00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 {
00004 header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005 echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006 echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007 exit(1);
00008 }
00035
00036
00037
00038
00039
00040
00041
00042
00043
00044 global $sourceFolder;
00045 global $moduleFolder;
00046 require_once("$sourceFolder/$moduleFolder/form/editform.php");
00047 require_once("$sourceFolder/$moduleFolder/form/editformelement.php");
00048 require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php");
00049 require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php");
00050 require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php");
00051
00052 class form implements module, fileuploadable {
00053 private $userId;
00054 private $moduleComponentId;
00055 private $action;
00056
00057 public function getHtml($gotuid, $gotmoduleComponentId, $gotaction) {
00058 $this->userId = $gotuid;
00059 $this->moduleComponentId = $gotmoduleComponentId;
00060 $this->action = $gotaction;
00061
00062 if($this->action=="view")
00063 return $this->actionView();
00064 if($this->action=="editform")
00065 return $this->actionEditform();
00066 if($this->action=="viewregistrants")
00067 return $this->actionViewregistrants();
00068 if($this->action=="editregistrants")
00069 return $this->actionEditregistrants();
00070 if($this->action=="reports")
00071 return $this->actionReports();
00072
00073
00074
00075
00076
00077
00078
00079
00080
00081 }
00082
00083
00084 public static function getFileAccessPermission($pageId,$moduleComponentId,$userId, $fileName) {
00085
00086 if(getPermissions($userId,$pageId,"editregistrants")||getPermissions($userId,$pageId,"viewregistrants")) {
00087 return true;
00088 }
00089 $uploadedQuery = "SELECT `d.form_elementdata`
00090 FROM `form_elementdata` d
00091 JOIN `form_elementdesc` e ON (`d.page_modulecomponentid` = `e.page_modulecomponentid`
00092 AND d.form_elementid = e.form_elementid )
00093 WHERE `d.page_modulecomponentid` = $moduleComponentId AND `d.user_id` = $userId AND `d.form_elementdata` = \"$fileName\"";
00094 $uploadedResult = mysql_query($uploadedQuery) or displayerror(mysql_error() . "form.lib L:181");
00095 if(mysql_num_rows($uploadedResult)>0 && getPermissions($userId, $pageId, "view"))
00096 return true;
00097 else return false;
00098 }
00099
00100 public static function getUploadableFileProperties(&$fileTypesArray,&$maxFileSizeInBytes) {
00101 $fileTypesArray = array('jpg','jpeg','png','doc','pdf','gif','bmp','css','js','html','xml','ods','odt','oft','pps','ppt','tex','tiff','txt','chm','mp3','mp2','wave','wav','mpg','ogg','mpeg','wmv','wma','wmf','rm','avi','gzip','gz','rar','bmp','psd','bz2','tar','zip','swf','fla','flv','eps','xcf','xls','exe','7z');
00102 $maxFileSizeInBytes = 30*1024*1024;
00103 }
00104
00105 public function actionView() {
00114 global $sourceFolder; global $moduleFolder;
00115
00116 $formDescQuery='SELECT `form_loginrequired`, `form_expirydatetime`, (NOW() >= `form_expirydatetime`) AS `form_expired`, `form_sendconfirmation`, ' .
00117 '`form_usecaptcha`, `form_allowuseredit`, `form_allowuserunregister` ' .
