2011-05-15 01:32:47 +02:00
< ? php
2014-09-04 17:52:18 +02:00
/**
* This software is governed by the CeCILL - B license . If a copy of this license
* is not distributed with this file , you can obtain one at
* http :// www . cecill . info / licences / Licence_CeCILL - B_V1 - en . txt
*
* Authors of STUdS ( initial project ) : Guilhem BORGHESI ( borghesi @ unistra . fr ) and Raphaël DROZ
* Authors of Framadate / OpenSondate : Framasoft ( https :// github . com / framasoft )
*
2014-07-04 11:21:31 +02:00
* =============================
2014-09-04 17:52:18 +02:00
*
* Ce logiciel est régi par la licence CeCILL - B . Si une copie de cette licence
* ne se trouve pas avec ce fichier vous pouvez l ' obtenir sur
* http :// www . cecill . info / licences / Licence_CeCILL - B_V1 - fr . txt
*
2014-07-04 11:21:31 +02:00
* Auteurs de STUdS ( projet initial ) : Guilhem BORGHESI ( borghesi @ unistra . fr ) et Raphaël DROZ
2014-09-04 17:52:18 +02:00
* Auteurs de Framadate / OpenSondage : Framasoft ( https :// github . com / framasoft )
*/
namespace Framadate ;
2011-05-15 01:32:47 +02:00
session_start ();
2014-09-04 17:52:18 +02:00
include_once __DIR__ . '/app/inc/init.php' ;
2011-05-15 03:56:54 +02:00
if ( file_exists ( 'bandeaux_local.php' )) {
2014-09-04 17:52:18 +02:00
include_once ( 'bandeaux_local.php' );
2011-05-15 03:56:54 +02:00
} else {
2014-09-04 17:52:18 +02:00
include_once ( 'bandeaux.php' );
}
// Type de sondage : <button value="$_SESSION["choix_sondage"]">
if (( isset ( $_GET [ 'choix_sondage' ]) && $_GET [ 'choix_sondage' ] == 'date' ) ||
( isset ( $_POST [ " choix_sondage " ]) && $_POST [ " choix_sondage " ] == 'creation_sondage_date' )) {
$choix_sondage = " creation_sondage_date " ;
$_SESSION [ " choix_sondage " ] = $choix_sondage ;
} else {
$choix_sondage = " creation_sondage_autre " ;
$_SESSION [ " choix_sondage " ] = $choix_sondage ;
2011-05-15 03:56:54 +02:00
}
2011-05-15 01:32:47 +02:00
2011-05-15 05:03:10 +02:00
// On teste toutes les variables pour supprimer l'ensemble des warnings PHP
// On transforme en entites html les données afin éviter les failles XSS
2014-09-04 17:52:18 +02:00
$post_var = array ( 'poursuivre' , 'titre' , 'nom' , 'adresse' , 'commentaires' , 'studsplus' , 'mailsonde' , 'creation_sondage_date' , 'creation_sondage_autre' );
2011-05-15 05:03:10 +02:00
foreach ( $post_var as $var ) {
2014-09-04 17:52:18 +02:00
if ( isset ( $_POST [ $var ]) === true ) {
$$var = htmlentities ( $_POST [ $var ], ENT_QUOTES , 'UTF-8' );
} else {
$$var = null ;
}
2011-05-15 05:03:10 +02:00
}
// On initialise egalement la session car sinon bonjour les warning :-)
2014-09-04 17:52:18 +02:00
$session_var = array ( 'titre' , 'nom' , 'adresse' , 'commentaires' , 'mailsonde' , 'studsplus' , );
2011-05-15 05:03:10 +02:00
foreach ( $session_var as $var ) {
2014-09-04 17:52:18 +02:00
if ( Utils :: issetAndNoEmpty ( $var , $_SESSION ) === false ) {
$_SESSION [ $var ] = null ;
}
2011-05-15 05:03:10 +02:00
}
2013-03-05 10:58:01 +01:00
2011-05-15 05:03:10 +02:00
// On initialise également les autres variables
$erreur_adresse = false ;
$erreur_injection_titre = false ;
$erreur_injection_nom = false ;
$erreur_injection_commentaires = false ;
$cocheplus = '' ;
$cochemail = '' ;
2011-05-15 01:32:47 +02:00
#tests
2014-09-04 17:52:18 +02:00
if ( Utils :: issetAndNoEmpty ( " poursuivre " )){
$_SESSION [ " titre " ] = $titre ;
