\n" ."\t\t\t".$clang->gT("This survey is no longer available.")."
\n" ."\t\t\t".sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$thissurvey['adminname'],$thissurvey['adminemail']).".\n" ."
\n"; echo templatereplace(file_get_contents("$tpldir/default/endpage.pstpl")); doFooter(); exit; } //CHECK FOR PREVIOUSLY COMPLETED COOKIE //If cookies are being used, and this survey has been completed, a cookie called "PHPSID[sid]STATUS" will exist (ie: SID6STATUS) and will have a value of "COMPLETE" $cookiename="PHPSID".returnglobal('sid')."STATUS"; if (isset($_COOKIE[$cookiename]) && $_COOKIE[$cookiename] == "COMPLETE" && $thissurvey['usecookie'] == "Y" && $tokensexist != 1 && (!isset($_GET['newtest']) || $_GET['newtest'] != "Y")) { sendcacheheaders(); doHeader(); echo templatereplace(file_get_contents("$tpldir/default/startpage.pstpl")); echo "\t\t
\n" ."\t\t\t".$clang->gT("Error")."
\n" ."\t\t\t".$clang->gT("You have already completed this survey.")."
\n" ."\t\t\t".sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$thissurvey['adminname'],$thissurvey['adminemail'])."\n" ."
\n"; echo templatereplace(file_get_contents("$tpldir/default/endpage.pstpl")); doFooter(); exit; } //CHECK IF SURVEY ID DETAILS HAVE CHANGED if (isset($_SESSION['oldsid'])) {$oldsid=$_SESSION['oldsid'];} if (!isset($oldsid)) {$_SESSION['oldsid'] = $surveyid;} if (isset($oldsid) && $oldsid && $oldsid != $surveyid) { $savesessionvars=Array(); if (isset($_SESSION['USER_RIGHT_PREVIEW'])) { $savesessionvars["USER_RIGHT_PREVIEW"]=$surveyid; $savesessionvars["loginID"]=$_SESSION['loginID']; $savesessionvars["user"]=$_SESSION['user']; } session_unset(); $_SESSION['oldsid']=$surveyid; foreach ($savesessionvars as $sesskey => $sessval) { $_SESSION[$sesskey]=$sessval; } } if (isset($_GET['loadall']) && $_GET['loadall'] == "reload") { if (returnglobal('loadname') && returnglobal('loadpass')) { $_POST['loadall']="reload"; } } //LOAD SAVED SURVEY if (isset($_POST['loadall']) && $_POST['loadall'] == "reload") { $errormsg=""; // if (loadname is not set) or if ((loadname is set) and (loadname is NULL)) if (!isset($loadname) || (isset($loadname) && ($loadname == null))) { $errormsg .= $clang->gT("You did not provide a name")."
\n"; } // if (loadpass is not set) or if ((loadpass is set) and (loadpass is NULL)) if (!isset($loadpass) || (isset($loadpass) && ($loadpass == null))) { $errormsg .= $clang->gT("You did not provide a password")."
\n"; } // if security question answer is incorrect if (function_exists("ImageCreate") && captcha_enabled('saveandloadscreen',$thissurvey['usecaptcha'])) { if ( (!isset($_POST['loadsecurity']) || !isset($_SESSION['secanswer']) || $_POST['loadsecurity'] != $_SESSION['secanswer']) && !isset($_GET['scid'])) { $errormsg .= $clang->gT("The answer to the security question is incorrect")."
