
/*$scdata = array("sid"=>$surveyid,
"srid"=>$srid,
"identifier"=>$saver['identifier'],
"access_code"=>$password,
"email"=>$saver['email'],
"ip"=>$aUserData['ip_address'],
"refurl"=>getenv("HTTP_REFERER"),
'saved_thisstep' => 0,
"status"=>"S",
"saved_date"=>dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", Yii::app()->getConfig('timeadjust')));
$this->load->model('saved_control_model');*/
if (dbExecuteAssoc($SQL)) {
$scid = Yii::app()->db->getLastInsertID();
// Yii::app()->db->getLastInsertID("{{saved_control}}","scid");
$aDataentrymsgs[] = CHtml::tag('font', array('class' => 'successtitle'), $clang->gT("Your survey responses have been saved successfully. You will be sent a confirmation e-mail. Please make sure to save your password, since we will not be able to retrieve it for you."));
//$aDataentryoutput .= "<font class='successtitle'></font><br />\n";
$tokens_table = "{{tokens_{$surveyid}}}";
$last_db_id = Yii::app()->db->getLastInsertID();
if (tableExists($tokens_table)) {
$tkquery = "SELECT * FROM {$tokens_table}";
$tkresult = dbExecuteAssoc($tkquery);
/*$tokendata = array (
"firstname"=> $saver['identifier'],
"lastname"=> $saver['identifier'],
"email"=>$saver['email'],
"token"=>randomChars(15),
"language"=>$saver['language'],
"sent"=>dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i", $timeadjust),
"completed"=>"N");*/
$columns = array("firstname", "lastname", "email", "token", "language", "sent", "completed");
$values = array("'" . $saver['identifier'] . "'", "'" . $saver['identifier'] . "'", "'" . $saver['email'] . "'", "'" . $password . "'", "'" . randomChars(15) . "'", "'" . $saver['language'] . "'", "'" . "N" . "'");
$SQL = "INSERT INTO {$token_table}\n (" . implode(',', $columns) . ")\n VALUES\n (" . implode(',', $values) . ")";
//$this->tokens_dynamic_model->insertToken($surveyid,$tokendata);
dbExecuteAssoc($SQL);
//Yii::app()->db->AutoExecute(db_table_name("tokens_".$surveyid), $tokendata,'INSERT');
$aDataentrymsgs[] = CHtml::tag('font', array('class' => 'successtitle'), $clang->gT("A token entry for the saved survey has been created too."));
//$aDataentryoutput .= "<font class='successtitle'></font><br />\n";
$last_db_id = Yii::app()->db->getLastInsertID();
}
if ($saver['email']) {
//Send email
if (validateEmailAddress($saver['email']) && !returnGlobal('redo')) {
$subject = $clang->gT("Saved Survey Details");
$message = $clang->gT("Thank you for saving your survey in progress. The following details can be used to return to this survey and continue where you left off. Please keep this e-mail for your reference - we cannot retrieve the password for you.");
$message .= "\n\n" . $thissurvey['name'] . "\n\n";
$message .= $clang->gT("Name") . ": " . $saver['identifier'] . "\n";
$message .= $clang->gT("Password") . ": " . $saver['password'] . "\n\n";
$message .= $clang->gT("Reload your survey by clicking on the following link (or pasting it into your browser):") . ":\n";
$message .= Yii::app()->getConfig('publicurl') . "/index.php?sid={$surveyid}&loadall=reload&scid=" . $scid . "&lang=" . urlencode($saver['language']) . "&loadname=" . urlencode($saver['identifier']) . "&loadpass="******"&token=" . $tokendata['token'];
}
$from = $thissurvey['adminemail'];
if (SendEmailMessage($message, $subject, $saver['email'], $from, $sitename, false, getBounceEmail($surveyid))) {
$emailsent = "Y";
$aDataentrymsgs[] = CHtml::tag('font', array('class' => 'successtitle'), $clang->gT("An email has been sent with details about your saved survey"));
}
}
}
} else {
safeDie("Unable to insert record into saved_control table.<br /><br />");
}
}
$aData['thisid'] = $last_db_id;
}
$aData['errormsg'] = $errormsg;
$aData['dataentrymsgs'] = $aDataentrymsgs;
$this->_renderWrappedTemplate('dataentry', 'insert', $aData);
