diff --git a/app/classes/Framadate/FramaDB.php b/app/classes/Framadate/FramaDB.php
index 23a80d5535666157192b5b314513a5dec4cc8a48..1758c6e2a8959ece1f8899c531d5dcd21896408f 100644
--- a/app/classes/Framadate/FramaDB.php
+++ b/app/classes/Framadate/FramaDB.php
@@ -37,11 +37,53 @@ class FramaDB
function query($sql) {
return $this->pdo->query($sql);
}
-
- function allComments($poll_id) {
- $prepared = $this->prepare('SELECT * FROM comments WHERE id_sondage=? ORDER BY id_comment');
+
+ function findPollById($poll_id)
+ {
+
+ // Open database
+ if (preg_match(';^[\w\d]{16}$;i', $poll_id)) {
+ $prepared = $this->prepare('SELECT * FROM sondage WHERE sondage.poll_id = ?');
+
+ $prepared->execute([$poll_id]);
+ $poll = $prepared->fetch();
+ $prepared->closeCursor();
+
+ return $poll;
+ }
+
+ return null;
+ }
+
+ function allCommentsByPollId($poll_id) {
+ $prepared = $this->prepare('SELECT * FROM comments WHERE id_sondage = ? ORDER BY id_comment');
+ $prepared->execute(array($poll_id));
+ return $prepared->fetchAll();
+ }
+
+ function allUsersByPollId($poll_id) {
+ $prepared = $this->prepare('SELECT * FROM user_studs WHERE id_sondage = ? ORDER BY id_users');
+ $prepared->execute(array($poll_id));
+ return $prepared->fetchAll();
+ }
+
+ function allSujetsByPollId($poll_id) {
+ $prepared = $this->prepare('SELECT * FROM sujet_studs WHERE id_sondage = ? ORDER BY sujet');
$prepared->execute(array($poll_id));
return $prepared->fetchAll();
}
+ function insertVote($name, $poll_id, $choice) {
+ $prepared = $this->prepare('INSERT INTO user_studs (nom,id_sondage,reponses) VALUES (?,?,?)');
+ $prepared->execute([$name, $poll_id, $choice]);
+
+ $newVote = new \stdClass();
+ $newVote->id_sondage = $poll_id;
+ $newVote->id_users = $this->pdo->lastInsertId();
+ $newVote->nom = $name;
+ $newVote->reponse = $choice;
+
+ return $newVote;
+ }
+
}
diff --git a/app/classes/Framadate/Utils.php b/app/classes/Framadate/Utils.php
index 78da6e36d19a529f649644407b093ae4526b3751..95349797d56443e9430aa532c27da477588df8ed 100644
--- a/app/classes/Framadate/Utils.php
+++ b/app/classes/Framadate/Utils.php
@@ -30,32 +30,6 @@ class Utils
return $scheme . '://' . str_replace('/admin','',str_replace('//','/',str_replace('///','/',$server_name)));
}
- public static function get_sondage_from_id($id)
- {
- global $connect;
-
- // Open database
- if (preg_match(';^[\w\d]{16}$;i', $id)) {
- $sql = 'SELECT sondage.*,sujet_studs.sujet FROM sondage
- LEFT OUTER JOIN sujet_studs ON sondage.id_sondage = sujet_studs.id_sondage
- WHERE sondage.id_sondage = ' . $connect->Param('id_sondage');
-
- $sql = $connect->Prepare($sql);
- $sondage = $connect->Execute($sql, [$id]);
-
- if ($sondage === false) {
- return false;
- }
-
- $psondage = $sondage->FetchObject(false);
- $psondage->date_fin = strtotime($psondage->date_fin);
-
- return $psondage;
- }
-
- return false;
- }
-
public static function is_error($cerr)
{
global $err;
diff --git a/studs.php b/studs.php
index 6ec461a366d16bc85d79b7ed015684b791adf022..bfd06bd5b1f4ca23f9a9d753aca10fa9395b2586 100644
--- a/studs.php
+++ b/studs.php
@@ -33,22 +33,25 @@ include_once __DIR__ . '/app/inc/init.php';
$numsondage = false;
//On récupère le numéro de sondage par le lien web.
