| Anonymous | Login | 2013-05-19 10:50 CEST | |
| Main | My View | View Issues | Change Log | Roadmap | Repositories |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||||
| 02982 | User patches | Tokens | public | 2009-03-20 14:59 | 2013-02-04 18:33 | ||||||||
| Reporter | janokary | ||||||||||||
| Assigned To | |||||||||||||
| Priority | normal | Severity | trivial | ||||||||||
| Status | confirmed | Resolution | open | ||||||||||
| Product Version | 1.85 | ||||||||||||
| Target Version | Fixed in Version | ||||||||||||
| Summary | 02982: Create token on the fly and Edit completed survey | ||||||||||||
| Description | When having a close token survey you can create a token on the fly by giving as parameters sid and token In addition if someone has already complete a survey he can review his answers and correct them Just put this script in limesurveys root directory Prerequisites: 1. Anonymous answers? No (This survey is NOT anonymous.) 2. Enable Token-based answers persistence? Yes 3. Switch to closed-acces mode | ||||||||||||
| Additional Information | example: http://www.youurl.com/limesurvey180/newtoken.php?sid=98761&token=12345 [^] where Survey id = 98761 your survey's id token=12345 a token (any token actually) 1. the first time the token will be created and you you will redirect to anwser the surrvey 2. If you wont complete the survey and call the script with the same parameters you will be redirect to the same case in order to finish the survey 3. If you finish the survey and call the script with the same parameters you will see restart the survey with your previews answers prefiled so you can change them 3. Back to 3 this is valid for all survey in the installation but you can make a filter so it wont be valid for every survey. | ||||||||||||
| Tags | No tags attached. | ||||||||||||
| LimeSurvey build number | |||||||||||||
| Attached Files |  newtoken.php.7z [^] (1,891 bytes) 2011-12-19 11:11 | ||||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(08816) user4164 2009-07-10 10:32 |
If a token has a hyphen (-) in it, the token is created fine but the survey reports that the token is invalid or has already been used. |
 (09000)janokary (reporter) 2009-07-31 15:09 edited on: 2010-03-13 16:22 |
@comclusive I will look into your issue. Meanwhile use only latin characters |
 (10090)kmm2908 (reporter) 2009-11-14 05:36 |
he following edit to newtoken.php re-enables the ability to prepopulate answers from the url: Code: // get variables from address bar if (isset($_GET['sid'])) { $sid = $_GET['sid']; } if (isset($_GET['token'])) { $token = $_GET['token']; } if (isset($_GET['n1'])) { $n1 = urldecode($_GET['n1']); } if (isset($_GET['n2'])) { $n2 = urldecode($_GET['n2']); } // short things are better $tokentable = $dbprefix."tokens_".$sid; $location = $rooturl.'?sid='.$sid.'?=gr&newtest=Y&token='.$token.'&66666X31X97='.$n1.'&66666X31X98='.$n2.'&66666X31X99='.$token; url e.g.: newtoken.php?sid=66666&token=$invoiceid&n1=$n1&n2=$n2; Obviously edit to match your SGQA identifiers Hope this helps! |
 (11164)ResearchOnBlogs (reporter) 2010-02-24 12:51 |
I have an issue, first everythings works fine.. Only one thing, if you have a tokenbased survey with different groups (display: group by group) and you stop complete the survey in one group (after pressed next) (Pos. Group2). In this case, if you log in again to complete, you will throw to the previous group -> Group1 . No big think but maybe it could solved. My survey is looking simplfied like that: Group1 -Q1 Singlechoice Group2 -Q2 Boilerplate/Information Group3 -Q3 Singlechoice |
 (11324)c_schmitz (administrator) 2010-03-13 16:24 |
This patch won't be incorporated to core because of security implications. Keeping it as a workaround though. |
 (11878)Spydre13 (reporter) 2010-05-19 21:21 |
This is going to help us out a lot, thanks! I haven't looked into the limesurvey code yet, but I'm curious what the ?=gr is for on the url it's passing? Also, we need to prepopulate answers, so kmm2908's code will help. But if you have several different surveys, you would need a different newtoken.php for each survey since the questions are hardcoded. I modified it using this code to work for multiple surveys: // get variables from address bar if (isset($_GET['sid'])) { $sid = $_GET['sid']; } if (isset($_GET['myname'])) { $myname=urldecode($_GET['myname']); } if (isset($_GET['token'])) { $token = $_GET['token']; } // get answers passed through if (isset($_GET['params'])) { $parmlist = explode("¶ms", $_SERVER["QUERY_STRING"]); $prefill = $parmlist[1]; } // short things are better $tokentable = $dbprefix."tokens_".$sid; $location = $rooturl.'?sid='.$sid.'&newtest=Y&token='.$token.$prefill; In this case you would just pass "¶ms" on the URL before passing the answers, since that is used to separate the query string and get the answers. Might not be the cleanest solution, but I thought it might help someone else. |
