00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044 global $sourceFolder;
00045 global $moduleFolder;
00046 require_once("$sourceFolder/$moduleFolder/form/editform.php");
00047 require_once("$sourceFolder/$moduleFolder/form/editformelement.php");
00048 require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");
00049 require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
00050 require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php");
00051
00052 class form implements module, fileuploadable {
00053 private $userId;
00054 private $moduleComponentId;
00055 private $action;
00056
00057 public function getHtml($gotuid, $gotmoduleComponentId, $gotaction) {
00058 $this->userId = $gotuid;
00059 $this->moduleComponentId = $gotmoduleComponentId;
00060 $this->action = $gotaction;
00061
00062 if($this->action=="view")
00063 return $this->actionView();
00064 if($this->action=="editform")
00065 return $this->actionEditform();
00066 if($this->action=="viewregistrants")
00067 return $this->actionViewregistrants();
00068 if($this->action=="editregistrants")
00069 return $this->actionEditregistrants();
00070 if($this->action=="reports")
00071 return $this->actionReports();
00072
00073
00074
00075
00076
00077
00078
00079
00080
00081 }
00082
00083
00084 public static function getFileAccessPermission($pageId,$moduleComponentId,$userId, $fileName) {
00085
00086 if(getPermissions($userId,$pageId,"editregistrants")||getPermissions($userId,$pageId,"viewregistrants")) {
00087 return true;
00088 }
00089 $uploadedQuery = "SELECT `d.form_elementdata`
00090 FROM `form_elementdata` d
00091 JOIN `form_elementdesc` e ON (`d.page_modulecomponentid` = `e.page_modulecomponentid`
00092 AND d.form_elementid = e.form_elementid )
00093 WHERE `d.page_modulecomponentid` = $moduleComponentId AND `d.user_id` = $userId AND `d.form_elementdata` = \"$fileName\"";
00094 $uploadedResult = mysql_query($uploadedQuery) or displayerror(mysql_error() . "form.lib L:181");
00095 if(mysql_num_rows($uploadedResult)>0 && getPermissions($userId, $pageId, "view"))
00096 return true;
00097 else return false;
00098 }
00099
00100 public static function getUploadableFileProperties(&$fileTypesArray,&$maxFileSizeInBytes) {
00101 $fileTypesArray = array('jpg','jpeg','png','doc','pdf','gif','bmp','css','js','html','xml','ods','odt','oft','pps','ppt','tex','tiff','txt','chm','mp3','mp2','wave','wav','mpg','ogg','mpeg','wmv','wma','wmf','rm','avi','gzip','gz','rar','bmp','psd','bz2','tar','zip','swf','fla','flv','eps','xcf','xls','exe','7z');
00102 $maxFileSizeInBytes = 30*1024*1024;
00103 }
00104
00105 public function actionView() {
00114 global $sourceFolder; global $moduleFolder;
00115
00116 $formDescQuery='SELECT `form_loginrequired`, `form_expirydatetime`, (NOW() >= `form_expirydatetime`) AS `form_expired`, `form_sendconfirmation`, ' .
00117 '`form_usecaptcha`, `form_allowuseredit`, `form_allowuserunregister` ' .
00118 'FROM `form_desc` WHERE `page_modulecomponentid`='.$this->moduleComponentId;
00119 $formDescResult=mysql_query($formDescQuery);
00120 if (!$formDescResult) {
00121 displayerror('E69 : Invalid query: ' . mysql_error());
00122 return '';
00123 }
00124 $formDescRow = mysql_fetch_assoc($formDescResult);
00125
00126 if($formDescRow['form_loginrequired'] == 1) {
00127 if($this->userId <= 0) {
00128 displayerror('You must be logged in to fill this form. <a href="./+login">Click here</a> to login.');
00129 return '';
00130 }
00132 else if(!verifyUserProfileFilled($this->userId)) {
00133 displayinfo('Your profile information is incomplete. Please complete your profile information before filling this form. <a href="./+profile">Click here</a> to complete your profile.');
00134 return '';
00135 }
00136 }
00137
00138 if($formDescRow['form_expired'] != 0 && $formDescRow['form_expirydatetime']!="0000-00-00 00:00:00") {
00139 displayerror('The last date to register to this form ('.$formDescRow['form_expirydatetime'].') is over.');
00140 return '';
00141 }
00142
00143 if($formDescRow['form_allowuseredit']==0 && verifyUserRegistered($this->moduleComponentId,$this->userId)) {
00144 displayerror('You have already registered to this form once. You cannot register again. Contact the administrator for further queries.');
00145 return '';
00146 }
00147
00148
00149 if(isset($_POST['submitreg_form_'.$this->moduleComponentId]))
00150 submitRegistrationForm($this->moduleComponentId,$this->userId);
00151
00152 if($formDescRow['form_allowuserunregister'] == 1 && isset($_GET['subaction'])&&($_GET['subaction']=="unregister"))
00153 unregisterUser($this->moduleComponentId,$this->userId);
00154
00155 $unregisterBody = '';
00156 if($formDescRow['form_allowuserunregister'] == 1 && verifyUserRegistered($this->moduleComponentId, $this->userId)) {
00157 $unregisterBody =
00158 '<br /><p>If you wish to unregister from this form, click here : <input type="button" ' .
