diff --git a/main/survey/question.php b/main/survey/question.php
index 791ddb7172..eab7c00ed5 100755
--- a/main/survey/question.php
+++ b/main/survey/question.php
@@ -19,10 +19,13 @@ $(document).ready( function() {
/** @todo this has to be moved to a more appropriate place (after the display_header of the code)*/
if (!api_is_allowed_to_edit(false, true)) {
- Display :: display_header();
- Display :: display_error_message(get_lang('NotAllowed'), false);
- Display :: display_footer();
- exit;
+ api_not_allowed(true);
+}
+
+// Getting the survey information
+$surveyData = SurveyManager::get_survey($_GET['survey_id']);
+if (empty($surveyData)) {
+ api_not_allowed(true);
}
// Is valid request
@@ -32,40 +35,27 @@ $is_valid_request = isset($_REQUEST['is_executable']) ? $_REQUEST['is_executable
$table_survey = Database:: get_course_table(TABLE_SURVEY);
$table_survey_question = Database:: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database:: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
-
$table_course = Database:: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database:: get_main_table(TABLE_MAIN_USER);
-
$course_id = api_get_course_int_id();
-
-// Getting the survey information
-$surveyData = SurveyManager::get_survey($_GET['survey_id']);
-
-if (empty($surveyData)) {
- Display :: display_header(get_lang('ToolSurvey'));
- Display :: display_error_message(get_lang('InvallidSurvey'), false);
- Display :: display_footer();
- exit;
-}
-
$urlname = api_substr(api_html_entity_decode($surveyData['title'], ENT_QUOTES), 0, 40);
if (api_strlen(strip_tags($surveyData['title'])) > 40) {
- $urlname .= '...';
+ $urlname .= '...';
}
if ($surveyData['survey_type'] == 1) {
- $sql = 'SELECT id FROM '.Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP).'
- WHERE
+ $sql = 'SELECT id FROM '.Database :: get_course_table(TABLE_SURVEY_QUESTION_GROUP).'
+ WHERE
c_id = '.$course_id.' AND
survey_id = '.(int)$_GET['survey_id'].' LIMIT 1';
- $rs = Database::query($sql);
- if (Database::num_rows($rs)===0) {
+ $rs = Database::query($sql);
+ if (Database::num_rows($rs)===0) {
Display::addFlash(
Display::return_message(get_lang('YouNeedToCreateGroups'))
);
- header('Location: '.api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.(int)$_GET['survey_id']);
- exit;
- }
+ header('Location: '.api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.(int)$_GET['survey_id']);
+ exit;
+ }
}
// Breadcrumbs
@@ -155,8 +145,8 @@ $surveyQuestion->getForm()->setDefaults($formData);
$surveyQuestion->renderForm();
if ($surveyQuestion->getForm()->validate()) {
- $values = $surveyQuestion->getForm()->getSubmitValues();
- $surveyQuestion->save($surveyData, $values);
+ $values = $surveyQuestion->getForm()->getSubmitValues();
+ $surveyQuestion->save($surveyData, $values);
}
Display::display_header($tool_name, 'Survey');
diff --git a/main/survey/reporting.php b/main/survey/reporting.php
index 7f3491e429..145720d630 100755
--- a/main/survey/reporting.php
+++ b/main/survey/reporting.php
@@ -76,6 +76,10 @@ $people_filled = SurveyManager::get_people_who_filled_survey(
SurveyUtil::check_parameters($people_filled);
$survey_data = SurveyManager::get_survey($survey_id);
+// Getting the survey information
+if (empty($survey_data)) {
+ api_not_allowed(true);
+}
$isDrhOfCourse = CourseManager::isUserSubscribedInCourseAsDrh(
api_get_user_id(),
@@ -98,16 +102,6 @@ if (!api_is_allowed_to_edit(false, true) || $isDrhOfCourse) {
// Database table definitions
$table_course = Database:: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database:: get_main_table(TABLE_MAIN_USER);
-
-// Getting the survey information
-
-if (empty($survey_data)) {
- Display :: display_header(get_lang('ToolSurvey'));
- Display :: display_error_message(get_lang('InvallidSurvey'), false);
- Display :: display_footer();
- exit;
-}
-
$urlname = strip_tags(api_substr(api_html_entity_decode($survey_data['title'], ENT_QUOTES), 0, 40));
if (api_strlen(strip_tags($survey_data['title'])) > 40) {
$urlname .= '...';
diff --git a/main/survey/survey.php b/main/survey/survey.php
index 53ec7af337..0ea7ec207c 100755
--- a/main/survey/survey.php
+++ b/main/survey/survey.php
@@ -55,51 +55,44 @@ $interbreadcrumb[] = array(
// Getting the survey information
if (!empty($_GET['survey_id'])) {
- $course_code = api_get_course_id();
- if ($course_code!=-1) {
- $survey_data = SurveyManager::get_survey($survey_id);
- } else {
- Display :: display_header(get_lang('ToolSurvey'));
