本文整理匯總了PHP中sanitize_xss_string函數的典型用法代碼示例。如果您正苦於以下問題:PHP sanitize_xss_string函數的具體用法?PHP sanitize_xss_string怎麽用?PHP sanitize_xss_string使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了sanitize_xss_string函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的PHP代碼示例。
示例1: index
public function index()
{
$surveyid = intval(App()->request->getQuery('surveyid'));
$gid = intval(App()->request->getQuery('gid'));
$qid = intval(App()->request->getQuery('qid'));
$fieldtype = sanitize_xss_string(App()->request->getQuery('fieldtype'));
$action = sanitize_xss_string(App()->request->getQuery('action'));
if (!Yii::app()->session['loginID']) {
throw new CHttpException(401);
}
list($replacementFields, $isInstertAnswerEnabled) = $this->_getReplacementFields($fieldtype, $surveyid);
if ($isInstertAnswerEnabled === true) {
//2: Get all other questions that occur before this question that are pre-determined answer types
$fieldmap = createFieldMap($surveyid, 'full', false, false, getBaseLanguageFromSurveyID($surveyid));
$surveyInfo = getSurveyInfo($surveyid);
$surveyformat = $surveyInfo['format'];
// S, G, A
//Go through each question until we reach the current one
//error_log(print_r($qrows,true));
$questionlist = $this->_getQuestionList($action, $gid, $qid, $fieldmap, $fieldtype, $surveyformat);
$childQuestions = $this->_getChildQuestions($questionlist);
}
$data['countfields'] = count($replacementFields);
$data['replFields'] = $replacementFields;
if (isset($childQuestions)) {
$data['cquestions'] = $childQuestions;
}
if (isset($surveyformat)) {
$data['surveyformat'] = $surveyformat;
}
$this->getController()->render('/admin/limeReplacementFields_view', $data);
}
示例2: index
function index()
{
Yii::app()->loadHelper('admin/htmleditor');
$aData = array('ckLanguage' => sTranslateLangCode2CK(Yii::app()->session['adminlang']), 'sFieldName' => sanitize_xss_string(App()->request->getQuery('name')), 'sFieldText' => sanitize_xss_string(App()->request->getQuery('text')), 'sFieldType' => sanitize_xss_string(App()->request->getQuery('type')), 'sAction' => sanitize_paranoid_string(App()->request->getQuery('action')), 'iSurveyId' => sanitize_int(App()->request->getQuery('sid', 0)), 'iGroupId' => sanitize_int(App()->request->getQuery('gid', 0)), 'iQuestionId' => sanitize_int(App()->request->getQuery('qid', 0)));
if (!$aData['sFieldName']) {
$this->getController()->render('/admin/htmleditor/pop_nofields_view', $aData);
} else {
$aData['sControlIdEna'] = $aData['sFieldName'] . '_popupctrlena';
$aData['sControlIdDis'] = $aData['sFieldName'] . '_popupctrldis';
$aData['toolbarname'] = 'popup';
$aData['htmlformatoption'] = '';
if (in_array($aData['sFieldType'], array('email-inv', 'email-reg', 'email-conf', 'email-rem'))) {
$aData['htmlformatoption'] = ',fullPage:true';
}
$this->getController()->render('/admin/htmleditor/pop_editor_view', $aData);
}
}
示例3: while
$register_errormsg=$clang->gT("The email you used has already been registered.");
include "index.php";
exit;
}
$mayinsert = false;
while ($mayinsert != true)
{
$newtoken = sRandomChars(15);
$ntquery = "SELECT * FROM {$dbprefix}tokens_$surveyid WHERE token='$newtoken'";
$ntresult = $connect->Execute($ntquery); //Checked
if (!$ntresult->RecordCount()) {$mayinsert = true;}
}
$postfirstname=sanitize_xss_string(strip_tags(returnglobal('register_firstname')));
$postlastname=sanitize_xss_string(strip_tags(returnglobal('register_lastname')));
/*$postattribute1=sanitize_xss_string(strip_tags(returnglobal('register_attribute1')));
$postattribute2=sanitize_xss_string(strip_tags(returnglobal('register_attribute2'))); */
//Insert new entry into tokens db
$query = "INSERT INTO {$dbprefix}tokens_$surveyid\n"
. "(firstname, lastname, email, emailstatus, token)\n"
. "VALUES (?, ?, ?, ?, ?)";
$result = $connect->Execute($query, array($postfirstname,
$postlastname,
returnglobal('register_email'),
'OK',
$newtoken)
// $postattribute1, $postattribute2)
) or safe_die ($query."<br />".$connect->ErrorMsg()); //Checked - According to adodb docs the bound variables are quoted automatically
$tid=$connect->Insert_ID("{$dbprefix}tokens_$surveyid","tid");
示例4: delete
/**
* surveypermission::delete()
* Function responsible to delete a user/usergroup.
