create_poll.php 12.4 KB
Newer Older
1
2
3
4
5
6
<?php
/**
 * This software is governed by the CeCILL-B license. If a copy of this license
 * is not distributed with this file, you can obtain one at
 * http://www.cecill.info/licences/Licence_CeCILL-B_V1-en.txt
 *
7
 * Authors of STUdS (initial project): Guilhem BORGHESI (borghesi@unistra.fr) and Rapha�l DROZ
8
 * Authors of Framadate/OpenSondage: Framasoft (https://github.com/framasoft)
9
10
11
 *
 * =============================
 *
12
 * Ce logiciel est r�gi par la licence CeCILL-B. Si une copie de cette licence
13
14
15
 * ne se trouve pas avec ce fichier vous pouvez l'obtenir sur
 * http://www.cecill.info/licences/Licence_CeCILL-B_V1-fr.txt
 *
16
 * Auteurs de STUdS (projet initial) : Guilhem BORGHESI (borghesi@unistra.fr) et Rapha�l DROZ
17
18
19
20
 * Auteurs de Framadate/OpenSondage : Framasoft (https://github.com/framasoft)
 */

use Framadate\Form;
21
use Framadate\Repositories\RepositoryFactory;
22
use Framadate\Security\PasswordHasher;
23
use Framadate\Services\InputService;
24
25
26
27
28
29
use Framadate\Utils;

include_once __DIR__ . '/app/inc/init.php';

const GO_TO_STEP_2 = 'gotostep2';

30
31
32
33
/* Services */
/*----------*/

$inputService = new InputService();
34
$pollRepository = RepositoryFactory::pollRepository();
35
36
37
38

/* PAGE */
/* ---- */

39
40
41
42
43
if (!isset($_SESSION['form'])) {
    $_SESSION['form'] = new Form();
}

// Type de sondage
44
45
if (isset($_GET['type']) && $_GET['type'] === 'date' ||
    isset($_POST['type']) && $_POST['type'] === 'date'
46
47
48
49
50
51
52
53
54
55
) {
    $poll_type = 'date';
    $_SESSION['form']->choix_sondage = $poll_type;
} else {
    $poll_type = 'classic';
    $_SESSION['form']->choix_sondage = $poll_type;
}

// We clean the data
$goToStep2 = filter_input(INPUT_POST, GO_TO_STEP_2, FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => '/^(date|classic)$/']]);
56
57
if ($goToStep2) {
    $title = $inputService->filterTitle($_POST['title']);
58
59

    $use_ValueMax = isset($_POST['use_ValueMax']) ? $inputService->filterBoolean($_POST['use_ValueMax']) : false;
60
    $ValueMax = $use_ValueMax === true ? $inputService->filterValueMax($_POST['ValueMax']) : null;
61

Olivier Perez's avatar
Olivier Perez committed
62
    $use_customized_url = isset($_POST['use_customized_url']) ? $inputService->filterBoolean($_POST['use_customized_url']) : false;
63
    $customized_url = $use_customized_url === true ? $inputService->filterId($_POST['customized_url']) : null;
64
    $name = $inputService->filterName($_POST['name']);
65
    $mail = $config['use_smtp'] === true ? $inputService->filterMail($_POST['mail']) : null;
66
67
68
69
70
    $description = $inputService->filterDescription($_POST['description']);
    $editable = $inputService->filterEditable($_POST['editable']);
    $receiveNewVotes = isset($_POST['receiveNewVotes']) ? $inputService->filterBoolean($_POST['receiveNewVotes']) : false;
    $receiveNewComments = isset($_POST['receiveNewComments']) ? $inputService->filterBoolean($_POST['receiveNewComments']) : false;
    $hidden = isset($_POST['hidden']) ? $inputService->filterBoolean($_POST['hidden']) : false;
71
    $use_password = filter_input(INPUT_POST, 'use_password', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => BOOLEAN_REGEX]]);
72
73
    $password = isset($_POST['password']) ? $_POST['password'] : null;
    $password_repeat = isset($_POST['password_repeat']) ? $_POST['password_repeat'] : null;
74
    $results_publicly_visible = filter_input(INPUT_POST, 'results_publicly_visible', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => BOOLEAN_REGEX]]);
75