- Display :: display_error_message(get_lang('NotAllowed'), false);
- Display :: display_footer();
- exit;
- }
+ $course_code = api_get_course_id();
+ if ($course_code!=-1) {
+ $survey_data = SurveyManager::get_survey($survey_id);
+ } else {
+ api_not_allowed(true);
+ }
} else {
- Display :: display_header(get_lang('ToolSurvey'));
- Display :: display_error_message(get_lang('NotAllowed'), false);
- Display :: display_footer();
- exit;
+ api_not_allowed(true);
}
$tool_name = strip_tags($survey_data['title']);
-
$is_survey_type_1 = $survey_data['survey_type'] == 1;
if (api_strlen(strip_tags($survey_data['title'])) > 40) {
- $tool_name .= '...';
+ $tool_name .= '...';
}
if ($is_survey_type_1 && ($action == 'addgroup' || $action == 'deletegroup')) {
- $_POST['name'] = trim($_POST['name']);
- if ($action == 'addgroup') {
- if (!empty($_POST['group_id'])) {
- Database::query('UPDATE '.$table_survey_question_group.' SET description = \''.Database::escape_string($_POST['description']).'\'
- WHERE c_id = '.$course_id.' AND id = \''.Database::escape_string($_POST['group_id']).'\'');
- $sendmsg = 'GroupUpdatedSuccessfully';
- } elseif(!empty($_POST['name'])) {
- Database::query('INSERT INTO '.$table_survey_question_group.' (c_id, name,description,survey_id) values ('.$course_id.', \''.Database::escape_string($_POST['name']).'\',\''.Database::escape_string($_POST['description']).'\',\''.Database::escape_string($survey_id).'\') ');
- $sendmsg = 'GroupCreatedSuccessfully';
- } else {
- $sendmsg = 'GroupNeedName';
- }
- }
+ $_POST['name'] = trim($_POST['name']);
+ if ($action == 'addgroup') {
+ if (!empty($_POST['group_id'])) {
+ Database::query('UPDATE '.$table_survey_question_group.' SET description = \''.Database::escape_string($_POST['description']).'\'
+ WHERE c_id = '.$course_id.' AND id = \''.Database::escape_string($_POST['group_id']).'\'');
+ $sendmsg = 'GroupUpdatedSuccessfully';
+ } elseif(!empty($_POST['name'])) {
+ Database::query('INSERT INTO '.$table_survey_question_group.' (c_id, name,description,survey_id) values ('.$course_id.', \''.Database::escape_string($_POST['name']).'\',\''.Database::escape_string($_POST['description']).'\',\''.Database::escape_string($survey_id).'\') ');
+ $sendmsg = 'GroupCreatedSuccessfully';
+ } else {
+ $sendmsg = 'GroupNeedName';
+ }
+ }
- if ($action == 'deletegroup') {
- Database::query('DELETE FROM '.$table_survey_question_group.' WHERE c_id = '.$course_id.' AND id = '.intval($_GET['gid']).' and survey_id = '.intval($survey_id));
- $sendmsg = 'GroupDeletedSuccessfully';
- }
- header('Location: '.api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.$survey_id.'&sendmsg='.$sendmsg);
- exit;
+ if ($action == 'deletegroup') {
+ Database::query('DELETE FROM '.$table_survey_question_group.' WHERE c_id = '.$course_id.' AND id = '.intval($_GET['gid']).' and survey_id = '.intval($survey_id));
+ $sendmsg = 'GroupDeletedSuccessfully';
+ }
+ header('Location: '.api_get_path(WEB_CODE_PATH).'survey/survey.php?survey_id='.$survey_id.'&sendmsg='.$sendmsg);
+ exit;
}
// Displaying the header
@@ -108,9 +101,9 @@ Display::display_header($tool_name, 'Survey');
// Action handling
$my_action_survey = Security::remove_XSS($action);
-$my_question_id_survey = isset($_GET['question_id']) ? Security::remove_XSS($_GET['question_id']) : null;
-$my_survey_id_survey = Security::remove_XSS($_GET['survey_id']);
-$message_information = isset($_GET['message']) ? Security::remove_XSS($_GET['message']) : null;
+$my_question_id_survey = isset($_GET['question_id']) ? Security::remove_XSS($_GET['question_id']) : null;
+$my_survey_id_survey = Security::remove_XSS($_GET['survey_id']);
+$message_information = isset($_GET['message']) ? Security::remove_XSS($_GET['message']) : null;
if (isset($action)) {
if (($action == 'moveup' || $action == 'movedown') && isset($_GET['question_id'])) {
diff --git a/main/survey/survey_invitation.php b/main/survey/survey_invitation.php
index e75d28424d..cfde3a2058 100755
--- a/main/survey/survey_invitation.php
+++ b/main/survey/survey_invitation.php
@@ -12,45 +12,28 @@ require_once __DIR__.'/../inc/global.inc.php';
/** @todo this has to be moved to a more appropriate place (after the display_header of the code)*/
if (!api_is_allowed_to_edit(false, true)) {
- Display :: display_header(get_lang('ToolSurvey'));
- Display :: display_error_message(get_lang('NotAllowed'), false);
- Display :: display_footer();
- exit;
+ api_not_allowed(true);
}
// Database table definitions
