2011-05-15 01:32:47 +02:00
< ? php
2014-09-04 17:52:18 +02:00
/**
* This software is governed by the CeCILL - B license . If a copy of this license
* is not distributed with this file , you can obtain one at
* http :// www . cecill . info / licences / Licence_CeCILL - B_V1 - en . txt
*
* Authors of STUdS ( initial project ) : Guilhem BORGHESI ( borghesi @ unistra . fr ) and Raphaël DROZ
* Authors of Framadate / OpenSondate : Framasoft ( https :// github . com / framasoft )
*
2014-07-04 11:21:31 +02:00
* =============================
2014-09-04 17:52:18 +02:00
*
* Ce logiciel est régi par la licence CeCILL - B . Si une copie de cette licence
* ne se trouve pas avec ce fichier vous pouvez l ' obtenir sur
* http :// www . cecill . info / licences / Licence_CeCILL - B_V1 - fr . txt
*
2014-07-04 11:21:31 +02:00
* Auteurs de STUdS ( projet initial ) : Guilhem BORGHESI ( borghesi @ unistra . fr ) et Raphaël DROZ
2014-09-04 17:52:18 +02:00
* Auteurs de Framadate / OpenSondage : Framasoft ( https :// github . com / framasoft )
*/
namespace Framadate ;
2011-05-15 01:32:47 +02:00
2014-09-04 17:52:18 +02:00
include_once __DIR__ . '/app/inc/init.php' ;
2015-01-03 17:29:57 +01:00
2014-12-03 21:08:08 +01:00
if ( ! isset ( $_SESSION [ 'form' ])) {
$_SESSION [ 'form' ] = new Form ();
}
2014-09-04 17:52:18 +02:00
2011-05-15 03:56:54 +02:00
if ( file_exists ( 'bandeaux_local.php' )) {
2014-09-04 17:52:18 +02:00
include_once ( 'bandeaux_local.php' );
2011-05-15 03:56:54 +02:00
} else {
2014-09-04 17:52:18 +02:00
include_once ( 'bandeaux.php' );
}
2014-12-03 21:08:08 +01:00
// Type de sondage : <button value="$_SESSION['form']->choix_sondage">
2014-09-04 17:52:18 +02:00
if (( isset ( $_GET [ 'choix_sondage' ]) && $_GET [ 'choix_sondage' ] == 'date' ) ||
( isset ( $_POST [ " choix_sondage " ]) && $_POST [ " choix_sondage " ] == 'creation_sondage_date' )) {
$choix_sondage = " creation_sondage_date " ;
2014-12-03 21:08:08 +01:00
$_SESSION [ 'form' ] -> choix_sondage = $choix_sondage ;
2014-09-04 17:52:18 +02:00
} else {
$choix_sondage = " creation_sondage_autre " ;
2014-12-03 21:08:08 +01:00
$_SESSION [ 'form' ] -> choix_sondage = $choix_sondage ;
2011-05-15 03:56:54 +02:00
}
2011-05-15 01:32:47 +02:00
2011-05-15 05:03:10 +02:00
// On teste toutes les variables pour supprimer l'ensemble des warnings PHP
// On transforme en entites html les données afin éviter les failles XSS
2014-12-05 01:08:38 +01:00
$post_var = array ( 'poursuivre' , 'titre' , 'nom' , 'adresse' , 'commentaires' , 'editable' , 'receiveNewVotes' , 'creation_sondage_date' , 'creation_sondage_autre' );
2011-05-15 05:03:10 +02:00
foreach ( $post_var as $var ) {
2014-09-04 17:52:18 +02:00
if ( isset ( $_POST [ $var ]) === true ) {
$$var = htmlentities ( $_POST [ $var ], ENT_QUOTES , 'UTF-8' );
} else {
$$var = null ;
}
2011-05-15 05:03:10 +02:00
}
// On initialise également les autres variables
$erreur_adresse = false ;
$erreur_injection_titre = false ;
$erreur_injection_nom = false ;
$erreur_injection_commentaires = false ;
2011-05-15 01:32:47 +02:00
#tests
2014-12-06 19:42:01 +01:00
if ( ! empty ( $_POST [ 'poursuivre' ])){
2014-12-25 00:55:52 +01:00
$_SESSION [ 'form' ] -> title = $titre ;
$_SESSION [ 'form' ] -> admin_name = $nom ;
$_SESSION [ 'form' ] -> admin_mail = $adresse ;
$_SESSION [ 'form' ] -> description = $commentaires ;
2014-12-05 01:08:38 +01:00
