is_date) { require_once('exportics.php'); } die(); } // quand on ajoute un commentaire utilisateur if(isset($_POST['ajoutcomment']) || isset($_POST['ajoutcomment_x'])) { if (isset($_SESSION['nom']) && issetAndNoEmpty('commentuser') === false) { // Si le nom vient de la session, on le de-htmlentities $comment_user = html_entity_decode($_SESSION['nom'], ENT_QUOTES, 'UTF-8'); } elseif(issetAndNoEmpty('commentuser')) { $comment_user = $_POST["commentuser"]; } elseif(isset($_POST["commentuser"])) { $err |= COMMENT_USER_EMPTY; } else { $comment_user = _('anonyme'); } if(issetAndNoEmpty('comment') === false) { $err |= COMMENT_EMPTY; } if (isset($_POST["comment"]) && !is_error(COMMENT_EMPTY) && !is_error(NO_POLL) && !is_error(COMMENT_USER_EMPTY)) { // protection contre les XSS : htmlentities $comment = htmlentities($_POST['comment'], ENT_QUOTES, 'UTF-8'); $comment_user = htmlentities($comment_user, ENT_QUOTES, 'UTF-8'); $sql = 'INSERT INTO comments (id_sondage, comment, usercomment) VALUES ('. $connect->Param('id_sondage').','. $connect->Param('comment').','. $connect->Param('comment_user').')'; $sql = $connect->Prepare($sql); $comments = $connect->Execute($sql, array($numsondage, $comment, $comment_user)); if ($comments === false) { $err |= COMMENT_INSERT_FAILED; } } } // Action quand on clique le bouton participer $sql = 'SELECT * FROM user_studs WHERE id_sondage='.$connect->Param('numsondage').' ORDER BY id_users'; $sql = $connect->Prepare($sql); $user_studs = $connect->Execute($sql, array($numsondage)); $nbcolonnes = substr_count($dsondage->sujet, ',') + 1; if (!is_error(NO_POLL) && (isset($_POST["boutonp"]) || isset($_POST["boutonp_x"]))) { //Si le nom est bien entré if (issetAndNoEmpty('nom') === false) { $err |= NAME_EMPTY; } if(!is_error(NAME_EMPTY) && (!isset($_SERVER['REMOTE_USER']) || $_POST["nom"] == $_SESSION["nom"])) { $nouveauchoix = ''; for ($i=0;$i<$nbcolonnes;$i++) { // Si la checkbox est enclenchée alors la valeur est 1 if (isset($_POST["choix$i"]) && $_POST["choix$i"] == '1') { $nouveauchoix.="1"; } else { // sinon c'est 0 $nouveauchoix.="0"; } } $nom=substr($_POST["nom"],0,64); // protection contre les XSS : htmlentities $nom = htmlentities($nom, ENT_QUOTES, 'UTF-8'); while($user = $user_studs->FetchNextObject(false)) { if ($nom == $user->nom) { $err |= NAME_TAKEN; } } // Ecriture des choix de l'utilisateur dans la base if (!is_error(NAME_TAKEN) && !is_error(NAME_EMPTY)) { $sql = 'INSERT INTO user_studs (nom,id_sondage,reponses) VALUES ('. $connect->Param('nom').', '. $connect->Param('numsondage').', '. $connect->Param('nouveauchoix').')'; $sql = $connect->Prepare($sql); // Todo : Il faudrait lever une erreur en cas d'erreur d'insertion $connect->Execute($sql, array($nom, $numsondage, $nouveauchoix)); if ($dsondage->mailsonde || /* compatibility for non boolean DB */ $dsondage->mailsonde=="yes" || $dsondage->mailsonde=="true") { $headers="From: ".NOMAPPLICATION." <".ADRESSEMAILADMIN.">\r\nContent-Type: text/plain; charset=\"UTF-8\"\nContent-Transfer-Encoding: 8bit"; sendEmail( "$dsondage->mail_admin", "[".NOMAPPLICATION."] "._("Poll's participation")." : ".html_entity_decode($dsondage->titre, ENT_QUOTES, 'UTF-8')."", html_entity_decode("\"$nom\" ", ENT_QUOTES, 'UTF-8'). _("has filled a line.\nYou can find your poll at the link") . " :\n\n". getUrlSondage($numsondage)." \n\n" . _("Thanks for your confidence.") . "\n". NOMAPPLICATION, $headers ); } } } else { $err |= NAME_EMPTY; } } print_header(true, $dsondage->titre); echo '
'."\n"; framanav(); logo(); bandeau_tete(); bandeau_titre(_("Make your polls")); sous_bandeau(); #print_r($_SESSION); if($err != 0) { bandeau_titre(_("Error!")); echo '