/application/controllers/AdminController.php
PHP | 473 lines | 308 code | 64 blank | 101 comment | 76 complexity | d545bc0cabd420a4548fb31a31ee6ab1 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1, BSD-3-Clause, GPL-3.0, LGPL-3.0
- <?php
- /*
- * LimeSurvey
- * Copyright (C) 2007-2011 The LimeSurvey Project Team / Carsten Schmitz
- * All rights reserved.
- * License: GNU/GPL License v2 or later, see LICENSE.php
- * LimeSurvey is free software. This version may have been modified pursuant
- * to the GNU General Public License, and as distributed it includes or
- * is derivative of works licensed under the GNU General Public License or
- * other free or open source software licenses.
- * See COPYRIGHT.php for copyright notices and details.
- *
- * $Id$
- */
- class AdminController extends LSYii_Controller
- {
- public $lang = null;
- protected $user_id = 0;
- /**
- * Initialises this controller, does some basic checks and setups
- *
- * @access protected
- * @return void
- */
- protected function _init()
- {
- parent::_init();
- $updatelastcheck = getGlobalSetting('updatelastcheck');
- $this->_sessioncontrol();
- if (Yii::app()->getConfig('buildnumber') != "" && Yii::app()->getConfig('updatecheckperiod') > 0 && $updatelastcheck < dateShift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", "-". Yii::app()->getConfig('updatecheckperiod')." days"))
- updateCheck();
- //unset(Yii::app()->session['FileManagerContext']);
- $this->user_id = Yii::app()->user->getId();
- Yii::app()->setConfig('adminimageurl', Yii::app()->getConfig('styleurl').Yii::app()->getConfig('admintheme').'/images/');
- Yii::app()->setConfig('adminstyleurl', Yii::app()->getConfig('styleurl').Yii::app()->getConfig('admintheme').'/');
- if (!Yii::app()->getConfig("surveyid")) {Yii::app()->setConfig("surveyid", returnGlobal('sid'));} //SurveyID
- if (!Yii::app()->getConfig("ugid")) {Yii::app()->setConfig("ugid", returnGlobal('ugid'));} //Usergroup-ID
- if (!Yii::app()->getConfig("gid")) {Yii::app()->setConfig("gid", returnGlobal('gid'));} //GroupID
- if (!Yii::app()->getConfig("qid")) {Yii::app()->setConfig("qid", returnGlobal('qid'));} //QuestionID
- if (!Yii::app()->getConfig("lid")) {Yii::app()->setConfig("lid", returnGlobal('lid'));} //LabelID
- if (!Yii::app()->getConfig("code")) {Yii::app()->setConfig("code", returnGlobal('code'));} // ??
- if (!Yii::app()->getConfig("action")) {Yii::app()->setConfig("action", returnGlobal('action'));} //Desired action
- if (!Yii::app()->getConfig("subaction")) {Yii::app()->setConfig("subaction", returnGlobal('subaction'));} //Desired subaction
- if (!Yii::app()->getConfig("editedaction")) {Yii::app()->setConfig("editedaction", returnGlobal('editedaction'));} // for html editor integration
- }
- /**
- * Shows a nice error message to the world
- *
- * @access public
- * @param string $message The error message
- * @param string|array $url URL. Either a string. Or array with keys url and title
- * @return void
- */
- public function error($message, $url = array())
- {
- $clang = $this->lang;
- $this->_getAdminHeader();
- $output = "<div class='messagebox ui-corner-all'>\n";
- $output .= '<div class="warningheader">'.$clang->gT('Error').'</div><br />'."\n";
- $output .= $message . '<br /><br />'."\n";
- if (!empty($url) && !is_array($url))
- {
- $title = $clang->gT('Back');
- }
- elseif (!empty($url['url']))
- {
- if (!empty($url['title']))
- {
- $title = $url['title'];
- }
- else
- {
- $title = $clang->gT('Back');
- }
- $url = $url['url'];
- }
- else
- {
- $title = $clang->gT('Main Admin Screen');
- $url = $this->createUrl('/admin');
- }
- $output .= '<input type="submit" value="'.$title.'" onclick=\'window.open("'.$url.'", "_top")\' /><br /><br />'."\n";
- $output .= '</div>'."\n";
- $output .= '</div>'."\n";
- echo $output;
