/** * XML-RPC routine to add a response to the survey table * Returns the id of the inserted survey response * * @param array $request Array containing the following elements (in that order): * - Session key (string) * - Survey ID (integer) * - ResponseData (array) * */ function addResponse($request) { global $connect, $dbprefix; if (!is_object($request)) { die; } if ($request->getNumParams() != 3) { return new xmlrpcresp(0, 3, 'Missing parameters'); } $sSessionKey = $request->getParam(0)->scalarVal(); $iSurveyID = (int) $request->getParam(1)->scalarVal(); $aResponseData = php_xmlrpc_decode($request->getParam(2)); if (!is_array($aResponseData)) { return new xmlrpcresp(0, '14', 'Survey data is not in array form'); } $uid = _doLogin(); if ($uid) { if (bHasSurveyPermission($iSurveyID, 'responses', 'create', $uid)) { $surveytable = db_table_name("survey_" . $iSurveyID); if (!db_tables_exist($dbprefix . "survey_" . $iSurveyID)) { return new xmlrpcresp(0, '12', 'No survey table'); } //set required values if not set if (!isset($aResponseData['submitdate'])) { $aResponseData['submitdate'] = date("Y-m-d H:i:s"); } if (!isset($aResponseData['datestamp'])) { $aResponseData['datestamp'] = date("Y-m-d H:i:s"); } if (!isset($aResponseData['startdate'])) { $aResponseData['startdate'] = date("Y-m-d H:i:s"); } if (!isset($aResponseData['startlanguage'])) { $aResponseData['startlanguage'] = GetBaseLanguageFromSurveyID($iSurveyID); } $SQL = "INSERT INTO {$surveytable}\n (" . implode(',', array_keys($aResponseData)) . ")\n VALUES\n (" . implode(',', array_map('db_quoteall', $aResponseData)) . ")"; $iinsert = $connect->Execute($SQL); if ($iinsert) { $thisid = $connect->Insert_ID(); return new xmlrpcresp(new xmlrpcval($thisid, 'int')); } else { //Failed to insert return error return new xmlrpcresp(0, '13', 'Unable to add response'); } } else { return new xmlrpcresp(0, '2', 'No permission'); } } die; }
function showSavedList($surveyid) { global $dbprefix, $connect, $clang, $savedsurveyoutput, $scriptname, $imageurl, $surrows; $query = "SELECT scid, srid, identifier, ip, saved_date, email, access_code\n" . "FROM {$dbprefix}saved_control\n" . "WHERE sid={$surveyid}\n" . "ORDER BY saved_date desc"; $result = db_execute_assoc($query) or safe_die("Couldn't summarise saved entries<br />{$query}<br />" . $connect->ErrorMsg()); if ($result->RecordCount() > 0) { $savedsurveyoutput .= "<table class='browsetable' align='center'>\n"; $savedsurveyoutput .= "<thead><tr><th>SCID</th><th>" . $clang->gT("Actions") . "</th><th>" . $clang->gT("Identifier") . "</th><th>" . $clang->gT("IP address") . "</th><th>" . $clang->gT("Date Saved") . "</th><th>" . $clang->gT("Email address") . "</th>" . "</tr></thead><tbody>\n"; while ($row = $result->FetchRow()) { $savedsurveyoutput .= "<tr>\n\t\t\t\t<td>" . $row['scid'] . "</td>\n\t\t\t\t<td align='center'>"; if (bHasSurveyPermission($surveyid, 'responses', 'update')) { $savedsurveyoutput .= "<input style='height: 16; width: 16px; font-size: 8; font-family: verdana' type='image' src='{$imageurl}/token_edit.png' title='" . $clang->gT("Edit entry") . "' onclick=\"window.open('{$scriptname}?action=dataentry&subaction=edit&id={$row['srid']}&sid={$surveyid}', '_top')\" />"; } if (bHasSurveyPermission($surveyid, 'responses', 'delete')) { $savedsurveyoutput .= "<input style='height: 16; width: 16px; font-size: 8; font-family: verdana' type='image' src='{$imageurl}/token_delete.png' title='" . $clang->gT("Delete entry") . "' onclick=\"if (confirm('" . $clang->gT("Are you sure you want to delete this entry?", "js") . "')) {" . get2post("{$scriptname}?action=saved&sid={$surveyid}&subaction=delete&scid={$row['scid']}&srid={$row['srid']}") . "}\" />"; } else { // $savedsurveyoutput .= "[<a href='{$scriptname}?action=dataentry&subaction=edit&id={$row['srid']}&sid={$surveyid}'>".$clang->gT("View")."</a>]"; } $savedsurveyoutput .= "</td>\n <td>" . $row['identifier'] . "</td>\n <td>" . $row['ip'] . "</td>\n <td>" . $row['saved_date'] . "</td>\n <td><a href='mailto:" . $row['email'] . "'>" . $row['email'] . "</td>\n \n\t\t\t </tr>\n"; } // while $savedsurveyoutput .= "</tbody></table><br /> \n"; } }
} else { if ($bgcc == "even") { $bgcc = "odd"; } else { $bgcc = "even"; } } $browseoutput .= "\t<tr class='{$bgcc}' valign='top'>\n" . "<td align='center'><input type='checkbox' class='cbResponseMarker' value='{$dtrow['id']}' name='markedresponses[]' /></td>\n" . "<td align='center'>\n <a href='{$scriptname}?action=browse&sid={$surveyid}&subaction=id&id={$dtrow['id']}'><img src='{$imageurl}/token_viewanswer.png' alt='" . $clang->gT('View response details') . "'/></a>"; if (bHasSurveyPermission($surveyid, 'responses', 'update')) { $browseoutput .= " <a href='{$scriptname}?action=dataentry&sid={$surveyid}&subaction=edit&id={$dtrow['id']}'><img src='{$imageurl}/token_edit.png' alt='" . $clang->gT('Edit this response') . "'/></a>"; } // Do not show the download image if the question doesn't contain the File Upload Question Type if (bHasFileUploadQuestion($surveyid)) { $browseoutput .= " <a><img id='downloadfile_{$dtrow['id']}' src='{$imageurl}/down.png' alt='" . $clang->gT('Download all files in this response as a zip file') . "' class='downloadfile'/></a>"; } if (bHasSurveyPermission($surveyid, 'responses', 'delete')) { $browseoutput .= "<a><img id='deleteresponse_{$dtrow['id']}' src='{$imageurl}/token_delete.png' alt='" . $clang->gT('Delete this response') . "' class='deleteresponse'/></a>\n"; } $browseoutput .= "</td>"; $i = 0; //If not private, display the token info and link to the token screen if ($surveyinfo['anonymized'] == "N" && $dtrow['token'] && db_tables_exist($tokentable)) { if (isset($dtrow['tid']) && !empty($dtrow['tid'])) { //If we have a token, create a link to edit it $browsedatafield = "<a href='{$scriptname}?action=tokens&sid={$surveyid}&subaction=edit&tid={$dtrow['tid']}' title='" . $clang->gT("Edit this token") . "'>"; $browsedatafield .= "{$dtrow['token']}"; $browsedatafield .= "</a>"; } else { //No corresponding token in the token tabel, just display the token $browsedatafield .= "{$dtrow['token']}"; }
