From aace61b391c0531f9d762d24b2669493ff4716f1 Mon Sep 17 00:00:00 2001
From: pero1203 <peter.hrvatin@gmail.com>
Date: Thu, 30 Sep 2021 14:11:09 +0200
Subject: [PATCH] V urlju za izpolnjevanje ankete imamo po novem random
 8-mestni hash namesto id-ja ankete. VECJI UPDATE - POTREBNO DOBRO TESTIRATI

---
 admin/survey/SurveyAdmin.php                  | 24 ++++++-------
 admin/survey/SurveyAdminAjax.php              | 13 +------
 admin/survey/SurveyAdminSettings.php          |  3 +-
 admin/survey/api/class.ApiSurvey.php          | 23 ++++++++-----
 admin/survey/classes/class.AppSettings.php    |  2 +-
 admin/survey/classes/class.Common.php         | 34 ++++++++-----------
 admin/survey/classes/class.Library.php        | 17 ++++++++--
 admin/survey/classes/class.SurveyCopy.php     | 11 +++---
 .../classes/class.SurveyCustomReport.php      |  3 +-
 admin/survey/classes/class.SurveyInfo.php     | 10 +++---
 admin/survey/classes/class.SurveySkupine.php  |  2 +-
 .../survey/classes/class.SurveyTelephone.php  |  7 ++--
 .../surveyEmails/class.SurveyAlert.php        | 12 +++----
 .../class.SurveyInvitationsNew.php            |  4 +--
 .../modules/mod_EVOLI/class.EvoliForm.php     |  2 +-
 .../class.SurveyAdvancedParadataLog.php       | 22 ++++++------
 .../class/HierarhijaAjaxClass.php             |  8 ++---
 admin/survey/script/postProcess.js            | 16 ++-------
 admin/survey/script/script.js                 |  5 ++-
 admin/survey/script/script_analiza.js         |  4 +--
 function.php                                  | 14 ++++++++
 .../survey/app/Controllers/AjaxController.php | 20 ++++-------
 .../survey/app/Controllers/BodyController.php | 17 +++++-----
 .../app/Controllers/DisplayController.php     | 29 ----------------
 .../app/Controllers/HeaderController.php      |  4 ++-
 .../app/Controllers/HelperController.php      |  2 --
 main/survey/app/Controllers/InitClass.php     | 15 ++++----
 .../app/Controllers/StatisticController.php   |  4 +--
 main/survey/class.EvalvacijaMain.php          |  6 +++-
 main/survey/edit_anketa.php                   |  8 +++--
 main/survey/embed_out.php                     |  5 +--
 main/survey/sa_koda.php                       |  6 ++--
 main/survey/uporabnost.php                    |  4 +--
 sql/update2.sql                               |  8 +++++
 34 files changed, 170 insertions(+), 194 deletions(-)

diff --git a/admin/survey/SurveyAdmin.php b/admin/survey/SurveyAdmin.php
index 1362f7a71..58abb9044 100644
--- a/admin/survey/SurveyAdmin.php
+++ b/admin/survey/SurveyAdmin.php
@@ -211,6 +211,7 @@ class SurveyAdmin
                 echo '<form name="meta" action="" style="display:none">';
 
                 echo '<input type="hidden" name="anketa" id="srv_meta_anketa_id" value="' . $this->anketa . '" />';
+                echo '<input type="hidden" name="anketa_hash" id="srv_meta_anketa_hash" value="' . SurveyInfo::getInstance()->getSurveyHash() . '" />';
                 echo '<input type="hidden" name="srv_site_url" id="srv_site_url" value="' . $site_url . '" />';
                 echo '<input type="hidden" name="grupa"  id="srv_meta_grupa"  value="' . $this->grupa . '" />';
                 echo '<input type="hidden" name="branching" id="srv_meta_branching" value="' . $this->branching . '" />';
@@ -3792,7 +3793,6 @@ class SurveyAdmin
     {
         global $site_url;
 
-        //return '&lt;iframe id="1ka" src="'.$site_url.'main/survey/index.php?anketa='.$this->anketa.'" scrolling="auto" frameborder="0" width="100%"&gt;&lt;/iframe&gt;&lt;script type="text/javascript"&gt;function r(){var a=window.location.hash.replace("#","");if(a.length==0)return;document.getElementById("1ka").style.height=a+"px";window.location.hash=""};window.setInterval(\\\'r()\\\',100);&lt;/script&gt;';
         $iframe = '<iframe id="1ka" src="' . SurveyInfo::getSurveyLink() . '" height="400px" width="100%" scrolling="auto" frameborder="0"></iframe>';
         $javascript = '<script type="text/javascript">function r(){var a=window.location.hash.replace("#","");if(a.length==0)return;document.getElementById("1ka").style.height=a+"px";window.location.hash=""};window.setInterval("r()",100);</script>';
 
@@ -4601,11 +4601,15 @@ class SurveyAdmin
 			$mobile_skin = 'Mobile'.$skin;
 		}
 
-        $sql = sisplet_query("INSERT INTO srv_anketa (id, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, show_intro, show_concl, survey_type, lang_admin, lang_resp, active, skin, mobile_skin) " .
-            "VALUES ('', '$naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '$text', '$url', '$intro_opomba', '$showIntro', '$showConcl', '$survey_type', '$lang_admin', '$lang_resp', '$autoActiveSurvey', '$skin', '$mobile_skin')");
+        // Nastavimo se hash
+        $hash = Common::generateSurveyHash();
+
+        $sql = sisplet_query("INSERT INTO srv_anketa (id, hash, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, show_intro, show_concl, survey_type, lang_admin, lang_resp, active, skin, mobile_skin) " .
+            "VALUES ('', '".$hash."', '$naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '$text', '$url', '$intro_opomba', '$showIntro', '$showConcl', '$survey_type', '$lang_admin', '$lang_resp', '$autoActiveSurvey', '$skin', '$mobile_skin')");
         if (!$sql) {
             $error = mysqli_error($GLOBALS['connect_db']);
         }
+
         $anketa = mysqli_insert_id($GLOBALS['connect_db']);
 
 
@@ -4614,8 +4618,7 @@ class SurveyAdmin
 
 			// Updatamo srv_activity, ce je anketa aktivna - drugace se ne zabelezi ok ko se deaktivira
 			if ($autoActiveSurvey == 1) {
-				$activity_insert_string = "INSERT INTO srv_activity (sid, starts, expire, uid) VALUES('" . $anketa . "', $starts, $expire, '" . $global_user_id . "' );";
-				$sql_insert = sisplet_query($activity_insert_string);
+				$sql_insert = sisplet_query("INSERT INTO srv_activity (sid, starts, expire, uid) VALUES ('".$anketa."', $starts, $expire, '".$global_user_id."')");
 			}
 
 			// vnesemo tudi 1. grupo aka page
@@ -4648,8 +4651,9 @@ class SurveyAdmin
 				//popravljanje default nastavitev - stat=0, show_intro=0
 				$sqlSpr = sisplet_query("UPDATE srv_spremenljivka SET stat = '0' WHERE id = '$spr_id'");
 				$sqlAnk = sisplet_query("UPDATE srv_anketa SET show_intro = '0', show_concl = '0', progressbar = '0', countType = '0', akronim = ' ' WHERE id = '$anketa'");
-				// vsilimo refresh podatkov
-				SurveyInfo:: getInstance()->resetSurveyData();
+				
+                // vsilimo refresh podatkov
+				SurveyInfo::getInstance()->resetSurveyData();
 			}
 
 			//popravljanje default nastavitev pri formi - show_intro=0, show_concl=0, trajanje->neomejeno
@@ -4693,12 +4697,6 @@ class SurveyAdmin
 			
 			// Nastavimo obvescanje pri poteku ankete (default ob kreiranju ankete)
 			SurveyAlert::setDefaultAlertBeforeExpire();
-			
-			// uporabniku dodamo anketo se v knjiznico "moje ankete"
-			// torej uporabniku ne bomo avtomatsko dodali ankete v knjiznico "moje ankete"
-			//$sqlk = sisplet_query("SELECT * FROM srv_library_folder WHERE uid='$uid' AND tip='1' AND parent='0'");
-			//$rowk = mysqli_fetch_array($sqlk);
-			//sisplet_query("INSERT INTO srv_library_anketa (ank_id, uid, folder) VALUES ('$anketa', '$uid', '$rowk[id]')");
 
 			return $anketa;
 		}
diff --git a/admin/survey/SurveyAdminAjax.php b/admin/survey/SurveyAdminAjax.php
index af7800d9d..53a8142e7 100644
--- a/admin/survey/SurveyAdminAjax.php
+++ b/admin/survey/SurveyAdminAjax.php
@@ -111,17 +111,6 @@ class SurveyAdminAjax {
 						header('Location: index.php?anketa=' . $this->anketa . '&grupa=' . $this->grupa . '');
 					