-if(Utils::issetAndNoEmpty('sondage', $_GET) === true) {
+if(!empty($_GET['sondage'])) {
$numsondage = $_GET["sondage"];
$_SESSION["numsondage"] = $numsondage;
}
-if(Utils::issetAndNoEmpty('sondage') === true) {
+if(!empty($_POST['sondage'])) {
$numsondage = $_POST["sondage"];
$_SESSION["numsondage"] = $numsondage;
-} elseif(Utils::issetAndNoEmpty('sondage', $_COOKIE) === true) {
+} elseif(!empty($_COOKIE['sondage'])) {
$numsondage = $_COOKIE["sondage"];
-} elseif(Utils::issetAndNoEmpty('numsondage', $_SESSION) === true) {
+} elseif(!empty($_SESSION['sondage'])) {
$numsondage = $_SESSION["numsondage"];
}
-$dsondage = ($numsondage != false) ? Utils::get_sondage_from_id($numsondage) : false;
-if (!$dsondage || $dsondage->id_sondage == ''){
+$dsondage = $connect->findPollById($numsondage);
+if ($dsondage){
+ $sujets = $connect->allSujetsByPollId($numsondage);
+ $users = $connect->allUsersByPollId($numsondage);
+} else {
Utils::print_header( _("Error!"));
bandeau_titre(_("Error!"));
@@ -65,7 +68,7 @@ if (!$dsondage || $dsondage->id_sondage == ''){
}
//output a CSV and die()
-if(Utils::issetAndNoEmpty('export', $_GET) && $dsondage !== false) {
+if(!empty($_GET['export']) && $dsondage) {
if($_GET['export'] == 'csv') {
require_once('exportcsv.php');
}
@@ -125,14 +128,12 @@ if(isset($_POST['ajoutcomment'])) {
// Action quand on clique le bouton participer
-$sql = 'SELECT * FROM user_studs WHERE id_sondage='.$connect->Param('numsondage').' ORDER BY id_users';
-$sql = $connect->Prepare($sql);
-$user_studs = $connect->Execute($sql, array($numsondage));
+$user_studs = $connect->allUsersByPollId($numsondage);
-$nbcolonnes = substr_count($dsondage->sujet, ',') + 1;
+$nbcolonnes = count($sujets);
if (!Utils::is_error(NO_POLL) && (isset($_POST["boutonp"]))) {
//Si le nom est bien entré
- if (Utils::issetAndNoEmpty('nom') === false) {
+ if (empty($_POST['nom'])) {
$err |= NAME_EMPTY;
}
@@ -154,7 +155,7 @@ if (!Utils::is_error(NO_POLL) && (isset($_POST["boutonp"]))) {
// protection contre les XSS : htmlentities
$nom = htmlentities($nom, ENT_QUOTES, 'UTF-8');
- while($user = $user_studs->FetchNextObject(false)) {
+ foreach ($users as $user) {
if ($nom == $user->nom) {
$err |= NAME_TAKEN;
}
@@ -163,20 +164,15 @@ if (!Utils::is_error(NO_POLL) && (isset($_POST["boutonp"]))) {
// Ecriture des choix de l'utilisateur dans la base
if (!Utils::is_error(NAME_TAKEN) && !Utils::is_error(NAME_EMPTY)) {
- $sql = 'INSERT INTO user_studs (nom,id_sondage,reponses) VALUES ('.
- $connect->Param('nom').', '.
- $connect->Param('numsondage').', '.
- $connect->Param('nouveauchoix').')';
- $sql = $connect->Prepare($sql);
-
- // Todo : Il faudrait lever une erreur en cas d'erreur d'insertion
- $connect->Execute($sql, array($nom, $numsondage, $nouveauchoix));
+ // Todo : Il faudrait lever une erreur en cas d'erreur d'insertion
+ $newVote = $connect->insertVote($nom, $numsondage, $nouveauchoix);
+ $user_studs[] = $newVote;
- if ($dsondage->mailsonde || /* compatibility for non boolean DB */ $dsondage->mailsonde=="yes" || $dsondage->mailsonde=="true") {
+ if ($dsondage->receiveNewVotes || /* compatibility for non boolean DB */ $dsondage->receiveNewVotes==="yes" || $dsondage->receiveNewVotes==="true") {
if($config['use_smtp']==true){
- Utils::sendEmail( "$dsondage->mail_admin",
- "[".NOMAPPLICATION."] "._("Poll's participation")." : ".html_entity_decode($dsondage->titre, ENT_QUOTES, 'UTF-8')."",
- html_entity_decode("\"$nom\" ", ENT_QUOTES, 'UTF-8').