$usquery = "UPDATE " . db_table_name('surveys_languagesettings') . " \n" . "SET surveyls_email_invite_subj='" . $_POST['email_invite_subj_' . $langname] . "', surveyls_email_invite='" . $_POST['email_invite_' . $langname] . "'," . "surveyls_email_remind_subj='" . $_POST['email_remind_subj_' . $langname] . "', surveyls_email_remind='" . $_POST['email_remind_' . $langname] . "'," . "surveyls_email_register_subj='" . $_POST['email_register_subj_' . $langname] . "', surveyls_email_register='" . $_POST['email_register_' . $langname] . "'," . "surveyls_email_confirm_subj='" . $_POST['email_confirm_subj_' . $langname] . "', surveyls_email_confirm='" . $_POST['email_confirm_' . $langname] . "'," . "email_admin_notification_subj='" . $_POST['email_admin_notification_subj_' . $langname] . "', email_admin_notification='" . $_POST['email_admin_notification_' . $langname] . "'," . "email_admin_responses_subj='" . $_POST['email_admin_responses_subj_' . $langname] . "', email_admin_responses='" . $_POST['email_admin_responses_' . $langname] . "' " . "WHERE surveyls_survey_id=" . $surveyid . " and surveyls_language='" . $langname . "'"; $usresult = $connect->Execute($usquery) or safe_die("Error updating<br />" . $usquery . "<br /><br />" . $connect->ErrorMsg()); } } $_SESSION['flashmessage'] = $clang->gT("Email templates successfully saved."); } elseif ($action == "delsurvey" && bHasSurveyPermission($surveyid, 'survey', 'delete')) { $query = "DELETE FROM {$dbprefix}surveys WHERE sid={$surveyid}"; $result = $connect->Execute($query); // Checked if ($result) { $surveyid = ""; $surveyselect = getsurveylist(); } else { $databaseoutput .= "<script type=\"text/javascript\">\n<!--\n alert(\"" . $clang->gT("ERROR deleting Survey id", "js") . " ({$surveyid})!\n{$error}\")\n //-->\n</script>\n"; } } elseif ($action == "updatesurveylocalesettings" && bHasSurveyPermission($surveyid, 'surveylocale', 'update')) { $languagelist = GetAdditionalLanguagesFromSurveyID($surveyid); $languagelist[] = GetBaseLanguageFromSurveyID($surveyid); require_once "../classes/inputfilter/class.inputfilter_clean.php"; $myFilter = new InputFilter('', '', 1, 1, 1); foreach ($languagelist as $langname) { if ($langname) { if ($_POST['url_' . $langname] == 'http://') { $_POST['url_' . $langname] = ""; } // Clean XSS attacks if ($filterxsshtml) { $_POST['short_title_' . $langname] = $myFilter->process($_POST['short_title_' . $langname]); $_POST['description_' . $langname] = $myFilter->process($_POST['description_' . $langname]); $_POST['welcome_' . $langname] = $myFilter->process($_POST['welcome_' . $langname]); $_POST['endtext_' . $langname] = $myFilter->process($_POST['endtext_' . $langname]);
$addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('{$scriptname}?sid={$surveyid}&action=surveysecurity', '_top')\" value=\"" . $clang->gT("Continue") . "\"/>\n"; $addsummary .= "</div>\n"; } // ************************************************* // Survey Rights End **************************** // ************************************************* // Edit survey general settings if ($action == "editsurveysettings" || $action == "newsurvey") { include "editsurveysettings.php"; } // Edit survey text elements if ($action == "updatesurveysettingsandeditlocalesettings" || $action == "editsurveylocalesettings") { include "editsurveytextelements.php"; } if ($action == "translate") { if (bHasSurveyPermission($surveyid, 'translation', 'read')) { $translateoutput .= "<div class='header ui-widget-header'>" . $clang->gT("Quick-translate survey") . "</div>\n"; } else { include "access_denied.php"; } } if ($action == "emailtemplates") { include "editemailtemplates.php"; } if ($action == "quotas") { include "quota.php"; } function replacenewline($texttoreplace) { $texttoreplace = str_replace("\n", '<br />', $texttoreplace); // $texttoreplace = htmlentities( $texttoreplace, ENT_QUOTES, UTF-8);
<li> <label for="createanother">' . $clang->gT("Save this, then create another:") . '</label> <input type="checkbox" id="createanother" name="createanother"> </li> </ul><p> <input name="submit" type="submit" class="submit" value="' . $clang->gT("Next") . '" /> <input type="hidden" name="sid" value="' . $surveyid . '" /> <input type="hidden" name="action" value="quotas" /> <input type="hidden" name="subaction" value="insertquotaanswer" /> <input type="hidden" name="quota_qid" value="' . $_POST['quota_qid'] . '" /> <input type="hidden" name="quota_id" value="' . $_POST['quota_id'] . '" /> </form> </div>'; } } if ($subaction == "new_quota" && bHasSurveyPermission($surveyid, 'quotas', 'create')) { $quotasoutput .= "<div class='header ui-widget-header'>" . $clang->gT("New quota") . '</div>'; $quotasoutput .= '<form class="form30" action="' . $scriptname . '" method="post" id="addnewquotaform" name="addnewquotaform">'; $quotasoutput .= '<ul> <li> <label for="quota_name">' . $clang->gT("Quota name") . ':</label> <input id="quota_name" name="quota_name" type="text" size="30" maxlength="255" /> </li> <li> <label for="quota_limit">' . $clang->gT("Quota limit") . ':</label> <input id="quota_limit" name="quota_limit" type="text" size="12" maxlength="8" /> </li> </ul> '; $langs = GetAdditionalLanguagesFromSurveyID($surveyid); $baselang = GetBaseLanguageFromSurveyID($surveyid);
