From 78b6e79a35f0abd87dcccc50032816dc356ef8bb Mon Sep 17 00:00:00 2001 From: Carsten Schmitz Date: Sun, 6 May 2007 12:45:34 +0000 Subject: [PATCH] Several checks to make sure that - the database is up to date - mbstring library is installed - PHPVersion meets minimum requirement . MySQL version meets minimum requirement - Installation dir is deleted (Check can be switched of by setting $debug to 1) git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/phpsurveyor@2849 b72ed6b6-b9f8-46b5-92b4-906544132732 --- admin/admin.php | 2 +- admin/install/index.php | 191 ++++++++++++++++++-------------- admin/install/upgrade-mysql.php | 113 ++++++++++++------- common.php | 136 +++++++++++++++-------- index.php | 30 +++-- register.php | 32 +++--- 6 files changed, 314 insertions(+), 190 deletions(-) diff --git a/admin/admin.php b/admin/admin.php index 560a88d8369..b3e7bbc15a6 100644 --- a/admin/admin.php +++ b/admin/admin.php @@ -386,4 +386,4 @@ function helpscreen() -?> +?> \ No newline at end of file diff --git a/admin/install/index.php b/admin/install/index.php index 941b2692cd9..a49fb8ffc08 100644 --- a/admin/install/index.php +++ b/admin/install/index.php @@ -1,81 +1,110 @@ ->> PHPSurveyor # -############################################################# -# > Author: Jason Cleeland # -# > E-mail: jason@cleeland.org # -# > Mail: Box 99, Trades Hall, 54 Victoria St, # -# > CARLTON SOUTH 3053, AUSTRALIA # -# > Date: 20 February 2003 # -# # -# This set of scripts allows you to develop, publish and # -# perform data-entry on surveys. # -############################################################# -# # -# Copyright (C) 2003 Jason Cleeland # -# # -# This program is free software; you can redistribute # -# it and/or modify it under the terms of the GNU General # -# Public License Version 2 as published by the Free # -# Software Foundation. # -# # -# # -# This program is distributed in the hope that it will be # -# useful, but WITHOUT ANY WARRANTY; without even the # -# implied warranty of MERCHANTABILITY or FITNESS FOR A # -# PARTICULAR PURPOSE. See the GNU General Public License # -# for more details. # -# # -# You should have received a copy of the GNU General # -# Public License along with this program; if not, write to # -# the Free Software Foundation, Inc., 59 Temple Place - # -# Suite 330, Boston, MA 02111-1307, USA. # -############################################################# -*/ - -require_once(dirname(__FILE__).'/../../config.php'); // config.php itself includes common.php -$adminoutput=''; // Alle future output is written into this and then outputted at the end of file -// SET THE LANGUAGE???? -> DEFAULT SET TO EN FOR NOW -require_once($rootdir.'/classes/core/language.php'); -$clang = new phpsurveyor_lang("en"); - -if (!$database_exists) -{ - $adminoutput.= "
\n" - ."\n" - ."\t\n" - ."\t
" - .$clang->gT("PHPSurveyor Setup")."
\n" - ."".$clang->gT("Welcome to PHPSurveyor Setup!")."

\n" - .$clang->gT("The database defined in config.php does not exist.")."
\n" - .$clang->gT("PHPSurveyor can attempt to create this database for you.")."

\n" - .$clang->gT("Your selected database name is:")." $databasename
\n" - ."
\n" - ."
\n" - ."\n\n"; -} - elseif ($dbexistsbutempty && !(returnglobal('createdbstep2')==$clang->gT("Populate Database"))) -{ - $connect->database = $databasename; - $connect->Execute("USE DATABASE `$databasename`"); - $adminoutput.= "\n" - ."\t\n" - ."\t
" - .$clang->gT("PHPSurveyor Setup")."
\n"; - $adminoutput.= "
\n"; - $adminoutput.= sprintf($clang->gT('A database named "%s" does already exist.'),$databasename)."

\n"; - $adminoutput.= $clang->gT("Do you want to populate that database now by creating the necessary tables?")."

