@ -34,10 +34,18 @@ require_once 'survey.lib.php';
if (!empty($_user)) {
if (!empty($_user)) {
$interbreadcrumb[] = array('url' => 'survey_list.php?cidReq='.Security::remove_XSS($_GET['course']), 'name' => get_lang('SurveyList'));
$interbreadcrumb[] = array('url' => 'survey_list.php?cidReq='.Security::remove_XSS($_GET['course']), 'name' => get_lang('SurveyList'));
}
}
if (($_GET['invitationcode'] == 'auto' & & isset($_GET['scode'])) & & ((!(isset($_user['user_id']) & & $_user['user_id']) || api_is_anonymous($_user['user_id'], true)))) {
// anonymous users not allowed
// Database table definitions
api_not_allowed();
$table_survey = Database :: get_course_table(TABLE_SURVEY);
}
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER);
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
// We initialize test as private (not anonymous):
$isAnonymous = false;
// getting all the course information
// getting all the course information
if (isset($_GET['course'])) {
if (isset($_GET['course'])) {
@ -51,20 +59,27 @@ if (empty($course_info)) {
}
}
$course_id = $course_info['real_id'];
$course_id = $course_info['real_id'];
$surveyCode = isset($_GET['scode']) ? Database::escape_string($_GET['scode']) : '';
if ($surveyCode != "") {
// Firstly we check if this survey is ready for anonymous use:
$sqlAnonymous = "SELECT anonymous FROM $table_survey WHERE c_id = $course_id AND code ='".$surveyCode."'";
$resultAnonymous = Database::query($sqlAnonymous);
$rowAnonymous = Database::fetch_array($resultAnonymous, 'ASSOC');
// If is anonymous and is not allowed to take the survey to anonymous users, forbid access:
if (!isset($rowAnonymous['anonymous']) || ($rowAnonymous['anonymous'] == 0 & & api_is_anonymous($_user['user_id'], true)) || count($rowAnonymous) == 0) {
api_not_allowed();
}
// If is anonymous and it is allowed to take the survey as anonymous, mark survey as anonymous:
} else {
if (api_is_anonymous($_user['user_id'], true)) {
$isAnonymous = true;
}
}
// Header
// Header
Display :: display_header(get_lang('ToolSurvey'));
Display :: display_header(get_lang('ToolSurvey'));
// Database table definitions
$table_survey = Database :: get_course_table(TABLE_SURVEY);
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER);
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
// First we check if the needed parameters are present
// First we check if the needed parameters are present
if ((!isset($_GET['course']) || !isset($_GET['invitationcode'])) & & !isset($_GET['user_id'])) {
if ((!isset($_GET['course']) || !isset($_GET['invitationcode'])) & & !isset($_GET['user_id'])) {
Display :: display_error_message(get_lang('SurveyParametersMissingUseCopyPaste'), false);
Display :: display_error_message(get_lang('SurveyParametersMissingUseCopyPaste'), false);
@ -77,11 +92,16 @@ $invitationcode = $_GET['invitationcode'];
// Start auto-invitation feature FS#3403 (all-users-can-do-the-survey-URL handling)
// Start auto-invitation feature FS#3403 (all-users-can-do-the-survey-URL handling)
if ($invitationcode == 'auto' & & isset($_GET['scode'])) {
if ($invitationcode == 'auto' & & isset($_GET['scode'])) {
$userid = $_user['user_id'];
$userid = $_user['user_id'];
$surveyCode = Database::escape_string($_GET['scode']); // Survey_code of the survey
$scode = Database::escape_string($_GET['scode']); // Survey_code of the survey
if ($isAnonymous) {
$autoInvitationcode = "auto-$userid-$scode"; // New invitation code from userid
$autoInvitationcode = "auto-ANONY_".md5(time())."-$surveyCode";
} else {
// New invitation code from userid
$autoInvitationcode = "auto-$userid-$surveyCode";
}
// The survey code must exist in this course, or the URL is invalid
// The survey code must exist in this course, or the URL is invalid
$sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code ='".$scode."'";
$sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code = '".$surveyC ode."'";
$result = Database::query($sql);
$result = Database::query($sql);
if (Database :: num_rows($result) > 0) { // Ok
if (Database :: num_rows($result) > 0) { // Ok
// Check availability
// Check availability
@ -93,7 +113,7 @@ if ($invitationcode == 'auto' && isset($_GET['scode'])) {
$result = Database::query($sql);
$result = Database::query($sql);
if (Database :: num_rows($result) == 0) { // Ok
if (Database :: num_rows($result) == 0) { // Ok
$sql = "INSERT INTO $table_survey_invitation (c_id, survey_code,user, invitation_code, invitation_date) ";
$sql = "INSERT INTO $table_survey_invitation (c_id, survey_code,user, invitation_code, invitation_date) ";
$sql .= " VALUES ($course_id, \"$sc ode\", \"$userid\", \"$autoInvitationcode\", now())";
$sql .= " VALUES ($course_id, \"$surveyC ode\", \"$userid\", \"$autoInvitationcode\", now())";
Database::query($sql);
Database::query($sql);
}
}
// From here we use the new invitationcode auto-userid-surveycode string
// From here we use the new invitationcode auto-userid-surveycode string
@ -120,6 +140,8 @@ if ($survey_invitation['answered'] == 1 && !isset($_GET['user_id'])) {
exit;
exit;
}
}
// Checking if there is another survey with this code.
// Checking if there is another survey with this code.
// If this is the case there will be a language choice
// If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code='".Database::escape_string($survey_invitation['survey_code'])."'";
$sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code='".Database::escape_string($survey_invitation['survey_code'])."'";
@ -159,9 +181,7 @@ if (count($_POST) > 0) {
while ($row = Database::fetch_array($result, 'ASSOC')) {
while ($row = Database::fetch_array($result, 'ASSOC')) {
$types[$row['question_id']] = $row['type'];
$types[$row['question_id']] = $row['type'];
}
}
if ($survey_data['anonymous'] == 0) {
$survey_invitation['user'] = api_get_user_id();
}
// Looping through all the post values
// Looping through all the post values
foreach ($_POST as $key => & $value) {
foreach ($_POST as $key => & $value) {
// If the post value key contains the string 'question' then it is an answer on a question
// If the post value key contains the string 'question' then it is an answer on a question
@ -221,9 +241,7 @@ if (count($_POST) > 0) {
while ($row = Database::fetch_array($result, 'ASSOC')) {
while ($row = Database::fetch_array($result, 'ASSOC')) {
$types[$row['question_id']] = $row['type'];
$types[$row['question_id']] = $row['type'];
}
}
if ($survey_data['anonymous'] == 0) {
$survey_invitation['user'] = api_get_user_id();
}
// Looping through all the post values
// Looping through all the post values
foreach ($_POST as $key => & $value) {
foreach ($_POST as $key => & $value) {
// If the post value key contains the string 'question' then it is an answer to a question
// If the post value key contains the string 'question' then it is an answer to a question