\n"; } } // Load session before loading the values from the saved data if (isset($_GET['loadall'])) { buildsurveysession(); } $_SESSION['holdname']=$loadname; //Session variable used to load answers every page. $_SESSION['holdpass']=$loadpass; //Session variable used to load answers every page. if ($errormsg == "") loadanswers(); $move = "movenext"; if ($errormsg) { $_POST['loadall'] = $clang->gT("Load Unfinished Survey"); } } //Allow loading of saved survey if (isset($_POST['loadall']) && $_POST['loadall'] == $clang->gT("Load Unfinished Survey")) { require_once("load.php"); } //Check if TOKEN is used for EVERY PAGE //This function fixes a bug where users able to submit two surveys/votes //by checking that the token has not been used at each page displayed. // bypass only this check at first page (Step=0) because // this check is done in buildsurveysession and error message // could be more interresting there (takes into accound captcha if used) if ($tokensexist == 1 && isset($token) && $token && isset($_SESSION['step']) && $_SESSION['step']>0) { //check if token actually does exist $tkquery = "SELECT COUNT(*) FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote($token)."' AND (completed = 'N' or completed='')"; $tkresult = db_execute_num($tkquery); //Checked list($tkexist) = $tkresult->FetchRow(); if (!$tkexist) { sendcacheheaders(); doHeader(); //TOKEN DOESN'T EXIST OR HAS ALREADY BEEN USED. EXPLAIN PROBLEM AND EXIT echo templatereplace(file_get_contents("$thistpl/startpage.pstpl")); echo templatereplace(file_get_contents("$thistpl/survey.pstpl")); echo "\t
\n" ."\t".$clang->gT("This is a closed-access survey, so you must supply a valid token. Please contact the administrator for assistance.")."
\n" ."\t".$clang->gT("The token you have provided is either not valid, or has already been used.")."\n" ."\t".$clang->gT("For further information contact")." {$thissurvey['adminname']} " ."(" ."{$thissurvey['adminemail']})
\n" ."\t".$clang->gT("Close this Window")."
\n"; echo templatereplace(file_get_contents("$thistpl/endpage.pstpl")); exit; } } //CLEAR SESSION IF REQUESTED if (isset($_GET['move']) && $_GET['move'] == "clearall") { $s_lang = $_SESSION['s_lang']; session_unset(); session_destroy(); setcookie(session_name(),"EXPIRED",time()-120); sendcacheheaders(); if (isset($_GET['redirect'])) { session_write_close(); header("Location: {$_GET['redirect']}"); } doHeader(); echo templatereplace(file_get_contents("$thistpl/startpage.pstpl")); echo "\n\n\n" ."\t\n\n"; //Present the clear all page using clearall.pstpl template echo templatereplace(file_get_contents("$thistpl/clearall.pstpl")); echo templatereplace(file_get_contents("$thistpl/endpage.pstpl")); doFooter(); exit; } if (isset($_GET['newtest']) && $_GET['newtest'] == "Y") { $savesessionvars=Array(); if (isset($_SESSION['USER_RIGHT_PREVIEW'])) { $savesessionvars["USER_RIGHT_PREVIEW"]=$surveyid; $savesessionvars["loginID"]=$_SESSION['loginID']; $savesessionvars["user"]=$_SESSION['user']; } session_unset(); $_SESSION['oldsid']=$surveyid; foreach ($savesessionvars as $sesskey => $sessval) { $_SESSION[$sesskey]=$sessval; } //DELETE COOKIE (allow to use multiple times) setcookie("$cookiename", "INCOMPLETE", time()-120); //echo "Reset Cookie!"; } //Check to see if a refering URL has been captured. getreferringurl(); // Let's do this only if // - a saved answer record hasn't been loaded through the saved feature // - the survey is not anonymous // - the survey is active // - a token information has been provided // - the survey is setup to allow token-response-persistence if ($thissurvey['tokenanswerspersistence'] == 'Y' && !isset($_SESSION['srid']) && $thissurvey['private'] == "N" && $thissurvey['active'] == "Y" && $token !