 				}
-				/*
-				// meta podatki, ki jih beremo z JS
-				echo '<form name="meta" action="" style="display:none">';
-				echo '<input type="hidden" name="anketa" id="srv_meta_anketa_id" value="' . $this->anketa . '" />';
-				echo '<input type="hidden" name="grupa"  id="srv_meta_grupa"  value="' . $this->grupa . '" />';
-				echo '<input type="hidden" name="branching" id="srv_meta_branching" value="' . $this->branching . '" />';
-				echo '<input type="hidden" name="podstran" id="srv_meta_podstran" value="' . $_GET['m'] . '" />';
-				echo '<input type="hidden" name="akcija" id="srv_meta_akcija" value="' . $_GET['a'] . '" />';
-				echo '<input type="hidden" name="full_screen_edit" id="srv_meta_full_screen_edit" value="' . ($this->full_screen_edit == 1 ? 1 : 0) . '" />';
-				echo '</form>';
-				*/
 			}
 
 			// tole je, ce se inicializira v branhingu z $action=-1 (pa mogoce/najbrz se kje), da se ne prikazujejo 2x te meta podatki in redirecta...
@@ -5412,7 +5401,7 @@ class SurveyAdminAjax {
 		if (SurveyInfo::getInstance()->checkSurveyModule('uporabnost'))
 			$link = 'main/survey/uporabnost.php?anketa=' . $anketa ;
 		else
-			$link = 'main/survey/index.php?anketa=' . $anketa ;
+			$link = 'main/survey/index.php?anketa=' . SurveyInfo::getInstance()->getSurveyHash();
 		
 
 		// Dodamo nice url
diff --git a/admin/survey/SurveyAdminSettings.php b/admin/survey/SurveyAdminSettings.php
index a837fd501..5e333f77f 100644
--- a/admin/survey/SurveyAdminSettings.php
+++ b/admin/survey/SurveyAdminSettings.php
@@ -2351,7 +2351,7 @@ class SurveyAdminSettings {
 		$base_lang_resp = $lang['language'];
 		$p->include_base_lang();
 		
-		$link1 = $site_url.'a/'.Common::encryptAnketaID($this->anketa);
+		$link1 = $site_url.'a/'.$row['hash'];
 		echo '<b><a href="'.$link1.'" target="_blank">'.$link1.'</a>'.(count($lang_array) > 0 ? ' - '.$base_lang_resp : '').'</b>';
 
 		echo '<a href="#" onclick="CopyToClipboard(\''.$link1.'\');" return false;" title="Kopiraj povezavo" class="srv_ico">'
@@ -2648,7 +2648,6 @@ class SurveyAdminSettings {
 		SurveyInfo::getInstance()->SurveyInit($this->anketa);
 		$row = SurveyInfo::getInstance()->getSurveyRow();
 		
-		//return '&lt;iframe id="1ka" src="'.$site_url.'main/survey/index.php?anketa='.$this->anketa.'" scrolling="auto" frameborder="0" width="100%"&gt;&lt;/iframe&gt;&lt;script type="text/javascript"&gt;function r(){var a=window.location.hash.replace("#","");if(a.length==0)return;document.getElementById("1ka").style.height=a+"px";window.location.hash=""};window.setInterval(\\\'r()\\\',100);&lt;/script&gt;';
 		$iframe = '<iframe id="1ka" src="'.$link.'?e=1" height="500px" width="100%" scrolling="auto" frameborder="0"></iframe>';
 		$javascript = '<script type="text/javascript">function r(){var a=window.location.hash.replace("#","");if(a.length==0)return;document.getElementById("1ka").style.height=a+"px";window.location.hash=""};window.setInterval("r()",100);'
 		.'</script>';
diff --git a/admin/survey/api/class.ApiSurvey.php b/admin/survey/api/class.ApiSurvey.php
index 93eddc249..b3d765409 100644
--- a/admin/survey/api/class.ApiSurvey.php
+++ b/admin/survey/api/class.ApiSurvey.php
@@ -2144,12 +2144,14 @@ class ApiSurvey {
         $res = sisplet_query("SELECT value FROM misc WHERE what='SurveyCookie'");
         list ($SurveyCookie) = mysqli_fetch_row($res);
 
+        // Nastavimo se hash
+        $hash = Common::generateSurveyHash();
 
         // GLASOVANJE
         if ($survey_type == 0) {
 
-            $sql = sisplet_query("INSERT INTO srv_anketa (id, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, survey_type, lang_admin, lang_resp, active, skin, show_intro, show_concl, locked, mobile_created) " .
-                    "VALUES ('', '$naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '', '$url', '', '0', '$lang_admin', '$lang_resp', '0', '1kaBlue', '0', '0', '0', '$mobile_created')");
+            $sql = sisplet_query("INSERT INTO srv_anketa (id, hash, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, survey_type, lang_admin, lang_resp, active, skin, show_intro, show_concl, locked, mobile_created) " .
+                    "VALUES ('', '".$hash."', $naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '', '$url', '', '0', '$lang_admin', '$lang_resp', '0', '1kaBlue', '0', '0', '0', '$mobile_created')");
 
             if (!$sql) {
                 $error = mysqli_error($GLOBALS['connect_db']);
@@ -2158,7 +2160,8 @@ class ApiSurvey {
 
 
             if ($anketa > 0) {
-                $url .= 'a/' . $anketa;
+
+                $url .= 'a/' . $hash;
 
                 // vnesemo tudi 1. grupo aka page
                 $sql = sisplet_query("INSERT INTO srv_grupa (id, ank_id, naslov, vrstni_red) VALUES ('', '$anketa', '$lang[srv_stran] 1', '1')");
@@ -2219,8 +2222,8 @@ class ApiSurvey {
             $zakljucek_besedilo = $purifier->purify_DB($zakljucek['besedilo']);
             $show_concl = ($zakljucek['hide_zakljucek'] == '1') ? 0 : 1;
 
-            $sql = sisplet_query("INSERT INTO srv_anketa (id, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, survey_type, lang_admin, lang_resp, active, skin, introduction, conclusion, show_intro, show_concl, locked, mobile_created) " .
-                    "VALUES ('', '$naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '', '$url', '', '2', '$lang_admin', '$lang_resp', '$autoActiveSurvey', '1ka', '$uvod_besedilo', '$zakljucek_besedilo', '$show_intro', '$show_concl', '1', '$mobile_created')");
+            $sql = sisplet_query("INSERT INTO srv_anketa (id, hash, naslov, akronim, db_table, starts, expire, dostop, insert_uid, insert_time, edit_uid, edit_time, cookie, text, url, intro_opomba, survey_type, lang_admin, lang_resp, active, skin, introduction, conclusion, show_intro, show_concl, locked, mobile_created) " .
+                    "VALUES ('', '".$hash."', $naslov', '$akronim', '1', $starts, $expire, '0', '$global_user_id', NOW(), '$global_user_id', NOW(), '$SurveyCookie', '', '$url', '', '2', '$lang_admin', '$lang_resp', '$autoActiveSurvey', '1ka', '$uvod_besedilo', '$zakljucek_besedilo', '$show_intro', '$show_concl', '1', '$mobile_created')");
             if (!$sql) {
                 $error = mysqli_error($GLOBALS['connect_db']);
             }
@@ -2228,7 +2231,8 @@ class ApiSurvey {
 
 
             if ($anketa > 0) {
-                $url .= 'a/' . $anketa;
+
+                $url .= 'a/' . $hash;
 
                 // vnesemo tudi 1. grupo aka page
                 $sql = sisplet_query("INSERT INTO srv_grupa (id, ank_id, naslov, vrstni_red) VALUES ('', '$anketa', '$lang[srv_stran] 1', '1')");
@@ -2267,7 +2271,8 @@ class ApiSurvey {
             $json_array['id'] = $anketa;
 
             $json_array['note'] = 'Survey created';
-        } else {
+        } 
+        else {
             $json_array['error'] = 'Error creating survey';
         }
 