+ Utils::sendEmail( $dsondage->admin_mail,
+ "[".NOMAPPLICATION."] "._("Poll's participation")." : ".html_entity_decode($dsondage->title, ENT_QUOTES, 'UTF-8') . ' ',
+ html_entity_decode($nom, ENT_QUOTES, 'UTF-8'). ' ' .
_("has filled a line.\nYou can find your poll at the link") . " :\n\n".
Utils::getUrlSondage($numsondage) . " \n\n" .
_("Thanks for your confidence.") . "\n". NOMAPPLICATION );
@@ -186,10 +182,11 @@ if (!Utils::is_error(NO_POLL) && (isset($_POST["boutonp"]))) {
} else {
$err |= NAME_EMPTY;
}
+
}
if($err != 0) {
- Utils::print_header(_("Error!").' - '.$dsondage->titre);
+ Utils::print_header(_("Error!").' - '.$dsondage->title);
bandeau_titre(_("Error!"));
echo '<div class="alert alert-danger"><ul class="list-unstyled">'."\n";
@@ -210,11 +207,11 @@ if($err != 0) {
echo '</ul></div>';
} else {
- Utils::print_header(_('Poll').' - '.$dsondage->titre);
- bandeau_titre(_('Poll').' - '.$dsondage->titre);
+ Utils::print_header(_('Poll').' - '.$dsondage->title);
+ bandeau_titre(_('Poll').' - '.$dsondage->title);
}
-$title=stripslashes(str_replace("\\","",$dsondage->titre));
+$title=stripslashes(str_replace("\\","",$dsondage->title));
echo '
<div class="jumbotron">
<div class="row">
@@ -232,18 +229,18 @@ echo '
<div class="col-md-5">
<div class="form-group">
<h4 class="control-label">'. _("Initiator of the poll") .'</h4>
- <p class="form-control-static"> '.stripslashes($dsondage->nom_admin).'</p>
+ <p class="form-control-static"> '.stripslashes($dsondage->admin_name).'</p>
</div>
<div class="form-group">
- <label for="public-link"><a class="public-link" href="' . Utils::getUrlSondage($dsondage->id_sondage) . '">'._("Public link of the poll") .' <span class="btn-link glyphicon glyphicon-link"></span></a></label>
- <input class="form-control" id="public-link" type="text" readonly="readonly" value="' . Utils::getUrlSondage($dsondage->id_sondage) . '" />
+ <label for="public-link"><a class="public-link" href="' . Utils::getUrlSondage($dsondage->poll_id) . '">'._("Public link of the poll") .' <span class="btn-link glyphicon glyphicon-link"></span></a></label>
+ <input class="form-control" id="public-link" type="text" readonly="readonly" value="' . Utils::getUrlSondage($dsondage->poll_id) . '" />
</div>
</div>'."\n";
//affichage de la description du sondage
-if ($dsondage->commentaires) {
- $commentaires = $dsondage->commentaires;
- $commentaires=nl2br(str_replace("\\","",$commentaires));
+if ($dsondage->comment) {
+ $commentaires = $dsondage->comment;
+ $commentaires=nl2br(str_replace("\\","",$comment));
echo '
<div class="form-group col-md-7">
<h4 class="control-label">'._("Description") .'</h4><br />
@@ -255,7 +252,7 @@ echo '
</div>'."\n"; // .jumbotron
//On récupere les données et les sujets du sondage
-$nblignes = $user_studs->RecordCount();
+$nblignes = count($users);
//on teste pour voir si une ligne doit etre modifiée
$testmodifier = false;
@@ -295,21 +292,13 @@ if ($testmodifier) {
$connect->Execute($sql, array($nouveauchoix, $data->nom, $data->id_users));
if ($dsondage->mailsonde=="yes") {
- Utils::sendEmail( "$dsondage->mail_admin", "[".NOMAPPLICATION."] " . _("Poll's participation") . " : ".html_entity_decode($dsondage->titre, ENT_QUOTES, 'UTF-8'), "\"".html_entity_decode($data->nom, ENT_QUOTES, 'UTF-8')."\""."" . _("has filled a line.\nYou can find your poll at the link") . " :\n\n" . Utils::getUrlSondage($numsondage) . " \n\n" . _("Thanks for your confidence.") . "\n".NOMAPPLICATION );