* @param mixed $surveyid
* @return void
*/
function delete($surveyid)
{
$aData['surveyid'] = $surveyid = sanitize_int($surveyid);
$aViewUrls = array();
$action = $_POST['action'];
$clang = Yii::app()->lang;
$imageurl = Yii::app()->getConfig('imageurl');
$postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false;
$postusergroupid = !empty($_POST['gid']) ? $_POST['gid'] : false;
if ($action == "delsurveysecurity") {
$addsummary = "<div class=\"header\">" . $clang->gT("Deleting User") . "</div>\n";
$addsummary .= "<div class=\"messagebox\">\n";
$result = Survey::model()->findAll('sid = :sid AND owner_id = :owner_id AND owner_id != :postuserid', array(':sid' => $surveyid, ':owner_id' => Yii::app()->session['loginID'], ':postuserid' => $postuserid));
if (count($result) > 0 || Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1) {
if (isset($postuserid)) {
$dbresult = Survey_permissions::model()->deleteAll('uid = :uid AND sid = :sid', array(':uid' => $postuserid, ':sid' => $surveyid));
$addsummary .= "<br />" . $clang->gT("Username") . ": " . sanitize_xss_string($_POST['user']) . "<br /><br />\n";
$addsummary .= "<div class=\"successheader\">" . $clang->gT("Success!") . "</div>\n";
} else {
$addsummary .= "<div class=\"warningheader\">" . $clang->gT("Could not delete user. User was not supplied.") . "</div>\n";
}
$addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . $clang->gT("Continue") . "\"/>\n";
} else {
accessDenied();
}
$addsummary .= "</div>\n";
$aViewUrls['output'] = $addsummary;
}
$this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
}
示例5: templatereplace
//.........這裏部分代碼省略.........
}
else
{
$_linkreplace = "<a href='{$thissurvey['surveyls_url']}'>{$thissurvey['surveyls_url']}</a>";
}
}
else
{
$_linkreplace='';
}
if (isset($clienttoken))
{
$token = $clienttoken;
}
else
{
$token = '';
}
if (!isset($_SESSION['s_lang']))
{
$_s_lang = 'en';
}
else
{
$_s_lang = $_SESSION['s_lang'];
}
$_clearall = "<input type='button' name='clearallbtn' value='" . $clang->gT("Exit and Clear Survey") . "' class='clearall' "
. "onclick=\"if (confirm('" . $clang->gT("Are you sure you want to clear all your responses?", 'js') . "')) {window.open('{$publicurl}/index.php?sid=$surveyid&move=clearall&lang=" . $_s_lang;
if (returnglobal('token'))
{
$_clearall .= "&token=" . urlencode(trim(sanitize_xss_string(strip_tags(returnglobal('token')))));
}
$_clearall .= "', '_self')}\" />";
if (isset($_SESSION['datestamp']))
{
$_datestamp = $_SESSION['datestamp'];
}
else
{
$_datestamp = '-';
}
//Set up save/load feature
if (isset($thissurvey['allowsave']) and $thissurvey['allowsave'] == "Y")
{
// Find out if the user has any saved data
if ($thissurvey['format'] == 'A')
{
if ($thissurvey['tokenanswerspersistence'] != 'Y')
{
$_saveall = "\t\t\t<input type='submit' name='loadall' value='" . $clang->gT("Load Unfinished Survey") . "' class='saveall' " . (($thissurvey['active'] != "Y") ? "disabled='disabled'" : "") . "/>"
. "\n\t\t\t<input type='button' name='saveallbtn' value='" . $clang->gT("Resume Later") . "' class='saveall' onclick=\"javascript:document.limesurvey.move.value = this.value;addHiddenField(document.getElementById('limesurvey'),'saveall',this.value);document.getElementById('limesurvey').submit();\" " . (($thissurvey['active'] != "Y") ? "disabled='disabled'" : "") . "/>"; // Show Save So Far button
}
else
{
$_saveall = "\t\t\t<input type='button' name='saveallbtn' value='" . $clang->gT("Resume Later") . "' class='saveall' onclick=\"javascript:document.limesurvey.move.value = this.value;addHiddenField(document.getElementById('limesurvey'),'saveall',this.value);document.getElementById('limesurvey').submit();\" " . (($thissurvey['active'] != "Y") ? "disabled='disabled'" : "") . "/>"; // Show Save So Far button
};
}
elseif (!isset($_SESSION['step']) || !$_SESSION['step'])
{ //First page, show LOAD
if ($thissurvey['tokenanswerspersistence'] != 'Y')
{
示例6: delete
/**
* surveypermission::delete()
* Function responsible to delete a user/usergroup.