@@ -3521,7 +3526,7 @@ class ApiSurvey {
                 if (SurveyInfo::getInstance()->checkSurveyModule('uporabnost'))
                     $link = 'main/survey/uporabnost.php?anketa=' . $anketa . '&skupina=' . $vre_id;
                 else
-                    $link = 'main/survey/index.php?anketa=' . $anketa . '&skupina=' . $vre_id;
+                    $link = 'main/survey/index.php?anketa=' . SurveyInfo::getInstance()->getSurveyHash() . '&skupina=' . $vre_id;
 
                 if ($add) {
                     $f = @fopen($site_path . '.htaccess', 'a');
@@ -3628,7 +3633,7 @@ class ApiSurvey {
                 if (SurveyInfo::getInstance()->checkSurveyModule('uporabnost'))
                     $link = 'main/survey/uporabnost.php?anketa=' . $anketa . '&skupina=' . $vre_id;
                 else
-                    $link = 'main/survey/index.php?anketa=' . $anketa . '&skupina=' . $vre_id;
+                    $link = 'main/survey/index.php?anketa=' . SurveyInfo::getInstance()->getSurveyHash() . '&skupina=' . $vre_id;
 
                 if ($add) {
                     $f = @fopen($site_path . '.htaccess', 'a');
diff --git a/admin/survey/classes/class.AppSettings.php b/admin/survey/classes/class.AppSettings.php
index 6a0fec04b..cae79a4ca 100644
--- a/admin/survey/classes/class.AppSettings.php
+++ b/admin/survey/classes/class.AppSettings.php
@@ -93,7 +93,7 @@ class AppSettings {
 
 
     private static $instance = null;
-    private static $settings = array();
+    private $settings = array();
     
 
     private function __construct(){
diff --git a/admin/survey/classes/class.Common.php b/admin/survey/classes/class.Common.php
index 5127e963a..081365687 100644
--- a/admin/survey/classes/class.Common.php
+++ b/admin/survey/classes/class.Common.php
@@ -2063,29 +2063,23 @@ class Common {
 		return $help_url;
 	}
 
-	// Nov algoritem za id ankete v url-ju (ni vec stevilka ampak string - vsako liho stevilko zamenjamo z ustrezno crko npr. 1234 -> A2C4)
-	public static function encryptAnketaID($anketa_id){
+	// Nov algoritem za id ankete v url-ju za izpolnjevanje
+	public static function generateSurveyHash(){
+        
+        $unique = false;
 
-		// Ali imamo vklopljeno sifriranje id-ja anket v url-ju - ZENKRAT UGASNJENO
-		//if(true){
-		if(false){
-			$anketa_arr = str_split($anketa_id);
-			$anketa_string = '';
+        while(!$unique){
 
-			foreach($anketa_arr as $pos => $num){
+            // Zgeneriramo random string z 8 znaki
+            $hash = substr(md5(uniqid(mt_rand(), true)), 0, 8);
 
-				// Na lihih mestih pretvorimo stevilko v crko
-				if($pos % 2 == 0)
-					$anketa_string .= chr(97 + $num);
-				else
-					$anketa_string .= $num;
-			}
-			//$anketa_string = strtolower($anketa_string);
-		}
-		else
-			$anketa_string = $anketa_id;
-
-		return $anketa_string;
+            // Preverimo ce slucajno ze obstaja v bazi
+            $sql = sisplet_query("SELECT 1 FROM srv_anketa WHERE hash='".$hash."' LIMIT 1");
+            if (mysqli_num_rows($sql) == 0)
+                $unique = true;
+        }
+       
+		return $hash;
 	}
 
 	// Algoritem, ki iz texta ustvari strukturo vprasanj in variabel (za uvoz anekte iz texta)
diff --git a/admin/survey/classes/class.Library.php b/admin/survey/classes/class.Library.php
index 4b5b67e26..88d653362 100644
--- a/admin/survey/classes/class.Library.php
+++ b/admin/survey/classes/class.Library.php
@@ -301,7 +301,10 @@ class Library {
 
                                 // nova anketa kot template iz knjiznice
                                 echo '<a href="/" onclick="anketa_copy(\''.$row1['id'].'\'); return false;" title="'.$lang['srv_library_use_survey'].'"><span class="faicon copy"></span> <span class="library_item_setting_text">'.$lang['srv_anketacopy'].'</span></a> ';
-                                echo '<a href="'.$site_url.'main/survey/'.(!SurveyInfo::getInstance()->checkSurveyModule('uporabnost') ? 'index' : 'uporabnost').'.php?anketa='.$row1['id'].'&preview=on" target="_blank" title="'.$lang['srv_poglejanketo'].'"><span class="faicon preview"></span> <span class="library_item_setting_text">'.$lang['srv_poglejanketo2'].'</span></a> ';
+                                if(SurveyInfo::getInstance()->checkSurveyModule('uporabnost'))                                
+                                    echo '<a href="'.$site_url.'main/survey/uporabnost.php?anketa='.$row1['id'].'&preview=on" target="_blank" title="'.$lang['srv_poglejanketo'].'"><span class="faicon preview"></span> <span class="library_item_setting_text">'.$lang['srv_poglejanketo2'].'</span></a> ';
+                                else
+                                    echo '<a href="'.$site_url.'main/survey/index.php?anketa='.SurveyInfo::getInstance()->getSurveyHash().'&preview=on" target="_blank" title="'.$lang['srv_poglejanketo'].'"><span class="faicon preview"></span> <span class="library_item_setting_text">'.$lang['srv_poglejanketo2'].'</span></a> ';
                                 
                                 // brisi iz knjiznice
                                 if ($admin_type == 0) {
@@ -317,7 +320,11 @@ class Library {
                                 }
                             }
                             else {
-                                echo '<a href="'.$site_url.'main/survey/'.(!SurveyInfo::getInstance()->checkSurveyModule('uporabnost') ? 'index' : 'uporabnost').'.php?anketa='.$row1['id'].'&preview=on" target="_blank" title="'.$lang['srv_poglejanketo'].'"><span class="faicon preview"></span></a>';
+                                if(SurveyInfo::getInstance()->checkSurveyModule('uporabnost'))                                
+                                    echo '<a href="'.$site_url.'main/survey/uporabnost.php?anketa='.$row1['id'].'&preview=on" target="_blank" title="'.$lang['srv_poglejanketo'].'"><span class="faicon preview"></span></a>';
+                                else
+                                    echo '<a href="'.$site_url.'main/survey/index.php?anketa='.SurveyInfo::getInstance()->getSurveyHash().'&preview=on" target="_blank" title="'.$lang['srv_poglejanketo'].'"><span class="faicon preview"></span></a>';
+                                
                                 // moznost da povozi anketo z anketo iz knjiznice
                                 //TEGA NE DOVOLIMO KER NI OK DA SE KAR PREPISE OBSTOJECO ANKETO - anketo iz knjiznice se lahko po novem dodaja samo iz mojih anket oz. pri ustvarjanju
                                 echo ' <a href="/" onclick="alert_copy_anketa(\''.$row1['id'].'\'); return false;"><span class="sprites copy_small" title="'.$lang['srv_copy_srv'].'"></span></a>';
@@ -484,7 +491,11 @@ class Library {
 				echo '<a href="/" onclick="anketa_copy(\''.$row1['id'].'\'); return false;" title="'.$lang['srv_library_use_survey'].'"><span class="faicon copy"></span> '.$lang['srv_anketacopy'].'</a> ';
 				
 				// Preview
-				echo '<a href="'.$site_url.'main/survey/'.(!SurveyInfo::getInstance()->checkSurveyModule('uporabnost') ? 'index' : 'uporabnost').'.php?anketa='.$row1['id'].'&preview=on" target="_blank" title="'.$lang['srv_poglejanketo'].'"><span class="faicon preview"></span> '.$lang['srv_poglejanketo2'].'</a> ';
+                
+                if(SurveyInfo::getInstance()->checkSurveyModule('uporabnost'))
+				    echo '<a href="'.$site_url.'main/survey/uporabnost.php?anketa='.$row1['id'].'&preview=on" target="_blank" title="'.$lang['srv_poglejanketo'].'"><span class="faicon preview"></span> '.$lang['srv_poglejanketo2'].'</a> ';
+                else
+				    echo '<a href="'.$site_url.'main/survey/index.php?anketa='.SurveyInfo::getInstance()->getSurveyHash().'&preview=on" target="_blank" title="'.$lang['srv_poglejanketo'].'"><span class="faicon preview"></span> '.$lang['srv_poglejanketo2'].'</a> ';
 				
 				// Urejanje - admin
 				if ($admin_type == 0)
diff --git a/admin/survey/classes/class.SurveyCopy.php b/admin/survey/classes/class.SurveyCopy.php
index d894d5948..c6bc8429d 100644
--- a/admin/survey/classes/class.SurveyCopy.php
+++ b/admin/survey/classes/class.SurveyCopy.php
@@ -215,13 +215,6 @@ class SurveyCopy {
 
 		$arr_src = array();
 
-		// subqueryji mysql cist ubijejo zato sem razbil v 2 locena queryja... v bistvu si zakesiramo seznam spremenljivk in ifov
-		// TODO ko se MySQL upgrada na 5.6 mogoce prestavit nazaj na navaden subquery, ali pa tut ne - bo za sprobat
-
-
-		$qry_src_survey = sisplet_query("SELECT * FROM srv_anketa WHERE id = '".self :: $src_survey."'", self :: $src_connect_db);
-		$anketa_array = self::sql2array($qry_src_survey);
-
         //Če imamo vklopljeno hierarhijo, potem vrednosti spremenljivk od hierarhije ne kopiramo
         // V kolikor imamo vklopljeno hierarhijo potem ne kopiramo spremenljivke od hierarhije
         $hierarhija_sql = null;
@@ -491,8 +484,12 @@ class SurveyCopy {
 			// iz izvorne ankete preberemo vsa polja
 			if ( count($arr_src['srv_anketa']) > 0) {
                 
