GetRow("SELECT * FROM ".db_table_name('surveys')." WHERE sid=$surveyid");
if (isset($aRow['active']))
{
$surveyexists=true;
if($aRow['active']=='Y')
{
$issurveyactive=true;
}
}
else
{
$surveyexists=false;
}
}
// Compute the Session name
// Session name is based:
// * on this specific limesurvey installation (Value SessionName in DB)
// * on the surveyid (from Get or Post param). If no surveyid is given we are on the public surveys portal
$usquery = "SELECT stg_value FROM ".db_table_name("settings_global")." where stg_name='SessionName'";
$usresult = db_execute_assoc($usquery,'',true); //Checked
if ($usresult)
{
$usrow = $usresult->FetchRow();
$stg_SessionName=$usrow['stg_value'];
if ($surveyid && $surveyexists)
{
@session_name($stg_SessionName.'-runtime-'.$surveyid);
}
else
{
@session_name($stg_SessionName.'-runtime-publicportal');
}
}
else
{
session_name("LimeSurveyRuntime-$surveyid");
}
session_set_cookie_params(0,$relativeurl.'/');
if (!isset($_SESSION) || empty($_SESSION)) // the $_SESSION variable can be empty if register_globals is on
@session_start();
if ( $embedded && $embedded_inc != '' )
{
require_once( $embedded_inc );
}
//CHECK FOR REQUIRED INFORMATION (sid)
if (!$surveyid || !$surveyexists)
{
if(isset($_GET['lang']))
{
$baselang = sanitize_languagecode($_GET['lang']);
}
elseif (!isset($baselang))
{
$baselang=$defaultlang;
}
$clang = new limesurvey_lang($baselang);
$languagechanger = makelanguagechanger();
//Find out if there are any publicly available surveys
$query = "SELECT a.sid, b.surveyls_title, a.publicstatistics,a.language
FROM ".db_table_name('surveys')." AS a
INNER JOIN ".db_table_name('surveys_languagesettings')." AS b
ON ( surveyls_survey_id = a.sid AND surveyls_language = a.language )
WHERE surveyls_survey_id=a.sid
AND surveyls_language=a.language
AND a.active='Y'
AND a.listpublic='Y'
AND ((a.expires >= '".date("Y-m-d H:i")."') OR (a.expires is null))
AND ((a.startdate <= '".date("Y-m-d H:i")."') OR (a.startdate is null))
ORDER BY surveyls_title";
$result = db_execute_assoc($query,false,true) or die("Could not connect to database. If you try to install LimeSurvey please refer to the installation docs and/or contact the system administrator of this webpage."); //Checked
$list=array();
if($result->RecordCount() > 0)
{
while($rows = $result->FetchRow())
{
$sLinkLanguage=$rows['language'];
$result2 = db_execute_assoc("Select surveyls_title from ".db_table_name('surveys_languagesettings')." where surveyls_survey_id={$rows['sid']} and surveyls_language='$baselang'");
if ($result2->RecordCount())
{
$languagedetails=$result2->FetchRow();
$rows['surveyls_title']=$languagedetails['surveyls_title'];
$sLinkLanguage=$baselang;
}
$link = "
";
}
if(!$surveyid)
{
$thissurvey['name']=$sitename;
$nosid=$clang->gT("You have not provided a survey identification number");
}
else
{
$thissurvey['name']=$clang->gT("The survey identification number is invalid");
$nosid=$clang->gT("The survey identification number is invalid");
}
$surveylist=array(
"nosid"=>$clang->gT("You have not provided a survey identification number"),
"contact"=>sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$siteadminname,encodeEmail($siteadminemail)),
"listheading"=>$clang->gT("The following surveys are available:"),
"list"=>implode("\n",$list),
);
$thissurvey['templatedir']=$defaulttemplate;
//A nice exit
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/startpage.pstpl"));
echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/surveylist.pstpl"));
echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/endpage.pstpl"));
doFooter();
exit;
}
if ($clienttoken != '' && isset($_SESSION['token']) &&
$clienttoken != $_SESSION['token'])
{
require_once(dirname(__FILE__).'/classes/core/language.php');
$baselang = GetBaseLanguageFromSurveyID($surveyid);
$clang = new limesurvey_lang($baselang);
// Let's first regenerate a session id
killSession();
// Let's redirect the client to the same URL after having reseted the session
header("Location: $rooturl/index.php?" .$_SERVER['QUERY_STRING']);
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/startpage.pstpl"));
echo "\t
\n"
."\t
\n"
."\t".$clang->gT("Token mismatch")."