='') { // load previous answers if any (dataentry with nosubmit) $srquery="SELECT id FROM {$thissurvey['tablename']}" . " WHERE {$thissurvey['tablename']}.token='".$token."'\n"; $result = db_execute_assoc($srquery) or safe_die ("Error loading results
$query
".$connect->ErrorMsg()); //Checked while ($srrow = $result->FetchRow() ) { $_SESSION['srid'] = $srrow['id']; } } // SAVE POSTED ANSWERS TO DATABASE IF MOVE (NEXT,PREV,LAST, or SUBMIT) or RETURNING FROM SAVE FORM if (isset($move) || isset($_POST['saveprompt'])) { require_once("save.php"); // RELOAD THE ANSWERS INCASE SOMEONE ELSE CHANGED THEM if ($thissurvey['active'] == "Y" && $thissurvey['allowsave'] == "Y") { loadanswers(); } } sendcacheheaders(); //CALL APPROPRIATE SCRIPT switch ($thissurvey['format']) { case "A": //All in one require_once("survey.php"); break; case "S": //One at a time require_once("question.php"); break; case "G": //Group at a time require_once("group.php"); break; default: require_once("question.php"); } if (isset($_POST['saveall'])) { print ""; } function loadanswers() { global $dbprefix,$surveyid,$errormsg; global $thissurvey, $thisstep, $clang; global $databasetype, $clienttoken; $scid=returnglobal('scid'); if (isset($_POST['loadall']) && $_POST['loadall'] == "reload") { $query = "SELECT * FROM ".db_table_name('saved_control')." INNER JOIN {$thissurvey['tablename']} ON ".db_table_name('saved_control').".srid = {$thissurvey['tablename']}.id WHERE ".db_table_name('saved_control').".sid=$surveyid\n"; if (isset($scid)) //Would only come from email { $query .= "AND ".db_table_name('saved_control').".scid={$scid}\n"; } $query .="AND ".db_table_name('saved_control').".identifier = '".auto_escape($_SESSION['holdname'])."' AND ".db_table_name('saved_control').".access_code ". (($databasetype == 'mysql')? "=": "like" ) ." '".md5(auto_unescape($_SESSION['holdpass']))."'\n"; } elseif (isset($_SESSION['srid'])) { $query = "SELECT * FROM {$thissurvey['tablename']} WHERE {$thissurvey['tablename']}.id=".$_SESSION['srid']."\n"; } else { return; } $result = db_execute_assoc($query) or safe_die ("Error loading results
$query
".$connect->ErrorMsg()); //Checked if ($result->RecordCount() < 1) { $errormsg .= $clang->gT("There is no matching saved survey")."
\n"; } else { //A match has been found. Let's load the values! //If this is from an email, build surveysession first $row=$result->FetchRow(); foreach ($row as $column => $value) { if ($column == "token") { $clienttoken=$value; $token=$value; } if ($column == "saved_thisstep") { $_SESSION['step']=$value; $thisstep=$value-1; } if ($column == "scid") { $_SESSION['scid']=$value; } if ($column == "srid") { $_SESSION['srid']=$value; } if ($column == "datestamp") { $_SESSION['datestamp']=$value; } else { //Only make session variables for those in insertarray[] if (in_array($column, $_SESSION['insertarray'])) { $_SESSION[$column]=$value; } } } // foreach } return true; } function getTokenData($surveyid, $token) { global $dbprefix, $connect; $query = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote($token)."'"; $result = db_execute_assoc($query) or safe_die("Couldn't get token info in getTokenData()
".$query."