\n"; - $adminoutput.= "
"; - $adminoutput.= "
"; - } -else - { - //DB EXISTS, CHECK FOR APPROPRIATE UPGRADES - checkforupgrades(); - } -sendcacheheaders(); -echo $adminoutput; - -?> +>> PHPSurveyor # +############################################################# +# > Author: Jason Cleeland # +# > E-mail: jason@cleeland.org # +# > Mail: Box 99, Trades Hall, 54 Victoria St, # +# > CARLTON SOUTH 3053, AUSTRALIA # +# > Date: 20 February 2003 # +# # +# This set of scripts allows you to develop, publish and # +# perform data-entry on surveys. # +############################################################# +# # +# Copyright (C) 2003 Jason Cleeland # +# # +# This program is free software; you can redistribute # +# it and/or modify it under the terms of the GNU General # +# Public License Version 2 as published by the Free # +# Software Foundation. # +# # +# # +# This program is distributed in the hope that it will be # +# useful, but WITHOUT ANY WARRANTY; without even the # +# implied warranty of MERCHANTABILITY or FITNESS FOR A # +# PARTICULAR PURPOSE. See the GNU General Public License # +# for more details. # +# # +# You should have received a copy of the GNU General # +# Public License along with this program; if not, write to # +# the Free Software Foundation, Inc., 59 Temple Place - # +# Suite 330, Boston, MA 02111-1307, USA. # +############################################################# +*/ + +require_once(dirname(__FILE__).'/../../config.php'); // config.php itself includes common.php +$adminoutput=''; // Alle future output is written into this and then outputted at the end of file +// SET THE LANGUAGE???? -> DEFAULT SET TO EN FOR NOW +require_once($rootdir.'/classes/core/language.php'); +$clang = new phpsurveyor_lang("en"); +ob_implicit_flush(true); +sendcacheheaders(); + +if (!$database_exists) +{ + $adminoutput.= "
\n" + ."\n" + ."\t\n" + ."\t
" + .$clang->gT("PHPSurveyor Setup")."
\n" + ."".$clang->gT("Welcome to PHPSurveyor Setup!")."

\n" + .$clang->gT("The database defined in config.php does not exist.")."
\n" + .$clang->gT("PHPSurveyor can attempt to create this database for you.")."

\n" + .$clang->gT("Your selected database name is:")." $databasename
\n" + ."
\n" + ."
\n" + ."\n\n"; +} + elseif ($dbexistsbutempty && !(returnglobal('createdbstep2')==$clang->gT("Populate Database"))) +{ + $connect->database = $databasename; + $connect->Execute("USE DATABASE `$databasename`"); + $adminoutput.= "\n" + ."\t\n" + ."\t
" + .$clang->gT("PHPSurveyor Setup")."
\n"; + $adminoutput.= "
\n"; + $adminoutput.= sprintf($clang->gT('A database named "%s" does already exist.'),$databasename)."

\n"; + $adminoutput.= $clang->gT("Do you want to populate that database now by creating the necessary tables?")."