\n"
."\t".$clang->gT("The token you provided doesn't match the one in your session.")."
\n"
."\t".$clang->gT("Please wait to begin with a new session.")."
\n"
."\t
\n"
."\t
\n";
echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/endpage.pstpl"));
doFooter();
exit;
}
if (isset($_SESSION['finished']) && $_SESSION['finished'] === true)
{
require_once(dirname(__FILE__).'/classes/core/language.php');
$baselang = GetBaseLanguageFromSurveyID($surveyid);
$clang = new limesurvey_lang($baselang);
// Let's first regenerate a session id
killSession();
// Let's redirect the client to the same URL after having reseted the session
header("Location: $rooturl/index.php?" .$_SERVER['QUERY_STRING']);
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/startpage.pstpl"));
echo "\t
\n"
."\t
\n"
."\t".$clang->gT("Previous session is set to be finished.")."
\n"
."\t".$clang->gT("Your browser reports that it was used previously to answer this survey. We are resetting the session so that you can start from the beginning.")."
\n"
."\t".$clang->gT("Please wait to begin with a new session.")."
\n"
."\t
\n"
."\t
\n";
echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/endpage.pstpl"));
doFooter();
exit;
}
$previewgrp = false;
if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'previewgroup')){
$rightquery="SELECT uid FROM {$dbprefix}survey_permissions WHERE sid=".db_quote($surveyid)." AND uid = ".db_quote($_SESSION['loginID'].' group by uid');
$rightresult = db_execute_assoc($rightquery);
if ($rightresult->RecordCount() > 0 || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
{
$previewgrp = true;
}
}
if (($surveyid &&
$issurveyactive===false && $surveyexists &&
isset ($surveyPreview_require_Auth) &&
$surveyPreview_require_Auth == true) && $previewgrp == false)
{
// admin session and permission have not already been imported
// for this particular survey
if ( !isset($_SESSION['USER_RIGHT_PREVIEW']) ||
$_SESSION['USER_RIGHT_PREVIEW'] != $surveyid)
{
// Store initial session name
$initial_session_name=session_name();
// One way (not implemented here) would be to start the
// user session from a duplicate of the admin session
// - destroy the new session
// - load admin session (with correct session name)
// - close admin session
// - change used session name to default
// - open new session (takes admin session id)
// - regenerate brand new session id for this session
// The solution implemented here is to copy some
// fields from the admin session to the new session
// - first destroy the new (empty) user session
// - then open admin session
// - record interresting values from the admin session
// - duplicate admin session under another name and Id
// - destroy the duplicated admin session
// - start a brand new user session
// - copy interresting values in this user session
@session_destroy(); // make it silent because for
// some strange reasons it fails sometimes
// which is not a problem
// but if it throws an error then future
// session functions won't work because
// headers are already sent.