00159 'value = "Unregister" onclick="if(confirm(\'Are you sure you want to unregister from this form?\')) window.location=\'./&subaction=unregister\';" />';
00160 }
00161
00162 return generateRegistrationForm($this->moduleComponentId,$this->userId).$unregisterBody;
00163 }
00164
00170 public static function getRegisteredUserArray($moduleComponentId) {
00171 $userQuery = "SELECT `user_id` FROM `form_regdata` WHERE `page_modulecomponentid` = $moduleComponentId";
00172 $userResult = mysql_query($userQuery);
00173 $registeredUsers = array();
00174 while($userRow = mysql_fetch_row($userResult))
00175 $registeredUsers[] = $userRow[0];
00176 return $registeredUsers;
00177 }
00178
00179 public static function getRegisteredUserCount($moduleComponentId) {
00180 $userQuery = "SELECT COUNT(`user_id`) FROM `form_regdata` WHERE `page_modulecomponentid` = $moduleComponentId";
00181 $userResult = mysql_query($userQuery);
00182 $userRow = mysql_fetch_row($userResult);
00183 return $userRow[0];
00184 }
00185
00186 public static function isGroupAssociable($moduleComponentId) {
00187 $validQuery = 'SELECT `form_loginrequired`, `form_allowuserunregister` FROM `form_desc` WHERE `page_modulecomponentid` = ' . $moduleComponentId;
00188 $validResult = mysql_query($validQuery);
00189 $validRow = mysql_fetch_row($validResult);
00190
00191 if(!$validResult || !$validRow) {
00192 displayerror('Error trying to retrieve data from the database: form.lib.php:L163');
00193 return false;
00194 }
00195
00196 return $validRow[0];
00197 }
00198
00202 public function actionEditform() {
00203 global $sourceFolder; global $moduleFolder;
00204 if(
00205 isset($_GET['subaction']) && $_GET['subaction'] == 'editformelement' &&
00206 isset($_POST['elementid']) && ctype_digit($_POST['elementid']) &&
00207 isset($_POST['txtElementDesc']) && isset($_POST['selElementType']) &&
00208 isset($_POST['txtToolTip']) && isset($_POST['txtElementName'])
00209 )
00210 submitEditFormElementDescData($this->moduleComponentId,escape($_POST['elementid']));
00211 if(
00212 isset($_GET['subaction']) && ($_GET['subaction']=='editformelement')&&
00213 isset($_GET['elementid']) && ctype_digit($_GET['elementid'])
00214 )
00215 return generateEditFormElementDescBody($this->moduleComponentId,escape($_GET['elementid']));
00216 if(isset($_POST['addformelement_descsubmit']))
00217 addDefaultFormElement($this->moduleComponentId);
00218 if(isset($_GET['subaction'])&&($_GET['subaction']=='deleteformelement')&&isset($_GET['elementid']))
00219 deleteFormElement($this->moduleComponentId,escape($_GET['elementid']));
00220 if(isset($_GET['subaction'])&&(($_GET['subaction']=='moveUp')||($_GET['subaction']=='moveDown'))&&isset($_GET['elementid']))
00221 moveFormElement($this->moduleComponentId,escape($_GET['subaction']),escape($_GET['elementid']));
00222
00223 $html = generateFormDescBody($this->moduleComponentId).generateFormElementDescBody($this->moduleComponentId);
00224 global $ICONS;
00225 return "<fieldset><legend>{$ICONS['Form Edit']['small']}Edit Form</legend>$html</fieldset>";
00226 }
00227
00228 public function actionViewregistrants() {
00229 global $sourceFolder, $moduleFolder;
00230
00231 $sortField = 'registrationdate';
00232 $sortOrder = 'asc';
00233 if(isset($_GET['sortfield']))
00234 $sortField = escape($_GET['sortfield']);
00235 if(isset($_GET['sortorder']) && ($_GET['sortorder'] == 'asc' || $_GET['sortorder'] == 'desc'))
00236 $sortOrder = escape($_GET['sortorder']);
00237 global $ICONS;
00238 $html= generateFormDataTable($this->moduleComponentId, $sortField, $sortOrder);
00239 return "<fieldset><legend>{$ICONS['Form Registrants']['small']}View Form Registrants</legend>
00240 <form action='./+viewregistrants' method='POST'>
00241 <input type='submit' name='save_as_excel' value='Save as Excel'/>
00242 </form>
00243 $html</fieldset>";
00244 }
00245
00246 public function actionEditregistrants() {
00263 global $sourceFolder, $moduleFolder;
00264
00265 if(isset($_GET['subaction']) && isset($_GET['useremail'])) {
00266 if($_GET['subaction'] == 'edit') {
00267 if(isset($_POST['submitreg_form_' . $this->moduleComponentId])) {
00268 submitRegistrationForm($this->moduleComponentId, getUserIdFromEmail(escape($_GET['useremail'])), true, true);
00269 }
00270
00271 return (
00272 '<a href="./+editregistrants">« Back</a><br />' .