+ Utils::sendEmail( "$dsondage->mail_admin", "[".NOMAPPLICATION."] " . _("Poll's participation") . " : ".html_entity_decode($dsondage->title, ENT_QUOTES, 'UTF-8'), "\"".html_entity_decode($data->nom, ENT_QUOTES, 'UTF-8')."\""."" . _("has filled a line.\nYou can find your poll at the link") . " :\n\n" . Utils::getUrlSondage($numsondage) . " \n\n" . _("Thanks for your confidence.") . "\n".NOMAPPLICATION );
}
}
$compteur++;
}
}
-//recuperation des utilisateurs du sondage
-$sql = 'SELECT * FROM user_studs WHERE id_sondage='.$connect->Param('numsondage').' ORDER BY id_users';
-$sql = $connect->Prepare($sql);
-$user_studs = $connect->Execute($sql, array($numsondage));
-
-//reformatage des données des sujets du sondage
-$toutsujet = explode(",",$dsondage->sujet);
-
// Table headers
$thead = '<thead>';
@@ -385,18 +374,17 @@ if ($dsondage->format=="D"||$dsondage->format=="D+"||$dsondage->format=="D-") {
// Subjects poll
} else {
- $toutsujet=str_replace("@","<br />",$toutsujet);
$tr_subjects = '<tr><th role="presentation"></th>';
- for ($i = 0; isset($toutsujet[$i]); $i++) {
+ foreach ($sujets as $i=>$sujet) {
$td_headers[$i]='';$radio_title[$i]=''; // init before concatenate
// Subjects
- preg_match_all('/\[!\[(.*?)\]\((.*?)\)\]\((.*?)\)/',$toutsujet[$i],$md_a_img); // Markdown [](href)
- preg_match_all('/!\[(.*?)\]\((.*?)\)/',$toutsujet[$i],$md_img); // Markdown 
- preg_match_all('/\[(.*?)\]\((.*?)\)/',$toutsujet[$i],$md_a); // Markdown [text](href)
+ preg_match_all('/\[!\[(.*?)\]\((.*?)\)\]\((.*?)\)/',$sujet->sujet,$md_a_img); // Markdown [](href)
+ preg_match_all('/!\[(.*?)\]\((.*?)\)/',$sujet->sujet,$md_img); // Markdown 
+ preg_match_all('/\[(.*?)\]\((.*?)\)/',$sujet->sujet,$md_a); // Markdown [text](href)
if (isset($md_a_img[2][0]) && $md_a_img[2][0]!='' && isset($md_a_img[3][0]) && $md_a_img[3][0]!='') { // [](href)
$th_subject_text = (isset($md_a_img[1][0]) && $md_a_img[1][0]!='') ? stripslashes($md_a_img[1][0]) : _("Choice") .' '.($i+1);
@@ -414,7 +402,7 @@ if ($dsondage->format=="D"||$dsondage->format=="D+"||$dsondage->format=="D-") {
} else { // text only
- $th_subject_text = stripslashes($toutsujet[$i]);
+ $th_subject_text = stripslashes($sujet->sujet);
$th_subject_html = $th_subject_text;
}
@@ -431,7 +419,7 @@ if ($dsondage->format=="D"||$dsondage->format=="D+"||$dsondage->format=="D-") {
// Print headers
echo '
-<form name="formulaire" action="' . Utils::getUrlSondage($dsondage->id_sondage) . '" method="POST">
+<form name="formulaire" action="' . Utils::getUrlSondage($dsondage->poll_id) . '" method="POST">
<input type="hidden" name="sondage" value="' . $numsondage . '"/>
';
if ($dsondage->format=="A-" || $dsondage->format=="D-") {
@@ -475,12 +463,12 @@ $user_mod = false;
$somme[] = 0;
$compteur = 0;
-while ($data = $user_studs->FetchNextObject(false)) {
+foreach ($users as $user) {
- $ensemblereponses = $data->reponses;
+ $ensemblereponses = $user->reponses;
//affichage du nom
- $nombase=str_replace("°","'",$data->nom);
+ $nombase=str_replace("°","'",$user->nom);
echo '<tr>
<th class="bg-info">'.stripslashes($nombase).'</th>'."\n";
@@ -666,11 +654,9 @@ echo '
<hr role="presentation" />';
// Comments
-$sql = 'select * from comments where id_sondage='.$connect->Param('numsondage').' order by id_comment';
-$sql = $connect->Prepare($sql);
-$comment_user=$connect->Execute($sql, array($numsondage));
+$comments = $connect->allCommentsByPollId($numsondage);
-if ($comment_user->RecordCount() != 0) {
+if (count($comments) != 0) {
echo '<div><h3>' . _("Comments of polled people") . '</h3>'."\n";
while($dcomment = $comment_user->FetchNextObject(false)) {