studs.php 10.3 KB
Newer Older
Simon Leblanc's avatar
Simon Leblanc committed
1
<?php
2
3
4
5
6
7
/**
 * This software is governed by the CeCILL-B license. If a copy of this license
 * is not distributed with this file, you can obtain one at
 * http://www.cecill.info/licences/Licence_CeCILL-B_V1-en.txt
 *
 * Authors of STUdS (initial project): Guilhem BORGHESI (borghesi@unistra.fr) and Raphaël DROZ
8
 * Authors of Framadate/OpenSondage: Framasoft (https://github.com/framasoft)
9
 *
10
 * =============================
11
12
13
14
15
 *
 * Ce logiciel est régi par la licence CeCILL-B. Si une copie de cette licence
 * ne se trouve pas avec ce fichier vous pouvez l'obtenir sur
 * http://www.cecill.info/licences/Licence_CeCILL-B_V1-fr.txt
 *
16
 * Auteurs de STUdS (projet initial) : Guilhem BORGHESI (borghesi@unistra.fr) et Raphaël DROZ
17
 * Auteurs de Framadate/OpenSondage : Framasoft (https://github.com/framasoft)
18
 */
19
use Framadate\Editable;
Olivier PEREZ's avatar
Olivier PEREZ committed
20
21
use Framadate\Exception\AlreadyExistsException;
use Framadate\Exception\ConcurrentEditionException;
22
use Framadate\Exception\ConcurrentVoteException;
23
24
use Framadate\Message;
use Framadate\Security\Token;
Olivier PEREZ's avatar
Olivier PEREZ committed
25
use Framadate\Services\InputService;
26
use Framadate\Services\LogService;
27
use Framadate\Services\MailService;
Antonin's avatar
Antonin committed
28
use Framadate\Services\NotificationService;
29
use Framadate\Services\PollService;
30
use Framadate\Services\SecurityService;
31
use Framadate\Services\SessionService;
32
use Framadate\Utils;
33
34
35

include_once __DIR__ . '/app/inc/init.php';

36
37
38
39
40
/* Constantes */
/* ---------- */

const USER_REMEMBER_VOTES_KEY = 'UserVotes';

Olivier PEREZ's avatar
Olivier PEREZ committed
41
/* Variables */
Olivier PEREZ's avatar
Olivier PEREZ committed
42
/* --------- */
43

44
$poll_id = null;
45
$poll = null;
Olivier PEREZ's avatar
Olivier PEREZ committed
46
$message = null;
47
$editingVoteId = 0;
48
49
$accessGranted = true;
$resultPubliclyVisible = true;
50
51
52
$slots = [];
$votes = [];
$comments = [];
53

54
55
/* Services */
/*----------*/
56

Olivier PEREZ's avatar
Olivier PEREZ committed
57
$logService = new LogService();
Olivier PEREZ's avatar
Olivier PEREZ committed
58
$pollService = new PollService($connect, $logService);
Olivier PEREZ's avatar
Olivier PEREZ committed
59
$inputService = new InputService();
Simon LEBLANC's avatar
Simon LEBLANC committed
60
$mailService = new MailService($config['use_smtp'], $config['smtp_options']);
Antonin's avatar
Antonin committed
61
$notificationService = new NotificationService($mailService);
62
$securityService = new SecurityService();
63
$sessionService = new SessionService();
64

Olivier PEREZ's avatar
Olivier PEREZ committed
65
66
/* PAGE */
/* ---- */
67

Antonin's avatar
Antonin committed
68
69
if (!empty($_GET['poll'])) {
    $poll_id = filter_input(INPUT_GET, 'poll', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
70
    $poll = $pollService->findById($poll_id);
71
72
}

Olivier PEREZ's avatar
Olivier PEREZ committed
73
if (!$poll) {
Olivier PEREZ's avatar
Olivier PEREZ committed
74
    $smarty->assign('error', __('Error', 'This poll doesn\'t exist !'));
Olivier PEREZ's avatar
Olivier PEREZ committed
75
76
    $smarty->display('error.tpl');
    exit;
77
78
}

79
80
$editedVoteUniqueId = $sessionService->get(USER_REMEMBER_VOTES_KEY, $poll_id, '');

81
// -------------------------------
82
// Password verification
83
84
// -------------------------------

85
86
87
88
89
90
if (!is_null($poll->password_hash)) {
    // If we came from password submission
    $password = isset($_POST['password']) ? $_POST['password'] : null;
    if (!empty($password)) {
        $securityService->submitPollAccess($poll, $password);
    }
Olivier PEREZ's avatar
Olivier PEREZ committed
91

