2011-05-15 01:32:47 +02:00
< ? php
//==========================================================================
//
//Université de Strasbourg - Direction Informatique
//Auteur : Guilhem BORGHESI
//Création : Février 2008
//
//borghesi@unistra.fr
//
//Ce logiciel est régi par la licence CeCILL-B soumise au droit français et
//respectant les principes de diffusion des logiciels libres. Vous pouvez
//utiliser, modifier et/ou redistribuer ce programme sous les conditions
2013-03-05 10:58:01 +01:00
//de la licence CeCILL-B telle que diffusée par le CEA, le CNRS et l'INRIA
2011-05-15 01:32:47 +02:00
//sur le site "http://www.cecill.info".
//
2013-03-05 10:58:01 +01:00
//Le fait que vous puissiez accéder à cet en-tête signifie que vous avez
2011-05-15 01:32:47 +02:00
//pris connaissance de la licence CeCILL-B, et que vous en avez accepté les
//termes. Vous pouvez trouver une copie de la licence dans le fichier LICENCE.
//
//==========================================================================
//
//Université de Strasbourg - Direction Informatique
//Author : Guilhem BORGHESI
//Creation : Feb 2008
//
//borghesi@unistra.fr
//
//This software is governed by the CeCILL-B license under French law and
2013-03-05 10:58:01 +01:00
//abiding by the rules of distribution of free software. You can use,
2011-05-15 01:32:47 +02:00
//modify and/ or redistribute the software under the terms of the CeCILL-B
//license as circulated by CEA, CNRS and INRIA at the following URL
2013-03-05 10:58:01 +01:00
//"http://www.cecill.info".
2011-05-15 01:32:47 +02:00
//
//The fact that you are presently reading this means that you have had
//knowledge of the CeCILL-B license and that you accept its terms. You can
//find a copy of this license in the file LICENSE.
//
//==========================================================================
session_start ();
include_once ( 'fonctions.php' );
2011-05-15 03:56:54 +02:00
if ( file_exists ( 'bandeaux_local.php' )) {
include_once ( 'bandeaux_local.php' );
} else {
include_once ( 'bandeaux.php' );
}
2011-05-15 01:32:47 +02:00
2011-05-15 05:03:10 +02:00
// On teste toutes les variables pour supprimer l'ensemble des warnings PHP
// On transforme en entites html les données afin éviter les failles XSS
2011-06-23 01:21:56 +02:00
$post_var = array ( 'choix_sondage' , 'poursuivre' , 'titre' , 'nom' , 'adresse' , 'commentaires' , 'studsplus' , 'mailsonde' , 'creation_sondage_date' , 'creation_sondage_date_x' , 'creation_sondage_autre' , 'creation_sondage_autre_x' ,);
2011-05-15 05:03:10 +02:00
foreach ( $post_var as $var ) {
if ( isset ( $_POST [ $var ]) === true ) {
$$var = htmlentities ( $_POST [ $var ], ENT_QUOTES , 'UTF-8' );
} else {
$$var = null ;
}
}
2011-06-23 01:21:56 +02:00
2011-05-15 05:03:10 +02:00
// On initialise egalement la session car sinon bonjour les warning :-)
2011-06-23 01:21:56 +02:00
$session_var = array ( 'choix_sondage' , 'titre' , 'nom' , 'adresse' , 'commentaires' , 'mailsonde' , 'studsplus' , );
2011-05-15 05:03:10 +02:00
foreach ( $session_var as $var ) {
if ( issetAndNoEmpty ( $var , $_SESSION ) === false ) {
$_SESSION [ $var ] = null ;
