GetRow("SELECT * FROM ".db_table_name('surveys')." WHERE sid=$surveyid"); if (isset($aRow['active'])) { $surveyexists=true; if($aRow['active']=='Y') { $issurveyactive=true; } } else { $surveyexists=false; } } // Compute the Session name // Session name is based: // * on this specific limesurvey installation (Value SessionName in DB) // * on the surveyid (from Get or Post param). If no surveyid is given we are on the public surveys portal $usquery = "SELECT stg_value FROM ".db_table_name("settings_global")." where stg_name='SessionName'"; $usresult = db_execute_assoc($usquery,'',true); //Checked if ($usresult) { $usrow = $usresult->FetchRow(); $stg_SessionName=$usrow['stg_value']; if ($surveyid && $surveyexists) { @session_name($stg_SessionName.'-runtime-'.$surveyid); } else { @session_name($stg_SessionName.'-runtime-publicportal'); } } else { session_name("LimeSurveyRuntime-$surveyid"); } session_set_cookie_params(0,$relativeurl.'/'); if (!isset($_SESSION) || empty($_SESSION)) // the $_SESSION variable can be empty if register_globals is on @session_start(); if ( $embedded && $embedded_inc != '' ) { require_once( $embedded_inc ); } //CHECK FOR REQUIRED INFORMATION (sid) if (!$surveyid || !$surveyexists) { if(isset($_GET['lang'])) { $baselang = sanitize_languagecode($_GET['lang']); } elseif (!isset($baselang)) { $baselang=$defaultlang; } $clang = new limesurvey_lang($baselang); $languagechanger = makelanguagechanger(); //Find out if there are any publicly available surveys $query = "SELECT a.sid, b.surveyls_title, a.publicstatistics,a.language FROM ".db_table_name('surveys')." AS a INNER JOIN ".db_table_name('surveys_languagesettings')." AS b ON ( surveyls_survey_id = a.sid AND surveyls_language = a.language ) WHERE surveyls_survey_id=a.sid AND surveyls_language=a.language AND a.active='Y' AND a.listpublic='Y' AND ((a.expires >= '".date("Y-m-d H:i")."') OR (a.expires is null)) AND ((a.startdate <= '".date("Y-m-d H:i")."') OR (a.startdate is null)) ORDER BY surveyls_title"; $result = db_execute_assoc($query,false,true) or die("Could not connect to database. If you try to install LimeSurvey please refer to the installation docs and/or contact the system administrator of this webpage."); //Checked $list=array(); if($result->RecordCount() > 0) { while($rows = $result->FetchRow()) { $sLinkLanguage=$rows['language']; $result2 = db_execute_assoc("Select surveyls_title from ".db_table_name('surveys_languagesettings')." where surveyls_survey_id={$rows['sid']} and surveyls_language='$baselang'"); if ($result2->RecordCount()) { $languagedetails=$result2->FetchRow(); $rows['surveyls_title']=$languagedetails['surveyls_title']; $sLinkLanguage=$baselang; } $link = "
  • \n"; if ($rows['publicstatistics'] == 'Y') $link .= "(".$clang->gT('View statistics').")"; $link .= "
  • \n"; $list[]=$link; } } if(count($list) < 1) { $list[]="
  • ".$clang->gT("No available surveys")."
  • "; } if(!$surveyid) { $thissurvey['name']=$sitename; $nosid=$clang->gT("You have not provided a survey identification number"); } else { $thissurvey['name']=$clang->gT("The survey identification number is invalid"); $nosid=$clang->gT("The survey identification number is invalid"); } $surveylist=array( "nosid"=>$clang->gT("You have not provided a survey identification number"), "contact"=>sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$siteadminname,encodeEmail($siteadminemail)), "listheading"=>$clang->gT("The following surveys are available:"), "list"=>implode("\n",$list), ); $thissurvey['templatedir']=$defaulttemplate; //A nice exit sendcacheheaders(); doHeader(); echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/startpage.pstpl")); echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/surveylist.pstpl")); echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/endpage.pstpl")); doFooter(); exit; } if ($clienttoken != '' && isset($_SESSION['token']) && $clienttoken != $_SESSION['token']) { require_once(dirname(__FILE__).'/classes/core/language.php'); $baselang = GetBaseLanguageFromSurveyID($surveyid); $clang = new limesurvey_lang($baselang); // Let's first regenerate a session id killSession(); // Let's redirect the client to the same URL after having reseted the session header("Location: $rooturl/index.php?" .$_SERVER['QUERY_STRING']); sendcacheheaders(); doHeader(); echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/startpage.pstpl")); echo "\t
    \n" ."\t

