2015-03-29 22:13:22 +02:00
< ? php
/**
* This software is governed by the CeCILL - B license . If a copy of this license
* is not distributed with this file , you can obtain one at
* http :// www . cecill . info / licences / Licence_CeCILL - B_V1 - en . txt
*
2015-04-05 15:41:19 +02:00
* Authors of STUdS ( initial project ) : Guilhem BORGHESI ( borghesi @ unistra . fr ) and Rapha<EFBFBD> l DROZ
2016-08-04 22:26:37 +02:00
* Authors of Framadate / OpenSondage : Framasoft ( https :// github . com / framasoft )
2015-03-29 22:13:22 +02:00
*
* =============================
*
2015-04-05 15:41:19 +02:00
* Ce logiciel est r<EFBFBD> gi par la licence CeCILL - B . Si une copie de cette licence
2015-03-29 22:13:22 +02:00
* ne se trouve pas avec ce fichier vous pouvez l ' obtenir sur
* http :// www . cecill . info / licences / Licence_CeCILL - B_V1 - fr . txt
*
2015-04-05 15:41:19 +02:00
* Auteurs de STUdS ( projet initial ) : Guilhem BORGHESI ( borghesi @ unistra . fr ) et Rapha<EFBFBD> l DROZ
2015-03-29 22:13:22 +02:00
* Auteurs de Framadate / OpenSondage : Framasoft ( https :// github . com / framasoft )
*/
use Framadate\Form ;
2015-12-05 17:27:18 +01:00
use Framadate\Repositories\RepositoryFactory ;
2015-12-05 16:03:01 +01:00
use Framadate\Security\PasswordHasher ;
2015-04-11 16:02:07 +02:00
use Framadate\Services\InputService ;
2015-03-29 22:13:22 +02:00
use Framadate\Utils ;
include_once __DIR__ . '/app/inc/init.php' ;
const GO_TO_STEP_2 = 'gotostep2' ;
2015-04-11 16:02:07 +02:00
/* Services */
/*----------*/
$inputService = new InputService ();
2015-12-05 17:27:18 +01:00
$pollRepository = RepositoryFactory :: pollRepository ();
2015-04-11 16:02:07 +02:00
/* PAGE */
/* ---- */
2018-12-04 18:02:54 +01:00
$form = isset ( $_SESSION [ 'form' ]) ? unserialize ( $_SESSION [ 'form' ]) : null ;
2015-04-11 16:02:07 +02:00
2018-12-04 18:02:54 +01:00
if ( $form === null && ! ( $form instanceof Form )) {
$form = new Form ();
2015-03-29 22:13:22 +02:00
}
// Type de sondage
2021-12-20 17:46:50 +01:00
if (( isset ( $_GET [ 'type' ]) && $_GET [ 'type' ] === 'date' ) ||
( isset ( $_POST [ 'type' ]) && $_POST [ 'type' ] === 'date' )
2015-03-29 22:13:22 +02:00
) {
$poll_type = 'date' ;
2018-12-04 18:02:54 +01:00
$form -> choix_sondage = $poll_type ;
2015-03-29 22:13:22 +02:00
} else {
$poll_type = 'classic' ;
2018-12-04 18:02:54 +01:00
$form -> choix_sondage = $poll_type ;
2015-03-29 22:13:22 +02:00
}
// We clean the data
$goToStep2 = filter_input ( INPUT_POST , GO_TO_STEP_2 , FILTER_VALIDATE_REGEXP , [ 'options' => [ 'regexp' => '/^(date|classic)$/' ]]);
2015-04-11 16:02:07 +02:00
if ( $goToStep2 ) {
$title = $inputService -> filterTitle ( $_POST [ 'title' ]);
2018-02-20 13:06:58 +01:00
2021-12-20 17:46:50 +01:00
$use_ValueMax = isset ( $_POST [ 'use_ValueMax' ]) && $inputService -> filterBoolean ( $_POST [ 'use_ValueMax' ]);
2018-03-29 12:54:48 +02:00
$ValueMax = $use_ValueMax === true ? $inputService -> filterValueMax ( $_POST [ 'ValueMax' ]) : null ;
2018-02-20 13:06:58 +01:00
2021-12-20 17:46:50 +01:00
$use_customized_url = isset ( $_POST [ 'use_customized_url' ]) && $inputService -> filterBoolean ( $_POST [ 'use_customized_url' ]);