}
}
2013-03-05 10:58:01 +01:00
2011-05-15 05:03:10 +02:00
// On initialise également les autres variables
$erreur_adresse = false ;
$erreur_injection_titre = false ;
$erreur_injection_nom = false ;
$erreur_injection_commentaires = false ;
$cocheplus = '' ;
$cochemail = '' ;
2011-05-15 01:32:47 +02:00
#tests
2011-06-23 01:21:56 +02:00
if ( issetAndNoEmpty ( " poursuivre " )){
$_SESSION [ " choix_sondage " ] = $choix_sondage ;
2011-05-15 05:03:10 +02:00
$_SESSION [ " titre " ] = $titre ;
$_SESSION [ " nom " ] = $nom ;
$_SESSION [ " adresse " ] = $adresse ;
$_SESSION [ " commentaires " ] = $commentaires ;
2013-03-05 10:58:01 +01:00
2011-05-15 03:56:54 +02:00
unset ( $_SESSION [ " studsplus " ]);
2011-05-15 05:03:10 +02:00
if ( $studsplus !== null ) {
$_SESSION [ " studsplus " ] = '+' ;
} else {
$_SESSION [ " studsplus " ] = '' ;
2011-05-15 03:56:54 +02:00
}
2013-03-05 10:58:01 +01:00
2011-05-15 03:56:54 +02:00
unset ( $_SESSION [ " mailsonde " ]);
2011-05-15 05:03:10 +02:00
if ( $mailsonde !== null ) {
2011-05-15 03:56:54 +02:00
$_SESSION [ " mailsonde " ] = true ;
2011-05-15 05:03:10 +02:00
} else {
$_SESSION [ " mailsonde " ] = false ;
2011-05-15 03:56:54 +02:00
}
2013-03-05 10:58:01 +01:00
2011-05-15 05:03:10 +02:00
if ( validateEmail ( $adresse ) === false ) {
2011-05-15 03:56:54 +02:00
$erreur_adresse = true ;
}
2013-03-05 10:58:01 +01:00
2011-05-15 05:03:10 +02:00
if ( preg_match ( ';<|>|";' , $titre )) {
2011-05-15 03:56:54 +02:00
$erreur_injection_titre = true ;
}
2013-03-05 10:58:01 +01:00
2011-05-15 05:03:10 +02:00
if ( preg_match ( ';<|>|";' , $nom )) {
2011-05-15 03:56:54 +02:00
$erreur_injection_nom = true ;
}
2013-03-05 10:58:01 +01:00
2011-05-15 05:03:10 +02:00
if ( preg_match ( ';<|>|";' , $commentaires )) {
2011-05-15 03:56:54 +02:00
$erreur_injection_commentaires = true ;
}
2013-03-05 10:58:01 +01:00
2011-05-15 03:56:54 +02:00
// Si pas d'erreur dans l'adresse alors on change de page vers date ou autre
2011-05-15 05:03:10 +02:00
if ( $titre && $nom && $adresse && ! $erreur_adresse && ! $erreur_injection_titre && ! $erreur_injection_commentaires && ! $erreur_injection_nom ) {
2011-06-23 01:21:56 +02:00
/*
# pyg@framasoft.net : inutile.
2011-05-15 05:03:10 +02:00
if ( $creation_sondage_date !== null || $creation_sondage_date_x !== null ) {
2011-05-15 03:56:54 +02:00
header ( " Location:choix_date.php " );
exit ();
}
2013-03-05 10:58:01 +01:00
2011-05-15 05:03:10 +02:00
if ( $creation_sondage_autre !== null || $creation_sondage_autre_x !== null ) {
2011-05-15 03:56:54 +02:00
header ( " Location:choix_autre.php " );
exit ();
}
2013-03-05 10:58:01 +01:00
2011-06-23 01:21:56 +02:00
if ( $creation_sondage_autre_x !== null ) {
header ( " Location:choix_autre.php " );
exit ();
2013-03-05 10:58:01 +01:00
}
*/
2011-06-23 01:21:56 +02:00
if ( $poursuivre == " creation_sondage_date " ) {
header ( " Location:choix_date.php " );
exit ();
2013-03-05 10:58:01 +01:00
}
2011-06-23 01:21:56 +02:00
if ( $poursuivre == " creation_sondage_autre " ) {
header ( " Location:choix_autre.php " );
exit ();
2013-03-05 10:58:01 +01:00
}
2014-06-11 19:19:17 +02:00
} else {
// Title Erreur !