* @param mixed $surveyid
* @return void
*/
function delete($surveyid)
{
$aData['surveyid'] = $surveyid = sanitize_int($surveyid);
$aViewUrls = array();
$action = App()->getRequest()->getParam('action');
$imageurl = Yii::app()->getConfig('imageurl');
$uid = App()->getRequest()->getParam('uid');
$gid = App()->getRequest()->getParam('gid');
$postuserid = !empty($uid) ? $uid : false;
$postusergroupid = !empty($gid) ? $gid : false;
// Not used
$userList = getUserList('onlyuidarray');
if ($postuserid && !in_array($postuserid, $userList)) {
$this->getController()->error('Access denied');
} elseif ($postusergroupid && !in_array($postusergroupid, $userList)) {
$this->getController()->error('Access denied');
}
if ($action == "delsurveysecurity") {
$addsummary = "<div id='edit-permission' class='side-body " . getSideBodyClass(false) . "'>";
$addsummary .= '<div class="row"><div class="col-lg-12 content-right">';
$addsummary .= "<div class=\"jumbotron message-box\">\n";
$addsummary .= "<h2>" . gT("Deleting User") . "</h2>\n";
if (Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'delete')) {
if (isset($postuserid)) {
$dbresult = Permission::model()->deleteAll("uid = :uid AND entity_id = :sid AND entity = 'survey'", array(':uid' => $postuserid, ':sid' => $surveyid));
$addsummary .= "<br />" . gT("Username") . ": " . sanitize_xss_string(App()->getRequest()->getParam('user')) . "<br /><br />\n";
$addsummary .= "<div class=\"successheader\">" . gT("Success!") . "</div>\n";
} else {
$addsummary .= "<div class=\"warningheader\">" . gT("Could not delete user. User was not supplied.") . "</div>\n";
}
$addsummary .= "<br/><input class='btn btn-default' type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . gT("Continue") . "\"/>\n";
} else {
$this->getController()->error('Access denied');
}
$addsummary .= "</div></div></div>\n";
$aViewUrls['output'] = $addsummary;
}
$aData['sidemenu']['state'] = false;
$surveyinfo = Survey::model()->findByPk($surveyid)->surveyinfo;
$aData['title_bar']['title'] = $surveyinfo['surveyls_title'] . "(" . gT("ID") . ":" . $surveyid . ")";
//$aData['surveybar']['savebutton']['form'] = 'frmeditgroup';
//$aData['surveybar']['closebutton']['url'] = 'admin/survey/sa/view/surveyid/'.$surveyid;
$this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
}
示例7: delete
/**
* surveypermission::delete()
* Function responsible to delete a user/usergroup.
* @param mixed $surveyid
* @return void
*/
function delete($surveyid)
{
$aData['surveyid'] = $surveyid = sanitize_int($surveyid);
$aViewUrls = array();
$action = $_POST['action'];
$imageurl = Yii::app()->getConfig('imageurl');
$postuserid = !empty($_POST['uid']) ? $_POST['uid'] : false;
$postusergroupid = !empty($_POST['gid']) ? $_POST['gid'] : false;
// Not used
if ($postuserid && !in_array($postuserid, getUserList('onlyuidarray'))) {
$this->getController()->error('Access denied');
} elseif ($postusergroupid && !in_array($postusergroupid, getUserList('onlyuidarray'))) {
$this->getController()->error('Access denied');
}
if ($action == "delsurveysecurity") {
$addsummary = "<div class=\"header\">" . gT("Deleting User") . "</div>\n";
$addsummary .= "<div class=\"messagebox\">\n";
if (Permission::model()->hasSurveyPermission($surveyid, 'surveysecurity', 'delete')) {
if (isset($postuserid)) {
$dbresult = Permission::model()->deleteAll("uid = :uid AND entity_id = :sid AND entity = 'survey'", array(':uid' => $postuserid, ':sid' => $surveyid));
$addsummary .= "<br />" . gT("Username") . ": " . sanitize_xss_string($_POST['user']) . "<br /><br />\n";
$addsummary .= "<div class=\"successheader\">" . gT("Success!") . "</div>\n";
} else {
$addsummary .= "<div class=\"warningheader\">" . gT("Could not delete user. User was not supplied.") . "</div>\n";
}
$addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('" . $this->getController()->createUrl('admin/surveypermission/sa/view/surveyid/' . $surveyid) . "', '_top')\" value=\"" . gT("Continue") . "\"/>\n";
} else {
$this->getController()->error('Access denied');
}
$addsummary .= "</div>\n";
$aViewUrls['output'] = $addsummary;
}
$this->_renderWrappedTemplate('authentication', $aViewUrls, $aData);
}
示例8: actionIndex
/**
* register::index()
* Process register form data and take appropriate action
* @return
*/
function actionIndex($iSurveyID = null)
{
Yii::app()->loadHelper('database');
Yii::app()->loadHelper('replacements');
$sLanguage = Yii::app()->request->getParam('lang', '');
if ($iSurveyID == null) {
$iSurveyID = Yii::app()->request->getPost('sid');
}
if (!$iSurveyID) {