2018-02-19 00:18:43 +01:00
$customized_url = $use_customized_url === true ? $inputService -> filterId ( $_POST [ 'customized_url' ]) : null ;
2021-03-22 19:04:44 +01:00
$name = mb_substr ( $inputService -> filterName ( $_POST [ 'name' ]), 0 , 32 );
2018-02-19 00:18:43 +01:00
$mail = $config [ 'use_smtp' ] === true ? $inputService -> filterMail ( $_POST [ 'mail' ]) : null ;
2015-04-11 16:02:07 +02:00
$description = $inputService -> filterDescription ( $_POST [ 'description' ]);
$editable = $inputService -> filterEditable ( $_POST [ 'editable' ]);
2021-12-20 17:46:50 +01:00
$receiveNewVotes = isset ( $_POST [ 'receiveNewVotes' ]) && $inputService -> filterBoolean ( $_POST [ 'receiveNewVotes' ]);
$receiveNewComments = isset ( $_POST [ 'receiveNewComments' ]) && $inputService -> filterBoolean ( $_POST [ 'receiveNewComments' ]);
$hidden = isset ( $_POST [ 'hidden' ]) && $inputService -> filterBoolean ( $_POST [ 'hidden' ]);
2015-04-09 17:53:00 +02:00
$use_password = filter_input ( INPUT_POST , 'use_password' , FILTER_VALIDATE_REGEXP , [ 'options' => [ 'regexp' => BOOLEAN_REGEX ]]);
2021-12-20 17:46:50 +01:00
$password = $_POST [ 'password' ] ? ? null ;
$password_repeat = $_POST [ 'password_repeat' ] ? ? null ;
2015-04-09 17:53:00 +02:00
$results_publicly_visible = filter_input ( INPUT_POST , 'results_publicly_visible' , FILTER_VALIDATE_REGEXP , [ 'options' => [ 'regexp' => BOOLEAN_REGEX ]]);
2015-03-29 22:13:22 +02:00
2015-04-11 16:02:07 +02:00
// On initialise également les autres variables
$error_on_mail = false ;
$error_on_title = false ;
$error_on_name = false ;
$error_on_description = false ;
2015-04-09 17:53:00 +02:00
$error_on_password = false ;
$error_on_password_repeat = false ;
2016-08-04 21:44:31 +02:00
$error_on_customized_url = false ;
2018-02-20 13:06:58 +01:00
$error_on_ValueMax = false ;
2018-12-04 18:02:54 +01:00
$form -> title = $title ;
$form -> id = $customized_url ;
$form -> use_customized_url = $use_customized_url ;
$form -> use_ValueMax = $use_ValueMax ;
$form -> ValueMax = $ValueMax ;
$form -> admin_name = $name ;
$form -> admin_mail = $mail ;
$form -> description = $description ;
$form -> editable = $editable ;
$form -> receiveNewVotes = $receiveNewVotes ;
$form -> receiveNewComments = $receiveNewComments ;
$form -> hidden = $hidden ;
$form -> use_password = ( $use_password !== null );
$form -> results_publicly_visible = ( $results_publicly_visible !== null );
2015-04-09 17:53:00 +02:00
2018-03-29 12:54:48 +02:00
if ( $config [ 'use_smtp' ] === true && empty ( $mail )) {
$error_on_mail = true ;
2015-03-29 22:13:22 +02:00
}
if ( $title !== $_POST [ 'title' ]) {
$error_on_title = true ;
}
2016-08-04 21:44:31 +02:00
if ( $use_customized_url ) {
if ( $customized_url === false ) {
$error_on_customized_url = true ;
} else if ( $pollRepository -> existsById ( $customized_url )) {
$error_on_customized_url = true ;
$error_on_customized_url_msg = __ ( 'Error' , 'Poll id already used' );
2018-05-17 16:22:41 +02:00
} else if ( in_array ( $customized_url , [ 'admin' , 'vote' , 'action' ], true )) {