+                // Nastavimo se hash nove ankete
+                $hash = Common::generateSurveyHash();
+
                 // predefinirana polja (vsilimo vrednosti)
 				$pre_set = array('id' => "NULL",
+								'hash' => "'".$hash."'",
 								'backup' => "'0'",
 								'active' => "'0'",
 								'locked' => "'0'",
diff --git a/admin/survey/classes/class.SurveyCustomReport.php b/admin/survey/classes/class.SurveyCustomReport.php
index 8d0f6168b..011890635 100644
--- a/admin/survey/classes/class.SurveyCustomReport.php
+++ b/admin/survey/classes/class.SurveyCustomReport.php
@@ -1989,10 +1989,11 @@ class SurveyCustomReport {
 			$row = mysqli_fetch_array($sql);		
 			$titleString = $row['value'];
 		}	
-        //echo '<h2>'.$lang['srv_publc_creport_title_for'] .$titleString.'</h2>';
+
         echo '<h2>'.$titleString.'</h2>';
 
         echo '<input type="hidden" name="anketa_id" id="srv_meta_anketa_id" value="' . $anketa . '" />';
+        echo '<input type="hidden" name="anketa_hash" id="srv_meta_anketa_hash" value="' . SurveyInfo::getInstance()->getSurveyHash() . '" />';
         echo '<div id="analiza_data">';
 
         # ponastavimo nastavitve- filter
diff --git a/admin/survey/classes/class.SurveyInfo.php b/admin/survey/classes/class.SurveyInfo.php
index bd20279d5..dd021448f 100644
--- a/admin/survey/classes/class.SurveyInfo.php
+++ b/admin/survey/classes/class.SurveyInfo.php
@@ -159,6 +159,7 @@ class SurveyInfo
 	
 	// te funkcije ohranimo, da se obdrzi kompatibilnost za nazaj. Za naprej se lahko uporabi kar direktno getSurveyColumn (v primerih kjer se lahko)
 	static function getSurveyId()			{ return self::$surveyId; }
+	static function getSurveyHash()			{ return self::getSurveyColumn('hash'); }
 	static function getSurveyTitle()		{ return strip_tags(self::getSurveyColumn('naslov')); }
 	static function getSurveyAkronim()		{ return strip_tags(self::getSurveyColumn('akronim')); }
 	static function getSurveyActive()		{ return self::getSurveyColumn('active'); }
@@ -653,10 +654,9 @@ class SurveyInfo
 		
 		if ($anketa == false)
 			$anketa = self::$surveyId;
-		
-		// V get-u ni vec id ankete ampak string (zaradi zascite, da en more kdorkoli dostopati do vseh anket)
-		$anketa_string = Common::encryptAnketaID($anketa);
-		
+
+        $anketa_string = self::getSurveyHash();
+				
 		if ( ! isset( self::$surveyLink[$anketa_string] ) ) {
 			
 			$sqll = sisplet_query("SELECT link FROM srv_nice_links WHERE ank_id = '".$anketa."' ORDER BY id ASC LIMIT 1");
@@ -667,7 +667,7 @@ class SurveyInfo
 			} 
 			else {		
 				if (self::checkSurveyModule('uporabnost') && $uporabnost == true) // na redirectih pa v form action ne sme it na uporabnost (ker se odpira znotraj frama)
-					$link = $site_url.'main/survey/uporabnost.php?anketa=' . $anketa_string ;
+					$link = $site_url.'main/survey/uporabnost.php?anketa=' . $anketa ;
 				else
 					$link = $site_url.'a/' . $anketa_string ;	
 			}
diff --git a/admin/survey/classes/class.SurveySkupine.php b/admin/survey/classes/class.SurveySkupine.php
index bcfb95bcb..33979ecb9 100644
--- a/admin/survey/classes/class.SurveySkupine.php
+++ b/admin/survey/classes/class.SurveySkupine.php
@@ -286,7 +286,7 @@ class SurveySkupine {
                     if (SurveyInfo::getInstance()->checkSurveyModule('uporabnost'))
                         $link = 'main/survey/uporabnost.php?anketa='.$anketa.'&skupina='.$vre_id;
                     else
-                        $link = 'main/survey/index.php?anketa='.$anketa.'&skupina='.$vre_id;
+                        $link = 'main/survey/index.php?anketa='.SurveyInfo::getInstance()->getSurveyHash().'&skupina='.$vre_id;
                     
                     if ($add) {		
                         $f = @fopen($site_path.'.htaccess', 'a');
diff --git a/admin/survey/classes/class.SurveyTelephone.php b/admin/survey/classes/class.SurveyTelephone.php
index 673efc692..5ffc00410 100644
--- a/admin/survey/classes/class.SurveyTelephone.php
+++ b/admin/survey/classes/class.SurveyTelephone.php
@@ -3396,11 +3396,12 @@ class SurveyTelephone {
 	function startSurvey() {
 		# nastavimo marker na A
 		# in vrnemo dva urlja, enega za reload strani, drugega pa odpiranje ankete
-		global $lang,$site_url, $global_user_id;
+		global $lang, $site_url, $global_user_id;
 		
 		$return = array('error'=>'1', 'msg'=>'Napaka','reloadUrl'=>'','surveyUrl'=>'');
 		
 		if ((int)$_POST['usr_id'] > 0) {
+
 			$usr_id = (int)$_POST['usr_id'];
 			
 			# nastavimo url za nastavitev statusa in reload strani
@@ -3421,7 +3422,7 @@ class SurveyTelephone {
 				$user_data = mysqli_fetch_assoc($chk_query);
 				
 				# sestavimo še url za odpiranje izpolnjevanja ankete
-				$return['surveyUrl'] = $site_url.'a/'.Common::encryptAnketaID($this->sid).'&survey-'.$this->sid.'&code='.$user_data['pass'];
+				$return['surveyUrl'] = $site_url.'a/'.SurveyInfo::getInstance()->getSurveyHash().'&survey-'.$this->sid.'&code='.$user_data['pass'];
 				$return['error'] = '';
 			} 
 			else {
@@ -3479,7 +3480,7 @@ class SurveyTelephone {
 					sisplet_query("COMMIT");
 					
 					# sestavimo še url za odpiranje izpolnjevanja ankete
-					$return['surveyUrl'] = $site_url.'a/'.Common::encryptAnketaID($this->sid).'&survey-'.$this->sid.'&code='.$res_row[password];
+					$return['surveyUrl'] = $site_url.'a/'.SurveyInfo::getInstance()->getSurveyHash().'&survey-'.$this->sid.'&code='.$res_row[password];
 					$return['error'] = '';
 				}
 			}
diff --git a/admin/survey/classes/surveyEmails/class.SurveyAlert.php b/admin/survey/classes/surveyEmails/class.SurveyAlert.php
index b0e0f33fd..97f53762e 100644
--- a/admin/survey/classes/surveyEmails/class.SurveyAlert.php
+++ b/admin/survey/classes/surveyEmails/class.SurveyAlert.php
@@ -163,7 +163,7 @@ class SurveyAlert
 				array(
 					self::$data['survey_naslov'],
 					date('r'),
-					$site_url.'main/survey/index.php?anketa='.self::getSurveyId(),
+					$site_url.'main/survey/index.php?anketa='.SurveyInfo::getInstance()->getSurveyHash(),
 					self::$data['expire_days'],
 					'<a href="'.$site_url.'admin/survey/index.php?anketa='.self::getSurveyId().'">'.$site_url.'admin/survey/index.php?anketa='.self::getSurveyId().'</a>',
         			'<a href="'.$pdf_url.'">'.$pdf_url.'</a>',
@@ -185,7 +185,7 @@ class SurveyAlert
 				array(
 					self::$data['survey_naslov'],
 					date('r'),
-					$site_url.'main/survey/index.php?anketa='.self::getSurveyId(), 
+					$site_url.'main/survey/index.php?anketa='.SurveyInfo::getInstance()->getSurveyHash(), 
 					self::$data['expire_days'],
 					'<a href="'.$site_url.'admin/survey/index.php?anketa='.self::getSurveyId().'">'.$site_url.'admin/survey/index.php?anketa='.self::getSurveyId().'</a>',
         			'<a href="'.$pdf_url.'">'.$pdf_url.'</a>',
@@ -306,7 +306,7 @@ class SurveyAlert
 			array(
 				self::$data['survey_naslov'],
 				date('r'),
-				$site_url.'main/survey/index.php?anketa='.self::getSurveyId(), 
+				$site_url.'main/survey/index.php?anketa='.SurveyInfo::getInstance()->getSurveyHash(), 
 				self::$data['expire_days'],
 				'<a href="'.$site_url.'admin/survey/index.php?anketa='.self::getSurveyId().'">'.$site_url.'admin/survey/index.php?anketa='.self::getSurveyId().'</a>',
         		'<a href="'.$pdf_url.'">'.$pdf_url.'</a>',
@@ -325,7 +325,7 @@ class SurveyAlert
 			array(
 				self::$data['survey_naslov'],
 				date('r'),
-				$site_url.'main/survey/index.php?anketa='.self::getSurveyId(), 
+				$site_url.'main/survey/index.php?anketa='.SurveyInfo::getInstance()->getSurveyHash(), 
 				self::$data['expire_days'],
 				'<a href="'.$site_url.'admin/survey/index.php?anketa='.self::getSurveyId().'">'.$site_url.'admin/survey/index.php?anketa='.self::getSurveyId().'</a>',
         		'<a href="'.$pdf_url.'">'.$pdf_url.'</a>', 
@@ -426,7 +426,7 @@ class SurveyAlert
 			array(
 				self::$data['survey_naslov'],
 				date('r'),
-				$site_url.'main/survey/index.php?anketa='.self::getSurveyId(), 
+				$site_url.'main/survey/index.php?anketa='.SurveyInfo::getInstance()->getSurveyHash(), 
 				self::$data['expire_days'],
 				'<a href="'.$site_url.'admin/survey/index.php?anketa='.self::getSurveyId().'">'.$site_url.'admin/survey/index.php?anketa='.self::getSurveyId().'</a>',
         		'<a href="'.$pdf_url.'">'.$pdf_url.'</a>',
@@ -445,7 +445,7 @@ class SurveyAlert
 				array(
 					self::$data['survey_naslov'],
 					date('r'),
-					$site_url.'main/survey/index.php?anketa='.self::getSurveyId(), 
+					$site_url.'main/survey/index.php?anketa='.SurveyInfo::getInstance()->getSurveyHash(), 
 					self::$data['expire_days'],
 					'<a href="'.$site_url.'admin/survey/index.php?anketa='.self::getSurveyId().'">'.$site_url.'admin/survey/index.php?anketa='.self::getSurveyId().'</a>',
         			'<a href="'.$pdf_url.'">'.$pdf_url.'</a>',
diff --git a/admin/survey/classes/surveyEmails/class.SurveyInvitationsNew.php b/admin/survey/classes/surveyEmails/class.SurveyInvitationsNew.php
index 6ea21f359..17869232f 100644
--- a/admin/survey/classes/surveyEmails/class.SurveyInvitationsNew.php
+++ b/admin/survey/classes/surveyEmails/class.SurveyInvitationsNew.php
@@ -1770,7 +1770,7 @@ class SurveyInvitationsNew {
 					