$this->redirect(Yii::app()->baseUrl);
}
if ($sLanguage == "") {
$sBaseLanguage = Survey::model()->findByPk($iSurveyID)->language;
} else {
$sBaseLanguage = $sLanguage;
}
Yii::import('application.libraries.Limesurvey_lang');
Yii::app()->lang = new Limesurvey_lang($sBaseLanguage);
$clang = Yii::app()->lang;
$thissurvey = getSurveyInfo($iSurveyID, $sBaseLanguage);
$register_errormsg = "";
// Check the security question's answer
if (function_exists("ImageCreate") && isCaptchaEnabled('registrationscreen', $thissurvey['usecaptcha'])) {
if (!isset($_POST['loadsecurity']) || !isset($_SESSION['survey_' . $iSurveyID]['secanswer']) || Yii::app()->request->getPost('loadsecurity') != $_SESSION['survey_' . $iSurveyID]['secanswer']) {
$register_errormsg .= $clang->gT("The answer to the security question is incorrect.") . "<br />\n";
}
}
//Check that the email is a valid style address
if (!validateEmailAddress(Yii::app()->request->getPost('register_email'))) {
$register_errormsg .= $clang->gT("The email you used is not valid. Please try again.");
}
// Check for additional fields
$attributeinsertdata = array();
foreach (GetParticipantAttributes($iSurveyID) as $field => $data) {
if (empty($data['show_register']) || $data['show_register'] != 'Y') {
continue;
}
$value = sanitize_xss_string(Yii::app()->request->getPost('register_' . $field));
if (trim($value) == '' && $data['mandatory'] == 'Y') {
$register_errormsg .= sprintf($clang->gT("%s cannot be left empty"), $thissurvey['attributecaptions'][$field]);
}
$attributeinsertdata[$field] = $value;
}
if ($register_errormsg != "") {
$_SESSION['survey_' . $iSurveyID]['register_errormsg'] = $register_errormsg;
$this->redirect($this->createUrl("survey/index/sid/{$iSurveyID}", array('lang' => $sBaseLanguage)));
}
//Check if this email already exists in token database
$oToken = TokenDynamic::model($iSurveyID)->find('email=:email', array(':email' => Yii::app()->request->getPost('register_email')));
if ($oToken) {
$register_errormsg = $clang->gT("The email you used has already been registered.");
$_SESSION['survey_' . $iSurveyID]['register_errormsg'] = $register_errormsg;
$this->redirect($this->createUrl("survey/index/sid/{$iSurveyID}", array('lang' => $sBaseLanguage)));
//include "index.php";
//exit;
}
$mayinsert = false;
// Get the survey settings for token length
$tokenlength = $thissurvey['tokenlength'];
//if tokenlength is not set or there are other problems use the default value (15)
if (!isset($tokenlength) || $tokenlength == '') {
$tokenlength = 15;
}
while ($mayinsert != true) {
$newtoken = randomChars($tokenlength);
$oTokenExist = TokenDynamic::model($iSurveyID)->find('token=:token', array(':token' => $newtoken));
if (!$oTokenExist) {
$mayinsert = true;
}
}
$postfirstname = sanitize_xss_string(strip_tags(Yii::app()->request->getPost('register_firstname')));
$postlastname = sanitize_xss_string(strip_tags(Yii::app()->request->getPost('register_lastname')));
$starttime = sanitize_xss_string(Yii::app()->request->getPost('startdate'));
$endtime = sanitize_xss_string(Yii::app()->request->getPost('enddate'));
/*$postattribute1=sanitize_xss_string(strip_tags(returnGlobal('register_attribute1')));
$postattribute2=sanitize_xss_string(strip_tags(returnGlobal('register_attribute2'))); */
// Insert new entry into tokens db
$oToken = Token::create($thissurvey['sid']);
$oToken->firstname = $postfirstname;
$oToken->lastname = $postlastname;
$oToken->email = Yii::app()->request->getPost('register_email');
$oToken->emailstatus = 'OK';
$oToken->token = $newtoken;
if ($starttime && $endtime) {
$oToken->validfrom = $starttime;
$oToken->validuntil = $endtime;
}
$oToken->setAttributes($attributeinsertdata, false);
$result = $oToken->save();
//$tid = $oToken->tid;// Not needed any more
$fieldsarray["{ADMINNAME}"] = $thissurvey['adminname'];
$fieldsarray["{ADMINEMAIL}"] = $thissurvey['adminemail'];
$fieldsarray["{SURVEYNAME}"] = $thissurvey['name'];
$fieldsarray["{SURVEYDESCRIPTION}"] = $thissurvey['description'];
$fieldsarray["{FIRSTNAME}"] = $postfirstname;
//.........這裏部分代碼省略.........
示例9: actionIndex
/**
* register::index()
* Process register form data and take appropriate action
* @return
*/
function actionIndex($surveyid = null)
{
Yii::app()->loadHelper('database');
Yii::app()->loadHelper('replacements');
$postlang = Yii::app()->request->getPost('lang');
if ($surveyid == null) {
$surveyid = Yii::app()->request->getPost('sid');
}
if (!$surveyid) {
Yii::app()->request->redirect(Yii::app()->baseUrl);
}
// Get passed language from form, so that we dont loose this!
