Menu
▾
▴
phpesp-devel — Discussion of the development of phpESP
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
(103) |
Apr
(37) |
May
(45) |
Jun
(49) |
Jul
(55) |
Aug
(11) |
Sep
(47) |
Oct
(55) |
Nov
(47) |
Dec
(8) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(43) |
Feb
(85) |
Mar
(121) |
Apr
(37) |
May
(33) |
Jun
(33) |
Jul
(14) |
Aug
(34) |
Sep
(58) |
Oct
(68) |
Nov
(31) |
Dec
(9) |
| 2004 |
Jan
(13) |
Feb
(57) |
Mar
(37) |
Apr
(26) |
May
(57) |
Jun
(14) |
Jul
(8) |
Aug
(12) |
Sep
(32) |
Oct
(10) |
Nov
(7) |
Dec
(12) |
| 2005 |
Jan
(8) |
Feb
(25) |
Mar
(50) |
Apr
(20) |
May
(32) |
Jun
(20) |
Jul
(83) |
Aug
(25) |
Sep
(17) |
Oct
(14) |
Nov
(32) |
Dec
(27) |
| 2006 |
Jan
(24) |
Feb
(15) |
Mar
(46) |
Apr
(5) |
May
(6) |
Jun
(9) |
Jul
(12) |
Aug
(5) |
Sep
(7) |
Oct
(7) |
Nov
(4) |
Dec
(5) |
| 2007 |
Jan
(4) |
Feb
(1) |
Mar
(7) |
Apr
(3) |
May
(4) |
Jun
|
Jul
|
Aug
(2) |
Sep
(2) |
Oct
|
Nov
(22) |
Dec
(19) |
| 2008 |
Jan
(94) |
Feb
(19) |
Mar
(32) |
Apr
(46) |
May
(20) |
Jun
(10) |
Jul
(11) |
Aug
(20) |
Sep
(16) |
Oct
(12) |
Nov
(13) |
Dec
|
| 2009 |
Jan
|
Feb
(9) |
Mar
(37) |
Apr
(65) |
May
(15) |
Jun
|
Jul
(24) |
Aug
(1) |
Sep
(8) |
Oct
(4) |
Nov
(21) |
Dec
(5) |
| 2010 |
Jan
(35) |
Feb
(6) |
Mar
(8) |
Apr
|
May
(4) |
Jun
(3) |
Jul
(4) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2011 |
Jan
|
Feb
(4) |
Mar
|
Apr
|
May
(1) |
Jun
(1) |
Jul
(1) |
Aug
|
Sep
(1) |
Oct
|
Nov
|
Dec
|
|
From: SourceForge.net <no...@so...> - 2006-09-29 10:05:40
|
Feature Requests item #1567600, was opened at 2006-09-29 10:05 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=358956&aid=1567600&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: data analysis Group: None Status: Open Priority: 5 Submitted By: Andy K (andyketchen) Assigned to: Nobody/Anonymous (nobody) Summary: Filtering results Initial Comment: If I choose a radio button or check box to "Cross Analyse" it effectively filters results on that field. However I also need to be able to filter on specific short text entries and I can't find a way to achieve this at present. This would save a lot of effort manipulating results within a spreadsheet. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=358956&aid=1567600&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-09-28 15:51:35
|
Bugs item #1387534, was opened at 2005-12-21 16:33 Message generated for change (Settings changed) made by greggmc You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1387534&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.7 >Status: Closed Resolution: None Priority: 5 Submitted By: Neil (neilsourceforge) Assigned to: Nobody/Anonymous (nobody) Summary: Export fails to download all the data Initial Comment: We upgraded to 1.7.5 from 1.7.2 Monday and today the phone rings. Developers with substantial response sets get a partial dat set when Exporting without any feedback about not getting all the data. As an example a response set of 987 records, 54 fields returns a CSV of 123 records all fields. All formats produce the same results. Which parameters influence download limits? Is there a SELECT or procedure where I can extract all responses for a survey directly from the MySQL database? Info: PHP Information Version: 4.3.11 OS: Linux SAPI: apache2handler register_globals: No magic_quotes_gpc: No magic_quotes_runtime: No safe_mode: No open_basedir: PHP Extensions dBase: No GD: Yes -- bundled (2.0.28 compatible) GNU Gettext: Yes LDAP: Yes MySQL: Yes PHP Extension Dir (compiled): /usr ... PHP Extension Dir (run time): /usr ... phpESP Settings Expected ESP_BASE: /fsys ... Expected base_url: uw ... Loading phpESP.ini.php ... ESP_BASE: /fsys ... base_url: https://uw ... Version: 1.7.5 Debug: No phpESP Language Settings GNU Gettext: Real default_lang: en_US current lang: en_US available langs: da_DK, de_DE, el_GR, en_US, es_ES, fi, fi_FI, fr_FR, hu_HU, it_IT, ja_JP, nl_NL, pt_BR, pt_PT, sv_SE (da, de, el, en, es, fi, fr, it, ja, nl, pt, sv) GNU Gettext test: Passed Catalog Open Test: Yes PHP Session Test session.save_path: /var ... Counter: 1 ---------------------------------------------------------------------- >Comment By: Matthew Gregg (greggmc) Date: 2006-09-28 10:51 Message: Logged In: YES user_id=14116 I agree, CSV export is broken all around. ---------------------------------------------------------------------- Comment By: James Coyle (jfculst) Date: 2006-09-28 06:21 Message: Logged In: YES user_id=1393403 It works! Admin were a bit nervious about leaving the www server vunerable extending the timeout from 30 secs to 600. It took over 5 mins to download the 706KB file far too long. php.ini in the script directory should work, but still leaves a security vunerability. Thanks Aaron ---------------------------------------------------------------------- Comment By: Aaron Axelsen (axelseaa) Date: 2006-09-26 08:45 Message: Logged In: YES user_id=704595 Have you tried increasing the max execution time in php? This can be done in either the php.ini or in a .htaccess file. Depending upon your system speed, a survey with that many records could take a minute or two to export. ---------------------------------------------------------------------- Comment By: James Coyle (jfculst) Date: 2006-09-26 06:53 Message: Logged In: YES user_id=1393403 We have produced a survey of 81,509 records and 613 responses. I am unable to download the CSV file, it times out with the error: Fatal error: Maximum execution time of 40 seconds exceeded in /web2/science/survey/phpesp/admin/include/lib/esprespons e.inc on line 289 ===================== I tried the header solution mentioned but it fails also. Is there a ready made patch I could insert?, I am using ver 1.7.5 ---------------------------------------------------------------------- Comment By: Neil (neilsourceforge) Date: 2006-01-05 16:00 Message: Logged In: YES user_id=1181273 We have discovered details that further an explanation of why our attempts to Export respondent data fails (silently) for large data sets. Our recent tests are against release 1.8 of phpESP. We implement phpESP using SSL. Internet Explorer 6 fails to export any data with the following objection: "Internet Explorer cannot download ...header ... Internet Explorer was not able to open this site..." By adjusting the file download.inc and adding these header statements the download appears to function. header("Content-Type: $mime"); header("Cache-Control: post-check=999, pre-check=999"); header("Pragma: cache"); header("Content-Disposition: attachment; filename={$name}"); header("Content-Length: ".strlen($data)); But fails for relatively large data sets. The variable $data seems not to exist. By suppressing the 'Content- Length' directive altogether exports appear to operate fully, our smallest and our largest respondent sets. I would like to suggest that support for IE 6 to an SSL enabled server be added to phpESP. .../neil patterson ---------------------------------------------------------------------- Comment By: Neil (neilsourceforge) Date: 2005-12-22 16:21 Message: Logged In: YES user_id=1181273 IE 6, latest Firefox and Netscape all fail to extract the entire data set. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2005-12-22 15:44 Message: Logged In: YES user_id=14116 If you can download to the server then it might be a browser timeout issue can you confirm the lack of responses on various browsers(IE/Firefox)? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2005-12-22 15:27 Message: Logged In: NO We reinstalled 1.7.2 and the larger data sets also fail on export. There are no errors in the web logs related to the download issue. max_execution_time and max_input_time are 60 seconds, and the memory_limit is 24M. ---------------------------------------------------------------------- Comment By: Neil (neilsourceforge) Date: 2005-12-22 13:40 Message: Logged In: YES user_id=1181273 I can respond to two of your questions and will respond to the rest when I have the information. I did no test this against 1.7.2 though large downloads will be a test of all future releases. 1.7.2 has been active for several months and no complaints; I would infer that 1.7.2 was OK. I will respond to the Apache log review later. Nothing on the client screen and nothing in the Application or System event logs on the client computer. I can successfully download to the server. All data appear available. It is only the local downloads that fail. The server download implies the data are valid, no incomplete responses. I will confirm the memory and execution limits later. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2005-12-22 10:24 Message: Logged In: YES user_id=14116 Results exported without a problem in 1.7.2? Do you have any errors in Apache's log file when the export fails or in the exported data? I have a 4000 response survey that manages to export completetly. Is it possible that the survey has incomplete responses(save/resume survey)? You might need to increase the memory and execution limts for PHP. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1387534&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-09-28 11:21:22
|
Bugs item #1387534, was opened at 2005-12-21 21:33 Message generated for change (Comment added) made by jfculst You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1387534&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.7 Status: Open Resolution: None Priority: 5 Submitted By: Neil (neilsourceforge) Assigned to: Nobody/Anonymous (nobody) Summary: Export fails to download all the data Initial Comment: We upgraded to 1.7.5 from 1.7.2 Monday and today the phone rings. Developers with substantial response sets get a partial dat set when Exporting without any feedback about not getting all the data. As an example a response set of 987 records, 54 fields returns a CSV of 123 records all fields. All formats produce the same results. Which parameters influence download limits? Is there a SELECT or procedure where I can extract all responses for a survey directly from the MySQL database? Info: PHP Information Version: 4.3.11 OS: Linux SAPI: apache2handler register_globals: No magic_quotes_gpc: No magic_quotes_runtime: No safe_mode: No open_basedir: PHP Extensions dBase: No GD: Yes -- bundled (2.0.28 compatible) GNU Gettext: Yes LDAP: Yes MySQL: Yes PHP Extension Dir (compiled): /usr ... PHP Extension Dir (run time): /usr ... phpESP Settings Expected ESP_BASE: /fsys ... Expected base_url: uw ... Loading phpESP.ini.php ... ESP_BASE: /fsys ... base_url: https://uw ... Version: 1.7.5 Debug: No phpESP Language Settings GNU Gettext: Real default_lang: en_US current lang: en_US available langs: da_DK, de_DE, el_GR, en_US, es_ES, fi, fi_FI, fr_FR, hu_HU, it_IT, ja_JP, nl_NL, pt_BR, pt_PT, sv_SE (da, de, el, en, es, fi, fr, it, ja, nl, pt, sv) GNU Gettext test: Passed Catalog Open Test: Yes PHP Session Test session.save_path: /var ... Counter: 1 ---------------------------------------------------------------------- Comment By: James Coyle (jfculst) Date: 2006-09-28 11:21 Message: Logged In: YES user_id=1393403 It works! Admin were a bit nervious about leaving the www server vunerable extending the timeout from 30 secs to 600. It took over 5 mins to download the 706KB file far too long. php.ini in the script directory should work, but still leaves a security vunerability. Thanks Aaron ---------------------------------------------------------------------- Comment By: Aaron Axelsen (axelseaa) Date: 2006-09-26 13:45 Message: Logged In: YES user_id=704595 Have you tried increasing the max execution time in php? This can be done in either the php.ini or in a .htaccess file. Depending upon your system speed, a survey with that many records could take a minute or two to export. ---------------------------------------------------------------------- Comment By: James Coyle (jfculst) Date: 2006-09-26 11:53 Message: Logged In: YES user_id=1393403 We have produced a survey of 81,509 records and 613 responses. I am unable to download the CSV file, it times out with the error: Fatal error: Maximum execution time of 40 seconds exceeded in /web2/science/survey/phpesp/admin/include/lib/esprespons e.inc on line 289 ===================== I tried the header solution mentioned but it fails also. Is there a ready made patch I could insert?, I am using ver 1.7.5 ---------------------------------------------------------------------- Comment By: Neil (neilsourceforge) Date: 2006-01-05 21:00 Message: Logged In: YES user_id=1181273 We have discovered details that further an explanation of why our attempts to Export respondent data fails (silently) for large data sets. Our recent tests are against release 1.8 of phpESP. We implement phpESP using SSL. Internet Explorer 6 fails to export any data with the following objection: "Internet Explorer cannot download ...header ... Internet Explorer was not able to open this site..." By adjusting the file download.inc and adding these header statements the download appears to function. header("Content-Type: $mime"); header("Cache-Control: post-check=999, pre-check=999"); header("Pragma: cache"); header("Content-Disposition: attachment; filename={$name}"); header("Content-Length: ".strlen($data)); But fails for relatively large data sets. The variable $data seems not to exist. By suppressing the 'Content- Length' directive altogether exports appear to operate fully, our smallest and our largest respondent sets. I would like to suggest that support for IE 6 to an SSL enabled server be added to phpESP. .../neil patterson ---------------------------------------------------------------------- Comment By: Neil (neilsourceforge) Date: 2005-12-22 21:21 Message: Logged In: YES user_id=1181273 IE 6, latest Firefox and Netscape all fail to extract the entire data set. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2005-12-22 20:44 Message: Logged In: YES user_id=14116 If you can download to the server then it might be a browser timeout issue can you confirm the lack of responses on various browsers(IE/Firefox)? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2005-12-22 20:27 Message: Logged In: NO We reinstalled 1.7.2 and the larger data sets also fail on export. There are no errors in the web logs related to the download issue. max_execution_time and max_input_time are 60 seconds, and the memory_limit is 24M. ---------------------------------------------------------------------- Comment By: Neil (neilsourceforge) Date: 2005-12-22 18:40 Message: Logged In: YES user_id=1181273 I can respond to two of your questions and will respond to the rest when I have the information. I did no test this against 1.7.2 though large downloads will be a test of all future releases. 1.7.2 has been active for several months and no complaints; I would infer that 1.7.2 was OK. I will respond to the Apache log review later. Nothing on the client screen and nothing in the Application or System event logs on the client computer. I can successfully download to the server. All data appear available. It is only the local downloads that fail. The server download implies the data are valid, no incomplete responses. I will confirm the memory and execution limits later. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2005-12-22 15:24 Message: Logged In: YES user_id=14116 Results exported without a problem in 1.7.2? Do you have any errors in Apache's log file when the export fails or in the exported data? I have a 4000 response survey that manages to export completetly. Is it possible that the survey has incomplete responses(save/resume survey)? You might need to increase the memory and execution limts for PHP. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1387534&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-09-27 21:31:22
|