}
}
}
function validateResourceData()
{
global $user;
$return = array('error' => 0);
$return['rscid'] = getContinuationVar('rscid', 0);
$return['name'] = processInputVar('name', ARG_STRING);
$return['owner'] = processInputVar('owner', ARG_STRING, "{$user['unityid']}@{$user['affiliation']}");
$return['ipaddress'] = processInputVar('ipaddress', ARG_STRING);
$return['stateid'] = processInputVar('stateid', ARG_NUMERIC);
$return['sysadminemail'] = processInputVar('sysadminemail', ARG_STRING);
$return['sharedmailbox'] = processInputVar('sharedmailbox', ARG_STRING);
$return['installpath'] = processInputVar('installpath', ARG_STRING);
$return['timeservers'] = processInputVar('timeservers', ARG_STRING);
$return['keys'] = processInputVar('keys', ARG_STRING);
$return['sshport'] = processInputVar('sshport', ARG_NUMERIC);
$return['imagelibenable'] = processInputVar('imagelibenable', ARG_NUMERIC);
$return['imagelibgroupid'] = processInputVar('imagelibgroupid', ARG_NUMERIC);
$return['imagelibuser'] = processInputVar('imagelibuser', ARG_STRING);
$return['imagelibkey'] = processInputVar('imagelibkey', ARG_STRING);
$return['publicIPconfig'] = processInputVar('publicIPconfig', ARG_STRING);
$return['publicnetmask'] = processInputVar('publicnetmask', ARG_STRING);
$return['publicgateway'] = processInputVar('publicgateway', ARG_STRING);
$return['publicdnsserver'] = processInputVar('publicdnsserver', ARG_STRING);
$return['checkininterval'] = processInputVar('checkininterval', ARG_NUMERIC);
$return['availablenetworks'] = processInputVar('availablenetworks', ARG_STRING);
$return['federatedauth'] = processInputVar('federatedauth', ARG_STRING);
$return['nathostenabled'] = processInputVar('nathostenabled', ARG_NUMERIC);
$return['natpublicIPaddress'] = processInputVar('natpublicipaddress', ARG_STRING);
$return['natinternalIPaddress'] = processInputVar('natinternalipaddress', ARG_STRING);
if (get_magic_quotes_gpc()) {
$return['sysadminemail'] = stripslashes($return['sysadminemail']);
$return['sharedmailbox'] = stripslashes($return['sharedmailbox']);
}
$olddata = getContinuationVar('olddata');
if ($return['rscid'] == 0) {
$return['mode'] = 'add';
} else {
$return['mode'] = 'edit';
}
$errormsg = array();
# hostname
if (!preg_match('/^[a-zA-Z0-9_][-a-zA-Z0-9_\\.]{1,49}$/', $return['name'])) {
$return['error'] = 1;
$errormsg[] = "Hostname can only contain letters, numbers, dashes(-), periods(.), and underscores(_). It can be from 1 to 50 characters long";
} elseif ($this->checkForMgmtnodeHostname($return['name'], $return['rscid'])) {
$return['error'] = 1;
$errormsg[] = "A node already exists with this hostname.";
}
# owner
if (!validateUserid($return['owner'])) {
$return['error'] = 1;
$errormsg[] = "Submitted owner is not valid";
}
# ipaddress
if (!validateIPv4addr($return['ipaddress'])) {
$return['error'] = 1;
$errormsg[] = "Invalid IP address. Must be w.x.y.z with each of " . "w, x, y, and z being between 1 and 255 (inclusive)";
}
# sysadminemail
if ($return['sysadminemail'] != '') {
$addrs = explode(',', $return['sysadminemail']);
foreach ($addrs as $addr) {
if (!validateEmailAddress($addr)) {
$return['error'] = 1;
$errormsg[] = "Invalid email address entered for SysAdmin Email Address(es)";
break;
}
}
}
# sharedmailbox
if ($return['sharedmailbox'] != '' && !validateEmailAddress($return['sharedmailbox'])) {
$return['error'] = 1;
$errormsg[] = "Invalid email address entered for Shadow Emails";
}
# installpath
if ($return['installpath'] != '' && !preg_match('/^([-a-zA-Z0-9_\\.\\/]){2,100}$/', $return['installpath'])) {
$return['error'] = 1;
$errormsg[] = "Install Path must be empty or only contain letters, numbers, dashes(-), periods(.), underscores(_), and forward slashes(/) and be from 2 to 100 characters long";
}