if (!isset($postlang) || $postlang == "" || !$postlang) {
$baselang = Survey::model()->findByPk($surveyid)->language;
Yii::import('application.libraries.Limesurvey_lang');
Yii::app()->lang = new Limesurvey_lang($baselang);
$clang = Yii::app()->lang;
} else {
Yii::import('application.libraries.Limesurvey_lang');
Yii::app()->lang = new Limesurvey_lang($postlang);
$clang = Yii::app()->lang;
$baselang = $postlang;
}
$thissurvey = getSurveyInfo($surveyid, $baselang);
$register_errormsg = "";
// Check the security question's answer
if (function_exists("ImageCreate") && isCaptchaEnabled('registrationscreen', $thissurvey['usecaptcha'])) {
if (!isset($_POST['loadsecurity']) || !isset($_SESSION['survey_' . $surveyid]['secanswer']) || Yii::app()->request->getPost('loadsecurity') != $_SESSION['survey_' . $surveyid]['secanswer']) {
$register_errormsg .= $clang->gT("The answer to the security question is incorrect.") . "<br />\n";
}
}
//Check that the email is a valid style address
if (!validateEmailAddress(Yii::app()->request->getPost('register_email'))) {
$register_errormsg .= $clang->gT("The email you used is not valid. Please try again.");
}
// Check for additional fields
$attributeinsertdata = array();
foreach (GetParticipantAttributes($surveyid) as $field => $data) {
if (empty($data['show_register']) || $data['show_register'] != 'Y') {
continue;
}
$value = sanitize_xss_string(Yii::app()->request->getPost('register_' . $field));
if (trim($value) == '' && $data['mandatory'] == 'Y') {
$register_errormsg .= sprintf($clang->gT("%s cannot be left empty"), $thissurvey['attributecaptions'][$field]);
}
$attributeinsertdata[$field] = $value;
}
if ($register_errormsg != "") {
$_SESSION['survey_' . $surveyid]['register_errormsg'] = $register_errormsg;
Yii::app()->request->redirect(Yii::app()->createUrl('survey/index/sid/' . $surveyid));
}
//Check if this email already exists in token database
$query = "SELECT email FROM {{tokens_{$surveyid}}}\n" . "WHERE email = '" . sanitize_email(Yii::app()->request->getPost('register_email')) . "'";
$usrow = Yii::app()->db->createCommand($query)->queryRow();
if ($usrow) {
$register_errormsg = $clang->gT("The email you used has already been registered.");
$_SESSION['survey_' . $surveyid]['register_errormsg'] = $register_errormsg;
Yii::app()->request->redirect(Yii::app()->createUrl('survey/index/sid/' . $surveyid));
//include "index.php";
//exit;
}
$mayinsert = false;
// Get the survey settings for token length
//$this->load->model("surveys_model");
$tlresult = Survey::model()->findAllByAttributes(array("sid" => $surveyid));
if (isset($tlresult[0])) {
$tlrow = $tlresult[0];
} else {
$tlrow = $tlresult;
}
$tokenlength = $tlrow['tokenlength'];
//if tokenlength is not set or there are other problems use the default value (15)
if (!isset($tokenlength) || $tokenlength == '') {
$tokenlength = 15;
}
while ($mayinsert != true) {
$newtoken = randomChars($tokenlength);
$ntquery = "SELECT * FROM {{tokens_{$surveyid}}} WHERE token='{$newtoken}'";
$usrow = Yii::app()->db->createCommand($ntquery)->queryRow();
if (!$usrow) {
$mayinsert = true;
}
}
$postfirstname = sanitize_xss_string(strip_tags(Yii::app()->request->getPost('register_firstname')));
$postlastname = sanitize_xss_string(strip_tags(Yii::app()->request->getPost('register_lastname')));
$starttime = sanitize_xss_string(Yii::app()->request->getPost('startdate'));
$endtime = sanitize_xss_string(Yii::app()->request->getPost('enddate'));
/*$postattribute1=sanitize_xss_string(strip_tags(returnGlobal('register_attribute1')));
$postattribute2=sanitize_xss_string(strip_tags(returnGlobal('register_attribute2'))); */
// Insert new entry into tokens db
Tokens_dynamic::sid($thissurvey['sid']);
$token = new Tokens_dynamic();
$token->firstname = $postfirstname;
$token->lastname = $postlastname;
$token->email = Yii::app()->request->getPost('register_email');
//.........這裏部分代碼省略.........
示例10: AND
$usersummary = "<div class=\"header\">".$clang->gT("Delete User")."</div>\n";
$usersummary .= "<div class=\"messagebox\">\n";
if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
{
$ugid = $postusergroupid;
$uid = $postuserid;
$query = "SELECT ugid, owner_id FROM ".db_table_name('user_groups')." WHERE ugid = ".$ugid." AND ((owner_id = ".$_SESSION['loginID']." AND owner_id != ".$uid.") OR (owner_id != ".$_SESSION['loginID']." AND $uid = ".$_SESSION['loginID']."))";
$result = db_execute_assoc($query); //Checked
if($result->RecordCount() > 0)
{
$remquery = "DELETE FROM ".db_table_name('user_in_groups')." WHERE ugid = {$ugid} AND uid = {$uid}";
if($connect->Execute($remquery)) //Checked
{
$usersummary .= "<br />".$clang->gT("Username").": ".sanitize_xss_string(strip_tags($_POST['user']))."<br /><br />\n";
$usersummary .= "<div class=\"successheader\">".$clang->gT("Success!")."</div>\n";
}
else
{
$usersummary .= "<div class=\"warningheader\">".$clang->gT("Could not delete user. User was not supplied.")."</div>\n";
}
}
else
{
include("access_denied.php");
}
if($_SESSION['loginID'] != $postuserid)
{
$usersummary .= "<br/><input type=\"submit\" onclick=\"window.location='$scriptname?action=editusergroups&ugid=$ugid'\" value=\"".$clang->gT("Continue")."\"/>\n";
}
示例11: buildsurveysession
//.........這裏部分代碼省略.........