if (isset($stg_SessionName) && $stg_SessionName)
{
@session_name($stg_SessionName);
}
else
{
session_name("LimeSurveyAdmin");
}
session_start(); // Loads Admin Session
$previewright=false;
$savesessionvars=Array();
if (isset($_SESSION['loginID']))
{
$rightquery="SELECT uid FROM {$dbprefix}survey_permissions WHERE sid=".db_quote($surveyid)." AND uid = ".db_quote($_SESSION['loginID'].' group by uid');
$rightresult = db_execute_assoc($rightquery); //Checked
// Currently it is enough to be listed in the survey
// user operator list to get preview access
if ($rightresult->RecordCount() > 0 || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
{
$previewright=true;
$savesessionvars["USER_RIGHT_PREVIEW"]=$surveyid;
$savesessionvars["loginID"]=$_SESSION['loginID'];
$savesessionvars["user"]=$_SESSION['user'];
}
}
// change session name and id
// then delete this new session
// ==> the original admin session remains valid
// ==> it is possible to start a new session
session_name($initial_session_name);
if ($sessionhandler=='db')
{
adodb_session_regenerate_id();
}
elseif (session_regenerate_id() === false)
{
safe_die("Error Regenerating Session Id");
}
@session_destroy();
// start new session
@session_start();
// regenerate id so that the header geenrated by previous
// regenerate_id is overwritten
// needed after clearall
if ($sessionhandler=='db')
{
adodb_session_regenerate_id();
}
elseif (session_regenerate_id() === false)
{
safe_die("Error Regenerating Session Id");
}
if ( $previewright === true)
{
foreach ($savesessionvars as $sesskey => $sessval)
{
$_SESSION[$sesskey]=$sessval;
}
}
}
else
{ // already authorized
$previewright = true;
}
if ($previewright === false)
{
// print an error message
if (isset($_REQUEST['rootdir']))
{
safe_die('You cannot start this script directly');
}
require_once(dirname(__FILE__).'/classes/core/language.php');
$baselang = GetBaseLanguageFromSurveyID($surveyid);
$clang = new limesurvey_lang($baselang);
//A nice exit
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/startpage.pstpl"));
echo "\t
\n"
."\t
\n"
."\t".$clang->gT("ERROR")."
\n"
."\t".$clang->gT("We are sorry but you don't have permissions to do this.")."
\n"
."\t".sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$siteadminname,encodeEmail($siteadminemail))."
\n"
."\t
\n"
."\t
\n";
echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/endpage.pstpl"));
doFooter();
exit;
}
}
if (isset($_SESSION['srid']))
{
$saved_id = $_SESSION['srid'];
}
if (!isset($_SESSION['s_lang']) && (isset($move)) )
// geez ... a session time out! RUN!
{
if (isset($_REQUEST['rootdir']))
{
safe_die('You cannot start this script directly');
}
require_once(dirname(__FILE__).'/classes/core/language.php');
$baselang = GetBaseLanguageFromSurveyID($surveyid);
$clang = new limesurvey_lang($baselang);
//A nice exit
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/startpage.pstpl"));
echo "\t
\n"
."\t
\n"
."\t".$clang->gT("ERROR")."
\n"
."\t".$clang->gT("We are sorry but your session has expired.")."
\n"
."\t".$clang->gT("Either you have been inactive for too long, you have cookies disabled for your browser, or there were problems with your connection.")."
\n"
."\t".sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$siteadminname,$siteadminemail)."
\n"
."\t
\n"
."\t
\n";
echo templatereplace(file_get_contents(sGetTemplatePath($defaulttemplate)."/endpage.pstpl"));
doFooter();
exit;
};
if (isset($move) && (preg_match('/^changelang_/',$move)))
{
// Then changing language from the language changer
$_POST['lang'] = substr($_POST['move'],11); // since sanitizing $move removes hyphen in languages like de-informal
}
// Set the language of the survey, either from POST, GET parameter of session var
