siddhantwankar wrote: In which function or file our token get validate for a survey participant table.
A quick how to:
1. You go to the page that interest you (token submission)
2. You look at the form submission URL ("index.php/{SID}")
3. The route doesn't indicate any controller, so it's the default controller.
4. You google "Yii Default controller", and you find that the params to define the default controller is: 'defaultController'
5. You grep 'defaultController' and find that is defined in application/config/internal.php
6. In internal config, you find out that default controller for front end is
application/controllers/survey/index.php
That means that your Token form is submitted to that file:
github.com/LimeSurvey/LimeSurvey/blob/ma...ers/survey/index.php
7. You go back to the token form, and find that the token is submitted as a POST param.
9. You go
application/controllers/survey/index.php and look for where the POST request is parsed. You find this line:
github.com/LimeSurvey/LimeSurvey/blob/ma...survey/index.php#L89
10. Now that you found that all the POST params are inside an array called $param, and that your token input in the token form is named 'token', you look for
$param in
application/controllers/survey/index.php. That lead you to that line:
github.com/LimeSurvey/LimeSurvey/blob/ma...survey/index.php#L95
Code:
$clienttoken = trim($param['token']);
So now, you know that the token user submited is inside the variable $clienttoken.
11. From here, you look how it is used:
-
as a param for _isClientTokenDifferentFromSessionToken()
: clearly not what you are looking for.
-
As a test inside inside a if statement testing that survey is finished
: clearly not what you are looking for.
-
To fill a variable called token in a statement commented as "// Get token"
: that's what you're looking for.
12. So now, you look how this variable $token is used, and bingo, you find this statment:
github.com/LimeSurvey/LimeSurvey/blob/ma.../index.php#L383-L387
Code:
if ($thissurvey['alloweditaftercompletion'] == 'Y' ) {
$tokenInstance = Token::model($surveyid)->findByAttributes(array('token' => $token));
} else {
$tokenInstance = Token::model($surveyid)->usable()->incomplete()->findByAttributes(array('token' => $token));
}
It means there are two ways to validate token, depending if survey allow edition of a response. If yes, then :
Code:
$tokenInstance = Token::model($surveyid)->findByAttributes(array('token' => $token));
Only checks if the token exist in the Token model (see Yii documentation for findBytAttributes in an AR instance)
else:
Code:
$tokenInstance = Token::model($surveyid)->usable()->incomplete()->findByAttributes(array('token' => $token));
call to the token model, and use is usable+incomplete scope:
github.com/LimeSurvey/LimeSurvey/blob/ma.../Token.php#L298-L305
which just add conditions to check that the survey has not been completed already, and that it's valid.
So, as you see, it's a long work. As Denis told you, we're not your personal programmers. If you can't do that kind of operations, you should consider hiring a LimeSurvey partner. Also, now that I helped you, you should considering making a donation to LimeSurvey 
Topic Author
