function savedcontrol()
{
//This data will be saved to the "saved_control" table with one row per response.
// - a unique "saved_id" value (autoincremented)
// - the "sid" for this survey
// - the "srid" for the survey_x row id
// - "saved_thisstep" which is the step the user is up to in this survey
// - "saved_ip" which is the ip address of the submitter
// - "saved_date" which is the date ofthe saved response
// - an "identifier" which is like a username
// - a "password"
// - "fieldname" which is the fieldname of the saved response
// - "value" which is the value of the response
//We start by generating the first 5 values which are consistent for all rows.
global $surveyid, $thissurvey, $errormsg, $publicurl, $sitename, $clang, $clienttoken, $thisstep;
$timeadjust = getGlobalSetting('timeadjust');
//Check that the required fields have been completed.
$errormsg = '';
if (empty($_POST['savename'])) {
$errormsg .= $clang->gT("You must supply a name for this saved session.") . "<br />\n";
}
if (empty($_POST['savepass'])) {
$errormsg .= $clang->gT("You must supply a password for this saved session.") . "<br />\n";
}
if (empty($_POST['savepass']) || empty($_POST['savepass2']) || $_POST['savepass'] != $_POST['savepass2']) {
$errormsg .= $clang->gT("Your passwords do not match.") . "<br />\n";
}
// if security question asnwer is incorrect
if (function_exists("ImageCreate") && isCaptchaEnabled('saveandloadscreen', $thissurvey['usecaptcha'])) {
if (empty($_POST['loadsecurity']) || !isset($_SESSION['survey_' . $surveyid]['secanswer']) || $_POST['loadsecurity'] != $_SESSION['survey_' . $surveyid]['secanswer']) {
$errormsg .= $clang->gT("The answer to the security question is incorrect.") . "<br />\n";
}
}
if (!empty($errormsg)) {
return;
}
$duplicate = SavedControl::model()->findByAttributes(array('sid' => $surveyid, 'identifier' => $_POST['savename']));
if (!empty($duplicate) && $duplicate->count() > 0) {
$errormsg .= $clang->gT("This name has already been used for this survey. You must use a unique save name.") . "<br />\n";
return;
} else {
//INSERT BLANK RECORD INTO "survey_x" if one doesn't already exist
if (!isset($_SESSION['survey_' . $surveyid]['srid'])) {
$today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust);
$sdata = array("datestamp" => $today, "ipaddr" => getIPAddress(), "startlanguage" => $_SESSION['survey_' . $surveyid]['s_lang'], "refurl" => getenv("HTTP_REFERER"));
if (SurveyDynamic::model($thissurvey['sid'])->insert($sdata)) {
$srid = getLastInsertID('{{survey_' . $surveyid . '}}');
$_SESSION['survey_' . $surveyid]['srid'] = $srid;
} else {
safeDie("Unable to insert record into survey table.<br /><br />");
}
}
//CREATE ENTRY INTO "saved_control"
$today = dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust);
$saved_control = new SavedControl();
$saved_control->sid = $surveyid;
$saved_control->srid = $_SESSION['survey_' . $surveyid]['srid'];
$saved_control->identifier = $_POST['savename'];
// Binding does escape, so no quoting/escaping necessary
$saved_control->access_code = md5($_POST['savepass']);
$saved_control->email = $_POST['saveemail'];
$saved_control->ip = getIPAddress();
$saved_control->saved_thisstep = $thisstep;
$saved_control->status = 'S';
$saved_control->saved_date = $today;
$saved_control->refurl = getenv('HTTP_REFERER');
if ($saved_control->save()) {
