2011-05-15 01:32:47 +02:00
< ? php
2014-09-04 17:52:18 +02:00
/**
* This software is governed by the CeCILL - B license . If a copy of this license
* is not distributed with this file , you can obtain one at
* http :// www . cecill . info / licences / Licence_CeCILL - B_V1 - en . txt
*
* Authors of STUdS ( initial project ) : Guilhem BORGHESI ( borghesi @ unistra . fr ) and Raphaël DROZ
2016-08-04 22:26:37 +02:00
* Authors of Framadate / OpenSondage : Framasoft ( https :// github . com / framasoft )
2014-09-04 17:52:18 +02:00
*
2014-07-04 11:21:31 +02:00
* =============================
2014-09-04 17:52:18 +02:00
*
* Ce logiciel est régi par la licence CeCILL - B . Si une copie de cette licence
* ne se trouve pas avec ce fichier vous pouvez l ' obtenir sur
* http :// www . cecill . info / licences / Licence_CeCILL - B_V1 - fr . txt
*
2014-07-04 11:21:31 +02:00
* Auteurs de STUdS ( projet initial ) : Guilhem BORGHESI ( borghesi @ unistra . fr ) et Raphaël DROZ
2014-09-04 17:52:18 +02:00
* Auteurs de Framadate / OpenSondage : Framasoft ( https :// github . com / framasoft )
2014-07-04 11:21:31 +02:00
*/
2018-02-19 00:18:43 +01:00
use Framadate\Editable ;
2016-03-05 16:05:37 +01:00
use Framadate\Exception\AlreadyExistsException ;
use Framadate\Exception\ConcurrentEditionException ;
2018-02-20 16:47:10 +01:00
use Framadate\Exception\ConcurrentVoteException ;
2018-02-19 00:18:43 +01:00
use Framadate\Message ;
use Framadate\Security\Token ;
2014-12-17 13:17:08 +01:00
use Framadate\Services\InputService ;
2018-02-19 00:18:43 +01:00
use Framadate\Services\LogService ;
2014-12-23 00:58:00 +01:00
use Framadate\Services\MailService ;
2015-10-13 01:03:41 +02:00
use Framadate\Services\NotificationService ;
2018-02-19 00:18:43 +01:00
use Framadate\Services\PollService ;
2015-10-28 17:30:42 +01:00
use Framadate\Services\SecurityService ;
2015-11-30 22:23:26 +01:00
use Framadate\Services\SessionService ;
2014-12-17 13:47:14 +01:00
use Framadate\Utils ;
2014-09-04 17:52:18 +02:00
include_once __DIR__ . '/app/inc/init.php' ;
2015-11-30 22:23:26 +01:00
/* Constantes */
/* ---------- */
const USER_REMEMBER_VOTES_KEY = 'UserVotes' ;
2014-12-17 13:17:08 +01:00
/* Variables */
2014-12-12 13:43:43 +01:00
/* --------- */
2014-12-23 00:58:00 +01:00
2014-12-17 13:47:14 +01:00
$poll_id = null ;
2014-12-17 23:20:12 +01:00
$poll = null ;
2014-12-17 13:17:08 +01:00
$message = null ;
2014-12-17 23:43:06 +01:00
$editingVoteId = 0 ;
2015-10-28 17:30:42 +01:00
$accessGranted = true ;
$resultPubliclyVisible = true ;
2018-02-19 00:18:43 +01:00
$slots = [];
$votes = [];
$comments = [];
2018-04-04 22:18:53 +02:00
$selectedNewVotes = [];
2014-12-14 00:16:49 +01:00
2014-12-16 00:02:01 +01:00
/* Services */
/*----------*/
2015-01-03 17:24:39 +01:00
2015-01-06 23:52:52 +01:00
$logService = new LogService ();
2014-12-25 00:55:52 +01:00
$pollService = new PollService ( $connect , $logService );
2014-12-17 13:17:08 +01:00
$inputService = new InputService ();
