From 75160b12821f7f4299cce7f0b69c83c1502ae071 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anton=20Luka=20=C5=A0ijanec?= Date: Mon, 27 May 2024 13:08:29 +0200 Subject: 2024-02-19 upstream --- admin/survey/api/class.ApiSurvey.php | 122 ++++++++++++++++++++++++++++------- 1 file changed, 98 insertions(+), 24 deletions(-) (limited to 'admin/survey/api/class.ApiSurvey.php') diff --git a/admin/survey/api/class.ApiSurvey.php b/admin/survey/api/class.ApiSurvey.php index 36b8d85..a589358 100644 --- a/admin/survey/api/class.ApiSurvey.php +++ b/admin/survey/api/class.ApiSurvey.php @@ -363,6 +363,65 @@ class ApiSurvey { break; + // SAMO ZA GORANA - PLACILA + case 'getNarocilo': + + // Klic dovolimo samo Goranu + if($global_user_id == '112696'){ + + if (isset($params['narocilo_id'])){ + $narocilo = new UserNarocila(); + $json_array = $narocilo->getNarocilo($params['narocilo_id']); + } + else{ + $json_array['error'] = 'Narocilo ID is missing'; + } + } + else{ + $json_array['error'] = 'Denied for user '.$global_user_id; + } + + break; + + case 'placajNarocilo': + + // Klic dovolimo samo Goranu + if($global_user_id == '112696'){ + + if (isset($params['narocilo_id'])){ + $narocilo = new UserNarocila(); + $json_array = $narocilo->payNarocilo($params['narocilo_id']); + } + else{ + $json_array['error'] = 'Narocilo ID is missing'; + } + } + else{ + $json_array['error'] = 'Denied for user '.$global_user_id; + } + + break; + + case 'placajNarociloEracun': + + // Klic dovolimo samo Goranu + if($global_user_id == '112696'){ + + if (isset($params['narocilo_id'])){ + $narocilo = new UserNarocila(); + $json_array = $narocilo->payNarociloEracun($params['narocilo_id']); + } + else{ + $json_array['error'] = 'Narocilo ID is missing'; + } + } + else{ + $json_array['error'] = 'Denied for user '.$global_user_id; + } + + break; + + // MOBILE APP ONLY case 'getMobileAppVersion': $json_array = $this->getMobileAppVersion(); @@ -2144,21 +2203,25 @@ class ApiSurvey { $res = sisplet_query("SELECT value FROM misc WHERE what='SurveyCookie'"); list ($SurveyCookie) = mysqli_fetch_row($res); + // Nastavimo se hash + $hash = Common::generateSurveyHash(); // GLASOVANJE if ($survey_type == 0) { - $sql = sisplet_query("INSERT INTO srv_anketa (id, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, survey_type, lang_admin, lang_resp, active, skin, show_intro, show_concl, locked, mobile_created) " . - "VALUES ('', '$naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '', '$url', '', '0', '$lang_admin', '$lang_resp', '0', '1kaBlue', '0', '0', '0', '$mobile_created')"); + $sql = sisplet_query("INSERT INTO srv_anketa + (id, hash, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, survey_type, lang_admin, lang_resp, active, skin, show_intro, show_concl, locked, mobile_created) + VALUES + ('', '".$hash."', '$naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '', '$url', '', '0', '$lang_admin', '$lang_resp', '0', '1kaBlue', '0', '0', '0', '$mobile_created')"); if (!$sql) { $error = mysqli_error($GLOBALS['connect_db']); } $anketa = mysqli_insert_id($GLOBALS['connect_db']); - if ($anketa > 0) { - $url .= 'a/' . $anketa; + + $url .= 'a/' . $hash; // vnesemo tudi 1. grupo aka page $sql = sisplet_query("INSERT INTO srv_grupa (id, ank_id, naslov, vrstni_red) VALUES ('', '$anketa', '$lang[srv_stran] 1', '1')"); @@ -2219,8 +2282,8 @@ class ApiSurvey { $zakljucek_besedilo = $purifier->purify_DB($zakljucek['besedilo']); $show_concl = ($zakljucek['hide_zakljucek'] == '1') ? 