exit;
} elseif ($tokensexist == 1 && returnglobal('token') && !captcha_enabled('surveyaccessscreen', $thissurvey['usecaptcha'])) {
//check if tokens actually haven't been already used
$areTokensUsed = usedTokens(db_quote(trim(strip_tags(returnglobal('token')))));
//check if token actually does exist
// check also if it is allowed to change survey after completion
if ($thissurvey['alloweditaftercompletion'] == 'Y') {
$tkquery = "SELECT COUNT(*) FROM " . db_table_name('tokens_' . $surveyid) . " WHERE token='" . db_quote(trim(strip_tags(returnglobal('token')))) . "' ";
} else {
$tkquery = "SELECT COUNT(*) FROM " . db_table_name('tokens_' . $surveyid) . " WHERE token='" . db_quote(trim(strip_tags(returnglobal('token')))) . "' AND (completed = 'N' or completed='')";
}
$tkresult = db_execute_num($tkquery);
//Checked
list($tkexist) = $tkresult->FetchRow();
if (!$tkexist || $areTokensUsed && $thissurvey['alloweditaftercompletion'] != 'Y') {
//TOKEN DOESN'T EXIST OR HAS ALREADY BEEN USED. EXPLAIN PROBLEM AND EXIT
killSession();
sendcacheheaders();
doHeader();
echo templatereplace(file_get_contents("{$thistpl}/startpage.pstpl"));
echo templatereplace(file_get_contents("{$thistpl}/survey.pstpl"));
echo '<div id="wrapper"><p id="tokenmessage">' . $clang->gT("This is a controlled survey. You need a valid token to participate.") . "<br /><br />\n" . "\t" . $clang->gT("The token you have provided is either not valid, or has already been used.") . "<br />\n" . "\t" . sprintf($clang->gT("For further information please contact %s"), $thissurvey['adminname']) . " (<a href='mailto:{$thissurvey['adminemail']}'>" . "{$thissurvey['adminemail']}</a>)</p></div>\n";
echo templatereplace(file_get_contents("{$thistpl}/endpage.pstpl"));
doFooter();
exit;
}
} elseif ($tokensexist == 1 && returnglobal('token') && captcha_enabled('surveyaccessscreen', $thissurvey['usecaptcha'])) {
// IF CAPTCHA ANSWER IS CORRECT
if (isset($loadsecurity) && isset($_SESSION['secanswer']) && $loadsecurity == $_SESSION['secanswer']) {
//check if tokens actually haven't been already used
$areTokensUsed = usedTokens(db_quote(trim(strip_tags(returnglobal('token')))));
//check if token actually does exist
if ($thissurvey['alloweditaftercompletion'] == 'Y') {
$tkquery = "SELECT COUNT(*) FROM " . db_table_name('tokens_' . $surveyid) . " WHERE token='" . db_quote(trim(sanitize_xss_string(strip_tags(returnglobal('token'))))) . "'";
} else {
$tkquery = "SELECT COUNT(*) FROM " . db_table_name('tokens_' . $surveyid) . " WHERE token='" . db_quote(trim(sanitize_xss_string(strip_tags(returnglobal('token'))))) . "' AND (completed = 'N' or completed='')";
}
$tkresult = db_execute_num($tkquery);
//Checked
list($tkexist) = $tkresult->FetchRow();
if (!$tkexist || $areTokensUsed && $thissurvey['alloweditaftercompletion'] != 'Y') {
sendcacheheaders();
doHeader();
//TOKEN DOESN'T EXIST OR HAS ALREADY BEEN USED. EXPLAIN PROBLEM AND EXIT
echo templatereplace(file_get_contents("{$thistpl}/startpage.pstpl"));
echo templatereplace(file_get_contents("{$thistpl}/survey.pstpl"));
echo "\t<div id='wrapper'>\n" . "\t<p id='tokenmessage'>\n" . "\t" . $clang->gT("This is a controlled survey. You need a valid token to participate.") . "<br /><br />\n" . "\t" . $clang->gT("The token you have provided is either not valid, or has already been used.") . "<br/>\n" . "\t" . sprintf($clang->gT("For further information please contact %s"), $thissurvey['adminname']) . " (<a href='mailto:{$thissurvey['adminemail']}'>" . "{$thissurvey['adminemail']}</a>)\n" . "\t</p>\n" . "\t</div>\n";
echo templatereplace(file_get_contents("{$thistpl}/endpage.pstpl"));
doFooter();
exit;
}
} else {
if (!isset($move) || is_null($move)) {
$gettoken = $clienttoken;
sendcacheheaders();
doHeader();
// No or bad answer to required security question
echo templatereplace(file_get_contents("{$thistpl}/startpage.pstpl"));
echo templatereplace(file_get_contents("{$thistpl}/survey.pstpl"));
// If token wasn't provided and public registration
// is enabled then show registration form
if (!isset($gettoken) && isset($thissurvey) && $thissurvey['allowregister'] == "Y") {
echo templatereplace(file_get_contents("{$thistpl}/register.pstpl"));
} else {
// only show CAPTCHA