$_SESSION [ 'form' ] -> editable = ( $editable !== null ) ? true : false ;
$_SESSION [ 'form' ] -> receiveNewVotes = ( $receiveNewVotes !== null ) ? true : false ;
2014-09-04 17:52:18 +02:00
2014-11-14 17:35:22 +01:00
if ( $config [ 'use_smtp' ] == true ){
if ( Utils :: isValidEmail ( $adresse ) === false ) {
$erreur_adresse = true ;
}
}
2013-03-05 10:58:01 +01:00
2014-09-04 17:52:18 +02:00
if ( preg_match ( ';<|>|";' , $titre )) {
$erreur_injection_titre = true ;
2013-03-05 10:58:01 +01:00
}
2014-09-04 17:52:18 +02:00
if ( preg_match ( ';<|>|";' , $nom )) {
$erreur_injection_nom = true ;
2013-03-05 10:58:01 +01:00
}
2014-09-04 17:52:18 +02:00
if ( preg_match ( ';<|>|";' , $commentaires )) {
$erreur_injection_commentaires = true ;
2013-03-05 10:58:01 +01:00
}
2014-09-04 17:52:18 +02:00
// Si pas d'erreur dans l'adresse alors on change de page vers date ou autre
2014-12-05 01:08:38 +01:00
if ( $config [ 'use_smtp' ] == true ){
2014-11-14 17:35:22 +01:00
$email_OK = $adresse && ! $erreur_adresse ;
} else {
$email_OK = true ;
}
2014-11-12 17:49:52 +01:00
if ( $titre && $nom && $email_OK && ! $erreur_injection_titre && ! $erreur_injection_commentaires && ! $erreur_injection_nom ) {
2014-09-04 17:52:18 +02:00
if ( $poursuivre == " creation_sondage_date " ) {
header ( " Location:choix_date.php " );
exit ();
}
2013-03-05 10:58:01 +01:00
2014-09-04 17:52:18 +02:00
if ( $poursuivre == " creation_sondage_autre " ) {
header ( " Location:choix_autre.php " );
exit ();
}
} else {
// Title Erreur !
Utils :: print_header ( _ ( " Error! " ) . ' - ' . _ ( " Poll creation (1 on 3) " ) );
}
2014-06-11 19:19:17 +02:00
} else {
2014-09-04 17:52:18 +02:00
// Title OK (formulaire pas encore rempli)
Utils :: print_header ( _ ( " Poll creation (1 on 3) " ) );
2011-05-15 01:32:47 +02:00
}
2014-09-04 17:52:18 +02:00
bandeau_titre ( _ ( " Poll creation (1 on 3) " ) );
2011-05-15 01:32:47 +02:00
2014-09-04 17:52:18 +02:00
/*
* Préparation des messages d ' erreur
*/
$errors = array (
'title' => array (
'msg' => '' ,
'aria' => '' ,
'class' => ''
),
'description' => array (
'msg' => '' ,
'aria' => '' ,
'class' => ''
),
'name' => array (
'msg' => '' ,
'aria' => '' ,
'class' => ''
),
'email' => array (
'msg' => '' ,
'aria' => '' ,
'class' => ''
)
);
2014-12-25 00:55:52 +01:00
if ( ! $_SESSION [ 'form' ] -> title && ! empty ( $_POST [ 'poursuivre' ])) {
2014-10-21 01:31:26 +02:00
$errors [ 'title' ][ 'aria' ] = 'aria-describeby="poll_title_error" ' ; $errors [ 'title' ][ 'class' ] = ' has-error' ;
2014-09-04 17:52:18 +02:00
$errors [ 'title' ][ 'msg' ] = '<div class="alert alert-danger" ><p id="poll_title_error">' . _ ( " Enter a title " ) . '</p></div>' ;
2011-05-15 03:56:54 +02:00
} elseif ( $erreur_injection_titre ) {
2014-10-21 01:31:26 +02:00
$errors [ 'title' ][ 'aria' ] = 'aria-describeby="poll_title_error" ' ; $errors [ 'title' ][ 'class' ] = ' has-error' ;
2014-09-04 17:52:18 +02:00
$errors [ 'title' ][ 'inject' ] = '<div class="alert alert-danger"><p id="poll_title_error">' . _ ( " Characters < > and \" are not permitted " ) . '</p></div>' ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
if ( $erreur_injection_commentaires ) {
2014-10-21 01:31:26 +02:00
$errors [ 'description' ][ 'aria' ] = 'aria-describeby="poll_comment_error" ' ; $errors [ 'description' ][ 'class' ] = ' has-error' ;
2014-09-04 17:52:18 +02:00