\n"; + $adminoutput.= "
"; + $adminoutput.= "
"; + } +else + { + //DB EXISTS, CHECK FOR APPROPRIATE UPGRADES + $connect->database = $databasename; + $connect->Execute("USE DATABASE `$databasename`"); + $output=checkforupgrades(); + if (!isset($ouput)) {$adminoutput.='
PHPSurveyor Database is up to date. No action needed';} + else {$adminoutput.=$output;} + $adminoutput.="
Please log in."; + + } +echo $adminoutput; + + +// This functions checks if the databaseversion in the settings table is the same one as required +function checkforupgrades() +{ + global $connect, $databasetype, $dbprefix, $dbversionnumber, $clang; + $adminoutput=''; + include ('upgrade-'.$databasetype.'.php'); + $tables = $connect->MetaTables(); + + $usquery = "SELECT stg_value FROM ".db_table_name("settings_global")." where stg_name='DBVersion'"; + $usresult = db_execute_assoc($usquery); + $usrow = $usresult->FetchRow(); + if (intval($usrow['stg_value'])<$dbversionnumber) + { + db_upgrade(intval($usrow['stg_value'])); + $adminoutput="
".$clang->gT("Database has been successfully upgraded to version ".$dbversionnumber); + } + + return $adminoutput; +} + + +?> \ No newline at end of file diff --git a/admin/install/upgrade-mysql.php b/admin/install/upgrade-mysql.php index 1b829e5c315..adcad6e5689 100644 --- a/admin/install/upgrade-mysql.php +++ b/admin/install/upgrade-mysql.php @@ -1,37 +1,76 @@ - +\n"; + if ($oldversion < 111) { + // Language upgrades from version 110 to 111 since the language names did change + + $oldnewlanguages=array('german_informal'=>'german-informal', + 'cns'=>'cn-Hans', + 'cnt'=>'cn-Hant', + 'pt_br'=>'pt-BR', + 'gr'=>'el', + 'jp'=>'ja', + 'si'=>'sl', + 'se'=>'sv', + 'vn'=>'vi'); + + foreach ($oldnewlanguages as $oldlang=>$newlang) + { + modify_database("","update `prefix_answers` set `language`='$newlang' where language='$oldlang'"); echo $modifyoutput; flush(); + modify_database("","update `prefix_questions` set `language`='$newlang' where language='$oldlang'");echo $modifyoutput;flush(); + modify_database("","update `prefix_groups` set `language`='$newlang' where language='$oldlang'");echo $modifyoutput;flush(); + modify_database("","update `prefix_labels` set `language`='$newlang' where language='$oldlang'");echo $modifyoutput;flush(); + modify_database("","update `prefix_surveys` set `language`='$newlang' where language='$oldlang'");echo $modifyoutput;flush(); + modify_database("","update `prefix_surveys_languagesettings` set `surveyls_language`='$newlang' where surveyls_language='$oldlang'");echo $modifyoutput;flush(); + modify_database("","update `prefix_users` set `lang`='$newlang' where lang='$oldlang'");echo $modifyoutput;flush(); + } + + + + $resultdata=db_execute_assoc("select * from ".db_table_name("labelsets")); + while ($datarow = $resultdata->FetchRow()){ + $toreplace=$datarow['languages']; + $toreplace=str_replace('german_informal','german-informal',$toreplace); + $toreplace=str_replace('cns','cn-Hans',$toreplace); + $toreplace=str_replace('cnt','cn-Hant',$toreplace); + $toreplace=str_replace('pt_br','pt-BR',$toreplace); + $toreplace=str_replace('gr','el',$toreplace); + $toreplace=str_replace('jp','ja',$toreplace); + $toreplace=str_replace('si','sl',$toreplace); + $toreplace=str_replace('se','sv',$toreplace); + $toreplace=str_replace('vn','vi',$toreplace); + modify_database("","update `prefix_labelsets` set `languages`='$toreplace' where lid=".$datarow['lid']);echo $modifyoutput;flush(); + } + + + $resultdata=db_execute_assoc("select * from ".db_table_name("surveys")); + while ($datarow = $resultdata->FetchRow()){ + $toreplace=$datarow['additional_languages']; + $toreplace=str_replace('german_informal','german-informal',$toreplace); + $toreplace=str_replace('cns','cn-Hans',$toreplace); + $toreplace=str_replace('cnt','cn-Hant',$toreplace); + $toreplace=str_replace('pt_br','pt-BR',$toreplace); + $toreplace=str_replace('gr','el',$toreplace); + $toreplace=str_replace('jp','ja',$toreplace); + $toreplace=str_replace('si','sl',$toreplace); + $toreplace=str_replace('se','sv',$toreplace); + $toreplace=str_replace('vn','vi',$toreplace); + modify_database("","update `prefix_surveys` set `additional_languages`='$toreplace' where sid=".$datarow['sid']);echo $modifyoutput;flush(); + } + modify_database("","update `prefix_settings_global` set `stg_value`='111' where stg_name='DBVersion'"); echo $modifyoutput; + + } + + + return true; +} + +?> \ No newline at end of file diff --git a/common.php b/common.php index 28d4ebefc62..76e964ba089 100644 --- a/common.php +++ b/common.php @@ -42,10 +42,29 @@ if ($debug==1) { error_reporting(E_ALL); //For debug purposes - switch on in config.phh - } + } @set_time_limit(60); // Maximum execution time - works only if safe_mode is off +// Now check for PHP & db version +// Do not translate this! +$ver = explode( '.', PHP_VERSION ); +$ver_num = $ver[0] . $ver[1] . $ver[2]; +$dieoutput=''; +if ( $ver_num < 420 ) +{ + $dieoutput .= 'This script needs PHP 4.2.0 or above! Your version: '.phpversion().'