if (isset($_POST['lang']) && $_POST['lang']!='') // this one comes from the language question
{
$templang = sanitize_languagecode($_POST['lang']);
$clang = SetSurveyLanguage( $surveyid, $templang);
UpdateSessionGroupList($templang); // to refresh the language strings in the group list session variable
UpdateFieldArray(); // to refresh question titles and question text
}
else
if (isset($_GET['lang']) && $surveyid)
{
$templang = sanitize_languagecode($_GET['lang']);
$clang = SetSurveyLanguage( $surveyid, $templang);
UpdateSessionGroupList($templang); // to refresh the language strings in the group list session variable
UpdateFieldArray(); // to refresh question titles and question text
}
else
if (isset($_SESSION['s_lang']))
{
$clang = SetSurveyLanguage( $surveyid, $_SESSION['s_lang']);
}
elseif (isset($surveyid) && $surveyid)
{
$baselang = GetBaseLanguageFromSurveyID($surveyid);
$clang = SetSurveyLanguage( $surveyid, $baselang);
}
if (isset($_REQUEST['embedded_inc']))
{
safe_die('You cannot start this script directly');
}
// Get token
if (!isset($token))
{
$token=$clienttoken;
}
//GET BASIC INFORMATION ABOUT THIS SURVEY
$totalBoilerplatequestions =0;
$thissurvey=getSurveyInfo($surveyid, $_SESSION['s_lang']);
if (isset($_GET['newtest']) && $_GET['newtest'] == "Y")
{
//Removes any existing timer cookies so timers will start again
setcookie ("limesurvey_timers", "", time() - 3600);
}
//SEE IF SURVEY USES TOKENS AND GROUP TOKENS
$i = 0; //$tokensexist = 0;
if ($surveyexists == 1 && tableExists('tokens_'.$thissurvey['sid']))
{
$tokensexist = 1;
}
else
{
$tokensexist = 0;
unset ($_POST['token']);
unset ($_GET['token']);
unset($token);
unset($clienttoken);
}
//SET THE TEMPLATE DIRECTORY
if (!$thissurvey['templatedir'])
{
$thistpl=sGetTemplatePath($defaulttemplate);
}
else
{
$thistpl=sGetTemplatePath($thissurvey['templatedir']);
}
//MAKE SURE SURVEY HASN'T EXPIRED
if ($thissurvey['expiry']!='' and date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust)>$thissurvey['expiry'] && $thissurvey['active']!='N')
{
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents("$thistpl/startpage.pstpl"));
echo "\t
\n"
."\t
\n"
."\t".$clang->gT("This survey is no longer available.")."
\n"
."\t".sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$thissurvey['adminname'],$thissurvey['adminemail']).".
\n"
."\t
\n"
."\t
\n";
echo templatereplace(file_get_contents("$thistpl/endpage.pstpl"));
doFooter();
exit;
}
//MAKE SURE SURVEY IS ALREADY VALID
if ($thissurvey['startdate']!='' and date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust)<$thissurvey['startdate'] && $thissurvey['active']!='N')
{
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents("$thistpl/startpage.pstpl"));
echo "\t
\n"
."\t
\n"
."\t".$clang->gT("This survey is not yet started.")."
\n"
."\t".sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$thissurvey['adminname'],$thissurvey['adminemail']).".
\n"
."\t
\n"
."\t
\n";
echo templatereplace(file_get_contents("$thistpl/endpage.pstpl"));
doFooter();
exit;
}
//CHECK FOR PREVIOUSLY COMPLETED COOKIE
//If cookies are being used, and this survey has been completed, a cookie called "PHPSID[sid]STATUS" will exist (ie: SID6STATUS) and will have a value of "COMPLETE"
$cookiename="PHPSID".returnglobal('sid')."STATUS";
if (isset($_COOKIE[$cookiename]) && $_COOKIE[$cookiename] == "COMPLETE" && $thissurvey['usecookie'] == "Y" && $tokensexist != 1 && (!isset($_GET['newtest']) || $_GET['newtest'] != "Y"))
{
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents("$thistpl/startpage.pstpl"));
echo "\t
\n"
."\t
\n"
."\t".$clang->gT("Error")."
\n"
."\t".$clang->gT("You have already completed this survey.")."