    \n" ."\t".$clang->gT("Token mismatch")."

    \n" ."\t".$clang->gT("The token you provided doesn't match the one in your session.")."

    \n" ."\t".$clang->gT("Please wait to begin with a new session.")."

    \n" ."\t

    \n" ."\t
    \n"; echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/endpage.pstpl")); doFooter(); exit; } if (isset($_SESSION['finished']) && $_SESSION['finished'] === true) { require_once(dirname(__FILE__).'/classes/core/language.php'); $baselang = GetBaseLanguageFromSurveyID($surveyid); $clang = new limesurvey_lang($baselang); // Let's first regenerate a session id killSession(); // Let's redirect the client to the same URL after having reseted the session header("Location: $rooturl/index.php?" .$_SERVER['QUERY_STRING']); sendcacheheaders(); doHeader(); echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/startpage.pstpl")); echo "\t
    \n" ."\t

    \n" ."\t".$clang->gT("Previous session is set to be finished.")."

    \n" ."\t".$clang->gT("Your browser reports that it was used previously to answer this survey. We are resetting the session so that you can start from the beginning.")."

    \n" ."\t".$clang->gT("Please wait to begin with a new session.")."

    \n" ."\t

    \n" ."\t
    \n"; echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/endpage.pstpl")); doFooter(); exit; } $previewgrp = false; if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'previewgroup')){ $rightquery="SELECT uid FROM {$dbprefix}survey_permissions WHERE sid=".db_quote($surveyid)." AND uid = ".db_quote($_SESSION['loginID'].' group by uid'); $rightresult = db_execute_assoc($rightquery); if ($rightresult->RecordCount() > 0 || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $previewgrp = true; } } if (($surveyid && $issurveyactive===false && $surveyexists && isset ($surveyPreview_require_Auth) && $surveyPreview_require_Auth == true) && $previewgrp == false) { // admin session and permission have not already been imported // for this particular survey if ( !isset($_SESSION['USER_RIGHT_PREVIEW']) || $_SESSION['USER_RIGHT_PREVIEW'] != $surveyid) { // Store initial session name $initial_session_name=session_name(); // One way (not implemented here) would be to start the // user session from a duplicate of the admin session // - destroy the new session // - load admin session (with correct session name) // - close admin session // - change used session name to default // - open new session (takes admin session id) // - regenerate brand new session id for this session // The solution implemented here is to copy some // fields from the admin session to the new session // - first destroy the new (empty) user session // - then open admin session // - record interresting values from the admin session // - duplicate admin session under another name and Id // - destroy the duplicated admin session // - start a brand new user session // - copy interresting values in this user session @session_destroy(); // make it silent because for // some strange reasons it fails sometimes // which is not a problem // but if it throws an error then future // session functions won't work because // headers are already sent. if (isset($stg_SessionName) && $stg_SessionName) { @session_name($stg_SessionName); } else { session_name("LimeSurveyAdmin"); } session_start(); // Loads Admin Session $previewright=false; $savesessionvars=Array(); if (isset($_SESSION['loginID'])) { $rightquery="SELECT uid FROM {$dbprefix}survey_permissions WHERE sid=".db_quote($surveyid)." AND uid = ".db_quote($_SESSION['loginID'].' group by uid'); $rightresult = db_execute_assoc($rightquery); //Checked // Currently it is enough to be listed in the survey // user operator list to get preview access if ($rightresult->RecordCount() > 0 || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1) { $previewright=true; $savesessionvars["USER_RIGHT_PREVIEW"]=$surveyid; $savesessionvars["loginID"]=$_SESSION['loginID']; $savesessionvars["user"]=$_SESSION['user']; } } // change session name and id // then delete this new session // ==> the original admin session remains valid // ==> it is possible to start a new session session_name($initial_session_name); if ($sessionhandler=='db') { adodb_session_regenerate_id(); } elseif (session_regenerate_id() === false) { safe_die("Error Regenerating Session Id"); } @session_destroy(); // start new session @session_start(); // regenerate id so that the header geenrated by previous // regenerate_id is overwritten // needed after clearall if ($sessionhandler=='db') { adodb_session_regenerate_id(); } elseif (session_regenerate_id() === false) { safe_die("Error Regenerating Session Id"); } if ( $previewright === true) { foreach ($savesessionvars as $sesskey => $sessval) { $_SESSION[$sesskey]=$sessval; } } } else { // already authorized $previewright = true; } if ($previewright === false) { // print an error message if (isset($_REQUEST['rootdir'])) { safe_die('You cannot start this script directly'); } require_once(dirname(__FILE__).'/classes/core/language.php'); $baselang = GetBaseLanguageFromSurveyID($surveyid); $clang = new limesurvey_lang($baselang); //A nice exit sendcacheheaders(); doHeader(); echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/startpage.pstpl")); echo "\t
    \n" ."\t