76
77
78
79
80
    // On initialise également les autres variables
    $error_on_mail = false;
    $error_on_title = false;
    $error_on_name = false;
    $error_on_description = false;
81
82
    $error_on_password = false;
    $error_on_password_repeat = false;
Olivier Perez's avatar
Olivier Perez committed
83
    $error_on_customized_url = false;
84
85
    $error_on_ValueMax = false;

86
    $_SESSION['form']->title = $title;
Olivier Perez's avatar
Olivier Perez committed
87
88
    $_SESSION['form']->id = $customized_url;
    $_SESSION['form']->use_customized_url = $use_customized_url;
89
90
    $_SESSION['form']->use_ValueMax = $use_ValueMax;
    $_SESSION['form']->ValueMax = $ValueMax;
91
92
93
    $_SESSION['form']->admin_name = $name;
    $_SESSION['form']->admin_mail = $mail;
    $_SESSION['form']->description = $description;
94
    $_SESSION['form']->editable = $editable;
95
96
97
    $_SESSION['form']->receiveNewVotes = $receiveNewVotes;
    $_SESSION['form']->receiveNewComments = $receiveNewComments;
    $_SESSION['form']->hidden = $hidden;
98
99
100
    $_SESSION['form']->use_password = ($use_password !== null);
    $_SESSION['form']->results_publicly_visible = ($results_publicly_visible !== null);

101
102
    if ($config['use_smtp'] === true && empty($mail)) {
        $error_on_mail = true;
103
104
105
106
107
108
    }

    if ($title !== $_POST['title']) {
        $error_on_title = true;
    }

Olivier Perez's avatar
Olivier Perez committed
109
110
111
112
113
114
    if ($use_customized_url) {
        if ($customized_url === false) {
            $error_on_customized_url = true;
        } else if ($pollRepository->existsById($customized_url)) {
            $error_on_customized_url = true;
            $error_on_customized_url_msg = __('Error', 'Poll id already used');
115
        }
116
117
    }

118
119
	if ($use_ValueMax && $ValueMax === false) {
        $error_on_ValueMax = true;
120
121
	}

122
123
124
125
    if ($name !== $_POST['name']) {
        $error_on_name = true;
    }

126
    if ($description === false) {
127
128
129
130
        $error_on_description = true;
    }

    // Si pas d'erreur dans l'adresse alors on change de page vers date ou autre
131
    if ($config['use_smtp'] === true) {
132
133
134
135
136
        $email_OK = $mail && !$error_on_mail;
    } else {
        $email_OK = true;
    }

137
138
139
    if ($use_password) {
        if (empty($password)) {
            $error_on_password = true;
140
        } else if ($password !== $password_repeat) {
141
142
143
144
            $error_on_password_repeat = true;
        }
    }

Olivier Perez's avatar
Olivier Perez committed
145
    if ($title && $name && $email_OK && !$error_on_title && !$error_on_customized_url && !$error_on_description && !$error_on_name
146
        && !$error_on_password && !$error_on_password_repeat &&!$error_on_ValueMax
147
    ) {
Antonin's avatar
Antonin committed
148
149
150
151
152
153
154
155
        // If no errors, we hash the password if needed
        if ($_SESSION['form']->use_password) {
            $_SESSION['form']->password_hash = PasswordHasher::hash($password);
        } else {
            $_SESSION['form']->password_hash = null;
            $_SESSION['form']->results_publicly_visible = null;
        }

156
        if ($goToStep2 === 'date') {
157
158
159
160
            header('Location:create_date_poll.php');
            exit();
        }