- $this->_getAdminFooter('http://docs.limesurvey.org', $clang->gT('LimeSurvey online manual'));
- die;
- }
- /**
- * Load and set session vars
- *
- * @access protected
- * @return void
- */
- protected function _sessioncontrol()
- {
- Yii::import('application.libraries.Limesurvey_lang');
- // From personal settings
- if (Yii::app()->request->getPost('action') == 'savepersonalsettings') {
- if (Yii::app()->request->getPost('lang')=='auto')
- {
- $sLanguage= getBrowserLanguage();
- }
- else
- {
- $sLanguage=Yii::app()->request->getPost('lang');
- }
- Yii::app()->session['adminlang'] = $sLanguage;
- }
- if (empty(Yii::app()->session['adminlang']))
- Yii::app()->session["adminlang"] = Yii::app()->getConfig("defaultlang");
- $this->lang = new Limesurvey_lang(Yii::app()->session['adminlang']);
- Yii::app()->setLang($this->lang);
- if (!empty($this->user_id))
- $this->_GetSessionUserRights($this->user_id);
- }
- /**
- * Checks for action specific authorization and then executes an action
- *
- * @access public
- * @param string $action
- * @return bool
- */
- public function run($action)
- {
- // Check if the DB is up to date
- if (Yii::app()->db->schema->getTable('{{surveys}}'))
- {
- $usrow = getGlobalSetting('DBVersion');
- if ((int) $usrow < Yii::app()->getConfig('dbversionnumber') && $action != 'update' && $action != 'authentication')
- $this->redirect($this->createUrl('/admin/update/sa/db'));
- }
- if ($action != "update" && $action != "db")
- if (empty($this->user_id) && $action != "authentication" && $action != "remotecontrol")
- {
- if (!empty($action) && $action != 'index')
- Yii::app()->session['redirect_after_login'] = $this->createUrl('/');
- Yii::app()->session['redirectopage'] = Yii::app()->request->requestUri;
- $this->redirect($this->createUrl('/admin/authentication/sa/login'));
- }
- elseif (!empty($this->user_id) && $action != "remotecontrol")
- {
- if (Yii::app()->session['session_hash'] != hash('sha256',getGlobalSetting('SessionName').Yii::app()->user->getName().Yii::app()->user->getId()))
- {
- Yii::app()->session->clear();
- Yii::app()->session->close();
- $this->redirect($this->createUrl('/admin/authentication/sa/login'));
- }
-
- }
- return parent::run($action);
- }
- /**
- * Routes all the actions to their respective places
- *
- * @access public
- * @return array
- */
- public function actions()
- {
- $actions = $this->getActionClasses();
- foreach ($actions as $action => $class)
- {
- $actions[$action] = "application.controllers.admin.{$class}";
- }
- return $actions;
- }
- public function getActionClasses()
- {
- return array(
- 'assessments' => 'assessments',
- 'authentication' => 'authentication',
- 'checkintegrity' => 'checkintegrity',
- 'conditions' => 'conditionsaction',
- 'database' => 'database',
- 'dataentry' => 'dataentry',
- 'dumpdb' => 'dumpdb',
- 'emailtemplates' => 'emailtemplates',
- 'export' => 'export',
- 'expressions' => 'expressions',
- 'globalsettings' => 'globalsettings',
- 'htmleditor_pop' => 'htmleditor_pop',
- 'limereplacementfields' => 'limereplacementfields',
- 'index' => 'index',
- 'labels' => 'labels',
- 'participants' => 'participantsaction',
- 'printablesurvey' => 'printablesurvey',
- 'question' => 'question',
- 'questiongroup' => 'questiongroup',
- 'quotas' => 'quotas',
- 'remotecontrol' => 'remotecontrol',
- 'responses' => 'responses',
- 'saved' => 'saved',
- 'statistics' => 'statistics',
- 'survey' => 'surveyadmin',
- 'surveypermission' => 'surveypermission',
- 'user' => 'useraction',
- 'usergroups' => 'usergroups',
- 'templates' => 'templates',
- 'tokens' => 'tokens',
- 'translate' => 'translate',
- 'update' => 'update',
- );
- }
- /**
- * Set Session User Rights
- *
- * @access public
- * @return void
- */
- public function _GetSessionUserRights($loginID)
- {
