summaryrefslogtreecommitdiffstats
path: root/admin/survey/api/class.ApiSurvey.php
diff options
context:
space:
mode:
authorAnton Luka Šijanec <anton@sijanec.eu>2024-05-27 13:08:29 +0200
committerAnton Luka Šijanec <anton@sijanec.eu>2024-05-27 13:08:29 +0200
commit75160b12821f7f4299cce7f0b69c83c1502ae071 (patch)
tree27e25e4ccaef45f0c58b22831164050d1af1d4db /admin/survey/api/class.ApiSurvey.php
parentprvi-commit (diff)
download1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.tar
1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.tar.gz
1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.tar.bz2
1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.tar.lz
1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.tar.xz
1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.tar.zst
1ka-75160b12821f7f4299cce7f0b69c83c1502ae071.zip
Diffstat (limited to 'admin/survey/api/class.ApiSurvey.php')
-rw-r--r--admin/survey/api/class.ApiSurvey.php122
1 files changed, 98 insertions, 24 deletions
diff --git a/admin/survey/api/class.ApiSurvey.php b/admin/survey/api/class.ApiSurvey.php
index 36b8d85..a589358 100644
--- a/admin/survey/api/class.ApiSurvey.php
+++ b/admin/survey/api/class.ApiSurvey.php
@@ -363,6 +363,65 @@ class ApiSurvey {
break;
+ // SAMO ZA GORANA - PLACILA
+ case 'getNarocilo':
+
+ // Klic dovolimo samo Goranu
+ if($global_user_id == '112696'){
+
+ if (isset($params['narocilo_id'])){
+ $narocilo = new UserNarocila();
+ $json_array = $narocilo->getNarocilo($params['narocilo_id']);
+ }
+ else{
+ $json_array['error'] = 'Narocilo ID is missing';
+ }
+ }
+ else{
+ $json_array['error'] = 'Denied for user '.$global_user_id;
+ }
+
+ break;
+
+ case 'placajNarocilo':
+
+ // Klic dovolimo samo Goranu
+ if($global_user_id == '112696'){
+
+ if (isset($params['narocilo_id'])){
+ $narocilo = new UserNarocila();
+ $json_array = $narocilo->payNarocilo($params['narocilo_id']);
+ }
+ else{
+ $json_array['error'] = 'Narocilo ID is missing';
+ }
+ }
+ else{
+ $json_array['error'] = 'Denied for user '.$global_user_id;
+ }
+
+ break;
+
+ case 'placajNarociloEracun':
+
+ // Klic dovolimo samo Goranu
+ if($global_user_id == '112696'){
+
+ if (isset($params['narocilo_id'])){
+ $narocilo = new UserNarocila();
+ $json_array = $narocilo->payNarociloEracun($params['narocilo_id']);
+ }
+ else{
+ $json_array['error'] = 'Narocilo ID is missing';
+ }
+ }
+ else{
+ $json_array['error'] = 'Denied for user '.$global_user_id;
+ }
+
+ break;
+
+
// MOBILE APP ONLY
case 'getMobileAppVersion':
$json_array = $this->getMobileAppVersion();
@@ -2144,21 +2203,25 @@ class ApiSurvey {
$res = sisplet_query("SELECT value FROM misc WHERE what='SurveyCookie'");
list ($SurveyCookie) = mysqli_fetch_row($res);
+ // Nastavimo se hash
+ $hash = Common::generateSurveyHash();
// GLASOVANJE
if ($survey_type == 0) {
- $sql = sisplet_query("INSERT INTO srv_anketa (id, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, survey_type, lang_admin, lang_resp, active, skin, show_intro, show_concl, locked, mobile_created) " .
- "VALUES ('', '$naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '', '$url', '', '0', '$lang_admin', '$lang_resp', '0', '1kaBlue', '0', '0', '0', '$mobile_created')");
+ $sql = sisplet_query("INSERT INTO srv_anketa
+ (id, hash, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, survey_type, lang_admin, lang_resp, active, skin, show_intro, show_concl, locked, mobile_created)
+ VALUES
+ ('', '".$hash."', '$naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '', '$url', '', '0', '$lang_admin', '$lang_resp', '0', '1kaBlue', '0', '0', '0', '$mobile_created')");
if (!$sql) {
$error = mysqli_error($GLOBALS['connect_db']);
}
$anketa = mysqli_insert_id($GLOBALS['connect_db']);
-
if ($anketa > 0) {
- $url .= 'a/' . $anketa;
+
+ $url .= 'a/' . $hash;
// vnesemo tudi 1. grupo aka page
$sql = sisplet_query("INSERT INTO srv_grupa (id, ank_id, naslov, vrstni_red) VALUES ('', '$anketa', '$lang[srv_stran] 1', '1')");
@@ -2219,8 +2282,8 @@ class ApiSurvey {
$zakljucek_besedilo = $purifier->purify_DB($zakljucek['besedilo']);
$show_concl = ($zakljucek['hide_zakljucek'] == '1') ? 0 : 1;
- $sql = sisplet_query("INSERT INTO srv_anketa (id, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, survey_type, lang_admin, lang_resp, active, skin, introduction, conclusion, show_intro, show_concl, locked, mobile_created) " .