function browsemenubar($title = '') { global $surveyid, $scriptname, $imageurl, $homeurl, $clang, $sumrows5, $surrows; $thissurvey = getSurveyInfo($surveyid); //BROWSE MENU BAR $browsemenubar = "<div class='menubar'>\n" . "<div class='menubar-title ui-widget-header'>\n" . "<strong>{$title}</strong>: " . FlattenText($thissurvey['name']) . "</div>" . "<div class='menubar-main'>\n" . "<div class='menubar-left'>\n" . "<a href='{$scriptname}?sid={$surveyid}' title=\"" . $clang->gTview("Return to survey administration") . "\" >" . "<img name='Administration' src='{$imageurl}/home.png' title='' alt='" . $clang->gT("Return to survey administration") . "' /></a>\n" . "<img src='{$imageurl}/blank.gif' alt='' width='11' />\n" . "<img src='{$imageurl}/seperator.gif' alt='' />\n"; //Show summary information if (bHasSurveyPermission($surveyid, 'responses', 'read')) { $browsemenubar .= "<a href='{$scriptname}?action=browse&sid={$surveyid}' title=\"" . $clang->gTview("Show summary information") . "\" >" . "<img name='SurveySummary' src='{$imageurl}/summary.png' title='' alt='" . $clang->gT("Show summary information") . "' /></a>\n"; //Display responses if (count(GetAdditionalLanguagesFromSurveyID($surveyid)) == 0) { $browsemenubar .= "<a href='{$scriptname}?action=browse&sid={$surveyid}&subaction=all' title=\"" . $clang->gTview("Display Responses") . "\" >" . "<img name='ViewAll' src='{$imageurl}/document.png' title='' alt='" . $clang->gT("Display Responses") . "' /></a>\n"; } else { $browsemenubar .= "<a href=\"#\" accesskey='b' id='browseresponses'" . "title=\"" . $clang->gTview("Display Responses") . "\" >" . "<img src='{$imageurl}/document.png' alt='" . $clang->gT("Display Responses") . "' name='ViewAll' /></a>"; $tmp_survlangs = GetAdditionalLanguagesFromSurveyID($surveyid); $baselang = GetBaseLanguageFromSurveyID($surveyid); $tmp_survlangs[] = $baselang; rsort($tmp_survlangs); $browsemenubar .= "<div class=\"langpopup\" id=\"browselangpopup\">" . $clang->gT("Please select a language:") . "<ul>"; foreach ($tmp_survlangs as $tmp_lang) { $browsemenubar .= "<li><a href=\"{$scriptname}?action=browse&sid={$surveyid}&subaction=all&browselang={$tmp_lang}\" accesskey='b'>" . getLanguageNameFromCode($tmp_lang, false) . "</a></li>"; } $browsemenubar .= "</ul></div>"; } // Display last 50 responses $browsemenubar .= "<a href='{$scriptname}?action=browse&sid={$surveyid}&subaction=all&limit=50&order=desc'" . " title=\"" . $clang->gTview("Display Last 50 Responses") . "\" >" . "<img name='ViewLast' src='{$imageurl}/viewlast.png' alt='" . $clang->gT("Display Last 50 Responses") . "' /></a>\n"; } // Data entry if (bHasSurveyPermission($surveyid, 'responses', 'create')) { $browsemenubar .= "<a href='{$scriptname}?action=dataentry&sid={$surveyid}'" . " title=\"" . $clang->gTview("Dataentry Screen for Survey") . "\" >" . "<img name='DataEntry' src='{$imageurl}/dataentry.png' alt='" . $clang->gT("Dataentry Screen for Survey") . "' /></a>\n"; } // Statistics if (bHasSurveyPermission($surveyid, 'statistics', 'read')) { $browsemenubar .= "<a href='{$scriptname}?action=statistics&sid={$surveyid}' " . "title=\"" . $clang->gTview("Get statistics from these responses") . "\" >" . "<img name='Statistics' src='{$imageurl}/statistics.png' alt='" . $clang->gT("Get statistics from these responses") . "' /></a>\n"; // Time Statistics if ($thissurvey['savetimings'] == "Y") { $browsemenubar .= "<a href='{$scriptname}?action=browse&sid={$surveyid}&subaction=time' " . "title=\"" . $clang->gTview("Get time statistics from these responses") . "\" >" . "<img name='timeStatistics' src='{$imageurl}/timeStatistics.png' alt='" . $clang->gT("Get time statistics from these responses") . "' /></a>\n"; } } $browsemenubar .= "<img src='{$imageurl}/seperator.gif' alt='' />\n"; if (bHasSurveyPermission($surveyid, 'responses', 'export')) { // Export to application $browsemenubar .= "<a href='{$scriptname}?action=exportresults&sid={$surveyid}' title=\"" . $clang->gTview("Export results to application") . "\" >" . "<img name='Export' src='{$imageurl}/export.png' " . "alt='" . $clang->gT("Export results to application") . "' /></a>\n" . "<a href='{$scriptname}?action=exportspss&sid={$surveyid}' title=\"" . $clang->gTview("Export results to a SPSS/PASW command file") . "\" >" . "<img src='{$imageurl}/exportspss.png' " . "alt='" . $clang->gT("Export results to a SPSS/PASW command file") . "' /></a>\n" . "<a href='{$scriptname}?action=exportr&sid={$surveyid}' title=\"" . $clang->gTview("Export results to a R data file") . "\" >" . "<img src='{$imageurl}/exportr.png' " . "alt='" . $clang->gT("Export results to a R data file") . "' /></a>\n"; } //Import old response table if (bHasSurveyPermission($surveyid, 'responses', 'create')) { $browsemenubar .