\n"
."\t".sprintf($clang->gT("Please contact %s ( %s ) for further assistance."),$thissurvey['adminname'],$thissurvey['adminemail'])."\n"
."\t
\n"
."\t
\n";
echo templatereplace(file_get_contents("$thistpl/endpage.pstpl"));
doFooter();
exit;
}
//CHECK IF SURVEY ID DETAILS HAVE CHANGED
if (isset($_SESSION['oldsid']))
{
$oldsid=$_SESSION['oldsid'];
}
if (!isset($oldsid))
{
$_SESSION['oldsid'] = $surveyid;
}
if (isset($oldsid) && $oldsid && $oldsid != $surveyid)
{
$savesessionvars=Array();
if (isset($_SESSION['USER_RIGHT_PREVIEW']))
{
$savesessionvars["USER_RIGHT_PREVIEW"]=$surveyid;
$savesessionvars["loginID"]=$_SESSION['loginID'];
$savesessionvars["user"]=$_SESSION['user'];
}
session_unset();
$_SESSION['oldsid']=$surveyid;
foreach ($savesessionvars as $sesskey => $sessval)
{
$_SESSION[$sesskey]=$sessval;
}
}
if (isset($_GET['loadall']) && $_GET['loadall'] == "reload")
{
if (returnglobal('loadname') && returnglobal('loadpass'))
{
$_POST['loadall']="reload";
}
}
//LOAD SAVED SURVEY
if (isset($_POST['loadall']) && $_POST['loadall'] == "reload")
{
$errormsg="";
// if (loadname is not set) or if ((loadname is set) and (loadname is NULL))
if (!isset($loadname) || (isset($loadname) && ($loadname == null)))
{
$errormsg .= $clang->gT("You did not provide a name")." \n";
}
// if (loadpass is not set) or if ((loadpass is set) and (loadpass is NULL))
if (!isset($loadpass) || (isset($loadpass) && ($loadpass == null)))
{
$errormsg .= $clang->gT("You did not provide a password")." \n";
}
// if security question answer is incorrect
// Not called if scid is set in GET params (when using email save/reload reminder URL)
if (function_exists("ImageCreate") && captcha_enabled('saveandloadscreen',$thissurvey['usecaptcha']))
{
if ( (!isset($_POST['loadsecurity']) ||
!isset($_SESSION['secanswer']) ||
$_POST['loadsecurity'] != $_SESSION['secanswer']) &&
!isset($_GET['scid']))
{
$errormsg .= $clang->gT("The answer to the security question is incorrect.")." \n";
}
}
// Load session before loading the values from the saved data
if (isset($_GET['loadall']))
{
$totalquestions = buildsurveysession();
}
$_SESSION['holdname']=$loadname; //Session variable used to load answers every page.
$_SESSION['holdpass']=$loadpass; //Session variable used to load answers every page.
if ($errormsg == "") loadanswers();
$move = "movenext";
$_SESSION['LEMreload']=true;
if ($errormsg)
{
$_POST['loadall'] = $clang->gT("Load Unfinished Survey");
}
}
//Allow loading of saved survey
if (isset($_POST['loadall']) && $_POST['loadall'] == $clang->gT("Load Unfinished Survey"))
{
require_once("load.php");
}
//Check if TOKEN is used for EVERY PAGE
//This function fixes a bug where users able to submit two surveys/votes
//by checking that the token has not been used at each page displayed.
// bypass only this check at first page (Step=0) because
// this check is done in buildsurveysession and error message
// could be more interresting there (takes into accound captcha if used)
if ($tokensexist == 1 && isset($token) && $token &&
isset($_SESSION['step']) && $_SESSION['step']>0 && db_tables_exist($dbprefix.'tokens_'.$surveyid))
{
//check if tokens actually haven't been already used
$areTokensUsed = usedTokens(db_quote(trim(strip_tags(returnglobal('token')))));
// check if token actually does exist
// check also if it is allowed to change survey after completion
if ($thissurvey['alloweditaftercompletion'] == 'Y' ) {
$tkquery = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote($token)."' ";
} else {
$tkquery = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote($token)."' AND (completed = 'N' or completed='')";
}
$tkresult = db_execute_num($tkquery); //Checked
$tokendata = $tkresult->FetchRow();
if ($tkresult->RecordCount()==0 || ($areTokensUsed && $thissurvey['alloweditaftercompletion'] != 'Y'))
{
sendcacheheaders();
doHeader();
//TOKEN DOESN'T EXIST OR HAS ALREADY BEEN USED. EXPLAIN PROBLEM AND EXIT
echo templatereplace(file_get_contents("$thistpl/startpage.pstpl"));
echo templatereplace(file_get_contents("$thistpl/survey.pstpl"));
echo "\t
\n"
."\t
\n"
."\t".$clang->gT("This is a controlled survey. You need a valid token to participate.")."
