4
* Copyright (C) 2007 The LimeSurvey Project Team / Carsten Schmitz
6
* License: GNU/GPL License v2 or later, see LICENSE.php
7
* LimeSurvey is free software. This version may have been modified pursuant
8
* to the GNU General Public License, and as distributed it includes or
9
* is derivative of works licensed under the GNU General Public License or
10
* other free or open source software licenses.
11
* See COPYRIGHT.php for copyright notices and details.
13
* $Id: assessments.php 5096 2008-06-18 08:28:32Z c_schmitz $
17
include_once("login_check.php");
18
if (!isset($surveyid)) {$surveyid=returnglobal('sid');}
19
if (!isset($action)) {$action=returnglobal('action');}
22
$actsurquery = "SELECT edit_survey_property FROM {$dbprefix}surveys_rights WHERE sid=$surveyid AND uid = ".$_SESSION['loginID']; //Getting rights for this survey
23
$actsurresult = $connect->Execute($actsurquery) or safe_die($connect->ErrorMsg());
24
$actsurrows = $actsurresult->FetchRow();
26
if($_SESSION['USER_RIGHT_SUPERADMIN'] == 1 || $actsurrows['edit_survey_property']){
28
if ($action == "assessmentadd") {
29
$inserttable=$dbprefix."assessments";
30
$query = $connect->GetInsertSQL($inserttable, array(
32
'scope' => $_POST['scope'],
33
'gid' => $_POST['gid'],
34
'minimum' => $_POST['minimum'],
35
'maximum' => $_POST['maximum'],
36
'name' => $_POST['name'],
37
'message' => $_POST['message'],
38
'link' => $_POST['link'] ));
39
$result=$connect->Execute($query) or safe_die("Error inserting<br />$query<br />".$connect->ErrorMsg());
40
} elseif ($action == "assessmentupdate") {
41
$query = "UPDATE {$dbprefix}assessments
42
SET scope='".db_quote($_POST['scope'])."',
43
gid=".sanitize_int($_POST['gid']).",
44
minimum='".sanitize_int($_POST['minimum'])."',
45
maximum='".sanitize_int($_POST['maximum'])."',
46
name='".db_quote($_POST['name'])."',
47
message='".db_quote($_POST['message'])."',
48
link='".db_quote($_POST['link'])."'
49
WHERE id=".sanitize_int($_POST['id']);
50
$result = $connect->Execute($query) or safe_die("Error updating<br />$query<br />".$connect->ErrorMsg());
51
} elseif ($action == "assessmentdelete") {
52
$query = "DELETE FROM {$dbprefix}assessments
53
WHERE id=".sanitize_int($_POST['id']);
54
$result=$connect->Execute($query);
57
$assessmentsoutput= "<table width='100%' border='0' >\n"
60
. "\t\t\t<table class='menubar'>\n"
62
. "\t\t\t\t<td colspan='2' height='8'>\n"
63
. "\t\t\t\t\t<strong>".$clang->gT("Assessments")."</strong></td></tr>\n";
65
$assessmentsoutput.= "\t<tr >\n"
67
. "\t\t\t<a href=\"#\" onclick=\"window.open('$scriptname?sid=$surveyid', '_top')\" onmouseout=\"hideTooltip()\" onmouseover=\"showTooltip(event,'".$clang->gT("Return to Survey Administration", "js")."');return false\">" .
68
"<img name='Administration' src='$imagefiles/home.png' title='' alt='' align='left' /></a>\n"
69
. "\t\t\t<img src='$imagefiles/blank.gif' alt='' width='11' border='0' hspace='0' align='left' />\n"
70
. "\t\t\t<img src='$imagefiles/seperator.gif' alt='' border='0' hspace='0' align='left' />\n"
73
$assessmentsoutput.= "</table>";
75
if ($surveyid == "") {
76
$assessmentsoutput.= $clang->gT("No SID Provided");
80
$assessments=getAssessments($surveyid);
81
//$assessmentsoutput.= "<pre>";print_r($assessments);echo "</pre>";
82
$groups=getGroups($surveyid);
83
$groupselect="<select name='gid'>\n";
84
foreach($groups as $group) {
85
$groupselect.="<option value='".$group['gid']."'>".$group['group_name']."</option>\n";
87
$groupselect .="</select>\n";
88
$headings=array($clang->gT("Scope"), $clang->gT("Group"), $clang->gT("Minimum"), $clang->gT("Maximum"), $clang->gT("Heading"), $clang->gT("Message"), $clang->gT("URL"));
89
$inputs=array("<select name='scope'><option value='T'>".$clang->gT("Total")."</option><option value='G'>".$clang->gT("Group")."</option></select>",
91
"<input type='text' name='minimum' />",
92
"<input type='text' name='maximum' />",
93
"<input type='text' name='name' size='80'/>",
94
"<textarea name='message' rows='10' cols='80'></textarea >",
95
"<input type='text' name='link' size='80' />");
96
$actiontitle=$clang->gT("Add");
97
$actionvalue="assessmentadd";
100
if ($action == "assessmentedit") {
101
$query = "SELECT * FROM {$dbprefix}assessments WHERE id=".sanitize_int($_POST['id']);
102
$results = db_execute_assoc($query);
103
while($row=$results->FetchRow()) {
106
$scopeselect = "<select name='scope'><option ";
107
if ($editdata['scope'] == "T") {$scopeselect .= "selected='selected' ";}
108
$scopeselect .= "value='T'>".$clang->gT("Total")."</option><option value='G'";
109
if ($editdata['scope'] == "G") {$scopeselect .= " selected='selected'";}
110
$scopeselect .= ">".$clang->gT("Group")."</option></select>";
111
$groupselect=str_replace("'".$editdata['gid']."'", "'".$editdata['gid']."' selected", $groupselect);
