2011-05-15 01:32:47 +02:00
< ? php
//==========================================================================
//
//Université de Strasbourg - Direction Informatique
//Auteur : Guilhem BORGHESI
//Création : Février 2008
//
//borghesi@unistra.fr
//
//Ce logiciel est régi par la licence CeCILL-B soumise au droit français et
//respectant les principes de diffusion des logiciels libres. Vous pouvez
//utiliser, modifier et/ou redistribuer ce programme sous les conditions
//de la licence CeCILL-B telle que diffusée par le CEA, le CNRS et l'INRIA
//sur le site "http://www.cecill.info".
//
//Le fait que vous puissiez accéder à cet en-tête signifie que vous avez
//pris connaissance de la licence CeCILL-B, et que vous en avez accepté les
//termes. Vous pouvez trouver une copie de la licence dans le fichier LICENCE.
//
//==========================================================================
//
//Université de Strasbourg - Direction Informatique
//Author : Guilhem BORGHESI
//Creation : Feb 2008
//
//borghesi@unistra.fr
//
//This software is governed by the CeCILL-B license under French law and
//abiding by the rules of distribution of free software. You can use,
//modify and/ or redistribute the software under the terms of the CeCILL-B
//license as circulated by CEA, CNRS and INRIA at the following URL
//"http://www.cecill.info".
//
//The fact that you are presently reading this means that you have had
//knowledge of the CeCILL-B license and that you accept its terms. You can
//find a copy of this license in the file LICENSE.
//
//==========================================================================
session_start ();
include_once ( 'fonctions.php' );
2011-05-15 03:56:54 +02:00
if ( file_exists ( 'bandeaux_local.php' )) {
include_once ( 'bandeaux_local.php' );
} else {
include_once ( 'bandeaux.php' );
}
2011-05-15 01:32:47 +02:00
2011-05-15 05:03:10 +02:00
// On teste toutes les variables pour supprimer l'ensemble des warnings PHP
// On transforme en entites html les données afin éviter les failles XSS
2011-06-23 01:21:56 +02:00
$post_var = array ( 'choix_sondage' , 'poursuivre' , 'titre' , 'nom' , 'adresse' , 'commentaires' , 'studsplus' , 'mailsonde' , 'creation_sondage_date' , 'creation_sondage_date_x' , 'creation_sondage_autre' , 'creation_sondage_autre_x' ,);
2011-05-15 05:03:10 +02:00
foreach ( $post_var as $var ) {
if ( isset ( $_POST [ $var ]) === true ) {
$$var = htmlentities ( $_POST [ $var ], ENT_QUOTES , 'UTF-8' );
} else {
$$var = null ;
}
}
2011-06-23 01:21:56 +02:00
2011-05-15 05:03:10 +02:00
// On initialise egalement la session car sinon bonjour les warning :-)
2011-06-23 01:21:56 +02:00
$session_var = array ( 'choix_sondage' , 'titre' , 'nom' , 'adresse' , 'commentaires' , 'mailsonde' , 'studsplus' , );
2011-05-15 05:03:10 +02:00
foreach ( $session_var as $var ) {
if ( issetAndNoEmpty ( $var , $_SESSION ) === false ) {
$_SESSION [ $var ] = null ;
}
}
// On initialise également les autres variables
$erreur_adresse = false ;
$erreur_injection_titre = false ;
$erreur_injection_nom = false ;
$erreur_injection_commentaires = false ;
$cocheplus = '' ;