$error_on_customized_url = true ;
$error_on_customized_url_msg = __ ( 'Error' , 'This id is not allowed' );
2016-03-14 23:45:47 +01:00
}
2015-12-05 16:03:01 +01:00
}
2018-03-29 12:54:48 +02:00
if ( $use_ValueMax && $ValueMax === false ) {
$error_on_ValueMax = true ;
2018-02-20 13:06:58 +01:00
}
2015-03-29 22:13:22 +02:00
if ( $name !== $_POST [ 'name' ]) {
$error_on_name = true ;
}
2015-05-29 18:33:55 +02:00
if ( $description === false ) {
2015-03-29 22:13:22 +02:00
$error_on_description = true ;
}
// Si pas d'erreur dans l'adresse alors on change de page vers date ou autre
2018-02-19 00:18:43 +01:00
if ( $config [ 'use_smtp' ] === true ) {
2015-03-29 22:13:22 +02:00
$email_OK = $mail && ! $error_on_mail ;
} else {
$email_OK = true ;
}
2015-04-09 17:53:00 +02:00
if ( $use_password ) {
if ( empty ( $password )) {
$error_on_password = true ;
2018-02-19 00:18:43 +01:00
} else if ( $password !== $password_repeat ) {
2015-04-09 17:53:00 +02:00
$error_on_password_repeat = true ;
}
}
2016-08-04 21:44:31 +02:00
if ( $title && $name && $email_OK && ! $error_on_title && ! $error_on_customized_url && ! $error_on_description && ! $error_on_name
2018-02-20 13:06:58 +01:00
&& ! $error_on_password && ! $error_on_password_repeat &&! $error_on_ValueMax
2015-12-05 16:03:01 +01:00
) {
2015-04-09 18:18:05 +02:00
// If no errors, we hash the password if needed
2018-12-04 18:02:54 +01:00
if ( $form -> use_password ) {
$form -> password_hash = PasswordHasher :: hash ( $password );
2015-04-09 18:18:05 +02:00
} else {
2018-12-04 18:02:54 +01:00
$form -> password_hash = null ;
$form -> results_publicly_visible = null ;
2015-04-09 18:18:05 +02:00
}
2018-12-04 18:02:54 +01:00
$_SESSION [ 'form' ] = serialize ( $form );
2018-02-19 00:18:43 +01:00
if ( $goToStep2 === 'date' ) {
2015-03-29 22:13:22 +02:00
header ( 'Location:create_date_poll.php' );
exit ();
}
2018-02-19 00:18:43 +01:00
if ( $goToStep2 === 'classic' ) {
2015-03-29 22:13:22 +02:00
header ( 'Location:create_classic_poll.php' );
exit ();
}
} else {
// Title Erreur !
2015-04-11 15:05:21 +02:00
$title = __ ( 'Error' , 'Error!' ) . ' - ' . __ ( 'Step 1' , 'Poll creation (1 on 3)' );
2015-03-29 22:13:22 +02:00
}
} else {
// Title OK (formulaire pas encore rempli)
$title = __ ( 'Step 1' , 'Poll creation (1 on 3)' );
}
// Prepare error messages
2018-02-19 00:18:43 +01:00
$errors = [
'title' => [
2015-03-29 22:13:22 +02:00
'msg' => '' ,
'aria' => '' ,
'class' => ''
2018-02-19 00:18:43 +01:00
],
'customized_url' => [
2015-12-05 16:03:01 +01:00
'msg' => '' ,
'aria' => '' ,
'class' => ''
2018-02-19 00:18:43 +01:00
],
'description' => [
2015-03-29 22:13:22 +02:00
'msg' => '' ,
'aria' => '' ,
'class' => ''
2018-02-19 00:18:43 +01:00
],
'name' => [
2015-03-29 22:13:22 +02:00
'msg' => '' ,
'aria' => '' ,
'class' => ''
2018-02-19 00:18:43 +01:00
],
'email' => [
2015-03-29 22:13:22 +02:00
'msg' => '' ,
'aria' => '' ,
'class' => ''
2018-02-19 00:18:43 +01:00
],
'password' => [
2015-04-09 17:53:00 +02:00
'msg' => '' ,
'aria' => '' ,
'class' => ''
2018-02-20 13:06:58 +01:00
],
'ValueMax' => [
'msg' => '' ,
'aria' => '' ,
'class' => ''
2018-02-19 00:18:43 +01:00
],
