Nope not at all, authentication is not needed. If you take
a look at the handler code, it checks the local variable
"$results" and if it is set to true it show results rather
than the survey. However, it makes sure that
$HTTP_(GET|POST)_VARS['results'] are not set, so that
arbitrary web users cannot see the information (by setting
results in the URL).
For private surveys, the handler requires authentication,
so therefor the results of private surveys require
authentication too.
The 'test.php' script I have on the sf.net servers
basically bypasses the check of GET vars, so that I can put
"results=1" on the URL (as I did below) without getting
"security violation" errors.
So for example if you have this:
<?php $sid=42; include('.../handler.php'); ?>
try this in another page:
<?php $sid=42; $results=1; include('.../handler.php'); ?>
Hope that helps. Take it easy,
-James
On Thu, 18 Apr 2002, Cédric Levasseur wrote:
> James E. Flemer wrote:
> > I have posted a survey to get some feedback on the policy
> > used for the "return" link on completed surveys. If you
> > have an opinion please take 5 seconds to submit a response
> > (only two questions).
> >
> > Vote:
> > http://phpesp.sf.net/demo/test.php?sid=2944&userid=general
> > Results:
> > http://phpesp.sf.net/demo/test.php?sid=2944&results=1
>
> Please let me know how do you make public results on a survey like this.
> Shouldn't repondents need to authenticate into administration to show
> these results?
>
> Thanks
> Cédric
|