Bugs item #1528331, was opened at 2006-07-25 04:45 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1528331&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Respondent Accounts Initial Comment: I want to restrict my users and divid them into groups, I think I should use \"Manage Respondent Accounts\" for doing it! but when a Respondent wants to login, it fail and this message appears:\"Incorrect User ID or Password, or your account has been disabled/expired.\" I\'m sure, I entered correct username and password and the account has not been disabled or expired! ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-09-27 14:31 Message: Logged In: NO I've got the same problem! Did you find a soloution? /Anders ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1528331&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-09-26 13:45:19
|
Bugs item #1387534, was opened at 2005-12-21 15:33 Message generated for change (Comment added) made by axelseaa You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1387534&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.7 Status: Open Resolution: None Priority: 5 Submitted By: Neil (neilsourceforge) Assigned to: Nobody/Anonymous (nobody) Summary: Export fails to download all the data Initial Comment: We upgraded to 1.7.5 from 1.7.2 Monday and today the phone rings. Developers with substantial response sets get a partial dat set when Exporting without any feedback about not getting all the data. As an example a response set of 987 records, 54 fields returns a CSV of 123 records all fields. All formats produce the same results. Which parameters influence download limits? Is there a SELECT or procedure where I can extract all responses for a survey directly from the MySQL database? Info: PHP Information Version: 4.3.11 OS: Linux SAPI: apache2handler register_globals: No magic_quotes_gpc: No magic_quotes_runtime: No safe_mode: No open_basedir: PHP Extensions dBase: No GD: Yes -- bundled (2.0.28 compatible) GNU Gettext: Yes LDAP: Yes MySQL: Yes PHP Extension Dir (compiled): /usr ... PHP Extension Dir (run time): /usr ... phpESP Settings Expected ESP_BASE: /fsys ... Expected base_url: uw ... Loading phpESP.ini.php ... ESP_BASE: /fsys ... base_url: https://uw ... Version: 1.7.5 Debug: No phpESP Language Settings GNU Gettext: Real default_lang: en_US current lang: en_US available langs: da_DK, de_DE, el_GR, en_US, es_ES, fi, fi_FI, fr_FR, hu_HU, it_IT, ja_JP, nl_NL, pt_BR, pt_PT, sv_SE (da, de, el, en, es, fi, fr, it, ja, nl, pt, sv) GNU Gettext test: Passed Catalog Open Test: Yes PHP Session Test session.save_path: /var ... Counter: 1 ---------------------------------------------------------------------- Comment By: Aaron Axelsen (axelseaa) Date: 2006-09-26 08:45 Message: Logged In: YES user_id=704595 Have you tried increasing the max execution time in php? This can be done in either the php.ini or in a .htaccess file. Depending upon your system speed, a survey with that many records could take a minute or two to export. ---------------------------------------------------------------------- Comment By: jfculst (jfculst) Date: 2006-09-26 06:53 Message: Logged In: YES user_id=1393403 We have produced a survey of 81,509 records and 613 responses. I am unable to download the CSV file, it times out with the error: Fatal error: Maximum execution time of 40 seconds exceeded in /web2/science/survey/phpesp/admin/include/lib/esprespons e.inc on line 289 ===================== I tried the header solution mentioned but it fails also. Is there a ready made patch I could insert?, I am using ver 1.7.5 ---------------------------------------------------------------------- Comment By: Neil (neilsourceforge) Date: 2006-01-05 15:00 Message: Logged In: YES user_id=1181273 We have discovered details that further an explanation of why our attempts to Export respondent data fails (silently) for large data sets. Our recent tests are against release 1.8 of phpESP. We implement phpESP using SSL. Internet Explorer 6 fails to export any data with the following objection: "Internet Explorer cannot download ...header ... Internet Explorer was not able to open this site..." By adjusting the file download.inc and adding these header statements the download appears to function. header("Content-Type: $mime"); header("Cache-Control: post-check=999, pre-check=999"); header("Pragma: cache"); header("Content-Disposition: attachment; filename={$name}"); header("Content-Length: ".strlen($data)); But fails for relatively large data sets. The variable $data seems not to exist. By suppressing the 'Content- Length' directive altogether exports appear to operate fully, our smallest and our largest respondent sets. I would like to suggest that support for IE 6 to an SSL enabled server be added to phpESP. .../neil patterson ---------------------------------------------------------------------- Comment By: Neil (neilsourceforge) Date: 2005-12-22 15:21 Message: Logged In: YES user_id=1181273 IE 6, latest Firefox and Netscape all fail to extract the entire data set. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2005-12-22 14:44 Message: Logged In: YES user_id=14116 If you can download to the server then it might be a browser timeout issue can you confirm the lack of responses on various browsers(IE/Firefox)? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2005-12-22 14:27 Message: Logged In: NO We reinstalled 1.7.2 and the larger data sets also fail on export. There are no errors in the web logs related to the download issue. max_execution_time and max_input_time are 60 seconds, and the memory_limit is 24M. ---------------------------------------------------------------------- Comment By: Neil (neilsourceforge) Date: 2005-12-22 12:40 Message: Logged In: YES user_id=1181273 I can respond to two of your questions and will respond to the rest when I have the information. I did no test this against 1.7.2 though large downloads will be a test of all future releases. 1.7.2 has been active for several months and no complaints; I would infer that 1.7.2 was OK. I will respond to the Apache log review later. Nothing on the client screen and nothing in the Application or System event logs on the client computer. I can successfully download to the server. All data appear available. It is only the local downloads that fail. The server download implies the data are valid, no incomplete responses. I will confirm the memory and execution limits later. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2005-12-22 09:24 Message: Logged In: YES user_id=14116 Results exported without a problem in 1.7.2? Do you have any errors in Apache's log file when the export fails or in the exported data? I have a 4000 response survey that manages to export completetly. Is it possible that the survey has incomplete responses(save/resume survey)? You might need to increase the memory and execution limts for PHP. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1387534&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-09-26 11:53:55
|
Bugs item #1387534, was opened at 2005-12-21 21:33 Message generated for change (Comment added) made by jfculst You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1387534&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.7 Status: Open Resolution: None Priority: 5 Submitted By: Neil (neilsourceforge) Assigned to: Nobody/Anonymous (nobody) Summary: Export fails to download all the data Initial Comment: We upgraded to 1.7.5 from 1.7.2 Monday and today the phone rings. Developers with substantial response sets get a partial dat set when Exporting without any feedback about not getting all the data. As an example a response set of 987 records, 54 fields returns a CSV of 123 records all fields. All formats produce the same results. Which parameters influence download limits? Is there a SELECT or procedure where I can extract all responses for a survey directly from the MySQL database? Info: PHP Information Version: 4.3.11 OS: Linux SAPI: apache2handler register_globals: No magic_quotes_gpc: No magic_quotes_runtime: No safe_mode: No open_basedir: PHP Extensions dBase: No GD: Yes -- bundled (2.0.28 compatible) GNU Gettext: Yes LDAP: Yes MySQL: Yes PHP Extension Dir (compiled): /usr ... PHP Extension Dir (run time): /usr ... phpESP Settings Expected ESP_BASE: /fsys ... Expected base_url: uw ... Loading phpESP.ini.php ... ESP_BASE: /fsys ... base_url: https://uw ... Version: 1.7.5 Debug: No phpESP Language Settings GNU Gettext: Real default_lang: en_US current lang: en_US available langs: da_DK, de_DE, el_GR, en_US, es_ES, fi, fi_FI, fr_FR, hu_HU, it_IT, ja_JP, nl_NL, pt_BR, pt_PT, sv_SE (da, de, el, en, es, fi, fr, it, ja, nl, pt, sv) GNU Gettext test: Passed Catalog Open Test: Yes PHP Session Test session.save_path: /var ... Counter: 1 ---------------------------------------------------------------------- Comment By: jfculst (jfculst) Date: 2006-09-26 11:53 Message: Logged In: YES user_id=1393403 We have produced a survey of 81,509 records and 613 responses. I am unable to download the CSV file, it times out with the error: Fatal error: Maximum execution time of 40 seconds exceeded in /web2/science/survey/phpesp/admin/include/lib/esprespons e.inc on line 289 ===================== I tried the header solution mentioned but it fails also. Is there a ready made patch I could insert?, I am using ver 1.7.5 ---------------------------------------------------------------------- Comment By: Neil (neilsourceforge) Date: 2006-01-05 21:00 Message: Logged In: YES user_id=1181273 We have discovered details that further an explanation of why our attempts to Export respondent data fails (silently) for large data sets. Our recent tests are against release 1.8 of phpESP. We implement phpESP using SSL. Internet Explorer 6 fails to export any data with the following objection: "Internet Explorer cannot download ...header ... Internet Explorer was not able to open this site..." By adjusting the file download.inc and adding these header statements the download appears to function. header("Content-Type: $mime"); header("Cache-Control: post-check=999, pre-check=999"); header("Pragma: cache"); header("Content-Disposition: attachment; filename={$name}"); header("Content-Length: ".strlen($data)); But fails for relatively large data sets. The variable $data seems not to exist. By suppressing the 'Content- Length' directive altogether exports appear to operate fully, our smallest and our largest respondent sets. I would like to suggest that support for IE 6 to an SSL enabled server be added to phpESP. .../neil patterson ---------------------------------------------------------------------- Comment By: Neil (neilsourceforge) Date: 2005-12-22 21:21 Message: Logged In: YES user_id=1181273 IE 6, latest Firefox and Netscape all fail to extract the entire data set. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2005-12-22 20:44 Message: Logged In: YES user_id=14116 If you can download to the server then it might be a browser timeout issue can you confirm the lack of responses on various browsers(IE/Firefox)? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2005-12-22 20:27 Message: Logged In: NO We reinstalled 1.7.2 and the larger data sets also fail on export. There are no errors in the web logs related to the download issue. max_execution_time and max_input_time are 60 seconds, and the memory_limit is 24M. ---------------------------------------------------------------------- Comment By: Neil (neilsourceforge) Date: 2005-12-22 18:40 Message: Logged In: YES user_id=1181273 I can respond to two of your questions and will respond to the rest when I have the information. I did no test this against 1.7.2 though large downloads will be a test of all future releases. 1.7.2 has been active for several months and no complaints; I would infer that 1.7.2 was OK. I will respond to the Apache log review later. Nothing on the client screen and nothing in the Application or System event logs on the client computer. I can successfully download to the server. All data appear available. It is only the local downloads that fail. The server download implies the data are valid, no incomplete responses. I will confirm the memory and execution limits later. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2005-12-22 15:24 Message: Logged In: YES user_id=14116 Results exported without a problem in 1.7.2? Do you have any errors in Apache's log file when the export fails or in the exported data? I have a 4000 response survey that manages to export completetly. Is it possible that the survey has incomplete responses(save/resume survey)? You might need to increase the memory and execution limts for PHP. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1387534&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-09-19 12:13:59
|
Feature Requests item #1561435, was opened at 2006-09-19 05:13 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=358956&aid=1561435&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: survey format Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Filter-Questions Initial Comment: I would be very helpfull if phpESP could deal with filters. Like if you answer the first question with yes an extra question appears or an other question disappears. thx ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=358956&aid=1561435&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-08-23 16:58:11
|
Bugs item #1545415, was opened at 2006-08-23 18:58 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1545415&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Daniel Fetzer (danielfetzer) Assigned to: Nobody/Anonymous (nobody) Summary: hardcoded strings in default.js Initial Comment: There are hardcoded string int the default.js, should be exchanged by variables ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1545415&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-08-23 16:49:12
|
Bugs item #1545414, was opened at 2006-08-23 09:49 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1545414&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: v1.7 Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: handler.php hardcoded button values Initial Comment: The buttons do not use the translations because they are hardcoded. i Think the problem could be solved with something like value="<?php echo(_('Previous Page')); ?>" /> ---- Also have a look at the button values in the preview.inc - they look a little bit strange ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1545414&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-08-10 00:31:45
|