00273 generateRegistrationForm($this->moduleComponentId, $this->userId, './+editregistrants&subaction=edit&useremail=' . escape($_GET['useremail']), true) .
00274 '<br /><a href="./+editregistrants">« Back</a><br />'
00275 );
00276 }
00277 elseif($_GET['subaction'] == 'delete') {
00278 if($_GET['useremail']=="Anonymous")
00279 $userIdTemp = escape($_GET['registrantid']);
00280 else
00281 $userIdTemp = getUserIdFromEmail(escape($_GET['useremail']));
00282 if(!unregisterUser($this->moduleComponentId, $userIdTemp))
00283 displayerror('Error! User with the given e-mail ' . escape($_GET['useremail']) . ' was not found.');
00284 }
00285 }
00286 elseif(isset($_GET['subaction']) && $_GET['subaction'] == 'getsuggestions' && isset($_GET['forwhat'])) {
00287 echo $this->getUnregisteredUsersFromPattern(escape($_GET['forwhat']));
00288 disconnect();
00289 exit();
00290 }
00291 elseif(isset($_POST['btnAddUserToForm']) && isset($_POST['useremail'])) {
00292 $hyphenPos = strpos($_POST['useremail'], '-');
00293 if($hyphenPos >= 0) {
00294 $userEmail = escape(trim(substr($_POST['useremail'], 0, $hyphenPos - 1)));
00295 }
00296 else {
00297 $userEmail = escape($_POST['useremail']);
00298 }
00299
00300 $targetUserId = getUserIdFromEmail($userEmail);
00301 if($targetUserId > 0) {
00302 if(verifyUserRegistered($this->moduleComponentId, $targetUserId)) {
00303 displayerror('The given user is already registered to this form.');
00304 }
00305 else {
00306 registerUser($this->moduleComponentId, $targetUserId);
00307 }
00308 }
00309 else {
00310 displayerror('A user registered with the e-mail ID you entered was not found.');
00311 }
00312 }
00313 elseif(isset($_POST['btnEmptyRegistrants'])) {
00314 $registeredUsers = form::getRegisteredUserArray($this->moduleComponentId);
00315 $registeredUserCount = count($registeredUsers);
00316 for($i = 0; $i < $registeredUserCount; $i++) {
00317 unregisterUser($this->moduleComponentId, $registeredUsers[$i], true);
00318 }
00319 displayinfo('All registrations to this form have been deleted.');
00320 }
00321
00322 $sortField = 'registrationdate';
00323 $sortOrder = 'asc';
00324 if(isset($_GET['sortfield']))
00325 $sortField = escape($_GET['sortfield']);
00326 if(isset($_GET['sortorder']) && ($_GET['sortorder'] == 'asc' || $_GET['sortorder'] == 'desc'))
00327 $sortOrder = escape($_GET['sortorder']);
00328 global $ICONS;
00329 $html= generateFormDataTable($this->moduleComponentId, $sortField, $sortOrder, 'editregistrants');
00330 return "<fieldset><legend>{$ICONS['Form Registrants']['small']}Edit Form Registrants</legend>$html</fieldset>";