    \n" ."\t".$clang->gT("ERROR")."

    \n" ."\t".$clang->gT("We are sorry but you don't have permissions to do this.")."

    \n" ."\t".sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$siteadminname,encodeEmail($siteadminemail))."

    \n" ."\t

    \n" ."\t
    \n"; echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/endpage.pstpl")); doFooter(); exit; } } if (isset($_SESSION['srid'])) { $saved_id = $_SESSION['srid']; } if (!isset($_SESSION['s_lang']) && (isset($move)) ) // geez ... a session time out! RUN! { if (isset($_REQUEST['rootdir'])) { safe_die('You cannot start this script directly'); } require_once(dirname(__FILE__).'/classes/core/language.php'); $baselang = GetBaseLanguageFromSurveyID($surveyid); $clang = new limesurvey_lang($baselang); //A nice exit sendcacheheaders(); doHeader(); echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/startpage.pstpl")); echo "\t
    \n" ."\t

    \n" ."\t".$clang->gT("ERROR")."

    \n" ."\t".$clang->gT("We are sorry but your session has expired.")."

    \n" ."\t".$clang->gT("Either you have been inactive for too long, you have cookies disabled for your browser, or there were problems with your connection.")."

    \n" ."\t".sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$siteadminname,$siteadminemail)."