Bugs item #1537769, was opened at 2006-08-09 17:31 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1537769&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Add Section Break Fails Initial Comment: Email: itw...@ya... Get this error when trying to add a section break. [I'm relatively new at this. Sorry if this is something bone-headed.] ==================== Notice: Only variable references should be returned by reference in C:\webserver\apache\Apache2\htdocs\esp\admin\include\lib\adodb\adodb.inc.php on line 859 ===================== I've already had to fix one error by modifying php.ini. Had to set: allow_call_time_pass_reference = On ==================== Running as 'root/superuser' phpESP version: v1.8.2 PHP Version 4.4.0 =========== PHPINFO (slightly redacted) System Windows NT Build Date Jul 11 2005 16:08:47 Server API CGI/FastCGI Virtual Directory Support enabled Configuration File (php.ini) Path C:\WINDOWS\php.ini PHP API 20020918 PHP Extension 20020429 Zend Extension 20050606 Debug Build no Zend Memory Manager enabled Thread Safety enabled Registered PHP Streams php, http, ftp, compress.zlib Zend logo This program makes use of the Zend Scripting Language Engine: Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies PHP Credits Configuration PHP Core Directive Local Value Master Value allow_call_time_pass_reference On On allow_url_fopen On On always_populate_raw_post_data Off Off arg_separator.input & & arg_separator.output & & asp_tags Off Off auto_append_file no value no value auto_prepend_file no value no value browscap no value no value default_charset no value no value default_mimetype text/html text/html define_syslog_variables Off Off disable_classes no value no value disable_functions no value no value display_errors On On display_startup_errors Off Off doc_root no value no value docref_ext no value no value docref_root no value no value enable_dl On On error_append_string no value no value error_log no value no value error_prepend_string no value no value error_reporting 2047 2047 expose_php On On extension_dir ./ ./ file_uploads On On gpc_order GPC GPC highlight.bg #FFFFFF #FFFFFF highlight.comment #FF8000 #FF8000 highlight.default #0000BB #0000BB highlight.html #000000 #000000 highlight.keyword #007700 #007700 highlight.string #DD0000 #DD0000 html_errors On On ignore_repeated_errors Off Off ignore_repeated_source Off Off ignore_user_abort Off Off implicit_flush Off Off include_path .;c:\php4\pear .;c:\php4\pear log_errors Off Off log_errors_max_len 1024 1024 magic_quotes_gpc Off Off magic_quotes_runtime Off Off magic_quotes_sybase Off Off max_execution_time 30 30 max_input_time 60 60 open_basedir no value no value output_buffering 4096 4096 output_handler no value no value post_max_size 8M 8M precision 14 14 register_argc_argv Off Off register_globals On On report_memleaks On On safe_mode Off Off safe_mode_exec_dir no value no value safe_mode_gid Off Off safe_mode_include_dir no value no value sendmail_from no value no value sendmail_path no value no value serialize_precision 100 100 short_open_tag On On SMTP localhost localhost smtp_port 25 25 sql.safe_mode Off Off track_errors Off Off unserialize_callback_func no value no value upload_max_filesize 2M 2M upload_tmp_dir no value no value user_dir no value no value variables_order GCPS GCPS xmlrpc_error_number 0 0 xmlrpc_errors Off Off y2k_compliance On On bcmath BCMath support enabled calendar Calendar support enabled com Directive Local Value Master Value com.allow_dcom Off Off com.autoregister_casesensitive On On com.autoregister_typelib Off Off com.autoregister_verbose Off Off com.typelib_file no value no value ctype ctype functions enabled ftp FTP support enabled mysql MySQL Support enabled Active Persistent Links 0 Active Links 0 Client API version 3.23.49 Directive Local Value Master Value mysql.allow_persistent On On mysql.connect_timeout 60 60 mysql.default_host no value no value mysql.default_password no value no value mysql.default_port no value no value mysql.default_socket no value no value mysql.default_user no value no value mysql.max_links Unlimited Unlimited mysql.max_persistent Unlimited Unlimited mysql.trace_mode Off Off odbc ODBC Support enabled Active Persistent Links 0 Active Links 0 ODBC library Win32 Directive Local Value Master Value odbc.allow_persistent On On odbc.check_persistent On On odbc.default_db no value no value odbc.default_pw no value no value odbc.default_user no value no value odbc.defaultbinmode return as is return as is odbc.defaultlrl return up to 4096 bytes return up to 4096 bytes odbc.max_links Unlimited Unlimited odbc.max_persistent Unlimited Unlimited overload User-Space Object Overloading Support enabled pcre PCRE (Perl Compatible Regular Expressions) Support enabled PCRE Library Version 5.0 13-Sep-2004 session Session Support enabled Registered save handlers files user Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warn On On session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path no value no value session.serialize_handler php php session.use_cookies On On session.use_only_cookies Off Off session.use_trans_sid Off Off standard Regex Library Bundled library enabled Dynamic Library Support enabled Internal Sendmail Support for Windows enabled Directive Local Value Master Value assert.active 1 1 assert.bail 0 0 assert.callback no value no value assert.quiet_eval 0 0 assert.warning 1 1 auto_detect_line_endings 0 0 default_socket_timeout 60 60 safe_mode_allowed_env_vars PHP_ PHP_ safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH url_rewriter.tags a=href,area=href,frame=src,input=src,form=fakeentry a=href,area=href,frame=src,input=src,form=fakeentry user_agent no value no value tokenizer Tokenizer Support enabled wddx WDDX Support enabled WDDX Session Serializer enabled xml XML Support active XML Namespace Support active EXPAT Version 1.95.6 zlib ZLib Support enabled Compiled Version 1.1.4 Linked Version 1.1.4 Directive Local Value Master Value zlib.output_compression Off Off zlib.output_compression_level -1 -1 zlib.output_handler no value no value Additional Modules Module Name Environment Variable Value ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1537769&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-08-09 15:27:39
|
Feature Requests item #1537477, was opened at 2006-08-09 08:27 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=358956&aid=1537477&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: data analysis Group: None Status: Open Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: separate results Initial Comment: hi, I think it is useful if each group has a separate result category, for example I wana see manager results in one page and other respondent in another page. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=358956&aid=1537477&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-08-03 20:36:47
|
Bugs item #1534118, was opened at 2006-08-03 13:36 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1534118&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 Status: Open Resolution: None Priority: 5 Submitted By: swy (saiwing) Assigned to: Nobody/Anonymous (nobody) Summary: Numeric questions accept alphabet Initial Comment: Numeric questions accept alphabet, doesn't give you an error, just won't save them. Repro 1) create question with numeric types 2) enter "G123", submit 3) page submitted without any error message 4) when you look at the report, you get only "123" ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1534118&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-07-25 11:45:47
|
Bugs item #1528331, was opened at 2006-07-25 04:45 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1528331&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Respondent Accounts Initial Comment: I want to restrict my users and divid them into groups, I think I should use \"Manage Respondent Accounts\" for doing it! but when a Respondent wants to login, it fail and this message appears:\"Incorrect User ID or Password, or your account has been disabled/expired.\" I\'m sure, I entered correct username and password and the account has not been disabled or expired! ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1528331&group_id=8956 |
|
From: James D. <ja...@jm...> - 2006-07-13 15:26:16
|
Sending these again with additional changes. My change to head.inc
messed up some of the pages I hadn't adjusted accordingly. I'm
struggling a little to get the HTML output of the testing pages correct
so if someone wants to poke at that I'd be grateful.
As well as a few minor alterations, I've added some <label> tags to some
of the forms.
I hope I've got the correct submission format this time :-)
James
Index: include/head.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/head.inc,v
retrieving revision 1.9
diff -a -u -r1.9 head.inc
--- include/head.inc 14 Apr 2005 17:51:16 -0000 1.9
+++ include/head.inc 13 Jul 2006 15:18:50 -0000
@@ -17,4 +17,3 @@
<div id="body">
<div class="contents">
<form method="post" id="phpesp" action="<?php
echo($GLOBALS['ESPCONFIG']['ME']); ?>">
- <div>
Index: include/function/survey_merge.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/function/survey_merge.inc,v
retrieving revision 1.14
diff -a -u -r1.14 survey_merge.inc
--- include/function/survey_merge.inc 29 Apr 2004 17:27:33 -0000 1.14
+++ include/function/survey_merge.inc 13 Jul 2006 15:18:51 -0000
@@ -136,7 +136,7 @@
if($bg != '#eeeeee') $bg = '#eeeeee';
else $bg = '#ffffff';
?>
- <tr xbgcolor="<?php echo($bg); ?>">
+ <tr bgcolor="#ffffff">
<td>
<A NAME="Q<?php echo($q); ?>"><?php echo($q); ?>.</A>
<?php echo($question[0]['content']); ?>
Index: include/function/survey_report.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/function/survey_report.inc,v
retrieving revision 1.12
diff -a -u -r1.12 survey_report.inc
--- include/function/survey_report.inc 29 Apr 2004 17:27:33 -0000 1.12
+++ include/function/survey_report.inc 13 Jul 2006 15:18:51 -0000
@@ -51,7 +51,12 @@
?>
<h2><?php echo(_('Report for') .': '. $survey["title"] .' ['. _('ID')
.': '. $survey['id'] .']'); ?></h2>
<h3><?php echo($survey["subtitle"]); ?></h3>
-<blockquote><?php echo($survey["info"]); ?></blockquote>
+<?php
+ if ($survey["info"]) {
+ echo("<blockquote>".$survey["info"]."</blockquote>");
+ }
+?>
+
<table border="0" cellspacing="2" cellpadding="0" width="100%">
<tr>
<th align="left"><?php echo(_('#')); ?></th>
Index: include/function/survey_results.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/function/survey_results.inc,v
retrieving revision 1.37
diff -a -u -r1.37 survey_results.inc
--- include/function/survey_results.inc 26 Oct 2005 20:47:33 -0000 1.37
+++ include/function/survey_results.inc 13 Jul 2006 15:18:51 -0000
@@ -226,7 +226,13 @@
?>
<h2><?php echo($survey["title"]); ?></h2>
<h3><?php echo($survey["subtitle"]); ?></h3>
-<blockquote><?php echo($survey["info"]); ?></blockquote>
+
+<?php
+ if ($survey["info"]) {
+ echo("<blockquote>".$survey["info"]."</blockquote>");
+ }
+?>
+
<?php
if($cross) {
echo("<blockquote>" ._('Cross analysis on QN:') ."
${q_content}</blockquote>\n");
@@ -256,7 +262,7 @@
else $bg = '#ffffff';
?>
- <tr xbgcolor="<?php echo($bg); ?>">
+ <tr bgcolor="#ffffff">
<td>
<?php
if ($tid < 50) {
Index: include/lib/esphtml.forms.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/lib/esphtml.forms.inc,v
retrieving revision 1.16
diff -a -u -r1.16 esphtml.forms.inc
--- include/lib/esphtml.forms.inc 27 Sep 2005 13:59:14 -0000 1.16
+++ include/lib/esphtml.forms.inc 13 Jul 2006 15:18:51 -0000
@@ -119,7 +119,6 @@
if ($varr == null)
$varr =& $_POST;
$str = "<select name=\"${_name}\">\n";
- $str .= "<option></option>\n";
while(list($cid, $content) = each($options)) {
$checked = '';
if (isset($varr[$_name]) && $varr[$_name] == $cid)
@@ -157,7 +156,7 @@
if (empty($_css)) {
$_css = "default.css";
}
- $str .= '<link rel="stylesheet" href="'.
$GLOBALS['ESPCONFIG']['css_url'].$_css .'" type="text/css">';
+ $str .= '<link rel="stylesheet" href="'.
$GLOBALS['ESPCONFIG']['css_url'].$_css .'" type="text/css"/>';
$str .= "\n</head>\n<body id=\"auth\">\n";
$str .= '<div class="headerGraphic"></div>';
@@ -169,7 +168,7 @@
$str .= mkerror($_message);
}
- $str .= '<form name="loginform" id="loginform" method="post">';
+ $str .= '<form name="loginform" id="loginform" method="post"
action="manage.php">';
$str .= "\n<fieldset><legend>Login</legend>\n";
$str .= '<div class="row">';
$str .= '<label for="username">';
Index: include/lib/esphtml.results.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/lib/esphtml.results.inc,v
retrieving revision 1.13
diff -a -u -r1.13 esphtml.results.inc
--- include/lib/esphtml.results.inc 15 Apr 2005 16:00:34 -0000 1.13
+++ include/lib/esphtml.results.inc 13 Jul 2006 15:18:51 -0000
@@ -36,9 +36,9 @@
<td align="left">
<?php
if($num) {
- echo(" <img src=\"" .$GLOBALS['ESPCONFIG']['image_url']
."hbar_l.gif\" height=9 width=4>");
- printf("<img src=\"" .$GLOBALS['ESPCONFIG']['image_url']
."hbar.gif\" height=9 width=%d>",$percent*2);
- echo("<img src=\"" .$GLOBALS['ESPCONFIG']['image_url']
."hbar_r.gif\" height=9 width=4>");
+ echo(" <img src=\"" .$GLOBALS['ESPCONFIG']['image_url']
."hbar_l.gif\" height=9 width=4 alt=\"Percentage Bar: $percent
percent\"/>");
+ printf("<img src=\"" .$GLOBALS['ESPCONFIG']['image_url']
."hbar.gif\" height=9 width=%d alt=\"Percentage Bar: $percent
percent\"/>",$percent*2);
+ echo("<img src=\"" .$GLOBALS['ESPCONFIG']['image_url']
."hbar_r.gif\" height=9 width=4 alt=\"Percentage Bar: $percent
percent\"/>");
printf(" %.${precision}f%%",$percent);
}
?></td>
@@ -60,9 +60,9 @@
<tr bgcolor="<?php echo($bg); ?>">
<td><b><?php echo(_('TOTAL')); ?></b></td>
<td width="40%"><b> <?php
- echo("<img src=\"" .$GLOBALS['ESPCONFIG']['image_url']
."hbar_l.gif\" height=9 width=4>");
- printf("<img src=\"" .$GLOBALS['ESPCONFIG']['image_url']
."hbar.gif\" height=9 width=%d>",$percent*2);
- echo("<img src=\"" .$GLOBALS['ESPCONFIG']['image_url']
."hbar_r.gif\" height=9 width=4>");
+ echo("<img src=\"" .$GLOBALS['ESPCONFIG']['image_url']
."hbar_l.gif\" height=9 width=4 alt=\"Percentage Bar: $percent
percent\"/>");
+ printf("<img src=\"" .$GLOBALS['ESPCONFIG']['image_url']
."hbar.gif\" height=9 width=%d alt=\"Percentage Bar: $percent
percent\"/>",$percent*2);
+ echo("<img src=\"" .$GLOBALS['ESPCONFIG']['image_url']
."hbar_r.gif\" height=9 width=4 alt=\"Percentage Bar: $percent
percent\"/>");
printf(" %.${precision}f%%",$percent); ?></b></td>
<td width="10%" align="right"><b><?php echo($total); ?></b></td>
</tr>
@@ -220,10 +220,10 @@
<td colspan="<?php echo($length+1); ?>">
<?php
if($avg) {
- echo('<img src="'. $GLOBALS['ESPCONFIG']['image_url'] .'hbar_l.gif"
height="9" width="4">');
+ echo('<img src="'. $GLOBALS['ESPCONFIG']['image_url'] .'hbar_l.gif"
height="9" width="4" alt="Percentage Bar"/>');
if (($j = $avg * $width - 11) > 0)
- printf('<img src="'. $GLOBALS['ESPCONFIG']['image_url'] .'hbar.gif"
height="9" width="%d">', $j);
- echo('<img src="'. $GLOBALS['ESPCONFIG']['image_url'] .'hbar_r.gif"
height="9" width="4">');
+ printf('<img src="'. $GLOBALS['ESPCONFIG']['image_url'] .'hbar.gif"
height="9" width="%d" alt="Percentage Bar"/>', $j);
+ echo('<img src="'. $GLOBALS['ESPCONFIG']['image_url'] .'hbar_r.gif"
height="9" width="4" alt="Percentage Bar"/>');
}
?>
</td>
Index: include/lib/adodb/adodb-lib.inc.php
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/lib/adodb/adodb-lib.inc.php,v
retrieving revision 1.1
diff -a -u -r1.1 adodb-lib.inc.php
--- include/lib/adodb/adodb-lib.inc.php 4 May 2004 19:20:35 -0000 1.1
+++ include/lib/adodb/adodb-lib.inc.php 13 Jul 2006 15:18:51 -0000
@@ -116,7 +116,7 @@
$barr = explode(':',$blank1stItem);
if (sizeof($barr) == 1) $barr[] = '';
$s .= "\n<option value=\"".$barr[0]."\">".$barr[1]."</option>";
- } else $s .= "\n<option></option>";
+ } else $s .= "\n";
if ($zthis->FieldCount() > 1) $hasvalue=true;
else $compareFields0 = true;
@@ -672,4 +672,4 @@
return $sql;
}
-?>
\ No newline at end of file
+?>
Index: include/tab/general.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/tab/general.inc,v
retrieving revision 1.25
diff -a -u -r1.25 general.inc
--- include/tab/general.inc 1 Aug 2005 16:12:54 -0000 1.25
+++ include/tab/general.inc 13 Jul 2006 15:18:51 -0000
@@ -41,7 +41,7 @@
<hr />
<table cellspacing="0" cellpadding="0">
<tr style="vertical-align: top">
- <td class="right"><strong><?php echo(_('Name')); ?></strong></td>
+ <td class="right"><strong><label for="name"><?php echo(_('Name'));
?></label></strong></td>
<td class="left">
<?php echo mktext('name', 20, 64, $survey); ?>
<span class="red"><em><?php echo _('Required'); ?></em></span><br />
@@ -52,7 +52,7 @@
</tr>
<tr><td colspan="2"><hr class="line1" /></td></tr>
<tr style="vertical-align: top">
- <td class="right"><strong><?php echo(_('Owner')); ?></strong></td>
+ <td class="right"><strong><label for="realm"><?php echo(_('Owner'));
?></label></strong></td>
<td class="left"><?php
$realms = array();
if($_SESSION['acl']['superuser'] == 'Y') {
@@ -74,7 +74,7 @@
</tr>
<tr><td colspan="2"><hr class="line1" /></td></tr>
<tr style="vertical-align: top">
- <td class="right"><strong><?php echo(_('Title')); ?></strong></td>
+ <td class="right"><strong><label for="title"><?php echo(_('Title'));
?></label></strong></td>
<td class="left">
<?php echo mktext('title', 60, 60, $survey); ?>
<span class="red"><em><?php echo _('Required'); ?></em></span><br />
@@ -85,7 +85,7 @@
</tr>
<tr><td colspan="2"><hr class="line1" /></td></tr>
<tr style="vertical-align: top">
- <td class="right"><strong><?php echo(_('Subtitle')); ?></strong></td>
+ <td class="right"><strong><label for="subtitle"><?php
echo(_('Subtitle')); ?></label></strong></td>
<td class="left">
<?php echo mktext('subtitle', 60, 128, $survey); ?><br />
<?php echo(_('Subtitle of this survey.') .' '.