$scid = getLastInsertID('{{saved_control}}');
$_SESSION['survey_' . $surveyid]['scid'] = $scid;
} else {
safeDie("Unable to insert record into saved_control table.<br /><br />");
}
$_SESSION['survey_' . $surveyid]['holdname'] = $_POST['savename'];
//Session variable used to load answers every page. Unsafe - so it has to be taken care of on output
$_SESSION['survey_' . $surveyid]['holdpass'] = $_POST['savepass'];
//Session variable used to load answers every page. Unsafe - so it has to be taken care of on output
//Email if needed
if (isset($_POST['saveemail']) && validateEmailAddress($_POST['saveemail'])) {
$subject = $clang->gT("Saved Survey Details") . " - " . $thissurvey['name'];
$message = $clang->gT("Thank you for saving your survey in progress. The following details can be used to return to this survey and continue where you left off. Please keep this e-mail for your reference - we cannot retrieve the password for you.");
$message .= "\n\n" . $thissurvey['name'] . "\n\n";
$message .= $clang->gT("Name") . ": " . $_POST['savename'] . "\n";
$message .= $clang->gT("Password") . ": " . $_POST['savepass'] . "\n\n";
$message .= $clang->gT("Reload your survey by clicking on the following link (or pasting it into your browser):") . "\n";
$message .= Yii::app()->getController()->createAbsoluteUrl("/survey/index/sid/{$surveyid}/loadall/reload/scid/{$scid}/loadname/" . rawurlencode($_POST['savename']) . "/loadpass/" . rawurlencode($_POST['savepass']) . "/lang/" . rawurlencode($clang->langcode));
if ($clienttoken) {
$message .= "/token/" . rawurlencode($clienttoken);
}
$from = "{$thissurvey['adminname']} <{$thissurvey['adminemail']}>";
if (SendEmailMessage($message, $subject, $_POST['saveemail'], $from, $sitename, false, getBounceEmail($surveyid))) {
$emailsent = "Y";
} else {
$errormsg .= $clang->gT('Error: Email failed, this may indicate a PHP Mail Setup problem on the server. Your survey details have still been saved, however you will not get an email with the details. You should note the "name" and "password" you just used for future reference.');
if (trim($thissurvey['adminemail']) == '') {
$errormsg .= $clang->gT('(Reason: Admin email address empty)');
}
}
}
return $clang->gT('Your survey was successfully saved.');
}
//.........这里部分代码省略.........
//.........这里部分代码省略.........
//MAKE SURE SURVEY HASN'T EXPIRED
if ($thissurvey['expiry'] != '' and dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust) > $thissurvey['expiry'] && $thissurvey['active'] != 'N' && !$previewmode) {
$redata = compact(array_keys(get_defined_vars()));
$asMessage = array(gT("Error"), gT("This survey is no longer available."), sprintf(gT("Please contact %s ( %s ) for further assistance."), $thissurvey['adminname'], $thissurvey['adminemail']));
$this->_niceExit($redata, __LINE__, $thissurvey['templatedir'], $asMessage);
}
//MAKE SURE SURVEY IS ALREADY VALID
if ($thissurvey['startdate'] != '' and dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust) < $thissurvey['startdate'] && $thissurvey['active'] != 'N' && !$previewmode) {
$redata = compact(array_keys(get_defined_vars()));
$asMessage = array(gT("Error"), gT("This survey is not yet started."), sprintf(gT("Please contact %s ( %s ) for further assistance."), $thissurvey['adminname'], $thissurvey['adminemail']));