$_SESSION [ " nom " ] = $nom ;
$_SESSION [ " adresse " ] = $adresse ;
$_SESSION [ " commentaires " ] = $commentaires ;
unset ( $_SESSION [ " studsplus " ]);
$_SESSION [ " studsplus " ] = ( $studsplus !== null ) ? '+' : $_SESSION [ " studsplus " ] = '' ;
2013-03-05 10:58:01 +01:00
2014-09-04 17:52:18 +02:00
unset ( $_SESSION [ " mailsonde " ]);
$_SESSION [ " mailsonde " ] = ( $mailsonde !== null ) ? true : false ;
if ( Utils :: isValidEmail ( $adresse ) === false ) {
$erreur_adresse = true ;
2011-05-15 03:56:54 +02:00
}
2013-03-05 10:58:01 +01:00
2014-09-04 17:52:18 +02:00
if ( preg_match ( ';<|>|";' , $titre )) {
$erreur_injection_titre = true ;
2013-03-05 10:58:01 +01:00
}
2014-09-04 17:52:18 +02:00
if ( preg_match ( ';<|>|";' , $nom )) {
$erreur_injection_nom = true ;
2013-03-05 10:58:01 +01:00
}
2014-09-04 17:52:18 +02:00
if ( preg_match ( ';<|>|";' , $commentaires )) {
$erreur_injection_commentaires = true ;
2013-03-05 10:58:01 +01:00
}
2014-09-04 17:52:18 +02:00
// Si pas d'erreur dans l'adresse alors on change de page vers date ou autre
if ( $titre && $nom && $adresse && ! $erreur_adresse && ! $erreur_injection_titre && ! $erreur_injection_commentaires && ! $erreur_injection_nom ) {
if ( $poursuivre == " creation_sondage_date " ) {
header ( " Location:choix_date.php " );
exit ();
}
2013-03-05 10:58:01 +01:00
2014-09-04 17:52:18 +02:00
if ( $poursuivre == " creation_sondage_autre " ) {
header ( " Location:choix_autre.php " );
exit ();
}
} else {
// Title Erreur !
Utils :: print_header ( _ ( " Error! " ) . ' - ' . _ ( " Poll creation (1 on 3) " ) );
}
2014-06-11 19:19:17 +02:00
} else {
2014-09-04 17:52:18 +02:00
// Title OK (formulaire pas encore rempli)
Utils :: print_header ( _ ( " Poll creation (1 on 3) " ) );
2011-05-15 01:32:47 +02:00
}
2014-09-04 17:52:18 +02:00
bandeau_titre ( _ ( " Poll creation (1 on 3) " ) );
2011-05-15 01:32:47 +02:00
// premier sondage ? test l'existence des schémas SQL avant d'aller plus loin
2014-09-04 17:52:18 +02:00
if ( ! Utils :: check_table_sondage ()) {
echo '<div class="alert alert-danger text-center">' . _ ( " Framadate is not properly installed, please check the 'INSTALL' to setup the database before continuing. " ) . " </div> " . " \n " ;
2013-03-05 10:58:01 +01:00
2014-09-04 17:52:18 +02:00
bandeau_pied ();
2011-05-15 01:32:47 +02:00
2014-09-04 17:52:18 +02:00
die ();
}
2011-05-15 01:32:47 +02:00
2014-09-04 17:52:18 +02:00
/*
* Préparation des messages d ' erreur
*/
$errors = array (
'title' => array (
'msg' => '' ,
'aria' => '' ,
'class' => ''
),
'description' => array (
'msg' => '' ,
'aria' => '' ,
'class' => ''
),
'name' => array (
'msg' => '' ,
'aria' => '' ,
'class' => ''
),
'email' => array (
'msg' => '' ,
'aria' => '' ,
'class' => ''
)
);
if ( ! $_SESSION [ " titre " ] && Utils :: issetAndNoEmpty ( " poursuivre " ) ) {
$errors [ 'title' ][ 'aria' ] = 'aria-describeby="#poll_title_error" ' ; $errors [ 'title' ][ 'class' ] = ' has-error' ;
$errors [ 'title' ][ 'msg' ] = '<div class="alert alert-danger" ><p id="poll_title_error">' . _ ( " Enter a title " ) . '</p></div>' ;
2011-05-15 03:56:54 +02:00
} elseif ( $erreur_injection_titre ) {
2014-09-04 17:52:18 +02:00
$errors [ 'title' ][ 'aria' ] = 'aria-describeby="#poll_title_error" ' ; $errors [ 'title' ][ 'class' ] = ' has-error' ;