2018-05-25 15:50:35 +02:00
$mailService = new MailService ( $config [ 'use_smtp' ], $config [ 'smtp_options' ], $config [ 'use_sendmail' ]);
2015-10-13 01:03:41 +02:00
$notificationService = new NotificationService ( $mailService );
2015-10-28 17:30:42 +01:00
$securityService = new SecurityService ();
2015-11-30 22:23:26 +01:00
$sessionService = new SessionService ();
2014-12-23 00:58:00 +01:00
2014-12-12 13:43:43 +01:00
/* PAGE */
/* ---- */
2011-05-15 03:56:54 +02:00
2015-04-07 17:09:18 +02:00
if ( ! empty ( $_GET [ 'poll' ])) {
$poll_id = filter_input ( INPUT_GET , 'poll' , FILTER_VALIDATE_REGEXP , [ 'options' => [ 'regexp' => POLL_REGEX ]]);
2015-12-05 16:35:32 +01:00
$poll = $pollService -> findById ( $poll_id );
2014-09-04 17:52:18 +02:00
}
2014-12-12 13:43:43 +01:00
if ( ! $poll ) {
2015-04-07 20:06:24 +02:00
$smarty -> assign ( 'error' , __ ( 'Error' , 'This poll doesn\'t exist !' ));
2014-12-12 13:43:43 +01:00
$smarty -> display ( 'error.tpl' );
exit ;
2011-05-15 03:56:54 +02:00
}
2015-11-30 22:23:26 +01:00
$editedVoteUniqueId = $sessionService -> get ( USER_REMEMBER_VOTES_KEY , $poll_id , '' );
2014-12-17 13:39:12 +01:00
// -------------------------------
2015-10-28 17:30:42 +01:00
// Password verification
2014-12-17 13:39:12 +01:00
// -------------------------------
2015-10-28 17:30:42 +01:00
if ( ! is_null ( $poll -> password_hash )) {
// If we came from password submission
$password = isset ( $_POST [ 'password' ]) ? $_POST [ 'password' ] : null ;
if ( ! empty ( $password )) {
$securityService -> submitPollAccess ( $poll , $password );
}
2014-12-17 13:17:08 +01:00
2015-10-28 17:30:42 +01:00
if ( ! $securityService -> canAccessPoll ( $poll )) {
$accessGranted = false ;
2014-12-17 13:17:08 +01:00
}
2015-10-28 17:30:42 +01:00
$resultPubliclyVisible = $poll -> results_publicly_visible ;
if ( ! $accessGranted && ! empty ( $password )) {
$message = new Message ( 'danger' , __ ( 'Password' , 'Wrong password' ));
} else if ( ! $accessGranted && ! $resultPubliclyVisible ) {
$message = new Message ( 'danger' , __ ( 'Password' , 'You have to provide a password to access the poll.' ));
} else if ( ! $accessGranted && $resultPubliclyVisible ) {
$message = new Message ( 'danger' , __ ( 'Password' , 'You have to provide a password so you can participate to the poll.' ));
}
}
// We allow actions only if access is granted
if ( $accessGranted ) {
// -------------------------------
// A vote is going to be edited
// -------------------------------
if ( ! empty ( $_GET [ 'vote' ])) {
$editingVoteId = filter_input ( INPUT_GET , 'vote' , FILTER_VALIDATE_REGEXP , [ 'options' => [ 'regexp' => POLL_REGEX ]]);
2014-12-17 13:17:08 +01:00
}
2014-12-16 00:45:16 +01:00
2015-10-28 17:30:42 +01:00
// -------------------------------
// Something to save (edit or add)
// -------------------------------
if ( ! empty ( $_POST [ 'save' ])) { // Save edition of an old vote
$name = $inputService -> filterName ( $_POST [ 'name' ]);