# timeservers
if ($return['timeservers'] != '') {
if (strlen($return['timeservers']) > 1000) {
$return['error'] = 1;
$errormsg[] = "Too much data entered for Time Server(s)";
} else {
$hosts = explode(',', $return['timeservers']);
foreach ($hosts as $host) {
if (preg_match('/^([0-9]{1,3}(\\.?))+$/', $host) && !validateIPv4addr($host) || !preg_match('/^[a-zA-Z0-9_][-a-zA-Z0-9_\\.]{1,50}$/', $host)) {
$return['error'] = 1;
$errormsg[] = "Time servers must be an IP address or a hostname containing only letters, numbers, dashes(-), periods(.), and underscores(_). Each host can be up to 50 characters long";
break;
}
}
}
}
# keys
if ($return['keys'] != '' && !preg_match('/^([-a-zA-Z0-9_\\.\\/,]){2,1024}$/', $return['keys'])) {
$return['error'] = 1;
$errormsg[] = "End Node SSH Identity Key Files can only contain letters, numbers, dashes(-), periods(.), underscores(_), forward slashes(/), and commas(,). It can be from 2 to 1024 characters long";
}
# imagelibenable
if ($return['imagelibenable'] == 1) {
# imagelibgroupid
$validgroups = getUserResources(array('mgmtNodeAdmin'), array('manageGroup'), 1);
if (!array_key_exists($return['imagelibgroupid'], $validgroups['managementnode'])) {
$return['error'] = 1;
$errormsg[] = "The group selected for Image Library Management Node Group is not valid";
}
# imagelibuser
if (!preg_match('/^([-a-zA-Z0-9_\\.\\/,]){2,20}$/', $return['imagelibuser'])) {
$return['error'] = 1;
$errormsg[] = "Image Library User can only contain letters, numbers, and dashes(-) and can be from 2 to 20 characters long";
}
# imagelibkey
if (!preg_match('/^([-a-zA-Z0-9_\\.\\/,]){2,100}$/', $return['imagelibkey'])) {
$return['error'] = 1;
$errormsg[] = "Image Library SSH Identity Key File can only contain letters, numbers, dashes(-), periods(.), underscores(_), and forward slashes(/). It can be from 2 to 100 characters long";
}
} else {
$return['imagelibenable'] = 0;
if ($return['mode'] == 'edit') {
$return['imagelibgroupid'] = $olddata['imagelibgroupid'];
$return['imagelibuser'] = $olddata['imagelibuser'];
$return['imagelibkey'] = $olddata['imagelibkey'];
} else {
$return['imagelibgroupid'] = '';
$return['imagelibuser'] = '';
$return['imagelibkey'] = '';
}
}
# publicIPconfig
if (!preg_match('/^(dynamicDHCP|manualDHCP|static)$/', $return['publicIPconfig'])) {
$return['publicIPconfig'] = 'dynamicDHCP';
}
if ($return['publicIPconfig'] == 'static') {
# publicnetmask
$bnetmask = ip2long($return['publicnetmask']);
if (!preg_match('/^[1]+0[^1]+$/', sprintf('%032b', $bnetmask))) {
$return['error'] = 1;
$errormsg[] = "Invalid value specified for Public Netmask";
}
# publicgateway
if (preg_match('/^([0-9]{1,3}(\\.?))+$/', $return['publicgateway']) && !validateIPv4addr($return['publicgateway'])) {
$return['error'] = 1;
$errormsg[] = "Invalid value specified for Public Gateway";
} elseif (!preg_match('/^[a-zA-Z0-9_][-a-zA-Z0-9_\\.]{1,56}$/', $return["publicgateway"])) {
$return['error'] = 1;
$errormsg[] = "Public gateway must be an IP address or a hostname containing only letters, numbers, dashes(-), periods(.), and underscores(_). It can be up to 56 characters long";
}
# publicdnsserver
$servers = explode(',', $return['publicdnsserver']);
if (empty($servers)) {
$return['error'] = 1;
$errormsg[] = "Please enter at least one Public DNS server";
} else {
foreach ($servers as $server) {
if (!validateIPv4addr($server)) {
$return['error'] = 1;
$errormsg[] = "Invalid IP address entered for Public DNS Server";
break;
}
}
}
} else {
$return['publicnetmask'] = $olddata['publicnetmask'];
$return['publicgateway'] = $olddata['publicgateway'];
}
# stateid 2 - available, 5 - failed, 10 - maintenance
if (!preg_match('/^(2|5|10)$/', $return['stateid'])) {
$return['error'] = 1;
$errormsg[] = "Invalid value submitted for State";
}