$cochemail = '' ;
2011-05-15 01:32:47 +02:00
#tests
2011-06-23 01:21:56 +02:00
if ( issetAndNoEmpty ( " poursuivre " )){
$_SESSION [ " choix_sondage " ] = $choix_sondage ;
2011-05-15 05:03:10 +02:00
$_SESSION [ " titre " ] = $titre ;
$_SESSION [ " nom " ] = $nom ;
$_SESSION [ " adresse " ] = $adresse ;
$_SESSION [ " commentaires " ] = $commentaires ;
2011-05-15 03:56:54 +02:00
unset ( $_SESSION [ " studsplus " ]);
2011-05-15 05:03:10 +02:00
if ( $studsplus !== null ) {
$_SESSION [ " studsplus " ] = '+' ;
} else {
$_SESSION [ " studsplus " ] = '' ;
2011-05-15 03:56:54 +02:00
}
unset ( $_SESSION [ " mailsonde " ]);
2011-05-15 05:03:10 +02:00
if ( $mailsonde !== null ) {
2011-05-15 03:56:54 +02:00
$_SESSION [ " mailsonde " ] = true ;
2011-05-15 05:03:10 +02:00
} else {
$_SESSION [ " mailsonde " ] = false ;
2011-05-15 03:56:54 +02:00
}
2011-05-15 05:03:10 +02:00
if ( validateEmail ( $adresse ) === false ) {
2011-05-15 03:56:54 +02:00
$erreur_adresse = true ;
}
2011-05-15 05:03:10 +02:00
if ( preg_match ( ';<|>|";' , $titre )) {
2011-05-15 03:56:54 +02:00
$erreur_injection_titre = true ;
}
2011-05-15 05:03:10 +02:00
if ( preg_match ( ';<|>|";' , $nom )) {
2011-05-15 03:56:54 +02:00
$erreur_injection_nom = true ;
}
2011-05-15 05:03:10 +02:00
if ( preg_match ( ';<|>|";' , $commentaires )) {
2011-05-15 03:56:54 +02:00
$erreur_injection_commentaires = true ;
}
// Si pas d'erreur dans l'adresse alors on change de page vers date ou autre
2011-05-15 05:03:10 +02:00
if ( $titre && $nom && $adresse && ! $erreur_adresse && ! $erreur_injection_titre && ! $erreur_injection_commentaires && ! $erreur_injection_nom ) {
2011-06-23 01:21:56 +02:00
/*
# pyg@framasoft.net : inutile.
2011-05-15 05:03:10 +02:00
if ( $creation_sondage_date !== null || $creation_sondage_date_x !== null ) {
2011-05-15 03:56:54 +02:00
header ( " Location:choix_date.php " );
exit ();
}
2011-05-15 05:03:10 +02:00
if ( $creation_sondage_autre !== null || $creation_sondage_autre_x !== null ) {
2011-05-15 03:56:54 +02:00
header ( " Location:choix_autre.php " );
exit ();
}
2011-06-23 01:21:56 +02:00
if ( $creation_sondage_autre_x !== null ) {
header ( " Location:choix_autre.php " );
exit ();
}
*/
if ( $poursuivre == " creation_sondage_date " ) {
header ( " Location:choix_date.php " );
exit ();
}
if ( $poursuivre == " creation_sondage_autre " ) {
header ( " Location:choix_autre.php " );
exit ();
}
2011-05-15 03:56:54 +02:00
}
2011-05-15 01:32:47 +02:00
}
//affichage de la page
print_header ( true );
echo '<body>' . " \n " ;
2011-06-23 16:52:10 +02:00
framanav ();
2011-05-15 01:32:47 +02:00
//affichage des bandeaux de tete
logo ();
bandeau_tete ();
echo '<div class="bandeautitre">' . _ ( " Poll creation (1 on 2) " ) . '</div>' . " \n " ;
sous_bandeau ();
// premier sondage ? test l'existence des schémas SQL avant d'aller plus loin
2011-05-15 03:56:54 +02:00
if ( ! check_table_sondage ()) {
2011-05-15 05:03:10 +02:00
echo '<p style="color:#FF0000; text-align:center">' .
2011-05-15 03:56:54 +02:00
_ ( " STUdS is not properly installed, please check the 'INSTALL' to setup the database before continuing " ) .