    \n" ."\t

    \n" ."\t
    \n"; echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/endpage.pstpl")); doFooter(); exit; }; if (isset($move) && (preg_match('/^changelang_/',$move))) { // Then changing language from the language changer $_POST['lang'] = substr($_POST['move'],11); // since sanitizing $move removes hyphen in languages like de-informal } // Set the language of the survey, either from POST, GET parameter of session var if (isset($_POST['lang']) && $_POST['lang']!='') // this one comes from the language question { $templang = sanitize_languagecode($_POST['lang']); $clang = SetSurveyLanguage( $surveyid, $templang); UpdateSessionGroupList($templang); // to refresh the language strings in the group list session variable UpdateFieldArray(); // to refresh question titles and question text } else if (isset($_GET['lang']) && $surveyid) { $templang = sanitize_languagecode($_GET['lang']); $clang = SetSurveyLanguage( $surveyid, $templang); UpdateSessionGroupList($templang); // to refresh the language strings in the group list session variable UpdateFieldArray(); // to refresh question titles and question text } else if (isset($_SESSION['s_lang'])) { $clang = SetSurveyLanguage( $surveyid, $_SESSION['s_lang']); } elseif (isset($surveyid) && $surveyid) { $baselang = GetBaseLanguageFromSurveyID($surveyid); $clang = SetSurveyLanguage( $surveyid, $baselang); } if (isset($_REQUEST['embedded_inc'])) { safe_die('You cannot start this script directly'); } // Get token if (!isset($token)) { $token=$clienttoken; } //GET BASIC INFORMATION ABOUT THIS SURVEY $totalBoilerplatequestions =0; $thissurvey=getSurveyInfo($surveyid, $_SESSION['s_lang']); if (isset($_GET['newtest']) && $_GET['newtest'] == "Y") { //Removes any existing timer cookies so timers will start again setcookie ("limesurvey_timers", "", time() - 3600); } //SEE IF SURVEY USES TOKENS AND GROUP TOKENS $i = 0; //$tokensexist = 0; if ($surveyexists == 1 && tableExists('tokens_'.$thissurvey['sid'])) { $tokensexist = 1; } else { $tokensexist = 0; unset ($_POST['token']); unset ($_GET['token']); unset($token); unset($clienttoken); } //SET THE TEMPLATE DIRECTORY if (!$thissurvey['templatedir']) { $thistpl=sGetTemplatePath($defaulttemplate); } else { $thistpl=sGetTemplatePath($thissurvey['templatedir']); } //MAKE SURE SURVEY HASN'T EXPIRED if ($thissurvey['expiry']!='' and date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust)>$thissurvey['expiry'] && $thissurvey['active']!='N') { sendcacheheaders(); doHeader(); echo templatereplace(file_get_contents("$thistpl/startpage.pstpl")); echo "\t
    \n" ."\t

    \n" ."\t".$clang->gT("This survey is no longer available.")."

    \n" ."\t".sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$thissurvey['adminname'],$thissurvey['adminemail']).".

    \n" ."\t

    \n" ."\t
    \n"; echo templatereplace(file_get_contents("$thistpl/endpage.pstpl")); doFooter(); exit; } //MAKE SURE SURVEY IS ALREADY VALID if ($thissurvey['startdate']!='' and date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust)<$thissurvey['startdate'] && $thissurvey['active']!='N') { sendcacheheaders(); doHeader(); echo templatereplace(file_get_contents("$thistpl/startpage.pstpl")); echo "\t
    \n" ."\t

    \n" ."\t".$clang->gT("This survey is not yet started.")."

    \n" ."\t".sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$thissurvey['adminname'],$thissurvey['adminemail']).".

    \n" ."\t

    \n" ."\t
    \n"; echo templatereplace(file_get_contents("$thistpl/endpage.pstpl")); doFooter(); exit; } //CHECK FOR PREVIOUSLY COMPLETED COOKIE //If cookies are being used, and this survey has been completed, a cookie called "PHPSID[sid]STATUS" will exist (ie: SID6STATUS) and will have a value of "COMPLETE" $cookiename="PHPSID".returnglobal('sid')."STATUS"; if (isset($_COOKIE[$cookiename]) && $_COOKIE[$cookiename] == "COMPLETE" && $thissurvey['usecookie'] == "Y" && $tokensexist != 1 && (!isset($_GET['newtest']) || $_GET['newtest'] != "Y")) { sendcacheheaders(); doHeader(); echo templatereplace(file_get_contents("$thistpl/startpage.pstpl")); echo "\t
    \n" ."\t

    \n" ."\t".$clang->gT("Error")."

    \n" ."\t".$clang->gT("You have already completed this survey.")."

    \n" ."\t".sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$thissurvey['adminname'],$thissurvey['adminemail'])."\n" ."\t