 					// Skoci na urejanje odgovorov - ce imamo identifikatorje povezane s podatki
 					if($this->surveySettings['show_email'] == 1)
-						echo '<td class="tbl_inv_left"><span class="icon-grey_dark_link" onclick="window.open(\''.$site_url.'/main/survey/edit_anketa.php?anketa='.$this->sid.'&usr_id='.$sql_row['id'].'&code='.$sql_row['password'].'\', \'blank\')" title="'.$lang['srv_edit_data_row'].'"></span></td>';
+						echo '<td class="tbl_inv_left"><span class="icon-grey_dark_link" onclick="window.open(\''.$site_url.'/main/survey/edit_anketa.php?anketa='.SurveyInfo::getInstance()->getSurveyHash().'&usr_id='.$sql_row['id'].'&code='.$sql_row['password'].'\', \'blank\')" title="'.$lang['srv_edit_data_row'].'"></span></td>';
 
 					foreach ($fields AS $fkey =>$field) {
 						if ($field == 1) {
@@ -8757,7 +8757,7 @@ class SurveyInvitationsNew {
 			}
 		}					
 		
-		$link1 = $site_url.'a/'.Common::encryptAnketaID($this->sid);
+		$link1 = $site_url.'a/'.SurveyInfo::getInstance()->getSurveyHash();
 		# normalen link
 		$result[$cnt] = array('url'=>$link1, 'name'=>$link1.(count($lang_array) > 0 ? ' - '.$lang['language'] : ''));
 		if ($default_checked == false) {
diff --git a/admin/survey/modules/mod_EVOLI/class.EvoliForm.php b/admin/survey/modules/mod_EVOLI/class.EvoliForm.php
index dc652bdfe..32ba21689 100644
--- a/admin/survey/modules/mod_EVOLI/class.EvoliForm.php
+++ b/admin/survey/modules/mod_EVOLI/class.EvoliForm.php
@@ -825,7 +825,7 @@ class EvoliForm {
 				if (SurveyInfo::getInstance()->checkSurveyModule('uporabnost'))
 					$link = 'main/survey/uporabnost.php?anketa='.$anketa.'&skupina='.$vre_id;
 				else
-					$link = 'main/survey/index.php?anketa='.$anketa.'&skupina='.$vre_id;
+					$link = 'main/survey/index.php?anketa='.SurveyInfo::getInstance()->getSurveyHash().'&skupina='.$vre_id;
 				
 				if ($add) {		
 					$f = @fopen($site_path.'.htaccess', 'a');
diff --git a/admin/survey/modules/mod_advanced_paradata/class.SurveyAdvancedParadataLog.php b/admin/survey/modules/mod_advanced_paradata/class.SurveyAdvancedParadataLog.php
index d844eaede..3294dacfc 100644
--- a/admin/survey/modules/mod_advanced_paradata/class.SurveyAdvancedParadataLog.php
+++ b/admin/survey/modules/mod_advanced_paradata/class.SurveyAdvancedParadataLog.php
@@ -17,19 +17,13 @@ class SurveyAdvancedParadataLog {
 	
 	
 	// Privatni construct, ki ga 1x poklice getInstance
-	private function __construct (/*$anketa*/) {
+	private function __construct () {
 		
-		/*ini_set('display_errors', 1);
-		ini_set('display_startup_errors', 1);
-		error_reporting(E_ALL);*/
-		
-		// Ce imamo anketo
-		/*if ((int)$anketa > 0){
-			$this->anketa = $anketa;
-		}*/
-		
-		$this->anketa = (int)$_REQUEST['anketa'];		
-		//$this->anketa = $anketa_id;
+        if(isset($_GET['m']) && $_GET['m'] == 'quick_edit')
+            return false;
+            
+		$anketa_hash = $_REQUEST['anketa'];		
+		$this->anketa = getSurveyIdFromHash($anketa_hash);	
 		
 		if($this->anketa > 0){
 			SurveyInfo::getInstance()->SurveyInit($this->anketa);
@@ -50,6 +44,10 @@ class SurveyAdvancedParadataLog {
 	
 	// Vrne ce zbiramo napredne parapodatke
 	public function paradataEnabled(){
+
+        if(isset($_GET['m']) && $_GET['m'] == 'quick_edit')
+            return false;
+
 		return $this->collectParadata;
     }
     
diff --git a/admin/survey/modules/mod_hierarhija/class/HierarhijaAjaxClass.php b/admin/survey/modules/mod_hierarhija/class/HierarhijaAjaxClass.php
index 3c3adf8c5..a75cf5a43 100644
--- a/admin/survey/modules/mod_hierarhija/class/HierarhijaAjaxClass.php
+++ b/admin/survey/modules/mod_hierarhija/class/HierarhijaAjaxClass.php
@@ -936,14 +936,14 @@ class HierarhijaAjax
 
         if (is_array($ankete_v_knjiznici) && empty($ankete_v_knjiznici->ank_id)) {
             foreach ($ankete_v_knjiznici as $anketa) {
-                $srv_anketa = sisplet_query("SELECT id, naslov FROM srv_anketa WHERE id='" . $anketa->ank_id . "'", "obj");
+                $srv_anketa = sisplet_query("SELECT id, naslov, hash FROM srv_anketa WHERE id='" . $anketa->ank_id . "'", "obj");
 
                 if(!empty($srv_anketa->naslov)) {
                     echo '<li>';
                     echo '<input type="radio" name="knjiznica_izbira" id="ank_'.$anketa->ank_id.'" value="'.$anketa->ank_id.'" /> ';
                     echo '<span class="enka-checkbox-radio"></span>';
                     echo '<span>
-                                <a href="'.$this->site_url.'/main/survey/index.php?anketa='.$anketa->ank_id.'&amp;preview=on" target="_blank" title="Predogled ankete">
+                                <a href="'.$this->site_url.'/main/survey/index.php?anketa='.$srv_anketa->hash.'&amp;preview=on" target="_blank" title="Predogled ankete">
                                   <span class="faicon preview"></span>
                                 </a>
                           </span>';
@@ -952,13 +952,13 @@ class HierarhijaAjax
                 }
             }
         } elseif (is_object($ankete_v_knjiznici)) {
-            $srv_anketa = sisplet_query("SELECT id, naslov FROM srv_anketa WHERE id='" . $ankete_v_knjiznici->ank_id . "'", "obj");
+            $srv_anketa = sisplet_query("SELECT id, naslov, hash FROM srv_anketa WHERE id='" . $ankete_v_knjiznici->ank_id . "'", "obj");
 
