Home / 1.888.815.8599 Think Computer Foundation Logo  
Survey
$value) { if ($result = detectProblem($field, $value)) { array_push($problem[$i], $result); $issues++; } } } if ($issues) { if (isset($notify) && $notify) { $string = "Mail Injection Notification\n"; $string .= "---------------------------\n\n"; $string .= 'Attacker: ' . gethostbyaddr($_SERVER['REMOTE_ADDR']) . ' (' . $_SERVER['REMOTE_ADDR'] . ")\n"; $string .= 'Victim: ' . $_SERVER['HTTP_HOST'] . "\n"; $string .= 'Referring Page: ' . $_SERVER['HTTP_REFERER'] . "\n"; $string .= 'User Agent Signature: ' . $_SERVER['HTTP_USER_AGENT'] . "\n"; $string .= 'HTTP Request Method: ' . $_SERVER['REQUEST_METHOD'] . "\n"; $string .= 'HTTP Request URI: ' . $_SERVER['REQUEST_URI'] . "\n"; if (! $_SERVER['HTTP_USER_AGENT']) { $string .= "\n"; $string .= '[No HTTP User Agent Found.]'; } for ($i = 0; $i < count($scan); $i++) { if (count($problem[$i])) { $string .= "\n\n"; $string .= $display[$i] . ' Affected Fields: ' . implode(', ', $problem[$i]) . "\n"; $string .= $display[$i] . " Contents:\n\n"; $string .= "---\n\n"; $string .= print_r($scan[$i], TRUE) . "\n\n"; $string .= "---\n\n"; } } mail('Think Computer Corporation ', 'Mail Injection Notification', $string, "From: $notify"); } if ($issues) return FALSE; } return TRUE; } // SecondBase QA Functions function surveyError($questiontypeid) { switch ($questiontypeid) { case 2: case 3: case 4: case 6: return 'drop'; case 5: case 8: return 'checkbox'; case 9: return 'custom'; } return 'any'; } function total100($questionid, $numberChoices) { $total = 0; for ($i = 0; $i < $numberChoices; $i++) { $response = $_POST['question' . $questionid . '-' . ($i + 1)]; if (! $response) $_POST['question' . $questionid . '-' . ($i + 1)] = 0; if (! is_numeric($response) || $response < 0 || $response > 100) return 'Please make sure all of the boxes are filled with decimals between 0 and 100.'; $total += $response; } if ($total != 100) return "The total of these boxes must be 100%. The current total is $total%."; return TRUE; } function verifyAddress($value) { if (! $value || ! ereg("\@.*.\.", $value)) return translation('Please type in a valid e-mail address') . '.'; $result = query("SELECT `email` FROM `" . $_SESSION['peopletable'] . "` WHERE `email`='$value'"); if (mysql_num_rows($result)) return translation('There is already a research participant with this e-mail address') . '.'; return TRUE; } function birthdate($field = 'birthdate') { if (! @checkdate($_POST[$field . 'month'], $_POST[$field . 'day'], $_POST[$field . 'year'])) return 'Please choose a valid date.'; $_POST['birthdate'] = $_POST[$field . 'year'] . trailingZero($_POST[$field . 'month'], 2) . trailingZero($_POST[$field . 'day'], 2); return TRUE; } // Conditional Page Layout $showSurvey = TRUE; if (isset($_GET['x']) && is_numeric($_GET['x']) && isset($_GET['y']) && is_numeric($_GET['y'])) { $result = query("SELECT `responseid` FROM `survey" . $_GET['surveyid'] . "` LEFT JOIN `sentmail` ON `survey" . $_GET['surveyid'] . "`.`authorstamp`=`sentmail`.`linkid` WHERE `sentmail`.`sentmailid`='" . $_GET['x'] . "'"); if (! mysql_num_rows($result)) { $result = query("SELECT `sentmail`.*, CONCAT(`firstname`,' ',`lastname`) AS `name` FROM `sentmail` LEFT JOIN `" . $_SESSION['peopletable'] . "` ON `sentmail`.`linkid`=`" . $_SESSION['peopletable'] . "`.`" . $_SESSION['peopleprimary'] . "` WHERE `sentmailid`='" . $_GET['x'] . "' AND `magicnumber`='" . $_GET['y'] . "'"); $myrow = mysql_fetch_array($result); validate(chooseClient(), '', '', $myrow['linkid']); $showSurvey = TRUE; } else { notice('Either the survey you are attempting to reach is invalid, or you have already taken this survey.'); $showSurvey = FALSE; } } if ($showSurvey) { if (isset($_REQUEST['surveyid'])) { $result = query("SELECT surveyid FROM surveys WHERE surveyid='" . $_REQUEST['surveyid'] . "'"); if (mysql_num_rows($result)) $_SESSION['surveyid'] = $_REQUEST['surveyid']; } elseif (! isset($_SESSION['surveyid'])) { $_SESSION['surveyid'] = 1; } $peopleTable = array('name' => 'people'); $peopleForm = array('name' => 'index', 'sql' => "SELECT * FROM `surveys` WHERE `surveyid`='" . $_SESSION['surveyid'] . "'", 'display' => FALSE, 'navigation' => FALSE, 'fields' => array('firstname', 'lastname', 'title', 'organization', 