print_header ( true , _ ( " Error! " ) . ' - ' . _ ( " Poll creation (1 on 2) " ));
2011-05-15 03:56:54 +02:00
}
2014-06-11 19:19:17 +02:00
} else {
// Title OK (formulaire pas encore rempli)
print_header ( true , _ ( " Poll creation (1 on 2) " ));
2011-05-15 01:32:47 +02:00
}
//affichage de la page
echo '<body>' . " \n " ;
2011-06-23 16:52:10 +02:00
framanav ();
2011-05-15 01:32:47 +02:00
//affichage des bandeaux de tete
logo ();
bandeau_tete ();
2014-06-11 19:19:17 +02:00
echo '<p class="bandeautitre">' . _ ( " Poll creation (1 on 2) " ) . '</p>' . " \n " ;
2011-05-15 01:32:47 +02:00
sous_bandeau ();
// premier sondage ? test l'existence des schémas SQL avant d'aller plus loin
2011-05-15 03:56:54 +02:00
if ( ! check_table_sondage ()) {
2011-05-15 05:03:10 +02:00
echo '<p style="color:#FF0000; text-align:center">' .
2011-05-15 03:56:54 +02:00
_ ( " STUdS is not properly installed, please check the 'INSTALL' to setup the database before continuing " ) .
" </p> " . " \n " ;
2011-05-15 01:32:47 +02:00
bandeau_pied ();
echo '</body>' . " \n " ;
echo '</html>' . " \n " ;
die ();
}
//debut du formulaire
2014-06-11 19:19:17 +02:00
echo '<form name="formulaire" id="formulaire" action="' . get_server_name () . 'infos_sondage.php" method="POST" onkeypress="javascript:process_keypress(event)">' . " \n " ;
2013-03-05 10:58:01 +01:00
2014-06-11 19:19:17 +02:00
echo '<div class="corps" style="margin-bottom:5em;">' . " \n " ;
echo '<p>' . _ ( " You are in the poll creation section. <br> Required fields cannot be left blank " ) . '</p>' . " \n " ;
2011-05-15 01:32:47 +02:00
//Affichage des différents champs textes a remplir
2014-06-11 19:19:17 +02:00
echo '<table role="presentation">' . " \n " ;
2011-05-15 01:32:47 +02:00
2014-06-11 19:19:17 +02:00
echo '<tr><td><label for="poll_title">' . _ ( " Poll title *: " ) . '</label></td><td><input id="poll_title" type="text" name="titre" size="40" maxlength="80" value="' . stripslashes ( $_SESSION [ " titre " ]) . '"' ;
2011-06-23 01:21:56 +02:00
if ( ! $_SESSION [ " titre " ] && issetAndNoEmpty ( " poursuivre " ) ) {
2014-06-11 19:19:17 +02:00
// fermeture de la ligne du dessus avec attribut aria-describeby pour avoir les infos concernant l'erreur
// pas très propre mais bon...