             if(!empty($srv_anketa->naslov)) {
                 echo '<li>';
                 echo '<input type="radio" name="knjiznica_izbira" id="ank_'.$ankete_v_knjiznici->ank_id.'" value="'.$ankete_v_knjiznici->ank_id.'" /> ';
                 echo '<span>
-                            <a href="'.$this->site_url.'main/survey/index.php?anketa='.$ankete_v_knjiznici->ank_id.'&amp;preview=on" target="_blank" title="Predogled ankete">
+                            <a href="'.$this->site_url.'main/survey/index.php?anketa='.$srv_anketa->hash.'&amp;preview=on" target="_blank" title="Predogled ankete">
                               <span class="faicon preview"></span>
                             </a>
                       </span>';
diff --git a/admin/survey/script/postProcess.js b/admin/survey/script/postProcess.js
index 711fa4a17..f7d096dcc 100644
--- a/admin/survey/script/postProcess.js
+++ b/admin/survey/script/postProcess.js
@@ -678,24 +678,14 @@ function postProcessAddRelevanceTitles() {
 }
 
 function showSurveyAnswers(event) {
-/*
-	var srv_site_url = $("#srv_site_url").val();
-	var target = $(event.target);
-	var uid = $(target).parent().find('.data_uid').html();
-	var href = srv_site_url+'main/survey/edit_anketa.php?anketa='+srv_meta_anketa_id+'&usr_id='+uid+'&quick_view=1';
-	//alert(href);
-	//return false;
-	if (uid > 0 ){
-		window.open(href, '_blank');
-	}		
-*/
+
 	// polovimo user id
 	var srv_site_url = $("#srv_site_url").val();
 	var target = $(event.target);
 	var uid = $(target).parent().parent().find('.data_uid').html();
-//	var href = srv_site_url+'main/survey/edit_anketa.php?anketa='+srv_meta_anketa_id+'&usr_id='+uid+'&quick_view=1';
 	var href = srv_site_url+'admin/survey/index.php?anketa='+srv_meta_anketa_id+'&a=data&m=quick_edit&usr_id='+uid+'&quick_view=1';
-	if (uid > 0 ){
+	
+    if (uid > 0 ){
 		window.location = href;
 	}
 }	
diff --git a/admin/survey/script/script.js b/admin/survey/script/script.js
index 5b176e62c..837089ef6 100644
--- a/admin/survey/script/script.js
+++ b/admin/survey/script/script.js
@@ -24,11 +24,13 @@ var __tabele = 0;        // pove ce smo v analizi v krostabulacijah(1)
 // poklice se v onload.js
 function load_meta_variables () {
 	srv_meta_anketa_id = $("#srv_meta_anketa_id").val();
+	srv_meta_anketa_hash = $("#srv_meta_anketa_hash").val();
 	srv_meta_podstran = $("#srv_meta_podstran").val();
 	srv_meta_akcija = $("#srv_meta_akcija").val();
 	srv_meta_grupa = $("#srv_meta_grupa").val();
 	srv_meta_branching = $("#srv_meta_branching").val();
 	srv_meta_full_screen_edit = ($("#srv_meta_full_screen_edit").val() == 1 ? true : false);
+    
 	loaded = true;
 };
 
@@ -5189,9 +5191,6 @@ function evoli_tm_settings_add_oddelek(tm_id) {
 }
 
 
-// Zakaj je to tukaj?? - ne sme biti tako, ker drugače povozi funkcijo z istim imenom v main/survey (ce se kdaj klice iz tam - recimo pri komentarjih)
-//function checkBranching(){}
-
 // Popravimo crte med vprasanji ce imamo blok s horizontalnim izrisom vprasanj
 function blockHorizontalLine(spr_id){
 	
diff --git a/admin/survey/script/script_analiza.js b/admin/survey/script/script_analiza.js
index a5132cc60..c2495f366 100644
--- a/admin/survey/script/script_analiza.js
+++ b/admin/survey/script/script_analiza.js
@@ -83,7 +83,7 @@ function analiza_init () {
 	$('#dataTable td .edit_square').live('click', function(event) {
 		// polovimo user id
 		var uid = $(this).parent().parent().find('.data_uid').html();
-		var href = srv_site_url+'main/survey/edit_anketa.php?anketa='+srv_meta_anketa_id+'&usr_id='+uid+'';
+		var href = srv_site_url+'main/survey/edit_anketa.php?anketa='+srv_meta_anketa_hash+'&usr_id='+uid+'';
 		if (uid > 0 ){
 			window.open(href, '_blank');
 		}
@@ -1250,7 +1250,7 @@ function quickEditAction(action, usr_id){
 	
 	// editiranje starega vnosa
 	if(action == 'edit'){
-		var href = srv_site_url+'main/survey/edit_anketa.php?anketa='+srv_meta_anketa_id+'&usr_id='+usr_id+'';
+		var href = srv_site_url+'main/survey/edit_anketa.php?anketa='+srv_meta_anketa_hash+'&usr_id='+usr_id+'';
 		if (usr_id > 0 ){
 			window.open(href, '_blank');
 		}
diff --git a/function.php b/function.php
index 27d45ec9e..3903e18b0 100644
--- a/function.php
+++ b/function.php
@@ -690,6 +690,20 @@ function isVirtual(){
     return (AppSettings::getInstance()->getSetting('installation_type') === '3') ? true : false;
 }
 
+// Dobimo id ankete iz hash-a
+function getSurveyIdFromHash($hash){
+    
+    $ank_id = 0;
+
+    $sql = sisplet_query("SELECT id FROM srv_anketa WHERE hash='".$hash."'");
+    if (mysqli_num_rows($sql) > 0) {
+        $row = mysqli_fetch_array($sql);
+        $ank_id = $row['id'];
+    }
+
+    return $ank_id;
+}
+
 /**
  * Počasno nalaganje polja iz baze
  *
diff --git a/main/survey/app/Controllers/AjaxController.php b/main/survey/app/Controllers/AjaxController.php
index 7dc5750d6..8eb8d7fc4 100644
--- a/main/survey/app/Controllers/AjaxController.php
+++ b/main/survey/app/Controllers/AjaxController.php
@@ -344,30 +344,22 @@ class AjaxController extends Controller
     }
 
     //asinhrono pobiranje podatkov za ureditev missing
-    public function ajax_get_dragdrop1_data()
-    {
+    public function ajax_get_dragdrop1_data(){
+
         Model::user_not_lurker();
+
         $anketa = $_GET['anketa'];
         $spremenljivka = $_GET['spremenljivka'];
+
         $vre_id = array();
-        //echo 'Spremenljivka: '.$spremenljivka;
-        //echo 'Anketa: '.$anketa;
-        //$sql1 = sisplet_query("SELECT id FROM srv_vrednost WHERE spr_id='$spremenljivka' AND other!=0 ");
+
         $sql1 = sisplet_query("SELECT id FROM srv_vrednost WHERE spr_id='$spremenljivka'");
         $num = mysqli_num_rows($sql1);
 
-        /* 		echo '
-                    <script>
-                        console.log('.$num.');
-                    </script>
-                '; */
-
         while ($row1 = mysqli_fetch_array($sql1)) {
-            //$vre_id[$i] = $row1['id'];
             array_push($vre_id, $row1['id']);
         }
-        //echo 'Podatek je: '.$num;
-        //echo $vre_id;
+
         echo json_encode($vre_id);
 
     }
diff --git a/main/survey/app/Controllers/BodyController.php b/main/survey/app/Controllers/BodyController.php
index c50963fa1..25e58d287 100644
--- a/main/survey/app/Controllers/BodyController.php
+++ b/main/survey/app/Controllers/BodyController.php
@@ -900,10 +900,10 @@ class BodyController extends Controller
                     // Glede na vrednost
                     $naslednja = array_search($resevanje->koda, $kode) + 1;
 
-                    $url = sisplet_query("SELECT url FROM srv_hierarhija_koda WHERE koda='".$kode[$naslednja]."'", "obj");
+                    $url = sisplet_query("SELECT h.url, a.hash FROM srv_hierarhija_koda h, srv_anketa a WHERE h.koda='".$kode[$naslednja]."' AND h.anketa_id=a.id", "obj");
 
                     $url_encode_spremenljivke = urlencode(base64_encode($url->url . '&supersifra=' . $resevanje->supersifra.'&resujem='.$naslednja));
-                    $redirect = $site_url .'a/'.get('anketa').'?enc='.$url_encode_spremenljivke;
+                    $redirect = $site_url .'a/'.$url->hash.'?enc='.$url_encode_spremenljivke;
 
                     header("Location: $redirect");
                 }
@@ -1023,7 +1023,6 @@ class BodyController extends Controller
                 echo '</div>' . "\n"; //-grupa
 
                 if ($row['user_from_cms'] == 2) {
-                    //echo '<p style="text-align:center"><a href="'.$site_url.'a/'.$this->anketa.'">'.$lang['srv_nextins'].'</a></p>';
                     echo '<p style="text-align:center"><a href="' . SurveyInfo::getSurveyLink() . '">' . $lang['srv_nextins'] . '</a></p>';
                 }
 
