2011-05-15 01:32:47 +02:00
< ? php
2014-07-04 11:21:31 +02:00
/* This software is governed by the CeCILL - B license . If a copy of this license
* is not distributed with this file , you can obtain one at
* http :// www . cecill . info / licences / Licence_CeCILL_V2 . 1 - en . txt
*
* Authors of STUdS ( initial project ) : Guilhem BORGHESI ( borghesi @ unistra . fr ) and Raphaël DROZ
* Authors of OpenSondage : Framasoft ( https :// github . com / framasoft )
*
* =============================
*
* Ce logiciel est régi par la licence CeCILL - B . Si une copie de cette licence
* ne se trouve pas avec ce fichier vous pouvez l ' obtenir sur
* http :// www . cecill . info / licences / Licence_CeCILL_V2 . 1 - fr . txt
*
* Auteurs de STUdS ( projet initial ) : Guilhem BORGHESI ( borghesi @ unistra . fr ) et Raphaël DROZ
* Auteurs d ' OpenSondage : Framasoft ( https :// github . com / framasoft )
*/
2011-05-15 03:56:54 +02:00
if ( ini_get ( 'date.timezone' ) == '' ) {
2011-05-15 01:32:47 +02:00
date_default_timezone_set ( " Europe/Paris " );
2011-05-15 03:56:54 +02:00
}
2011-05-15 01:32:47 +02:00
include_once ( 'variables.php' );
include_once ( 'i18n.php' );
require_once ( 'adodb/adodb.inc.php' );
2011-05-15 03:56:54 +02:00
function connexion_base ()
{
$DB = NewADOConnection ( BASE_TYPE );
$DB -> Connect ( SERVEURBASE , USERBASE , USERPASSWD , BASE );
//$DB->debug = true;
return $DB ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
function get_server_name ()
{
2013-03-04 19:46:06 +01:00
$scheme = ( isset ( $_SERVER [ " HTTPS " ]) && $_SERVER [ " HTTPS " ] == 'on' ) ? 'https' : 'http' ;
2014-07-04 11:21:31 +02:00
$port = in_array ( $_SERVER [ 'SERVER_PORT' ], array ( 80 , 443 )) ? '/' : ':' . $_SERVER [ 'SERVER_PORT' ] . '/' ;
$server_name = $_SERVER [ 'SERVER_NAME' ] . $port . dirname ( $_SERVER [ 'SCRIPT_NAME' ]) . '/' ;
return $scheme . '://' . str_replace ( " /// " , " / " , $server_name );
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
function get_sondage_from_id ( $id )
{
2011-05-15 01:32:47 +02:00
global $connect ;
2013-03-04 19:46:06 +01:00
2011-05-15 01:32:47 +02:00
// Ouverture de la base de données
if ( preg_match ( " ;^[ \ w \ d] { 16} $ ;i " , $id )) {
2011-05-15 01:43:25 +02:00
$sql = ' SELECT sondage .* , sujet_studs . sujet FROM sondage
2011-05-15 03:56:54 +02:00
LEFT OUTER JOIN sujet_studs ON sondage . id_sondage = sujet_studs . id_sondage
WHERE sondage . id_sondage = '.$connect->Param(' id_sondage ' );
2013-03-04 19:46:06 +01:00
2011-05-15 01:43:25 +02:00
$sql = $connect -> Prepare ( $sql );
$sondage = $connect -> Execute ( $sql , array ( $id ));
2013-03-04 19:46:06 +01:00
2011-05-15 01:43:25 +02:00
if ( $sondage === false ) {
return false ;
}
2013-03-04 19:46:06 +01:00
2011-05-15 01:32:47 +02:00
$psondage = $sondage -> FetchObject ( false );
$psondage -> date_fin = strtotime ( $psondage -> date_fin );
return $psondage ;
}
2013-03-04 19:46:06 +01:00
2011-05-15 01:32:47 +02:00
return false ;
}
2011-05-15 03:56:54 +02:00
function is_error ( $cerr )
{
2011-05-15 01:32:47 +02:00
global $err ;
2011-05-15 03:56:54 +02:00
if ( $err == 0 ) {
2011-05-15 01:32:47 +02:00
return false ;
2011-05-15 03:56:54 +02:00
}
2013-03-04 19:46:06 +01:00
2011-05-15 01:32:47 +02:00
return (( $err & $cerr ) != 0 );
}
2011-05-15 03:56:54 +02:00
function is_user ()
{
2011-12-29 20:32:33 +01:00
return ( USE_REMOTE_USER && isset ( $_SERVER [ 'REMOTE_USER' ]) ) || ( isset ( $_SESSION [ 'nom' ]));
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2014-07-04 11:21:31 +02:00
function print_header ( $js = false , $nom_sondage = '' , $lang = 'fr' )
2011-05-15 03:56:54 +02:00
{
2014-06-11 19:19:17 +02:00
echo ' <! DOCTYPE html >