$errors [ 'description' ][ 'msg' ] = '<div class="alert alert-danger"><p id="poll_comment_error">' . _ ( " Characters < > and \" are not permitted " ) . '</p></div>' ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2014-12-25 00:55:52 +01:00
if ( ! $_SESSION [ 'form' ] -> admin_name && ! empty ( $_POST [ 'poursuivre' ])) {
2014-10-21 01:31:26 +02:00
$errors [ 'name' ][ 'aria' ] = 'aria-describeby="poll_name_error" ' ; $errors [ 'name' ][ 'class' ] = ' has-error' ;
2014-09-04 17:52:18 +02:00
$errors [ 'name' ][ 'msg' ] = '<div class="alert alert-danger"><p id="poll_name_error">' . _ ( " Enter a name " ) . '</p></div>' ;
} elseif ( $erreur_injection_nom ) {
2014-10-21 01:31:26 +02:00
$errors [ 'name' ][ 'aria' ] = 'aria-describeby="poll_name_error" ' ; $errors [ 'name' ][ 'class' ] = ' has-error' ;
2014-09-04 17:52:18 +02:00
$errors [ 'name' ][ 'msg' ] = '<div class="alert alert-danger"><p id="poll_name_error">' . _ ( " Characters < > and \" are not permitted " ) . '</p></div>' ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2014-12-25 00:55:52 +01:00
if ( ! $_SESSION [ 'form' ] -> admin_mail && ! empty ( $_POST [ 'poursuivre' ])) {
2014-10-21 01:31:26 +02:00
$errors [ 'email' ][ 'aria' ] = 'aria-describeby="poll_name_error" ' ; $errors [ 'email' ][ 'class' ] = ' has-error' ;
2014-09-04 17:52:18 +02:00
$errors [ 'email' ][ 'msg' ] = '<div class="alert alert-danger"><p id="poll_email_error">' . _ ( " Enter an email address " ) . '</p></div>' ;
2014-12-06 19:42:01 +01:00
} elseif ( $erreur_adresse && ! empty ( $_POST [ 'poursuivre' ])) {
2014-10-21 01:31:26 +02:00
$errors [ 'email' ][ 'aria' ] = 'aria-describeby="poll_email_error" ' ; $errors [ 'email' ][ 'class' ] = ' has-error' ;
2014-11-14 17:35:22 +01:00
$errors [ 'email' ][ 'msg' ] = '<div class="alert alert-danger"><p id="poll_email_error">' . _ ( " The address is not correct! You should enter a valid email address (like r.stallman@outlock.com) in order to receive the link to your poll. " ) . '</p></div>' ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2014-09-04 17:52:18 +02:00
/*
* Préparation en fonction des paramètres de session
*/
2011-05-15 03:56:54 +02:00
2014-09-04 17:52:18 +02:00
// REMOTE_USER ?
2011-12-29 20:32:33 +01:00
if ( USE_REMOTE_USER && isset ( $_SERVER [ 'REMOTE_USER' ])) {
2014-12-25 00:55:52 +01:00
$input_name = '<input type="hidden" name="nom" value="' . $_SESSION [ 'form' ] -> admin_name . '" />' . stripslashes ( $_SESSION [ 'form' ] -> admin_name );
2011-05-15 03:56:54 +02:00
} else {
2014-12-25 00:55:52 +01:00
$input_name = '<input id="yourname" type="text" name="nom" class="form-control" ' . $errors [ 'name' ][ 'aria' ] . ' value="' . stripslashes ( $_SESSION [ 'form' ] -> admin_name ) . '" />' ;
2011-05-15 01:32:47 +02:00
}
2011-05-15 03:56:54 +02:00
2014-09-04 17:52:18 +02:00
if ( USE_REMOTE_USER && isset ( $_SERVER [ 'REMOTE_USER' ])) {
2014-12-25 00:55:52 +01:00
$input_email = '<input type="hidden" name="adresse" value="' . $_SESSION [ 'form' ] -> admin_mail . '">' . $_SESSION [ 'form' ] -> admin_mail ;
2014-09-04 17:52:18 +02:00
} else {
2014-12-25 00:55:52 +01:00
$input_email = '<input id="email" type="text" name="adresse" class="form-control" ' . $errors [ 'email' ][ 'aria' ] . ' value="' . $_SESSION [ 'form' ] -> admin_mail . '" />' ;
2011-05-15 01:32:47 +02:00
}
2014-09-04 17:52:18 +02:00
// Checkbox checked ?