= "<a href='{$scriptname}?action=importoldresponses&sid={$surveyid}' title=\"" . $clang->gTview("Import responses from a deactivated survey table") . "\" >" . "<img name='ImportOldResponses' src='{$imageurl}/importold.png' alt='" . $clang->gT("Import responses from a deactivated survey table") . "' /></a>\n"; } $browsemenubar .= "<img src='{$imageurl}/seperator.gif' alt='' />\n"; //browse saved responses if (bHasSurveyPermission($surveyid, 'responses', 'read')) { $browsemenubar .= "<a href='{$scriptname}?action=saved&sid={$surveyid}' title=\"" . $clang->gTview("View Saved but not submitted Responses") . "\" >" . "<img src='{$imageurl}/saved.png' title='' alt='" . $clang->gT("View Saved but not submitted Responses") . "' name='BrowseSaved' /></a>\n"; } //Import VV if (bHasSurveyPermission($surveyid, 'responses', 'import')) { $browsemenubar .= "<a href='{$scriptname}?action=vvimport&sid={$surveyid}' title=\"" . $clang->gTview("Import a VV survey file") . "\" >" . "<img src='{$imageurl}/importvv.png' alt='" . $clang->gT("Import a VV survey file") . "' /></a>\n"; } //Export VV if (bHasSurveyPermission($surveyid, 'responses', 'export')) { $browsemenubar .= "<a href='{$scriptname}?action=vvexport&sid={$surveyid}' title=\"" . $clang->gTview("Export a VV survey file") . "\" >" . "<img src='{$imageurl}/exportvv.png' title='' alt='" . $clang->gT("Export a VV survey file") . "' /></a>\n"; } //Iterate survey if (bHasSurveyPermission($surveyid, 'responses', 'delete') && $thissurvey['anonymized'] == 'N' && $thissurvey['tokenanswerspersistence'] == 'Y') { $browsemenubar .= "<a href='{$scriptname}?action=iteratesurvey&sid={$surveyid}' title=\"" . $clang->gTview("Iterate survey") . "\" >" . "<img src='{$imageurl}/iterate.png' title='' alt='" . $clang->gT("Iterate survey") . "' /></a>\n"; } $browsemenubar .= "</div>\n" . "\t</div>\n" . "</div>\n"; return $browsemenubar; }
$message .= "<div class='badtokenlist' id='invalidemaillist' style='display: none;'><ul>"; foreach($invalidemaillist as $data) { $message .= "<li>$data</li>\n"; } } $message .= "</ul>"; } $message .= "</div>"; $tokenoutput .= "$message<br />\n"; unlink($the_full_file_path); } $tokenoutput .= "</div>\n"; } if ($subaction == "uploadldap" && bHasSurveyPermission($surveyid, 'tokens','create')) { $duplicatelist=array(); $invalidemaillist=array(); $tokenoutput .= "\t<tr><td colspan='2' height='4'><strong>" .$clang->gT("Uploading LDAP Query")."</strong></td></tr>\n" ."\t<tr><td align='center'>\n"; $ldapq=$_POST['ldapQueries']; // the ldap query id $ldap_server_id=$ldap_queries[$ldapq]['ldapServerId']; $ldapserver=$ldap_server[$ldap_server_id]['server']; $ldapport=$ldap_server[$ldap_server_id]['port']; if (isset($ldap_server[$ldap_server_id]['encoding']) && $ldap_server[$ldap_server_id]['encoding'] != 'utf-8' && $ldap_server[$ldap_server_id]['encoding'] != 'UTF-8') {
$editquestion .= "\t</select>\n" . "</li>\n"; } else { $editquestion .= "<input type='hidden' name='questionposition' value='' />"; } } $editquestion .= "</ul>\n"; $editquestion .= '<p><a id="showadvancedattributes">' . $clang->gT("Show advanced settings") . '</a><a id="hideadvancedattributes" style="display:none;">' . $clang->gT("Hide advanced settings") . '</a></p>' . '<div id="advancedquestionsettingswrapper" style="display:none;">' . '<div class="loader">' . $clang->gT("Loading...") . '</div>' . '<div id="advancedquestionsettings"></div>' . '</div>' . "<p><input type='submit' value='" . $clang->gT("Save") . "' />"; if ($adding) { $editquestion .= "\t<input type='hidden' name='action' value='insertquestion' />\n"; } else { $editquestion .= "\t<input type='hidden' name='action' value='updatequestion' />\n" . "\t<input type='hidden' id='qid' name='qid' value='{$qid}' />"; } $editquestion .= "\t<input type='hidden' id='sid' name='sid' value='{$surveyid}' /></p>\n" . "</div></form></div>\n"; if ($adding) { // Import dialogue if (bHasSurveyPermission($surveyid, 'surveycontent', 'import')) { $editquestion .= "<br /><div class='header ui-widget-header'>" . $clang->gT("...or import a question") . "</div>\n" . "\t<form enctype='multipart/form-data' id='importquestion' name='importquestion' action='{$scriptname}' method='post' onsubmit='return validatefilename(this,\"" . $clang->gT('Please select a file to import!', 'js') . "\");'>\n" . "<ul>\n" . "\t<li>\n" . "\t<label for='the_file'>" . $clang->gT("Select LimeSurvey question file (*.lsq/*.csv)") . ":</label>\n" . "\t<input name='the_file' id='the_file' type=\"file\" size=\"50\" />\n" . "\t</li>\n" . "\t<li>\n" . "\t<label for='translinksfields'>" . $clang->gT("Convert resource links?") . "</label>\n" . "\t<input name='translinksfields' id='translinksfields' type='checkbox' checked='checked'/>\n" . "\t</li>\n" . "</ul>\n" . "<p>\n" . "<input type='submit' value='" . $clang->gT("Import Question") . "' />\n" . "<input type='hidden' name='action' value='importquestion' />\n" . "<input type='hidden' name='sid' value='{$surveyid}' />\n" . "<input type='hidden' name='gid' value='{$gid}' />\n" . "</form>\n\n"; } $editquestion .= "<script type='text/javascript'>\n" . "<!--\n" . "document.getElementById('title').focus();\n" . "//-->\n" . "</script>\n"; } $editquestion .= questionjavascript($eqrow['type']); } //Constructing the interface here... if ($action == "orderquestions") { if (isset($_POST['questionordermethod'])) { switch ($_POST['questionordermethod']) { // Pressing the Up button case 'up': $newsortorder = $postsortorder - 1; $oldsortorder = $postsortorder; $cdquery = "UPDATE " . db_table_name('questions') . " SET question_order=-1 WHERE gid={$gid} AND question_order={$newsortorder}";