00331 }
00332
00333 public function actionReports() {
00334 global $userId,$urlRequestRoot;
00335 $query = "SELECT `page_id`, `page_modulecomponentid` FROM `".MYSQL_DATABASE_PREFIX."pages` WHERE `page_module`='form'";
00336 $resource = mysql_query($query);
00337 $report=<<<CSS
00338 <style type="text/css">
00339
00340 #reports tbody tr.even td {
00341 background-color: #f0f8ff;
00342 color: #000;
00343 }
00344 #reports tbody tr td a, a:link, a:visited {
00345 color: #000;
00346 }
00347 #reports tbody tr.odd td {
00348 background-color: #fff;color: #000;
00349 }
00350 </style>
00351 CSS;
00352 $report .='<table id="reports"><tbody><tr><td>Form</td><td>No. of registrants</td></tr>';
00353 $class = 'even';
00354 while($result = mysql_fetch_assoc($resource)) {
00355 $permission = getPermissions($userId,$result[page_id],'viewRegistrant','form');
00356 if($permission) {
00357 $pageId = $result['page_id'];
00358 $parentPageId = getParentPage($pageId);
00359 $parentTitle = getPageTitle($parentPageId);
00360 $formTitle = getPageTitle($pageId);
00361 $formInfo = $parentTitle.'_'.$formTitle;
00362 $formPath = getPagePath($pageId);
00363 $query = "SELECT count(distinct(`user_id`)) FROM `form_regdata` WHERE `page_modulecomponentid`=$result[page_modulecomponentid]";
00364 $resource2 = mysql_query($query) ;
00365 $result2 = mysql_fetch_row($resource2);
00366
00367 if(!strpos($formPath,'qaos'))
00368 {
00369 if($class=='even')
00370 {
00371 $class='odd';
00372 }
00373 else {
00374 $class = 'even';
00375 }
00376 $report .= "<tr class=\"$class\"><td><a href=\"$urlRequestRoot$formPath\">$formInfo</a></td><td>$result2[0]</td></tr>";
00377 }
00378 }
00379 }
00380 $report .='</tbody></table>';
00381 return $report;
00382 }
00383
00384 private function getUnregisteredUsersFromPattern($pattern) {
00385 $registeredUserArray = form::getRegisteredUserArray($this->moduleComponentId);
00386 if(count($registeredUserArray) > 0) {
00387 $registeredUserArray = implode(',', $registeredUserArray);
00388 }
00389 else {
00390 $registeredUserArray = '0';
00391 }
00392 $suggestionsQuery = "SELECT IF(`user_email` LIKE \"$pattern%\", 1, " .
00393 "IF(`user_fullname` LIKE \"$pattern%\", 2, " .
00394 "IF(`user_fullname` LIKE \"% $pattern%\", 3, " .
00395 "IF(`user_email` LIKE \"%$pattern%\", 4, " .
00396 "IF(`user_fullname` LIKE \"%$pattern%\", 5, 6" .
00397 "))))) AS `relevance`, `user_email`, `user_fullname` FROM `".MYSQL_DATABASE_PREFIX."users` WHERE " .
00398 "`user_activated` = 1 AND (`user_email` LIKE \"%$pattern%\" OR `user_fullname` LIKE \"%$pattern%\") " .