00118 'FROM `form_desc` WHERE `page_modulecomponentid`='.$this->moduleComponentId;
00119 $formDescResult=mysql_query($formDescQuery);
00120 if (!$formDescResult) {
00121 displayerror('E69 : Invalid query: ' . mysql_error());
00122 return '';
00123 }
00124 $formDescRow = mysql_fetch_assoc($formDescResult);
00125
00126 if($formDescRow['form_loginrequired'] == 1) {
00127 if($this->userId <= 0) {
00128 displayerror('You must be logged in to fill this form. <a href="./+login">Click here</a> to login.');
00129 return '';
00130 }
00132 else if(!verifyUserProfileFilled($this->userId)) {
00133 displayinfo('Your profile information is incomplete. Please complete your profile information before filling this form. <a href="./+profile">Click here</a> to complete your profile.');
00134 return '';
00135 }
00136 }
00137
00138 if($formDescRow['form_expired'] != 0 && $formDescRow['form_expirydatetime']!="0000-00-00 00:00:00") {
00139 displayerror('The last date to register to this form ('.$formDescRow['form_expirydatetime'].') is over.');
00140 return '';
00141 }
00142
00143 if($formDescRow['form_allowuseredit']==0 && verifyUserRegistered($this->moduleComponentId,$this->userId)) {
00144 displayerror('You have already registered to this form once. You cannot register again. Contact the administrator for further queries.');
00145 return '';
00146 }
00147
00148
00149 if(isset($_POST['submitreg_form_'.$this->moduleComponentId]))
00150 submitRegistrationForm($this->moduleComponentId,$this->userId);
00151
00152 if($formDescRow['form_allowuserunregister'] == 1 && isset($_GET['subaction'])&&($_GET['subaction']=="unregister"))
00153 unregisterUser($this->moduleComponentId,$this->userId);
00154
00155 $unregisterBody = '';
00156 if($formDescRow['form_allowuserunregister'] == 1 && verifyUserRegistered($this->moduleComponentId, $this->userId)) {
00157 $unregisterBody =
00158 '<br /><p>If you wish to unregister from this form, click here : <input type="button" ' .
00159 'value = "Unregister" onclick="if(confirm(\'Are you sure you want to unregister from this form?\')) window.location=\'./&subaction=unregister\';" />';
00160 }
00161
00162 return generateRegistrationForm($this->moduleComponentId,$this->userId).$unregisterBody;
00163 }
00164
00170 public static function getRegisteredUserArray($moduleComponentId) {
00171 $userQuery = "SELECT `user_id` FROM `form_regdata` WHERE `page_modulecomponentid` = $moduleComponentId";
00172 $userResult = mysql_query($userQuery);
00173 $registeredUsers = array();
00174 while($userRow = mysql_fetch_row($userResult))
00175 $registeredUsers[] = $userRow[0];
00176 return $registeredUsers;
00177 }
00178
00179 public static function getRegisteredUserCount($moduleComponentId) {
00180 $userQuery = "SELECT COUNT(`user_id`) FROM `form_regdata` WHERE `page_modulecomponentid` = $moduleComponentId";
00181 $userResult = mysql_query($userQuery);
00182 $userRow = mysql_fetch_row($userResult);
00183 return $userRow[0];
00184 }
00185
00186 public static function isGroupAssociable($moduleComponentId) {
00187 $validQuery = 'SELECT `form_loginrequired`, `form_allowuserunregister` FROM `form_desc` WHERE `page_modulecomponentid` = ' . $moduleComponentId;
00188 $validResult = mysql_query($validQuery);
00189 $validRow = mysql_fetch_row($validResult);
00190
00191 if(!$validResult || !$validRow) {
00192 displayerror('Error trying to retrieve data from the database: form.lib.php:L163');
00193 return false;
00194 }
00195
00196 return $validRow[0];
00197 }
00198
00202 public function actionEditform() {
00203 global $sourceFolder; global $moduleFolder;
00204 if(