$errors [ 'title' ][ 'inject' ] = '<div class="alert alert-danger"><p id="poll_title_error">' . _ ( " Characters < > and \" are not permitted " ) . '</p></div>' ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
if ( $erreur_injection_commentaires ) {
2014-09-04 17:52:18 +02:00
$errors [ 'description' ][ 'aria' ] = 'aria-describeby="#poll_comment_error" ' ; $errors [ 'description' ][ 'class' ] = ' has-error' ;
$errors [ 'description' ][ 'msg' ] = '<div class="alert alert-danger"><p id="poll_comment_error">' . _ ( " Characters < > and \" are not permitted " ) . '</p></div>' ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2014-09-04 17:52:18 +02:00
if ( ! $_SESSION [ " nom " ] && Utils :: issetAndNoEmpty ( " poursuivre " )) {
$errors [ 'name' ][ 'aria' ] = 'aria-describeby="#poll_name_error" ' ; $errors [ 'name' ][ 'class' ] = ' has-error' ;
$errors [ 'name' ][ 'msg' ] = '<div class="alert alert-danger"><p id="poll_name_error">' . _ ( " Enter a name " ) . '</p></div>' ;
} elseif ( $erreur_injection_nom ) {
$errors [ 'name' ][ 'aria' ] = 'aria-describeby="#poll_name_error" ' ; $errors [ 'name' ][ 'class' ] = ' has-error' ;
$errors [ 'name' ][ 'msg' ] = '<div class="alert alert-danger"><p id="poll_name_error">' . _ ( " Characters < > and \" are not permitted " ) . '</p></div>' ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2014-09-04 17:52:18 +02:00
if ( ! $_SESSION [ " adresse " ] && Utils :: issetAndNoEmpty ( " poursuivre " )) {
$errors [ 'email' ][ 'aria' ] = 'aria-describeby="#poll_name_error" ' ; $errors [ 'email' ][ 'class' ] = ' has-error' ;
$errors [ 'email' ][ 'msg' ] = '<div class="alert alert-danger"><p id="poll_email_error">' . _ ( " Enter an email address " ) . '</p></div>' ;
} elseif ( $erreur_adresse && Utils :: issetAndNoEmpty ( " poursuivre " )) {
$errors [ 'email' ][ 'aria' ] = 'aria-describeby="#poll_email_error" ' ; $errors [ 'email' ][ 'class' ] = ' has-error' ;
$errors [ 'email' ][ 'msg' ] = '<div class="alert alert-danger"><p id="poll_email_error">' . _ ( " The address is not correct! (You should enter a valid email address in order to receive the link to your poll) " ) . '</p></div>' ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2014-09-04 17:52:18 +02:00
/*
* Préparation en fonction des paramètres de session
*/
2011-05-15 03:56:54 +02:00
2014-09-04 17:52:18 +02:00
// REMOTE_USER ?
2011-12-29 20:32:33 +01:00
if ( USE_REMOTE_USER && isset ( $_SERVER [ 'REMOTE_USER' ])) {
2014-09-04 17:52:18 +02:00
$input_name = '<input type="hidden" name="nom" value="' . $_SESSION [ " nom " ] . '" />' . stripslashes ( $_SESSION [ " nom " ]);
2011-05-15 03:56:54 +02:00
} else {
2014-09-04 17:52:18 +02:00
$input_name = '<input id="yourname" type="text" name="nom" class="form-control" ' . $errors [ 'name' ][ 'aria' ] . ' maxlength="40" value="' . stripslashes ( $_SESSION [ " nom " ]) . '" />' ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2014-09-04 17:52:18 +02:00
if ( USE_REMOTE_USER && isset ( $_SERVER [ 'REMOTE_USER' ])) {
$input_email = '<input type="hidden" name="adresse" value="' . $_SESSION [ " adresse " ] . '">' . $_SESSION [ " adresse " ];
} else {
$input_email = '<input id="email" type="text" name="adresse" class="form-control" ' . $errors [ 'email' ][ 'aria' ] . ' maxlength="64" value="' . $_SESSION [ " adresse " ] . '" />' ;
2011-05-15 01:32:47 +02:00
}
2014-09-04 17:52:18 +02:00
// Checkbox checked ?