".$connect->ErrorMsg()); //Checked while($row=$result->FetchRow()) { $thistoken=array("firstname"=>$row['firstname'], "lastname"=>$row['lastname'], "email"=>$row['email'], "language" =>$row['language'], "attribute_1"=>$row['attribute_1'], "attribute_2"=>$row['attribute_2']); } // while return $thistoken; } function makegraph($currentstep, $total) { global $thissurvey; global $publicurl, $clang; $shchart = "$publicurl/templates/".validate_templatedir($thissurvey['templatedir'])."/chart.jpg"; $graph = "
\n"
. "
|
$query
".$connect->ErrorMsg()); //Checked $andedMultipleCqidCount=0; // count of multiple cqids for type Q or K while($row=$result->FetchRow()) { //Iterate through each condition for this question and check if it is met. $query2= "SELECT type, gid FROM ".db_table_name('questions')."\n" ." WHERE qid={$row['cqid']} AND language='".$_SESSION['s_lang']."'"; $result2=db_execute_assoc($query2) or safe_die ("Coudn't get type from questions
$ccquery
".$connect->ErrorMsg()); //Checked while($row2=$result2->FetchRow()) { $cq_gid=$row2['gid']; //Find out the "type" of the question this condition uses $thistype=$row2['type']; } if ($thistype == 'K' || $thistype == 'Q') { // will be used as an index for Multiple conditions // on type Q or K so that there will be ANDed and // not ORed $andedMultipleCqidCount++; } if ($gid == $cq_gid) { //Don't do anything - this cq is in the current group } elseif ($thistype == "M" || $thistype == "P") { // For multiple choice type questions, the "answer" value will be "Y" // if selected, the fieldname will have the answer code appended. $fieldname=$row['cfieldname'].$row['value']; $cvalue="Y"; if (isset($_SESSION[$fieldname])) { $cfieldname=$_SESSION[$fieldname]; } else { $cfieldname=""; } } elseif (ereg('^@([0-9]+X[0-9]+X[^@]+)@',$row['value'],$targetconditionfieldname) && isset($_SESSION[$targetconditionfieldname[1]]) ) { // If value uses @SIDXGIDXQID@ codes i // then try to replace them with a // value recorded in SESSION if any $cvalue=$_SESSION[$targetconditionfieldname[1]]; if (isset($_SESSION[$fieldname])) { $cfieldname=$_SESSION[$fieldname]; } else { $cfieldname=""; } } else { //For all other questions, the "answer" value will be the answer code. if (isset($_SESSION[$row['cfieldname']])) {$cfieldname=$_SESSION[$row['cfieldname']];} else {$cfieldname=' ';} $cvalue=$row['value']; } if ($row['method'] != 'RX') { if (trim($row['method'])=='') { $row['method']='=='; } if (eval('if (trim($cfieldname)'. $row['method'].' trim($cvalue)) return true; else return false;')) { $conditionMatches=true; //This condition is met } else { $conditionMatches=false; } } else { if (ereg(trim($cvalue),trim($cfieldname))) { $conditionMatches=true; } else { $conditionMatches=false; } } if ($conditionMatches === true) { if ($thistype != 'Q' && $thistype != 'K') { //This condition is met if (!isset($distinctcqids[$row['cqid']]) || $distinctcqids[$row['cqid']] == 0) { $distinctcqids[$row['cqid']]=1; } } else { //$andedMultipleCqidCount if (!isset($distinctcqids[$row['cqid']."-$andedMultipleCqidCount"]) || $distinctcqids[$row['cqid']] == 0) { $distinctcqids[$row['cqid']."-$andedMultipleCqidCount"]=1; } } } else { if ($thistype != 'Q' && $thistype != 'K') { if (!isset($distinctcqids[$row['cqid']])) { $distinctcqids[$row['cqid']]=0; } } else { if (!isset($distinctcqids[$row['cqid']."-$andedMultipleCqidCount"])) { $distinctcqids[$row['cqid']."-$andedMultipleCqidCount"]=0; } } } } // while foreach($distinctcqids as $key=>$val) { //Because multiple cqids are treated as "AND", we only check //one condition per conditional qid (cqid). As long as one //match is found for each distinct cqid, then the condition is met. $totalands=$totalands+$val; } if ($totalands >= count($distinctcqids)) { //The number of matches to conditions exceeds the number of distinct //conditional questions, therefore a condition has been met. //As soon as any condition for a question is met, we MUST show the group. return true; } unset($distinctcqids); } //Since we made it this far, there mustn't have been any conditions met. //Therefore the group should not be displayed. return false; } } function checkconfield($value) { global $dbprefix, $connect; //$value is the fieldname for the field we are checking for conditions foreach ($_SESSION['fieldarray'] as $sfa) //Go through each field { if ($sfa[1] == $value && $sfa[7] == "Y" && isset($_SESSION[$value]) && $_SESSION[$value]) //Do this if there is a condition based on this answer { $currentcfield=""; $query = "SELECT ".db_table_name('conditions').".*, ".db_table_name('questions').".type " . "FROM ".db_table_name('conditions').", ".db_table_name('questions')." " . "WHERE ".db_table_name('conditions').".cqid=".db_table_name('questions').".qid " . "AND ".db_table_name('conditions').".qid=$sfa[0] " . "ORDER BY ".db_table_name('conditions').".qid"; $result=db_execute_assoc($query) or safe_die($query."