- $user = User::model()->findByPk($loginID);
- if (!empty($user))
- {
- Yii::app()->session['USER_RIGHT_SUPERADMIN'] = $user->superadmin;
- Yii::app()->session['USER_RIGHT_CREATE_SURVEY'] = ($user->create_survey || $user->superadmin);
- Yii::app()->session['USER_RIGHT_PARTICIPANT_PANEL'] = ($user->participant_panel || $user->superadmin);
- Yii::app()->session['USER_RIGHT_CONFIGURATOR'] = ($user->configurator || $user->superadmin);
- Yii::app()->session['USER_RIGHT_CREATE_USER'] = ($user->create_user || $user->superadmin);
- Yii::app()->session['USER_RIGHT_DELETE_USER'] = ($user->delete_user || $user->superadmin);
- Yii::app()->session['USER_RIGHT_MANAGE_TEMPLATE'] = ($user->manage_template || $user->superadmin);
- Yii::app()->session['USER_RIGHT_MANAGE_LABEL'] = ($user->manage_label || $user->superadmin);
- }
- // SuperAdmins
- // * original superadmin with uid=1 unless manually changed and defined
- // in config-defaults.php
- // * or any user having USER_RIGHT_SUPERADMIN right
- // Let's check if I am the Initial SuperAdmin
- $user = User::model()->findByAttributes(array('parent_id' => 0));
- if (!is_null($user) && $user->uid == $loginID)
- $initialSuperadmin=true;
- else
- $initialSuperadmin=false;
- if ($initialSuperadmin === true)
- {
- Yii::app()->session['USER_RIGHT_SUPERADMIN'] = 1;
- Yii::app()->session['USER_RIGHT_INITIALSUPERADMIN'] = 1;
- }
- else
- Yii::app()->session['USER_RIGHT_INITIALSUPERADMIN'] = 0;
- }
- /**
- * Prints Admin Header
- *
- * @access protected
- * @param bool $meta
- * @param bool $return
- * @return mixed
- */
- public function _getAdminHeader($meta = false, $return = false)
- {
- if (empty(Yii::app()->session['adminlang']))
- Yii::app()->session["adminlang"] = Yii::app()->getConfig("defaultlang");
- $data = array();
- $data['adminlang'] = Yii::app()->session['adminlang'];
- //$data['admin'] = getLanguageRTL;
- $data['test'] = "t";
- $data['languageRTL']="";
- $data['styleRTL']="";
- Yii::app()->loadHelper("surveytranslator");
- if (getLanguageRTL(Yii::app()->session["adminlang"]))
- {
- $data['languageRTL'] = " dir=\"rtl\" ";
- $data['bIsRTL']=true;
- }
- else
- {
- $data['bIsRTL']=false;
- }
- $data['meta']="";
- if ($meta)
- {
- $data['meta']=$meta;
- }
- $data['baseurl'] = Yii::app()->baseUrl . '/';
- $data['datepickerlang']="";
- if (Yii::app()->session["adminlang"] != 'en')
- $data['datepickerlang'] = "<script type=\"text/javascript\" src=\"".Yii::app()->getConfig('generalscripts')."jquery/locale/jquery.ui.datepicker-".Yii::app()->session["adminlang"].".js\"></script>\n";
- $data['sitename'] = Yii::app()->getConfig("sitename");
- $data['admintheme'] = Yii::app()->getConfig("admintheme");
- $data['firebug'] = useFirebug();
- if (!empty(Yii::app()->session['dateformat']))
- $data['formatdata'] = getDateFormatData(Yii::app()->session['dateformat']);
- // Prepare flashmessage
- if (!empty(Yii::app()->session['flashmessage']) && Yii::app()->session['flashmessage'] != '')
- {
- $data['flashmessage'] = Yii::app()->session['flashmessage'];
- unset(Yii::app()->session['flashmessage']);
- }
- $data['css_admin_includes'] = $this->_css_admin_includes(array(), true);
- return $this->renderPartial("/admin/super/header", $data, $return);
- }
- /**
- * Prints Admin Footer
- *
- * @access protected
- * @param string $url
- * @param string $explanation
- * @param bool $return
- * @return mixed
- */
- public function _getAdminFooter($url, $explanation, $return = false)
- {
- $clang = $this->lang;
- $data['clang'] = $clang;
- $data['versionnumber'] = Yii::app()->getConfig("versionnumber");
- $data['buildtext'] = "";
- if(Yii::app()->getConfig("buildnumber")!="") {
- $data['buildtext']= "Build ".Yii::app()->getConfig("buildnumber");
- }
- //If user is not logged in, don't print the version number information in the footer.