echo '<div id="wrapper"><p id="tokenmessage">';
示例12: getTokenId
/**
* Get the token id according to filled values
* @param $iSurveyId
* @return integer : the token id created
*/
public function getTokenId($iSurveyId)
{
$sLanguage = App()->language;
$aSurveyInfo = getSurveyInfo($iSurveyId, $sLanguage);
$aFieldValue = $this->getFieldValue($iSurveyId);
// Now construct the text returned
$oToken = Token::model($iSurveyId)->findByAttributes(array('email' => $aFieldValue['sEmail']));
if ($oToken) {
if ($oToken->usesleft < 1 && $aSurveyInfo['alloweditaftercompletion'] != 'Y') {
$this->aRegisterErrors[] = gT("The email address you have entered is already registered and the survey has been completed.");
} elseif (strtolower(substr(trim($oToken->emailstatus), 0, 6)) === "optout") {
$this->aRegisterErrors[] = gT("This email address cannot be used because it was opted out of this survey.");
} elseif (!$oToken->emailstatus && $oToken->emailstatus != "OK") {
$this->aRegisterErrors[] = gT("This email address is already registered but the email adress was bounced.");
} else {
$this->sMailMessage = gT("The address you have entered is already registered. An email has been sent to this address with a link that gives you access to the survey.");
return $oToken->tid;
}
} else {
// TODO : move xss filtering in model
$oToken = Token::create($iSurveyId);
$oToken->firstname = sanitize_xss_string($aFieldValue['sFirstName']);
$oToken->lastname = sanitize_xss_string($aFieldValue['sLastName']);
$oToken->email = $aFieldValue['sEmail'];
$oToken->emailstatus = 'OK';
$oToken->language = $sLanguage;
$aFieldValue['aAttribute'] = array_map('sanitize_xss_string', $aFieldValue['aAttribute']);
$oToken->setAttributes($aFieldValue['aAttribute']);
if ($aSurveyInfo['startdate']) {
$oToken->validfrom = $aSurveyInfo['startdate'];
}
if ($aSurveyInfo['expires']) {
$oToken->validuntil = $aSurveyInfo['expires'];
}
$oToken->generateToken();
$oToken->save();
$this->sMailMessage = gT("An email has been sent to the address you provided with access details for this survey. Please follow the link in that email to proceed.");
return $oToken->tid;
}
}
示例13: templatereplace
//.........這裏部分代碼省略.........
$_questionhelp = $help;
}
if (isset($thissurvey['allowprev']) && $thissurvey['allowprev'] == "N") {
$_strreview = "";
} else {
$_strreview = $clang->gT("If you want to check any of the answers you have made, and/or change them, you can do that now by clicking on the [<< prev] button and browsing through your responses.");
}
if (isset($thissurvey['active']) and $thissurvey['active'] == "N") {
$_restart = "<a href='{$publicurl}/index.php?sid={$surveyid}&newtest=Y";
if (isset($s_lang) && $s_lang != '') {
$_restart .= "&lang=" . $s_lang;
}
$_restart .= "'>" . $clang->gT("Restart this Survey") . "</a>";
} else {
$restart_extra = "";
$restart_token = returnglobal('token');
if (!empty($restart_token)) {
$restart_extra .= "&token=" . urlencode($restart_token);
} else {
$restart_extra = "&newtest=Y";
}
if (!empty($_GET['lang'])) {
$restart_extra .= "&lang=" . returnglobal('lang');
}
$_restart = "<a href='{$publicurl}/index.php?sid={$surveyid}" . $restart_extra . "'>" . $clang->gT("Restart this Survey") . "</a>";
}
if (isset($thissurvey['anonymized']) && $thissurvey['anonymized'] == 'Y') {
$_savealert = $clang->gT("To remain anonymous please use a pseudonym as your username, also an email address is not required.");
} else {
$_savealert = "";
}
$_return_to_survey = "<a href='{$relativeurl}/index.php?sid={$surveyid}";
if (returnglobal('token')) {
$_return_to_survey .= "&token=" . urlencode(trim(sanitize_xss_string(strip_tags(returnglobal('token')))));
}
$_return_to_survey .= "'>" . $clang->gT("Return To Survey") . "</a>";
$_saveform = "<table><tr><td align='right'>" . $clang->gT("Name") . ":</td><td><input type='text' name='savename' value='";
if (isset($_POST['savename'])) {
$_saveform .= html_escape(auto_unescape($_POST['savename']));
}
$_saveform .= "' /></td></tr>\n" . "<tr><td align='right'>" . $clang->gT("Password") . ":</td><td><input type='password' name='savepass' value='";
if (isset($_POST['savepass'])) {
$_saveform .= html_escape(auto_unescape($_POST['savepass']));
}
