Skip to content

Commit

Permalink
new field in table _users (full_name)
Browse files Browse the repository at this point in the history 
fixed bugs with import surveys
removed possibility to set survey rights when adding not successful


git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/phpsurveyor@2072 b72ed6b6-b9f8-46b5-92b4-906544132732
  • Loading branch information
Dennis committed Sep 21, 2006
1 parent 717f3d9 commit 659a9b0
Show file tree
Hide file tree
Showing 7 changed files with 133 additions and 117 deletions.
146 changes: 72 additions & 74 deletions admin/database.php
View file
Expand Up @@ -623,8 +623,6 @@ function get_max_order($gid)
}
}



elseif ($action == "insertCSV" && $actsurrows['define_questions'])
{
if (get_magic_quotes_gpc() == "0")
Expand All @@ -649,36 +647,92 @@ function get_max_order($gid)
}
$band = 1;
}
}

elseif ($action == "updatesurvey" && $actsurrows['edit_survey_property'])
{
if ($_POST['url'] == "http://") {$_POST['url']="";}
$_POST = array_map('db_quote', $_POST);

if (trim($_POST['expires'])=="")
{
$_POST['expires']='1980-01-01';
}
else
{
$_POST['expires']="'".$_POST['expires']."'";
}

$usquery = "UPDATE {$dbprefix}surveys \n"
. "SET short_title='{$_POST['short_title']}', description='{$_POST['description']}',\n"
. "admin='{$_POST['admin']}', welcome='".str_replace("\n", "<br />", $_POST['welcome'])."',\n"
. "useexpiry='{$_POST['useexpiry']}', expires={$_POST['expires']}, adminemail='{$_POST['adminemail']}',\n"
. "private='{$_POST['private']}', faxto='{$_POST['faxto']}',\n"
. "format='{$_POST['format']}', template='{$_POST['template']}',\n"
. "url='{$_POST['url']}', urldescrip='{$_POST['urldescrip']}',\n"
. "language='{$_POST['language']}', datestamp='{$_POST['datestamp']}', ipaddr='{$_POST['ipaddr']}', refurl='{$_POST['refurl']}',\n"
. "usecookie='{$_POST['usecookie']}', notification='{$_POST['notification']}',\n"
. "allowregister='{$_POST['allowregister']}', attribute1='{$_POST['attribute1']}',\n"
. "attribute2='{$_POST['attribute2']}', email_invite_subj='{$_POST['email_invite_subj']}',\n"
. "email_invite='{$_POST['email_invite']}', email_remind_subj='{$_POST['email_remind_subj']}',\n"
. "email_remind='{$_POST['email_remind']}', email_register_subj='{$_POST['email_register_subj']}',\n"
. "email_register='{$_POST['email_register']}', email_confirm_subj='{$_POST['email_confirm_subj']}',\n"
. "email_confirm='{$_POST['email_confirm']}', allowsave='{$_POST['allowsave']}',\n"
. "autoredirect='{$_POST['autoredirect']}', allowprev='{$_POST['allowprev']}'\n"
. "WHERE sid={$_POST['sid']}";
$usresult = $connect->Execute($usquery) or die("Error updating<br />".htmlspecialchars($usquery)."<br /><br /><strong>".htmlspecialchars($connect->ErrorMsg()));
if ($usresult)
{
$surveyselect = getsurveylist();
}
else
{
echo "<script type=\"text/javascript\">\n<!--\n alert(\""._("Survey could not be updated")."\n".$connect->ErrorMsg() ." ($usquery)\")\n //-->\n</script>\n";
}
}

elseif ($action == "delsurvey" && $actsurrows['delete_survey']) //can only happen if there are no groups, no questions, no answers etc.
{
$query = "DELETE FROM {$dbprefix}surveys WHERE sid=$surveyid";
$result = $connect->Execute($query);
if ($result)
{
$surveyid = "";
$surveyselect = getsurveylist();
}
else
{
echo "<script type=\"text/javascript\">\n<!--\n alert(\"Survey id($surveyid) was NOT DELETED!\n$error\")\n //-->\n</script>\n";
}
}
}