@@ -1116,7 +1115,7 @@ class BodyController extends Controller
                 if ($row['user_from_cms'] == 2 && $row['user_from_cms_email'] == 1 && $admin_type <= 2) { // vnosos
                     $sqlg = sisplet_query("SELECT id FROM srv_grupa WHERE ank_id='" . get('anketa') . "'ORDER BY vrstni_red ASC LIMIT 1");
                     $rowg = mysqli_fetch_array($sqlg);
-                    //echo '<p class="vnos"><a href="'.$site_url.'a/'.$this->anketa.'&grupa='.$rowg['id'].'">'.$lang['srv_nextins'].'</a> | <a href="'.$site_url.'admin/survey/index.php?anketa='.$this->anketa.'">'.$lang['srv_insend'].'</a></p>';
+
                     echo '<p class="vnos"><a href="' . SurveyInfo::getSurveyLink() . '&grupa=' . $rowg['id'] . '">' . $lang['srv_nextins'] . '</a> | <a href="' . $site_url . 'admin/survey/index.php?anketa=' . get('anketa') . '">' . $lang['srv_insend'] . '</a></p>';
                 }
 
@@ -1404,9 +1403,9 @@ class BodyController extends Controller
 
             //ce statistike ne prikazujemo skocimo na zakljucek (ce imammo izklopljeno ali nastavleno na samo urednike in ni urednik)
             if ($rows['stat'] == 0 || ($rows['stat'] == 2 && self::$admin_type != 0 && self::$admin_type != 1)) {
-                //header('Location: '.self::$site_url.'a/'.get('anketa').'&grupa='.get('grupa').'&glas_end=1'.get('cookie_url').'');
                 header('Location: ' . SurveyInfo::getSurveyLink() . '&grupa=' . get('grupa') . (isset($_GET['language']) ? '&language=' . $_GET['language'] : '') . '&glas_end=1' . get('cookie_url') . '');
-            } else {
+            } 
+            else {
 
                 echo '<div class="outercontainer_holder concl_statistika">';
                 echo '<div class="outercontainer_holder_top"></div>';
@@ -1427,7 +1426,7 @@ class BodyController extends Controller
                 echo '</div>' . "\n";
 
                 echo '<div class="buttons">';
-                //$url_stat = ''.self::$site_url.'a/'.get('anketa').'&grupa='.get('grupa').'&glas_end=1'.get('cookie_url');
+
                 $url_stat = '' . SurveyInfo::getSurveyLink() . '&grupa=' . get('grupa') . (isset($_GET['language']) ? '&language=' . $_GET['language'] : '') . '&glas_end=1' . get('cookie_url');
                 $js = 'document.location.href=\'' . $url_stat . '\';';
 
@@ -1636,8 +1635,8 @@ class BodyController extends Controller
 			if ($row['user_from_cms'] == 2 && $row['user_from_cms_email'] == 1 && $admin_type <= 2) { // vnosos
 				$sqlg = sisplet_query("SELECT id FROM srv_grupa WHERE ank_id='" . get('anketa') . "'ORDER BY vrstni_red ASC LIMIT 1");
 				$rowg = mysqli_fetch_array($sqlg);
-				//echo '<p class="vnos"><a href="'.$site_url.'a/'.$this->anketa.'&grupa='.$rowg['id'].'">'.$lang['srv_nextins'].'</a> | <a href="'.$site_url.'admin/survey/index.php?anketa='.$this->anketa.'">'.$lang['srv_insend'].'</a></p>';
-				echo '<p class="vnos"><a href="' . SurveyInfo::getSurveyLink() . '&grupa=' . $rowg['id'] . '">' . $lang['srv_nextins'] . '</a> | <a href="' . $site_url . 'admin/survey/index.php?anketa=' . get('anketa') . '">' . $lang['srv_insend'] . '</a></p>';
+
+                echo '<p class="vnos"><a href="' . SurveyInfo::getSurveyLink() . '&grupa=' . $rowg['id'] . '">' . $lang['srv_nextins'] . '</a> | <a href="' . $site_url . 'admin/survey/index.php?anketa=' . get('anketa') . '">' . $lang['srv_insend'] . '</a></p>';
 			}
 
             echo '</div>' . "\n"; // -container
diff --git a/main/survey/app/Controllers/DisplayController.php b/main/survey/app/Controllers/DisplayController.php
index 2f8a68f7f..f4f8cd232 100644
--- a/main/survey/app/Controllers/DisplayController.php
+++ b/main/survey/app/Controllers/DisplayController.php
@@ -807,35 +807,6 @@ class DisplayController extends Controller
         }
     }
 
-    /**
-     * @desc konstruktor
-     */
-    public function PrintSurvey()
-    {
-
-        if (isset($_GET['anketa'])) {
-            save('anketa', $_GET['anketa']);
-
-            $rowa = SurveyInfo::getInstance()->getSurveyRow();
-
-            // uvodni nagovor
-            if ($rowa['show_intro'] != 0) {
-                Body::getInstance()->displayIntroduction();
-            }
-
-            // prikažemo ankete
-            do {
-                save('grupa', Find::getInstance()->findNextGrupa());
-
-                Body::getInstance()->displayAnketa();
-            } while (get('grupa') != Find::getInstance()->findNextGrupa() && Find::getInstance()->findNextGrupa() > 0);
-
-            // prikažemo konec
-            Body::getInstance()->displayKonec();
-        } else
-            echo 'Ni podatkov o anketi!';
-    }
-
 
 	/**
      * @desc prikaze chat okno za tawk chat, ce je modul vklopljen (js koda)
diff --git a/main/survey/app/Controllers/HeaderController.php b/main/survey/app/Controllers/HeaderController.php
index 1b82582c9..3e18e4dd0 100644
--- a/main/survey/app/Controllers/HeaderController.php
+++ b/main/survey/app/Controllers/HeaderController.php
@@ -117,9 +117,11 @@ class HeaderController extends Controller
             return header('Location: ' . self::$site_url);
             die("Missing anketa id!");
         }
-        $anketa = (($get->anketa) ? $get->anketa : $_POST['anketa']);
+        $anketa_hash = (($get->anketa) ? $get->anketa : $_POST['anketa']);
+        $anketa = getSurveyIdFromHash($anketa_hash);
 
         // Shranimo vse spremenljivke iz get parametrov v classu VariableClass
+        save('anketa_hash', $anketa_hash);
         save('anketa', $anketa);
         save('get', $get);
 
diff --git a/main/survey/app/Controllers/HelperController.php b/main/survey/app/Controllers/HelperController.php
index 27d4ff356..2a3dba68e 100644
--- a/main/survey/app/Controllers/HelperController.php
+++ b/main/survey/app/Controllers/HelperController.php
@@ -532,7 +532,6 @@ class HelperController extends Controller
                     array($ime,
                         $row['akronim'], #$row['naslov'],
                         date("d.m.Y, H:i:s"),
-                        //'<a href="'.self::$site_url.'a/'.get('anketa').'">'.self::$site_url.'a/'.get('anketa').'</a>',
                         '<a href="' . SurveyInfo::getSurveyLink() . '">' . SurveyInfo::getSurveyLink() . '</a>',
                         '<a href="' . self::$site_url . 'admin/survey/index.php?anketa=' . get('anketa') . '">' . self::$site_url . 'admin/survey/index.php?anketa=' . get('anketa') . '</a>',
                         '<a href="' . $pdf_url . '">' . self::$lang['srv_alert_link_pdf'] . '</a>',
@@ -554,7 +553,6 @@ class HelperController extends Controller
                     array($ime,
                         $row['naslov'],
                         date("d.m.Y, H:i:s"),
-                        //self::$site_url.'a/'.get('anketa'),
                         SurveyInfo::getSurveyLink(),
                         self::$site_url . 'admin/survey/index.php?anketa=' . get('anketa'),
                         '<a href="' . $pdf_url . '">' . self::$lang['srv_alert_link_pdf'] . '</a>',
diff --git a/main/survey/app/Controllers/InitClass.php b/main/survey/app/Controllers/InitClass.php
index 508df2e51..a5d2e7aef 100644
--- a/main/survey/app/Controllers/InitClass.php
+++ b/main/survey/app/Controllers/InitClass.php
@@ -52,7 +52,10 @@ class InitClass extends Controller
         // cist na zacetku preverimo referer. Ce je prisel od kje drugje (napacno skopiran link itd...) ga preusmerimo na prvo stran ankete
         if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], self::$site_url) === false && !isset($_GET['code']) && !isset($_GET['return']) && !isset($_GET['params'])) {
 
