LimeSurvey issue tracker
Registration

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
02982User patchesTokenspublic2009-03-20 14:592013-02-04 18:33
Reporterjanokary 
Assigned To 
PrioritynormalSeveritytrivial 
StatusconfirmedResolutionopen 
Product Version1.85 
Target VersionFixed in Version 
Summary02982: Create token on the fly and Edit completed survey
DescriptionWhen having a close token survey
you can create a token on the fly by giving as parameters sid and token
In addition if someone has already complete a survey he can review his answers and correct them

Just put this script in limesurveys root directory


Prerequisites:
1. Anonymous answers? No (This survey is NOT anonymous.)
2. Enable Token-based answers persistence? Yes
3. Switch to closed-acces mode
Additional Informationexample:
http://www.youurl.com/limesurvey180/newtoken.php?sid=98761&token=12345 [^]

where
Survey id = 98761 your survey's id
token=12345 a token (any token actually)

1. the first time the token will be created and you you will redirect to anwser the surrvey
2. If you wont complete the survey and call the script with the same parameters you will be redirect to the same case in order to finish the survey
3. If you finish the survey and call the script with the same parameters you will see restart the survey with your previews answers prefiled so you can change them
3. Back to 3

this is valid for all survey in the installation but you can make a filter so it wont be valid for every survey.
TagsNo tags attached.
LimeSurvey build number OR git commit ID
Attached Files7z file icon newtoken.php.7z [^] (1,891 bytes) 2011-12-19 11:11

- Relationships

-  Notes
(08816)
user4164
2009-07-10 10:32

If a token has a hyphen (-) in it, the token is created fine but the survey reports that the token is invalid or has already been used.
User avatar (09000)
janokary (reporter)
2009-07-31 15:09
edited on: 2010-03-13 16:22

@comclusive I will look into your issue.
Meanwhile use only latin characters

User avatar (10090)
kmm2908 (reporter)
2009-11-14 05:36

he following edit to newtoken.php re-enables the ability to prepopulate answers from the url:

Code:
 
// get variables from address bar
if (isset($_GET['sid'])) { $sid = $_GET['sid']; }
if (isset($_GET['token'])) { $token = $_GET['token']; }
if (isset($_GET['n1'])) { $n1 = urldecode($_GET['n1']); }
if (isset($_GET['n2'])) { $n2 = urldecode($_GET['n2']); }
 
 
// short things are better
$tokentable = $dbprefix."tokens_".$sid;
$location = $rooturl.'?sid='.$sid.'?=gr&newtest=Y&token='.$token.'&66666X31X97='.$n1.'&66666X31X98='.$n2.'&66666X31X99='.$token;

url e.g.: newtoken.php?sid=66666&token=$invoiceid&n1=$n1&n2=$n2;

Obviously edit to match your SGQA identifiers

Hope this helps!
User avatar (11164)
ResearchOnBlogs (developer)
2010-02-24 12:51

I have an issue, first everythings works fine.. Only one thing, if you have a tokenbased survey with different groups (display: group by group) and you stop complete the survey in one group (after pressed next) (Pos. Group2).
In this case, if you log in again to complete, you will throw to the previous group -> Group1 . No big think but maybe it could solved.
My survey is looking simplfied like that:
Group1
-Q1 Singlechoice
Group2
-Q2 Boilerplate/Information
Group3
-Q3 Singlechoice
User avatar (11324)
c_schmitz (administrator)
2010-03-13 16:24

This patch won't be incorporated to core because of security implications.
Keeping it as a workaround though.
User avatar (11878)
Spydre13 (reporter)
2010-05-19 21:21

This is going to help us out a lot, thanks!

I haven't looked into the limesurvey code yet, but I'm curious what the ?=gr is for on the url it's passing?

Also, we need to prepopulate answers, so kmm2908's code will help. But if you have several different surveys, you would need a different newtoken.php for each survey since the questions are hardcoded. I modified it using this code to work for multiple surveys:

// get variables from address bar
if (isset($_GET['sid'])) { $sid = $_GET['sid']; }
if (isset($_GET['myname'])) { $myname=urldecode($_GET['myname']); }
if (isset($_GET['token'])) { $token = $_GET['token']; }

// get answers passed through
if (isset($_GET['params'])) {
    $parmlist = explode("&params", $_SERVER["QUERY_STRING"]);
    $prefill = $parmlist[1];
    }

// short things are better
$tokentable = $dbprefix."tokens_".$sid;

$location = $rooturl.'?sid='.$sid.'&newtest=Y&token='.$token.$prefill;

In this case you would just pass "&params" on the URL before passing the answers, since that is used to separate the query string and get the answers. Might not be the cleanest solution, but I thought it might help someone else.
(13833)
user11332
2010-12-29 09:47
edited on: 2010-12-29 09:47