'address1', 'address2', 'city', 'stateprovince', 'postalcode', 'country', 'homephone', 'email', 'gender', 'birthdate', 'affected', 'familyaffected', 'referred', 'referralname', 'referralemail', 'referralrelation'), 'required' => array(TRUE, TRUE, FALSE, FALSE, TRUE, FALSE, TRUE, ! $_POST['country'] || $_POST['country'] == 'Canada' ? TRUE : FALSE, TRUE, FALSE, FALSE, TRUE, TRUE, TRUE, TRUE, FALSE, FALSE, FALSE, FALSE, FALSE), 'error' => array('any', 'any', 'any', 'any', 'any', 'any', 'any', 'drop', 'any', 'drop', 'any', 'custom', 'drop', 'custom', 'drop', 'drop', 'drop', 'any', 'email', 'any'), 'data' => array('', '', '', '', '', '', '', '', '', '', '', 'verifyAddress($value)', '', 'birthdate()', '', '', '', '', '', '')); $subtable = array('name' => 'survey' . $_SESSION['surveyid'], 'primary' => 'responseid'); $subform = array('name' => 'index', 'navigation' => FALSE); $result = query("SELECT questionid, questiontypeid, title, required, otherfield, choices FROM questions WHERE surveyid='" . $_SESSION['surveyid'] . "'"); $subform['fields'] = array(); $subform['required'] = array(); $subform['error'] = array(); $subform['data'] = array(); while ($myrow = mysql_fetch_array($result)) { if ($myrow['questiontypeid'] == 5 || $myrow['questiontypeid'] == 9) { $storedChoices = explode('^', $myrow['choices']); $numberChoices = count($storedChoices); for ($j = 0; $j < $numberChoices; $j++) { array_push($subform['fields'], 'question' . $myrow['questionid'] . '-' . ($j + 1)); array_push($subform['required'], $myrow['questiontypeid'] == 5 ? FALSE : TRUE); array_push($subform['error'], surveyError($myrow['questiontypeid'])); if ($myrow['questiontypeid'] == 9) { $data = 'total100(' . $myrow['questionid'] . ', ' . $numberChoices . ')'; } else { $data = ''; } array_push($subform['data'], $data); } } elseif ($myrow['questiontypeid']) { array_push($subform['fields'], 'question' . $myrow['questionid']); array_push($subform['required'], $myrow['required'] == 'Y' ? TRUE : FALSE); array_push($subform['error'], surveyError($myrow['questiontypeid'])); array_push($subform['data'], ''); } if ($myrow['otherfield'] == 'Y') { array_push($subform['fields'], 'other' . $myrow['questionid']); array_push($subform['required'], FALSE); array_push($subform['error'], 'any'); array_push($subform['data'], ''); } } $security = array('read' => TRUE, 'add' => TRUE); if (clickButton('send')) { if (! checkInjection()) { notice('This form cannot be used to send e-mails.'); form($peopleForm, $peopleTable, $security); } else { $form['fields'] = array_merge($peopleForm['fields'], $subform['fields']); $form['required'] = array_merge($peopleForm['required'], $subform['required']); $form['error'] = array_merge($peopleForm['error'], $subform['error']); $form['data'] = array_merge($peopleForm['data'], $subform['data']); // print_r($form); $error = isset($_SESSION['personid']) ? FALSE : errorCheck($form['fields'], $form['required'], $form['error'], $form['data']); // $suberror = errorCheck($subform['fields'], $subform['required'], $subform['error'], $subform['data'], FALSE); if (! $error) { if (isset($_SESSION['personid']) || $personid = submit($peopleForm, $peopleTable, $security, FALSE, FALSE)) { if (! isset($_SESSION['personid'])) $_SESSION['personid'] = $personid; if ($responseid = submit($subform, $subtable, $security, FALSE, FALSE)) { $newPassword = makePassword(); $result = query("UPDATE `" . $_SESSION['peopletable'] . "` SET `password`='" . sha1($newPassword) . "' WHERE `email`='" . $_POST['email'] . "'"); if ($_SESSION['surveyid'] == 1 && is_file('message.txt')) { $headers['to'] = $_POST['email']; $headers['from'] = $_SESSION['administratorFrom'] . ' <' . $_SESSION['administratorEmail'] . '>'; $subject = 'Thanks for Answering Our Survey!'; $message = file_get_contents('message.txt'); $_POST['linkid'] = 1; email($headers, $subject, $message, rand(1, 1000000000), 'people', $personid, FALSE); } echo "

\n"; echo "Thanks for your submission!

\n\n"; } } } else { form($peopleForm, $peopleTable, $security, FALSE, $_POST); } } } elseif (! isset($error)) { form($peopleForm, $peopleTable, $security, $_SESSION['surveyid']); } } ?>
 

Foundation Links
Autism / Old PCs / Discuss / Donate / About

 
Copyright © 1998- Think Computer Foundation. All Rights Reserved.