'password_repeat' => [
2015-04-09 17:53:00 +02:00
'msg' => '' ,
'aria' => '' ,
'class' => ''
2018-02-20 13:06:58 +01:00
],
2018-02-19 00:18:43 +01:00
];
2015-03-29 22:13:22 +02:00
if ( ! empty ( $_POST [ GO_TO_STEP_2 ])) {
if ( empty ( $_POST [ 'title' ])) {
$errors [ 'title' ][ 'aria' ] = 'aria-describeby="poll_title_error" ' ;
$errors [ 'title' ][ 'class' ] = ' has-error' ;
$errors [ 'title' ][ 'msg' ] = __ ( 'Error' , 'Enter a title' );
} elseif ( $error_on_title ) {
$errors [ 'title' ][ 'aria' ] = 'aria-describeby="poll_title_error" ' ;
$errors [ 'title' ][ 'class' ] = ' has-error' ;
$errors [ 'title' ][ 'msg' ] = __ ( 'Error' , 'Something is wrong with the format' );
}
2016-08-04 21:44:31 +02:00
if ( $error_on_customized_url ) {
$errors [ 'customized_url' ][ 'aria' ] = 'aria-describeby="customized_url" ' ;
$errors [ 'customized_url' ][ 'class' ] = ' has-error' ;
2021-12-20 17:46:50 +01:00
$errors [ 'customized_url' ][ 'msg' ] = $error_on_customized_url_msg ? ? __ ( 'Error' , " Something is wrong with the format: customized urls should only consist of alphanumeric characters and hyphens. " );
2015-12-05 16:03:01 +01:00
}
2015-03-29 22:13:22 +02:00
if ( $error_on_description ) {
$errors [ 'description' ][ 'aria' ] = 'aria-describeby="poll_comment_error" ' ;
$errors [ 'description' ][ 'class' ] = ' has-error' ;
$errors [ 'description' ][ 'msg' ] = __ ( 'Error' , 'Something is wrong with the format' );
}
if ( empty ( $_POST [ 'name' ])) {
$errors [ 'name' ][ 'aria' ] = 'aria-describeby="poll_name_error" ' ;
$errors [ 'name' ][ 'class' ] = ' has-error' ;
$errors [ 'name' ][ 'msg' ] = __ ( 'Error' , 'Enter a name' );
2021-03-22 19:04:44 +01:00
} elseif ( mb_strlen ( $inputService -> filterName ( $_POST [ 'name' ])) > 32 ) {
$errors [ 'name' ][ 'aria' ] = 'aria-describeby="poll_name_error" ' ;
$errors [ 'name' ][ 'class' ] = ' has-error' ;
$errors [ 'name' ][ 'msg' ] = __ ( 'Error' , " Name is limited to 32 characters " );
2015-03-29 22:13:22 +02:00
} elseif ( $error_on_name ) {
$errors [ 'name' ][ 'aria' ] = 'aria-describeby="poll_name_error" ' ;
$errors [ 'name' ][ 'class' ] = ' has-error' ;
2018-03-29 12:54:48 +02:00
$errors [ 'name' ][ 'msg' ] = __ ( 'Error' , " Something is wrong with the format: name shouldn't have any spaces before or after " );
2015-03-29 22:13:22 +02:00
}
if ( empty ( $_POST [ 'mail' ])) {
$errors [ 'email' ][ 'aria' ] = 'aria-describeby="poll_name_error" ' ;
$errors [ 'email' ][ 'class' ] = ' has-error' ;
$errors [ 'email' ][ 'msg' ] = __ ( 'Error' , 'Enter an email address' );
} elseif ( $error_on_mail ) {
$errors [ 'email' ][ 'aria' ] = 'aria-describeby="poll_email_error" ' ;
$errors [ 'email' ][ 'class' ] = ' has-error' ;
$errors [ 'email' ][ 'msg' ] = __ ( 'Error' , 'The address is not correct! You should enter a valid email address (like r.stallman@outlock.com) in order to receive the link to your poll.' );
}
2015-04-09 17:53:00 +02:00
if ( $error_on_password ) {
$errors [ 'password' ][ 'aria' ] = 'aria-describeby="poll_password_error" ' ;
$errors [ 'password' ][ 'class' ] = ' has-error' ;
$errors [ 'password' ][ 'msg' ] = __ ( 'Error' , 'Password is empty' );