\n"
."\t".$clang->gT("The token you have provided is either not valid, or has already been used.")."\n"
."\t".sprintf($clang->gT("For further information please contact %s"), $thissurvey['adminname']
." ("
."{$thissurvey['adminemail']})")."\n"
."\t
\n"
."\t
\n";
echo templatereplace(file_get_contents("$thistpl/endpage.pstpl"));
killSession();
doFooter();
exit;
}
}
if ($tokensexist == 1 && isset($token) && $token && db_tables_exist($dbprefix.'tokens_'.$surveyid)) //check if token is in a valid time frame
{
// check also if it is allowed to change survey after completion
if ($thissurvey['alloweditaftercompletion'] == 'Y' ) {
$tkquery = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote($token)."' ";
} else {
$tkquery = "SELECT * FROM ".db_table_name('tokens_'.$surveyid)." WHERE token='".db_quote($token)."' AND (completed = 'N' or completed='')";
}
$tkresult = db_execute_assoc($tkquery); //Checked
$tokendata = $tkresult->FetchRow();
if ((trim($tokendata['validfrom'])!='' && $tokendata['validfrom']>date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust)) ||
(trim($tokendata['validuntil'])!='' && $tokendata['validuntil']\n"
."\t
\n"
."\t".$clang->gT("We are sorry but you are not allowed to enter this survey.")."
\n"
."\t".$clang->gT("Your token seems to be valid but can be used only during a certain time period.")." \n"
."\t".sprintf($clang->gT("For further information please contact %s"), $thissurvey['adminname']
." ("
."{$thissurvey['adminemail']})")."\n"
."\t
\n"
."\t\n";
echo templatereplace(file_get_contents("$thistpl/endpage.pstpl"));
doFooter();
killSession();
exit;
}
}
//Clear session and remove the incomplete response if requested.
if (isset($_GET['move']) && $_GET['move'] == "clearall")
{
$s_lang = $_SESSION['s_lang'];
if (isset($_SESSION['srid']) && !isCompleted($surveyid,$_SESSION['srid']))
{
// delete the response but only if not already completed
$result = $connect->query('SELECT id FROM '.db_table_name('survey_'.$surveyid).' WHERE id='.$_SESSION['srid']." AND submitdate IS NULL");
if($result->RecordCount()>0)
{
$connect->query('DELETE FROM '.db_table_name('survey_'.$surveyid).' WHERE id='.$_SESSION['srid']." AND submitdate IS NULL");
// find out if there are any fuqt questions - checked
$fieldmap = createFieldMap($surveyid);
foreach ($fieldmap as $field)
{
if ($field['type'] == "|" && !strpos($field['fieldname'], "_filecount"))
{
if (!isset($qid)) { $qid = array(); }
$qid[] = $field['fieldname'];
}
}
// if yes, extract the response json to those questions
if (isset($qid))
{
$query = "SELECT * FROM ".db_table_name("survey_".$surveyid)." WHERE id=".$_SESSION['srid'];
$result = db_execute_assoc($query);
while ($row = $result->FetchRow())
{
foreach ($qid as $question)
{
$json = $row[$question];
if ($json == "" || $json == NULL)
continue;
// decode them
$phparray = json_decode($json);
foreach ($phparray as $metadata)
{
$target = "{$uploaddir}/surveys/{$surveyid}/files/";
// delete those files
unlink($target.$metadata->filename);
}
}
}
}
// done deleting uploaded files
}
// also delete a record from saved_control when there is one, we can allway do it.
$connect->query('DELETE FROM '.db_table_name('saved_control'). ' WHERE srid='.$_SESSION['srid'].' AND sid='.$surveyid);
}
session_unset();
session_destroy();
setcookie(session_name(),"EXPIRED",time()-120);
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents("$thistpl/startpage.pstpl"));
echo "\n\n\n"
."\t\n\n";
//Present the clear all page using clearall.pstpl template
echo templatereplace(file_get_contents("$thistpl/clearall.pstpl"));
echo templatereplace(file_get_contents("$thistpl/endpage.pstpl"));
doFooter();
exit;
}
if (isset($_GET['newtest']) && $_GET['newtest'] == "Y")
{
$savesessionvars=Array();
if (isset($_SESSION['USER_RIGHT_PREVIEW']))
{
$savesessionvars["USER_RIGHT_PREVIEW"]=$surveyid;
$savesessionvars["loginID"]=$_SESSION['loginID'];
$savesessionvars["user"]=$_SESSION['user'];
}
session_unset();
$_SESSION['oldsid']=$surveyid;
foreach ($savesessionvars as $sesskey => $sessval)
{
$_SESSION[$sesskey]=$sessval;
}
//DELETE COOKIE (allow to use multiple times)
setcookie($cookiename, "INCOMPLETE", time()-120);
//echo "Reset Cookie!";
}
//Check to see if a refering URL has been captured.