" </p> " . " \n " ;
2011-05-15 01:32:47 +02:00
bandeau_pied ();
echo '</body>' . " \n " ;
echo '</html>' . " \n " ;
die ();
}
//debut du formulaire
2011-06-23 01:21:56 +02:00
echo '<form name="formulaire" id="formulaire" action="infos_sondage.php" method="POST" onkeypress="javascript:process_keypress(event)">' . " \n " ;
2011-05-15 01:32:47 +02:00
echo '<div class=corps>' . " \n " ;
echo '<br>' . _ ( " You are in the poll creation section. <br> Required fields cannot be left blank " ) . '<br><br>' . " \n " ;
//Affichage des différents champs textes a remplir
echo '<table>' . " \n " ;
2011-06-23 01:21:56 +02:00
echo '<tr><td>' . _ ( " Poll title *: " ) . '</td><td><input type="text" name="titre" size="40" maxlength="80" value="' . stripslashes ( $_SESSION [ " titre " ]) . '"></td>' . " \n " ;
if ( ! $_SESSION [ " titre " ] && issetAndNoEmpty ( " poursuivre " ) ) {
2011-05-15 03:56:54 +02:00
print " <td><font color= \" #FF0000 \" > " . _ ( " Enter a title " ) . " </font></td> " . " \n " ;
} elseif ( $erreur_injection_titre ) {
print " <td><font color= \" #FF0000 \" > " . _ ( " Characters < > and \" are not permitted " ) . " </font></td><br> " . " \n " ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2011-05-15 01:32:47 +02:00
echo '</tr>' . " \n " ;
2011-06-23 01:21:56 +02:00
echo '<tr><td>' . _ ( " Comments: " ) . '</td><td><textarea name="commentaires" rows="7" cols="40">' . stripslashes ( $_SESSION [ " commentaires " ]) . '</textarea></td>' . " \n " ;
2011-05-15 03:56:54 +02:00
if ( $erreur_injection_commentaires ) {
print " <td><font color= \" #FF0000 \" > " . _ ( " Characters < > and \" are not permitted " ) . " </font></td><br> " . " \n " ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2011-05-15 01:32:47 +02:00
echo '</tr>' . " \n " ;
echo '<tr><td>' . _ ( " Your name*: " ) . '</td><td>' ;
2011-05-15 03:56:54 +02:00
if ( isset ( $_SERVER [ 'REMOTE_USER' ])) {
2011-06-23 01:21:56 +02:00
echo '<input type="hidden" name="nom" size="40" maxlength="40" value="' . $_SESSION [ " nom " ] . '">' . stripslashes ( $_SESSION [ " nom " ]) . '</td>' . " \n " ;
2011-05-15 03:56:54 +02:00
} else {
2011-06-23 01:21:56 +02:00
echo '<input type="text" name="nom" size="40" maxlength="40" value="' . stripslashes ( $_SESSION [ " nom " ]) . '"></td>' . " \n " ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2011-06-23 01:21:56 +02:00
if ( ! $_SESSION [ " nom " ] && issetAndNoEmpty ( " poursuivre " )) {
2011-05-15 03:56:54 +02:00
print " <td><font color= \" #FF0000 \" > " . _ ( " Enter a name " ) . " </font></td> " . " \n " ;
} elseif ( $erreur_injection_nom ) {
print " <td><font color= \" #FF0000 \" > " . _ ( " Characters < > and \" are not permitted " ) . " </font></td><br> " . " \n " ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2011-05-15 01:32:47 +02:00
echo '</tr>' . " \n " ;
echo '<tr><td>' . _ ( " Your e-mail address *: " ) . '</td><td>' ;
2011-05-15 03:56:54 +02:00
if ( isset ( $_SERVER [ 'REMOTE_USER' ])) {
echo '<input type="hidden" name="adresse" size="40" maxlength="64" value="' . $_SESSION [ " adresse " ] . '">' . $_SESSION [ " adresse " ] . '</td>' . " \n " ;
} else {
echo '<input type="text" name="adresse" size="40" maxlength="64" value="' . $_SESSION [ " adresse " ] . '"></td>' . " \n " ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2011-06-23 01:21:56 +02:00
if ( ! $_SESSION [ " adresse " ] && issetAndNoEmpty ( " poursuivre " )) {
2011-05-15 03:56:54 +02:00