".$connect->ErrorMsg()); //Checked while($rows = $result->FetchRow()) //Go through the condition on this field { if($rows['type'] == "M" || $rows['type'] == "P") { $matchfield=$rows['cfieldname'].$rows['value']; $matchmethod=$rows['method']; $matchvalue="Y"; } else { $matchfield=$rows['cfieldname']; $matchmethod=$rows['method']; $matchvalue=$rows['value']; } $cqval[]=array("cfieldname"=>$rows['cfieldname'], "value"=>$rows['value'], "type"=>$rows['type'], "matchfield"=>$matchfield, "matchvalue"=>$matchvalue, "matchmethod"=>$matchmethod ); if ($rows['cfieldname'] != $currentcfield) { $container[]=$rows['cfieldname']; } $currentcfield=$rows['cfieldname']; } //At least one match must be found for each "$container" $total=0; foreach($container as $con) { $addon=0; foreach($cqval as $cqv) {//Go through each condition // Replace @SGQA@ condition values // By corresponding value if (ereg('^@([0-9]+X[0-9]+X[^@]+)@',$cqv["matchvalue"], $targetconditionfieldname)) { $cqv["matchvalue"] = $_SESSION[$targetconditionfieldname[1]]; } // Use == as default operator if (trim($cqv['matchmethod'])=='') {$cqv['matchmethod']='==';} if($cqv['cfieldname'] == $con) { if ($cqv['matchmethod'] != "RX") { if (isset($_SESSION[$cqv['matchfield']]) && eval('if ($_SESSION[$cqv["matchfield"]]'.$cqv['matchmethod'].' $cqv["matchvalue"]) {return true;} else {return false;}')) {//plug successful matches into appropriate container $addon=1; } } elseif (ereg($cqv["matchvalue"],$_SESSION[$cqv["matchfield"]])) { $addon=1; } } } if($addon==1){$total++;} } if($total
\n$utquery
\n".$connect->ErrorMsg()); //Checked // TLR change to put date into sent and completed $cnfquery = "SELECT * FROM ".db_table_name("tokens_$surveyid")." WHERE token='".db_quote($clienttoken)."' AND completed!='N' AND completed!=''"; $cnfresult = db_execute_assoc($cnfquery); //Checked $cnfrow = $cnfresult->FetchRow(); if (isset($cnfrow)) { $from = "{$thissurvey['adminname']} <{$thissurvey['adminemail']}>"; $to = $cnfrow['email']; $subject=$thissurvey['email_confirm_subj']; $fieldsarray["{ADMINNAME}"]=$thissurvey['adminname']; $fieldsarray["{ADMINEMAIL}"]=$thissurvey['adminemail']; $fieldsarray["{SURVEYNAME}"]=$thissurvey['name']; $fieldsarray["{SURVEYDESCRIPTION}"]=$thissurvey['description']; $fieldsarray["{FIRSTNAME}"]=$cnfrow['firstname']; $fieldsarray["{LASTNAME}"]=$cnfrow['lastname']; $fieldsarray["{ATTRIBUTE_1}"]=$cnfrow['attribute_1']; $fieldsarray["{ATTRIBUTE_2}"]=$cnfrow['attribute_2']; $subject=Replacefields($subject, $fieldsarray); $subject=html_entity_decode_php4($subject, ENT_QUOTES, "UTF-8"); if (getEmailFormat($surveyid) == 'html') { $ishtml=true; } else { $ishtml=false; } if ($thissurvey['email_confirm']) { $message=$thissurvey['email_confirm']; $message=Replacefields($message, $fieldsarray); if (!$ishtml) { $message=strip_tags(br2nl(html_entity_decode_php4($message, ENT_QUOTES, "UTF-8"))); } else { $message=html_entity_decode_php4($message,ENT_QUOTES, "UTF-8"); } } else { //Get the default email_confirm from the default language file // Todo: This can't be right $message = conditional_nl2br($clang->gT("Dear {FIRSTNAME},\n\nThis email is to confirm that you have completed the survey titled {SURVEYNAME} and your response has been saved. Thank you for participating.