Dev Removed several occurences of raw SQL.

application/controllers/survey/index.php

@@ -460,19 +460,14 @@ function sendreq(surveyid)
         if ($tokensexist == 1 && isset($token) && $token &&
         isset($_SESSION['survey_'.$surveyid]['step']) && $_SESSION['survey_'.$surveyid]['step']>0 && tableExists("tokens_{$surveyid}}}"))
         {
-            //check if tokens actually haven't been already used
-            $areTokensUsed = usedTokens(trim(strip_tags(returnGlobal('token',true))),$surveyid);
-            // check if token actually does exist
             // check also if it is allowed to change survey after completion
             if ($thissurvey['alloweditaftercompletion'] == 'Y' ) {
-                $sQuery = "SELECT * FROM {{tokens_".$surveyid."}} WHERE token='".$token."'";
+				$tokenInstance = Token::model(null, $surveyid)->findByAttributes(array('token' => $token));
             } else {
-                $sQuery = "SELECT * FROM {{tokens_".$surveyid."}} WHERE token='".$token."' AND (completed = 'N' or completed='')";
+				$tokenInstance = Token::model(null, $surveyid)->usable()->incomplete()->findByAttributes(array('token' => $token));
             }
-
-            $aRow = Yii::app()->db->createCommand($sQuery)->queryRow();
-            $tokendata = $aRow; 
-            if (!$aRow || ($areTokensUsed && $thissurvey['alloweditaftercompletion'] != 'Y') && !$previewmode)
+
+			if (!isset($tokenInstance) && !$previewmode)
             {
                 sendCacheHeaders();
                 doHeader();
@@ -490,19 +485,16 @@ function sendreq(surveyid)
                 $this->_niceExit($redata, __LINE__, $thistpl, $asMessage, true);
             }
         }
-        if ($tokensexist == 1 && isset($token) && $token && tableExists("{{tokens_".$surveyid."}}") && !$previewmode) //check if token is in a valid time frame
+        if ($tokensexist == 1 && isset($token) && tableExists("{{tokens_".$surveyid."}}") && !$previewmode) //check if token is in a valid time frame
         {
             // check also if it is allowed to change survey after completion
             if ($thissurvey['alloweditaftercompletion'] == 'Y' ) {
-                $tkquery = "SELECT * FROM {{tokens_".$surveyid."}} WHERE token='".$token."'";
+				$tokenInstance = Token::model(null, $surveyid)->usable()->findByAttributes(array('token' => $token));
             } else {
-                $tkquery = "SELECT * FROM {{tokens_".$surveyid."}} WHERE token='".$token."' AND (completed = 'N' or completed='')";
+				$tokenInstance = Token::model(null, $surveyid)->usable()->incomplete()->findByAttributes(array('token' => $token));
+
             }
-            $tkresult = dbExecuteAssoc($tkquery); //Checked
-            $tokendata = $tkresult->read();
-            $tkresult->close(); //Close the result in case there are more result rows, we are only interested in one and don't want unbuffered query errors
-            if (isset($tokendata['validfrom']) && (trim($tokendata['validfrom'])!='' && $tokendata['validfrom']>dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust)) ||
-            isset($tokendata['validuntil']) && (trim($tokendata['validuntil'])!='' && $tokendata['validuntil']<dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $timeadjust)))
+            if (!isset($tokenInstance))
             {
                 sendCacheHeaders();
                 doHeader();

application/helpers/common_helper.php

@@ -5867,19 +5867,6 @@ function getXMLWriter() {
     return $xmlwriter;
 }
 
-
-/**
-* Returns true when a token can not be used (either doesn't exist, has less then one usage left )
-*
-* @param mixed $tid Token
-*/
-function usedTokens($token, $surveyid)
-{
-    return Token::model(null, $surveyid)->usable()->countByAttributes(array(
-		'token' => $token
-	)) > 0;
-}
-
 /**
 * SSLRedirect() generates a redirect URL for the appropriate SSL mode then applies it.
 * (Was redirect() before CodeIgniter port.)

application/helpers/frontend_helper.php

@@ -975,17 +975,14 @@ function buildsurveysession($surveyid,$preview=false)
     !isCaptchaEnabled('surveyaccessscreen',$thissurvey['usecaptcha']))
     {
 