    \n" ."\t
    \n"; echo templatereplace(file_get_contents("$thistpl/endpage.pstpl")); doFooter(); exit; } //CHECK IF SURVEY ID DETAILS HAVE CHANGED if (isset($_SESSION['oldsid'])) { $oldsid=$_SESSION['oldsid']; } if (!isset($oldsid)) { $_SESSION['oldsid'] = $surveyid; } if (isset($oldsid) && $oldsid && $oldsid != $surveyid) { $savesessionvars=Array(); if (isset($_SESSION['USER_RIGHT_PREVIEW'])) { $savesessionvars["USER_RIGHT_PREVIEW"]=$surveyid; $savesessionvars["loginID"]=$_SESSION['loginID']; $savesessionvars["user"]=$_SESSION['user']; } session_unset(); $_SESSION['oldsid']=$surveyid; foreach ($savesessionvars as $sesskey => $sessval) { $_SESSION[$sesskey]=$sessval; } } if (isset($_GET['loadall']) && $_GET['loadall'] == "reload") { if (returnglobal('loadname') && returnglobal('loadpass')) { $_POST['loadall']="reload"; } } //LOAD SAVED SURVEY if (isset($_POST['loadall']) && $_POST['loadall'] == "reload") { $errormsg=""; // if (loadname is not set) or if ((loadname is set) and (loadname is NULL)) if (!isset($loadname) || (isset($loadname) && ($loadname == null))) { $errormsg .= $clang->gT("You did not provide a name")."
    \n"; } // if (loadpass is not set) or if ((loadpass is set) and (loadpass is NULL)) if (!isset($loadpass) || (isset($loadpass) && ($loadpass == null))) { $errormsg .= $clang->gT("You did not provide a password")."
    \n"; } // if security question answer is incorrect // Not called if scid is set in GET params (when using email save/reload reminder URL) if (function_exists("ImageCreate") && captcha_enabled('saveandloadscreen',$thissurvey['usecaptcha'])) { if ( (!isset($_POST['loadsecurity']) || !isset($_SESSION['secanswer']) || $_POST['loadsecurity'] != $_SESSION['secanswer']) && !isset($_GET['scid'])) { $errormsg .= $clang->gT("The answer to the security question is incorrect.")."
    \n"; } } // Load session before loading the values from the saved data if (isset($_GET['loadall'])) { $totalquestions = buildsurveysession(); } $_SESSION['holdname']=$loadname; //Session variable used to load answers every page. $_SESSION['holdpass']=$loadpass; //Session variable used to load answers every page. if ($errormsg == "") loadanswers(); $move = "movenext"; $_SESSION['LEMreload']=true; if ($errormsg) { $_POST['loadall'] = $clang->gT("Load Unfinished Survey"); } } //Allow loading of saved survey if (isset($_POST['loadall']) && $_POST['loadall'] == $clang->gT("Load Unfinished Survey")) { require_once("load.php"); } //Check if TOKEN is used for EVERY PAGE //This function fixes a bug where users able to submit two surveys/votes //by checking that the token has not been used at each page displayed. // bypass only this check at first page (Step=0) because // this check is done in buildsurveysession and error message // could be more interresting there (takes into accound captcha if used) if ($tokensexist == 1 && isset($token) && $token && isset($_SESSION['step']) && $_SESSION['step']>0 && db_tables_exist($dbprefix.'tokens_'.$surveyid)) { //check if tokens actually haven't been already used $areTokensUsed = usedTokens(db_quote(trim(strip_tags(returnglobal('token'))))); // check if token actually does exist // check also if it is allowed to change survey after completion if ($thissurvey['alloweditaftercompletion'] == 'Y' ) { $tkquery = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote($token)."' "; } else { $tkquery = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote($token)."' AND (completed = 'N' or completed='')"; } $tkresult = db_execute_num($tkquery); //Checked $tokendata = $tkresult->FetchRow(); if ($tkresult->RecordCount()==0 || ($areTokensUsed && $thissurvey['alloweditaftercompletion'] != 'Y')) { sendcacheheaders(); doHeader(); //TOKEN DOESN'T EXIST OR HAS ALREADY BEEN USED. EXPLAIN PROBLEM AND EXIT echo templatereplace(file_get_contents("$thistpl/startpage.pstpl")); echo templatereplace(file_get_contents("$thistpl/survey.pstpl")); echo "\t
    \n" ."\t

    \n" ."\t".$clang->gT("This is a controlled survey. You need a valid token to participate.")."