0 : 1; - $sql = sisplet_query("INSERT INTO srv_anketa (id, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, survey_type, lang_admin, lang_resp, active, skin, introduction, conclusion, show_intro, show_concl, locked, mobile_created) " . - "VALUES ('', '$naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '', '$url', '', '2', '$lang_admin', '$lang_resp', '$autoActiveSurvey', '1ka', '$uvod_besedilo', '$zakljucek_besedilo', '$show_intro', '$show_concl', '1', '$mobile_created')"); + $sql = sisplet_query("INSERT INTO srv_anketa (id, hash, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, survey_type, lang_admin, lang_resp, active, skin, introduction, conclusion, show_intro, show_concl, locked, mobile_created) " . + "VALUES ('', '".$hash."', '$naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '', '$url', '', '2', '$lang_admin', '$lang_resp', '$autoActiveSurvey', '1ka', '$uvod_besedilo', '$zakljucek_besedilo', '$show_intro', '$show_concl', '1', '$mobile_created')"); if (!$sql) { $error = mysqli_error($GLOBALS['connect_db']); } @@ -2228,7 +2291,8 @@ class ApiSurvey { if ($anketa > 0) { - $url .= 'a/' . $anketa; + + $url .= 'a/' . $hash; // vnesemo tudi 1. grupo aka page $sql = sisplet_query("INSERT INTO srv_grupa (id, ank_id, naslov, vrstni_red) VALUES ('', '$anketa', '$lang[srv_stran] 1', '1')"); @@ -2267,7 +2331,8 @@ class ApiSurvey { $json_array['id'] = $anketa; $json_array['note'] = 'Survey created'; - } else { + } + else { $json_array['error'] = 'Error creating survey'; } @@ -3117,11 +3182,19 @@ class ApiSurvey { $updateActiveTime = ", starts=$starts, expire=$expire"; if ($active == 1) { - $activity_insert_string = "INSERT INTO srv_activity (sid, starts, expire, uid) VALUES('" . $ank_id . "', $starts, $expire, '" . $global_user_id . "' )"; - $sql_insert = sisplet_query($activity_insert_string); - //ignoriraj erorror, ce ze obstaja identicna vrstica - /* if (!$sql_insert) - $json_array['error'] = mysqli_error($GLOBALS['connect_db']); */ + $sql_insert = sisplet_query("INSERT INTO srv_activity + (sid, starts, expire) + VALUES + ('".$ank_id."', ".$starts.", ".$expire.") + ON DUPLICATE KEY UPDATE + SET expire=".$expire." + "); + } + else{ + $sql_insert = sisplet_query("UPDATE srv_activity + SET expire=".$expire." + WHERE sid='".$ank_id."' + "); } $sql = sisplet_query("UPDATE srv_anketa SET active=" . $active @@ -3129,7 +3202,8 @@ class ApiSurvey { if (!$sql) { $json_array['error'] = mysqli_error($GLOBALS['connect_db']); - } else { + } + else { if (!isset($json_array['error'])) $json_array['note'] = 'Survey activity changed'; } @@ -3377,7 +3451,7 @@ class ApiSurvey { // vstavimo v srv_data_text (email, ime, priimek) SurveyInfo::getInstance()->SurveyInit($ank_id); - $db_table = (SurveyInfo::getInstance()->getSurveyColumn('db_table') == 1) ? '_active' : ''; + $db_table = SurveyInfo::getInstance()->getSurveyArchiveDBString(); foreach ($sys_vars AS $sid => $spremenljivka) { if ($spremenljivka['variable'] == 'email') sisplet_query("INSERT INTO srv_data_text" . $db_table . " (spr_id, vre_id, text, usr_id) VALUES ('" . $sid . "', '" . $spremenljivka['vre_id'] . "', '" . $email . "', '" . $usr_id . "')"); @@ -3424,7 +3498,7 @@ class ApiSurvey { // vstavimo v srv_data_text (email, ime, priimek) SurveyInfo::getInstance()->SurveyInit($ank_id); - $db_table = (SurveyInfo::getInstance()->getSurveyColumn('db_table') == 1) ? '_active' : ''; + $db_table = SurveyInfo::getInstance()->getSurveyArchiveDBString(); foreach ($sys_vars AS $sid => $spremenljivka) { if ($spremenljivka['variable'] == 'email') { $data_insert = sisplet_query("INSERT INTO srv_data_text" . $db_table . " (spr_id, vre_id, text, usr_id) VALUES ('" . $sid . "', '" . $spremenljivka['vre_id'] . "', '" . $email . "', '" . $usr_id . "')"); @@ -3519,14 +3593,14 @@ class ApiSurvey { $add = false; if (SurveyInfo::getInstance()->checkSurveyModule('uporabnost')) - $link = 'main/survey/uporabnost.php?anketa=' . $anketa . '&skupina=' . $vre_id; + $link = 'main/survey/uporabnost.php?anketa=' . SurveyInfo::getInstance()->getSurveyHash() . '&skupina=' . $vre_id; else - $link = 'main/survey/index.php?anketa=' . $anketa . '&skupina=' . $vre_id; + $link = 'main/survey/index.php?anketa=' . SurveyInfo::getInstance()->getSurveyHash() . '&skupina=' . $vre_id; if ($add) { $f = @fopen($site_path . '.htaccess', 'a'); if ($f !== false) { - fwrite($f, "\nRewriteRule ^" . $nice_url . '\b(.*) ' . $link . "&foo=\$1&%{QUERY_STRING}"); + fwrite($f, "\nRewriteRule ^" . $nice_url . '\b(?!-)(.*) ' . $link . "&foo=\$1&%{QUERY_STRING}"); fclose($f); $sqlI = sisplet_query("INSERT INTO srv_nice_links_skupine (id,ank_id,nice_link_id,vre_id,link) VALUES ('','$ank_id','$row[id]','$vre_id','$nice_url')"); @@ -3626,14 +3700,14 @@ class ApiSurvey { $add = false; if (SurveyInfo::getInstance()->checkSurveyModule('uporabnost')) - $link = 'main/survey/uporabnost.php?anketa=' . $anketa . '&skupina=' . $vre_id; + $link = 'main/survey/uporabnost.php?anketa=' . SurveyInfo::getInstance()->getSurveyHash() . '&skupina=' . $vre_id; else - $link = 'main/survey/index.php?anketa=' . $anketa . '&skupina=' . $vre_id; + $link = 'main/survey/index.php?anketa=' . SurveyInfo::getInstance()->getSurveyHash() . '&skupina=' . $vre_id; if ($add) { $f = @fopen($site_path . '.htaccess', 'a'); if ($f !== false) { - fwrite($f, "\nRewriteRule ^" . $nice_url . '\b(.*) ' . $link . "&foo=\$1&%{QUERY_STRING}"); + fwrite($f, "\nRewriteRule ^" . $nice_url . '\b(?!-)(.*) ' . $link . "&foo=\$1&%{QUERY_STRING}"); fclose($f); $sqlI = sisplet_query("INSERT INTO srv_nice_links_skupine (id,ank_id,nice_link_id,vre_id,link) VALUES ('','$ank_id','$row[id]','$vre_id','$nice_url')"); @@ -3887,7 +3961,7 @@ class ApiSurvey { // vstavimo v srv_data_text (email, ime, priimek) SurveyInfo::getInstance()->SurveyInit($ank_id); - $db_table = (SurveyInfo::getInstance()->getSurveyColumn('db_table') == 1) ? '_active' : ''; + $db_table = SurveyInfo::getInstance()->getSurveyArchiveDBString(); foreach ($sys_vars AS $sid => $spremenljivka) { if ($spremenljivka['variable'] == 'email') sisplet_query("INSERT INTO srv_data_text" . $db_table . " (spr_id, vre_id, text, usr_id) VALUES ('" . $sid . "', '" . $spremenljivka['vre_id'] . "', '" . $email . "', '" . $usr_id . "')"); @@ -3934,7 +4008,7 @@ class ApiSurvey { // vstavimo v srv_data_text (email, ime, priimek) SurveyInfo::getInstance()->SurveyInit($ank_id); - $db_table = (SurveyInfo::getInstance()->getSurveyColumn('db_table') == 1) ? '_active' : ''; + $db_table = SurveyInfo::getInstance()->getSurveyArchiveDBString(); foreach ($sys_vars AS $sid => $spremenljivka) { if ($spremenljivka['variable'] == 'email') { $data_insert = sisplet_query("INSERT INTO srv_data_text" . $db_table . " (spr_id, vre_id, text, usr_id) VALUES ('" . $sid . "', '" . $spremenljivka['vre_id'] . "', '" . $email . "', '" . $usr_id . "')"); -- cgit v1.2.3