}
if ( $error_on_password_repeat ) {
$errors [ 'password_repeat' ][ 'aria' ] = 'aria-describeby="poll_password_repeat_error" ' ;
$errors [ 'password_repeat' ][ 'class' ] = ' has-error' ;
$errors [ 'password_repeat' ][ 'msg' ] = __ ( 'Error' , 'Passwords do not match' );
}
2018-02-20 13:06:58 +01:00
if ( $error_on_ValueMax ) {
$errors [ 'ValueMax' ][ 'aria' ] = 'aria-describeby="poll_ValueMax" ' ;
$errors [ 'ValueMax' ][ 'class' ] = ' has-error' ;
2018-03-29 12:54:48 +02:00
$errors [ 'ValueMax' ][ 'msg' ] = __ ( 'Error' , 'Error on amount of voters limitation : value must be an integer greater than 0' );
2018-02-20 13:06:58 +01:00
}
2015-03-29 22:13:22 +02:00
}
$useRemoteUser = USE_REMOTE_USER && isset ( $_SERVER [ 'REMOTE_USER' ]);
$smarty -> assign ( 'title' , $title );
$smarty -> assign ( 'useRemoteUser' , $useRemoteUser );
$smarty -> assign ( 'errors' , $errors );
2018-03-29 12:54:48 +02:00
$smarty -> assign ( 'advanced_errors' , $goToStep2 && ( $error_on_ValueMax || $error_on_customized_url || $error_on_password || $error_on_password_repeat ));
2015-03-29 22:13:22 +02:00
$smarty -> assign ( 'use_smtp' , $config [ 'use_smtp' ]);
2016-06-27 12:24:12 +02:00
$smarty -> assign ( 'default_to_marldown_editor' , $config [ 'markdown_editor_by_default' ]);
2015-03-29 22:13:22 +02:00
$smarty -> assign ( 'goToStep2' , GO_TO_STEP_2 );
$smarty -> assign ( 'poll_type' , $poll_type );
2018-12-04 18:02:54 +01:00
$smarty -> assign ( 'poll_title' , Utils :: fromPostOrDefault ( 'title' , $form -> title ));
$smarty -> assign ( 'customized_url' , Utils :: fromPostOrDefault ( 'customized_url' , $form -> id ));
$smarty -> assign ( 'use_customized_url' , Utils :: fromPostOrDefault ( 'use_customized_url' , $form -> use_customized_url ));
$smarty -> assign ( 'ValueMax' , Utils :: fromPostOrDefault ( 'ValueMax' , $form -> ValueMax ));
$smarty -> assign ( 'use_ValueMax' , Utils :: fromPostOrDefault ( 'use_ValueMax' , $form -> use_ValueMax ));
$smarty -> assign ( 'poll_description' , ! empty ( $_POST [ 'description' ]) ? $_POST [ 'description' ] : $form -> description );
$smarty -> assign ( 'poll_name' , Utils :: fromPostOrDefault ( 'name' , $form -> admin_name ));
$smarty -> assign ( 'poll_mail' , Utils :: fromPostOrDefault ( 'mail' , $form -> admin_mail ));
$smarty -> assign ( 'poll_editable' , Utils :: fromPostOrDefault ( 'editable' , $form -> editable ));
$smarty -> assign ( 'poll_receiveNewVotes' , Utils :: fromPostOrDefault ( 'receiveNewVotes' , $form -> receiveNewVotes ));
$smarty -> assign ( 'poll_receiveNewComments' , Utils :: fromPostOrDefault ( 'receiveNewComments' , $form -> receiveNewComments ));
$smarty -> assign ( 'poll_hidden' , Utils :: fromPostOrDefault ( 'hidden' , $form -> hidden ));
$smarty -> assign ( 'poll_use_password' , Utils :: fromPostOrDefault ( 'use_password' , $form -> use_password ));
$smarty -> assign ( 'poll_results_publicly_visible' , Utils :: fromPostOrDefault ( 'results_publicly_visible' , $form -> results_publicly_visible ));
$smarty -> assign ( 'form' , $form );
2015-03-29 22:13:22 +02:00
$smarty -> display ( 'create_poll.tpl' );