echo 'aria-describeby="#poll_title_error"></td>' . " \n " ;
echo '<td class="error" id="poll_title_error">' . _ ( " Enter a title " ) . '</td>' . " \n " ;
2011-05-15 03:56:54 +02:00
} elseif ( $erreur_injection_titre ) {
2014-06-11 19:19:17 +02:00
// idem
echo 'aria-describeby="#poll_title_error"></td>' . " \n " ;
echo '<td class="error" id="poll_title_error">' . _ ( " Characters < > and \" are not permitted " ) . '</td>' . " \n " ;
} else {
// pas d'erreur, pas d'aria
echo '></td>' . " \n " ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2011-05-15 01:32:47 +02:00
echo '</tr>' . " \n " ;
2011-05-15 03:56:54 +02:00
2014-06-11 19:19:17 +02:00
echo '<tr><td><label for="poll_comments">' . _ ( " Comments: " ) . '</label></td><td><textarea id="poll_comments" name="commentaires" rows="7" cols="40"' ;
2011-05-15 03:56:54 +02:00
if ( $erreur_injection_commentaires ) {
2014-06-11 19:19:17 +02:00
// même principe
echo 'aria-describeby="#poll_comment_error">' . stripslashes ( $_SESSION [ " commentaires " ]) . '</textarea></td>' . " \n " ;
echo '<td class="error" id="poll_comment_error">' . _ ( " Characters < > and \" are not permitted " ) . " </td> " . " \n " ;
} else {
// pas d'erreur, pas d'aria
echo '>' . stripslashes ( $_SESSION [ " commentaires " ]) . '</textarea></td>' . " \n " ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2011-05-15 01:32:47 +02:00
echo '</tr>' . " \n " ;
2014-06-11 19:19:17 +02:00
echo '<tr><td><label for="yourname">' . _ ( " Your name*: " ) . '</label><td>' ;
2011-05-15 03:56:54 +02:00
2011-12-29 20:32:33 +01:00
if ( USE_REMOTE_USER && isset ( $_SERVER [ 'REMOTE_USER' ])) {
2011-06-23 01:21:56 +02:00
echo '<input type="hidden" name="nom" size="40" maxlength="40" value="' . $_SESSION [ " nom " ] . '">' . stripslashes ( $_SESSION [ " nom " ]) . '</td>' . " \n " ;
2011-05-15 03:56:54 +02:00
} else {
2014-06-11 19:19:17 +02:00
echo '<input id="yourname" type="text" name="nom" size="40" maxlength="40" value="' . stripslashes ( $_SESSION [ " nom " ]) . '"></td>' . " \n " ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2011-06-23 01:21:56 +02:00
if ( ! $_SESSION [ " nom " ] && issetAndNoEmpty ( " poursuivre " )) {
2014-06-11 19:19:17 +02:00
print " <td class= \" error \" > " . _ ( " Enter a name " ) . " </td> " . " \n " ;
2011-05-15 03:56:54 +02:00
} elseif ( $erreur_injection_nom ) {
2014-06-11 19:19:17 +02:00
print " <td class= \" error \" > " . _ ( " Characters < > and \" are not permitted " ) . " </td> " . " \n " ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2011-05-15 01:32:47 +02:00
echo '</tr>' . " \n " ;
2014-06-11 19:19:17 +02:00
echo '<tr><td><label for="email">' . _ ( " Your e-mail address *: " ) . '</label><td>' ;
2011-05-15 03:56:54 +02:00
2011-12-29 20:32:33 +01:00
if ( USE_REMOTE_USER && isset ( $_SERVER [ 'REMOTE_USER' ])) {
2011-05-15 03:56:54 +02:00
echo '<input type="hidden" name="adresse" size="40" maxlength="64" value="' . $_SESSION [ " adresse " ] . '">' . $_SESSION [ " adresse " ] . '</td>' . " \n " ;
} else {
2014-06-11 19:19:17 +02:00
echo '<input id="email" type="text" name="adresse" size="40" maxlength="64" value="' . $_SESSION [ " adresse " ] . '"></td>' . " \n " ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2011-06-23 01:21:56 +02:00
if ( ! $_SESSION [ " adresse " ] && issetAndNoEmpty ( " poursuivre " )) {
2014-06-11 19:19:17 +02:00
print " <td class= \" error \" > " . _ ( " Enter an email address " ) . " </td> " . " \n " ;