@@ -94,7 +94,7 @@
</tr>
<tr><td colspan="2"><hr class="line1" /></td></tr>
<tr style="vertical-align: top">
- <td class="right"><strong><?php echo(_('Additional Info'));
?></strong></td>
+ <td class="right"><strong><label for="info"><?php echo(_('Additional
Info')); ?></label></strong></td>
<td class="left">
<?php echo mktextarea('info', 5, 60, 'virtual', $survey); ?><br />
<?php echo(_('Text to be displayed on this survey before any fields.
@@ -103,16 +103,16 @@
</tr>
<tr><td colspan="2"><hr class="line1" /></td></tr>
<tr style="vertical-align: top">
- <td class="right"><strong><?php echo(_('Confirmation Page'));
?></strong></td>
+ <td class="right"><strong><label for="thanks_page"><?php
echo(_('Confirmation Page')); ?></label></strong></td>
<td class="left">
<?php echo mktext('thanks_page', 60, 255, $survey) .' '.
_('(URL)'); ?><br />
<?php echo(_('The URL to which a user is redirected after completing
this survey.')); ?>
<br /><strong><?php echo(_('OR')); ?></strong><br />
<?php echo mktext('thank_head', 30, 0, $survey) .' '.
- _('(heading text)'); ?><br />
+ _('<label for="thank_head">(heading
text)</label>'); ?><br />
<?php echo mktextarea('thank_body', 5, 60, 'virtual', $survey) .
- ' ' . _('(body text)'); ?><br />
+ ' ' . _('<label for="thank_body">(body
text)</label>'); ?><br />
<?php echo(_('Heading (in bold) and body text for the
"Confirmation" page
displayed after a user completes this survey.')); ?>
<?php echo(_('(URL, if present, takes precedent over confirmation
text.)')); ?>
@@ -120,14 +120,14 @@
</tr>
<tr><td colspan="2"><hr class="line1" /></td></tr>
<tr style="vertical-align: top">
- <td class="right"><strong><?php echo(_('Email')); ?></strong></td>
+ <td class="right"><strong><label for="email"><?php echo(_('Email'));
?></label></strong></td>
<td class="left">
<?php echo mktext('email', 30, 0, $survey); ?><br />
<?php echo(_('Sends a copy of each submission to address (or leave
blank for no email backup).')); ?></td>
</tr>
<tr><td colspan="2"><hr class="line1" /></td></tr>
<tr style="vertical-align: top">
- <td class="right"><strong><?php echo(_('Theme')); ?></strong></td>
+ <td class="right"><strong><label for="theme"><?php echo(_('Theme'));
?></label></strong></td>
<td class="left"><?php
$themes_array = array();
$dir = dir($ESPCONFIG['css_path']);
Index: include/tab/order.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/tab/order.inc,v
retrieving revision 1.22
diff -a -u -r1.22 order.inc
--- include/tab/order.inc 8 Aug 2005 13:39:53 -0000 1.22
+++ include/tab/order.inc 13 Jul 2006 15:18:51 -0000
@@ -15,9 +15,9 @@
$result = execute_sql($sql);
$max = record_count($result);
?>
-<?php echo(_('Change the order that questions are
+<label for="questions"><?php echo(_('Change the order that questions are
presented by selecting a question from the list, then use the up/down
-buttons to change its position.')); ?>
+buttons to change its position.')); ?></label>
<hr>
<script type="text/javascript">
<!-- // comment
Index: include/tab/questions.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/tab/questions.inc,v
retrieving revision 1.27
diff -a -u -r1.27 questions.inc
--- include/tab/questions.inc 2 Sep 2005 19:25:04 -0000 1.27
+++ include/tab/questions.inc 13 Jul 2006 15:18:51 -0000
@@ -100,11 +100,11 @@
<table>
<tr>
<th> </th>
- <th><?php echo(_('Question Name')); ?></th>
- <th><?php echo(_('Type')); ?></th>
- <th><?php echo(_('Length')); ?></th>
- <th><?php echo(_('Precision')); ?></th>
- <th><?php echo(_('Required')); ?>?</th>
+ <th><label for="name"><?php echo(_('Question Name')); ?></label></th>
+ <th><label for="type_id"><?php echo(_('Type')); ?></label></th>
+ <th><label for="length"><?php echo(_('Length')); ?></label></th>
+ <th><label for="precise"><?php echo(_('Precision')); ?></label></th>
+ <th><label for="required"><?php echo(_('Required')); ?>?</label></th>
</tr><tr>
<td> </td>
<td><?php echo(mktext('name',12)); ?></td>
@@ -135,7 +135,7 @@
))); ?></td>
</tr>
<tr>
- <th>Text</th>
+ <th><label for="content">Text</label></th>
<td colspan="5"><?php
echo(mktextarea("content",4,60,"VIRTUAL"));
?></td>
Index: include/tab/questions_options.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/tab/questions_options.inc,v
retrieving revision 1.16
diff -a -u -r1.16 questions_options.inc
--- include/tab/questions_options.inc 1 Aug 2005 16:12:54 -0000 1.16
+++ include/tab/questions_options.inc 13 Jul 2006 15:18:51 -0000
@@ -56,7 +56,7 @@
}
?>
<tr>
- <td class="numbered"><?php echo($i); ?>.</td>
+ <td class="numbered"><label for="choice_id_<?php echo($i); ?>"><?php
echo($i); ?>.</label></td>
<td class="left">
<input type="hidden" name="choice_id_<?php echo($i); ?>"
value="<?php if(isset($choice_id)) echo($choice_id); ?>" />
Index: include/where/access.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/access.inc,v
retrieving revision 1.17
diff -a -u -r1.17 access.inc
--- include/where/access.inc 1 Aug 2005 16:12:54 -0000 1.17
+++ include/where/access.inc 13 Jul 2006 15:18:51 -0000
@@ -105,7 +105,7 @@
else
$public = _('Public');
- $r = '<select name="realm"><option></option>';
+ $r = '<select name="realm">';
$groups = array();
$selected_groups = array();
// if realm has already been added then do not include it for
@@ -141,6 +141,7 @@
$r .= '</select>';
}
?>
+<div>
<h2><?php echo(_('Survey Access')); ?></h2>
<?php if(!empty($errstr)) echo("<p>$errstr</p>\n"); ?>
Index: include/where/admdesigner.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/admdesigner.inc,v
retrieving revision 1.14
diff -a -u -r1.14 admdesigner.inc
--- include/where/admdesigner.inc 24 Apr 2006 19:41:41 -0000 1.14
+++ include/where/admdesigner.inc 13 Jul 2006 15:18:51 -0000
@@ -205,6 +205,7 @@
}
?>
+<div>
<h2><?php echo(_('Designer Account Administration')); ?></h2>
<?php if(!empty($errstr)) echo("<p>$errstr</p>\n"); ?>
<input type="hidden" name="where" value="admdesigner" />
@@ -227,7 +228,7 @@
<?php
echo("<th class=\"right\">". _('Group') ."</th>\n");
if(empty($r)) {
- $r = '<select name="r"><option></option>';
+ $r = '<select name="r">';
$groups = array();
if($_SESSION['acl']['superuser'] == 'Y') {
$sql = "SELECT name FROM ".$GLOBALS['ESPCONFIG']['realm_table'];
Index: include/where/admrespondent.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/admrespondent.inc,v
retrieving revision 1.13
diff -a -u -r1.13 admrespondent.inc
--- include/where/admrespondent.inc 24 Apr 2006 19:41:41 -0000 1.13
+++ include/where/admrespondent.inc 13 Jul 2006 15:18:51 -0000
@@ -180,6 +180,7 @@
}
?>
+<div>
<h2><?php echo(_('Respondent Account Administration')); ?></h2>
<?php if(!empty($errstr)) echo("<p>$errstr</p>\n"); ?>
<input type="hidden" name="where" value="admrespondent" />
@@ -202,7 +203,7 @@
<?php
echo("<th class=\"right\">". _('Group') ."</th>\n");
if(empty($r)) {
- $r = '<select name="r"><option></option>';
+ $r = '<select name="r">';
$groups = array();
if($_SESSION['acl']['superuser'] == 'Y') {
$sql = "SELECT name FROM ".$GLOBALS['ESPCONFIG']['realm_table'];
Index: include/where/copy.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/copy.inc,v
retrieving revision 1.17
diff -a -u -r1.17 copy.inc
--- include/where/copy.inc 1 Aug 2005 16:12:55 -0000 1.17
+++ include/where/copy.inc 13 Jul 2006 15:18:51 -0000
@@ -57,6 +57,7 @@
$bg = '';
?>
+<div>
<h2><?php echo(_('Copy Survey')); ?></h2>
<?php echo(
_('Choose a survey of which to make a copy. The copy will have the same
Index: include/where/designers.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/designers.inc,v
retrieving revision 1.10
diff -a -u -r1.10 designers.inc
--- include/where/designers.inc 1 Aug 2005 16:12:55 -0000 1.10
+++ include/where/designers.inc 13 Jul 2006 15:18:51 -0000
@@ -87,6 +87,7 @@
$bg = $ESPCONFIG['bgalt_color2'];
?>
+<div>
<h2><?php echo(_('Manage Web Form Designer Accounts')); ?></h2>
<p><?php echo(_('Click on a username to edit, or click on add new user
below.')); ?></p>
<table cellspacing="0" cellpadding="4" style="width: 550px;">
Index: include/where/edit.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/edit.inc,v
retrieving revision 1.12
diff -a -u -r1.12 edit.inc
--- include/where/edit.inc 1 Aug 2005 16:12:55 -0000 1.12
+++ include/where/edit.inc 13 Jul 2006 15:18:51 -0000
@@ -28,6 +28,7 @@
$result = execute_sql($sql);
?>
+<div>
<h2><?php echo(_('Edit a Survey')); ?></h2>
<?php echo(_('Pick Survey to Edit')); ?>
<table cellspacing="0" cellpadding="4">
Index: include/where/export.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/export.inc,v
retrieving revision 1.20
diff -a -u -r1.20 export.inc
--- include/where/export.inc 27 Mar 2006 23:10:41 -0000 1.20
+++ include/where/export.inc 13 Jul 2006 15:18:51 -0000
@@ -16,7 +16,6 @@
$bg = '';
?>
-</div>
</form>
<div class="contents">
<h2><?php echo(_('Export Data')); ?></h2>
@@ -94,10 +93,10 @@
<input type="hidden" name="sid" value="<?php echo($sid) ?>" />
<input type="hidden" name="where" value="" />
<div class="exportsave">
- <?php echo('<a href="javascript: exportSubmit(\'export\',
document.getElementById(\'export'.$sid.'\'));" title="Save the results
for \''.$name.'\' to the survey in CSV Format (Comma Delimted File).
Column Titles are based on question text.">' . _('Save On Server') .
'</a>');
+ <?php echo('<a
href="javascript:exportSubmit(\'export\',document.getElementById(\'export'.$sid.'\'));"
title="Save the results for \''.$name.'\' to the survey in CSV Format
(Comma Delimted File). Column Titles are based on question text.">' .
_('Save On Server') . '</a>');
echo("\n");?>
| <?php
- echo('<a href="javascript: exportSubmit(\'download\',
document.getElementById(\'export'.$sid.'\'));" title="Download the
results for \''.$name.'\' to your computer in CSV Format (Comma Delimted
File). Column Titles are based on the question text. Click this link and
select \'Save\' when prompted by your browser.">' . _('Download') .