GetReferringUrl();
// Let's do this only if
// - a saved answer record hasn't been loaded through the saved feature
// - the survey is not anonymous
// - the survey is active
// - a token information has been provided
// - the survey is setup to allow token-response-persistence
if (!isset($_SESSION['srid']) && $thissurvey['anonymized'] == "N" && $thissurvey['active'] == "Y" && isset($token) && $token !='')
{
// load previous answers if any (dataentry with nosubmit)
$srquery="SELECT id,submitdate,lastpage FROM {$thissurvey['tablename']}"
. " WHERE {$thissurvey['tablename']}.token='".db_quote($token)."' order by id desc";
$result = db_select_limit_assoc($srquery,1);
if ($result->RecordCount()>0)
{
$row=$result->FetchRow();
if(($row['submitdate']=='' && $thissurvey['tokenanswerspersistence'] == 'Y' )|| ($row['submitdate']!='' && $thissurvey['alloweditaftercompletion'] == 'Y'))
{
$_SESSION['srid'] = $row['id'];
if (!is_null($row['lastpage']) && $row['submitdate']=='')
{
$_SESSION['LEMtokenResume'] = true;
$_SESSION['step'] = $row['lastpage'];
}
}
buildsurveysession();
loadanswers();
}
}
if (isset($_REQUEST['action']) && ($_REQUEST['action'] == 'previewgroup')){
$thissurvey['format'] = 'G';
buildsurveysession(true);
}
sendcacheheaders();
//CALL APPROPRIATE SCRIPT
require_once("group.php"); // works for all survey styles - rename to navigation_controller.php?
if (isset($_POST['saveall']) || isset($flashmessage))
{
echo "";
}
function loadanswers()
{
global $dbprefix,$surveyid,$errormsg;
global $thissurvey, $thisstep, $clang;
global $databasetype, $clienttoken;
$scid=returnglobal('scid');
if (isset($_POST['loadall']) && $_POST['loadall'] == "reload")
{
$query = "SELECT * FROM ".db_table_name('saved_control')." INNER JOIN {$thissurvey['tablename']}
ON ".db_table_name('saved_control').".srid = {$thissurvey['tablename']}.id
WHERE ".db_table_name('saved_control').".sid=$surveyid\n";
if (isset($scid)) //Would only come from email
{
$query .= "AND ".db_table_name('saved_control').".scid={$scid}\n";
}
$query .="AND ".db_table_name('saved_control').".identifier = '".auto_escape($_SESSION['holdname'])."' ";
if ($databasetype=='odbc_mssql' || $databasetype=='odbtp' || $databasetype=='mssql_n' || $databasetype=='mssqlnative')
{
$query .="AND CAST(".db_table_name('saved_control').".access_code as varchar(32))= '".md5(auto_unescape($_SESSION['holdpass']))."'\n";
}
else
{
$query .="AND ".db_table_name('saved_control').".access_code = '".md5(auto_unescape($_SESSION['holdpass']))."'\n";
}
}
elseif (isset($_SESSION['srid']))
{
$query = "SELECT * FROM {$thissurvey['tablename']}
WHERE {$thissurvey['tablename']}.id=".$_SESSION['srid']."\n";
}
else
{
return;
}
$result = db_execute_assoc($query) or safe_die ("Error loading results $query ".$connect->ErrorMsg()); //Checked
if ($result->RecordCount() < 1)
{
$errormsg .= $clang->gT("There is no matching saved survey")." \n";
}
else
{
//A match has been found. Let's load the values!