< html lang = " '. $lang .' " >
2011-05-15 03:56:54 +02:00
< head >
2014-06-11 19:19:17 +02:00
< meta charset = " utf-8 " > ' ;
2011-05-20 02:52:22 +02:00
if ( empty ( $nom_sondage ) === false ) {
echo '
2011-06-23 01:21:56 +02:00
< title > '.stripslashes($nom_sondage).' - '.NOMAPPLICATION.' </ title > ' ;
2011-05-20 02:52:22 +02:00
} else {
echo '
< title > '.NOMAPPLICATION.' </ title > ' ;
}
echo '
2014-06-11 19:19:17 +02:00
< link rel = " stylesheet " href = " '.get_server_name().'style.css " >
< link rel = " stylesheet " href = " '.get_server_name().'print.css " media = " print " > ' ;
2013-03-04 19:46:06 +01:00
2011-05-15 03:56:54 +02:00
echo '</head>' ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
function check_table_sondage ()
{
2011-05-15 01:32:47 +02:00
global $connect ;
$tables = $connect -> MetaTables ( 'TABLES' );
2011-05-15 03:56:54 +02:00
if ( in_array ( " sondage " , $tables )) {
2011-05-15 01:32:47 +02:00
return true ;
2011-05-15 03:56:54 +02:00
}
2011-05-15 01:32:47 +02:00
return false ;
}
2011-05-15 01:47:36 +02:00
/**
* Vérifie une adresse e - mail selon les normes RFC
2011-05-15 03:56:54 +02:00
* @ param string $email l ' adresse e - mail a vérifier
* @ return bool vrai si l ' adresse est correcte , faux sinon
2011-05-15 01:47:36 +02:00
* @ see http :// fightingforalostcause . net / misc / 2006 / compare - email - regex . php
* @ see http :// svn . php . net / viewvc / php / php - src / trunk / ext / filter / logical_filters . c ? view = markup
*/
2011-05-15 03:56:54 +02:00
function validateEmail ( $email )
{
2011-05-15 01:47:36 +02:00
$pattern = '/^(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){255,})(?!(?:(?:\\x22?\\x5C[\\x00-\\x7E]\\x22?)|(?:\\x22?[^\\x5C\\x22]\\x22?)){65,}@)(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22))(?:\\.(?:(?:[\\x21\\x23-\\x27\\x2A\\x2B\\x2D\\x2F-\\x39\\x3D\\x3F\\x5E-\\x7E]+)|(?:\\x22(?:[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F\\x21\\x23-\\x5B\\x5D-\\x7F]|(?:\\x5C[\\x00-\\x7F]))*\\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\\]))$/iD' ;
2013-03-04 19:46:06 +01:00
2011-05-15 01:47:36 +02:00
return ( bool ) preg_match ( $pattern , $email );
}
2012-01-09 01:26:44 +01:00
# Envoi un courrier avec un codage correct de To et Subject
# Les en-têtes complémentaires ne sont pas gérés
function sendEmail ( $to , $subject , $body , $headers , $param )
{
2012-01-18 00:41:23 +01:00
mb_internal_encoding ( " UTF-8 " );
2012-01-18 00:45:31 +01:00
$subject = mb_encode_mimeheader ( html_entity_decode ( $subject , ENT_QUOTES , 'UTF-8' ), " UTF-8 " , " B " , " \n " , 9 ) ;
2012-01-18 00:24:16 +01:00
2012-01-18 00:45:31 +01:00
$encoded_app = mb_encode_mimeheader ( NOMAPPLICATION , " UTF-8 " , " B " , " \n " , 6 ) ;
2012-01-18 00:51:23 +01:00
$size_encoded_app = ( 6 + strlen ( $encoded_app ) ) % 75 ;
2012-01-18 00:24:16 +01:00
$size_admin_email = strlen ( ADRESSEMAILADMIN ) ;
2012-01-09 01:26:44 +01:00
2012-01-18 00:51:23 +01:00
if ( ( $size_encoded_app + $size_admin_email + 9 ) > 74 ) {
2012-01-18 00:45:31 +01:00
$folding = " \n " ;
2012-01-18 00:33:42 +01:00
} else {
$folding = " " ;
} ;
2013-03-25 16:58:49 +01:00
// si $headers ne contient qu'une adresse email, on la considère comme adresse de reply-to, sinon on met l'adresse de no-reply definie dans variables.php
if ( validateEmail ( $headers )) {
$replyTo = $headers ;
$headers = " " ; // on reinitialise $headers
} else {
$replyTo = ADRESSEEMAILREPONSEAUTO ;
}
2012-01-18 00:24:16 +01:00
$from = sprintf ( " From: %s%s <%s> \n " , $encoded_app , $folding , ADRESSEMAILADMIN ) ;
2012-01-09 02:18:25 +01:00
2012-01-18 00:45:31 +01:00
if ( $headers ) $headers .= " \n " ;
2012-01-18 00:24:16 +01:00