- "VALUES ('', '$naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '', '$url', '', '2', '$lang_admin', '$lang_resp', '$autoActiveSurvey', '1ka', '$uvod_besedilo', '$zakljucek_besedilo', '$show_intro', '$show_concl', '1', '$mobile_created')");
+ $sql = sisplet_query("INSERT INTO srv_anketa (id, hash, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, survey_type, lang_admin, lang_resp, active, skin, introduction, conclusion, show_intro, show_concl, locked, mobile_created) " .
+ "VALUES ('', '".$hash."', '$naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '', '$url', '', '2', '$lang_admin', '$lang_resp', '$autoActiveSurvey', '1ka', '$uvod_besedilo', '$zakljucek_besedilo', '$show_intro', '$show_concl', '1', '$mobile_created')");
if (!$sql) {
$error = mysqli_error($GLOBALS['connect_db']);
}
@@ -2228,7 +2291,8 @@ class ApiSurvey {
if ($anketa > 0) {
- $url .= 'a/' . $anketa;
+
+ $url .= 'a/' . $hash;
// vnesemo tudi 1. grupo aka page
$sql = sisplet_query("INSERT INTO srv_grupa (id, ank_id, naslov, vrstni_red) VALUES ('', '$anketa', '$lang[srv_stran] 1', '1')");
@@ -2267,7 +2331,8 @@ class ApiSurvey {
$json_array['id'] = $anketa;
$json_array['note'] = 'Survey created';
- } else {
+ }
+ else {
$json_array['error'] = 'Error creating survey';
}
@@ -3117,11 +3182,19 @@ class ApiSurvey {
$updateActiveTime = ", starts=$starts, expire=$expire";
if ($active == 1) {
- $activity_insert_string = "INSERT INTO srv_activity (sid, starts, expire, uid) VALUES('" . $ank_id . "', $starts, $expire, '" . $global_user_id . "' )";
- $sql_insert = sisplet_query($activity_insert_string);
- //ignoriraj erorror, ce ze obstaja identicna vrstica
- /* if (!$sql_insert)
- $json_array['error'] = mysqli_error($GLOBALS['connect_db']); */
+ $sql_insert = sisplet_query("INSERT INTO srv_activity
+ (sid, starts, expire)
+ VALUES
+ ('".$ank_id."', ".$starts.", ".$expire.")
+ ON DUPLICATE KEY UPDATE
+ SET expire=".$expire."
+ ");
+ }
+ else{
+ $sql_insert = sisplet_query("UPDATE srv_activity
+ SET expire=".$expire."
+ WHERE sid='".$ank_id."'
+ ");
}
$sql = sisplet_query("UPDATE srv_anketa SET active=" . $active
@@ -3129,7 +3202,8 @@ class ApiSurvey {
if (!$sql) {
$json_array['error'] = mysqli_error($GLOBALS['connect_db']);
- } else {
+ }
+ else {
if (!isset($json_array['error']))
$json_array['note'] = 'Survey activity changed';
}
@@ -3377,7 +3451,7 @@ class ApiSurvey {
// vstavimo v srv_data_text (email, ime, priimek)
SurveyInfo::getInstance()->SurveyInit($ank_id);
- $db_table = (SurveyInfo::getInstance()->getSurveyColumn('db_table') == 1) ? '_active' : '';
+ $db_table = SurveyInfo::getInstance()->getSurveyArchiveDBString();
foreach ($sys_vars AS $sid => $spremenljivka) {
if ($spremenljivka['variable'] == 'email')
sisplet_query("INSERT INTO srv_data_text" . $db_table . " (spr_id, vre_id, text, usr_id) VALUES ('" . $sid . "', '" . $spremenljivka['vre_id'] . "', '" . $email . "', '" . $usr_id . "')");
@@ -3424,7 +3498,7 @@ class ApiSurvey {
// vstavimo v srv_data_text (email, ime, priimek)
SurveyInfo::getInstance()->SurveyInit($ank_id);
- $db_table = (SurveyInfo::getInstance()->getSurveyColumn('db_table') == 1) ? '_active' : '';
+ $db_table = SurveyInfo::getInstance()->getSurveyArchiveDBString();
foreach ($sys_vars AS $sid => $spremenljivka) {
if ($spremenljivka['variable'] == 'email') {