'</a>'); ?>
+ echo('<a
href="javascript:exportSubmit(\'download\',document.getElementById(\'export'.$sid.'\'));"
title="Download the results for \''.$name.'\' to your computer in CSV
Format (Comma Delimted File). Column Titles are based on the question
text. Click this link and select \'Save\' when prompted by your
browser.">' . _('Download') . '</a>'); ?>
</div>
</div></form>
</td>
Index: include/where/groups.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/groups.inc,v
retrieving revision 1.10
diff -a -u -r1.10 groups.inc
--- include/where/groups.inc 1 Aug 2005 16:12:55 -0000 1.10
+++ include/where/groups.inc 13 Jul 2006 15:18:51 -0000
@@ -45,6 +45,7 @@
$i = 0;
$bg = $ESPCONFIG['bgalt_color2'];
?>
+<div>
<h2><?php echo(_('Manage Groups')); ?></h2>
<?php if(!empty($errstr)) echo('<p>'. mkerror($errstr) ."</p>\n"); ?>
<?php echo("<a href=\"". $GLOBALS['ESPCONFIG']['ME']
."?where=manage\">" . _('Go back to Management Interface') . "</a>\n"); ?>
Index: include/where/guide.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/guide.inc,v
retrieving revision 1.5
diff -a -u -r1.5 guide.inc
--- include/where/guide.inc 14 Apr 2005 17:51:21 -0000 1.5
+++ include/where/guide.inc 13 Jul 2006 15:18:51 -0000
@@ -9,6 +9,7 @@
// <jf...@al...>
?>
+<div>
<?php echo("<a href=\"". $GLOBALS['ESPCONFIG']['ME']
."?where=manage\">" . _('Go back to Management Interface') . "</a>\n"); ?>
<?php if (file_exists(ESP_BASE . '/docs/GUIDE')) { ?>
<table><tr><td><pre>
Index: include/where/help.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/help.inc,v
retrieving revision 1.18
diff -a -u -r1.18 help.inc
--- include/where/help.inc 14 Sep 2005 02:03:53 -0000 1.18
+++ include/where/help.inc 13 Jul 2006 15:18:51 -0000
@@ -8,7 +8,7 @@
// Modified by Aaron Axelsen
// <axe...@am...>
?>
-
+<div>
<table class="help">
<tr>
<td colspan="2" style="border-bottom:1px dashed #000000"><h1>Survey
Resource</h1></td>
@@ -145,7 +145,6 @@
</p>
<div style="text-align: center"> <tt>!other=prompt text</tt>
</div>
<p>Add more questions by clicking the <strong>New
Question</strong> button. Edit/View existing questions by clicking the
question numbers at the top of the form. </p>
- <p> </p>
<p>Click continue, or click the <strong>Questions</strong>
tab at the top to proceed to the questions section.</p>
</li>
</ul>
@@ -337,7 +336,6 @@
<dl>
<dd>
<select>
- <option></option>
<option>Option 1</option>
<option>Option 2</option>
</select>
Index: include/where/manage.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/manage.inc,v
retrieving revision 1.28
diff -a -u -r1.28 manage.inc
--- include/where/manage.inc 27 Oct 2005 18:58:19 -0000 1.28
+++ include/where/manage.inc 13 Jul 2006 15:18:51 -0000
@@ -11,6 +11,7 @@
$base =& $GLOBALS['ESPCONFIG']['ME'];
?>
+<div>
<h2><?php echo(_('Management Interface')); ?></h2>
<p><?php
if($GLOBALS['ESPCONFIG']['auth_design']) {
Index: include/where/passwd.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/passwd.inc,v
retrieving revision 1.7
diff -a -u -r1.7 passwd.inc
--- include/where/passwd.inc 1 Aug 2005 16:12:55 -0000 1.7
+++ include/where/passwd.inc 13 Jul 2006 15:18:51 -0000
@@ -10,6 +10,7 @@
/* ACL: everyone is allowed to change her own password */
?>
+<div>
<h2><?php echo(_('Change Password')); ?></h2>
<?php
if(isset($_POST['newpass1']) &&
Index: include/where/report.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/report.inc,v
retrieving revision 1.15
diff -a -u -r1.15 report.inc
--- include/where/report.inc 1 Aug 2005 16:12:55 -0000 1.15
+++ include/where/report.inc 13 Jul 2006 15:18:51 -0000
@@ -25,6 +25,7 @@
return;
}
?>
+<div>
<table cellspacing="0" cellpadding="4">
<tr><td>
<?php
@@ -34,7 +35,7 @@
?>
</td></tr>
</table>
-<?php echo("<a href=\"". $GLOBALS['ESPCONFIG']['ME']
."?where=report\">" . _('Go back to Report Menu') . "</a>\n"); ?><br>
+<?php echo("<a href=\"". $GLOBALS['ESPCONFIG']['ME']
."?where=report\">" . _('Go back to Report Menu') . "</a>\n"); ?><br/>
<?php echo("<a href=\"". $GLOBALS['ESPCONFIG']['ME']
."?where=manage\">" . _('Go back to Management Interface') . "</a>\n"); ?>
<?php
return;
@@ -62,6 +63,7 @@
$result = execute_sql($sql);
?>
+<div>
<h2><?php echo(_('View Form Report')); ?></h2>
<?php echo(_('Pick Form to View')); ?>
<table cellspacing="0" cellpadding="4">
Index: include/where/respondents.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/respondents.inc,v
retrieving revision 1.10
diff -a -u -r1.10 respondents.inc
--- include/where/respondents.inc 1 Aug 2005 16:12:55 -0000 1.10
+++ include/where/respondents.inc 13 Jul 2006 15:18:51 -0000
@@ -86,6 +86,7 @@
$bg = $ESPCONFIG['bgalt_color2'];
?>
+<div>
<h2><?php echo(_('Manage Respondent Accounts')); ?></h2>
<p><?php echo(_('Click on a username to edit, or click on add new user
below.')); ?></p>
<table cellspacing="0" cellpadding="4" style="width: 550px;">
Index: include/where/results.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/results.inc,v
retrieving revision 1.33
diff -a -u -r1.33 results.inc
--- include/where/results.inc 18 Nov 2005 15:23:41 -0000 1.33
+++ include/where/results.inc 13 Jul 2006 15:18:51 -0000
@@ -49,6 +49,7 @@
}
}
?>
+ <div>
<font size="+2">
<a href="<?php echo($GLOBALS['ESPCONFIG']['ME']."?where=help"); ?>"
target="_blank">Help</a>
</font>
@@ -145,6 +146,7 @@
if (empty($_GET['type'])) {
?>
+ <div>
<h2><?php echo(_('View Survey Results')); ?></h2>
<?php echo(_('Pick Survey to View')); ?>
@@ -153,7 +155,7 @@
<input type="hidden" name="where" value="results" />
<?php
} else {
- echo('<h2>'. _('Cross Tabulation') ."</h2>\n");
+ echo('<div> <!-- this is where it should be --><h2>'. _('Cross
Tabulation') ."</h2>\n");
echo(_('Pick Survey to Cross Tabulate'));
}
?>
@@ -207,7 +209,6 @@
if (empty($_GET['type'])) {
?>
<select name="rid<?php echo $count; ?>"
onchange="javascript:this.form.rid.value=this.form.rid<?php echo $count;
?>.options[this.form.rid<?php echo $count; ?>.selectedIndex].value;
this.form.sid.value=<?php echo $sid; ?>; this.form.submit(); return false;">
- <option value=""></option>
<?php
$i = 0;
while (list($rid) = fetch_row($rid_result)) {
Index: include/where/status.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/status.inc,v
retrieving revision 1.24
diff -a -u -r1.24 status.inc
--- include/where/status.inc 26 Oct 2005 20:47:33 -0000 1.24
+++ include/where/status.inc 13 Jul 2006 15:18:51 -0000
@@ -108,6 +108,7 @@
}
}
?>
+<div>
<h2><?php echo(_('Survey Status')); ?></h2>
<div style="text-align: left">
Index: include/where/tab.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/tab.inc,v
retrieving revision 1.17
diff -a -u -r1.17 tab.inc
--- include/where/tab.inc 26 Oct 2005 20:47:33 -0000 1.17
+++ include/where/tab.inc 13 Jul 2006 15:18:51 -0000
@@ -138,7 +138,6 @@
$errstr = '';
$updated =
survey_update($_SESSION['survey_id'],$tab,$_SESSION['last_tab']);
?>
-</div>
</form>
<form method="post" id="tabs" onsubmit="validate();" action="<?php
echo($GLOBALS['ESPCONFIG']['ME']); ?>">
<div>
Index: include/where/upload.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/upload.inc,v
retrieving revision 1.14
diff -a -u -r1.14 upload.inc
--- include/where/upload.inc 26 Oct 2005 20:47:33 -0000 1.14
+++ include/where/upload.inc 13 Jul 2006 15:18:52 -0000
@@ -32,7 +32,7 @@
// End the included form so we can do a multipart/form-data form
?>
-</div>
+<div><!-- something needs to be done about this div --></div>
</form>
<?php
if(isset($_POST['submit'])) {
|
|
From: James D. <ja...@jm...> - 2006-07-12 12:37:23
|
I've been reviewing phpESP with a view to accessibility and been making
a start by looking at whether the XHTML generated is well formed or not.
I've made a few changes to the code so far, which I'd checked out from
CVS. I'm not sure what the correct procedure for submitting patches are
but the output of cvs diff follows (I'm not all that familiar with CVS
either).
The main changes have been reshuffling some <div> tags to avoid cases
where empty div was created within the pages. I also removed some spaces
which shouldn't have been in a href property and corrected minor
mistakes in the login page.
I removed blank options within select boxes. I can see what was trying
to be achieved with them but it's not valid HTML. Perhaps it would be
better to have a placeholder "please select a value" option?
James
Index: admin/include/head.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/head.inc,v
retrieving revision 1.9
diff -d -r1.9 head.inc
20d19
< <div>
Index: admin/include/lib/esphtml.forms.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/lib/esphtml.forms.inc,v
retrieving revision 1.16
diff -d -r1.16 esphtml.forms.inc
122d121
< $str .= "<option></option>\n";
160c159
< $str .= '<link rel="stylesheet" href="'.
$GLOBALS['ESPCONFIG']['css_url'].$_css .'" type="text/css">';
---
> $str .= '<link rel="stylesheet" href="'.
$GLOBALS['ESPCONFIG']['css_url'].$_css .'" type="text/css"/>';
172c171
< $str .= '<form name="loginform" id="loginform" method="post">';
---
> $str .= '<form name="loginform" id="loginform" method="post"
action="manage.php">';
Index: admin/include/lib/adodb/adodb-lib.inc.php
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/lib/adodb/adodb-lib.inc.php,v
retrieving revision 1.1
diff -d -r1.1 adodb-lib.inc.php
119c119
< } else $s .= "\n<option></option>";
---
> } else $s .= "\n";
675c675
< ?>
\ No newline at end of file
---
> ?>
Index: admin/include/where/access.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/access.inc,v
retrieving revision 1.17
diff -d -r1.17 access.inc
108c108
< $r = '<select name="realm"><option></option>';
---
> $r = '<select name="realm">';
143a144
> <div>
Index: admin/include/where/admdesigner.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/admdesigner.inc,v
retrieving revision 1.14
diff -d -r1.14 admdesigner.inc
230c230
< $r = '<select name="r"><option></option>';
---
> $r = '<select name="r">;
Index: admin/include/where/admrespondent.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/admrespondent.inc,v
retrieving revision 1.13
diff -d -r1.13 admrespondent.inc
205c205
< $r = '<select name="r"><option></option>';
---
> $r = '<select name="r">';
Index: admin/include/where/copy.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/copy.inc,v
retrieving revision 1.17
diff -d -r1.17 copy.inc
59a60
> <div>
Index: admin/include/where/designers.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/designers.inc,v
retrieving revision 1.10
diff -d -r1.10 designers.inc
89a90
> <div>
Index: admin/include/where/edit.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/edit.inc,v
retrieving revision 1.12
diff -d -r1.12 edit.inc
30a31
> <div>
Index: admin/include/where/export.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/export.inc,v
retrieving revision 1.20
diff -d -r1.20 export.inc
19d18
< </div>
97c96
< <?php echo('<a href="javascript: exportSubmit(\'export\',
document.getElementById(\'export'.$sid.'\'));" title="Save the results
for \''.$name.'\' to the survey in CSV Format (Comma Delimted File).
Column Titles are based on question text.">' . _('Save On Server') .
'</a>');
---
> <?php echo('<a
href="javascript:exportSubmit(\'export\',document.getElementById(\'export'.$sid.'\'));"
title="Save the results for \''.$name.'\' to the survey in CSV Format
(Comma Delimted File). Column Titles are based on question text.">' .
_('Save On Server') . '</a>');
100c99
< echo('<a href="javascript: exportSubmit(\'download\',
document.getElementById(\'export'.$sid.'\'));" title="Download the
results for \''.$name.'\' to your computer in CSV Format (Comma Delimted
File). Column Titles are based on the question text. Click this link and
select \'Save\' when prompted by your browser.">' . _('Download') .