}


elseif ($action == "insertnewsurvey" && $_SESSION['USER_RIGHT_CREATE_SURVEY'])
{
{
if ($_POST['url'] == "http://") {$_POST['url']="";}
if (!$_POST['short_title'])
{
{
echo "<script type=\"text/javascript\">\n<!--\n alert(\""._("Survey could not be created because it did not have a short title")."\")\n //-->\n</script>\n";
}
}
else
{
{
$_POST = array_map('db_quote', $_POST);
if (trim($_POST['expires'])=="")
{
{
$_POST['expires']='1980-01-01';
}
}
else
{
{
$_POST['expires']="'".$_POST['expires']."'";
}
}
// Get random ids until one is found that is not used
do
{
{
$surveyid = getRandomID();
$isquery = "SELECT sid FROM ".db_table_name('surveys')." WHERE sid=$surveyid";
$isresult = db_execute_assoc($isquery);
}
}
while ($isresult->RecordCount()>0);

$isquery = "INSERT INTO {$dbprefix}surveys\n"
Expand All @@ -704,74 +758,18 @@ function get_max_order($gid)
$isrquery = "INSERT INTO {$dbprefix}surveys_rights VALUES($surveyid,". $_SESSION['loginID'].",1,1,1,1,1,1)"; //ADDED by Moses inserts survey rights for creator
$isrresult = $connect->Execute($isrquery) or die ($isrquery."<br />".$connect->ErrorMsg()); //ADDED by Moses
if ($isresult)
{
{
$surveyselect = getsurveylist();
}
}
else
{
{
$errormsg=_("Survey could not be created")." - ".$connect->ErrorMsg();
echo "<script type=\"text/javascript\">\n<!--\n alert(\"$errormsg\")\n //-->\n</script>\n";
echo htmlspecialchars($isquery);
}
}
}
}

elseif ($action == "updatesurvey" && $actsurrows['edit_survey_property'])
{
if ($_POST['url'] == "http://") {$_POST['url']="";}
$_POST = array_map('db_quote', $_POST);

if (trim($_POST['expires'])=="")
{
$_POST['expires']='1980-01-01';
}
else
{
$_POST['expires']="'".$_POST['expires']."'";
}

$usquery = "UPDATE {$dbprefix}surveys \n"
. "SET short_title='{$_POST['short_title']}', description='{$_POST['description']}',\n"
. "admin='{$_POST['admin']}', welcome='".str_replace("\n", "<br />", $_POST['welcome'])."',\n"
. "useexpiry='{$_POST['useexpiry']}', expires={$_POST['expires']}, adminemail='{$_POST['adminemail']}',\n"
. "private='{$_POST['private']}', faxto='{$_POST['faxto']}',\n"
. "format='{$_POST['format']}', template='{$_POST['template']}',\n"
. "url='{$_POST['url']}', urldescrip='{$_POST['urldescrip']}',\n"
. "language='{$_POST['language']}', datestamp='{$_POST['datestamp']}', ipaddr='{$_POST['ipaddr']}', refurl='{$_POST['refurl']}',\n"
. "usecookie='{$_POST['usecookie']}', notification='{$_POST['notification']}',\n"
. "allowregister='{$_POST['allowregister']}', attribute1='{$_POST['attribute1']}',\n"
. "attribute2='{$_POST['attribute2']}', email_invite_subj='{$_POST['email_invite_subj']}',\n"
. "email_invite='{$_POST['email_invite']}', email_remind_subj='{$_POST['email_remind_subj']}',\n"
. "email_remind='{$_POST['email_remind']}', email_register_subj='{$_POST['email_register_subj']}',\n"
. "email_register='{$_POST['email_register']}', email_confirm_subj='{$_POST['email_confirm_subj']}',\n"
. "email_confirm='{$_POST['email_confirm']}', allowsave='{$_POST['allowsave']}',\n"
. "autoredirect='{$_POST['autoredirect']}', allowprev='{$_POST['allowprev']}'\n"
. "WHERE sid={$_POST['sid']}";
$usresult = $connect->Execute($usquery) or die("Error updating<br />".htmlspecialchars($usquery)."<br /><br /><strong>".htmlspecialchars($connect->ErrorMsg()));
if ($usresult)
{
$surveyselect = getsurveylist();
}
else
{
echo "<script type=\"text/javascript\">\n<!--\n alert(\""._("Survey could not be updated")."\n".$connect->ErrorMsg() ." ($usquery)\")\n //-->\n</script>\n";
}
}