- if (empty(Yii::app()->session['loginID']))
- {
- $data['versionnumber']="";
- $data['versiontitle']="";
- $data['buildtext']="";
- }
- else
- {
- $data['versiontitle'] = $clang->gT('Version');
- }
- $data['imageurl'] = Yii::app()->getConfig("imageurl");
- $data['url'] = $url;
- $data['js_admin_includes'] = $this->_js_admin_includes(array(), true);
- $data['css_admin_includes'] = $this->_css_admin_includes(array(), true);
- return $this->render("/admin/super/footer", $data, $return);
- }
- /**
- * Shows a message box
- *
- * @access public
- * @param string $title
- * @param string $message
- * @param string $class
- * @return void
- */
- public function _showMessageBox($title,$message,$class="header ui-widget-header")
- {
- $data['title'] = $title;
- $data['message'] = $message;
- $data['class'] = $class;
- $data['clang'] = $this->lang;
- $this->render('/admin/super/messagebox', $data);
- }
- /**
- * _showadminmenu() function returns html text for the administration button bar
- *
- * @access public
- * @global string $homedir
- * @global string $scriptname
- * @global string $surveyid
- * @global string $setfont
- * @global string $imageurl
- * @param int $surveyid
- * @return string $adminmenu
- */
- public function _showadminmenu($surveyid = false)
- {
- $clang = $this->lang;
- $data['clang']= $clang;
- if (Yii::app()->session['pw_notify'] && Yii::app()->getConfig("debug")<2) {
- Yii::app()->session['flashmessage'] = $clang->gT("Warning: You are still using the default password ('password'). Please change your password and re-login again.");
- }
- $data['showupdate'] = (Yii::app()->session['USER_RIGHT_SUPERADMIN'] == 1 && getGlobalSetting("updatelastcheck")>0 && getGlobalSetting("updateavailable")==1 && Yii::app()->getConfig("updatable") );
- $data['updateversion'] = getGlobalSetting("updateversion");
- $data['updatebuild'] = getGlobalSetting("updatebuild");
- $data['surveyid'] = $surveyid;
- $data['iconsize'] = Yii::app()->getConfig('adminthemeiconsize');
- $data['sImageURL'] = Yii::app()->getConfig('adminimageurl');
- $this->render("/admin/super/adminmenu", $data);
- }
- public function _loadEndScripts()
- {
- static $out = false;
- if ($out)
- return true;
- $out = true;
- if (empty(Yii::app()->session['metaHeader']))
- Yii::app()->session['metaHeader'] = '';
- unset(Yii::app()->session['metaHeader']);
- return $this->render('/admin/endScripts_view', array());
- }
- public function _css_admin_includes($includes = array(), $reset = false)
- {
- return $this->_admin_includes('css', $includes, $reset);
- }
- public function _js_admin_includes($includes = array(), $reset = false)
- {
- return $this->_admin_includes('js', $includes, $reset);
- }
- private function _admin_includes($method, $includes = array(), $reset = false)
- {
- $method = in_array($method, array('js', 'css')) ? $method : 'js';
- $includes = (array) $includes;
- $admin_includes = (array) Yii::app()->getConfig("{$method}_admin_includes");
- $admin_includes = array_merge($admin_includes, $includes);
- $admin_includes = array_filter($admin_includes);
- $admin_includes = array_unique($admin_includes);
- if ($reset == true)
- {
- Yii::app()->setConfig("{$method}_admin_includes", array());
- }
- else
- {
- Yii::app()->setConfig("{$method}_admin_includes", $admin_includes);
- }
- return $admin_includes;
- }
- }