$headers .= $from ;
2013-03-25 16:58:49 +01:00
$headers .= " Reply-To: $replyTo\n " ;
2012-01-18 00:45:31 +01:00
$headers .= " MIME-Version: 1.0 \n " ;
$headers .= " Content-Type: text/plain; charset=UTF-8 \n " ;
2012-01-11 20:45:13 +01:00
$headers .= " Content-Transfer-Encoding: 8bit " ;
2012-01-09 02:18:25 +01:00
2012-01-11 20:34:37 +01:00
$body = html_entity_decode ( $body , ENT_QUOTES , 'UTF-8' ) ;
2012-01-09 02:18:25 +01:00
2012-01-11 20:34:37 +01:00
mail ( $to , $subject , $body , $headers , $param ) ;
2012-01-09 02:18:25 +01:00
}
2011-05-15 03:56:54 +02:00
2011-05-15 04:49:16 +02:00
/**
* Fonction vérifiant l 'existance et la valeur non vide d' une clé d ' un tableau
* @ param string $name La clé à tester
* @ param array $tableau Le tableau où rechercher la clé ( $_POST par défaut )
* @ return bool Vrai si la clé existe et renvoie une valeur non vide
*/
function issetAndNoEmpty ( $name , $tableau = null )
{
if ( $tableau === null ) {
$tableau = $_POST ;
}
2013-03-04 19:46:06 +01:00
2011-05-15 04:49:16 +02:00
return ( isset ( $tableau [ $name ]) === true && empty ( $tableau [ $name ]) === false );
}
2011-05-20 02:52:22 +02:00
/**
* Fonction permettant de générer les URL pour les sondage
* @ param string $id L ' identifiant du sondage
* @ param bool $admin True pour générer une URL pour l 'administration d' un sondage , False pour un URL publique
* @ return string L ' url pour le sondage
*/
function getUrlSondage ( $id , $admin = false )
{
if ( URL_PROPRE === true ) {
if ( $admin === true ) {
2014-06-11 19:19:17 +02:00
$url = str_replace ( '/admin' , '' , get_server_name ()) . $id . '/admin' ;
2011-05-20 02:52:22 +02:00
} else {
2014-06-11 19:19:17 +02:00
$url = str_replace ( '/admin' , '' , get_server_name ()) . $id ;
2011-05-20 02:52:22 +02:00
}
} else {
if ( $admin === true ) {
2014-06-11 19:19:17 +02:00
$url = str_replace ( '/admin' , '' , get_server_name ()) . 'adminstuds.php?sondage=' . $id ;
2011-05-20 02:52:22 +02:00
} else {
2014-06-11 19:19:17 +02:00
$url = str_replace ( '/admin' , '' , get_server_name ()) . 'studs.php?sondage=' . $id ;
2011-05-20 02:52:22 +02:00
}
}
2013-03-04 19:46:06 +01:00
2011-05-20 02:52:22 +02:00
return $url ;
}
2012-01-11 00:02:02 +01:00
function remove_sondage ( $connect , $numsondage ){
2012-01-10 23:28:21 +01:00
$connect -> StartTrans ();
$req = 'DELETE FROM sondage WHERE id_sondage = ' . $connect -> Param ( 'numsondage' ) ;
$sql = $connect -> Prepare ( $req );
$connect -> Execute ( $sql , array ( $numsondage ));
$req = 'DELETE FROM sujet_studs WHERE id_sondage = ' . $connect -> Param ( 'numsondage' ) ;
$sql = $connect -> Prepare ( $req );
$connect -> Execute ( $sql , array ( $numsondage ));
$req = 'DELETE FROM user_studs WHERE id_sondage = ' . $connect -> Param ( 'numsondage' ) ;
$sql = $connect -> Prepare ( $req );
$connect -> Execute ( $sql , array ( $numsondage ));
$req = 'DELETE FROM comments WHERE id_sondage = ' . $connect -> Param ( 'numsondage' ) ;
$sql = $connect -> Prepare ( $req );
$connect -> Execute ( $sql , array ( $numsondage ));
$suppression_OK = ! $connect -> HasFailedTrans () ;
$connect -> CompleteTrans ();
return $suppression_OK ;
}
2011-05-20 02:52:22 +02:00
2011-05-15 03:56:54 +02:00
$connect = connexion_base ();
define ( 'COMMENT_EMPTY' , 0x0000000001 );
define ( 'COMMENT_USER_EMPTY' , 0x0000000010 );
define ( 'COMMENT_INSERT_FAILED' , 0x0000000100 );
define ( 'NAME_EMPTY' , 0x0000001000 );
define ( 'NAME_TAKEN' , 0x0000010000 );
define ( 'NO_POLL' , 0x0000100000 );
define ( 'NO_POLL_ID' , 0x0001000000 );
define ( 'INVALID_EMAIL' , 0x0010000000 );
define ( 'TITLE_EMPTY' , 0x0100000000 );
define ( 'INVALID_DATE' , 0x1000000000 );
2012-01-10 23:28:21 +01:00
$err = 0 ;