session_name("LimeSurveyAdmin"); } session_set_cookie_params(0, $relativeurl . '/'); if (session_id() == "") { @session_start(); } $_SESSION['KCFINDER'] = array(); $sAllowedExtensions = implode(' ', array_map('trim', explode(',', $allowedresourcesuploads))); $_SESSION['KCFINDER']['types'] = array('files' => $sAllowedExtensions, 'flash' => $sAllowedExtensions, 'images' => $sAllowedExtensions); if ($demoModeOnly === false && isset($_SESSION['loginID']) && isset($_SESSION['FileManagerContext'])) { // disable upload at survey creation time // because we don't know the sid yet if (preg_match('/^(create|edit):(question|group|answer)/', $_SESSION['FileManagerContext']) != 0 || preg_match('/^edit:survey/', $_SESSION['FileManagerContext']) != 0 || preg_match('/^edit:assessments/', $_SESSION['FileManagerContext']) != 0 || preg_match('/^edit:emailsettings/', $_SESSION['FileManagerContext']) != 0) { $contextarray = explode(':', $_SESSION['FileManagerContext'], 3); $surveyid = $contextarray[2]; if (bHasSurveyPermission($surveyid, 'surveycontent', 'update')) { $_SESSION['KCFINDER']['disabled'] = false; $_SESSION['KCFINDER']['uploadURL'] = "{$relativeurl}/upload/surveys/{$surveyid}/"; $_SESSION['KCFINDER']['uploadDir'] = $uploaddir . '/surveys/' . $surveyid; } } elseif (preg_match('/^edit:label/', $_SESSION['FileManagerContext']) != 0) { $contextarray = explode(':', $_SESSION['FileManagerContext'], 3); $labelid = $contextarray[2]; // check if the user has label management right and labelid defined if ($_SESSION['USER_RIGHT_MANAGE_LABEL'] == 1 && isset($labelid) && $labelid != '') { $_SESSION['KCFINDER']['disabled'] = false; $_SESSION['KCFINDER']['uploadURL'] = "{$relativeurl}/upload/labels/{$labelid}/"; $_SESSION['KCFINDER']['uploadDir'] = "{$uploaddir}/labels/{$labelid}"; } } }
$tab_content[$i] .= " selected='selected'"; } $tab_content[$i] .= ">" . $dateformatdata['dateformat'] . '</option>'; } $tab_content[$i] .= "</select></li>" . "<li><label for=''>" . $clang->gT("Decimal separator:") . "</label>\n"; $tab_content[$i] .= "<select size='1' name='numberformat_" . $esrow['surveyls_language'] . "'>\n"; foreach (getRadixPointData() as $index => $radixptdata) { $tab_content[$i] .= "<option value='{$index}'"; if ($esrow['surveyls_numberformat'] == $index) { $tab_content[$i] .= " selected='selected'"; } $tab_content[$i] .= ">" . $radixptdata['desc'] . '</option>'; } $tab_content[$i] .= "</select></li></ul>"; $i++; } $editsurvey .= "<ul>"; foreach ($tab_title as $i => $eachtitle) { $editsurvey .= "<li style='clear:none'><a href='#edittxtele{$i}'>{$eachtitle}</a></li>"; } $editsurvey .= "</ul>"; foreach ($tab_content as $i => $eachcontent) { $editsurvey .= "<div id='edittxtele{$i}'>{$eachcontent}</div>"; } $editsurvey .= "</div>"; if (bHasSurveyPermission($surveyid, 'surveylocale', 'update')) { $editsurvey .= "<p><input type='submit' class='standardbtn' value='" . $clang->gT("Save") . "' />\n" . "<input type='hidden' name='action' value='updatesurveylocalesettings' />\n" . "<input type='hidden' name='sid' value=\"{$surveyid}\" />\n" . "<input type='hidden' name='language' value=\"{$esrow['surveyls_language']}\" />\n" . "</p>\n" . "</form>\n"; } } else { include "access_denied.php"; }
$assessmentsoutput .= "</td><td>" . $assess['sid'] . "</td>\n"; if ($assess['scope'] == "T") { $assessmentsoutput .= "<td>" . $clang->gT("Total") . "</td>\n"; $assessmentsoutput .= "<td>-</td>\n"; } else { $assessmentsoutput .= "<td>" . $clang->gT("Question group") . "</td>\n"; $assessmentsoutput .= "<td>" . $groups[$assess['gid']]['group_name'] . " (" . $assess['gid'] . ")</td>\n"; } $assessmentsoutput .= "<td>" . $assess['minimum'] . "</td>\n"; $assessmentsoutput .= "<td>" . $assess['maximum'] . "</td>\n"; $assessmentsoutput .= "<td>" . stripslashes($assess['name']) . "</td>\n"; $assessmentsoutput .= "<td>" . strip_tags(strip_javascript($assess['message'])) . "</td>\n"; $assessmentsoutput .= "</tr></tbody>\n"; } $assessmentsoutput .= "</table>"; if (bHasSurveyPermission($surveyid, 'assessments', 'update') && $actionvalue == "assessmentupdate" || bHasSurveyPermission($surveyid, 'assessments', 'create') && $actionvalue == "assessmentadd") { //now present edit/insert form $assessmentsoutput .= "<br /><form method='post' class='form30' id='assessmentsform' name='assessmentsform' action='{$scriptname}?sid={$surveyid}'><div class='header ui-widget-header'>\n"; $assessmentsoutput .= "{$actiontitle}</div>\n"; $assessmentsoutput .= "<ul>\n" . "<li><label>" . $clang->gT("Scope") . "</label><input type='radio' id='radiototal' name='scope' value='T' "; if (!isset($editdata) || $editdata['scope'] == "T") { $assessmentsoutput .= " checked='checked' "; } $assessmentsoutput .= " /><label for='radiototal'>" . $clang->gT("Total") . "</label>\n <input type='radio' id='radiogroup' name='scope' value='G'"; if (isset($editdata) && $editdata['scope'] == "G") { $assessmentsoutput .= " checked='checked' "; } $assessmentsoutput .= "/><label for='radiogroup'>" . $clang->gT("Group") . "</label></li>\n"; $assessmentsoutput .= "<li><label for='gid'>" . $clang->gT("Question group") . "</label>{$groupselect}</li>\n" . "<li><label for='minimum'>" . $clang->gT("Minimum") . "</label><input type='text' id='minimum' name='minimum' class='numbersonly'"; if (isset($editdata)) { $assessmentsoutput .= " value='{$editdata['minimum']}' ";