2018-03-18 10:40:38 +01:00
if ( empty ( $_POST [ 'mail' ]) || $inputService -> filterMail ( $_POST [ 'mail' ]) === false ) {
$mail = null ;
} else {
$mail = $inputService -> filterMail ( $_POST [ 'mail' ]);
}
2015-10-28 17:30:42 +01:00
$editedVote = filter_input ( INPUT_POST , 'save' , FILTER_VALIDATE_INT );
$choices = $inputService -> filterArray ( $_POST [ 'choices' ], FILTER_VALIDATE_REGEXP , [ 'options' => [ 'regexp' => CHOICE_REGEX ]]);
2016-03-05 16:05:37 +01:00
$slots_hash = $inputService -> filterMD5 ( $_POST [ 'control' ]);
2015-10-28 17:30:42 +01:00
if ( empty ( $editedVote )) {
2018-07-06 18:06:35 +02:00
$message = new Message ( 'danger' , __ ( 'Error' , 'Something has gone wrong...' ));
2015-10-28 17:30:42 +01:00
}
2018-02-19 00:18:43 +01:00
if ( count ( $choices ) !== count ( $_POST [ 'choices' ])) {
2015-10-28 17:30:42 +01:00
$message = new Message ( 'danger' , __ ( 'Error' , 'There is a problem with your choices' ));
}
2018-02-19 00:18:43 +01:00
if ( $message === null ) {
2015-10-28 17:30:42 +01:00
// Update vote
2016-03-05 16:05:37 +01:00
try {
2018-03-18 10:40:38 +01:00
$result = $pollService -> updateVote ( $poll_id , $editedVote , $name , $choices , $slots_hash , $mail );
2016-03-05 16:05:37 +01:00
if ( $result ) {
2018-02-19 00:18:43 +01:00
if ( $poll -> editable === Editable :: EDITABLE_BY_OWN ) {
2016-03-05 16:05:37 +01:00
$editedVoteUniqueId = filter_input ( INPUT_POST , 'edited_vote' , FILTER_VALIDATE_REGEXP , [ 'options' => [ 'regexp' => POLL_REGEX ]]);
2016-05-01 14:21:08 +02:00
$message = getMessageForOwnVoteEditableVote ( $sessionService , $smarty , $editedVoteUniqueId , $config [ 'use_smtp' ], $poll_id , $name );
2016-03-05 16:05:37 +01:00
} else {
2018-07-06 18:06:35 +02:00
$message = new Message ( 'success' , __ ( 'studs' , 'Vote updated' ));
2016-03-05 16:05:37 +01:00
}
$notificationService -> sendUpdateNotification ( $poll , NotificationService :: UPDATE_VOTE , $name );
2015-10-28 17:30:42 +01:00
} else {
2016-03-05 16:05:37 +01:00
$message = new Message ( 'danger' , __ ( 'Error' , 'Update vote failed' ));
2015-10-28 17:30:42 +01:00
}
2018-04-06 14:00:20 +02:00
} catch ( AlreadyExistsException $aee ) {
$message = new Message ( 'danger' , __ ( 'Error' , 'The name you\'ve chosen already exist in this poll!' ));
} catch ( ConcurrentEditionException $cee ) {
2016-03-05 16:05:37 +01:00
$message = new Message ( 'danger' , __ ( 'Error' , 'Poll has been updated before you vote' ));
2018-02-20 16:47:10 +01:00
} catch ( ConcurrentVoteException $cve ) {
$message = new Message ( 'danger' , __ ( 'Error' , " Your vote wasn't counted, because someone voted in the meantime and it conflicted with your choices and the poll conditions. Please retry. " ));
2015-04-07 17:58:45 +02:00
}
2014-12-16 00:45:16 +01:00
}
2015-10-28 17:30:42 +01:00
} elseif ( isset ( $_POST [ 'save' ])) { // Add a new vote
$name = $inputService -> filterName ( $_POST [ 'name' ]);
2018-03-18 10:40:38 +01:00