    \n" ."\t".$clang->gT("The token you have provided is either not valid, or has already been used.")."\n" ."\t".sprintf($clang->gT("For further information please contact %s"), $thissurvey['adminname'] ." (" ."{$thissurvey['adminemail']})")."\n" ."\t

    \n" ."\t
    \n"; echo templatereplace(file_get_contents("$thistpl/endpage.pstpl")); killSession(); doFooter(); exit; } } if ($tokensexist == 1 && isset($token) && $token && db_tables_exist($dbprefix.'tokens_'.$surveyid)) //check if token is in a valid time frame { // check also if it is allowed to change survey after completion if ($thissurvey['alloweditaftercompletion'] == 'Y' ) { $tkquery = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote($token)."' "; } else { $tkquery = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote($token)."' AND (completed = 'N' or completed='')"; } $tkresult = db_execute_assoc($tkquery); //Checked $tokendata = $tkresult->FetchRow(); if ((trim($tokendata['validfrom'])!='' && $tokendata['validfrom']>date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust)) || (trim($tokendata['validuntil'])!='' && $tokendata['validuntil']\n" ."\t

    \n" ."\t".$clang->gT("We are sorry but you are not allowed to enter this survey.")."

    \n" ."\t".$clang->gT("Your token seems to be valid but can be used only during a certain time period.")."
    \n" ."\t".sprintf($clang->gT("For further information please contact %s"), $thissurvey['adminname'] ." (" ."{$thissurvey['adminemail']})")."\n" ."\t