# checkininterval
if ($return['checkininterval'] < 5) {
$return['checkininterval'] = 5;
} elseif ($return['checkininterval'] > 30) {
$return['checkininterval'] = 30;
}
# sshport
if ($return['sshport'] < 1 || $return['sshport'] > 65535) {
$return['sshport'] = 22;
}
# availablenetworks
if ($return['availablenetworks'] != '') {
if (strpos("\n", $return['availablenetworks'])) {
$return['availablenetworks'] = preg_replace("/(\r)?\n/", ',', $return['availablenetworks']);
}
$return['availablenetworks2'] = explode(',', $return['availablenetworks']);
foreach ($return['availablenetworks2'] as $key => $net) {
$net = trim($net);
if ($net == '') {
unset($return['availablenetworks2'][$key]);
$return['availablenetworks'] = implode("\n", $return['availablenetworks2']);
continue;
}
$return['availablenetworks2'][$key] = $net;
if (!preg_match('/^([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\.([0-9]{1,3})\\/([0-9]{2})$/', $net, $matches) || $matches[1] < 0 || $matches[1] > 255 || $matches[2] < 0 || $matches[2] > 255 || $matches[3] < 0 || $matches[3] > 255 || $matches[4] < 0 || $matches[4] > 255 || $matches[5] < 1 || $matches[5] > 32) {
$return['error'] = 1;
$errormsg[] = "Invalid network entered for Available Public Networks; must be comma delimited list of valid networks in the form of x.x.x.x/yy";
}
}
}
# federatedauth
if ($return['federatedauth'] != '') {
$affils = getAffiliations();
$fedarr = explode(',', $return['federatedauth']);
$test = array_udiff($fedarr, $affils, 'strcasecmp');
if (!empty($test)) {
$new = array();
foreach ($test as $affil) {
if (preg_match('/^[-0-9a-zA-Z_\\.:;,]*$/', $affil)) {
$new[] = $affil;
}
}
if (count($test) == count($new)) {
$errormsg[] = "These affiliations do not exist: " . implode(', ', $new);
} else {
$errormsg[] = "Invalid data entered for Affiliations using Federated Authentication for Linux Images";
}
$return['error'] = 1;
}
}
$nathosterror = 0;
# nathostenabled
if ($return['nathostenabled'] != 0 && $return['nathostenabled'] != 1) {
$return['error'] = 1;
$errormsg[] = "Invalid value for Use as NAT Host";
$nathosterror = 1;
}
# natpublicIPaddress
if ($return['nathostenabled']) {
if (!validateIPv4addr($return['natpublicIPaddress'])) {
$return['error'] = 1;
$errormsg[] = "Invalid NAT Public IP address. Must be w.x.y.z with each of " . "w, x, y, and z being between 1 and 255 (inclusive)";
$nathosterror = 1;
}
# natinternalIPaddress
if (!validateIPv4addr($return['natinternalIPaddress'])) {
$return['error'] = 1;
$errormsg[] = "Invalid NAT Internal IP address. Must be w.x.y.z with each of " . "w, x, y, and z being between 1 and 255 (inclusive)";
$nathosterror = 1;
}
}
# nat host change - check for active reservations
if (!$nathosterror && $return['mode'] == 'edit') {
if ($olddata['nathostenabled'] != $return['nathostenabled'] || $olddata['natpublicIPaddress'] != $return['natpublicIPaddress'] || $olddata['natinternalIPaddress'] != $return['natinternalIPaddress']) {
$vclreloadid = getUserlistID('vclreload@Local');
$query = "SELECT rq.id " . "FROM request rq, " . "reservation rs, " . "nathostcomputermap nhcm, " . "nathost nh " . "WHERE rs.requestid = rq.id AND " . "rs.computerid = nhcm.computerid AND " . "nhcm.nathostid = nh.id AND " . "nh.resourceid = {$olddata['resourceid']} AND " . "rq.start <= NOW() AND " . "rq.end > NOW() AND " . "rq.stateid NOT IN (1,5,11,12) AND " . "rq.laststateid NOT IN (1,5,11,12) AND " . "rq.userid != {$vclreloadid}";
$qh = doQuery($query);
if (mysql_num_rows($qh)) {
$return['error'] = 1;
$errormsg[] = "This management node is the NAT host for computers that have active reservations. NAT host<br>settings cannot be changed while providing NAT for active reservations.";
}
}
}
if ($return['error']) {
$return['errormsg'] = implode('<br>', $errormsg);
}
return $return;
}