'; +} + +if (!function_exists('mb_convert_encoding')) +{ + $dieoutput .= "This script needs the PHP Multibyte String Functions library installed: See FAQ and PHP documentation
"; +} +if ($dieoutput!='') die($dieoutput); + + + + ################################################################################## ## DO NOT EDIT BELOW HERE ################################################################################## @@ -109,29 +128,59 @@ break; case "odbc_mssql": $dbport="Driver={SQL Server};Server=$databaselocation;Database=".$databasename; break; - default: echo "Unknown database type"; die; + default: die("Unknown database type"); } - +// Now try connecting to the database if (@$connect->Connect($dbport, $databaseuser, $databasepass, $databasename)) { $database_exists = TRUE;} else { + // If that doesnt work try connection without database-name $connect->database = ''; if ($databasetype=='odbc_mssql') {$dbport="Driver={SQL Server};Server=$databaselocation;";} - $connect->Connect($dbport, $databaseuser, $databasepass); + if (!@$connect->Connect($dbport, $databaseuser, $databasepass)) + { + Die("Can't connect to PHPSurveyor database. Reason: ".$connect->ErrorMsg()); + } } -# TODO: seems to be defaulting to ADODB_FETCH_NUM. New behaviour - can't see why +# AdoDB seems to be defaulting to ADODB_FETCH_NUM $connect->SetFetchMode(ADODB_FETCH_ASSOC); $dbexistsbutempty=($database_exists && checkifemptydb()); + if ($databasetype=='mysql') { - if ($debug==1) { @$connect->Execute("SET SESSION SQL_MODE='STRICT_ALL_TABLES,ANSI'"); } - $connect->Execute("SET CHARACTER SET 'utf8'"); + if ($debug==1) { @$connect->Execute("SET SESSION SQL_MODE='STRICT_ALL_TABLES,ANSI'"); } + $infoarray=$connect->ServerInfo(); + if (version_compare ($infoarray['version'],'4.1','<')) + { + Die ("
Error: You need at least MySQL version 4.1 to run PHPSurveyor"); + } + @$connect->Execute("SET CHARACTER SET 'utf8'"); +} + + +// Check if the DB is up to date +If (!$dbexistsbutempty && $sourcefrom=='admin') +{ + $usquery = "SELECT stg_value FROM ".db_table_name("settings_global")." where stg_name='DBVersion'"; + $usresult = db_execute_assoc($usquery); + $usrow = $usresult->FetchRow(); + if (intval($usrow['stg_value'])<$dbversionnumber) + { + Die ("
The PHPSurveyor database is not up to date. Please run the install script."); + } + + if (is_dir($homedir."/install") && $debug!=1) + { + Die ("
Everything is fine - you just forgot to delete or rename your PHPSurveyor installation directory.
Please do so since it may be a security risk."); + } + } + //Admin menus and standards //IF THIS IS AN ADMIN SCRIPT, RUN THE SESSIONCONTROL SCRIPT if ($sourcefrom == "admin") @@ -325,7 +374,7 @@ function &db_execute_num($sql,$inputarr=false) { global $connect; -// Todo: Set fetchmode to previous state after changing +// Todo: Set fetchmode to previous state after changing //$oldfetchmode= $connect->SetFetchMode(ADODB_FETCH_NUM); $dataset=$connect->Execute($sql,$inputarr); @@ -964,30 +1013,6 @@ function checkifemptydb() else {Return(true);} } - -// This functions checks if the databaseversion in the settings table is the same one as required -// If no settings table does exists it is a upgrade from <=1.0 (mysql only) -// Then the old checker script is run prior to the standard upgrade -function checkforupgrades() -{ - global $connect, $databasetype, $dbprefix, $dbversionnumber; - include ('admin/install/upgrade-'.$databasetype.'