$data_insert = sisplet_query("INSERT INTO srv_data_text" . $db_table . " (spr_id, vre_id, text, usr_id) VALUES ('" . $sid . "', '" . $spremenljivka['vre_id'] . "', '" . $email . "', '" . $usr_id . "')");
@@ -3519,14 +3593,14 @@ class ApiSurvey {
$add = false;
if (SurveyInfo::getInstance()->checkSurveyModule('uporabnost'))
- $link = 'main/survey/uporabnost.php?anketa=' . $anketa . '&skupina=' . $vre_id;
+ $link = 'main/survey/uporabnost.php?anketa=' . SurveyInfo::getInstance()->getSurveyHash() . '&skupina=' . $vre_id;
else
- $link = 'main/survey/index.php?anketa=' . $anketa . '&skupina=' . $vre_id;
+ $link = 'main/survey/index.php?anketa=' . SurveyInfo::getInstance()->getSurveyHash() . '&skupina=' . $vre_id;
if ($add) {
$f = @fopen($site_path . '.htaccess', 'a');
if ($f !== false) {
- fwrite($f, "\nRewriteRule ^" . $nice_url . '\b(.*) ' . $link . "&foo=\$1&%{QUERY_STRING}");
+ fwrite($f, "\nRewriteRule ^" . $nice_url . '\b(?!-)(.*) ' . $link . "&foo=\$1&%{QUERY_STRING}");
fclose($f);
$sqlI = sisplet_query("INSERT INTO srv_nice_links_skupine (id,ank_id,nice_link_id,vre_id,link) VALUES ('','$ank_id','$row[id]','$vre_id','$nice_url')");
@@ -3626,14 +3700,14 @@ class ApiSurvey {
$add = false;
if (SurveyInfo::getInstance()->checkSurveyModule('uporabnost'))
- $link = 'main/survey/uporabnost.php?anketa=' . $anketa . '&skupina=' . $vre_id;
+ $link = 'main/survey/uporabnost.php?anketa=' . SurveyInfo::getInstance()->getSurveyHash() . '&skupina=' . $vre_id;
else
- $link = 'main/survey/index.php?anketa=' . $anketa . '&skupina=' . $vre_id;
+ $link = 'main/survey/index.php?anketa=' . SurveyInfo::getInstance()->getSurveyHash() . '&skupina=' . $vre_id;
if ($add) {
$f = @fopen($site_path . '.htaccess', 'a');
if ($f !== false) {
- fwrite($f, "\nRewriteRule ^" . $nice_url . '\b(.*) ' . $link . "&foo=\$1&%{QUERY_STRING}");
+ fwrite($f, "\nRewriteRule ^" . $nice_url . '\b(?!-)(.*) ' . $link . "&foo=\$1&%{QUERY_STRING}");
fclose($f);
$sqlI = sisplet_query("INSERT INTO srv_nice_links_skupine (id,ank_id,nice_link_id,vre_id,link) VALUES ('','$ank_id','$row[id]','$vre_id','$nice_url')");
@@ -3887,7 +3961,7 @@ class ApiSurvey {
// vstavimo v srv_data_text (email, ime, priimek)
SurveyInfo::getInstance()->SurveyInit($ank_id);
- $db_table = (SurveyInfo::getInstance()->getSurveyColumn('db_table') == 1) ? '_active' : '';
+ $db_table = SurveyInfo::getInstance()->getSurveyArchiveDBString();
foreach ($sys_vars AS $sid => $spremenljivka) {
if ($spremenljivka['variable'] == 'email')
sisplet_query("INSERT INTO srv_data_text" . $db_table . " (spr_id, vre_id, text, usr_id) VALUES ('" . $sid . "', '" . $spremenljivka['vre_id'] . "', '" . $email . "', '" . $usr_id . "')");
@@ -3934,7 +4008,7 @@ class ApiSurvey {
// vstavimo v srv_data_text (email, ime, priimek)
SurveyInfo::getInstance()->SurveyInit($ank_id);
- $db_table = (SurveyInfo::getInstance()->getSurveyColumn('db_table') == 1) ? '_active' : '';
+ $db_table = SurveyInfo::getInstance()->getSurveyArchiveDBString();
foreach ($sys_vars AS $sid => $spremenljivka) {
if ($spremenljivka['variable'] == 'email') {
$data_insert = sisplet_query("INSERT INTO srv_data_text" . $db_table . " (spr_id, vre_id, text, usr_id) VALUES ('" . $sid . "', '" . $spremenljivka['vre_id'] . "', '" . $email . "', '" . $usr_id . "')");