00205 isset($_GET['subaction']) && $_GET['subaction'] == 'editformelement' &&
00206 isset($_POST['elementid']) && ctype_digit($_POST['elementid']) &&
00207 isset($_POST['txtElementDesc']) && isset($_POST['selElementType']) &&
00208 isset($_POST['txtToolTip']) && isset($_POST['txtElementName'])
00209 )
00210 submitEditFormElementDescData($this->moduleComponentId,escape($_POST['elementid']));
00211 if(
00212 isset($_GET['subaction']) && ($_GET['subaction']=='editformelement')&&
00213 isset($_GET['elementid']) && ctype_digit($_GET['elementid'])
00214 )
00215 return generateEditFormElementDescBody($this->moduleComponentId,escape($_GET['elementid']));
00216 if(isset($_POST['addformelement_descsubmit']))
00217 addDefaultFormElement($this->moduleComponentId);
00218 if(isset($_GET['subaction'])&&($_GET['subaction']=='deleteformelement')&&isset($_GET['elementid']))
00219 deleteFormElement($this->moduleComponentId,escape($_GET['elementid']));
00220 if(isset($_GET['subaction'])&&(($_GET['subaction']=='moveUp')||($_GET['subaction']=='moveDown'))&&isset($_GET['elementid']))
00221 moveFormElement($this->moduleComponentId,escape($_GET['subaction']),escape($_GET['elementid']));
00222
00223 $html = generateFormDescBody($this->moduleComponentId).generateFormElementDescBody($this->moduleComponentId);
00224 global $ICONS;
00225 return "<fieldset><legend>{$ICONS['Form Edit']['small']}Edit Form</legend>$html</fieldset>";
00226 }
00227
00228 public function actionViewregistrants() {
00229 global $sourceFolder, $moduleFolder;
00230
00231 $sortField = 'registrationdate';
00232 $sortOrder = 'asc';
00233 if(isset($_GET['sortfield']))
00234 $sortField = escape($_GET['sortfield']);
00235 if(isset($_GET['sortorder']) && ($_GET['sortorder'] == 'asc' || $_GET['sortorder'] == 'desc'))
00236 $sortOrder = escape($_GET['sortorder']);
00237 global $ICONS;
00238 $html= generateFormDataTable($this->moduleComponentId, $sortField, $sortOrder);
00239 return "<fieldset><legend>{$ICONS['Form Registrants']['small']}View Form Registrants</legend>$html</fieldset>";
00240 }
00241
00242 public function actionEditregistrants() {
00259 global $sourceFolder, $moduleFolder;
00260
00261 if(isset($_GET['subaction']) && isset($_GET['useremail'])) {
00262 if($_GET['subaction'] == 'edit') {
00263 if(isset($_POST['submitreg_form_' . $this->moduleComponentId])) {
00264 submitRegistrationForm($this->moduleComponentId, getUserIdFromEmail(escape($_GET['useremail'])), true, true);
00265 }
00266
00267 return (
00268 '<a href="./+editregistrants">« Back</a><br />' .
00269 generateRegistrationForm($this->moduleComponentId, $this->userId, './+editregistrants&subaction=edit&useremail=' . escape($_GET['useremail']), true) .
00270 '<br /><a href="./+editregistrants">« Back</a><br />'
00271 );
00272 }
00273 elseif($_GET['subaction'] == 'delete') {
00274 if($_GET['useremail']=="Anonymous")
00275 $userIdTemp = escape($_GET['registrantid']);
00276 else
00277 $userIdTemp = getUserIdFromEmail(escape($_GET['useremail']));
00278 if(!unregisterUser($this->moduleComponentId, $userIdTemp))
00279 displayerror('Error! User with the given e-mail ' . escape($_GET['useremail']) . ' was not found.');
00280 }
00281 }
00282 elseif(isset($_GET['subaction']) && $_GET['subaction'] == 'getsuggestions' && isset($_GET['forwhat'])) {
00283 echo $this->getUnregisteredUsersFromPattern(escape($_GET['forwhat']));
00284 disconnect();
00285 exit();
00286 }
00287 elseif(isset($_POST['btnAddUserToForm']) && isset($_POST['useremail'])) {
00288 $hyphenPos = strpos($_POST['useremail'], '-');
00289 if($hyphenPos >= 0) {
00290 $userEmail = escape(trim(substr($_POST['useremail'], 0, $hyphenPos - 1)));
