Merge branch '1.9.x' of ssh://github.com/chamilo/chamilo-lms into chamilo19

1.9.x
Julio Montoya 11 years ago
commit 96b90e4948
  1. 68
      main/survey/fillsurvey.php
  2. 18
      main/survey/preview.php

@ -34,10 +34,18 @@ require_once 'survey.lib.php';
if (!empty($_user)) { if (!empty($_user)) {
$interbreadcrumb[] = array('url' => 'survey_list.php?cidReq='.Security::remove_XSS($_GET['course']), 'name' => get_lang('SurveyList')); $interbreadcrumb[] = array('url' => 'survey_list.php?cidReq='.Security::remove_XSS($_GET['course']), 'name' => get_lang('SurveyList'));
} }
if (($_GET['invitationcode'] == 'auto' && isset($_GET['scode'])) && ((!(isset($_user['user_id']) && $_user['user_id']) || api_is_anonymous($_user['user_id'], true)))) {
// anonymous users not allowed // Database table definitions
api_not_allowed(); $table_survey = Database :: get_course_table(TABLE_SURVEY);
} $table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER);
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
// We initialize test as private (not anonymous):
$isAnonymous = false;
// getting all the course information // getting all the course information
if (isset($_GET['course'])) { if (isset($_GET['course'])) {
@ -51,20 +59,27 @@ if (empty($course_info)) {
} }
$course_id = $course_info['real_id']; $course_id = $course_info['real_id'];
$surveyCode = isset($_GET['scode']) ? Database::escape_string($_GET['scode']) : '';
if ($surveyCode != "") {
// Firstly we check if this survey is ready for anonymous use:
$sqlAnonymous = "SELECT anonymous FROM $table_survey WHERE c_id = $course_id AND code ='".$surveyCode."'";
$resultAnonymous = Database::query($sqlAnonymous);
$rowAnonymous = Database::fetch_array($resultAnonymous, 'ASSOC');
// If is anonymous and is not allowed to take the survey to anonymous users, forbid access:
if (!isset($rowAnonymous['anonymous']) || ($rowAnonymous['anonymous'] == 0 && api_is_anonymous($_user['user_id'], true)) || count($rowAnonymous) == 0) {
api_not_allowed();
}
// If is anonymous and it is allowed to take the survey as anonymous, mark survey as anonymous:
} else {
if (api_is_anonymous($_user['user_id'], true)) {
$isAnonymous = true;
}
}
// Header // Header
Display :: display_header(get_lang('ToolSurvey')); Display :: display_header(get_lang('ToolSurvey'));
// Database table definitions
$table_survey = Database :: get_course_table(TABLE_SURVEY);
$table_survey_answer = Database :: get_course_table(TABLE_SURVEY_ANSWER);
$table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$table_user = Database :: get_main_table(TABLE_MAIN_USER);
// First we check if the needed parameters are present // First we check if the needed parameters are present
if ((!isset($_GET['course']) || !isset($_GET['invitationcode'])) && !isset($_GET['user_id'])) { if ((!isset($_GET['course']) || !isset($_GET['invitationcode'])) && !isset($_GET['user_id'])) {
Display :: display_error_message(get_lang('SurveyParametersMissingUseCopyPaste'), false); Display :: display_error_message(get_lang('SurveyParametersMissingUseCopyPaste'), false);
@ -77,11 +92,16 @@ $invitationcode = $_GET['invitationcode'];
// Start auto-invitation feature FS#3403 (all-users-can-do-the-survey-URL handling) // Start auto-invitation feature FS#3403 (all-users-can-do-the-survey-URL handling)
if ($invitationcode == 'auto' && isset($_GET['scode'])) { if ($invitationcode == 'auto' && isset($_GET['scode'])) {
$userid = $_user['user_id']; $userid = $_user['user_id'];
$surveyCode = Database::escape_string($_GET['scode']); // Survey_code of the survey
$scode = Database::escape_string($_GET['scode']); // Survey_code of the survey if ($isAnonymous) {
$autoInvitationcode = "auto-$userid-$scode"; // New invitation code from userid $autoInvitationcode = "auto-ANONY_".md5(time())."-$surveyCode";
} else {
// New invitation code from userid
$autoInvitationcode = "auto-$userid-$surveyCode";
}
// The survey code must exist in this course, or the URL is invalid // The survey code must exist in this course, or the URL is invalid
$sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code ='".$scode."'"; $sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code = '".$surveyCode."'";
$result = Database::query($sql); $result = Database::query($sql);
if (Database :: num_rows($result) > 0) { // Ok if (Database :: num_rows($result) > 0) { // Ok
// Check availability // Check availability
@ -93,7 +113,7 @@ if ($invitationcode == 'auto' && isset($_GET['scode'])) {
$result = Database::query($sql); $result = Database::query($sql);
if (Database :: num_rows($result) == 0) { // Ok if (Database :: num_rows($result) == 0) { // Ok
$sql = "INSERT INTO $table_survey_invitation (c_id, survey_code,user, invitation_code, invitation_date) "; $sql = "INSERT INTO $table_survey_invitation (c_id, survey_code,user, invitation_code, invitation_date) ";
$sql .= " VALUES ($course_id, \"$scode\", \"$userid\", \"$autoInvitationcode\", now())"; $sql .= " VALUES ($course_id, \"$surveyCode\", \"$userid\", \"$autoInvitationcode\", now())";
Database::query($sql); Database::query($sql);
} }
// From here we use the new invitationcode auto-userid-surveycode string // From here we use the new invitationcode auto-userid-surveycode string
@ -120,6 +140,8 @@ if ($survey_invitation['answered'] == 1 && !isset($_GET['user_id'])) {
exit; exit;
} }
// Checking if there is another survey with this code. // Checking if there is another survey with this code.
// If this is the case there will be a language choice // If this is the case there will be a language choice
$sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code='".Database::escape_string($survey_invitation['survey_code'])."'"; $sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code='".Database::escape_string($survey_invitation['survey_code'])."'";
@ -159,9 +181,7 @@ if (count($_POST) > 0) {
while ($row = Database::fetch_array($result, 'ASSOC')) { while ($row = Database::fetch_array($result, 'ASSOC')) {
$types[$row['question_id']] = $row['type']; $types[$row['question_id']] = $row['type'];
} }
if ($survey_data['anonymous'] == 0) {
$survey_invitation['user'] = api_get_user_id();
}
// Looping through all the post values // Looping through all the post values
foreach ($_POST as $key => & $value) { foreach ($_POST as $key => & $value) {
// If the post value key contains the string 'question' then it is an answer on a question // If the post value key contains the string 'question' then it is an answer on a question
@ -221,9 +241,7 @@ if (count($_POST) > 0) {
while ($row = Database::fetch_array($result, 'ASSOC')) { while ($row = Database::fetch_array($result, 'ASSOC')) {
$types[$row['question_id']] = $row['type']; $types[$row['question_id']] = $row['type'];
} }
if ($survey_data['anonymous'] == 0) {
$survey_invitation['user'] = api_get_user_id();
}
// Looping through all the post values // Looping through all the post values
foreach ($_POST as $key => & $value) { foreach ($_POST as $key => & $value) {
// If the post value key contains the string 'question' then it is an answer to a question // If the post value key contains the string 'question' then it is an answer to a question

