Fixed #4853: Survey runtime broken because of token checks

git-svn-id: file:///Users/Shitiz/Downloads/lssvn/source/limesurvey@9668 b72ed6b6-b9f8-46b5-92b4-906544132732
LimeSurvey · Jan 10, 2011 · e2a5e5a · e2a5e5a
1 parent cedb88d
commit e2a5e5a
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 6 deletions.
diff --git a/common_functions.php b/common_functions.php
@@ -7947,14 +7947,18 @@ function db_rename_table($oldtable, $newtable)
 }
 
 /**
-* Checks if a token has been already used
+* Returns true when a token can be used
+*
 * @param mixed $tid Token
 */
 function usedTokens($token)
 {
     global $connect, $dbprefix, $surveyid;
-    $tid = $connect->getOne("SELECT tid from {$dbprefix}tokens_$surveyid WHERE token=".db_quoteall($token));
-    $utresult = $connect->getOne($utquery);
+    $utresult = true;
+    $tInfo = $connect->getRow("SELECT tid, usesleft from {$dbprefix}tokens_$surveyid WHERE token=".db_quoteall($token));
+    if (!$tInfo === false) {
+        if ($tInfo['usesleft']>0) $utresult = false;
+    }
     return $utresult;
 }
 

diff --git a/group.php b/group.php
@@ -361,7 +361,9 @@
         exit;
     }
     echo "\n<input type='hidden' name='sid' value='$surveyid' id='sid' />\n";
-    echo "\n<input type='hidden' name='token' value='$token' id='token' />\n";
+    if (isset($token) && !empty($token))                    {
+        echo "\n<input type='hidden' name='token' value='$token' id='token' />\n";
+    }
     echo "\n</form>\n";
     echo templatereplace(file_get_contents("$thistpl/endpage.pstpl"));
     doFooter();
@@ -1394,7 +1396,9 @@ function checkconditions(value, name, type)
     echo "<input type='hidden' name='thisstep' value='{$_SESSION['step']}' id='thisstep' />\n";
     echo "<input type='hidden' name='sid' value='$surveyid' id='sid' />\n";
     echo "<input type='hidden' name='start_time' value='".time()."' id='start_time' />\n";
-    echo "<input type='hidden' name='token' value='$token' id='token' />\n";
+    if (isset($token) && !empty($token)) {
+        echo "\n<input type='hidden' name='token' value='$token' id='token' />\n";
+    }
     echo "</form>\n";
 
     echo templatereplace(file_get_contents("$thistpl/endpage.pstpl"));

diff --git a/index.php b/index.php
@@ -3406,7 +3406,9 @@ function display_first_page() {
         echo "<center><font color='red' size='2'>".$clang->gT("This survey is currently not active. You will not be able to save your responses.")."</font></center>\n";
     }
     echo "\n<input type='hidden' name='sid' value='$surveyid' id='sid' />\n";
-    echo "\n<input type='hidden' name='token' value='$token' id='token' />\n";
+    if (isset($token) && !empty($token)) {
+        echo "\n<input type='hidden' name='token' value='$token' id='token' />\n";
+    }
     echo "\n<input type='hidden' name='lastgroupname' value='_WELCOME_SCREEN_' id='lastgroupname' />\n"; //This is to ensure consistency with mandatory checks, and new group test
     echo "\n</form>\n";
     echo templatereplace(file_get_contents("$thistpl/endpage.pstpl"));