\n\nIf you have any further questions about this email, please contact {ADMINNAME} on {ADMINEMAIL}.\n\nSincerely,\n\n{ADMINNAME}"),$ishtml); $message=Replacefields($message, $fieldsarray); } //Only send confirmation email if there is a valid email address if (validate_email($cnfrow['email'])) { MailTextMessage($message, $subject, $to, $from, $sitename,$ishtml); } } } function sendsubmitnotification($sendnotification) { global $thissurvey, $debug; global $dbprefix, $clang; global $sitename, $homeurl, $surveyid, $publicurl, $maildebug; $subject = $clang->gT("Answer Submission for Survey","unescaped")." ".$thissurvey['name']; $message = $clang->gT("Survey Submitted","unescaped")." - {$thissurvey['name']}\n" . $clang->gT("A new response was entered for your survey","unescaped")."\n\n"; if ($thissurvey['allowsave'] == "Y" && isset($_SESSION['scid'])) { $message .= $clang->gT("Click the following link to reload the survey:","unescaped")."\n"; $message .= " $publicurl/index.php?sid=$surveyid&loadall=reload&scid=".$_SESSION['scid']."&loadname=".urlencode($_SESSION['holdname'])."&loadpass=".urlencode($_SESSION['holdpass'])."\n\n"; } $message .= $clang->gT("Click the following link to see the individual response:","unescaped")."\n" . " $homeurl/admin.php?action=browse&sid=$surveyid&subaction=id&id=".$_SESSION['srid']."\n\n" // Add link to edit individual responses from notification email . $clang->gT("Click the following link to edit the individual response:","unescaped")."\n" . " $homeurl/admin.php?action=dataentry&sid=$surveyid&subaction=edit&surveytable=survey_$surveyid&id=".$_SESSION['srid']."\n\n" . $clang->gT("View statistics by clicking here:","unescaped")."\n" . " $homeurl/admin.php?action=statistics&sid=$surveyid\n\n"; if ($sendnotification > 1) { //Send results as well. Currently just bare-bones - will be extended in later release $message .= "----------------------------\n"; foreach ($_SESSION['insertarray'] as $value) { $questiontitle=strip_tags(html_entity_decode_php4(returnquestiontitlefromfieldcode($value), ENT_QUOTES, "UTF-8")); $message .= "$questiontitle: "; $details = arraySearchByKey($value, createFieldMap($surveyid),"fieldname", 1); if ( $details['type'] == "T" or $details['type'] == "U") { $message .= "\r\n"; if (isset($_SESSION[$value])) { foreach (explode("\n",getextendedanswer($value,$_SESSION[$value])) as $line) { $message .= "\t" . strip_tags(html_entity_decode_php4($line, ENT_QUOTES, "UTF-8")); $message .= "\n"; } } } elseif (isset($_SESSION[$value])) { $message .= strip_tags(html_entity_decode_php4(getextendedanswer($value, $_SESSION[$value],ENT_QUOTES, "UTF-8"))); $message .= "\n"; } } $message .= "\n\n----------------------------\n\n"; } $message.= "LimeSurvey"; $from = $thissurvey['adminname'].' <'.$thissurvey['adminemail'].'>'; if ($recips=explode(";", $thissurvey['adminemail'])) { foreach ($recips as $rc) { if (!MailTextMessage($message, $subject, trim($rc), $from, $sitename, false, getBounceEmail($surveyid))) { if ($debug>0) {echo '
Email could not be sent. Reason: '.$maildebug.'