112
$inputs=array($scopeselect,
114
"<input type='text' name='minimum' value='".$editdata['minimum']."' />",
115
"<input type='text' name='maximum' value='".$editdata['maximum']."' />",
116
"<input type='text' name='name' size='80' value='".htmlentities(stripslashes($editdata['name']), ENT_QUOTES,'UTF-8')."'/>",
117
"<textarea name='message' rows='10' cols='80'>".htmlentities(stripslashes($editdata['message']), ENT_QUOTES,'UTF-8')."</textarea>",
118
"<input type='text' name='link' size='80' value='".$editdata['link']."' />");
119
$actiontitle=$clang->gT("Edit");
120
$actionvalue="assessmentupdate";
121
$thisid=$editdata['id'];
123
//$assessmentsoutput.= "<pre>"; print_r($edits); $assessmentsoutput.= "</pre>";
126
$assessmentsoutput.= "<br /><table align='center' width='90%'>
127
<tr><td colspan='12'>".$clang->gT("If you create any assessments in this page, for the currently selected survey, the assessment will be performed at the end of the survey after submission")."</th></tr>"
128
."<tr><th>ID</th><th>SID</th>\n";
129
foreach ($headings as $head) {
130
$assessmentsoutput.= "<th>$head</th>\n";
132
$assessmentsoutput.= "<th>".$clang->gT("Actions")."</th>";
133
$assessmentsoutput.= "</tr>\n";
135
foreach($assessments as $assess) {
136
$flipflop=!$flipflop;
137
if ($flipflop==true){$assessmentsoutput.= "<tr class='oddrow'>\n";}
138
else {$assessmentsoutput.= "<tr class='evenrow'>\n";}
139
$assessmentsoutput.= "<td>".$assess['id']."</td>\n";
140
$assessmentsoutput.= "<td>".$assess['sid']."</td>\n";
142
if ($assess['scope'] == "T") { $assessmentsoutput.= "<td>".$clang->gT("Total")."</td>\n"; }
143
else {$assessmentsoutput.= "<td>".$clang->gT("Group")."</td>\n"; }
145
$assessmentsoutput.= "<td>".$groups[$assess['gid']]['group_name']." (".$assess['gid'].")</td>\n";
147
$assessmentsoutput.= "<td>".$assess['minimum']."</td>\n";
148
$assessmentsoutput.= "<td>".$assess['maximum']."</td>\n";
149
$assessmentsoutput.= "<td>".stripslashes($assess['name'])."</td>\n";
150
$assessmentsoutput.= "<td>".stripslashes($assess['message'])."</td>\n";
151
$assessmentsoutput.= "<td>".stripslashes($assess['link'])."</td>\n";
153
$assessmentsoutput.= "<td>
155
<tr><td align='center'><form method='post' action='$scriptname?sid=$surveyid'>
156
<input type='submit' value='".$clang->gT("Edit")."' />
157
<input type='hidden' name='action' value='assessmentedit' />
158
<input type='hidden' name='id' value='".$assess['id']."' />
160
<td align='center'><form method='post' action='$scriptname?sid=$surveyid'>
161
<input type='submit' value='".$clang->gT("Delete")."' onclick='return confirm(\"".$clang->gT("Are you sure you want to delete this entry?","js")."\")' />
162
<input type='hidden' name='action' value='assessmentdelete' />
163
<input type='hidden' name='id' value='".$assess['id']."' />
169
$assessmentsoutput.= "</tr>\n";
171
$assessmentsoutput.= "</table>";
172
$assessmentsoutput.= "<br /><form method='post' name='assessmentsform' action='$scriptname?sid=$surveyid'><table align='center' cellspacing='0' border='0' class='form2columns'>\n";
173
$assessmentsoutput.= "<tr><th colspan='2'>$actiontitle</th></tr>\n";
176
foreach ($headings as $head) {
177
$assessmentsoutput.= "<tr><td>$head</td><td>".$inputs[$i]."</td></tr>\n";
180
$assessmentsoutput.= "<tr><th colspan='2' align='center'><input type='submit' value='".$clang->gT("Save")."' />\n";
181
if ($action == "assessmentedit") $assessmentsoutput.= " <input type='submit' value='".$clang->gT("Cancel")."' onclick=\"document.assessmentsform.action.value='assessments'\" />\n";
182
$assessmentsoutput.= "<input type='hidden' name='sid' value='$surveyid' />\n"
183
."<input type='hidden' name='action' value='$actionvalue' />\n"
184
."<input type='hidden' name='id' value='$thisid' />\n"
186
."</table></form></td></tr></table>\n";
190
$action = "assessment";
191
include("access_denied.php");
192
include("admin.php");
195
function getAssessments($surveyid) {
196
global $dbprefix, $connect;
197
$query = "SELECT id, sid, scope, gid, minimum, maximum, name, message, link
198
FROM ".db_table_name('assessments')."
199
WHERE sid='$surveyid'
200
ORDER BY scope, gid";
201
$result=db_execute_assoc($query) or safe_die("Error getting assessments<br />$query<br />".$connect->ErrorMsg());
203
while($row=$result->FetchRow()) {
209
function getGroups($surveyid) {
210
global $dbprefix, $connect;
211
$baselang = GetBaseLanguageFromSurveyID($surveyid);
212
$query = "SELECT gid, group_name
213
FROM ".db_table_name('groups')."
214
WHERE sid='$surveyid' and language='$baselang'
215
ORDER BY group_order";
216
$result = db_execute_assoc($query) or safe_die("Error getting groups<br />$query<br />".$connect->ErrorMsg());
218
while($row=$result->FetchRow()) {
219
$output[$row['gid']]=$row;