elseif ($action == "delsurvey" && $actsurrows['delete_survey']) //can only happen if there are no groups, no questions, no answers etc.
{
$query = "DELETE FROM {$dbprefix}surveys WHERE sid=$surveyid";
$result = $connect->Execute($query);
if ($result)
{
$surveyid = "";
$surveyselect = getsurveylist();
}
else
{
echo "<script type=\"text/javascript\">\n<!--\n alert(\"Survey id($surveyid) was NOT DELETED!\n$error\")\n //-->\n</script>\n";
}
}
else
{
//echo "$action Not Yet Available!";
Expand Down
71 changes: 38 additions & 33 deletions admin/html.php
View file
Expand Up @@ -1300,14 +1300,15 @@
{
if($_SESSION['loginID'] == $_POST['uid'])
{
$usersummary = "<table width='100%' border='0'>\n\t<tr><td colspan='3' bgcolor='black' align='center'>\n"
$usersummary = "<table width='100%' border='0'>\n\t<tr><td colspan='4' bgcolor='black' align='center'>\n"
. "\t\t<strong>$setfont<font color='white'>"._("Modifying User")."</td></tr>\n"
. "\t<tr>\n"
. "\t\t<th>$setfont"._("Username")."</th>\n"
. "\t\t<th>$setfont"._("Email")."</font></th>\n"
. "\t\t<th>$setfont"._("Full name")."</th>\n"
. "\t\t<th>$setfont"._("Password")."</font></th>\n"
. "\t</tr>\n";
$muq = "SELECT a.user, DECODE(a.password, '{$codeString}') AS decpassword, a.email, a.uid, b.user AS parent FROM ".db_table_name('users')." AS a LEFT JOIN ".db_table_name('users')." AS b ON a.parent_id = b.uid WHERE a.uid='{$_POST['uid']}' LIMIT 1"; // added by Dennis
$muq = "SELECT a.user, DECODE(a.password, '{$codeString}') AS decpassword, a.full_name, a.email, a.uid, b.user AS parent FROM ".db_table_name('users')." AS a LEFT JOIN ".db_table_name('users')." AS b ON a.parent_id = b.uid WHERE a.uid='{$_POST['uid']}' LIMIT 1"; // added by Dennis
//echo($muq);

$mur = db_execute_assoc($muq);
Expand All @@ -1317,12 +1318,13 @@
$mrw = array_map('htmlspecialchars', $mrw);
$decodeString = "DECODE(a.password, '{$codeString}')"; // added by Dennis
$usersummary .= "\t<td align='center'>$setfont<strong>{$mrw['user']}</strong></font>\n"
. "\t<td align='center'>\n\t\t<input type='text' name='email' value=\"{$mrw['email']}\"></td>\n"
. "\t<td align='center'>\n\t\t<input type='text' name='email' value=\"{$mrw['email']}\"></td>\n"
. "\t<td align='center'>\n\t\t<input type='text' name='full_name' value=\"{$mrw['full_name']}\"></td>\n"
. "\t\t<input type='hidden' name='user' value=\"{$mrw['user']}\"></td>\n"
. "\t\t<input type='hidden' name='uid' value=\"{$mrw['uid']}\"></td>\n"; // added by Dennis
$usersummary .= "\t<td align='center'>\n\t\t<input type='text' name='pass' value=\"{$mrw['decpassword']}\"></td>\n";
}
$usersummary .= "\t</tr>\n\t<tr><td colspan='3' align='center'>\n"
$usersummary .= "\t</tr>\n\t<tr><td colspan='4' align='center'>\n"
. "\t\t<input type='submit' value='"._("Update")."'>\n"
. "<input type='hidden' name='action' value='moduser'></td></tr>\n"
. "</form></table>\n";
Expand All @@ -1331,7 +1333,7 @@
{
include("access_denied.php");
}
}
}

if ($action == "setuserrights")
{
Expand Down Expand Up @@ -1481,6 +1483,7 @@
. "\t<tr>\n"
. "\t\t<th>$setfont"._("Username")."</font></th>\n"
. "\t\t<th>$setfont"._("Email")."</font></th>\n"
. "\t\t<th>$setfont"._("Full name")."</font></th>\n"
. "\t\t<th>$setfont"._("Password")."</font></th>\n"
. "\t\t<th>$setfont"._("Creator")."</font></th>\n"
. "\t\t<th>$setfont"._("Action")."</font></th>\n"
Expand All @@ -1496,6 +1499,7 @@
$usersummary .= "\t<tr bgcolor='#999999'>\n"
. "\t<td align='center'><strong>$setfont{$usrhimself['user']}</font></strong></td>\n"
. "\t<td align='center'><strong>$setfont{$usrhimself['email']}</font></strong></td>\n"
. "\t\t<td align='center'><strong>$setfont{$usrhimself['full_name']}</font></strong></td>\n"
. "\t\t<td align='center'><strong>$setfont{$usrhimself['password']}</font></strong></td>\n";
if($usrhimself['parent_id']!=0) {
$usersummary .= "\t\t<td align='center'>$setfont{$usrhimself['parent']}</font></td>\n";
Expand Down Expand Up @@ -1540,7 +1544,8 @@
else $usersummary .= "\t<tr>\n";