$_saveform .= "' /></td></tr>\n" . "<tr><td align='right'>" . $clang->gT("Repeat Password") . ":</td><td><input type='password' name='savepass2' value='";
if (isset($_POST['savepass2'])) {
$_saveform .= html_escape(auto_unescape($_POST['savepass2']));
}
$_saveform .= "' /></td></tr>\n" . "<tr><td align='right'>" . $clang->gT("Your Email") . ":</td><td><input type='text' name='saveemail' value='";
if (isset($_POST['saveemail'])) {
$_saveform .= html_escape(auto_unescape($_POST['saveemail']));
}
$_saveform .= "' /></td></tr>\n";
if (isset($thissurvey['usecaptcha']) && function_exists("ImageCreate") && captcha_enabled('saveandloadscreen', $thissurvey['usecaptcha'])) {
$_saveform .= "<tr><td align='right'>" . $clang->gT("Security Question") . ":</td><td><table><tr><td valign='middle'><img src='{$captchapath}verification.php?sid={$surveyid}' alt='' /></td><td valign='middle' style='text-align:left'><input type='text' size='5' maxlength='3' name='loadsecurity' value='' /></td></tr></table></td></tr>\n";
}
$_saveform .= "<tr><td align='right'></td><td></td></tr>\n" . "<tr><td></td><td><input type='submit' id='savebutton' name='savesubmit' value='" . $clang->gT("Save Now") . "' /></td></tr>\n" . "</table>";
$_loadform = "<table><tr><td align='right'>" . $clang->gT("Saved name") . ":</td><td><input type='text' name='loadname' value='";
if ($loadname) {
$_loadform .= html_escape(auto_unescape($loadname));
}
$_loadform .= "' /></td></tr>\n" . "<tr><td align='right'>" . $clang->gT("Password") . ":</td><td><input type='password' name='loadpass' value='";
if (isset($loadpass)) {
$_loadform .= html_escape(auto_unescape($loadpass));
}
$_loadform .= "' /></td></tr>\n";
示例14: ajaxSets
public function ajaxSets()
{
$lid = Yii::app()->getRequest()->getPost('lid');
$answers = Yii::app()->getRequest()->getPost('answers');
$code = Yii::app()->getRequest()->getPost('code');
//Create new label set
$language = "";
foreach ($answers as $lang => $answer) {
$language .= $lang . " ";
}
$language = trim($language);
if ($lid == 0) {
$lset = new Labelsets();
$lset->label_name = sanitize_xss_string(Yii::app()->getRequest()->getPost('laname'));
$lset->languages = sanitize_xss_string($language);
$lset->save();
$lid = getLastInsertID($lset->tableName());
} else {
Label::model()->deleteAll('lid = :lid', array(':lid' => $lid));
}
$res = 'ok';
//optimistic
foreach ($answers as $lang => $answer) {
foreach ($answer as $key => $ans) {
$label = new Label();
$label->lid = $lid;
$label->code = $code[$key];
$label->title = $ans;
$label->sortorder = $key;
$label->language = $lang;
if (!$label->save()) {
$res = 'fail';
}
}
}
echo ls_json_encode($res);
}
示例15: db_table_name
}
$addsummary .= "</div>\n";
}
if ($action == "delsurveysecurity") {
$addsummary = "<div class=\"header\">" . $clang->gT("Deleting User") . "</div>\n";
$addsummary .= "<div class=\"messagebox\">\n";
$query = "SELECT sid, owner_id FROM " . db_table_name('surveys') . " WHERE sid = {$surveyid} AND owner_id = " . $_SESSION['loginID'] . " AND owner_id != " . $postuserid;
$result = db_execute_assoc($query);
//Checked
if ($result->RecordCount() > 0 || $_SESSION['USER_RIGHT_SUPERADMIN'] == 1) {
if (isset($postuserid)) {
$dquery = "DELETE FROM" . db_table_name('survey_permissions') . " WHERE uid={$postuserid} AND sid={$surveyid}";
// added by Dennis
$dresult = $connect->Execute($dquery);
//Checked
$addsummary .= "<br />" . $clang->gT("Username") . ": " . sanitize_xss_string($_POST['user']) . "<br /><br />\n";
$addsummary .= "<div class=\"successheader\">" . $clang->gT("Success!") . "</div>\n";
} else {
$addsummary .= "<div class=\"warningheader\">" . $clang->gT("Could not delete user. User was not supplied.") . "</div>\n";
}
$addsummary .= "<br/><input type=\"submit\" onclick=\"window.open('{$scriptname}?sid={$surveyid}&action=surveysecurity', '_top')\" value=\"" . $clang->gT("Continue") . "\"/>\n";
} else {
include "access_denied.php";
}
$addsummary .= "</div>\n";
}
if ($action == "setsurveysecurity" || $action == "setusergroupsurveysecurity") {
$query = "SELECT sid, owner_id FROM " . db_table_name('surveys') . " WHERE sid = {$surveyid} AND owner_id = " . $_SESSION['loginID'];
if ($action == "setsurveysecurity") {
$query .= " AND owner_id != " . $postuserid;
}