.php'); - $tables = $connect->MetaTables(); - - if ($databasetype=='mysql') - { - $usquery = 'SELECT stg_value FROM '.db_table_name("settings_global").' where stg_name="DBVersion"'; - $usresult = db_execute_assoc($usquery); - if ($usresult->RecordCount()==0) {mysqlcheckfields();} - else - { - $usrow = $usresult->FetchRow(); - if (intval($usrow['stg_value'])<$dbversionnumber) {db_upgrade(intval($usrow['stg_value']));} - } - } -} - - function checkfortables() { global $scriptname, $dbprefix, $setfont, $connect, $clang; @@ -2656,7 +2681,7 @@ function getArrayFiltersOutGroup($qid) * @return bool Returns true if database was modified successfully. */ function modify_database($sqlfile='', $sqlstring='') { - + global $dbprefix; global $defaultuser; global $defaultpass; @@ -2665,10 +2690,14 @@ function modify_database($sqlfile='', $sqlstring='') { global $defaultlang; global $codeString; global $rootdir; + global $connect; + global $clang; + global $modifyoutput; require_once($rootdir."/admin/classes/core/SHA256.php"); - + $success = true; // Let's be optimistic + $modifyoutput=''; if (!empty($sqlfile)) { if (!is_readable($sqlfile)) { @@ -2694,17 +2723,23 @@ function modify_database($sqlfile='', $sqlstring='') { if ($length and $line[0] <> '#' and substr($line,0,2) <> '--') { if (substr($line, $length-1, 1) == ';') { - $line = substr($line, 0, $length-1); // strip ; + $line = substr($line, 0, $length-1); // strip ; $command .= $line; $command = str_replace('prefix_', $dbprefix, $command); // Table prefixes $command = str_replace('$defaultuser', $defaultuser, $command); // variables By Moses $command = str_replace('$defaultpass', SHA256::hash($defaultpass), $command); // variables By Moses - $command = str_replace('$siteadminname', $siteadminname, $command); + $command = str_replace('$siteadminname', $siteadminname, $command); $command = str_replace('$siteadminemail', $siteadminemail, $command); // variables By Moses $command = str_replace('$defaultlang', $defaultlang, $command); // variables By Moses - if (! db_execute_num($command)) { echo $command; - $success = false; + if (! db_execute_num($command)) { + $modifyoutput .="
".$clang->gT("Executing").".....".$command."...".$clang->gT("Failed! Reason: ").$connect->ErrorMsg().""; + $success = false; } + else + { + $modifyoutput .="
".$clang->gT("Executing").".....".$command."...".$clang->gT("Success!").""; + } + $command = ''; } else { $command .= $line; @@ -2716,6 +2751,14 @@ function modify_database($sqlfile='', $sqlstring='') { } + + + + + + + + function strip_tags_full($string) { $string=strip_tags($string); @@ -2742,9 +2785,9 @@ function strip_tags_full($string) { $string=str_replace('??', '?', $string); $string=str_replace('??', '?', $string); $string=str_replace('?~H', '?', $string); - + $string=str_replace(chr(13), "", $string); - + $string=trim($string); if ($string == '-oth-') $string=''; @@ -3041,8 +3084,7 @@ function languageDropdown($surveyid,$selected) return $html; } -//RL functions -function languageDropdownClean($surveyid,$selected) +function languageDropdownClean($surveyid,$selected) { $slangs = GetAdditionalLanguagesFromSurveyID($surveyid); $baselang = GetBaseLanguageFromSurveyID($surveyid); @@ -3057,7 +3099,7 @@ function languageDropdownClean($surveyid,$selected) return $html; } -function GetGroupstoRandomize($surveyid){ +/*function GetGroupstoRandomize($surveyid){ global $connect; $query = "SELECT language, groupset FROM ".db_table_name('surveys')." WHERE sid=$surveyid"; $result = db_execute_num($query); @@ -3083,7 +3125,7 @@ function getgrouplistwithoutrandomset($surveyid) if (!$surveyid) {$surveyid=$_POST['sid'];} $s_lang = GetBaseLanguageFromSurveyID($surveyid); $theset = GetGroupstoRandomize($surveyid); - + $gidquery = "SELECT gid, group_name FROM ".db_table_name('groups')." WHERE sid='{$surveyid}' AND language='{$s_lang}' ORDER BY group_order"; // $gidresult = db_execute_num($gidquery) or die("Couldn't get group list in common.php
$gidquery
".htmlspecialchars($connect->ErrorMsg())); @@ -3095,7 +3137,7 @@ function getgrouplistwithoutrandomset($surveyid) } } return $groupselecter; -} +}*/ function include2var($file) //This function includes a file but doesn't output it - instead it writes it into the return variable @@ -3635,7 +3677,7 @@ function checkMovequestionConstraintsForConditions($sid,$qid,$newgid="all") // array_combine function is PHP5 only so we have to provide -// our own in case it doesn't exist like in PHP 4 +// our own in case it doesn't exist as in PHP 4 if (!function_exists('array_combine')) { function array_combine($a, $b) { $c = array(); @@ -3665,4 +3707,4 @@ function str_ireplace($search,$replace,$subject) } -?> +?> \ No newline at end of file diff --git a/index.php b/index.php index 99f4dd81622..228a19ac770 100644 --- a/index.php +++ b/index.php @@ -67,7 +67,7 @@ echo "\t\t