'</a>'); ?>
---
> echo('<a
href="javascript:exportSubmit(\'download\',document.getElementById(\'export'.$sid.'\'));"
title="Download the results for \''.$name.'\' to your computer in CSV
Format (Comma Delimted File). Column Titles are based on the question
text. Click this link and select \'Save\' when prompted by your
browser.">' . _('Download') . '</a>'); ?>
Index: admin/include/where/groups.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/groups.inc,v
retrieving revision 1.10
diff -d -r1.10 groups.inc
47a48
> <div>
Index: admin/include/where/guide.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/guide.inc,v
retrieving revision 1.5
diff -d -r1.5 guide.inc
11a12
> <div>
Index: admin/include/where/help.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/help.inc,v
retrieving revision 1.18
diff -d -r1.18 help.inc
340d339
< <option></option>
Index: admin/include/where/manage.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/manage.inc,v
retrieving revision 1.28
diff -d -r1.28 manage.inc
13a14
> <div>
Index: admin/include/where/passwd.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/passwd.inc,v
retrieving revision 1.7
diff -d -r1.7 passwd.inc
12a13
> <div>
Index: admin/include/where/report.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/report.inc,v
retrieving revision 1.15
diff -d -r1.15 report.inc
64a65
> <div>
Index: admin/include/where/respondents.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/respondents.inc,v
retrieving revision 1.10
diff -d -r1.10 respondents.inc
88a89
> <div>
Index: admin/include/where/results.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/results.inc,v
retrieving revision 1.33
diff -d -r1.33 results.inc
147a148
> <div>
156c157
< echo('<h2>'. _('Cross Tabulation') ."</h2>\n");
---
> echo('<div> <!-- this is where it should be --><h2>'. _('Cross
Tabulation') ."</h2>\n");
210d210
< <option value=""></option>
Index: admin/include/where/status.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/status.inc,v
retrieving revision 1.24
diff -d -r1.24 status.inc
110a111
> <div>
Index: admin/include/where/tab.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/tab.inc,v
retrieving revision 1.17
diff -d -r1.17 tab.inc
141d140
< </div>
Index: admin/include/where/test.inc
===================================================================
RCS file: /cvsroot/phpesp/phpESP/admin/include/where/test.inc,v
retrieving revision 1.25
diff -d -r1.25 test.inc
0a1
> <div><!-- Something needs doing with this div -->
|
|
From: SourceForge.net <no...@so...> - 2006-07-06 19:47:34
|
Bugs item #1518359, was opened at 2006-07-06 12:47 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1518359&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: User Group: v1.8 Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: Query String Password Vulnerability Initial Comment: phpESP allows usernames and passwords for surveys protected by form-based authentication to be passed via the URL query string. While this in it of itself is not a bug, a problem arises if the survey contains HTML links to other websites. Assume a user accesses an authenticated survey with the URL: http://mywebsite/phpESP/public/survey.php?name=survey&username=foo&password=bar. If this survey has a hyperlink (perhaps as part of one of the questions) to http://someothersite/ (via the <A>...</A> tag) and the user follows this link, most web browsers will send the following Referer HTTP header in the request to someothersite: Referer: http://mywebsite/phpESP/public/survey.php?name=survey&username=foo&password=bar As a result, the user's username and password combination is exposed to someothersite. Fix: Whenever phpESP encounters a username and password in the query string it should store these values in $_SESSION (which I believe it already does), redirect to the same URL with the username and password parameters removed, and authenticate the user via the PHPSESSID cookie instead. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1518359&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-07-06 15:37:52
|
Bugs item #1410940, was opened at 2006-01-20 11:56 Message generated for change (Comment added) made by greggmc You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 Status: Deleted Resolution: Fixed Priority: 5 Submitted By: blentz (blentz) Assigned to: Nobody/Anonymous (nobody) Summary: Accessing designer account admin logs you out Initial Comment: When logged in as a superuser with all ACL abilities, I try to go and modify an existing designer. I can get as far as the "Designers Account Administration" form, but if I click *anything* i.e. Update/Cancel/Delete buttons, Go back to Management Interface link, or even manually try and go to /admin/manage.php, I am booted out and am sent to the Management Login form with "Incorrect User ID or Password, or your account has been disabled/expired." This makes changing or deleting an existing designer impossible. ---------------------------------------------------------------------- >Comment By: Matthew Gregg (greggmc) Date: 2006-07-06 10:37 Message: Logged In: YES user_id=14116 Please re-read this bug thread. You were treated with nothing but respect until you posted something less than respectful. ---------------------------------------------------------------------- Comment By: Aaron Axelsen (axelseaa) Date: 2006-07-06 10:27 Message: Logged In: YES user_id=704595 What you submitted was more on a "hack" which doesnt fully work. If I was having the problem you had, I would have submitted a hunk of code to 1) detect if register globals was on and then 2) attempt to turn off register globals. In the defense of phpESP, even though it may have a dated interface and sure it needs a little work, its still one of the best featured survey apps out there for the price (free). ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-07-06 10:22 Message: Logged In: YES user_id=997838 I never imagined six months ago that providing a patch to help make phpESP run properly on my system (insecure as it may be) would be met with such strong opposition and utter disrespect. Mistake made; lesson learned: I will not attempt to contribute to your project ever again. I apologize for having wasted your time. ---------------------------------------------------------------------- Comment By: Aaron Axelsen (axelseaa) Date: 2006-07-06 10:03 Message: Logged In: YES user_id=704595 Depending upon how your webserver is configuered, you can use .htaccess files to change the register globals option. Try something like this: php_flag register_globals 0 Register globals is not only an unsupported phpesp configuration, but it is also a security issue to leave it on. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-07-06 09:35 Message: Logged In: YES user_id=14116 Do what you want, don't use phpESP, I don't care. I refuse to do anything to work around globals being on. Get used to it being off. In PHP6 it will no longer be an option AT ALL and will always be off. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-07-06 08:39 Message: Logged In: YES user_id=997838 With all due respect, phpESP is not the only PHP application in the world, nor is it the only PHP application on my server. Therefore, I cannot allow phpESP to dictate the setting of register_globals on my server's configuration due to the *other* applications I've got. This is the motivation for the patch I've provided below, which folks seem to be having success with. Perhaps if phpESP used unique variable names in the first place, this entire issue would be moot and we wouldn't be discussing this bug right now. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-07-05 22:07 Message: Logged In: YES user_id=14116 register_globals should be OFF. This problem might exist if they are on(an unsupported configuration). Globals are off on my development and production servers and I have no problems. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-07-05 07:57 Message: Logged In: NO I had that problem too, also with admrespondents, also for me is a must to have register_globals=On, so I used the patch, and it works great (v 1.8.2) but you must remove manually some extra variables at admrespondent.inc. Thanks a lot!!!!! ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-06-23 10:27 Message: Logged In: YES user_id=14116 Are you using version 1.8.2 and do you have register_globals on or off? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-06-23 10:09 Message: Logged In: NO I'm having the same problem. Can someone give me some instructions for how to install the patch. Sorry, I'm a noob at this. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-03-16 14:28 Message: Logged In: YES user_id=997838 Please try to use the patch I attached to this bug report back in January. It will fix your problem. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-16 13:47 Message: Logged In: NO I am having the same issue... I am going to rrot out my bad account thru MySQL... But you are right, we are unable to mod, del, and created account using phpESP. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-03 09:04 Message: Logged In: NO Same Problem! ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-01-23 23:21 Message: Logged In: YES user_id=997838 I'm guessing you're both right; problem is that I have other PHP applications on the system that require register_globals. I've created a patch from the changes by R. Schroeder, can be applied to the phpESP source tree using: patch -p0 < phpESP-1.8.patch Tested, corrects this bug. Perhaps this patch could be incorporated into the next release, making the Administer Respondants and Administer Designers work on systems with register_globals? ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-01-23 19:50 Message: Logged In: YES user_id=14116 I believe this bug is only present when register globals is on(an unsupported configuration). But I could be wrong. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-01-23 18:56 Message: Logged In: NO Check around line 180 in admdesigner.inc. My modifications are below to fix conflicting variable names. Similar fix applies to admrespondent. /* load ACL */ if(!empty($u) && !empty($r)) { $sql = "SELECT * FROM ".$GLOBALS['ESPCONFIG']['designer_table']." WHERE username=$u AND realm=$r"; $result = execute_sql($sql,"",ADODB_FETCH_ASSOC); if($arr = fetch_row($result)) { /* foreach(array( 'username', 'realm', 'fname', 'lname', 'email', 'pdesign', 'pstatus', 'pdata', 'pall', 'pgroup', 'puser', 'disabled', 'expiration') as $col) { $$col = $arr[$col]; } $u =& $username; $r =& $realm; */ // Ryan Schroeder - assign manually to avoid conflicting with $username $u = $arr['username']; $r = $arr['realm']; $fname = $arr['fname']; $lname = $arr['lname']; $email = $arr['email']; $pdesign = $arr['pdesign']; $pstatus = $arr['pstatus']; $pdata = $arr['pdata']; $pall = $arr['pall']; $pgroup = $arr['pgroup']; $puser = $arr['puser']; $disabled = $arr['disabled']; $expiration = $arr['expiration']; if(intval($expiration) > 0) { $ex_year = substr($expiration,0,4); $ex_month = substr($expiration,4,2); $ex_day = substr($expiration,6,2); } else { $ex_year = ''; $ex_month = ''; $ex_day = ''; } } else { $errstr .= mkerror(_('Account not found.') .' ('. ErrorMsg() .')'); } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-07-06 15:27:34
|
Bugs item #1410940, was opened at 2006-01-20 10:56 Message generated for change (Comment added) made by axelseaa You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 Status: Deleted Resolution: Fixed Priority: 5 Submitted By: blentz (blentz) Assigned to: Nobody/Anonymous (nobody) Summary: Accessing designer account admin logs you out Initial Comment: When logged in as a superuser with all ACL abilities, I try to go and modify an existing designer. I can get as far as the "Designers Account Administration" form, but if I click *anything* i.e. Update/Cancel/Delete buttons, Go back to Management Interface link, or even manually try and go to /admin/manage.php, I am booted out and am sent to the Management Login form with "Incorrect User ID or Password, or your account has been disabled/expired." This makes changing or deleting an existing designer impossible. ---------------------------------------------------------------------- Comment By: Aaron Axelsen (axelseaa) Date: 2006-07-06 10:27 Message: Logged In: YES user_id=704595 What you submitted was more on a "hack" which doesnt fully work. If I was having the problem you had, I would have submitted a hunk of code to 1) detect if register globals was on and then 2) attempt to turn off register globals. In the defense of phpESP, even though it may have a dated interface and sure it needs a little work, its still one of the best featured survey apps out there for the price (free). ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-07-06 10:22 Message: Logged In: YES user_id=997838 I never imagined six months ago that providing a patch to help make phpESP run properly on my system (insecure as it may be) would be met with such strong opposition and utter disrespect. Mistake made; lesson learned: I will not attempt to contribute to your project ever again. I apologize for having wasted your time. ---------------------------------------------------------------------- Comment By: Aaron Axelsen (axelseaa) Date: 2006-07-06 10:03 Message: Logged In: YES user_id=704595 Depending upon how your webserver is configuered, you can use .htaccess files to change the register globals option. Try something like this: php_flag register_globals 0 Register globals is not only an unsupported phpesp configuration, but it is also a security issue to leave it on. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-07-06 09:35 Message: Logged In: YES user_id=14116 Do what you want, don't use phpESP, I don't care. I refuse to do anything to work around globals being on. Get used to it being off. In PHP6 it will no longer be an option AT ALL and will always be off. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-07-06 08:39 Message: Logged In: YES user_id=997838 With all due respect, phpESP is not the only PHP application in the world, nor is it the only PHP application on my server. Therefore, I cannot allow phpESP to dictate the setting of register_globals on my server's configuration due to the *other* applications I've got. This is the motivation for the patch I've provided below, which folks seem to be having success with. Perhaps if phpESP used unique variable names in the first place, this entire issue would be moot and we wouldn't be discussing this bug right now. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-07-05 22:07 Message: Logged In: YES user_id=14116 register_globals should be OFF. This problem might exist if they are on(an unsupported configuration). Globals are off on my development and production servers and I have no problems. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-07-05 07:57 Message: Logged In: NO I had that problem too, also with admrespondents, also for me is a must to have register_globals=On, so I used the patch, and it works great (v 1.8.2) but you must remove manually some extra variables at admrespondent.inc. Thanks a lot!!!!! ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-06-23 10:27 Message: Logged In: YES user_id=14116 Are you using version 1.8.2 and do you have register_globals on or off? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-06-23 10:09 Message: Logged In: NO I'm having the same problem. Can someone give me some instructions for how to install the patch. Sorry, I'm a noob at this. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-03-16 13:28 Message: Logged In: YES user_id=997838 Please try to use the patch I attached to this bug report back in January. It will fix your problem. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-16 12:47 Message: Logged In: NO I am having the same issue... I am going to rrot out my bad account thru MySQL... But you are right, we are unable to mod, del, and created account using phpESP. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-03 08:04 Message: Logged In: NO Same Problem! ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-01-23 22:21 Message: Logged In: YES user_id=997838 I'm guessing you're both right; problem is that I have other PHP applications on the system that require register_globals. I've created a patch from the changes by R. Schroeder, can be applied to the phpESP source tree using: patch -p0 < phpESP-1.8.patch Tested, corrects this bug. Perhaps this patch could be incorporated into the next release, making the Administer Respondants and Administer Designers work on systems with register_globals? ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-01-23 18:50 Message: Logged In: YES user_id=14116 I believe this bug is only present when register globals is on(an unsupported configuration). But I could be wrong. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-01-23 17:56 Message: Logged In: NO Check around line 180 in admdesigner.inc. My modifications are below to fix conflicting variable names. Similar fix applies to admrespondent. /* load ACL */ if(!empty($u) && !empty($r)) { $sql = "SELECT * FROM ".$GLOBALS['ESPCONFIG']['designer_table']." WHERE username=$u AND realm=$r"; $result = execute_sql($sql,"",ADODB_FETCH_ASSOC); if($arr = fetch_row($result)) { /* foreach(array( 'username', 'realm', 'fname', 'lname', 'email', 'pdesign', 'pstatus', 'pdata', 'pall', 'pgroup', 'puser', 'disabled', 'expiration') as $col) { $$col = $arr[$col]; } $u =& $username; $r =& $realm; */ // Ryan Schroeder - assign manually to avoid conflicting with $username $u = $arr['username']; $r = $arr['realm']; $fname = $arr['fname']; $lname = $arr['lname']; $email = $arr['email']; $pdesign = $arr['pdesign']; $pstatus = $arr['pstatus']; $pdata = $arr['pdata']; $pall = $arr['pall']; $pgroup = $arr['pgroup']; $puser = $arr['puser']; $disabled = $arr['disabled']; $expiration = $arr['expiration']; if(intval($expiration) > 0) { $ex_year = substr($expiration,0,4); $ex_month = substr($expiration,4,2); $ex_day = substr($expiration,6,2); } else { $ex_year = ''; $ex_month = ''; $ex_day = ''; } } else { $errstr .= mkerror(_('Account not found.') .' ('. ErrorMsg() .')'); } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-07-06 15:23:23