if (isset($failedgroupcheck) && $failedgroupcheck) { foreach ($failedgroupcheck as $fg) { $activateoutput .= "\t\t\t\t<li> Group gid-{$fg[0]} (\"<a href='{$scriptname}?sid={$surveyid}&gid={$fg['0']}'>{$fg[1]}</a>\"){$fg[2]}</li>\n"; } } $activateoutput .= "</ul>\n"; $activateoutput .= $clang->gT("The survey cannot be activated until these problems have been resolved.") . "\n"; $activateoutput .= "</div><br /> \n"; return; } $activateoutput .= "<br />\n<div class='messagebox ui-corner-all'>\n"; $activateoutput .= "<div class='header ui-widget-header'>" . $clang->gT("Activate Survey") . " ({$surveyid})</div>\n"; $activateoutput .= "<div class='warningheader'>\n"; $activateoutput .= $clang->gT("Warning") . "<br />\n"; $activateoutput .= $clang->gT("READ THIS CAREFULLY BEFORE PROCEEDING") . "\n"; $activateoutput .= "\t</div>\n"; $activateoutput .= $clang->gT("You should only activate a survey when you are absolutely certain that your survey setup is finished and will not need changing.") . "<br /><br />\n"; $activateoutput .= $clang->gT("Once a survey is activated you can no longer:") . "<ul><li>" . $clang->gT("Add or delete groups") . "</li><li>" . $clang->gT("Add or delete questions") . "</li><li>" . $clang->gT("Add or delete subquestions or change their codes") . "</li></ul>\n"; $activateoutput .= $clang->gT("However you can still:") . "<ul><li>" . $clang->gT("Edit your questions code/title/text and advanced options") . "</li><li>" . $clang->gT("Edit your group names or descriptions") . "</li><li>" . $clang->gT("Add, remove or edit answer options") . "</li><li>" . $clang->gT("Change survey name or description") . "</li></ul>\n"; $activateoutput .= $clang->gT("Once data has been entered into this survey, if you want to add or remove groups or questions, you will need to deactivate this survey, which will move all data that has already been entered into a separate archived table.") . "<br /><br />\n"; $activateoutput .= "\t<input type='submit' value=\"" . $clang->gT("Activate Survey") . "\" onclick=\"" . get2post("{$scriptname}?action=activate&ok=Y&sid={$_GET['sid']}") . "\" />\n"; $activateoutput .= "</div><br /> \n"; } else { $activateoutput = activateSurvey($postsid, $surveyid); //also activate tokens queXS addition if (bHasSurveyPermission($surveyid, 'tokens', 'read')) { $_POST['createtable'] = 'Y'; $_SESSION['FileManagerContext'] = "edit:emailsettings:{$surveyid}"; include 'tokens.php'; } }
$editsurvey .= "</div>\n"; } elseif ($action = "editsurveysettings") { // TAB Uploaded Resources Management $ZIPimportAction = " onclick='if (validatefilename(this.form,\"" . $clang->gT('Please select a file to import!', 'js') . "\")) {this.form.submit();}'"; if (!function_exists("zip_open")) { $ZIPimportAction = " onclick='alert(\"" . $clang->gT("zip library not supported by PHP, Import ZIP Disabled", "js") . "\");'"; } $disabledIfNoResources = ''; if (hasResources($surveyid, 'survey') === false) { $disabledIfNoResources = " disabled='disabled'"; } $editsurvey .= "<div id='resources'>\n" . "<form enctype='multipart/form-data' class='form30' id='importsurveyresources' name='importsurveyresources' action='{$scriptname}' method='post' onsubmit='return validatefilename(this,\"" . $clang->gT('Please select a file to import!', 'js') . "\");'>\n" . "<input type='hidden' name='sid' value='{$surveyid}' />\n" . "<input type='hidden' name='action' value='importsurveyresources' />\n" . "<ul>\n" . "<li><label> </label>\n" . "<input type='button' onclick='window.open(\"{$homeurl}/scripts/kcfinder/browse.php\", \"_blank\")' value=\"" . $clang->gT("Browse Uploaded Resources") . "\" {$disabledIfNoResources} /></li>\n" . "<li><label> </label>\n" . "<input type='button' onclick='window.open(\"{$scriptname}?action=exportsurvresources&sid={$surveyid}\", \"_blank\")' value=\"" . $clang->gT("Export Resources As ZIP Archive") . "\" {$disabledIfNoResources} /></li>\n" . "<li><label for='the_file'>" . $clang->gT("Select ZIP File:") . "</label>\n" . "<input id='the_file' name='the_file' type='file' size='50' /></li>\n" . "<li><label> </label>\n" . "<input type='button' value='" . $clang->gT("Import Resources ZIP Archive") . "' {$ZIPimportAction} /></li>\n" . "</ul></form>\n"; // End TAB Uploaded Resources Management $editsurvey .= "</div>\n"; } // End TAB pane $editsurvey .= "</div>\n"; // The external button to submit Survey edit changes if ($action == "newsurvey") { $cond = "if (isEmpty(document.getElementById('surveyls_title'), '" . $clang->gT("Error: You have to enter a title for this survey.", 'js') . "'))"; $editsurvey .= "<p><button onclick=\"{$cond} {document.getElementById('addnewsurvey').submit();}\" class='standardbtn' >" . $clang->gT("Save") . "</button></p>\n"; } elseif ($action == "editsurveysettings") { $cond = "if (UpdateLanguageIDs(mylangs,'" . $clang->gT("All questions, answers, etc for removed languages will be lost. Are you sure?", "js") . "'))"; if (bHasSurveyPermission($surveyid, 'surveysettings', 'update')) { $editsurvey .= "<p><button onclick=\"{$cond} {document.getElementById('addnewsurvey').submit();}\" class='standardbtn' >" . $clang->gT("Save") . "</button></p>\n"; } if (bHasSurveyPermission($surveyid, 'surveylocale', 'read')) { $editsurvey .= "<p><button onclick=\"{$cond} {document.getElementById('surveysettingsaction').value = 'updatesurveysettingsandeditlocalesettings'; document.getElementById('addnewsurvey').submit();}\" class='standardbtn' >" . $clang->gT("Save & edit survey text elements") . " >></button></p>\n"; } } }
