Kezdőlap Felfedezés Súgó
Regisztráció Bejelentkezés
aj
/
chamilo-lms2
1
0
Másolás 0
Fájlok Problémák 0 Beolvasztási kérések 0 Wiki
Fa: e7c246f349
Branch-ok Tag-ek
chamilo-lms2
/
main
/
survey
/
survey.download.inc.php

survey.download.inc.php 3.6 KB
Előzmények Nyers

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495 
  1. <?php
    2. 

  2. /* For licensing terms, see /license.txt */
    3. 

  3. 

  4. /**
    5. 

  5.  *	@package chamilo.survey
    6. 

  6.  *	@author Arnaud Ligot <arnaud@cblue.be>
    7. 

  7.  *	@version $Id: $
    8. 

  8.  *
    9. 

  9.  *	A small peace of code to enable user to access images included into survey
    10. 

  10.  *	which are accessible by non authenticated users. This file is included
    11. 

  11.  *	by document/download.php
    12. 

  12.  */
    13. 

  13. 

  14. function check_download_survey($course, $invitation, $doc_url) {
    15. 

  15. 

  16. 	require_once 'survey.lib.php';
    17. 

  17. 

  18. 	// Getting all the course information
    19. 

  19. 	$_course = CourseManager::get_course_information($course);
    20. 

  20.     $course_id = $_course['real_id'];
    21. 

  21. 

  22. 	// Database table definitions
    23. 

  23. 	$table_survey 					= Database :: get_course_table(TABLE_SURVEY);
    24. 

  24. 	$table_survey_question 			= Database :: get_course_table(TABLE_SURVEY_QUESTION);
    25. 

  25. 	$table_survey_question_option 	= Database :: get_course_table(TABLE_SURVEY_QUESTION_OPTION);
    26. 

  26. 	$table_survey_invitation 		= Database :: get_course_table(TABLE_SURVEY_INVITATION);
    27. 

  27. 

  28. 	// Now we check if the invitationcode is valid
    29. 

  29. 	$sql = "SELECT * FROM $table_survey_invitation WHERE c_id = $course_id AND invitation_code = '".Database::escape_string($invitation)."'";
    30. 

  30. 	$result = Database::query($sql);
    31. 

  31. 	if (Database::num_rows($result) < 1) {
    32. 

  32. 		Display :: display_error_message(get_lang('WrongInvitationCode'), false);
    33. 

  33. 		Display :: display_footer();
    34. 

  34. 		exit;
    35. 

  35. 	}
    36. 

  36. 	$survey_invitation = Database::fetch_assoc($result);
    37. 

  37. 

  38. 	// Now we check if the user already filled the survey
    39. 

  39. 	if ($survey_invitation['answered'] == 1) {
    40. 

  40. 		Display :: display_error_message(get_lang('YouAlreadyFilledThisSurvey'), false);
    41. 

  41. 		Display :: display_footer();
    42. 

  42. 		exit;
    43. 

  43. 	}
    44. 

  44. 

  45. 	// Very basic security check: check if a text field from a survey/answer/option contains the name of the document requested
    46. 

  46. 

  47. 	// Fetch survey ID
    48. 

  48. 

  49. 	// If this is the case there will be a language choice
    50. 

  50. 	$sql = "SELECT * FROM $table_survey WHERE c_id = $course_id AND code='".Database::escape_string($survey_invitation['survey_code'])."'";
    51. 

  51. 	$result = Database::query($sql);
    52. 

  52. 	if (Database::num_rows($result) > 1) {
    53. 

  53. 		if ($_POST['language']) {
    54. 

  54. 			$survey_invitation['survey_id'] = $_POST['language'];
    55. 

  55. 		} else {
    56. 

  56. 			echo '<form id="language" name="language" method="POST" action="'.api_get_self().'?course='.Security::remove_XSS($_GET['course']).'&invitationcode='.Security::remove_XSS($_GET['invitationcode']).'">';
    57. 

  57. 			echo '  <select name="language">';
    58. 

  58. 			while ($row = Database::fetch_assoc($result)) {
    59. 

  59. 				echo '<option value="'.$row['survey_id'].'">'.$row['lang'].'</option>';
    60. 

  60. 			}
    61. 

  61. 			echo '</select>';
    62. 

  62. 			echo '  <input type="submit" name="Submit" value="'.get_lang('Ok').'" />';
    63. 

  63. 			echo '</form>';
    64. 

  64. 			display::display_footer();
    65. 

  65. 			exit;
    66. 

  66. 		}
    67. 

  67. 	} else {
    68. 

  68. 		$row = Database::fetch_assoc($result);
    69. 

  69. 		$survey_invitation['survey_id'] = $row['survey_id'];
    70. 

  70. 	}
    71. 

  71. 

  72. 	$sql = "SELECT count(*) FROM $table_survey WHERE c_id = $course_id AND survey_id = ".$survey_invitation['survey_id']."
    73. 

  73. 								and (
    74. 

  74. 									title LIKE '%$doc_url%'
    75. 

  75. 									or subtitle LIKE '%$doc_url%'
    76. 

  76. 									or intro LIKE '%$doc_url%'
    77. 

  77. 									or surveythanks LIKE '%$doc_url%'
    78. 

  78. 								)
    79. 

  79. 		union select count(*) from $table_survey_question  where c_id = $course_id AND survey_id = ".$survey_invitation['survey_id']."
    80. 

  80. 								and (
    81. 

  81. 									survey_question LIKE '%$doc_url%'
    82. 

  82. 									or survey_question_comment LIKE '%$doc_url%'
    83. 

  83. 								)
    84. 

  84. 		union select count(*) from $table_survey_question_option where c_id = $course_id AND survey_id = ".$survey_invitation['survey_id']."
    85. 

  85. 								and (
    86. 

  86. 									option_text LIKE '%$doc_url%'
    87. 

  87. 								)";
    88. 

  88. 	$result = Database::query($sql);
    89. 

  89. 	if (Database::num_rows($result) == 0) {
    90. 

  90. 		Display :: display_error_message(get_lang('WrongInvitationCode'), false);
    91. 

  91. 		Display :: display_footer();
    92. 

  92. 		exit;
    93. 

  93. 	}
    94. 

  94. 	return $_course;
    95. 

  95. }
    96.