161
        if ($goToStep2 === 'classic') {
162
163
164
165
166
            header('Location:create_classic_poll.php');
            exit();
        }
    } else {
        // Title Erreur !
Olivier PEREZ's avatar
Olivier PEREZ committed
167
        $title = __('Error', 'Error!') . ' - ' . __('Step 1', 'Poll creation (1 on 3)');
168
169
170
171
172
173
174
    }
} else {
    // Title OK (formulaire pas encore rempli)
    $title = __('Step 1', 'Poll creation (1 on 3)');
}

// Prepare error messages
175
176
$errors = [
    'title' => [
177
178
179
        'msg' => '',
        'aria' => '',
        'class' => ''
180
181
    ],
    'customized_url' => [
182
183
184
        'msg' => '',
        'aria' => '',
        'class' => ''
185
186
    ],
    'description' => [
187
188
189
        'msg' => '',
        'aria' => '',
        'class' => ''
190
191
    ],
    'name' => [
192
193
194
        'msg' => '',
        'aria' => '',
        'class' => ''
195
196
    ],
    'email' => [
197
198
199
        'msg' => '',
        'aria' => '',
        'class' => ''
200
201
    ],
    'password' => [
202
203
204
        'msg' => '',
        'aria' => '',
        'class' => ''
205
206
207
208
209
    ],
	'ValueMax' => [
        'msg' => '',
        'aria' => '',
        'class' => ''
210
211
    ],
    'password_repeat' => [
212
213
214
        'msg' => '',
        'aria' => '',
        'class' => ''
215
    ],
216
];
217
218
219
220
221
222
223
224
225
226
227
228

if (!empty($_POST[GO_TO_STEP_2])) {
    if (empty($_POST['title'])) {
        $errors['title']['aria'] = 'aria-describeby="poll_title_error" ';
        $errors['title']['class'] = ' has-error';
        $errors['title']['msg'] = __('Error', 'Enter a title');
    } elseif ($error_on_title) {
        $errors['title']['aria'] = 'aria-describeby="poll_title_error" ';
        $errors['title']['class'] = ' has-error';
        $errors['title']['msg'] = __('Error', 'Something is wrong with the format');
    }

Olivier Perez's avatar
Olivier Perez committed
229
230
231
    if ($error_on_customized_url) {
        $errors['customized_url']['aria'] = 'aria-describeby="customized_url" ';
        $errors['customized_url']['class'] = ' has-error';
232
        $errors['customized_url']['msg'] = isset($error_on_customized_url_msg) ? $error_on_customized_url_msg : __('Error', "Something is wrong with the format: customized urls should only consist of alphanumeric characters and hyphens.");
233
234
    }

235
236
237
238
239
240
241
242
243
244
245
246
247
    if ($error_on_description) {
        $errors['description']['aria'] = 'aria-describeby="poll_comment_error" ';
        $errors['description']['class'] = ' has-error';
        $errors['description']['msg'] = __('Error', 'Something is wrong with the format');
    }

    if (empty($_POST['name'])) {
        $errors['name']['aria'] = 'aria-describeby="poll_name_error" ';
        $errors['name']['class'] = ' has-error';
        $errors['name']['msg'] = __('Error', 'Enter a name');
    } elseif ($error_on_name) {
        $errors['name']['aria'] = 'aria-describeby="poll_name_error" ';
        $errors['name']['class'] = ' has-error';
248
        $errors['name']['msg'] = __('Error', "Something is wrong with the format: name shouldn't have any spaces before or after");
249
250
251
252
253
254
255
256
257
258
259
    }

    if (empty($_POST['mail'])) {
        $errors['email']['aria'] = 'aria-describeby="poll_name_error" ';
        $errors['email']['class'] = ' has-error';
        $errors['email']['msg'] = __('Error', 'Enter an email address');
    } elseif ($error_on_mail) {
        $errors['email']['aria'] = 'aria-describeby="poll_email_error" ';
        $errors['email']['class'] = ' has-error';
        $errors['email']['msg'] = __('Error', 'The address is not correct! You should enter a valid email address (like r.stallman@outlock.com) in order to receive the link to your poll.');
    }
260
261
262
263
264
265
266
267
268
269
270