//If this is from an email, build surveysession first
$_SESSION['LEMtokenResume']=true;
$row=$result->FetchRow();
foreach ($row as $column => $value)
{
if ($column == "token")
{
$clienttoken=$value;
$token=$value;
}
elseif ($column == "saved_thisstep" && $thissurvey['alloweditaftercompletion'] != 'Y' )
{
$_SESSION['step']=$value;
$thisstep=$value-1;
}
elseif ($column =='lastpage' && isset($_GET['token']) && $thissurvey['alloweditaftercompletion'] != 'Y' )
{
if ($value<1) $value=1;
$_SESSION['step']=$value;
$thisstep=$value-1;
}
/*
Commented this part out because otherwise startlanguage would overwrite any other language during a running survey.
We will need a new field named 'endlanguage' to save the current language (for example for returning participants)
/the language the survey was completed in.
elseif ($column =='startlanguage')
{
$clang = SetSurveyLanguage( $surveyid, $value);
UpdateSessionGroupList($value); // to refresh the language strings in the group list session variable
UpdateFieldArray(); // to refresh question titles and question text
}*/
elseif ($column == "scid")
{
$_SESSION['scid']=$value;
}
elseif ($column == "srid")
{
$_SESSION['srid']=$value;
}
elseif ($column == "datestamp")
{
$_SESSION['datestamp']=$value;
}
if ($column == "startdate")
{
$_SESSION['startdate']=$value;
}
else
{
//Only make session variables for those in insertarray[]
if (in_array($column, $_SESSION['insertarray']))
{
// if (($_SESSION['fieldmap'][$column]['type'] == 'N' ||
// $_SESSION['fieldmap'][$column]['type'] == 'K' ||
// $_SESSION['fieldmap'][$column]['type'] == 'D') && $value == null)
// { // For type N,K,D NULL in DB is to be considered as NoAnswer in any case.
// // We need to set the _SESSION[field] value to '' in order to evaluate conditions.
// // This is especially important for the deletenonvalue feature,
// // otherwise we would erase any answer with condition such as EQUALS-NO-ANSWER on such
// // question types (NKD)
// $_SESSION[$column]='';
// }
// else
// {
$_SESSION[$column]=$value;
// }
} // if (in_array(
} // else
} // foreach
}
return true;
}
function makegraph($currentstep, $total)
{
global $thissurvey;
global $publicurl, $clang;
$size = intval(($currentstep-1)/$total*100);
$graph = '
'.sprintf($clang->gT('You have completed %s%% of this survey'),$size).'
';
if ($size == 0) // Progress bar looks dumb if 0
{
$graph.='
';
}
return $graph;
}
function makelanguagechanger()
{
global $relativeurl;
if (!isset($surveyid))
{
$surveyid=returnglobal('sid');
}
if (isset($surveyid))
{
$slangs = GetAdditionalLanguagesFromSurveyID($surveyid);
$sBaseLanguage = GetBaseLanguageFromSurveyID($surveyid);
}
// TODO - When is this needed?
$token = sanitize_token(returnglobal('token'));
if ($token != '')
{
$tokenparam = "&token=$token";
}
else
{
$tokenparam = "";
}
$previewgrp = false;
if (isset($_REQUEST['action']))
if ($_REQUEST['action']=='previewgroup')
$previewgrp = true;
if (!empty($slangs))
{
if (isset($_SESSION['s_lang']) && $_SESSION['s_lang'] != '')
{
$lang = sanitize_languagecode($_SESSION['s_lang']);
}
else if(isset($_POST['lang']) && $_POST['lang']!='')
{
$lang = sanitize_languagecode($_POST['lang']);
}
else if (isset($_GET['lang']) && $_GET['lang'] != '')
{
$lang = sanitize_languagecode($_GET['lang']);
}
else
{
$lang = $sBaseLanguage;
}
$slangs[]=$sBaseLanguage;
$aAllLanguages=getLanguageData();
$slangs=array_keys(array_intersect_key($aAllLanguages,array_flip($slangs))); // Sort languages by their locale name
// Changed how language changer works so that posts any currently set values. This also ensures that token (and other) parmeters are also posted.
// $htmlcode ="