} $message .= "</div>"; $message .= "<br />\n"; $tokenoutput .= "<i>{$message}</i><br />\n"; } else { $errormessage = "<strong><font color='red'>" . $clang->gT("Error") . ":</font> " . $clang->gT("Can't bind to the LDAP directory") . "</strong>\n"; formldap($errormessage); } @ldap_close($ds); } else { $errormessage = "<strong><font color='red'>" . $clang->gT("Error") . ":</font> " . $clang->gT("Can't connect to the LDAP directory") . "</strong>\n"; formldap($errormessage); } } // OpenSocial / Conext: process selected groups if ($subaction == "uploados" && bHasSurveyPermission($surveyid, 'tokens', 'import')) { global $surveyid, $tokenoutput; require_once 'classes/GroupTokens.php'; global $grouprel_config, $as, $user_id; if (isset($as)) { $auth = array($grouprel_config['userIdAttribute'] => $user_id); } else { // developer: $auth = array($grouprel_config['userIdAttribute'] => 'urn:collab:person:test.surfguest.nl:mdobrinic'); } $o = new GroupTokens($auth, $surveyid, $grouprel_config); $invite_output = $o->invite(); $persons = $o->_allmembers; $personcount = count($persons); if ($personcount > 0) { $language = GetBaseLanguageFromSurveyID($surveyid);
* LimeSurvey * Copyright (C) 2007 The LimeSurvey Project Team / Carsten Schmitz * All rights reserved. * License: GNU/GPL License v2 or later, see LICENSE.php * LimeSurvey is free software. This version may have been modified pursuant * to the GNU General Public License, and as distributed it includes or * is derivative of works licensed under the GNU General Public License or * other free or open source software licenses. * See COPYRIGHT.php for copyright notices and details. * * $Id: vvexport.php 10925 2011-09-02 14:12:02Z c_schmitz $ */ // Security Checked: POST, GET, SESSION, REQUEST, returnglobal, DB //Exports all responses to a survey in special "Verified Voting" format. include_once "login_check.php"; if (!bHasSurveyPermission($surveyid, 'responses', 'export')) { return; } if (!$subaction == "export") { if (incompleteAnsFilterstate() == "inc") { $selecthide = ""; $selectshow = ""; $selectinc = "selected='selected'"; } elseif (incompleteAnsFilterstate() == "filter") { $selecthide = "selected='selected'"; $selectshow = ""; $selectinc = ""; } else { $selecthide = ""; $selectshow = "selected='selected'"; $selectinc = "";
} else { $updateqr .= db_quote_id($fieldname) . " = " . db_quoteall($thisvalue, true) . ", \n"; } } else { $updateqr .= db_quote_id($fieldname) . " = " . db_quoteall($thisvalue, true) . ", \n"; } } $updateqr = substr($updateqr, 0, -3); $updateqr .= " WHERE id={$id}"; $updateres = $connect->Execute($updateqr) or safe_die("Update failed:<br />\n" . $connect->ErrorMsg() . "<br />{$updateqr}"); $thissurvey = getSurveyInfo($surveyid); while (ob_get_level() > 0) { ob_end_flush(); } $dataentryoutput .= "<div class='messagebox ui-corner-all'><div class='successheader'>" . $clang->gT("Success") . "</div>\n" . $clang->gT("Record has been updated.") . "<br /><br />\n" . "<input type='submit' value='" . $clang->gT("View This Record") . "' onclick=\"window.open('{$scriptname}?action=browse&sid={$surveyid}&subaction=id&id={$id}', '_top')\" /><br /><br />\n" . "<input type='submit' value='" . $clang->gT("Browse Responses") . "' onclick=\"window.open('{$scriptname}?action=browse&sid={$surveyid}&subaction=all', '_top')\" />\n" . "</div>\n"; } elseif ($subaction == "delete" && bHasSurveyPermission($surveyid, 'responses', 'delete')) { $dataentryoutput .= "<div class='header ui-widget-header'>" . $clang->gT("Data entry") . "</div>\n"; $dataentryoutput .= "<div class='messagebox ui-corner-all'>\n"; $thissurvey = getSurveyInfo($surveyid); $delquery = "DELETE FROM {$surveytable} WHERE id={$id}"; $delresult = $connect->Execute($delquery) or safe_die("Couldn't delete record {$id}<br />\n" . $connect->ErrorMsg()); $dataentryoutput .= "<div class='successheader'>" . $clang->gT("Record Deleted") . " (ID: {$id})</div><br /><br />\n" . "<input type='submit' value='" . $clang->gT("Browse Responses") . "' onclick=\"window.open('{$scriptname}?action=browse&sid={$surveyid}&subaction=all', '_top')\" /><br /><br />\n" . "</div>\n"; } else { $slangs = GetAdditionalLanguagesFromSurveyID($surveyid); $baselang = GetBaseLanguageFromSurveyID($surveyid); array_unshift($slangs, $baselang); if (!isset($_GET['language']) || !in_array($_GET['language'], $slangs)) { $sDataEntryLanguage = $baselang; $blang = $clang; } else { $blang = new limesurvey_lang($_GET['language']);
} } elseif ($action == 'vvexport') { if (bHasSurveyPermission($surveyid, 'responses', 'export')) { include 'vvexport.php'; } else { include 'access_denied.php'; } } elseif ($action == 'vvimport') { if (bHasSurveyPermission($surveyid, 'responses', 'create')) { include 'vvimport.php'; } else { include 'access_denied.php'; } } if ($action == 'addquestion' || $action == 'copyquestion' || $action == 'editquestion' || $action == 'editdefaultvalues' || $action == 'orderquestions' || $action == 'ajaxquestionattributes' || $action == 'ajaxlabelsetpicker' || $action == 'ajaxlabelsetdetails') { if (bHasSurveyPermission($surveyid, 'surveycontent', 'read')) { $_SESSION['FileManagerContext'] = "edit:question:{$surveyid}"; include 'questionhandling.php'; } else { include 'access_denied.php'; } } if ($action == 'adduser' || $action == 'deluser' || $action == 'finaldeluser' || $action == 