2011-06-23 01:21:56 +02:00
} elseif ( $erreur_adresse && issetAndNoEmpty ( " poursuivre " )) {
2014-06-11 19:19:17 +02:00
print " <td class= \" error \" > " . _ ( " The address is not correct! (You should enter a valid email address in order to receive the link to your poll) " ) . " </td> " . " \n " ;
2011-05-15 01:32:47 +02:00
}
echo '</tr>' . " \n " ;
echo '</table>' . " \n " ;
//focus javascript sur le premier champ
echo '<script type="text/javascript">' . " \n " ;
echo 'document.formulaire.titre.focus();' . " \n " ;
echo '</script>' . " \n " ;
2011-06-23 01:21:56 +02:00
#echo '<br>'. _("The fields marked with * are required!") .'<br><br>'."\n";
2011-05-15 01:32:47 +02:00
#affichage du cochage par défaut
2011-05-15 05:03:10 +02:00
if ( ! $_SESSION [ " studsplus " ] && ! issetAndNoEmpty ( 'creation_sondage_date' ) && ! issetAndNoEmpty ( 'creation_sondage_autre' ) && ! issetAndNoEmpty ( 'creation_sondage_date_x' ) && ! issetAndNoEmpty ( 'creation_sondage_autre_x' )) {
2011-05-15 03:56:54 +02:00
$_SESSION [ " studsplus " ] = " + " ;
}
if ( $_SESSION [ " studsplus " ] == " + " ) {
$cocheplus = " checked " ;
}
2011-05-15 01:32:47 +02:00
2014-06-11 19:19:17 +02:00
echo '<p><input type=checkbox name=studsplus ' . $cocheplus . ' id="studsplus"><label for="studsplus"><strong>' . _ ( " Voters can modify their vote themselves. " ) . '</strong></label></p>' . " \n " ;
2011-05-15 03:56:54 +02:00
if ( $_SESSION [ " mailsonde " ]) {
$cochemail = " checked " ;
}
2014-06-11 19:19:17 +02:00
echo '<p><input type=checkbox name=mailsonde ' . $cochemail . ' id="mailsonde"><label for="mailsonde"><strong>' . _ ( " To receive an email for each new vote. " ) . '</strong></label></p>' . " \n " ;
2011-05-15 01:32:47 +02:00
//affichage des boutons pour choisir sondage date ou autre
2013-03-05 10:58:01 +01:00
if ( $_GET [ 'choix_sondage' ] == 'date' ) {
$choix = " creation_sondage_date " ;
} elseif ( $_GET [ 'choix_sondage' ] == 'autre' ) {
$choix = " creation_sondage_autre " ;
2011-06-23 01:21:56 +02:00
}
echo '<input type="hidden" name="choix_sondage" value="' . $choix_sondage . '"/>' ;
2014-06-11 19:19:17 +02:00
echo '<button name="poursuivre" value="' . $choix . '" type="submit" class="button green poursuivre"><strong>' . _ ( 'Next' ) . '</strong> </button>' ;
2011-06-23 01:21:56 +02:00
echo '<div style="clear:both"></div>' ;
#echo '<br><table id="choix_sondage">'."\n";
#echo '<tr><td><input type="image" name="creation_sondage_date" value="Trouver une date" src="images/calendar-32.png" id="creation_sondage_date"><label for="creation_sondage_date" style="cursor:pointer">'. _("Schedule an event") .'</label></td></tr>'."\n";
#echo '<tr><td><input type="image" name="creation_sondage_autre" value="'. _('Make a poll') . '" src="images/chart-32.png" id="creation_sondage_autre"><label for="creation_sondage_autre" style="cursor:pointer" onclick="document.formulaire.creation_sondage_autre.click()">'. _("Make a choice") .'</label></td></tr>'."\n";
#echo '<tr><td><button name="creation_sondage_autre_x" value="creation_sondage_autre_x" type="submit" /><img src="images/chart-32.png" alt="Next page" /><strong>'. _('Make a poll') . '</strong> </button></td></tr>'."\n";
#echo '</table>'."\n";
#echo '<br><br><br>'."\n";
2011-05-15 01:32:47 +02:00
echo '</div>' . " \n " ;
echo '</form>' . " \n " ;
//bandeau de pied
bandeau_pied ();
echo '</body>' . " \n " ;
2011-12-29 20:32:33 +01:00
echo '</html>' . " \n " ;