\n" ."\t\t\t".$clang->gT("ERROR")."
\n" ."\t\t\t".$clang->gT("We are sorry but your session has expired.")."
".$clang->gT("Either you have been inactive for too long or there were problems with your connection.")."
\n" - ."\t\t\t".sprintf ($clang->gT("Please contact %s (%s) for further assistance."), $siteadminname,$siteadminemail)."\n" + ."\t\t\t".$clang->gT("Please contact")." $siteadminname ( $siteadminemail ) ".$clang->gT("for further assistance").".\n" ."\t\t

\n"; echo templatereplace(file_get_contents("$tpldir/default/endpage.pstpl")); @@ -116,8 +116,8 @@ echo templatereplace(file_get_contents("$tpldir/default/startpage.pstpl")); echo "\t\t

\n" ."\t\t\t".$clang->gT("ERROR")."
\n" - ."\t\t\t".$clang->gT("You have not provided a survey identification number.")."
\n" - ."\t\t\t".sprintf ($clang->gT("Please contact %s (%s) for further assistance."), $siteadminname,$siteadminemail)."\n" + ."\t\t\t".$clang->gT("You have not provided a survey identification number")."
\n" + ."\t\t\t".$clang->gT("Please contact")." $siteadminname ( $siteadminemail ) ".$clang->gT("for further assistance")."\n" ."\t\t

\n"; echo templatereplace(file_get_contents("$tpldir/default/endpage.pstpl")); @@ -174,7 +174,9 @@ echo templatereplace(file_get_contents("$tpldir/default/startpage.pstpl")); echo "\t\t

\n" ."\t\t\t".$clang->gT("This survey is no longer available.")."

\n" - ."\t\t\t".sprintf ($clang->gT("Please contact %s (%s) for further assistance."), $thissurvey['adminname'],$thissurvey['adminemail'])."\n

\n"; + ."\t\t\t".$clang->gT("Please contact")." {$thissurvey['adminname']} ({$thissurvey['adminemail']}) " + .$clang->gT("for further assistance")."

\n"; + echo templatereplace(file_get_contents("$tpldir/default/endpage.pstpl")); doFooter(); exit; @@ -192,7 +194,8 @@ echo "\t\t

\n" ."\t\t\t".$clang->gT("Error")."
\n" ."\t\t\t".$clang->gT("You have already completed this survey.")."