00291 }
00292 else {
00293 $userEmail = escape($_POST['useremail']);
00294 }
00295
00296 $targetUserId = getUserIdFromEmail($userEmail);
00297 if($targetUserId > 0) {
00298 if(verifyUserRegistered($this->moduleComponentId, $targetUserId)) {
00299 displayerror('The given user is already registered to this form.');
00300 }
00301 else {
00302 registerUser($this->moduleComponentId, $targetUserId);
00303 }
00304 }
00305 else {
00306 displayerror('A user registered with the e-mail ID you entered was not found.');
00307 }
00308 }
00309 elseif(isset($_POST['btnEmptyRegistrants'])) {
00310 $registeredUsers = form::getRegisteredUserArray($this->moduleComponentId);
00311 $registeredUserCount = count($registeredUsers);
00312 for($i = 0; $i < $registeredUserCount; $i++) {
00313 unregisterUser($this->moduleComponentId, $registeredUsers[$i], true);
00314 }
00315 displayinfo('All registrations to this form have been deleted.');
00316 }
00317
00318 $sortField = 'registrationdate';
00319 $sortOrder = 'asc';
00320 if(isset($_GET['sortfield']))
00321 $sortField = escape($_GET['sortfield']);
00322 if(isset($_GET['sortorder']) && ($_GET['sortorder'] == 'asc' || $_GET['sortorder'] == 'desc'))
00323 $sortOrder = escape($_GET['sortorder']);
00324 global $ICONS;
00325 $html= generateFormDataTable($this->moduleComponentId, $sortField, $sortOrder, 'editregistrants');
00326 return "<fieldset><legend>{$ICONS['Form Registrants']['small']}Edit Form Registrants</legend>$html</fieldset>";
00327 }
00328
00329 public function actionReports() {
00330 global $userId,$urlRequestRoot;
00331 $query = "SELECT `page_id`, `page_modulecomponentid` FROM `".MYSQL_DATABASE_PREFIX."pages` WHERE `page_module`='form'";
00332 $resource = mysql_query($query);
00333 $report=<<<CSS
00334 <style type="text/css">
00335
00336 #reports tbody tr.even td {
00337 background-color: #f0f8ff;
00338 color: #000;
00339 }
00340 #reports tbody tr td a, a:link, a:visited {
00341 color: #000;
00342 }
00343 #reports tbody tr.odd td {
00344 background-color: #fff;color: #000;
00345 }
00346 </style>
00347 CSS;
00348 $report .='<table id="reports"><tbody><tr><td>Form</td><td>No. of registrants</td></tr>';
00349 $class = 'even';
00350 while($result = mysql_fetch_assoc($resource)) {
00351 $permission = getPermissions($userId,$result[page_id],'viewRegistrant','form');
00352 if($permission) {
00353 $pageId = $result['page_id'];
00354 $parentPageId = getParentPage($pageId);
00355 $parentTitle = getPageTitle($parentPageId);
00356 $formTitle = getPageTitle($pageId);
00357 $formInfo = $parentTitle.'_'.$formTitle;
00358 $formPath = getPagePath($pageId);
00359 $query = "SELECT count(distinct(`user_id`)) FROM `form_regdata` WHERE `page_modulecomponentid`=$result[page_modulecomponentid]";
00360 $resource2 = mysql_query($query) ;
00361 $result2 = mysql_fetch_row($resource2);
00362
00363 if(!strpos($formPath,'qaos'))
00364 {
00365 if($class=='even')
00366 {
00367 $class='odd';
00368 }
00369 else {
00370 $class = 'even';
00371 }
00372 $report .= "<tr class=\"$class\"><td><a href=\"$urlRequestRoot$formPath\">$formInfo</a></td><td>$result2[0]</td></tr>";
00373 }
00374 }
00375 }
00376 $report .='</tbody></table>';
00377 return $report;
00378 }
00379
00380 private function getUnregisteredUsersFromPattern($pattern) {
00381 $registeredUserArray = form::getRegisteredUserArray($this->moduleComponentId);
00382 if(count($registeredUserArray) > 0) {
00383 $registeredUserArray = implode(',', $registeredUserArray);
00384 }
00385 else {
00386 $registeredUserArray = '0';
00387 }
00388 $suggestionsQuery = "SELECT IF(`user_email` LIKE \"$pattern%\", 1, " .
