Database::insert($table_survey_invitation, $params); } // From here we use the new invitationcode auto-userid-surveycode string $_GET['invitationcode'] = $autoInvitationcode; $invitationcode = $autoInvitationcode; } } // Now we check if the invitation code is valid $sql = "SELECT * FROM {$table_survey_invitation}\n WHERE\n c_id = {$course_id} AND\n invitation_code = '" . Database::escape_string($invitationcode) . "'"; $result = Database::query($sql); if (Database::num_rows($result) < 1) { api_not_allowed(true, get_lang('WrongInvitationCode')); } $survey_invitation = Database::fetch_array($result, 'ASSOC'); // Now we check if the user already filled the survey if (!isset($_POST['finish_survey']) && ($isAnonymous && isset($_SESSION['surveyuser']) && SurveyUtil::isSurveyAnsweredFlagged($survey_invitation['survey_code'], $survey_invitation['c_id'])) || $survey_invitation['answered'] == 1 && !isset($_GET['user_id'])) { api_not_allowed(true, get_lang('YouAlreadyFilledThisSurvey')); } // Checking if there is another survey with this code. // If this is the case there will be a language choice $sql = "SELECT * FROM {$table_survey}\n WHERE\n c_id = {$course_id} AND\n code='" . Database::escape_string($survey_invitation['survey_code']) . "'"; $result = Database::query($sql); if (Database::num_rows($result) > 1) { if ($_POST['language']) { $survey_invitation['survey_id'] = $_POST['language']; } else { // Header Display::display_header(get_lang('ToolSurvey')); echo '<form id="language" name="language" method="POST" action="' . api_get_self() . '?course=' . Security::remove_XSS($_GET['course']) . '&invitationcode=' . Security::remove_XSS($_GET['invitationcode']) . '&cidReq=' . Security::remove_XSS($_GET['cidReq']) . '">'; echo '<select name="language">'; while ($row = Database::fetch_array($result, 'ASSOC')) {