if ( ! $_SESSION [ " studsplus " ] && ! Utils :: issetAndNoEmpty ( 'creation_sondage_date' ) && ! Utils :: issetAndNoEmpty ( 'creation_sondage_autre' )) {
$_SESSION [ " studsplus " ] = " + " ;
2011-05-15 03:56:54 +02:00
}
if ( $_SESSION [ " studsplus " ] == " + " ) {
2014-09-04 17:52:18 +02:00
$cocheplus = " checked " ;
2011-05-15 03:56:54 +02:00
}
2011-05-15 01:32:47 +02:00
2011-05-15 03:56:54 +02:00
if ( $_SESSION [ " mailsonde " ]) {
2014-09-04 17:52:18 +02:00
$cochemail = " checked " ;
2011-05-15 03:56:54 +02:00
}
2014-09-04 17:52:18 +02:00
// Affichage du formulaire
echo '
< div class = " row " >
< div class = " col-md-6 col-md-offset-3 " >
< form name = " formulaire " id = " formulaire " action = " ' . Utils::get_server_name() . 'infos_sondage.php " method = " POST " class = " form-horizontal " role = " form " >
< div class = " alert alert-info " >
< p > '. _("You are in the poll creation section.").' < br /> '._("Required fields cannot be left blank.") .' </ p >
</ div >
< div class = " form-group'. $errors['title'] ['class'].' " >
< label for = " poll_title " class = " col-sm-5 control-label " > ' . _("Poll title") . ' *</ label >
< div class = " col-sm-7 " >
< input id = " poll_title " type = " text " name = " titre " class = " form-control " '.$errors[' title '][' aria '].' maxlength = " 80 " value = " '.stripslashes( $_SESSION["titre"] ).' " />
</ div >
</ div >
'.$errors[' title '][' msg '].'
< div class = " form-group'. $errors['description'] ['class'].' " >
< label for = " poll_comments " class = " col-sm-5 control-label " > '. _("Description") .' </ label >
< div class = " col-sm-7 " >
< textarea id = " poll_comments " name = " commentaires " class = " form-control " '.$errors[' description '][' aria '].' rows = " 5 " > '.stripslashes($_SESSION["commentaires"]).' </ textarea >
</ div >
</ div >
'.$errors[' description '][' msg '].'
< div class = " form-group'. $errors['name'] ['class'].' " >
< label for = " yourname " class = " col-sm-5 control-label " > '. _("Your name") .' *</ label >
< div class = " col-sm-7 " >
'.$input_name.'
</ div >
</ div >
'.$errors[' name '][' msg '].'
< div class = " form-group'. $errors['email'] ['class'].' " >
< label for = " email " class = " col-sm-5 control-label " > '. _("Your email address") .' *</ label >
< div class = " col-sm-7 " >
'.$input_email.'
</ div >
</ div >
'.$errors[' email '][' msg '].'
< div class = " form-group " >
< div class = " col-sm-offset-1 col-sm-11 " >
< div class = " checkbox " >
< label >
< input type = checkbox name = studsplus '.$cocheplus.' id = " studsplus " > '. _("Voters can modify their vote themselves.") .'
</ label >
</ div >
</ div >
</ div >
< div class = " form-group " >
< div class = " col-sm-offset-1 col-sm-11 " >
< div class = " checkbox " >
< label >
< input type = checkbox name = mailsonde '.$cochemail.' id = " mailsonde " > '. _("To receive an email for each new vote.") .'
</ label >
</ div >
</ div >
</ div >
< p class = " text-right " >
< input type = " hidden " name = " choix_sondage " value = " '. $choix_sondage .' " />
< button name = " poursuivre " value = " '. $choix_sondage .' " type = " submit " class = " btn btn-success " > '. _(' Next ') . ' </ button >
</ p >
< script type = " text/javascript " > document . formulaire . titre . focus (); </ script >
</ form >
</ div >
</ div > ' ;
2011-06-23 01:21:56 +02:00
2011-05-15 01:32:47 +02:00
//bandeau de pied
bandeau_pied ();