$usersummary .= "\t<td align='center'>$setfont{$usr['user']}</font></td>\n"
. "\t<td align='center'><a href='mailto:{$usr['email']}'>$setfont{$usr['email']}</font></a></td>\n";
. "\t<td align='center'><a href='mailto:{$usr['email']}'>$setfont{$usr['email']}</font></a></td>\n"
. "\t<td align='center'>$setfont{$usr['full_name']}</td>\n";

// passwords of other users will not be displayed
$usersummary .= "\t\t<td align='center'>$setfont******</font></td>\n";
Expand Down Expand Up @@ -1609,6 +1614,7 @@
. "\t\t<tr>\n"
. "\t\t<td align='center'><input type='text' name='new_user'></td>\n"
. "\t\t<td align='center'><input type='text' name='new_email'></td>\n"
. "\t\t<td align='center'><input type='text' name='new_full_name'></td>\n"
. "\t\t<td align='center'><input type='submit' value='"._("Add User")."'>"
. "<input type='hidden' name='action' value='adduser'></td>\n"
. "\t</tr>\n";
Expand Down Expand Up @@ -2544,18 +2550,18 @@
if($isrresult)
{
$addsummary .= "<br />"._("User added.")."<br />\n";
}
else
{
// Username already exists.
$addsummary .= "<br /><strong>"._("Failed to add User.")."</strong><br />\n" . " " . _("Username already exists.")."<br />\n";
}
$addsummary .= "<br /><form method='post' action='$scriptname?sid={$surveyid}'>"
$addsummary .= "<br /><form method='post' action='$scriptname?sid={$surveyid}'>"
."<input type='submit' value='"._("Set Survey Rights")."'>"
."<input type='hidden' name='action' value='setsurveysecurity'>"
//."<input type='hidden' name='user' value='{$_POST['user']}'>"
."<input type='hidden' name='uid' value='{$_POST['uid']}'>"
."</form>\n";
}
else
{
// Username already exists.
$addsummary .= "<br /><strong>"._("Failed to add User.")."</strong><br />\n" . " " . _("Username already exists.")."<br />\n";
}
$addsummary .= "<br /><a href='$scriptname?action=surveysecurity&sid={$surveyid}'>"._("Continue")."</a><br />&nbsp;\n";
}
else
Expand All @@ -2580,7 +2586,7 @@
if($result->RecordCount() > 0)
{
if($_POST['ugid'] > 0){
$query2 = "SELECT a.uid FROM ".db_table_name('users')." AS a INNER JOIN (SELECT b.uid FROM ".db_table_name('surveys_rights')." AS c RIGHT JOIN ".db_table_name('user_in_groups')." AS b ON b.uid = c.uid WHERE c.uid IS NULL AND b.ugid = {$_POST['ugid']}) AS d ON a.uid = d.uid";
$query2 = "SELECT b.uid FROM (SELECT uid FROM ".db_table_name('surveys_rights')." WHERE sid = {$surveyid}) AS c RIGHT JOIN ".db_table_name('user_in_groups')." AS b ON b.uid = c.uid WHERE c.uid IS NULL AND b.ugid = {$_POST['ugid']}";
$result2 = db_execute_assoc($query2);
if($result2->RecordCount() > 0)
{
Expand All @@ -2589,28 +2595,27 @@
$uid_arr[] = $row2['uid'];
$values[] = "($surveyid, {$row2['uid']},0,0,0,0,0,0)";
}
}
$values_implode = implode(",", $values);
$values_implode = implode(",", $values);

$isrquery = "INSERT INTO {$dbprefix}surveys_rights VALUES ".$values_implode;
$isrresult = $connect->Execute($isrquery);

if($isrresult)
{
$addsummary .= "<br />"._("User Group added.")."<br />\n";
$_SESSION['uids'] = $uid_arr;
}
$isrquery = "INSERT INTO {$dbprefix}surveys_rights VALUES ".$values_implode;
$isrresult = $connect->Execute($isrquery);