$this->_niceExit($redata, __LINE__, $thissurvey['templatedir'], $asMessage);
}
//CHECK FOR PREVIOUSLY COMPLETED COOKIE
//If cookies are being used, and this survey has been completed, a cookie called "PHPSID[sid]STATUS" will exist (ie: SID6STATUS) and will have a value of "COMPLETE"
$sCookieName = "LS_" . $surveyid . "_STATUS";
if (isset($_COOKIE[$sCookieName]) && $_COOKIE[$sCookieName] == "COMPLETE" && $thissurvey['usecookie'] == "Y" && $tokensexist != 1 && (!isset($param['newtest']) || $param['newtest'] != "Y")) {
$redata = compact(array_keys(get_defined_vars()));
$asMessage = array(gT("Error"), gT("You have already completed this survey."), sprintf(gT("Please contact %s ( %s ) for further assistance."), $thissurvey['adminname'], $thissurvey['adminemail']));
$this->_niceExit($redata, __LINE__, $thissurvey['templatedir'], $asMessage);
}
//LOAD SAVED SURVEY
if (Yii::app()->request->getParam('loadall') == "reload") {
$errormsg = "";
$sLoadName = Yii::app()->request->getParam('loadname');
$sLoadPass = Yii::app()->request->getParam('loadpass');
if (isset($sLoadName) && !$sLoadName) {
$errormsg .= gT("You did not provide a name") . "<br />\n";
}
if (isset($sLoadPass) && !$sLoadPass) {
$errormsg .= gT("You did not provide a password") . "<br />\n";
}
// if security question answer is incorrect
// Not called if scid is set in GET params (when using email save/reload reminder URL)
if (function_exists("ImageCreate") && isCaptchaEnabled('saveandloadscreen', $thissurvey['usecaptcha']) && is_null(Yii::app()->request->getQuery('scid'))) {
$sLoadSecurity = Yii::app()->request->getPost('loadsecurity');
if (empty($sLoadSecurity)) {
$errormsg .= gT("You did not answer to the security question.") . "<br />\n";
} elseif (!isset($_SESSION['survey_' . $surveyid]['secanswer']) || $sLoadSecurity != $_SESSION['survey_' . $surveyid]['secanswer']) {
$errormsg .= gT("The answer to the security question is incorrect.") . "<br />\n";
}
}
if ($errormsg == "") {
LimeExpressionManager::SetDirtyFlag();
buildsurveysession($surveyid);
if (loadanswers()) {
Yii::app()->setConfig('move', 'reload');
$move = "reload";
// veyRunTimeHelper use $move in $arg
} else {
$errormsg .= gT("There is no matching saved survey");
}
}
if ($errormsg) {
Yii::app()->setConfig('move', "loadall");
// Show loading form
}
}
//Allow loading of saved survey
if (Yii::app()->getConfig('move') == "loadall") {
$redata = compact(array_keys(get_defined_vars()));
Yii::import("application.libraries.Load_answers");
$tmp = new Load_answers();
$tmp->run($redata);
}
//Check if TOKEN is used for EVERY PAGE
//This function fixes a bug where users able to submit two surveys/votes
//.........这里部分代码省略.........
$asMessage = array($clang->gT("Error"), $clang->gT("This survey is no longer available."), sprintf($clang->gT("Please contact %s ( %s ) for further assistance."), $thissurvey['adminname'], $thissurvey['adminemail']));
$this->_niceExit($redata, __LINE__, $thistpl, $asMessage);
}
//MAKE SURE SURVEY IS ALREADY VALID
if ($thissurvey['startdate'] != '' and dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust) < $thissurvey['startdate'] && $thissurvey['active'] != 'N') {
$redata = compact(array_keys(get_defined_vars()));
$asMessage = array($clang->gT("Error"), $clang->gT("This survey is not yet started."), sprintf($clang->gT("Please contact %s ( %s ) for further assistance."), $thissurvey['adminname'], $thissurvey['adminemail']));