'moduser' || $action == 'setusertemplates' || $action == 'usertemplates' || $action == 'userrights' || $action == 'modifyuser' || $action == 'editusers' || $action == 'addusergroup' || $action == 'editusergroup' || $action == 'mailusergroup' || $action == 'delusergroup' || $action == 'usergroupindb' || $action == 'mailsendusergroup' || $action == 'editusergroupindb' || $action == 'editusergroups' || $action == 'deleteuserfromgroup' || $action == 'addusertogroup' || $action == 'setuserrights' || $action == 'setasadminchild') { include 'userrighthandling.php'; } // For some output we dont want to have the standard admin menu bar if (!isset($labelsoutput) && !isset($templatesoutput) && !isset($printablesurveyoutput) && !isset($assessmentsoutput) && !isset($tokenoutput) && !isset($browseoutput) && !isset($exportspssoutput) && !isset($exportroutput) && !isset($dataentryoutput) && !isset($statisticsoutput) && !isset($savedsurveyoutput) && !isset($translateoutput) && !isset($exportoutput) && !isset($importoldresponsesoutput) && !isset($conditionsoutput) && !isset($vvoutput) && !isset($listcolumnoutput) && !isset($importlabelresources) && !isset($iteratesurveyoutput) && substr($action, 0, 4) != 'ajax' && $action != 'update' && $action != 'showphpinfo') { $adminoutput .= showadminmenu(); } if (isset($databaseoutput)) { $adminoutput .= $databaseoutput;
* other free or open source software licenses. * See COPYRIGHT.php for copyright notices and details. * * $Id: dumpgroup.php 10925 2011-09-02 14:12:02Z c_schmitz $ */ // DUMP THE RELATED DATA FOR A SINGLE QUESTION INTO A SQL FILE FOR IMPORTING LATER ON OR // ON ANOTHER SURVEY SETUP DUMP ALL DATA WITH RELATED QID FROM THE FOLLOWING TABLES // 1. questions // 2. answers //Ensure script is not run directly, avoid path disclosure if (!isset($dbprefix) || isset($_REQUEST['dbprefix'])) { die("Cannot run this script directly"); } include_once "login_check.php"; require_once "export_data_functions.php"; if (!bHasSurveyPermission($surveyid, 'surveycontent', 'export')) { safe_die("You are not allowed to export question groups."); } $gid = returnglobal('gid'); $surveyid = returnglobal('sid'); if (!$gid) { echo $htmlheader; echo "<br />\n"; echo "<table width='350' align='center' style='border: 1px solid #555555' cellpadding='1' cellspacing='0'>\n"; echo "\t<tr bgcolor='#555555'><td colspan='2' height='4'><font size='1' face='verdana' color='white'><strong>" . $clang->gT("Export Question") . "</strong></td></tr>\n"; echo "\t<tr bgcolor='#CCCCCC'><td align='center'>{$setfont}\n"; echo "{$setfont}<br /><strong><font color='red'>" . $clang->gT("Error") . "</font></strong><br />\n" . _EQ_NOGID . "<br />\n"; echo "<br /><input type='submit' value='" . $clang->gT("Main Admin Screen") . "' onclick=\"window.open('{$scriptname}', '_top')\">\n"; echo "\t</td></tr>\n"; echo "</table>\n"; echo "</body></html>\n";
$questionsCountResult = $connect->Execute($questionsCountQuery); //Checked $questionsCount = $questionsCountResult->RecordCount(); $listsurveys .= "<tr>"; if ($rows['active'] == "Y") { if ($rows['expires'] != '' && $rows['expires'] < date_shift(date("Y-m-d H:i:s"), "Y-m-d", $timeadjust)) { $listsurveys .= "<td><img src='{$imageurl}/expired.png' " . "alt='" . $clang->gT("This survey is active but expired.") . "' /></td>"; } else { if (bHasSurveyPermission($rows['sid'], 'surveyactivation', 'update')) { $listsurveys .= "<td><a href=\"#\" onclick=\"window.open('{$scriptname}?action=deactivate&sid={$rows['sid']}', '_top')\"" . " title=\"" . $clang->gTview("This survey is active - click here to deactivate this survey.") . "\" >" . "<img src='{$imageurl}/active.png' alt='" . $clang->gT("This survey is active - click here to deactivate this survey.") . "' /></a></td>\n"; } else { $listsurveys .= "<td><img src='{$imageurl}/active.png' " . "alt='" . $clang->gT("This survey is currently active.") . "' /></td>\n"; } } } else { if ($questionsCount > 0 && bHasSurveyPermission($rows['sid'], 'surveyactivation', 'update')) { $listsurveys .= "<td><a href=\"#\" onclick=\"window.open('{$scriptname}?action=activate&sid={$rows['sid']}', '_top')\"" . " title=\"" . $clang->gTview("This survey is currently not active - click here to activate this survey.") . "\" >" . "<img src='{$imageurl}/inactive.png' title='' alt='" . $clang->gT("This survey is currently not active - click here to activate this survey.") . "' /></a></td>\n"; } else { $listsurveys .= "<td><img src='{$imageurl}/inactive.png'" . " title='" . $clang->gT("This survey is currently not active.") . "' alt='" . $clang->gT("This survey is currently not active.") . "' />" . "</td>\n"; } } $listsurveys .= "<td align='center'><a href='" . $scriptname . "?sid=" . $rows['sid'] . "'>{$rows['sid']}</a></td>"; $listsurveys .= "<td align='left'><a href='" . $scriptname . "?sid=" . $rows['sid'] . "'>{$rows['surveyls_title']}</a></td>" . "<td>" . $datecreated . "</td>" . "<td>" . $ownername . " (<a href='#' class='ownername_edit' translate_to='" . $clang->gT("Update") . "' id='ownername_edit_{$rows['sid']}'>" . $clang->gT("Edit") . "</a>)</td>" . "<td>" . $visibility . "</td>" . "<td>" . $privacy . "</td>"; if ($rows['active'] == "Y") { $complete = $responses - $partial_responses; $listsurveys .= "<td>" . $complete . "</td>"; $listsurveys .= "<td>" . $partial_responses . "</td>"; $listsurveys .= "<td>" . $responses . "</td>"; } else { $listsurveys .= "<td> </td>"; $listsurveys .= "<td> </td>";