00389 "IF(`user_fullname` LIKE \"$pattern%\", 2, " .
00390 "IF(`user_fullname` LIKE \"% $pattern%\", 3, " .
00391 "IF(`user_email` LIKE \"%$pattern%\", 4, " .
00392 "IF(`user_fullname` LIKE \"%$pattern%\", 5, 6" .
00393 "))))) AS `relevance`, `user_email`, `user_fullname` FROM `".MYSQL_DATABASE_PREFIX."users` WHERE " .
00394 "`user_activated` = 1 AND (`user_email` LIKE \"%$pattern%\" OR `user_fullname` LIKE \"%$pattern%\") " .
00395 "AND `user_id` NOT IN ($registeredUserArray) ORDER BY `relevance`";
00396 $suggestionsResult = mysql_query($suggestionsQuery);
00397 if(!$suggestionsResult) return $pattern;
00398
00399 $suggestions = array($pattern);
00400 while($suggestionsRow = mysql_fetch_row($suggestionsResult)) {
00401 $suggestions[] = $suggestionsRow[1] . ' - ' . $suggestionsRow[2];
00402 }
00403
00404 return join($suggestions, ',');
00405 }
00406
00407 public function createModule(&$moduleComponentId) {
00408 global $sourceFolder, $moduleFolder;
00409 $query = 'SELECT MAX(`page_modulecomponentid`) FROM `form_desc`';
00410 $result = mysql_query($query) or die(mysql_error() . 'form.lib L:149');
00411 $row = mysql_fetch_row($result);
00412 $compId = $row[0] + 1;
00413 $query = "INSERT INTO `form_desc` (`page_modulecomponentid`, `form_heading`,`form_loginrequired`,`form_headertext`)
00414 VALUES ('".$compId."', '',1,'Coming up Soon');";
00415 $result = mysql_query($query) or die(mysql_error()."form.lib L:157");
00416 if (mysql_affected_rows()) {
00417 $moduleComponentId = $compId;
00418 addDefaultFormElement($moduleComponentId);
00419 return true;
00420 } else
00421 return false;
00422 }
00423
00424 public function deleteModule($moduleComponentId){
00425 $query = "DELETE FROM `form_elementdata` WHERE `form_elementdata`.`page_modulecomponentid` =$moduleComponentId";
00426 $result = mysql_query($query);
00427 $query = "DELETE FROM `form_regdata` WHERE `form_regdata`.`page_modulecomponentid` =$moduleComponentId";
00428 $result = mysql_query($query);
00429 $query = "DELETE FROM `form_elementdesc` WHERE `form_elementdesc`.`page_modulecomponentid` =$moduleComponentId";
00430 $result = mysql_query($query);
00431 $query = "DELETE FROM `form_desc` WHERE `form_desc`.`page_modulecomponentid` =$moduleComponentId";
00432 $result = mysql_query($query);
00433 if ((mysql_affected_rows()) >= 1)
00434 return true;
00435 else{
00436 displayerror("There was some error in deleting the module");
00437 return false;
00438 }
00439 }
00440
00441 public function copyModule($moduleComponentId){
00442
00443 $query = "SELECT MAX(`page_modulecomponentid`) as MAX FROM `form_desc` ";
00444 $result = mysql_query($query) or displayerror(mysql_error() . "form.lib L:181");
00445 $row = mysql_fetch_assoc($result);
00446 $compId = $row['MAX'] + 1;
00447
00448
00449 $query = "SELECT * FROM `form_desc` WHERE `page_modulecomponentid`=$moduleComponentId";
00450 $result = mysql_query($query);
00451 while($formdesc_content = mysql_fetch_assoc($result)){