$this->_niceExit($redata, __LINE__, $thistpl, $asMessage);
}
//CHECK FOR PREVIOUSLY COMPLETED COOKIE
//If cookies are being used, and this survey has been completed, a cookie called "PHPSID[sid]STATUS" will exist (ie: SID6STATUS) and will have a value of "COMPLETE"
$sCookieName = "LS_" . $surveyid . "_STATUS";
if (isset($_COOKIE[$sCookieName]) && $_COOKIE[$sCookieName] == "COMPLETE" && $thissurvey['usecookie'] == "Y" && $tokensexist != 1 && (!isset($param['newtest']) || $param['newtest'] != "Y")) {
$redata = compact(array_keys(get_defined_vars()));
$asMessage = array($clang->gT("Error"), $clang->gT("You have already completed this survey."), sprintf($clang->gT("Please contact %s ( %s ) for further assistance."), $thissurvey['adminname'], $thissurvey['adminemail']));
$this->_niceExit($redata, __LINE__, $thistpl, $asMessage);
}
if (isset($_GET['loadall']) && $_GET['loadall'] == "reload") {
if (returnGlobal('loadname') && returnGlobal('loadpass')) {
$_POST['loadall'] = "reload";
}
}
//LOAD SAVED SURVEY
if (isset($_POST['loadall']) && $_POST['loadall'] == "reload") {
$errormsg = "";
if (!isset($param['loadname']) || $param['loadname'] == null) {
$errormsg .= $clang->gT("You did not provide a name") . "<br />\n";
}
if (!isset($param['loadpass']) || $param['loadpass'] == null) {
$errormsg .= $clang->gT("You did not provide a password") . "<br />\n";
}
// if security question answer is incorrect
// Not called if scid is set in GET params (when using email save/reload reminder URL)
if (function_exists("ImageCreate") && isCaptchaEnabled('saveandloadscreen', $thissurvey['usecaptcha'])) {
if ((!isset($_POST['loadsecurity']) || !isset($_SESSION['survey_' . $surveyid]['secanswer']) || $_POST['loadsecurity'] != $_SESSION['survey_' . $surveyid]['secanswer']) && !isset($_GET['scid'])) {
$errormsg .= $clang->gT("The answer to the security question is incorrect.") . "<br />\n";
}
}
// Load session before loading the values from the saved data
if (isset($_GET['loadall'])) {
buildsurveysession($surveyid);
}
$_SESSION['survey_' . $surveyid]['holdname'] = $param['loadname'];
//Session variable used to load answers every page.
$_SESSION['survey_' . $surveyid]['holdpass'] = $param['loadpass'];
//Session variable used to load answers every page.
if ($errormsg == "") {
loadanswers();
}
$move = "movenext";
if ($errormsg) {
$_POST['loadall'] = $clang->gT("Load unfinished survey");
}
}
//Allow loading of saved survey
if (isset($_POST['loadall']) && $_POST['loadall'] == $clang->gT("Load unfinished survey")) {
$redata = compact(array_keys(get_defined_vars()));
Yii::import("application.libraries.Load_answers");
$tmp = new Load_answers();
$tmp->run($redata);
}
//Check if TOKEN is used for EVERY PAGE
//This function fixes a bug where users able to submit two surveys/votes
//by checking that the token has not been used at each page displayed.
// bypass only this check at first page (Step=0) because
// this check is done in buildsurveysession and error message
public function beforeSurveyPage()
{
$oEvent = $this->event;
$iSurveyId = $oEvent->get('surveyId');
self::__init();
$bUse=$this->get('bUse', 'Survey', $iSurveyId);
if(is_null($bUse))
$bUse=$this->bUse;
if(!$bUse)
return;
$sToken= Yii::app()->request->getParam('token');
if($iSurveyId && !$sToken)// Test invalid token ?