It workes only with mysql database

can you make it more generic ,

User avatar (14393)
bolero (reporter)
2011-03-10 19:55

Thanks so much for the script!
There is a small bug in the location construction. $rooturl has no trailing slash. Thus you have to use:
$location = $rooturl.'/?sid='.$sid.'&newtest=Y&token='.$token;
and not
$location = $rooturl.'?sid='.$sid.'&newtest=Y&token='.$token;

And, I think one doesn't need the "?=gr" in location at all, it looks like an editing typo. I removed it and haben't seen an ill effect.
User avatar (14394)
bolero (reporter)
2011-03-10 21:09

code for passing passthru variable:

if (isset($_GET['passthru'])) { $passthru = "&passthru=$_GET[passthru]&$_GET[passthru]=".$_GET[$_GET[passthru]]; }

$location = $rooturl.'/?sid='.$sid.'&newtest=Y&token='."$token$passthru";
User avatar (14395)
janokary (reporter)
2011-03-10 21:10

nice thanks
(14736)
user6308
2011-04-08 11:58

Thanks for this patch,
I have a few questions, please apologies if they seem dummy:
- Is the file newtoken.7z [^] (1,503 bytes) 2009-07-31 15:07 the last available version?
- Why are we retrieving these variables: $loadname, $loadpass, $scid, $move, $clienttoken ? Are they needed?
Why are we not sanitizing the variables $sid and $token before sending them in an SQL statement (protection against SQL injections)?
 
Thanks again for this code and for any answer that might help me
User avatar (16753)
janokary (reporter)
2011-12-19 11:17

Hi all.
I did some modifications for security reasons seens I want to use this for internet and not intranet like I did before.
So, what I do is that I now check that the token that will be created is a "valid one", be doing some passwords checks.
Please check it out and tell me your opinion.
http://bugs.limesurvey.org/file_download.php?file_id=4260&type=bug [^]
User avatar (17679)
JHN (reporter)
2012-02-28 16:56

I'm currently running 1.91 (Build 12416) and want to download this patch, but it doesn't seem to be working for us. I'm sure it's user error, but I'm trying to pinpoint exactly where the error is! We've saved the newest version of newtoken.php file in the root directory and modified the 'dirname(__FILE__)' in newtoken.php to point to the root directory. Is that the only change needed in this file? Is modification to any other files necessary? I've already followed all the survey pre-requisites of not having anonymous answers, enabling token-based answers persistence, and switching to closed-access mode.
 
Also, I assume that we are able to use the original url that contains ‘index.php’ and not a url that contains ‘newtoken.php’, is that correct? I see comments about a url with ‘newtoken.php’, but I think that this is what the patch will create and direct participants to after they click on the original url?

- Issue History
Date Modified Username Field Change
2009-03-20 14:59 janokary New Issue
2009-03-20 14:59 janokary File Added: newtoken.zip
2009-03-20 15:25 user372 Status new => acknowledged
2009-07-10 10:32 user4164 Note Added: 08816
2009-07-31 15:07 janokary File Added: newtoken.7z
2009-07-31 15:09 janokary Note Added: 09000
2009-08-13 16:15 wakaan Note Added: 09127
2009-08-13 16:30 wakaan Note Edited: 09127
2009-08-17 14:22 Mazi Note Added: 09150
2009-08-17 14:55 janokary Note Added: 09152
2009-11-14 05:36 kmm2908 Note Added: 10090
2010-01-12 21:47 marie@dk Note Added: 10756
2010-02-24 12:51 ResearchOnBlogs Note Added: 11164
2010-03-13 16:19 c_schmitz File Deleted: newtoken.zip
2010-03-13 16:20 c_schmitz Note Deleted: 10756
2010-03-13 16:21 c_schmitz Note Deleted: 09150
2010-03-13 16:21 c_schmitz Note Deleted: 09127
2010-03-13 16:21 c_schmitz Severity feature => trivial
2010-03-13 16:21 c_schmitz Product Version 1.80 => 1.85
2010-03-13 16:22 c_schmitz Note Edited: 09000 View Revisions
2010-03-13 16:22 c_schmitz Note Deleted: 09152
2010-03-13 16:24 c_schmitz Note Added: 11324
2010-03-13 16:24 c_schmitz Status acknowledged => confirmed
2010-05-19 21:21 Spydre13 Note Added: 11878
2010-12-29 09:47 user11332 Note Added: 13833
2010-12-29 09:47 user11332 Note Edited: 13833 View Revisions
2011-03-10 19:55 bolero Note Added: 14393
2011-03-10 21:09 bolero Note Added: 14394
2011-03-10 21:10 janokary Note Added: 14395
2011-04-08 11:58 user6308 Note Added: 14736
2011-12-19 11:11 janokary File Added: newtoken.php.7z
2011-12-19 11:17 janokary Note Added: 16753
2012-02-28 16:27 c_schmitz File Deleted: newtoken.7z
2012-02-28 16:56 JHN Note Added: 17679


Copyright © 2000 - 2014 MantisBT Team
Powered by Mantis Bugtracker