@ -26,9 +26,25 @@ $table_survey_question = Database :: get_course_table(TABLE_SURVEY_QUESTION);
$table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION); $table_survey_question_option = Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
$table_course = Database :: get_main_table(TABLE_MAIN_COURSE); $table_course = Database :: get_main_table(TABLE_MAIN_COURSE);
$table_user = Database :: get_main_table(TABLE_MAIN_USER); $table_user = Database :: get_main_table(TABLE_MAIN_USER);
$table_survey_invitation = Database :: get_course_table(TABLE_SURVEY_INVITATION);
$course_id = api_get_course_int_id(); $course_id = api_get_course_int_id();
$userId = api_get_user_id();
$surveyId = Database::escape_string($_GET['survey_id']);
$userInvited = 0;
//query to ask if logged user is allowed to see the preview (if he is invited of he is a teacher)
$sql = "SELECT survey_invitation.user FROM $table_survey_invitation survey_invitation LEFT JOIN $table_survey survey
ON survey_invitation.survey_code = survey.code WHERE survey_invitation.c_id = $course_id AND survey.survey_id = $surveyId AND survey_invitation.user = $userId";
$result = Database::query($sql);
if (Database::num_rows($result) > 0) {
$userInvited = 1;
}
if($userInvited == 0) {
if(!api_is_allowed_to_edit()) {
api_not_allowed();
}
}
// We exit here if ther is no valid $_GET parameter // We exit here if ther is no valid $_GET parameter
if (!isset($_GET['survey_id']) || !is_numeric($_GET['survey_id'])){ if (!isset($_GET['survey_id']) || !is_numeric($_GET['survey_id'])){
Display :: display_header(get_lang('SurveyPreview')); Display :: display_header(get_lang('SurveyPreview'));

Loading…
Cancel
Save