2014-12-05 01:08:38 +01:00
if ( $_SESSION [ 'form' ] -> editable ) {
$editable = 'checked' ;
2011-05-15 03:56:54 +02:00
}
2014-12-05 01:08:38 +01:00
if ( $_SESSION [ 'form' ] -> receiveNewVotes ) {
$receiveNewVotes = 'checked' ;
2011-05-15 03:56:54 +02:00
}
2011-05-15 01:32:47 +02:00
2014-12-05 01:08:38 +01:00
// Display form
2014-09-04 17:52:18 +02:00
echo '
< div class = " row " >
2014-11-06 15:20:03 +01:00
< div class = " col-md-8 col-md-offset-2 " >
2014-09-04 17:52:18 +02:00
< form name = " formulaire " id = " formulaire " action = " ' . Utils::get_server_name() . 'infos_sondage.php " method = " POST " class = " form-horizontal " role = " form " >
< div class = " alert alert-info " >
< p > '. _("You are in the poll creation section.").' < br /> '._("Required fields cannot be left blank.") .' </ p >
</ div >
< div class = " form-group'. $errors['title'] ['class'].' " >
2014-11-06 15:20:03 +01:00
< label for = " poll_title " class = " col-sm-4 control-label " > ' . _("Poll title") . ' *</ label >
< div class = " col-sm-8 " >
2014-12-25 00:55:52 +01:00
< input id = " poll_title " type = " text " name = " titre " class = " form-control " '.$errors[' title '][' aria '].' value = " '.stripslashes( $_SESSION['form'] ->title).' " />
2014-09-04 17:52:18 +02:00
</ div >
</ div >
'.$errors[' title '][' msg '].'
< div class = " form-group'. $errors['description'] ['class'].' " >
2014-11-06 15:20:03 +01:00
< label for = " poll_comments " class = " col-sm-4 control-label " > '. _("Description") .' </ label >
< div class = " col-sm-8 " >
2014-12-25 00:55:52 +01:00
< textarea id = " poll_comments " name = " commentaires " class = " form-control " '.$errors[' description '][' aria '].' rows = " 5 " > '.stripslashes($_SESSION[' form ']->description).' </ textarea >
2014-09-04 17:52:18 +02:00
</ div >
</ div >
'.$errors[' description '][' msg '].'
< div class = " form-group'. $errors['name'] ['class'].' " >
2014-11-06 15:20:03 +01:00
< label for = " yourname " class = " col-sm-4 control-label " > '. _("Your name") .' *</ label >
< div class = " col-sm-8 " >
2014-09-04 17:52:18 +02:00
'.$input_name.'
</ div >
</ div >
2014-11-12 17:49:52 +01:00
'.$errors[' name '][' msg ' ];
2014-11-14 17:35:22 +01:00
if ( $config [ 'use_smtp' ] == true ){
echo '
< div class = " form-group'. $errors['email'] ['class'].' " >
< label for = " email " class = " col-sm-4 control-label " > '. _("Your email address") .' *< br />< span class = " small " > '. _("(in the format name@mail.com)") .' </ span ></ label >
< div class = " col-sm-8 " >
'.$input_email.'
</ div >
</ div >
'.$errors[' email '][' msg ' ];
}
echo '
< div class = " form-group " >
2014-09-04 17:52:18 +02:00
< div class = " col-sm-offset-1 col-sm-11 " >
< div class = " checkbox " >
< label >
2014-12-05 01:08:38 +01:00
< input type = checkbox name = " editable " '.$editable.' id = " editable " > '. _("Voters can modify their vote themselves.") .'
2014-09-04 17:52:18 +02:00
</ label >
</ div >
</ div >
2014-11-12 17:49:52 +01:00
</ div > ' ;
2014-11-14 17:35:22 +01:00
if ( $config [ 'use_smtp' ] == true ){
echo ' < div class = " form-group " >
< div class = " col-sm-offset-1 col-sm-11 " >
< div class = " checkbox " >
< label >
2014-12-05 01:08:38 +01:00
< input type = checkbox name = " receiveNewVotes " '.$receiveNewVotes.' id = " receiveNewVotes " > '. _("To receive an email for each new vote.") .'
2014-11-14 17:35:22 +01:00
</ label >
</ div >
</ div >
</ div > ' ;
}
echo '
< p class = " text-right " >
2014-09-04 17:52:18 +02:00
< input type = " hidden " name = " choix_sondage " value = " '. $choix_sondage .' " />
2014-10-21 01:31:26 +02:00
< button name = " poursuivre " value = " '. $choix_sondage .' " type = " submit " class = " btn btn-success " title = " '. _('Go to step 2') . ' " > '. _(' Next ') . ' </ button >
2014-09-04 17:52:18 +02:00
</ p >
< script type = " text/javascript " > document . formulaire . titre . focus (); </ script >
</ form >
</ div >
</ div > ' ;
2011-06-23 01:21:56 +02:00
2011-05-15 01:32:47 +02:00
bandeau_pied ();