verify.php

php+mysql做的调查问卷管理系统php+mysql做的调查问卷管理系统

<?
################################################################################
# phpQuestionnaire                           Version 2.2                       #
# Copyright 2003-2005 chumpsoft, inc.        March 28, 2005                    #
################################################################################
#              SCRiPTMAFiA 2005 - THE DiRTY HANDS ON YOUR SCRiPTS              #
################################################################################

#-->> Include Files

require("inc/init.php");
require("inc/mysql.php");
require("inc/functions.php");
require("inc/pfunctions.php");
require("inc/qfunctions.php");

#-->> Setting Variables

$varnames = array("sid", "uid", "emailaddr", "vsubmit");

SetVars($varnames);

#-->> Check UID and SID

$relocateURL = "error.php";

if (!ini_get("sendmail_path") && !ini_get("SMTP")) {
	header("Location: $relocateURL?errormsg=NoMailSupport");
	exit();
}

if (!$uid || !$sid) {
	header("Location: $relocateURL");
	exit();
}

$mqsurvey = mysql_query("select * from phpQSurvey where SID = \"".ProtectMySQL($sid)."\"");
if (!($masurvey = mysql_fetch_array($mqsurvey))) {
	header("Location: $relocateURL");
	exit();
}

$mquser = mysql_query("select * from phpQUser where UID = \"".ProtectMySQL($uid)."\" and SID = \"".ProtectMySQL($sid)."\"");
if (!($mauser = mysql_fetch_array($mquser))) {
	header("Location: $relocateURL");
	exit();
}

#-->> Set Language

SetLanguage($masurvey['Language']);

#-->> Create Form

$errorstyle = ($masurvey["ErrorStyle"]) ? $masurvey["ErrorStyle"] : "color: red;";
if ($emailaddr) {
	if (!ereg("@", $emailaddr) || !ereg("\.", $emailaddr)) {
		$errormsg = sprintf($phpQlang["EmailInvalid"], ProtectHTML($emailaddr));
	}
	else {
		$mysqlemailaddr = ProtectMySQL($emailaddr);
		$mqemailcheck = mysql_query("select 1 from phpQUser where Email = \"$mysqlemailaddr\" && SID = \"".ProtectMySQL($sid)."\"");
		$mquidcheck = mysql_query("select Email from phpQUser where UID = \"".ProtectMySQL($uid)."\" && SID = \"".ProtectMySQL($sid)."\"");
		if ($maemailcheck = mysql_fetch_array($mqemailcheck)) {
			$errormsg = sprintf($phpQlang["EmailDuplicate"], ProtectHTML($emailaddr));
		}
		elseif (($mauidcheck = mysql_fetch_array($mquidcheck)) && $mauidcheck["Email"]) {
			header("Location: confirm.php?uid=$uid&sid=$sid");
			exit();
		}
		else {
			$scriptloc = '';
			if ($HTTP_HOST != '') {
				$scriptloc .= "http://$HTTP_HOST";
			}
			elseif ($HTTP_SERVER_VARS["HTTP_HOST"] != '') {
				$scriptloc .= 'http://'.$HTTP_SERVER_VARS["HTTP_HOST"];
			}
			$php_self = $PHP_SELF ? $PHP_SELF : $HTTP_SERVER_VARS["PHP_SELF"];
			if (!$php_self && $HTTP_SERVER_VARS['REQUEST_URI']) {
				$php_self = $HTTP_SERVER_VARS['REQUEST_URI'];
			}
			$scriptloc .= preg_replace("/(.*)\/(.*?)\.php/", "\\1", $php_self);

			$confirmpswd = $mauser["Confirm"];
			$confirmurl = $scriptloc."/confirm.php?uid=$uid&sid=$sid&upasswd=$confirmpswd";

			if ($masurvey["VerifyEmail"]) { $emailmsg = $masurvey["VerifyEmail"]; }
			else { $emailmsg = $phpQlang["EmailDefaultMessage"]; }

			$emailmsg = str_replace("::SurveyName::", $masurvey["Name"], $emailmsg);
			$emailmsg = str_replace("::ConfirmPassword::", $confirmpswd, $emailmsg);
			$emailmsg = str_replace("::ConfirmURL::", $confirmurl, $emailmsg);

			$from = ($masurvey["EmailFrom"]) ? "From: ".$masurvey["EmailFrom"] : "From: ".$phpQlang["EmailDefaultFrom"];
			$subject = ($masurvey["EmailSubject"]) ? $masurvey["EmailSubject"] : sprintf($phpQlang["EmailDefaultSubject"], $masurvey["Name"]);
			
			mail($emailaddr, $subject, $emailmsg, $from);

			mysql_query("update phpQUser set Email = \"$mysqlemailaddr\" where UID = \"".ProtectMySQL($uid)."\" and SID = \"".ProtectMySQL($sid)."\"");
			header("Location: confirm.php?uid=$uid&sid=$sid");
			exit();
		}
	}
}

$buttonsubmit = GetButton($masurvey, 'submit');
if (!$errormsg && $vsubmit) {
	$errormsg = $phpQlang["EmailEmpty"];
}
$contents = "<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=".$masurvey["Width"]."><TR><TD ALIGN=center><TABLE CELLSPACING=0 CELLPADDING=2 BORDER=0>\n";
$contents .= "<TR><TD>".$phpQlang["VerifyRequest"]."</TD></TR>\n";
$contents .= "</TABLE>\n";
$contents .= "<TABLE CELLPADDING=2 CELLSPACING=0 BORDER=0>\n";
$contents .= "<FORM ACTION=verify.php METHOD=POST>\n";
$contents .= "<INPUT TYPE=hidden NAME=sid VALUE=$sid>\n";
$contents .= "<INPUT TYPE=hidden NAME=uid VALUE=$uid>\n";
$contents .= "<INPUT TYPE=hidden NAME=vsubmit VALUE=1>\n";
if ($errormsg) {
	$contents .= "<TR><TD COLSPAN=3 STYLE=\"$errorstyle\">$errormsg</TD></TR>\n";
}
$contents .= "<TR>\n";
$contents .= "<TD>".$phpQlang["EmailPrompt"]."</TD>\n";
$contents .= "<TD><INPUT TYPE=text NAME=emailaddr VALUE=\"".ProtectHTML($emailaddr)."\"></TD>\n";
$contents .= "<TD>$buttonsubmit</TD>\n";
$contents .= "</TR>\n";
$contents .= "</FORM>\n";
$contents .= "</TABLE></TD></TR></TABLE>\n";

#-->> Output Page

CreatePage($sid, sprintf($phpQlang["VerifyTitle"], $masurvey["Name"]), $contents, false, "");

?>