00452 $formdesc_query="INSERT INTO `form_desc` (`page_modulecomponentid` ,`form_heading` ,`form_loginrequired` ,`form_headertext` ,`form_footertext` ,`form_expirydatetime` ,`form_sendconfirmation` ,`form_usecaptcha` ,`form_allowuseredit` ,`form_allowuserunregister` ,`form_showuseremail` ,`form_showuserfullname` ,`form_showuserprofiledata`,`form_showregistrationdate` ,`form_showlastupdatedate`) VALUES ($compId, '".mysql_escape_string($formdesc_content['form_heading'])."', '".mysql_escape_string($formdesc_content['form_loginrequired'])."', '".mysql_escape_string($formdesc_content['form_headertext'])."', '".mysql_escape_string($formdesc_content['form_footertext'])."' , '".mysql_escape_string($formdesc_content['form_expirydatetime'])."' , '".mysql_escape_string($formdesc_content['form_sendconfirmation'])."', '".mysql_escape_string($formdesc_content['form_usecaptcha'])."', '".mysql_escape_string($formdesc_content['form_allowuseredit'])."', '".mysql_escape_string($formdesc_content['form_allowuserunregister'])."', '".mysql_escape_string($formdesc_content['form_showuseremail'])."', '".mysql_escape_string($formdesc_content['form_showuserfullname'])."', '".mysql_escape_string($formdesc_content['form_showuserprofiledata'])."', '".mysql_escape_string($formdesc_content['form_showregistrationdate'])."', '".mysql_escape_string($formdesc_content['form_showlastupdatedate'])."')";
00453 mysql_query($formdesc_query) or displayerror(mysql_error()."form.lib L:183");
00454 }
00455
00456
00457 $query = "SELECT * FROM `form_elementdesc` WHERE `page_modulecomponentid`=$moduleComponentId";
00458 $result = mysql_query($query);
00459 $rows = mysql_num_rows($result);
00460
00461 while($formelementdesc_content = mysql_fetch_assoc($result)){
00462 $elementdesc_query = "INSERT INTO `form_elementdesc` (`page_modulecomponentid` ,`form_elementid` ,`form_elementname` ,`form_elementdisplaytext` ,`form_elementtype` ,`form_elementsize` ,`form_elementtypeoptions` ,`form_elementdefaultvalue` ,`form_elementmorethan` ,`form_elementlessthan` ,`form_elementcheckint` ,`form_elementtooltiptext` ,`form_elementisrequired` ,`form_elementrank`)VALUES ('$compId', '".mysql_escape_string($formelementdesc_content['form_elementid'])."', '".mysql_escape_string($formelementdesc_content['form_elementname'])."', '".mysql_escape_string($formelementdesc_content['form_elementdisplaytext'])."', '".mysql_escape_string($formelementdesc_content['form_elementtype'])."', '".mysql_escape_string($formelementdesc_content['form_elementsize'])."', '".mysql_escape_string($formelementdesc_content['form_elementtypeoptions'])."' , '".mysql_escape_string($formelementdesc_content['form_elementdefaultvalue'])."' , '".mysql_escape_string($formelementdesc_content['form_elementmorethan'])."' , '".mysql_escape_string($formelementdesc_content['form_elementlessthan'])."' , '".mysql_escape_string($formelementdesc_content['form_elementcheckint'])."', '".mysql_escape_string($formelementdesc_content['form_elementtooltiptext'])."', '".mysql_escape_string($formelementdesc_content['form_elementisrequired'])."', '".mysql_escape_string($formelementdesc_content['form_elementrank'])."')";
00463 mysql_query($elementdesc_query) or displayerror(mysql_error()."form.lib L:196");
00464 $rows -= mysql_affected_rows();
00465 }
00466 if($rows!=0)
00467 return false;
00468
00471
00472
00473
00474
00475
00476
00477
00478
00479
00480
00481
00482
00483
00484
00485
00486
00487
00488
00489
00490
00491
00492
00493
00494
00495
00496 return $compId;
00497 }
00498 }
00499