';} } } } else { if (!MailTextMessage($message, $subject, $thissurvey['adminemail'], $from, $sitename, false, getBounceEmail($surveyid))) { if ($debug>0) {echo '
Email could not be sent. Reason: '.$maildebug.'
';} } } } function submitfailed($errormsg) { global $thissurvey, $clang; global $thistpl, $subquery, $surveyid, $connect; sendcacheheaders(); doHeader(); echo templatereplace(file_get_contents("$thistpl/startpage.pstpl")); $completed = "
" . $clang->gT("Did Not Save")."
\n\n" . $clang->gT("An unexpected error has occurred and your responses cannot be saved.")."
\n"; if ($thissurvey['adminemail']) { $completed .= $clang->gT("Your responses have not been lost and have been emailed to the survey administrator and will be entered into our database at a later point.")."
\n"; $email=$clang->gT("An error occurred saving a response to survey id","unescaped")." ".$thissurvey['name']." - $surveyid\n\n"; $email .= $clang->gT("DATA TO BE ENTERED","unescaped").":\n"; foreach ($_SESSION['insertarray'] as $value) { $email .= "$value: {$_SESSION[$value]}\n"; } $email .= "\n".$clang->gT("SQL CODE THAT FAILED","unescaped").":\n" . "$subquery\n\n" . $clang->gT("ERROR MESSAGE","unescaped").":\n" . $errormsg."\n\n"; MailTextMessage($email, $clang->gT("Error saving results","unescaped"), $thissurvey['adminemail'], $thissurvey['adminemail'], "LimeSurvey", false, getBounceEmail($surveyid)); echo "\n"; //An email has been sent, so we can kill off this session. session_unset(); session_destroy(); } else { $completed .= "".$clang->gT("Try to submit again")."
\n"; $completed .= $subquery; } return $completed; } function buildsurveysession() { // Performance optimized : Nov 22, 2006 // Performance Improvement : 17% // Optimized By : swales global $thissurvey, $secerror, $clienttoken; global $tokensexist, $thistpl; global $surveyid, $dbprefix, $connect; global $register_errormsg, $clang; global $totalBoilerplatequestions; $totalBoilerplatequestions = 0; //This function builds all the required session variables when a survey is first started. //It is called from each various format script (ie: group.php, question.php, survey.php) //if the survey has just begun. This funcion also returns the variable $totalquestions. // NO TOKEN REQUIRED BUT CAPTCHA ENABLED FOR SURVEY ACCESS if ($tokensexist == 0 && captcha_enabled('surveyaccessscreen',$thissurvey['usecaptcha'])) { // IF CAPTCHA ANSWER IS NOT CORRECT OR NOT SET if (!isset($_GET['loadsecurity']) || !isset($_SESSION['secanswer']) || $_GET['loadsecurity'] != $_SESSION['secanswer']) { sendcacheheaders(); doHeader(); // No or bad answer to required security question echo templatereplace(file_get_contents("$thistpl/startpage.pstpl")); //echo makedropdownlist(); echo templatereplace(file_get_contents("$thistpl/survey.pstpl")); if (isset($_GET['loadsecurity'])) { // was a bad answer echo "".$clang->gT("The answer to the security question is incorrect")."