    \n" ."\t\n"; echo templatereplace(file_get_contents("$thistpl/endpage.pstpl")); doFooter(); killSession(); exit; } } //Clear session and remove the incomplete response if requested. if (isset($_GET['move']) && $_GET['move'] == "clearall") { $s_lang = $_SESSION['s_lang']; if (isset($_SESSION['srid']) && !isCompleted($surveyid,$_SESSION['srid'])) { // delete the response but only if not already completed $result = $connect->query('SELECT id FROM '.db_table_name('survey_'.$surveyid).' WHERE id='.$_SESSION['srid']." AND submitdate IS NULL"); if($result->RecordCount()>0) { $connect->query('DELETE FROM '.db_table_name('survey_'.$surveyid).' WHERE id='.$_SESSION['srid']." AND submitdate IS NULL"); // find out if there are any fuqt questions - checked $fieldmap = createFieldMap($surveyid); foreach ($fieldmap as $field) { if ($field['type'] == "|" && !strpos($field['fieldname'], "_filecount")) { if (!isset($qid)) { $qid = array(); } $qid[] = $field['fieldname']; } } // if yes, extract the response json to those questions if (isset($qid)) { $query = "SELECT * FROM ".db_table_name("survey_".$surveyid)." WHERE id=".$_SESSION['srid']; $result = db_execute_assoc($query); while ($row = $result->FetchRow()) { foreach ($qid as $question) { $json = $row[$question]; if ($json == "" || $json == NULL) continue; // decode them $phparray = json_decode($json); foreach ($phparray as $metadata) { $target = "{$uploaddir}/surveys/{$surveyid}/files/"; // delete those files unlink($target.$metadata->filename); } } } } // done deleting uploaded files } // also delete a record from saved_control when there is one, we can allway do it. $connect->query('DELETE FROM '.db_table_name('saved_control'). ' WHERE srid='.$_SESSION['srid'].' AND sid='.$surveyid); } session_unset(); session_destroy(); setcookie(session_name(),"EXPIRED",time()-120); sendcacheheaders(); doHeader(); echo templatereplace(file_get_contents("$thistpl/startpage.pstpl")); echo "\n\n\n" ."\t\n\n"; //Present the clear all page using clearall.pstpl template echo templatereplace(file_get_contents("$thistpl/clearall.pstpl")); echo templatereplace(file_get_contents("$thistpl/endpage.pstpl")); doFooter(); exit; } if (isset($_GET['newtest']) && $_GET['newtest'] == "Y") { $savesessionvars=Array(); if (isset($_SESSION['USER_RIGHT_PREVIEW'])) { $savesessionvars["USER_RIGHT_PREVIEW"]=$surveyid; $savesessionvars["loginID"]=$_SESSION['loginID']; $savesessionvars["user"]=$_SESSION['user']; } session_unset(); $_SESSION['oldsid']=$surveyid; foreach ($savesessionvars as $sesskey => $sessval) { $_SESSION[$sesskey]=$sessval; } //DELETE COOKIE (allow to use multiple times) setcookie($cookiename, "INCOMPLETE", time()-120); //echo "Reset Cookie!"; } //Check to see if a refering URL has been captured. GetReferringUrl(); // Let's do this only if // - a saved answer record hasn't been loaded through the saved feature // - the survey is not anonymous // - the survey is active // - a token information has been provided // - the survey is setup to allow token-response-persistence if (!isset($_SESSION['srid']) && $thissurvey['anonymized'] == "N" && $thissurvey['active'] == "Y" && isset($token) && $token !='') { // load previous answers if any (dataentry with nosubmit) $srquery="SELECT id,submitdate,lastpage FROM {$thissurvey['tablename']}" . " WHERE {$thissurvey['tablename']}.token='".db_quote($token)."' order by id desc"; $result = db_select_limit_assoc($srquery,1); if ($result->RecordCount()>0) { $row=$result->FetchRow(); if(($row['submitdate']=='' && $thissurvey['tokenanswerspersistence'] == 'Y' )|| ($row['submitdate']!='' && $thissurvey['alloweditaftercompletion'] == 'Y')) { $_SESSION['srid'] = $row['id']; if (!is_null($row['lastpage']) && $row['submitdate']=='') { $_SESSION['LEMtokenResume'] = true; $_SESSION['step'] = $row['lastpage']; } } buildsurveysession(); loadanswers(); } } if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'previewgroup')){ $thissurvey['format'] = 'G'; buildsurveysession(true); } sendcacheheaders(); //CALL APPROPRIATE SCRIPT require_once("group.php"); // works for all survey styles - rename to navigation_controller.php? if (isset($_POST['saveall']) || isset($flashmessage)) { echo ""; } function loadanswers() { global $dbprefix,$surveyid,$errormsg; global $thissurvey, $thisstep, $clang; global $databasetype, $clienttoken; $scid=returnglobal('scid'); if (isset($_POST['loadall']) && $_POST['loadall'] == "reload") { $query = "SELECT * FROM ".db_table_name('saved_control')." INNER JOIN {$thissurvey['tablename']} ON ".db_table_name('saved_control').".srid = {$thissurvey['tablename']}.id WHERE ".db_table_name('saved_control').".sid=$surveyid\n"; if (isset($scid)) //Would only come from email { $query .= "AND ".db_table_name('saved_control').".scid={$scid}\n"; } $query .="AND ".db_table_name('saved_control').".identifier = '".auto_escape($_SESSION['holdname'])."' "; if ($databasetype=='odbc_mssql' || $databasetype=='odbtp' || $databasetype=='mssql_n' || $databasetype=='mssqlnative') { $query .="AND CAST(".db_table_name('saved_control').".access_code as varchar(32))= '".md5(auto_unescape($_SESSION['holdpass']))."'\n"; } else { $query .="AND ".db_table_name('saved_control').".access_code = '".md5(auto_unescape($_SESSION['holdpass']))."'\n"; } } elseif (isset($_SESSION['srid'])) { $query = "SELECT * FROM {$thissurvey['tablename']} WHERE {$thissurvey['tablename']}.id=".$_SESSION['srid']."\n"; } else { return; } $result = db_execute_assoc($query) or safe_die ("Error loading results