-$table_survey = Database :: get_course_table(TABLE_SURVEY);
-$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
-$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
-$table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
-$table_user = Database :: get_main_table(TABLE_MAIN_USER);
-$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
-
+$table_survey = Database:: get_course_table(TABLE_SURVEY);
+$table_survey_question = Database:: get_course_table(TABLE_SURVEY_QUESTION);
+$table_survey_question_option = Database:: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
+$table_course = Database:: get_main_table(TABLE_MAIN_COURSE);
+$table_user = Database:: get_main_table(TABLE_MAIN_USER);
+$table_survey_invitation = Database:: get_course_table(TABLE_SURVEY_INVITATION);
$tool_name = get_lang('SurveyInvitations');
-
// Getting the survey information
-// We exit here if ther is no valid $_GET parameter
-if (!isset($_GET['survey_id']) OR !is_numeric($_GET['survey_id'])) {
- Display :: display_header($tool_name);
- Display :: display_error_message(get_lang('InvallidSurvey'), false);
- Display :: display_footer();
- exit;
-}
-
$survey_id = Security::remove_XSS($_GET['survey_id']);
$survey_data = SurveyManager::get_survey($survey_id);
-
if (empty($survey_data)) {
- Display :: display_header($tool_name);
- Display :: display_error_message(get_lang('InvallidSurvey'), false);
- Display :: display_footer();
- exit;
+ api_not_allowed(true);
}
$urlname = strip_tags(api_substr(api_html_entity_decode($survey_data['title'], ENT_QUOTES), 0, 40));
if (api_strlen(strip_tags($survey_data['title'])) > 40) {
- $urlname .= '...';
+ $urlname .= '...';
}
// Breadcrumbs
@@ -61,13 +44,6 @@ $interbreadcrumb[] = array('url' => api_get_path(WEB_CODE_PATH).'survey/survey.p
// Displaying the header
Display::display_header($tool_name);
-// Checking the parameters
-if (!is_numeric($survey_id)) {
- Display::display_error_message(get_lang('Error'), false);
- Display::display_footer();
- exit;
-}
-
// Getting all the people who have filled this survey
$answered_data = SurveyManager::get_people_who_filled_survey($survey_id);
if ($survey_data['anonymous'] == 1) {
@@ -75,7 +51,7 @@ if ($survey_data['anonymous'] == 1) {
$answered_data = array();
}
-if (!isset($_GET['view']) OR $_GET['view'] == 'invited') {
+if (!isset($_GET['view']) || $_GET['view'] == 'invited') {
echo get_lang('ViewInvited'). ' | ';
} else {
echo ' '.get_lang('ViewInvited').' |';
diff --git a/main/survey/survey_invite.php b/main/survey/survey_invite.php
index 60a07d63b6..3983c473b8 100755
--- a/main/survey/survey_invite.php
+++ b/main/survey/survey_invite.php
@@ -18,34 +18,28 @@ require_once __DIR__.'/../inc/global.inc.php';
$this_section = SECTION_COURSES;
if (!api_is_allowed_to_edit(false, true)) {
- Display :: display_header(get_lang('ToolSurvey'));
- Display :: display_error_message(get_lang('NotAllowed'), false);
- Display :: display_footer();
- exit;
+ api_not_allowed(true);
}
-// Database table definitions
-$table_survey = Database:: get_course_table(TABLE_SURVEY);
-$table_survey_question = Database:: get_course_table(TABLE_SURVEY_QUESTION);
-$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
-$table_course = Database:: get_main_table(TABLE_MAIN_COURSE);
-$table_user = Database:: get_main_table(TABLE_MAIN_USER);
-
$course_id = api_get_course_int_id();
// Getting the survey information
$survey_id = Security::remove_XSS($_GET['survey_id']);
$survey_data = SurveyManager::get_survey($survey_id);
if (empty($survey_data)) {
- Display :: display_header(get_lang('ToolSurvey'));
- Display :: display_error_message(get_lang('InvallidSurvey'), false);
- Display :: display_footer();
- exit;
+ api_not_allowed(true);
}
+// Database table definitions
+$table_survey = Database:: get_course_table(TABLE_SURVEY);
+$table_survey_question = Database:: get_course_table(TABLE_SURVEY_QUESTION);
+$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
+$table_course = Database:: get_main_table(TABLE_MAIN_COURSE);
+$table_user = Database:: get_main_table(TABLE_MAIN_USER);
+
$urlname = strip_tags(api_substr(api_html_entity_decode($survey_data['title'], ENT_QUOTES), 0, 40));
if (api_strlen(strip_tags($survey_data['title'])) > 40) {
- $urlname .= '...';
+ $urlname .= '...';
}
// Breadcrumbs
@@ -64,7 +58,7 @@ if (api_is_course_admin()) {
$tool_name = get_lang('SurveyPublication');
// Displaying the header
-Display::display_header($tool_name,'Survey');
+Display::display_header($tool_name, 'Survey');
echo '