if($isrresult)
{
$addsummary .= "<br />"._("User Group added.")."<br />\n";
$_SESSION['uids'] = $uid_arr;
$addsummary .= "<br /><form method='post' action='$scriptname?sid={$surveyid}'>"
."<input type='submit' value='"._("Set Survey Rights")."'>"
."<input type='hidden' name='action' value='setusergroupsurveysecurity'>"
."<input type='hidden' name='ugid' value='{$_POST['ugid']}'>"
."</form>\n";
}
}
else
{
// Users already exists.
// no user to add
$addsummary .= "<br /><strong>"._("Failed to add User Group.")."</strong><br />\n";
}
$addsummary .= "<br /><form method='post' action='$scriptname?sid={$surveyid}'>"
."<input type='submit' value='"._("Set Survey Rights")."'>"
."<input type='hidden' name='action' value='setusergroupsurveysecurity'>"
//."<input type='hidden' name='user' value='{$_POST['user']}'>"
."<input type='hidden' name='ugid' value='{$_POST['ugid']}'>"
."</form>\n";
}
$addsummary .= "<br /><a href='$scriptname?action=surveysecurity&sid={$surveyid}'>"._("Continue")."</a><br />&nbsp;\n";
}
else
Expand Down Expand Up @@ -2961,7 +2966,7 @@
. "\t<tr><td align='right' valign='top'><font class='settingcaption'>"._("Description:")."</font></td>\n"
. "\t\t<td><textarea cols='50' rows='5' name='description'>{$esrow['description']}</textarea></td></tr>\n"
. "\t<tr><td align='right' valign='top'><font class='settingcaption'>"._("Welcome:")."</font></td>\n"
. "\t\t<td><textarea cols='50' rows='5' name='welcome'>".str_replace("<br />", "\n", $esrow['welcome'])."</textarea></td></tr>\n"
. "\t\t<td><textarea cols='50' rows='5' name='welcome'>".str_replace("&lt;br /&gt;", "\n", $esrow['welcome'])."</textarea></td></tr>\n"
. "\t<tr><td align='right'><font class='settingcaption'>"._("Administrator:")."</font></td>\n"
. "\t\t<td><input type='text' size='50' name='admin' value=\"{$esrow['admin']}\"></td></tr>\n"
. "\t<tr><td align='right'><font class='settingcaption'>"._("Admin Email:")."</font></td>\n"
Expand Down
11 changes: 10 additions & 1 deletion admin/importsurvey.php
View file
Expand Up @@ -317,7 +317,16 @@
$sfieldcontents=convertToArray($insert, "', '", "('", "')");
$creator_id_pos=array_search("creator_id", $sfieldorders);
$creator_id=$sfieldcontents[$creator_id_pos];
$insert = str_replace("('$surveyid', '$creator_id',", "('$newsid', '{$_SESSION['loginID']}',", $insert);
if($creator_id_pos)
{
$insert = str_replace("('$surveyid', '$creator_id',", "('$newsid', '{$_SESSION['loginID']}',", $insert);
}
else // old format
{
$insert = str_replace("(`sid`, ", "(`sid`, `creator_id`,", $insert);
$insert = str_replace("('$surveyid',", "('$newsid', '{$_SESSION['loginID']}',", $insert);
}

$insert = str_replace("INTO surveys", "INTO {$dbprefix}surveys", $insert); //handle db prefix
$iresult = $connect->Execute($insert) or die("<br />"._("Import of this survey file failed")."<br />\n<font size='1'>[$insert]</font><hr>$tablearray[0]<br /><br />\n" . $connect->ErrorMsg() . "</body>\n</html>");

Expand Down
3 changes: 2 additions & 1 deletion admin/install/create-mysql.sql
View file
Expand Up @@ -220,6 +220,7 @@ CREATE TABLE `prefix_users` (
`uid` int(11) NOT NULL auto_increment PRIMARY KEY,
`user` varchar(20) NOT NULL UNIQUE default '',
`password` BLOB NOT NULL default '',
`full_name` varchar(50) NOT NULL,
`parent_id` int(10) unsigned NOT NULL,
`lang` varchar(20),
`email` varchar(50) NOT NULL UNIQUE,
Expand Down Expand Up @@ -274,5 +275,5 @@ INSERT INTO `prefix_settings_global` VALUES ('DBVersion', '109');
--
-- Table `users`
--
INSERT INTO `prefix_users` VALUES (NULL, '$defaultuser', ENCODE('$defaultpass','$codeString'), 0, '$defaultlang', '$siteadminemail', 1,1,1,1,1,1,1);
INSERT INTO `prefix_users` VALUES (NULL, '$defaultuser', ENCODE('$defaultpass','$codeString'), '', 0, '$defaultlang', '$siteadminemail', 1,1,1,1,1,1,1);

0 comments on commit 659a9b0

Please sign in to comment.