|
Bugs item #1410940, was opened at 2006-01-20 11:56 Message generated for change (Comment added) made by blentz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 >Status: Deleted Resolution: Fixed Priority: 5 Submitted By: blentz (blentz) Assigned to: Nobody/Anonymous (nobody) Summary: Accessing designer account admin logs you out Initial Comment: When logged in as a superuser with all ACL abilities, I try to go and modify an existing designer. I can get as far as the "Designers Account Administration" form, but if I click *anything* i.e. Update/Cancel/Delete buttons, Go back to Management Interface link, or even manually try and go to /admin/manage.php, I am booted out and am sent to the Management Login form with "Incorrect User ID or Password, or your account has been disabled/expired." This makes changing or deleting an existing designer impossible. ---------------------------------------------------------------------- >Comment By: blentz (blentz) Date: 2006-07-06 10:22 Message: Logged In: YES user_id=997838 I never imagined six months ago that providing a patch to help make phpESP run properly on my system (insecure as it may be) would be met with such strong opposition and utter disrespect. Mistake made; lesson learned: I will not attempt to contribute to your project ever again. I apologize for having wasted your time. ---------------------------------------------------------------------- Comment By: Aaron Axelsen (axelseaa) Date: 2006-07-06 10:03 Message: Logged In: YES user_id=704595 Depending upon how your webserver is configuered, you can use .htaccess files to change the register globals option. Try something like this: php_flag register_globals 0 Register globals is not only an unsupported phpesp configuration, but it is also a security issue to leave it on. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-07-06 09:35 Message: Logged In: YES user_id=14116 Do what you want, don't use phpESP, I don't care. I refuse to do anything to work around globals being on. Get used to it being off. In PHP6 it will no longer be an option AT ALL and will always be off. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-07-06 08:39 Message: Logged In: YES user_id=997838 With all due respect, phpESP is not the only PHP application in the world, nor is it the only PHP application on my server. Therefore, I cannot allow phpESP to dictate the setting of register_globals on my server's configuration due to the *other* applications I've got. This is the motivation for the patch I've provided below, which folks seem to be having success with. Perhaps if phpESP used unique variable names in the first place, this entire issue would be moot and we wouldn't be discussing this bug right now. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-07-05 22:07 Message: Logged In: YES user_id=14116 register_globals should be OFF. This problem might exist if they are on(an unsupported configuration). Globals are off on my development and production servers and I have no problems. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-07-05 07:57 Message: Logged In: NO I had that problem too, also with admrespondents, also for me is a must to have register_globals=On, so I used the patch, and it works great (v 1.8.2) but you must remove manually some extra variables at admrespondent.inc. Thanks a lot!!!!! ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-06-23 10:27 Message: Logged In: YES user_id=14116 Are you using version 1.8.2 and do you have register_globals on or off? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-06-23 10:09 Message: Logged In: NO I'm having the same problem. Can someone give me some instructions for how to install the patch. Sorry, I'm a noob at this. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-03-16 14:28 Message: Logged In: YES user_id=997838 Please try to use the patch I attached to this bug report back in January. It will fix your problem. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-16 13:47 Message: Logged In: NO I am having the same issue... I am going to rrot out my bad account thru MySQL... But you are right, we are unable to mod, del, and created account using phpESP. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-03 09:04 Message: Logged In: NO Same Problem! ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-01-23 23:21 Message: Logged In: YES user_id=997838 I'm guessing you're both right; problem is that I have other PHP applications on the system that require register_globals. I've created a patch from the changes by R. Schroeder, can be applied to the phpESP source tree using: patch -p0 < phpESP-1.8.patch Tested, corrects this bug. Perhaps this patch could be incorporated into the next release, making the Administer Respondants and Administer Designers work on systems with register_globals? ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-01-23 19:50 Message: Logged In: YES user_id=14116 I believe this bug is only present when register globals is on(an unsupported configuration). But I could be wrong. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-01-23 18:56 Message: Logged In: NO Check around line 180 in admdesigner.inc. My modifications are below to fix conflicting variable names. Similar fix applies to admrespondent. /* load ACL */ if(!empty($u) && !empty($r)) { $sql = "SELECT * FROM ".$GLOBALS['ESPCONFIG']['designer_table']." WHERE username=$u AND realm=$r"; $result = execute_sql($sql,"",ADODB_FETCH_ASSOC); if($arr = fetch_row($result)) { /* foreach(array( 'username', 'realm', 'fname', 'lname', 'email', 'pdesign', 'pstatus', 'pdata', 'pall', 'pgroup', 'puser', 'disabled', 'expiration') as $col) { $$col = $arr[$col]; } $u =& $username; $r =& $realm; */ // Ryan Schroeder - assign manually to avoid conflicting with $username $u = $arr['username']; $r = $arr['realm']; $fname = $arr['fname']; $lname = $arr['lname']; $email = $arr['email']; $pdesign = $arr['pdesign']; $pstatus = $arr['pstatus']; $pdata = $arr['pdata']; $pall = $arr['pall']; $pgroup = $arr['pgroup']; $puser = $arr['puser']; $disabled = $arr['disabled']; $expiration = $arr['expiration']; if(intval($expiration) > 0) { $ex_year = substr($expiration,0,4); $ex_month = substr($expiration,4,2); $ex_day = substr($expiration,6,2); } else { $ex_year = ''; $ex_month = ''; $ex_day = ''; } } else { $errstr .= mkerror(_('Account not found.') .' ('. ErrorMsg() .')'); } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-07-06 15:03:21
|
Bugs item #1410940, was opened at 2006-01-20 10:56 Message generated for change (Comment added) made by axelseaa You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 Status: Closed Resolution: Fixed Priority: 5 Submitted By: blentz (blentz) Assigned to: Nobody/Anonymous (nobody) Summary: Accessing designer account admin logs you out Initial Comment: When logged in as a superuser with all ACL abilities, I try to go and modify an existing designer. I can get as far as the "Designers Account Administration" form, but if I click *anything* i.e. Update/Cancel/Delete buttons, Go back to Management Interface link, or even manually try and go to /admin/manage.php, I am booted out and am sent to the Management Login form with "Incorrect User ID or Password, or your account has been disabled/expired." This makes changing or deleting an existing designer impossible. ---------------------------------------------------------------------- Comment By: Aaron Axelsen (axelseaa) Date: 2006-07-06 10:03 Message: Logged In: YES user_id=704595 Depending upon how your webserver is configuered, you can use .htaccess files to change the register globals option. Try something like this: php_flag register_globals 0 Register globals is not only an unsupported phpesp configuration, but it is also a security issue to leave it on. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-07-06 09:35 Message: Logged In: YES user_id=14116 Do what you want, don't use phpESP, I don't care. I refuse to do anything to work around globals being on. Get used to it being off. In PHP6 it will no longer be an option AT ALL and will always be off. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-07-06 08:39 Message: Logged In: YES user_id=997838 With all due respect, phpESP is not the only PHP application in the world, nor is it the only PHP application on my server. Therefore, I cannot allow phpESP to dictate the setting of register_globals on my server's configuration due to the *other* applications I've got. This is the motivation for the patch I've provided below, which folks seem to be having success with. Perhaps if phpESP used unique variable names in the first place, this entire issue would be moot and we wouldn't be discussing this bug right now. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-07-05 22:07 Message: Logged In: YES user_id=14116 register_globals should be OFF. This problem might exist if they are on(an unsupported configuration). Globals are off on my development and production servers and I have no problems. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-07-05 07:57 Message: Logged In: NO I had that problem too, also with admrespondents, also for me is a must to have register_globals=On, so I used the patch, and it works great (v 1.8.2) but you must remove manually some extra variables at admrespondent.inc. Thanks a lot!!!!! ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-06-23 10:27 Message: Logged In: YES user_id=14116 Are you using version 1.8.2 and do you have register_globals on or off? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-06-23 10:09 Message: Logged In: NO I'm having the same problem. Can someone give me some instructions for how to install the patch. Sorry, I'm a noob at this. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-03-16 13:28 Message: Logged In: YES user_id=997838 Please try to use the patch I attached to this bug report back in January. It will fix your problem. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-16 12:47 Message: Logged In: NO I am having the same issue... I am going to rrot out my bad account thru MySQL... But you are right, we are unable to mod, del, and created account using phpESP. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-03 08:04 Message: Logged In: NO Same Problem! ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-01-23 22:21 Message: Logged In: YES user_id=997838 I'm guessing you're both right; problem is that I have other PHP applications on the system that require register_globals. I've created a patch from the changes by R. Schroeder, can be applied to the phpESP source tree using: patch -p0 < phpESP-1.8.patch Tested, corrects this bug. Perhaps this patch could be incorporated into the next release, making the Administer Respondants and Administer Designers work on systems with register_globals? ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-01-23 18:50 Message: Logged In: YES user_id=14116 I believe this bug is only present when register globals is on(an unsupported configuration). But I could be wrong. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-01-23 17:56 Message: Logged In: NO Check around line 180 in admdesigner.inc. My modifications are below to fix conflicting variable names. Similar fix applies to admrespondent. /* load ACL */ if(!empty($u) && !empty($r)) { $sql = "SELECT * FROM ".$GLOBALS['ESPCONFIG']['designer_table']." WHERE username=$u AND realm=$r"; $result = execute_sql($sql,"",ADODB_FETCH_ASSOC); if($arr = fetch_row($result)) { /* foreach(array( 'username', 'realm', 'fname', 'lname', 'email', 'pdesign', 'pstatus', 'pdata', 'pall', 'pgroup', 'puser', 'disabled', 'expiration') as $col) { $$col = $arr[$col]; } $u =& $username; $r =& $realm; */ // Ryan Schroeder - assign manually to avoid conflicting with $username $u = $arr['username']; $r = $arr['realm']; $fname = $arr['fname']; $lname = $arr['lname']; $email = $arr['email']; $pdesign = $arr['pdesign']; $pstatus = $arr['pstatus']; $pdata = $arr['pdata']; $pall = $arr['pall']; $pgroup = $arr['pgroup']; $puser = $arr['puser']; $disabled = $arr['disabled']; $expiration = $arr['expiration']; if(intval($expiration) > 0) { $ex_year = substr($expiration,0,4); $ex_month = substr($expiration,4,2); $ex_day = substr($expiration,6,2); } else { $ex_year = ''; $ex_month = ''; $ex_day = ''; } } else { $errstr .= mkerror(_('Account not found.') .' ('. ErrorMsg() .')'); } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-07-06 14:35:55
|
Bugs item #1410940, was opened at 2006-01-20 11:56 Message generated for change (Comment added) made by greggmc You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: blentz (blentz) Assigned to: Nobody/Anonymous (nobody) Summary: Accessing designer account admin logs you out Initial Comment: When logged in as a superuser with all ACL abilities, I try to go and modify an existing designer. I can get as far as the "Designers Account Administration" form, but if I click *anything* i.e. Update/Cancel/Delete buttons, Go back to Management Interface link, or even manually try and go to /admin/manage.php, I am booted out and am sent to the Management Login form with "Incorrect User ID or Password, or your account has been disabled/expired." This makes changing or deleting an existing designer impossible. ---------------------------------------------------------------------- >Comment By: Matthew Gregg (greggmc) Date: 2006-07-06 09:35 Message: Logged In: YES user_id=14116 Do what you want, don't use phpESP, I don't care. I refuse to do anything to work around globals being on. Get used to it being off. In PHP6 it will no longer be an option AT ALL and will always be off. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-07-06 08:39 Message: Logged In: YES user_id=997838 With all due respect, phpESP is not the only PHP application in the world, nor is it the only PHP application on my server. Therefore, I cannot allow phpESP to dictate the setting of register_globals on my server's configuration due to the *other* applications I've got. This is the motivation for the patch I've provided below, which folks seem to be having success with. Perhaps if phpESP used unique variable names in the first place, this entire issue would be moot and we wouldn't be discussing this bug right now. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-07-05 22:07 Message: Logged In: YES user_id=14116 register_globals should be OFF. This problem might exist if they are on(an unsupported configuration). Globals are off on my development and production servers and I have no problems. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-07-05 07:57 Message: Logged In: NO I had that problem too, also with admrespondents, also for me is a must to have register_globals=On, so I used the patch, and it works great (v 1.8.2) but you must remove manually some extra variables at admrespondent.inc. Thanks a lot!!!!! ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-06-23 10:27 Message: Logged In: YES user_id=14116 Are you using version 1.8.2 and do you have register_globals on or off? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-06-23 10:09 Message: Logged In: NO I'm having the same problem. Can someone give me some instructions for how to install the patch. Sorry, I'm a noob at this. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-03-16 14:28 Message: Logged In: YES user_id=997838 Please try to use the patch I attached to this bug report back in January. It will fix your problem. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-16 13:47 Message: Logged In: NO I am having the same issue... I am going to rrot out my bad account thru MySQL... But you are right, we are unable to mod, del, and created account using phpESP. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-03 09:04 Message: Logged In: NO Same Problem! ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-01-23 23:21 Message: Logged In: YES user_id=997838 I'm guessing you're both right; problem is that I have other PHP applications on the system that require register_globals. I've created a patch from the changes by R. Schroeder, can be applied to the phpESP source tree using: patch -p0 < phpESP-1.8.patch Tested, corrects this bug. Perhaps this patch could be incorporated into the next release, making the Administer Respondants and Administer Designers work on systems with register_globals? ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-01-23 19:50 Message: Logged In: YES user_id=14116 I believe this bug is only present when register globals is on(an unsupported configuration). But I could be wrong. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-01-23 18:56 Message: Logged In: NO Check around line 180 in admdesigner.inc. My modifications are below to fix conflicting variable names. Similar fix applies to admrespondent. /* load ACL */ if(!empty($u) && !empty($r)) { $sql = "SELECT * FROM ".$GLOBALS['ESPCONFIG']['designer_table']." WHERE username=$u AND realm=$r"; $result = execute_sql($sql,"",ADODB_FETCH_ASSOC); if($arr = fetch_row($result)) { /* foreach(array( 'username', 'realm', 'fname', 'lname', 'email', 'pdesign', 'pstatus', 'pdata', 'pall', 'pgroup', 'puser', 'disabled', 'expiration') as $col) { $$col = $arr[$col]; } $u =& $username; $r =& $realm; */ // Ryan Schroeder - assign manually to avoid conflicting with $username $u = $arr['username']; $r = $arr['realm']; $fname = $arr['fname']; $lname = $arr['lname']; $email = $arr['email']; $pdesign = $arr['pdesign']; $pstatus = $arr['pstatus']; $pdata = $arr['pdata']; $pall = $arr['pall']; $pgroup = $arr['pgroup']; $puser = $arr['puser']; $disabled = $arr['disabled']; $expiration = $arr['expiration']; if(intval($expiration) > 0) { $ex_year = substr($expiration,0,4); $ex_month = substr($expiration,4,2); $ex_day = substr($expiration,6,2); } else { $ex_year = ''; $ex_month = ''; $ex_day = ''; } } else { $errstr .= mkerror(_('Account not found.') .' ('. ErrorMsg() .')'); } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-07-06 13:39:24
|