00399 "AND `user_id` NOT IN ($registeredUserArray) ORDER BY `relevance`";
00400 $suggestionsResult = mysql_query($suggestionsQuery);
00401 if(!$suggestionsResult) return $pattern;
00402
00403 $suggestions = array($pattern);
00404 while($suggestionsRow = mysql_fetch_row($suggestionsResult)) {
00405 $suggestions[] = $suggestionsRow[1] . ' - ' . $suggestionsRow[2];
00406 }
00407
00408 return join($suggestions, ',');
00409 }
00410
00411 public function createModule($compId) {
00412 global $sourceFolder, $moduleFolder;
00413 $query = "INSERT INTO `form_desc` (`page_modulecomponentid`, `form_heading`,`form_loginrequired`,`form_headertext`)
00414 VALUES ('".$compId."', '',1,'Coming up Soon');";
00415 $result = mysql_query($query) or die(mysql_error()."form.lib L:157");
00416 addDefaultFormElement($moduleComponentId);
00417 }
00418
00419 public function deleteModule($moduleComponentId){
00420 return true;
00421 }
00422
00423 public function copyModule($moduleComponentId,$newId){
00424 return true;
00425
00426 $query = "SELECT MAX(`page_modulecomponentid`) as MAX FROM `form_desc` ";
00427 $result = mysql_query($query) or displayerror(mysql_error() . "form.lib L:181");
00428 $row = mysql_fetch_assoc($result);
00429 $compId = $row['MAX'] + 1;
00430
00431
00432 $query = "SELECT * FROM `form_desc` WHERE `page_modulecomponentid`=$moduleComponentId";
00433 $result = mysql_query($query);
00434 while($formdesc_content = mysql_fetch_assoc($result)){
00435 $formdesc_query="INSERT INTO `form_desc` (`page_modulecomponentid` ,`form_heading` ,`form_loginrequired` ,`form_headertext` ,`form_footertext` ,`form_expirydatetime` ,`form_sendconfirmation` ,`form_usecaptcha` ,`form_allowuseredit` ,`form_allowuserunregister` ,`form_showuseremail` ,`form_showuserfullname` ,`form_showuserprofiledata`,`form_showregistrationdate` ,`form_showlastupdatedate`) VALUES ($compId, '".mysql_escape_string($formdesc_content['form_heading'])."', '".mysql_escape_string($formdesc_content['form_loginrequired'])."', '".mysql_escape_string($formdesc_content['form_headertext'])."', '".mysql_escape_string($formdesc_content['form_footertext'])."' , '".mysql_escape_string($formdesc_content['form_expirydatetime'])."' , '".mysql_escape_string($formdesc_content['form_sendconfirmation'])."', '".mysql_escape_string($formdesc_content['form_usecaptcha'])."', '".mysql_escape_string($formdesc_content['form_allowuseredit'])."', '".mysql_escape_string($formdesc_content['form_allowuserunregister'])."', '".mysql_escape_string($formdesc_content['form_showuseremail'])."', '".mysql_escape_string($formdesc_content['form_showuserfullname'])."', '".mysql_escape_string($formdesc_content['form_showuserprofiledata'])."', '".mysql_escape_string($formdesc_content['form_showregistrationdate'])."', '".mysql_escape_string($formdesc_content['form_showlastupdatedate'])."')";
00436 mysql_query($formdesc_query) or displayerror(mysql_error()."form.lib L:183");
00437 }
00438
00439
00440 $query = "SELECT * FROM `form_elementdesc` WHERE `page_modulecomponentid`=$moduleComponentId";
00441 $result = mysql_query($query);
00442 $rows = mysql_num_rows($result);
00443
00444 while($formelementdesc_content = mysql_fetch_assoc($result)){
00445 $elementdesc_query = "INSERT INTO `form_elementdesc` (`page_modulecomponentid` ,`form_elementid` ,`form_elementname` ,`form_elementdisplaytext` ,`form_elementtype` ,`form_elementsize` ,`form_elementtypeoptions` ,`form_elementdefaultvalue` ,`form_elementmorethan` ,`form_elementlessthan` ,`form_elementcheckint` ,`form_elementtooltiptext` ,`form_elementisrequired` ,`form_elementrank`)VALUES ('$compId', '".mysql_escape_string($formelementdesc_content['form_elementid'])."', '".mysql_escape_string($formelementdesc_content['form_elementname'])."', '".mysql_escape_string($formelementdesc_content['form_elementdisplaytext'])."', '".mysql_escape_string($formelementdesc_content['form_elementtype'])."', '".mysql_escape_string($formelementdesc_content['form_elementsize'])."', '".mysql_escape_string($formelementdesc_content['form_elementtypeoptions'])."' , '".mysql_escape_string($formelementdesc_content['form_elementdefaultvalue'])."' , '".mysql_escape_string($formelementdesc_content['form_elementmorethan'])."' , '".mysql_escape_string($formelementdesc_content['form_elementlessthan'])."' , '".mysql_escape_string($formelementdesc_content['form_elementcheckint'])."', '".mysql_escape_string($formelementdesc_content['form_elementtooltiptext'])."', '".mysql_escape_string($formelementdesc_content['form_elementisrequired'])."', '".mysql_escape_string($formelementdesc_content['form_elementrank'])."')";
00446 mysql_query($elementdesc_query) or displayerror(mysql_error()."form.lib L:196");
00447 $rows -= mysql_affected_rows();
00448 }
00449 if($rows!=0)
00450 return false;
00451
00454
00455
00456
00457
00458
00459
00460
00461
00462
00463
00464
00465
00466
00467
00468
00469
00470
00471
00472
00473
00474
00475
00476
00477
00478
00479 return $compId;
00480 }
00481 }
00482