if ( empty ( $_POST [ 'mail' ]) || $inputService -> filterMail ( $_POST [ 'mail' ]) === false ) {
$mail = null ;
} else {
$mail = $inputService -> filterMail ( $_POST [ 'mail' ]);
}
2015-10-28 17:30:42 +01:00
$choices = $inputService -> filterArray ( $_POST [ 'choices' ], FILTER_VALIDATE_REGEXP , [ 'options' => [ 'regexp' => CHOICE_REGEX ]]);
2016-03-05 16:05:37 +01:00
$slots_hash = $inputService -> filterMD5 ( $_POST [ 'control' ]);
2014-12-17 13:17:08 +01:00
2018-02-19 00:18:43 +01:00
if ( $name === null ) {
2015-10-28 17:30:42 +01:00
$message = new Message ( 'danger' , __ ( 'Error' , 'The name is invalid.' ));
}
2018-02-19 00:18:43 +01:00
if ( count ( $choices ) !== count ( $_POST [ 'choices' ])) {
2015-10-28 17:30:42 +01:00
$message = new Message ( 'danger' , __ ( 'Error' , 'There is a problem with your choices' ));
}
2014-12-16 00:45:16 +01:00
2018-02-19 00:18:43 +01:00
if ( $message === null ) {
2015-10-28 17:30:42 +01:00
// Add vote
2016-03-05 16:05:37 +01:00
try {
2018-03-18 10:40:38 +01:00
$result = $pollService -> addVote ( $poll_id , $name , $choices , $slots_hash , $mail );
2016-03-05 16:05:37 +01:00
if ( $result ) {
2018-03-21 15:28:58 +01:00
if ( intval ( $poll -> editable ) === Editable :: EDITABLE_BY_OWN ) {
2016-03-05 16:05:37 +01:00
$editedVoteUniqueId = $result -> uniqId ;
2016-05-01 14:21:08 +02:00
$message = getMessageForOwnVoteEditableVote ( $sessionService , $smarty , $editedVoteUniqueId , $config [ 'use_smtp' ], $poll_id , $name );
2016-03-05 16:05:37 +01:00
} else {
2018-07-06 18:06:35 +02:00
$message = new Message ( 'success' , __ ( 'studs' , 'Vote added' ));
2016-03-05 16:05:37 +01:00
}
$notificationService -> sendUpdateNotification ( $poll , NotificationService :: ADD_VOTE , $name );
2015-10-28 17:30:42 +01:00
} else {
2016-03-05 16:05:37 +01:00
$message = new Message ( 'danger' , __ ( 'Error' , 'Adding vote failed' ));
2015-10-28 17:30:42 +01:00
}
2016-03-05 16:05:37 +01:00
} catch ( AlreadyExistsException $aee ) {
$message = new Message ( 'danger' , __ ( 'Error' , 'You already voted' ));
2018-04-04 22:18:53 +02:00
$selectedNewVotes = $choices ;
2016-03-05 16:05:37 +01:00
} catch ( ConcurrentEditionException $cee ) {
$message = new Message ( 'danger' , __ ( 'Error' , 'Poll has been updated before you vote' ));
2018-02-20 16:47:10 +01:00
} catch ( ConcurrentVoteException $cve ) {
$message = new Message ( 'danger' , __ ( 'Error' , " Your vote wasn't counted, because someone voted in the meantime and it conflicted with your choices and the poll conditions. Please retry. " ));
2015-04-05 17:44:29 +02:00
}
2014-12-16 00:45:16 +01:00
}
}
}
2014-12-17 13:47:14 +01:00
2016-05-01 14:21:08 +02:00
// Functions
function getMessageForOwnVoteEditableVote ( SessionService & $sessionService , Smarty & $smarty , $editedVoteUniqueId , $canUseSMTP , $poll_id , $name ) {
$sessionService -> set ( USER_REMEMBER_VOTES_KEY , $poll_id , $editedVoteUniqueId );
$urlEditVote = Utils :: getUrlSondage ( $poll_id , false , $editedVoteUniqueId );