print " <td><font color= \" #FF0000 \" > " . _ ( " Enter an email address " ) . " </font></td> " . " \n " ;
2011-06-23 01:21:56 +02:00
} elseif ( $erreur_adresse && issetAndNoEmpty ( " poursuivre " )) {
2011-05-15 03:56:54 +02:00
print " <td><font color= \" #FF0000 \" > " . _ ( " The address is not correct! (You should enter a valid email address in order to receive the link to your poll) " ) . " </font></td> " . " \n " ;
2011-05-15 01:32:47 +02:00
}
echo '</tr>' . " \n " ;
echo '</table>' . " \n " ;
//focus javascript sur le premier champ
echo '<script type="text/javascript">' . " \n " ;
echo 'document.formulaire.titre.focus();' . " \n " ;
echo '</script>' . " \n " ;
2011-06-23 01:21:56 +02:00
#echo '<br>'. _("The fields marked with * are required!") .'<br><br>'."\n";
2011-05-15 01:32:47 +02:00
#affichage du cochage par défaut
2011-05-15 05:03:10 +02:00
if ( ! $_SESSION [ " studsplus " ] && ! issetAndNoEmpty ( 'creation_sondage_date' ) && ! issetAndNoEmpty ( 'creation_sondage_autre' ) && ! issetAndNoEmpty ( 'creation_sondage_date_x' ) && ! issetAndNoEmpty ( 'creation_sondage_autre_x' )) {
2011-05-15 03:56:54 +02:00
$_SESSION [ " studsplus " ] = " + " ;
}
if ( $_SESSION [ " studsplus " ] == " + " ) {
$cocheplus = " checked " ;
}
2011-05-15 01:32:47 +02:00
2011-06-23 01:21:56 +02:00
echo '<input type=checkbox name=studsplus ' . $cocheplus . ' id="studsplus"><label for="studsplus">' . _ ( " Voters can modify their vote themselves. " ) . '</label><br>' . " \n " ;
2011-05-15 03:56:54 +02:00
if ( $_SESSION [ " mailsonde " ]) {
$cochemail = " checked " ;
}
2011-06-23 01:21:56 +02:00
echo '<input type=checkbox name=mailsonde ' . $cochemail . ' id="mailsonde"><label for="mailsonde">' . _ ( " To receive an email for each new vote. " ) . '</label><br>' . " \n " ;
2011-05-15 01:32:47 +02:00
//affichage des boutons pour choisir sondage date ou autre
2011-06-23 01:21:56 +02:00
if ( $_POST [ 'choix_sondage' ] == 'date' ) {
$choix = " creation_sondage_date " ;
} elseif ( $_POST [ 'choix_sondage' ] == 'autre' ) {
$choix = " creation_sondage_autre " ;
}
echo '<input type="hidden" name="choix_sondage" value="' . $choix_sondage . '"/>' ;
echo '<br><button name="poursuivre" value="' . $choix . '" type="submit" class="button green poursuivre"><strong>' . _ ( 'Next' ) . '</strong> </button>' ;
echo '<div style="clear:both"></div>' ;
#echo '<br><table id="choix_sondage">'."\n";
#echo '<tr><td><input type="image" name="creation_sondage_date" value="Trouver une date" src="images/calendar-32.png" id="creation_sondage_date"><label for="creation_sondage_date" style="cursor:pointer">'. _("Schedule an event") .'</label></td></tr>'."\n";
#echo '<tr><td><input type="image" name="creation_sondage_autre" value="'. _('Make a poll') . '" src="images/chart-32.png" id="creation_sondage_autre"><label for="creation_sondage_autre" style="cursor:pointer" onclick="document.formulaire.creation_sondage_autre.click()">'. _("Make a choice") .'</label></td></tr>'."\n";
#echo '<tr><td><button name="creation_sondage_autre_x" value="creation_sondage_autre_x" type="submit" /><img src="images/chart-32.png" alt="Next page" /><strong>'. _('Make a poll') . '</strong> </button></td></tr>'."\n";
#echo '</table>'."\n";
#echo '<br><br><br>'."\n";
2011-05-15 01:32:47 +02:00
echo '</div>' . " \n " ;
echo '</form>' . " \n " ;
//bandeau de pied
bandeau_pied ();
echo '</body>' . " \n " ;
2011-05-15 03:56:54 +02:00
echo '</html>' . " \n " ;