|
(13833) user11332 2010-12-29 09:47 edited on: 2010-12-29 09:47 |
It workes only with mysql database can you make it more generic , |
 (14393)bolero (reporter) 2011-03-10 19:55 |
Thanks so much for the script! There is a small bug in the location construction. $rooturl has no trailing slash. Thus you have to use: $location = $rooturl.'/?sid='.$sid.'&newtest=Y&token='.$token; and not $location = $rooturl.'?sid='.$sid.'&newtest=Y&token='.$token; And, I think one doesn't need the "?=gr" in location at all, it looks like an editing typo. I removed it and haben't seen an ill effect. |
|
(14394) bolero (reporter) 2011-03-10 21:09 |
code for passing passthru variable: if (isset($_GET['passthru'])) { $passthru = "&passthru=$_GET[passthru]&$_GET[passthru]=".$_GET[$_GET[passthru]]; } $location = $rooturl.'/?sid='.$sid.'&newtest=Y&token='."$token$passthru"; |
|
(14395) janokary (reporter) 2011-03-10 21:10 |
nice thanks |
|
(14736) user6308 2011-04-08 11:58 |
Thanks for this patch, I have a few questions, please apologies if they seem dummy: - Is the file newtoken.7z [^] (1,503 bytes) 2009-07-31 15:07 the last available version? - Why are we retrieving these variables: $loadname, $loadpass, $scid, $move, $clienttoken ? Are they needed? Why are we not sanitizing the variables $sid and $token before sending them in an SQL statement (protection against SQL injections)? Thanks again for this code and for any answer that might help me |
|
(16753) janokary (reporter) 2011-12-19 11:17 |
Hi all. I did some modifications for security reasons seens I want to use this for internet and not intranet like I did before. So, what I do is that I now check that the token that will be created is a "valid one", be doing some passwords checks. Please check it out and tell me your opinion. http://bugs.limesurvey.org/file_download.php?file_id=4260&type=bug [^] |
 (17679)JHN (reporter) 2012-02-28 16:56 |
I'm currently running 1.91 (Build 12416) and want to download this patch, but it doesn't seem to be working for us. I'm sure it's user error, but I'm trying to pinpoint exactly where the error is! We've saved the newest version of newtoken.php file in the root directory and modified the 'dirname(__FILE__)' in newtoken.php to point to the root directory. Is that the only change needed in this file? Is modification to any other files necessary? I've already followed all the survey pre-requisites of not having anonymous answers, enabling token-based answers persistence, and switching to closed-access mode. Also, I assume that we are able to use the original url that contains ‘index.php’ and not a url that contains ‘newtoken.php’, is that correct? I see comments about a url with ‘newtoken.php’, but I think that this is what the patch will create and direct participants to after they click on the original url? |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-03-20 14:59 | janokary | New Issue | |
| 2009-03-20 14:59 | janokary | File Added: newtoken.zip | |
| 2009-03-20 15:25 | user372 | Status | new => acknowledged |
| 2009-07-10 10:32 | user4164 | Note Added: 08816 | |
| 2009-07-31 15:07 | janokary | File Added: newtoken.7z | |
| 2009-07-31 15:09 | janokary | Note Added: 09000 | |
| 2009-08-13 16:15 | wakaan | Note Added: 09127 | |
| 2009-08-13 16:30 | wakaan | Note Edited: 09127 | |
| 2009-08-17 14:22 | Mazi | Note Added: 09150 | |
| 2009-08-17 14:55 | janokary | Note Added: 09152 | |
| 2009-11-14 05:36 | kmm2908 | Note Added: 10090 | |
| 2010-01-12 21:47 | marie@dk | Note Added: 10756 | |
| 2010-02-24 12:51 | ResearchOnBlogs | Note Added: 11164 | |
| 2010-03-13 16:19 | c_schmitz | File Deleted: newtoken.zip | |
| 2010-03-13 16:20 | c_schmitz | Note Deleted: 10756 | |
| 2010-03-13 16:21 | c_schmitz | Note Deleted: 09150 | |
| 2010-03-13 16:21 | c_schmitz | Note Deleted: 09127 | |
| 2010-03-13 16:21 | c_schmitz | Severity | feature => trivial |
| 2010-03-13 16:21 | c_schmitz | Product Version | 1.80 => 1.85 |
| 2010-03-13 16:22 | c_schmitz | Note Edited: 09000 | View Revisions |
| 2010-03-13 16:22 | c_schmitz | Note Deleted: 09152 | |
| 2010-03-13 16:24 | c_schmitz | Note Added: 11324 | |
| 2010-03-13 16:24 | c_schmitz | Status | acknowledged => confirmed |
| 2010-05-19 21:21 | Spydre13 | Note Added: 11878 | |
| 2010-12-29 09:47 | user11332 | Note Added: 13833 | |
| 2010-12-29 09:47 | user11332 | Note Edited: 13833 | View Revisions |
| 2011-03-10 19:55 | bolero | Note Added: 14393 | |
| 2011-03-10 21:09 | bolero | Note Added: 14394 | |
| 2011-03-10 21:10 | janokary | Note Added: 14395 | |
| 2011-04-08 11:58 | user6308 | Note Added: 14736 | |
| 2011-12-19 11:11 | janokary | File Added: newtoken.php.7z | |
| 2011-12-19 11:17 | janokary | Note Added: 16753 | |
| 2012-02-28 16:27 | c_schmitz | File Deleted: newtoken.7z | |
| 2012-02-28 16:56 | JHN | Note Added: 17679 | |
|
Issue History |
| Copyright © 2000 - 2013 MantisBT Team |
 |