\n" - ."\t\t\t".sprintf ($clang->gT("Please contact %s (%s) for further assistance."), $thissurvey['adminname'],$thissurvey['adminemail'])."\n

\n"; + ."\t\t\t".$clang->gT("Please contact")." {$thissurvey['adminname']} ({$thissurvey['adminemail']}) " + .$clang->gT("for further assistance")."

\n"; echo templatereplace(file_get_contents("$tpldir/default/endpage.pstpl")); doFooter(); @@ -294,6 +297,10 @@ ."(" ."{$thissurvey['adminemail']})

\n" ."\t".$clang->gT("Close this Window")."
 \n"; +// foreach(file("$thistpl/endpage.pstpl") as $op) +// { +// echo templatereplace($op); +// } echo templatereplace(file_get_contents("$thistpl/endpage.pstpl")); exit; } @@ -567,6 +574,7 @@ function checkgroupfordisplay($gid) if ($cfieldname == $cvalue) { //This condition is met + //Bugfix provided by Zoran Avtarovski if (!isset($distinctcqids[$row['cqid']]) || $distinctcqids[$row['cqid']] == 0) { $distinctcqids[$row['cqid']]=1; @@ -1594,9 +1602,7 @@ function UpdateFieldArray() reset($_SESSION['fieldarray']); while ( list($key) = each($_SESSION['fieldarray']) ) { - // This seems to only work in PHP 5 because of the referenced (&) array in the foreach construct - // foreach($_SESSION['fieldarray'] as &$questionarray) - $questionarray =& $_SESSION['fieldarray'][$key]; + $questionarray =& $_SESSION['fieldarray'][$key]; $query = "SELECT * FROM ".db_table_name('questions')." WHERE qid=".$questionarray[0]." AND language='".$_SESSION['s_lang']."'"; $result = db_execute_assoc($query) or die ("Couldn't get question
$query
".htmlspecialchars($connect->ErrorMsg())); @@ -1606,7 +1612,13 @@ function UpdateFieldArray() unset($questionarray); } } + +// This seems to only work in PHP 5 because of the referenced (&) array in the foreach construct +/* foreach($_SESSION['fieldarray'] as &$questionarray) + { + } + */ } -?> \ No newline at end of file +?> diff --git a/register.php b/register.php index e6ed39f662d..ecf564ac365 100644 --- a/register.php +++ b/register.php @@ -39,7 +39,7 @@ $surveyid=returnglobal('sid'); //This next line is for security reasons. It ensures that the $surveyid value is never anything but a number. -if (_PHPVERSION >= '4.2.0') {settype($surveyid, "int");} else {settype($surveyid, "integer");} +settype($surveyid, "int"); //Check that there is a SID if (!isset($surveyid)) @@ -92,22 +92,10 @@ exit; } -if (_PHPVERSION < "4.2.0") -{ - srand((double)microtime()*1000000); -} $insert = "NO"; while ($insert != "OK") { - if (isset($THISOS) && $THISOS == "solaris") - { - $nt1=db_execute_num("SELECT RAND()"); - while ($row=$nt1->FetchRow()) {$newtoken="R".(int)(sprintf("%09s", $row[0]*100000000));} - } - else - { - $newtoken = "R".sprintf("%09s", rand(1, 1000000000)); - } + $newtoken = randomkey(10); $ntquery = "SELECT * FROM {$dbprefix}tokens_$surveyid WHERE token='$newtoken'"; $ntresult = $connect->Execute($ntquery); if (!$ntresult->RecordCount()) {$insert = "OK";} @@ -201,4 +189,18 @@ function templatereplace1($line) $line=str_replace("{PERCENTCOMPLETE}", "", $line); return $line; } -?> + +function randomkey($length) +{ + $pattern = "1234567890"; + for($i=0;$i<$length;$i++) + { + if(isset($key)) + $key .= $pattern{rand(0,9)}; + else + $key = $pattern{rand(0,9)}; + } + return $key; +} + +?> \ No newline at end of file