92
93
    if (!$securityService->canAccessPoll($poll)) {
        $accessGranted = false;
Olivier PEREZ's avatar
Olivier PEREZ committed
94
    }
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
    $resultPubliclyVisible = $poll->results_publicly_visible;

    if (!$accessGranted && !empty($password)) {
        $message = new Message('danger', __('Password', 'Wrong password'));
    } else if (!$accessGranted && !$resultPubliclyVisible) {
        $message = new Message('danger', __('Password', 'You have to provide a password to access the poll.'));
    } else if (!$accessGranted && $resultPubliclyVisible) {
        $message = new Message('danger', __('Password', 'You have to provide a password so you can participate to the poll.'));
    }
}

// We allow actions only if access is granted
if ($accessGranted) {
    // -------------------------------
    // A vote is going to be edited
    // -------------------------------

    if (!empty($_GET['vote'])) {
        $editingVoteId = filter_input(INPUT_GET, 'vote', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
Olivier PEREZ's avatar
Olivier PEREZ committed
114
    }
115

116
117
118
119
120
121
122
123
    // -------------------------------
    // Something to save (edit or add)
    // -------------------------------

    if (!empty($_POST['save'])) { // Save edition of an old vote
        $name = $inputService->filterName($_POST['name']);
        $editedVote = filter_input(INPUT_POST, 'save', FILTER_VALIDATE_INT);
        $choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => CHOICE_REGEX]]);
Olivier PEREZ's avatar
Olivier PEREZ committed
124
        $slots_hash = $inputService->filterMD5($_POST['control']);
125
126
127
128

        if (empty($editedVote)) {
            $message = new Message('danger', __('Error', 'Something is going wrong...'));
        }
129
        if (count($choices) !== count($_POST['choices'])) {
130
131
132
            $message = new Message('danger', __('Error', 'There is a problem with your choices'));
        }

133
        if ($message === null) {
134
            // Update vote
Olivier PEREZ's avatar
Olivier PEREZ committed
135
136
137
            try {
                $result = $pollService->updateVote($poll_id, $editedVote, $name, $choices, $slots_hash);
                if ($result) {
138
                    if ($poll->editable === Editable::EDITABLE_BY_OWN) {
Olivier PEREZ's avatar
Olivier PEREZ committed
139
                        $editedVoteUniqueId = filter_input(INPUT_POST, 'edited_vote', FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => POLL_REGEX]]);
Antonin's avatar
Antonin committed
140
                        $message = getMessageForOwnVoteEditableVote($sessionService, $smarty, $editedVoteUniqueId, $config['use_smtp'], $poll_id, $name);
Olivier PEREZ's avatar
Olivier PEREZ committed
141
142
143
144
                    } else {
                        $message = new Message('success', __('studs', 'Update vote succeeded'));
                    }
                    $notificationService->sendUpdateNotification($poll, NotificationService::UPDATE_VOTE, $name);
145
                } else {
Olivier PEREZ's avatar
Olivier PEREZ committed
146
                    $message = new Message('danger', __('Error', 'Update vote failed'));
147
                }
Olivier PEREZ's avatar
Olivier PEREZ committed
148
149
            } catch (ConcurrentEditionException $cee) {
                $message = new Message('danger', __('Error', 'Poll has been updated before you vote'));
150
151
            } catch (ConcurrentVoteException $cve) {
                $message = new Message('danger', __('Error', "Your vote wasn't counted, because someone voted in the meantime and it conflicted with your choices and the poll conditions. Please retry."));
Antonin's avatar
Antonin committed
152
            }
153
        }
154
155
156
    } elseif (isset($_POST['save'])) { // Add a new vote
        $name = $inputService->filterName($_POST['name']);
        $choices = $inputService->filterArray($_POST['choices'], FILTER_VALIDATE_REGEXP, ['options' => ['regexp' => CHOICE_REGEX]]);
Olivier PEREZ's avatar
Olivier PEREZ committed
157
        $slots_hash = $inputService->filterMD5($_POST['control']);
Olivier PEREZ's avatar
Olivier PEREZ committed
158

159
        if ($name === null) {
160
161
            $message = new Message('danger', __('Error', 'The name is invalid.'));
        }
162
        if (count($choices) !== count($_POST['choices'])) {
163
164
            $message = new Message('danger', __('Error', 'There is a problem with your choices'));
        }
165