Bugs item #1410940, was opened at 2006-01-20 11:56 Message generated for change (Comment added) made by blentz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 Status: Open Resolution: None Priority: 5 Submitted By: blentz (blentz) Assigned to: Nobody/Anonymous (nobody) Summary: Accessing designer account admin logs you out Initial Comment: When logged in as a superuser with all ACL abilities, I try to go and modify an existing designer. I can get as far as the "Designers Account Administration" form, but if I click *anything* i.e. Update/Cancel/Delete buttons, Go back to Management Interface link, or even manually try and go to /admin/manage.php, I am booted out and am sent to the Management Login form with "Incorrect User ID or Password, or your account has been disabled/expired." This makes changing or deleting an existing designer impossible. ---------------------------------------------------------------------- >Comment By: blentz (blentz) Date: 2006-07-06 08:39 Message: Logged In: YES user_id=997838 With all due respect, phpESP is not the only PHP application in the world, nor is it the only PHP application on my server. Therefore, I cannot allow phpESP to dictate the setting of register_globals on my server's configuration due to the *other* applications I've got. This is the motivation for the patch I've provided below, which folks seem to be having success with. Perhaps if phpESP used unique variable names in the first place, this entire issue would be moot and we wouldn't be discussing this bug right now. ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-07-05 22:07 Message: Logged In: YES user_id=14116 register_globals should be OFF. This problem might exist if they are on(an unsupported configuration). Globals are off on my development and production servers and I have no problems. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-07-05 07:57 Message: Logged In: NO I had that problem too, also with admrespondents, also for me is a must to have register_globals=On, so I used the patch, and it works great (v 1.8.2) but you must remove manually some extra variables at admrespondent.inc. Thanks a lot!!!!! ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-06-23 10:27 Message: Logged In: YES user_id=14116 Are you using version 1.8.2 and do you have register_globals on or off? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-06-23 10:09 Message: Logged In: NO I'm having the same problem. Can someone give me some instructions for how to install the patch. Sorry, I'm a noob at this. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-03-16 14:28 Message: Logged In: YES user_id=997838 Please try to use the patch I attached to this bug report back in January. It will fix your problem. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-16 13:47 Message: Logged In: NO I am having the same issue... I am going to rrot out my bad account thru MySQL... But you are right, we are unable to mod, del, and created account using phpESP. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-03 09:04 Message: Logged In: NO Same Problem! ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-01-23 23:21 Message: Logged In: YES user_id=997838 I'm guessing you're both right; problem is that I have other PHP applications on the system that require register_globals. I've created a patch from the changes by R. Schroeder, can be applied to the phpESP source tree using: patch -p0 < phpESP-1.8.patch Tested, corrects this bug. Perhaps this patch could be incorporated into the next release, making the Administer Respondants and Administer Designers work on systems with register_globals? ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-01-23 19:50 Message: Logged In: YES user_id=14116 I believe this bug is only present when register globals is on(an unsupported configuration). But I could be wrong. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-01-23 18:56 Message: Logged In: NO Check around line 180 in admdesigner.inc. My modifications are below to fix conflicting variable names. Similar fix applies to admrespondent. /* load ACL */ if(!empty($u) && !empty($r)) { $sql = "SELECT * FROM ".$GLOBALS['ESPCONFIG']['designer_table']." WHERE username=$u AND realm=$r"; $result = execute_sql($sql,"",ADODB_FETCH_ASSOC); if($arr = fetch_row($result)) { /* foreach(array( 'username', 'realm', 'fname', 'lname', 'email', 'pdesign', 'pstatus', 'pdata', 'pall', 'pgroup', 'puser', 'disabled', 'expiration') as $col) { $$col = $arr[$col]; } $u =& $username; $r =& $realm; */ // Ryan Schroeder - assign manually to avoid conflicting with $username $u = $arr['username']; $r = $arr['realm']; $fname = $arr['fname']; $lname = $arr['lname']; $email = $arr['email']; $pdesign = $arr['pdesign']; $pstatus = $arr['pstatus']; $pdata = $arr['pdata']; $pall = $arr['pall']; $pgroup = $arr['pgroup']; $puser = $arr['puser']; $disabled = $arr['disabled']; $expiration = $arr['expiration']; if(intval($expiration) > 0) { $ex_year = substr($expiration,0,4); $ex_month = substr($expiration,4,2); $ex_day = substr($expiration,6,2); } else { $ex_year = ''; $ex_month = ''; $ex_day = ''; } } else { $errstr .= mkerror(_('Account not found.') .' ('. ErrorMsg() .')'); } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-07-06 03:07:24
|
Bugs item #1410940, was opened at 2006-01-20 11:56 Message generated for change (Comment added) made by greggmc You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 Status: Open Resolution: None Priority: 5 Submitted By: blentz (blentz) Assigned to: Nobody/Anonymous (nobody) Summary: Accessing designer account admin logs you out Initial Comment: When logged in as a superuser with all ACL abilities, I try to go and modify an existing designer. I can get as far as the "Designers Account Administration" form, but if I click *anything* i.e. Update/Cancel/Delete buttons, Go back to Management Interface link, or even manually try and go to /admin/manage.php, I am booted out and am sent to the Management Login form with "Incorrect User ID or Password, or your account has been disabled/expired." This makes changing or deleting an existing designer impossible. ---------------------------------------------------------------------- >Comment By: Matthew Gregg (greggmc) Date: 2006-07-05 22:07 Message: Logged In: YES user_id=14116 register_globals should be OFF. This problem might exist if they are on(an unsupported configuration). Globals are off on my development and production servers and I have no problems. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-07-05 07:57 Message: Logged In: NO I had that problem too, also with admrespondents, also for me is a must to have register_globals=On, so I used the patch, and it works great (v 1.8.2) but you must remove manually some extra variables at admrespondent.inc. Thanks a lot!!!!! ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-06-23 10:27 Message: Logged In: YES user_id=14116 Are you using version 1.8.2 and do you have register_globals on or off? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-06-23 10:09 Message: Logged In: NO I'm having the same problem. Can someone give me some instructions for how to install the patch. Sorry, I'm a noob at this. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-03-16 14:28 Message: Logged In: YES user_id=997838 Please try to use the patch I attached to this bug report back in January. It will fix your problem. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-16 13:47 Message: Logged In: NO I am having the same issue... I am going to rrot out my bad account thru MySQL... But you are right, we are unable to mod, del, and created account using phpESP. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-03 09:04 Message: Logged In: NO Same Problem! ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-01-23 23:21 Message: Logged In: YES user_id=997838 I'm guessing you're both right; problem is that I have other PHP applications on the system that require register_globals. I've created a patch from the changes by R. Schroeder, can be applied to the phpESP source tree using: patch -p0 < phpESP-1.8.patch Tested, corrects this bug. Perhaps this patch could be incorporated into the next release, making the Administer Respondants and Administer Designers work on systems with register_globals? ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-01-23 19:50 Message: Logged In: YES user_id=14116 I believe this bug is only present when register globals is on(an unsupported configuration). But I could be wrong. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-01-23 18:56 Message: Logged In: NO Check around line 180 in admdesigner.inc. My modifications are below to fix conflicting variable names. Similar fix applies to admrespondent. /* load ACL */ if(!empty($u) && !empty($r)) { $sql = "SELECT * FROM ".$GLOBALS['ESPCONFIG']['designer_table']." WHERE username=$u AND realm=$r"; $result = execute_sql($sql,"",ADODB_FETCH_ASSOC); if($arr = fetch_row($result)) { /* foreach(array( 'username', 'realm', 'fname', 'lname', 'email', 'pdesign', 'pstatus', 'pdata', 'pall', 'pgroup', 'puser', 'disabled', 'expiration') as $col) { $$col = $arr[$col]; } $u =& $username; $r =& $realm; */ // Ryan Schroeder - assign manually to avoid conflicting with $username $u = $arr['username']; $r = $arr['realm']; $fname = $arr['fname']; $lname = $arr['lname']; $email = $arr['email']; $pdesign = $arr['pdesign']; $pstatus = $arr['pstatus']; $pdata = $arr['pdata']; $pall = $arr['pall']; $pgroup = $arr['pgroup']; $puser = $arr['puser']; $disabled = $arr['disabled']; $expiration = $arr['expiration']; if(intval($expiration) > 0) { $ex_year = substr($expiration,0,4); $ex_month = substr($expiration,4,2); $ex_day = substr($expiration,6,2); } else { $ex_year = ''; $ex_month = ''; $ex_day = ''; } } else { $errstr .= mkerror(_('Account not found.') .' ('. ErrorMsg() .')'); } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-07-05 12:57:50
|
Bugs item #1410940, was opened at 2006-01-20 08:56 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 Status: Open Resolution: None Priority: 5 Submitted By: blentz (blentz) Assigned to: Nobody/Anonymous (nobody) Summary: Accessing designer account admin logs you out Initial Comment: When logged in as a superuser with all ACL abilities, I try to go and modify an existing designer. I can get as far as the "Designers Account Administration" form, but if I click *anything* i.e. Update/Cancel/Delete buttons, Go back to Management Interface link, or even manually try and go to /admin/manage.php, I am booted out and am sent to the Management Login form with "Incorrect User ID or Password, or your account has been disabled/expired." This makes changing or deleting an existing designer impossible. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-07-05 05:57 Message: Logged In: NO I had that problem too, also with admrespondents, also for me is a must to have register_globals=On, so I used the patch, and it works great (v 1.8.2) but you must remove manually some extra variables at admrespondent.inc. Thanks a lot!!!!! ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-06-23 08:27 Message: Logged In: YES user_id=14116 Are you using version 1.8.2 and do you have register_globals on or off? ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-06-23 08:09 Message: Logged In: NO I'm having the same problem. Can someone give me some instructions for how to install the patch. Sorry, I'm a noob at this. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-03-16 11:28 Message: Logged In: YES user_id=997838 Please try to use the patch I attached to this bug report back in January. It will fix your problem. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-16 10:47 Message: Logged In: NO I am having the same issue... I am going to rrot out my bad account thru MySQL... But you are right, we are unable to mod, del, and created account using phpESP. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-03 06:04 Message: Logged In: NO Same Problem! ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-01-23 20:21 Message: Logged In: YES user_id=997838 I'm guessing you're both right; problem is that I have other PHP applications on the system that require register_globals. I've created a patch from the changes by R. Schroeder, can be applied to the phpESP source tree using: patch -p0 < phpESP-1.8.patch Tested, corrects this bug. Perhaps this patch could be incorporated into the next release, making the Administer Respondants and Administer Designers work on systems with register_globals? ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-01-23 16:50 Message: Logged In: YES user_id=14116 I believe this bug is only present when register globals is on(an unsupported configuration). But I could be wrong. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-01-23 15:56 Message: Logged In: NO Check around line 180 in admdesigner.inc. My modifications are below to fix conflicting variable names. Similar fix applies to admrespondent. /* load ACL */ if(!empty($u) && !empty($r)) { $sql = "SELECT * FROM ".$GLOBALS['ESPCONFIG']['designer_table']." WHERE username=$u AND realm=$r"; $result = execute_sql($sql,"",ADODB_FETCH_ASSOC); if($arr = fetch_row($result)) { /* foreach(array( 'username', 'realm', 'fname', 'lname', 'email', 'pdesign', 'pstatus', 'pdata', 'pall', 'pgroup', 'puser', 'disabled', 'expiration') as $col) { $$col = $arr[$col]; } $u =& $username; $r =& $realm; */ // Ryan Schroeder - assign manually to avoid conflicting with $username $u = $arr['username']; $r = $arr['realm']; $fname = $arr['fname']; $lname = $arr['lname']; $email = $arr['email']; $pdesign = $arr['pdesign']; $pstatus = $arr['pstatus']; $pdata = $arr['pdata']; $pall = $arr['pall']; $pgroup = $arr['pgroup']; $puser = $arr['puser']; $disabled = $arr['disabled']; $expiration = $arr['expiration']; if(intval($expiration) > 0) { $ex_year = substr($expiration,0,4); $ex_month = substr($expiration,4,2); $ex_day = substr($expiration,6,2); } else { $ex_year = ''; $ex_month = ''; $ex_day = ''; } } else { $errstr .= mkerror(_('Account not found.') .' ('. ErrorMsg() .')'); } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 |
|
From: SourceForge.net <no...@so...> - 2006-06-23 16:08:18
|
Bugs item #1410940, was opened at 2006-01-20 08:56 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Admin Group: v1.8 Status: Open Resolution: None Priority: 5 Submitted By: blentz (blentz) Assigned to: Nobody/Anonymous (nobody) Summary: Accessing designer account admin logs you out Initial Comment: When logged in as a superuser with all ACL abilities, I try to go and modify an existing designer. I can get as far as the "Designers Account Administration" form, but if I click *anything* i.e. Update/Cancel/Delete buttons, Go back to Management Interface link, or even manually try and go to /admin/manage.php, I am booted out and am sent to the Management Login form with "Incorrect User ID or Password, or your account has been disabled/expired." This makes changing or deleting an existing designer impossible. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-06-23 08:09 Message: Logged In: NO I'm having the same problem. Can someone give me some instructions for how to install the patch. Sorry, I'm a noob at this. ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-03-16 11:28 Message: Logged In: YES user_id=997838 Please try to use the patch I attached to this bug report back in January. It will fix your problem. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-16 10:47 Message: Logged In: NO I am having the same issue... I am going to rrot out my bad account thru MySQL... But you are right, we are unable to mod, del, and created account using phpESP. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-03-03 06:04 Message: Logged In: NO Same Problem! ---------------------------------------------------------------------- Comment By: blentz (blentz) Date: 2006-01-23 20:21 Message: Logged In: YES user_id=997838 I'm guessing you're both right; problem is that I have other PHP applications on the system that require register_globals. I've created a patch from the changes by R. Schroeder, can be applied to the phpESP source tree using: patch -p0 < phpESP-1.8.patch Tested, corrects this bug. Perhaps this patch could be incorporated into the next release, making the Administer Respondants and Administer Designers work on systems with register_globals? ---------------------------------------------------------------------- Comment By: Matthew Gregg (greggmc) Date: 2006-01-23 16:50 Message: Logged In: YES user_id=14116 I believe this bug is only present when register globals is on(an unsupported configuration). But I could be wrong. ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2006-01-23 15:56 Message: Logged In: NO Check around line 180 in admdesigner.inc. My modifications are below to fix conflicting variable names. Similar fix applies to admrespondent. /* load ACL */ if(!empty($u) && !empty($r)) { $sql = "SELECT * FROM ".$GLOBALS['ESPCONFIG']['designer_table']." WHERE username=$u AND realm=$r"; $result = execute_sql($sql,"",ADODB_FETCH_ASSOC); if($arr = fetch_row($result)) { /* foreach(array( 'username', 'realm', 'fname', 'lname', 'email', 'pdesign', 'pstatus', 'pdata', 'pall', 'pgroup', 'puser', 'disabled', 'expiration') as $col) { $$col = $arr[$col]; } $u =& $username; $r =& $realm; */ // Ryan Schroeder - assign manually to avoid conflicting with $username $u = $arr['username']; $r = $arr['realm']; $fname = $arr['fname']; $lname = $arr['lname']; $email = $arr['email']; $pdesign = $arr['pdesign']; $pstatus = $arr['pstatus']; $pdata = $arr['pdata']; $pall = $arr['pall']; $pgroup = $arr['pgroup']; $puser = $arr['puser']; $disabled = $arr['disabled']; $expiration = $arr['expiration']; if(intval($expiration) > 0) { $ex_year = substr($expiration,0,4); $ex_month = substr($expiration,4,2); $ex_day = substr($expiration,6,2); } else { $ex_year = ''; $ex_month = ''; $ex_day = ''; } } else { $errstr .= mkerror(_('Account not found.') .' ('. ErrorMsg() .')'); } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=108956&aid=1410940&group_id=8956 |
24 messages has been excluded from this view by a project administrator.