{
// Get the survey model
$oSurvey=Survey::model()->find("sid=:sid",array(':sid'=>$iSurveyId));
if($oSurvey && $oSurvey->active=="Y" && $oSurvey->allowregister=="Y" && tableExists("tokens_{$iSurveyId}"))
{
// Fill parameters
$bShowTokenForm=$this->get('bShowTokenForm', 'Survey', $iSurveyId);
if(is_null($bShowTokenForm))
$bShowTokenForm=$this->bShowTokenForm;
$bShowTokenForm=$this->get('use', 'Survey', $iSurveyId);
if(is_null($bShowTokenForm))
$bShowTokenForm=$this->bUse;
Yii::app()->getClientScript()->registerCssFile(Yii::app()->getConfig('publicurl')."plugins/replaceRegister/css/register.css");
// We can go
$sLanguage = Yii::app()->request->getParam('lang','');
if ($sLanguage=="" )
{
$sLanguage = Survey::model()->findByPk($iSurveyId)->language;
}
$aSurveyInfo=getSurveyInfo($iSurveyId,$sLanguage);
$sAction= Yii::app()->request->getParam('action','view') ;
$sHtmlRegistererror="";
$sHtmlRegistermessage1=gT("You must be registered to complete this survey");;
$sHtmlRegistermessage2=gT("You may register for this survey if you wish to take part.")."<br />\n".gT("Enter your details below, and an email containing the link to participate in this survey will be sent immediately.");
$sHtmlRegisterform="";
$sHtml="";
$bShowForm=true;
$bValidMail=false;
$bTokenCreate=true;
$aExtraParams=array();
$aRegisterError=array();
$sR_email= Yii::app()->request->getPost('register_email');
$sR_firstname= sanitize_xss_string(Yii::app()->request->getPost('register_firstname',""));
$sR_lastname= sanitize_xss_string(Yii::app()->request->getPost('register_lastname',""));
$sR_lastname= sanitize_xss_string(Yii::app()->request->getPost('register_lastname',""));
$aR_attribute=array();
$aR_attributeGet=array();
$aExtraParams=array();
$aMail=array();
foreach ($aSurveyInfo['attributedescriptions'] as $field => $aAttribute)
{
if (!empty($aAttribute['show_register']) && $aAttribute['show_register'] == 'Y')
{
$aR_attribute[$field]= sanitize_xss_string(Yii::app()->request->getPost('register_'.$field),"");// Need to be filtered ?
}
elseif($aAttribute['description']==sanitize_paranoid_string($aAttribute['description']) && trim(Yii::app()->request->getQuery($aAttribute['description'],"")) )
{
$aR_attributeGet[$field]= sanitize_xss_string(trim(Yii::app()->request->getQuery($aAttribute['description'],"")));// Allow prefill with URL (TODO: add an option)
$aExtraParams[$aAttribute['description']]=sanitize_xss_string(trim(Yii::app()->request->getParam($aAttribute['description'],"")));
}
}
if($sAction=='register' && !is_null($sR_email) && Yii::app()->request->getPost('changelang')!='changelang')
{
$bShowForm=false;
// captcha
$sLoadsecurity=Yii::app()->request->getPost('loadsecurity');
$sSecAnswer=(isset($_SESSION['survey_'.$iSurveyId]['secanswer']))?$_SESSION['survey_'.$iSurveyId]['secanswer']:"";
$bShowForm=false;
$bNoError=true;
// Copy paste RegisterController
if($sR_email)
{
//Check that the email is a valid style addressattribute_2
if (!validateEmailAddress($sR_email))
{
$aRegisterError[]= gT("The email you used is not valid. Please try again.");
}
}
else
{
$aRegisterError[]= gT("The email you used is not valid. Please try again.");// Empty email
}
// Fill and validate mandatory extra attribute
foreach ($aSurveyInfo['attributedescriptions'] as $field => $aAttribute)
{
if (!empty($aAttribute['show_register']) && $aAttribute['show_register'] == 'Y' && $aAttribute['mandatory'] == 'Y' && ($aR_attribute[$field]=="" || is_null($aR_attribute[$field])) )
{
$aRegisterError[]= sprintf(gT("%s cannot be left empty").".", $aSurveyInfo['attributecaptions'][$field]);
}
}
// Check the security question's answer : at end because the security question is the last one
if (function_exists("ImageCreate") && isCaptchaEnabled('registrationscreen',$aSurveyInfo['usecaptcha']) )
{
if (!$sLoadsecurity || !$sSecAnswer || $sLoadsecurity != $sSecAnswer)
{
$aRegisterError[]= gT("The answer to the security question is incorrect.");
//.........这里部分代码省略.........
请发表评论