166
        if ($message === null) {
167
            // Add vote
Olivier PEREZ's avatar
Olivier PEREZ committed
168
169
170
            try {
                $result = $pollService->addVote($poll_id, $name, $choices, $slots_hash);
                if ($result) {
Thomas Citharel's avatar
Thomas Citharel committed
171
                    if (intval($poll->editable) === Editable::EDITABLE_BY_OWN) {
Olivier PEREZ's avatar
Olivier PEREZ committed
172
                        $editedVoteUniqueId = $result->uniqId;
Antonin's avatar
Antonin committed
173
                        $message = getMessageForOwnVoteEditableVote($sessionService, $smarty, $editedVoteUniqueId, $config['use_smtp'], $poll_id, $name);
Olivier PEREZ's avatar
Olivier PEREZ committed
174
175
176
177
                    } else {
                        $message = new Message('success', __('studs', 'Adding the vote succeeded'));
                    }
                    $notificationService->sendUpdateNotification($poll, NotificationService::ADD_VOTE, $name);
178
                } else {
Olivier PEREZ's avatar
Olivier PEREZ committed
179
                    $message = new Message('danger', __('Error', 'Adding vote failed'));
180
                }
Olivier PEREZ's avatar
Olivier PEREZ committed
181
182
183
184
            } catch (AlreadyExistsException $aee) {
                $message = new Message('danger', __('Error', 'You already voted'));
            } catch (ConcurrentEditionException $cee) {
                $message = new Message('danger', __('Error', 'Poll has been updated before you vote'));
185
186
            } catch (ConcurrentVoteException $cve) {
                $message = new Message('danger', __('Error', "Your vote wasn't counted, because someone voted in the meantime and it conflicted with your choices and the poll conditions. Please retry."));
187
            }
188
189
190
        }
    }
}
191

Antonin's avatar
Antonin committed
192
193
194
195
196
197
198
199
// Functions
function getMessageForOwnVoteEditableVote(SessionService &$sessionService, Smarty &$smarty, $editedVoteUniqueId, $canUseSMTP, $poll_id, $name) {
    $sessionService->set(USER_REMEMBER_VOTES_KEY, $poll_id, $editedVoteUniqueId);
    $urlEditVote = Utils::getUrlSondage($poll_id, false, $editedVoteUniqueId);
    $message = new Message(
        'success',
        __('studs', 'Your vote has been registered successfully, but be careful: regarding this poll options, you need to keep this personal link to edit your own vote:'),
        $urlEditVote,
Antonin's avatar
Antonin committed
200
        __f('Poll results', 'Edit the line: %s', $name),
Antonin's avatar
Antonin committed
201
202
203
204
205
206
207
208
209
210
211
212
213
        'glyphicon-pencil');
    if ($canUseSMTP) {
        $token = new Token();
        $sessionService->set("Common", SESSION_EDIT_LINK_TOKEN, $token);
        $smarty->assign('editedVoteUniqueId', $editedVoteUniqueId);
        $smarty->assign('token', $token->getValue());
        $smarty->assign('poll_id', $poll_id);
        $message->includeTemplate = $smarty->fetch('part/form_remember_edit_link.tpl');
        $smarty->clearAssign('token');
    }
    return $message;
}

Olivier PEREZ's avatar
Olivier PEREZ committed
214
// Retrieve data
215
if ($resultPubliclyVisible || $accessGranted) {
216
217
218
219
    $slots = $pollService->allSlotsByPoll($poll);
    $votes = $pollService->allVotesByPollId($poll_id);
    $comments = $pollService->allCommentsByPollId($poll_id);
}
FramaJosephK's avatar
FramaJosephK committed
220

Olivier PEREZ's avatar
Olivier PEREZ committed
221
222
223
// Assign data to template
$smarty->assign('poll_id', $poll_id);
$smarty->assign('poll', $poll);
Olivier PEREZ's avatar
Olivier PEREZ committed
224
$smarty->assign('title', __('Generic', 'Poll') . ' - ' . $poll->title);
225
$smarty->assign('expired', strtotime($poll->end_date) < time());
Antonin's avatar
Antonin committed
226
$smarty->assign('deletion_date', strtotime($poll->end_date) + PURGE_DELAY * 86400);
227
$smarty->assign('slots', $poll->format === 'D' ? $pollService->splitSlots($slots) : $slots);
Olivier PEREZ's avatar
Olivier PEREZ committed
228
$smarty->assign('slots_hash',  $pollService->hashSlots($slots));
Olivier PEREZ's avatar
Olivier PEREZ committed
229
$smarty->assign('votes', $pollService->splitVotes($votes));
230
$smarty->assign('best_choices', $pollService->computeBestChoices($votes));
231
$smarty->assign('comments', $comments);
232
$smarty->assign('editingVoteId', $editingVoteId);
Olivier PEREZ's avatar
Olivier PEREZ committed
233
$smarty->assign('message', $message);
234
$smarty->assign('admin', false);
235
$smarty->assign('hidden', $poll->hidden);
236
237
$smarty->assign('accessGranted', $accessGranted);
$smarty->assign('resultPubliclyVisible', $resultPubliclyVisible);
238
$smarty->assign('editedVoteUniqueId', $editedVoteUniqueId);
239
$smarty->assign('ValueMax', $poll->ValueMax);
240

Olivier PEREZ's avatar
Olivier PEREZ committed
241
$smarty->display('studs.tpl');