    $query
    ".$connect->ErrorMsg()); //Checked if ($result->RecordCount() < 1) { $errormsg .= $clang->gT("There is no matching saved survey")."
    \n"; } else { //A match has been found. Let's load the values! //If this is from an email, build surveysession first $_SESSION['LEMtokenResume']=true; $row=$result->FetchRow(); foreach ($row as $column => $value) { if ($column == "token") { $clienttoken=$value; $token=$value; } elseif ($column == "saved_thisstep" && $thissurvey['alloweditaftercompletion'] != 'Y' ) { $_SESSION['step']=$value; $thisstep=$value-1; } elseif ($column =='lastpage' && isset($_GET['token']) && $thissurvey['alloweditaftercompletion'] != 'Y' ) { if ($value<1) $value=1; $_SESSION['step']=$value; $thisstep=$value-1; } /* Commented this part out because otherwise startlanguage would overwrite any other language during a running survey. We will need a new field named 'endlanguage' to save the current language (for example for returning participants) /the language the survey was completed in. elseif ($column =='startlanguage') { $clang = SetSurveyLanguage( $surveyid, $value); UpdateSessionGroupList($value); // to refresh the language strings in the group list session variable UpdateFieldArray(); // to refresh question titles and question text }*/ elseif ($column == "scid") { $_SESSION['scid']=$value; } elseif ($column == "srid") { $_SESSION['srid']=$value; } elseif ($column == "datestamp") { $_SESSION['datestamp']=$value; } if ($column == "startdate") { $_SESSION['startdate']=$value; } else { //Only make session variables for those in insertarray[] if (in_array($column, $_SESSION['insertarray'])) { // if (($_SESSION['fieldmap'][$column]['type'] == 'N' || // $_SESSION['fieldmap'][$column]['type'] == 'K' || // $_SESSION['fieldmap'][$column]['type'] == 'D') && $value == null) // { // For type N,K,D NULL in DB is to be considered as NoAnswer in any case. // // We need to set the _SESSION[field] value to '' in order to evaluate conditions. // // This is especially important for the deletenonvalue feature, // // otherwise we would erase any answer with condition such as EQUALS-NO-ANSWER on such // // question types (NKD) // $_SESSION[$column]=''; // } // else // { $_SESSION[$column]=$value; // } } // if (in_array( } // else } // foreach } return true; } function makegraph($currentstep, $total) { global $thissurvey; global $publicurl, $clang; $size = intval(($currentstep-1)/$total*100); $graph = '
    '.sprintf($clang->gT('You have completed %s%% of this survey'),$size).'
    '; if (getLanguageRTL($clang->langcode)) { $graph.='100%'; } else { $graph.='0%'; } $graph.='
    '; if (getLanguageRTL($clang->langcode)) { $graph.='0%'; } else { $graph.='100%'; } $graph.='
    '; if ($size == 0) // Progress bar looks dumb if 0 { $graph.=' '; } return $graph; } function makelanguagechanger() { global $relativeurl; if (!isset($surveyid)) { $surveyid=returnglobal('sid'); } if (isset($surveyid)) { $slangs = GetAdditionalLanguagesFromSurveyID($surveyid); $sBaseLanguage = GetBaseLanguageFromSurveyID($surveyid); } // TODO - When is this needed? $token = sanitize_token(returnglobal('token')); if ($token != '') { $tokenparam = "&token=$token"; } else { $tokenparam = ""; } $previewgrp = false; if (isset($_REQUEST['action'])) if ($_REQUEST['action']=='previewgroup') $previewgrp = true; if (!empty($slangs)) { if (isset($_SESSION['s_lang']) && $_SESSION['s_lang'] != '') { $lang = sanitize_languagecode($_SESSION['s_lang']); } else if(isset($_POST['lang']) && $_POST['lang']!='') { $lang = sanitize_languagecode($_POST['lang']); } else if (isset($_GET['lang']) && $_GET['lang'] != '') { $lang = sanitize_languagecode($_GET['lang']); } else { $lang = $sBaseLanguage; } $slangs[]=$sBaseLanguage; $aAllLanguages=getLanguageData(); $slangs=array_keys(array_intersect_key($aAllLanguages,array_flip($slangs))); // Sort languages by their locale name // Changed how language changer works so that posts any currently set values. This also ensures that token (and other) parmeters are also posted. // $htmlcode ="\n"; $sAddToURL = ""; $sTargetURL = "$relativeurl/index.php"; if ($previewgrp){ $sAddToURL = "&action=previewgroup&gid={$_REQUEST['gid']}"; $sTargetURL = ""; } foreach ($slangs as $otherlang) { // $htmlcode .= "\t