"; } echo "
"; echo templatereplace(file_get_contents("$thistpl/endpage.pstpl")); exit; } } //BEFORE BUILDING A NEW SESSION FOR THIS SURVEY, LET'S CHECK TO MAKE SURE THE SURVEY SHOULD PROCEED! // TOKEN REQUIRED BUT NO TOKEN PROVIDED if ($tokensexist == 1 && !returnglobal('token')) { // DISPLAY REGISTER-PAGE if needed // DISPLAY CAPTCHA if needed sendcacheheaders(); doHeader(); echo templatereplace(file_get_contents("$thistpl/startpage.pstpl")); //echo makedropdownlist(); echo templatereplace(file_get_contents("$thistpl/survey.pstpl")); if (isset($thissurvey) && $thissurvey['allowregister'] == "Y") { echo templatereplace(file_get_contents("$thistpl/register.pstpl")); } else { echo "
"; if (isset($secerror)) echo "".$secerror."
"; echo $clang->gT("This is a controlled survey. You need a valid token to participate.")."
"; echo $clang->gT("If you have been issued a token, please enter it in the box below and click continue.")."
\n" ."\t".$clang->gT("This is a controlled survey. You need a valid token to participate.")."
\n" ."\t".$clang->gT("The token you have provided is either not valid, or has already been used.")."\n" ."\t".$clang->gT("For further information contact")." {$thissurvey['adminname']} " ."(" ."{$thissurvey['adminemail']})
\n" ."\t".$clang->gT("Close this Window")."
\n"; echo templatereplace(file_get_contents("$thistpl/endpage.pstpl")); exit; } } // TOKENS REQUIRED, A TOKEN PROVIDED // SURVEY CAPTCHA REQUIRED elseif ($tokensexist == 1 && returnglobal('token') && captcha_enabled('surveyaccessscreen',$thissurvey['usecaptcha'])) { // IF CAPTCHA ANSWER IS CORRECT if (isset($_GET['loadsecurity']) && isset($_SESSION['secanswer']) && $_GET['loadsecurity'] == $_SESSION['secanswer']) { //check if token actually does exist $tkquery = "SELECT COUNT(*) FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote(trim(sanitize_xss_string(strip_tags(returnglobal('token')))))."' AND (completed = 'N' or completed='')"; $tkresult = db_execute_num($tkquery); //Checked list($tkexist) = $tkresult->FetchRow(); if (!$tkexist) { sendcacheheaders(); doHeader(); //TOKEN DOESN'T EXIST OR HAS ALREADY BEEN USED. EXPLAIN PROBLEM AND EXIT echo templatereplace(file_get_contents("$thistpl/startpage.pstpl")); echo templatereplace(file_get_contents("$thistpl/survey.pstpl")); echo "\t
\n" ."\t".$clang->gT("This is a controlled survey. You need a valid token to participate.")."
\n" ."\t".$clang->gT("The token you have provided is either not valid, or has already been used.")."\n" ."\t".$clang->gT("For further information contact")." {$thissurvey['adminname']} " ."(" ."{$thissurvey['adminemail']})
\n" ."\t".$clang->gT("Close this Window")."
\n"; echo templatereplace(file_get_contents("$thistpl/endpage.pstpl")); exit; } } // IF CAPTCHA ANSWER IS NOT CORRECT else { $gettoken = $clienttoken; sendcacheheaders(); doHeader(); // No or bad answer to required security question echo templatereplace(file_get_contents("$thistpl/startpage.pstpl")); //echo makedropdownlist(); echo templatereplace(file_get_contents("$thistpl/survey.pstpl")); // If token wasn't provided and public registration // is enabled then show registration form if ( !isset($gettoken) && isset($thissurvey) && $thissurvey['allowregister'] == "Y") { echo templatereplace(file_get_contents("$thistpl/register.pstpl")); } else { // only show CAPTCHA echo "
"; if (isset($_GET['loadsecurity'])) { // was a bad answer echo "".$clang->gT("The answer to the security question is incorrect")."
"; } echo $clang->gT("This is a controlled survey. You need a valid token to participate.")."
"; // IF TOKEN HAS BEEN GIVEN THEN AUTOFILL IT // AND HIDE ENTRY FIELD if (!isset($gettoken)) { echo $clang->gT("If you have been issued with a token, please enter it in the box below and click continue.")."