* @since 1.0 * @package MammutCMS * @subpackage Module */ class Survey extends SurveyBase { protected function getMyId() { return 'mcms.survey'; } public function runIndex(Request $request, Response $response, $activeInstance) { $system = \MCMS\System::getInstance(); $tplfile = __DIR__ . '/_layout_/_default_/' . 'tpl.' . $system->getTarget('action') . '.php'; // define the template file try { $template = new CTemplate(); $template->loadTemplate($tplfile); $template->setParam('title', 'Survey'); $template->setParam('self', $_SERVER['PHP_SELF']); $template->setParam('logoutLink', $_SERVER['PHP_SELF'] . '?mod=' . $activeInstance . '&view=logout'); $template->setParam('instance', $activeInstance); $template->setParam('isUser', !is_null($system->getUserSvc()->getUser())); $errors = array(-1 => 'Invalid login',-2 => 'Invalid password'); $template->setParam('error', !empty($_REQUEST['errno']) ? $errors[$_REQUEST['errno']] : false); $response->setFragment('CONTENT', $template->getDocument()); } catch(FileNotFoundException $ex) { $response->setFragment('CONTENT', "file is missing: " . $tplfile); } } public function runAdd(Request $request, Response $response, $activeInstance) { if ($users->get_admin_level($mod) > 0) { $db->query("INSERT INTO `{$mod}_poll` VALUES ('','{$_REQUEST['title']}','{$_REQUEST['question']}','{$_REQUEST['num_votes']}',0)"); if ($st = mysql_error()) die ($st); $pid = mysql_insert_id(); for ($i = 0; $i<10; $i++) if (trim($answer = $_REQUEST['answer'.$i])) $db->query("INSERT INTO `{$mod}_poll-option` VALUES ('','$pid','$answer')"); } header("Location: ".$_SERVER['PHP_SELF']."?module=$mod"); } public function runUpdate(Request $request, Response $response, $activeInstance) { if ($users->get_admin_level($mod) > 0) { $_REQUEST['id'] = (int)$_REQUEST['id']; $_REQUEST['title'] = mysql_escape_string($_REQUEST['title']); $_REQUEST['question'] = mysql_escape_string($_REQUEST['question']); $db->query("UPDATE `{$mod}_poll` SET `name`='{$_REQUEST['title']}',`question`='{$_REQUEST['question']}' WHERE `id`='{$_REQUEST['id']}'"); $error .= mysql_error(); foreach ($_REQUEST['answer'] as $id=>$value) { $value = mysql_escape_string($value); $db->query("UPDATE `{$mod}_poll-option` SET `name`='$value' WHERE `id`='$id'"); $error .= mysql_error(); } } if ($error == '') header("Location: ".$_SERVER['PHP_SELF']."?module=$mod&pid=".$_REQUEST['id']); else echo $error; } public function runDoVote() { $pid = $_REQUEST['pid']; $poll = $db->get_array("SELECT * FROM `{$mod}_poll` WHERE `id`='$pid'"); if (($db->get_count("SELECT * FROM `{$mod}_poll-voted` WHERE `uid`='{$users->user['id']}' AND `pid`='$pid'") == 0) && $users->user['id'] > 0) { if (count($_REQUEST['vote']) <= $poll['num_votes'] && count($_REQUEST['vote']) != 0) { foreach($_REQUEST['vote'] as $num) { $db->query("INSERT INTO `{$mod}_poll-voted` VALUES ('{$user['id']}','$pid','$num')"); echo mysql_error(); } } header("Location: ".$_SERVER['PHP_SELF']."?module=$mod&pid=$pid"); } else header("Location: ".$_SERVER['PHP_SELF']."?module=$mod&action=error&errno=65535"); } }