$message = new Message (
'success' ,
2018-07-06 18:06:35 +02:00
__ ( 'studs' , 'Your vote has been saved, but please note: you need to keep this personalised link to be able to edit your vote.' ),
2016-05-01 14:21:08 +02:00
$urlEditVote ,
2016-05-03 21:09:41 +02:00
__f ( 'Poll results' , 'Edit the line: %s' , $name ),
2016-05-01 14:21:08 +02:00
'glyphicon-pencil' );
if ( $canUseSMTP ) {
$token = new Token ();
$sessionService -> set ( " Common " , SESSION_EDIT_LINK_TOKEN , $token );
$smarty -> assign ( 'editedVoteUniqueId' , $editedVoteUniqueId );
$smarty -> assign ( 'token' , $token -> getValue ());
$smarty -> assign ( 'poll_id' , $poll_id );
$message -> includeTemplate = $smarty -> fetch ( 'part/form_remember_edit_link.tpl' );
$smarty -> clearAssign ( 'token' );
}
return $message ;
}
2014-12-12 13:43:43 +01:00
// Retrieve data
2015-12-07 13:57:29 +01:00
if ( $resultPubliclyVisible || $accessGranted ) {
2015-10-28 17:30:42 +01:00
$slots = $pollService -> allSlotsByPoll ( $poll );
$votes = $pollService -> allVotesByPollId ( $poll_id );
$comments = $pollService -> allCommentsByPollId ( $poll_id );
}
2014-10-21 01:31:26 +02:00
2014-12-12 13:43:43 +01:00
// Assign data to template
$smarty -> assign ( 'poll_id' , $poll_id );
$smarty -> assign ( 'poll' , $poll );
2015-04-07 20:06:24 +02:00
$smarty -> assign ( 'title' , __ ( 'Generic' , 'Poll' ) . ' - ' . $poll -> title );
2015-03-13 12:56:45 +01:00
$smarty -> assign ( 'expired' , strtotime ( $poll -> end_date ) < time ());
2015-05-29 17:46:29 +02:00
$smarty -> assign ( 'deletion_date' , strtotime ( $poll -> end_date ) + PURGE_DELAY * 86400 );
2014-12-27 00:00:14 +01:00
$smarty -> assign ( 'slots' , $poll -> format === 'D' ? $pollService -> splitSlots ( $slots ) : $slots );
2016-03-05 16:05:37 +01:00
$smarty -> assign ( 'slots_hash' , $pollService -> hashSlots ( $slots ));
2014-12-17 13:17:08 +01:00
$smarty -> assign ( 'votes' , $pollService -> splitVotes ( $votes ));
2018-04-05 17:34:43 +02:00
$smarty -> assign ( 'best_choices' , $pollService -> computeBestChoices ( $votes , $poll ));
2014-12-15 13:49:25 +01:00
$smarty -> assign ( 'comments' , $comments );
2014-12-16 00:45:16 +01:00
$smarty -> assign ( 'editingVoteId' , $editingVoteId );
2014-12-17 13:17:08 +01:00
$smarty -> assign ( 'message' , $message );
2014-12-17 23:43:06 +01:00
$smarty -> assign ( 'admin' , false );
2015-04-06 12:39:58 +02:00
$smarty -> assign ( 'hidden' , $poll -> hidden );
2015-10-28 17:30:42 +01:00
$smarty -> assign ( 'accessGranted' , $accessGranted );
$smarty -> assign ( 'resultPubliclyVisible' , $resultPubliclyVisible );
2015-11-05 21:26:59 +01:00
$smarty -> assign ( 'editedVoteUniqueId' , $editedVoteUniqueId );
2018-02-20 13:06:58 +01:00
$smarty -> assign ( 'ValueMax' , $poll -> ValueMax );
2018-04-04 22:18:53 +02:00
$smarty -> assign ( 'selectedNewVotes' , $selectedNewVotes );
2014-09-04 17:52:18 +02:00
2014-12-12 13:43:43 +01:00
$smarty -> display ( 'studs.tpl' );