    if ($error_on_password) {
        $errors['password']['aria'] = 'aria-describeby="poll_password_error" ';
        $errors['password']['class'] = ' has-error';
        $errors['password']['msg'] = __('Error', 'Password is empty');
    }
    if ($error_on_password_repeat) {
        $errors['password_repeat']['aria'] = 'aria-describeby="poll_password_repeat_error" ';
        $errors['password_repeat']['class'] = ' has-error';
        $errors['password_repeat']['msg'] = __('Error', 'Passwords do not match');
    }
271
272
273
	if ($error_on_ValueMax) {
        $errors['ValueMax']['aria'] = 'aria-describeby="poll_ValueMax" ';
        $errors['ValueMax']['class'] = ' has-error';
274
        $errors['ValueMax']['msg'] = __('Error', 'Error on amount of voters limitation : value must be an integer greater than 0');
275
    }
276
277
278
279
280
281
282
}

$useRemoteUser = USE_REMOTE_USER && isset($_SERVER['REMOTE_USER']);

$smarty->assign('title', $title);
$smarty->assign('useRemoteUser', $useRemoteUser);
$smarty->assign('errors', $errors);
283
$smarty->assign('advanced_errors', $goToStep2 && ($error_on_ValueMax || $error_on_customized_url || $error_on_password || $error_on_password_repeat));
284
$smarty->assign('use_smtp', $config['use_smtp']);
285
$smarty->assign('default_to_marldown_editor', $config['markdown_editor_by_default']);
286
287
288
$smarty->assign('goToStep2', GO_TO_STEP_2);

$smarty->assign('poll_type', $poll_type);
289
$smarty->assign('poll_title', Utils::fromPostOrDefault('title', $_SESSION['form']->title));
Olivier Perez's avatar
Olivier Perez committed
290
291
$smarty->assign('customized_url', Utils::fromPostOrDefault('customized_url', $_SESSION['form']->id));
$smarty->assign('use_customized_url', Utils::fromPostOrDefault('use_customized_url', $_SESSION['form']->use_customized_url));
292
293
$smarty->assign('ValueMax', Utils::fromPostOrDefault('ValueMax', $_SESSION['form']->ValueMax));
$smarty->assign('use_ValueMax', Utils::fromPostOrDefault('use_ValueMax', $_SESSION['form']->use_ValueMax));
Antonin's avatar
Antonin committed
294
$smarty->assign('poll_description', !empty($_POST['description']) ? $_POST['description'] :  $_SESSION['form']->description);
295
296
297
298
299
$smarty->assign('poll_name', Utils::fromPostOrDefault('name', $_SESSION['form']->admin_name));
$smarty->assign('poll_mail', Utils::fromPostOrDefault('mail', $_SESSION['form']->admin_mail));
$smarty->assign('poll_editable', Utils::fromPostOrDefault('editable', $_SESSION['form']->editable));
$smarty->assign('poll_receiveNewVotes', Utils::fromPostOrDefault('receiveNewVotes', $_SESSION['form']->receiveNewVotes));
$smarty->assign('poll_receiveNewComments', Utils::fromPostOrDefault('receiveNewComments', $_SESSION['form']->receiveNewComments));
300
$smarty->assign('poll_hidden', Utils::fromPostOrDefault('hidden', $_SESSION['form']->hidden));
301
302
$smarty->assign('poll_use_password', Utils::fromPostOrDefault('use_password', $_SESSION['form']->use_password));
$smarty->assign('poll_results_publicly_visible', Utils::fromPostOrDefault('results_publicly_visible', $_SESSION['form']->results_publicly_visible));
303
304
305
$smarty->assign('form', $_SESSION['form']);

$smarty->display('create_poll.tpl');