-        //check if tokens actually haven't been already used
-        $areTokensUsed = usedTokens(trim(strip_tags($clienttoken)),$surveyid);
         //check if token actually does exist
         // check also if it is allowed to change survey after completion
         if ($thissurvey['alloweditaftercompletion'] == 'Y' ) {
-            $oTokenEntry = Token::model(null, $surveyid)->find('token=:token', array(':token'=>trim(strip_tags($clienttoken))));
+            $oTokenEntry = Token::model(null, $surveyid)->findByAttributes(array('token'=>trim(strip_tags($clienttoken))));
         } else {
-            $oTokenEntry = Token::model(null, $surveyid)->find("token=:token AND (completed = 'N' or completed='')", array(':token'=>trim(strip_tags($clienttoken))));
+            $oTokenEntry = Token::model(null, $surveyid)->usable()->incomplete()->findByAttributes(array('token' => $clienttoken));
         }
-
-        if (is_null($oTokenEntry) ||  ($areTokensUsed && $thissurvey['alloweditaftercompletion'] != 'Y') )
+		if (!isset($oTokenEntry))
         {
             //TOKEN DOESN'T EXIST OR HAS ALREADY BEEN USED. EXPLAIN PROBLEM AND EXIT
 
@@ -1006,7 +1003,7 @@ function buildsurveysession($surveyid,$preview=false)
             doFooter();
             exit;
         }
-    }
+   }
     // TOKENS REQUIRED, A TOKEN PROVIDED
     // SURVEY CAPTCHA REQUIRED
     elseif ($tokensexist == 1 && $clienttoken && isCaptchaEnabled('surveyaccessscreen',$thissurvey['usecaptcha']))
@@ -1017,20 +1014,17 @@ function buildsurveysession($surveyid,$preview=false)
         isset($_SESSION['survey_'.$surveyid]['secanswer']) &&
         $loadsecurity == $_SESSION['survey_'.$surveyid]['secanswer'])
         {
-            //check if tokens actually haven't been already used
-            $areTokensUsed = usedTokens(trim(strip_tags($clienttoken)),$surveyid);
-            //check if token actually does exist
-            $oTokenEntry = Token::model(null, $surveyid)->find('token=:token', array(':token'=>trim(strip_tags($clienttoken))));
-
             if ($thissurvey['alloweditaftercompletion'] == 'Y' )
             {
-                $oTokenEntry = Token::model(null, $surveyid)->find('token=:token', array(':token'=>trim(strip_tags($clienttoken))));
+                $oTokenEntry = Token::model(null, $surveyid)->findByAttributes(array('token'=> $clienttoken));
             }
             else
             {
-                $oTokenEntry = Token::model(null, $surveyid)->find("token=:token  AND (completed = 'N' or completed='')", array(':token'=>trim(strip_tags($clienttoken))));
+                $oTokenEntry = Token::model(null, $surveyid)->incomplete()->findByAttributes(array(
+					'token' => $clienttoken
+				));
            }
-            if (is_null($oTokenEntry) || ($areTokensUsed && $thissurvey['alloweditaftercompletion'] != 'Y') )
+            if (!isset($oTokenEntry))
             {
                 sendCacheHeaders();
                 doHeader();

application/models/Token.php

@@ -8,7 +8,11 @@ public function __construct($scenario = 'insert', $surveyId = null)
 		}
 		public static function model($className = null, $surveyId = null)
 		{
-			return parent::model(get_class(), $surveyId);
+			if (!is_numeric($surveyId))
+			{
+				throw new Exception('SurveyID must be numeric.');
+			}
+			$result = parent::model(get_class(), $surveyId);
 		}
 
 		public function scopes()
@@ -18,7 +22,7 @@ public function scopes()
 					'condition' => 'completed = "N"'
 				),
 				'usable' => array(
-					'condition' => 'usesleft > 0'
+					'condition' => 'usesleft > 0 AND COALESCE(validfrom, NOW()) >= NOW() AND COALESCE(validfrom, NOW()) <= NOW()'
 				)
 			);
 		}