diff --git a/admin/html.php b/admin/html.php
index 4350fd28104..652f2389325 100644
--- a/admin/html.php
+++ b/admin/html.php
@@ -1474,12 +1474,6 @@
$addsummary = "
\n";
$addsummary .= "\n";
- $query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND owner_id = ".$_SESSION['loginID']." AND owner_id != ".$postuserid;
- $result = db_execute_assoc($query); //Checked
- if( ($result->RecordCount() > 0 && in_array($postuserid,getuserlist('onlyuidarray'))) ||
- $_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
- {
-
if($postuserid > 0){
$isrquery = "INSERT INTO {$dbprefix}survey_permissions (sid,uid,permission,read_p) VALUES ({$surveyid},{$postuserid},'survey',1)";
@@ -1508,11 +1502,6 @@
. "
" . $clang->gT("No Username selected.")."
\n";
$addsummary .= "
gT("Continue")."\"/>\n";
}
- }
- else
- {
- include("access_denied.php");
- }
$addsummary .= "
\n";
}
@@ -1522,57 +1511,48 @@
$addsummary = "\n";
$addsummary .= "\n";
- $query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND owner_id = ".$_SESSION['loginID'];
- $result = db_execute_assoc($query); //Checked
- if( ($result->RecordCount() > 0 && in_array($postusergroupid,getsurveyusergrouplist('simpleugidarray'))) || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
- {
- if($postusergroupid > 0){
- $query2 = "SELECT b.uid FROM (SELECT uid FROM ".db_table_name('survey_permissions')." WHERE sid = {$surveyid}) AS c RIGHT JOIN ".db_table_name('user_in_groups')." AS b ON b.uid = c.uid WHERE c.uid IS NULL AND b.ugid = {$postusergroupid}";
- $result2 = db_execute_assoc($query2); //Checked
- if($result2->RecordCount() > 0)
+ if($postusergroupid > 0){
+ $query2 = "SELECT b.uid FROM (SELECT uid FROM ".db_table_name('survey_permissions')." WHERE sid = {$surveyid}) AS c RIGHT JOIN ".db_table_name('user_in_groups')." AS b ON b.uid = c.uid WHERE c.uid IS NULL AND b.ugid = {$postusergroupid}";
+ $result2 = db_execute_assoc($query2); //Checked
+ if($result2->RecordCount() > 0)
+ {
+ while ($row2 = $result2->FetchRow())
{
- while ($row2 = $result2->FetchRow())
- {
- $uid_arr[] = $row2['uid'];
- $isrquery = "INSERT INTO {$dbprefix}survey_permissions (sid,uid,permission,read_p) VALUES ({$surveyid}, {$row2['uid']},'survey',1) ";
- $isrresult = $connect->Execute($isrquery); //Checked
- if (!$isrresult) break;
- }
+ $uid_arr[] = $row2['uid'];
+ $isrquery = "INSERT INTO {$dbprefix}survey_permissions (sid,uid,permission,read_p) VALUES ({$surveyid}, {$row2['uid']},'survey',1) ";
+ $isrresult = $connect->Execute($isrquery); //Checked
+ if (!$isrresult) break;
+ }
- if($isrresult)
- {
- $addsummary .= "\n";
- $_SESSION['uids'] = $uid_arr;
- $addsummary .= "
\n";
- }
- else
- {
- // Error while adding user to the database
- $addsummary .= "\n";
- $addsummary .= "
gT("Continue")."\"/>\n";
- }
}
else
{
- // no user to add
+ // Error while adding user to the database
$addsummary .= "\n";
$addsummary .= "
gT("Continue")."\"/>\n";
}
}
else
{
- $addsummary .= "\n"
- . "
" . $clang->gT("No Username selected.")."
\n";
+ // no user to add
+ $addsummary .= "\n";
$addsummary .= "
gT("Continue")."\"/>\n";
}
}
else
{
- include("access_denied.php");
+ $addsummary .= "\n"
+ . "
" . $clang->gT("No Username selected.")."
\n";
+ $addsummary .= "
gT("Continue")."\"/>\n";
}
$addsummary .= "
\n";
}
@@ -1582,57 +1562,40 @@
$addsummary = "\n";
$addsummary .= "\n";
- $query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND owner_id = ".$_SESSION['loginID']." AND owner_id != ".$postuserid;
- $result = db_execute_assoc($query); //Checked
- if($result->RecordCount() > 0 || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
+ if (isset($postuserid))
{
- if (isset($postuserid))
- {
- $dquery="DELETE FROM".db_table_name('survey_permissions')." WHERE uid={$postuserid} AND sid={$surveyid}"; // added by Dennis
- $dresult=$connect->Execute($dquery); //Checked
+ $dquery="DELETE FROM".db_table_name('survey_permissions')." WHERE uid={$postuserid} AND sid={$surveyid}"; // added by Dennis
+ $dresult=$connect->Execute($dquery); //Checked
- $addsummary .= "
".$clang->gT("Username").": ".sanitize_xss_string($_POST['user'])."
\n";
- $addsummary .= "\n";
- }
- else
- {
- $addsummary .= "\n";
- }
- $addsummary .= "
gT("Continue")."\"/>\n";
+ $addsummary .= "
".$clang->gT("Username").": ".sanitize_xss_string($_POST['user'])."
\n";
+ $addsummary .= "\n";
}
else
{
- include("access_denied.php");
+ $addsummary .= "\n";
}
+ $addsummary .= "
gT("Continue")."\"/>\n";
$addsummary .= "
\n";
}
if($action == "setsurveysecurity" || $action == "setusergroupsurveysecurity")
{
- $query = "SELECT sid, owner_id FROM ".db_table_name('surveys')." WHERE sid = {$surveyid} AND owner_id = ".$_SESSION['loginID'];
+ $js_admin_includes[]='../scripts/jquery/jquery.tablesorter.min.js';
+ $js_admin_includes[]='scripts/surveysecurity.js';
if ($action == "setsurveysecurity")
{
- $query.= " AND owner_id != ".$postuserid;
+ $sUsername=$connect->GetOne("select users_name from ".db_table_name('users')." where uid={$postuserid}");
+ $usersummary = "";
}
- $result = db_execute_assoc($query); //Checked
- if($result->RecordCount() > 0 || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
+ else
{
- $js_admin_includes[]='../scripts/jquery/jquery.tablesorter.min.js';
- $js_admin_includes[]='scripts/surveysecurity.js';
- if ($action == "setsurveysecurity")
- {
- $sUsername=$connect->GetOne("select users_name from ".db_table_name('users')." where uid={$postuserid}");
- $usersummary = "";
- }
- else
- {
- $sUsergroupName=$connect->GetOne("select name from ".db_table_name('user_groups')." where ugid={$postusergroupid}");
- $usersummary = "";
- }
- $usersummary .= "
\n";
+ if ($action=='setsurveysecurity')
+ {
+ $usersummary .="";
}
else
{
- include("access_denied.php");
+ $usersummary .="";
}
+ $usersummary .= "\n";
}
// This is the action to export the structure of a complete survey