Chamilo is a learning management system focused on ease of use and accessibility
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
chamilo-lms/main/survey/survey.download.inc.php

132 lines
4.3 KiB

<?php
/*
DOKEOS - elearning and course management software
For a full list of contributors, see documentation/credits.html
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
See "documentation/licence.html" more details.
Contact:
Dokeos
Rue des Palais 44 Paleizenstraat
B-1030 Brussels - Belgium
Tel. +32 (2) 211 34 56
*/
/**
* @package dokeos.survey
* @author Arnaud Ligot <arnaud@cblue.be>
* @version $Id: $
*
* small peace code to enable user to access images included into survey
* which are accessible by non authenticated users. This file is included
* by document/download.php
*/
function check_download_survey($course, $invitation, $doc_url) {
require_once('survey.lib.php');
require_once (api_get_path(LIBRARY_PATH)."/course.lib.php");
// getting all the course information
$_course = CourseManager::get_course_information($course);
// Database table definitions
$table_survey = Database :: get_course_table(TABLE_SURVEY, $_course['db_name']);
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION, $_course['db_name']);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION, $_course['db_name']);
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION, $_course['db_name']);
// now we check if the invitationcode is valid
$sql = "SELECT * FROM $table_survey_invitation WHERE invitation_code = '".Database::escape_string($invitation)."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) < 1)
{
Display :: display_error_message(get_lang('WrongInvitationCode'), false);
Display :: display_footer();
exit;
}
$survey_invitation = mysql_fetch_assoc($result);
// now we check if the user already filled the survey
if ($survey_invitation['answered'] == 1)
{
Display :: display_error_message(get_lang('YouAlreadyFilledThisSurvey'), false);
Display :: display_footer();
exit;
}
// very basic security check: check if a text field from a survey/answer/option contains the name of the document requested
//////////////
// fetch survey ID
//////////////
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE code='".Database::escape_string($survey_invitation['survey_code'])."'";
$result = api_sql_query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) > 1)
{
if ($_POST['language'])
{
$survey_invitation['survey_id'] = $_POST['language'];
}
else
{
echo '<form id="language" name="language" method="POST" action="'.api_get_self().'?course='.$_GET['course'].'&invitationcode='.$_GET['invitationcode'].'">';
echo ' <select name="language">';
while ($row=mysql_fetch_assoc($result))
{
echo '<option value="'.$row['survey_id'].'">'.$row['lang'].'</option>';
}
echo '</select>';
echo ' <input type="submit" name="Submit" value="'.get_lang('Ok').'" />';
echo '</form>';
display::display_footer();
exit;
}
}
else
{
$row=mysql_fetch_assoc($result);
$survey_invitation['survey_id'] = $row['survey_id'];
}
$sql = "select count(*) from $table_survey where survey_id = ".$survey_invitation['survey_id']."
and (
title LIKE '%$doc_url%'
or subtitle LIKE '%$doc_url%'
or intro LIKE '%$doc_url%'
or surveythanks LIKE '%$doc_url%'
)
union select count(*) from $table_survey_question where survey_id = ".$survey_invitation['survey_id']."
and (
survey_question LIKE '%$doc_url%'
or survey_question_comment LIKE '%$doc_url%'
)
union select count(*) from $table_survey_question_option where survey_id = ".$survey_invitation['survey_id']."
and (
option_text LIKE '%$doc_url%'
)";
$result = api_sql_query($sql, __FILE__, __LINE__);
if (mysql_num_rows($result) == 0)
{
Display :: display_error_message(get_lang('WrongInvitationCode'), false);
Display :: display_footer();
exit;
}
return $_course;
}
?>