-            $anketa = (isset($_GET['anketa'])) ? $_GET['anketa'] : ((isset($_POST['anketa'])) ? $_POST['anketa'] : die("Missing anketa id!"));
+            $anketa_hash = (isset($_GET['anketa'])) ? $_GET['anketa'] : ((isset($_POST['anketa'])) ? $_POST['anketa'] : die("Missing anketa id!"));
+            save('anketa_hash', $anketa_hash);
+
+            $anketa = getSurveyIdFromHash($anketa_hash);
             save('anketa', $anketa);
 
             // Pri ul evalvaciji tega ne pustimo, ker drugace narobe preusmeri
@@ -69,7 +72,6 @@ class InitClass extends Controller
 
                     $g .= Header::getSurveyParams();
 
-                    //$redirect_url = self::$site_url."a/".get('anketa').$g;
                     $redirect_url = SurveyInfo::getSurveyLink(false, false) . $g;
                     $request_url = 'http' . ($_SERVER['HTTPS'] ? 's' : null) . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
 
@@ -89,9 +91,11 @@ class InitClass extends Controller
         }
 
         if (isset($_GET['anketa']) || isset($_POST['anketa'])) {
-			
-            $anketa = (isset($_GET['anketa'])) ? $_GET['anketa'] : ((isset($_POST['anketa'])) ? $_POST['anketa'] : die("Missing anketa id!"));
-            save('anketa', $anketa);		
+            $anketa_hash = (isset($_GET['anketa'])) ? $_GET['anketa'] : ((isset($_POST['anketa'])) ? $_POST['anketa'] : die("Missing anketa id!"));
+            save('anketa_hash', $anketa_hash);	
+            
+            $anketa = getSurveyIdFromHash($anketa_hash);
+            save('anketa', $anketa);
 
             // Preverimo, ce gre za deaktivirano phishing anketo - vrnemo 404
             global $mysql_database_name;
@@ -412,7 +416,6 @@ class InitClass extends Controller
                                 header('Location: ' . SurveyInfo::getSurveyLink(false, false) . '&grupa=' . get('grupa') . '&ime=' . get('ime_AW') . Header::getSurveyParams() . get('cookie_url') . '');
                             elseif (get('loop_id') != null)
                                 header('Location: ' . SurveyInfo::getSurveyLink(false, false) . '&grupa=' . get('grupa') . '&loop_id=' . get('loop_id') . Header::getSurveyParams() . get('cookie_url') . '');
-
                         } 
                         else {
 
diff --git a/main/survey/app/Controllers/StatisticController.php b/main/survey/app/Controllers/StatisticController.php
index 7e1d4812c..6874932c8 100644
--- a/main/survey/app/Controllers/StatisticController.php
+++ b/main/survey/app/Controllers/StatisticController.php
@@ -263,13 +263,13 @@ class StatisticController extends Controller
 
             echo '<ul>';
             while ($rowArchive = mysqli_fetch_array($sqlArchive)) {
-                $sql4 = sisplet_query("SELECT naslov, starts, insert_uid FROM srv_anketa WHERE id = '$rowArchive[ank_id]'");
+                $sql4 = sisplet_query("SELECT naslov, starts, insert_uid, hash FROM srv_anketa WHERE id = '$rowArchive[ank_id]'");
                 $row4 = mysqli_fetch_array($sql4);
 
                 if($row4['insert_uid'] == $global_user_id){
                     echo '<li>';
 
-                    echo '<a href="' . $site_url . 'a/' . $rowArchive['ank_id'] . '&glas_end=0' . get('cookie_url') . '">' . $row4['naslov'] . '</a>';
+                    echo '<a href="' . $site_url . 'a/' . $row4['hash'] . '&glas_end=0' . get('cookie_url') . '">' . $row4['naslov'] . '</a>';
                     echo ' (' . $row4['starts'] . ')';
 
                     echo '</li>';
diff --git a/main/survey/class.EvalvacijaMain.php b/main/survey/class.EvalvacijaMain.php
index 141031223..128a5c2d2 100644
--- a/main/survey/class.EvalvacijaMain.php
+++ b/main/survey/class.EvalvacijaMain.php
@@ -484,9 +484,13 @@ class EvalvacijaMain {
 		
 		// Encodamo z base64
 		$request_encoded = urlencode(base64_encode($request));
+
+        // Dobimo hash ankete
+        $sqlHash = sisplet_query("SELECT hash FROM srv_anketa WHERE id='".$ank_id."'");
+		$rowHash = mysqli_fetch_array($sqlHash);
 		
 		// Redirectamo na ustrezeno anketo
-		header('Location: https://anketa.uni-lj.si/student/a/'.$ank_id.'?enc='.$request_encoded);
+		header('Location: https://anketa.uni-lj.si/student/a/'.$rowHash['hash'].'?enc='.$request_encoded);
 	}
 	
 	
diff --git a/main/survey/edit_anketa.php b/main/survey/edit_anketa.php
index a767e8aa6..66732e92a 100644
--- a/main/survey/edit_anketa.php
+++ b/main/survey/edit_anketa.php
@@ -2,7 +2,9 @@
 
 include_once('../../function.php');
 
-$anketa = $_GET['anketa'];
+$anketa_hash = $_GET['anketa'];
+$anketa = getSurveyIdFromHash($anketa_hash);
+
 $usr_id = $_GET['usr_id'];
 $preview = $_GET['preview'];
 $code = isset($_GET['code']) ? '&code='.$_GET['code'] : '';
@@ -21,9 +23,9 @@ if ($_GET['quick_view'] == 1) {
 
 if ($row1['cookie'] == -1) {
 	
-	header("Location: ".$site_url."main/survey/index.php?anketa=$anketa&survey-".$anketa."=".$row['cookie'].$urejanje.$code);
+	header("Location: ".$site_url."main/survey/index.php?anketa=".$anketa_hash."&survey-".$anketa."=".$row['cookie'].$urejanje.$code);
 } else {
 	setcookie('survey-'.$anketa, $row['cookie'], 0);
-	header("Location: ".$site_url."main/survey/index.php?anketa=$anketa".$urejanje.$code);
+	header("Location: ".$site_url."main/survey/index.php?anketa=".$anketa_hash.$urejanje.$code);
 }
 ?>
\ No newline at end of file
diff --git a/main/survey/embed_out.php b/main/survey/embed_out.php
index eea6b8ae0..4c7cc9795 100644
--- a/main/survey/embed_out.php
+++ b/main/survey/embed_out.php
@@ -1,9 +1,10 @@
 <?php
 
 include_once('../../function.php');
-$anketa = $_GET['anketa'];
+
+$anketa_hash = $_GET['anketa'];
 $grupa = $_GET['grupa'];
 
-echo 'URI = '.$site_url.'main/survey/index.php?anketa='.$anketa.'&grupa='.$grupa;
+echo 'URI = '.$site_url.'main/survey/index.php?anketa='.$anketa_hash.'&grupa='.$grupa;
 
 ?>
\ No newline at end of file
diff --git a/main/survey/sa_koda.php b/main/survey/sa_koda.php
index 1d81f1226..9e46b0e0d 100644
--- a/main/survey/sa_koda.php
+++ b/main/survey/sa_koda.php
@@ -10,7 +10,7 @@ include_once('../../function.php');
 if (!empty($_POST['koda'])) {
     $koda = strtolower($_POST['koda']);
 
-    $sql = sisplet_query("SELECT url, anketa_id FROM srv_hierarhija_koda WHERE koda='" . $koda . "'");
+    $sql = sisplet_query("SELECT h.url, h.anketa_id, a.hash FROM srv_hierarhija_koda h, srv_anketa a WHERE h.koda='".$koda."' AND h.anketa_id=a.id");
 
     if ($sql->num_rows > 0) {
         $row = $sql->fetch_object();
@@ -19,7 +19,7 @@ if (!empty($_POST['koda'])) {
         $url_encode_spremenljivke = urlencode(base64_encode($row->url));
 
         //celotni url do ankete
-        header("Location: " . $site_url . "a/" . $row->anketa_id . "?enc=" . $url_encode_spremenljivke);
+        header("Location: " . $site_url . "a/" . $row->hash . "?enc=" . $url_encode_spremenljivke);
         die();
     }
 
@@ -35,7 +35,7 @@ if (!empty($_POST['koda'])) {
         $url_encode_spremenljivke = urlencode(base64_encode($koda_resevanje->url . '&supersifra=' . $koda.'&resujem=0'));
 
         //celotni url do ankete
-        header("Location: " . $site_url . "a/" . $row->anketa_id . "?enc=" . $url_encode_spremenljivke);
+        header("Location: " . $site_url . "a/" . $row->hash . "?enc=" . $url_encode_spremenljivke);
         die();
     }
 
diff --git a/main/survey/uporabnost.php b/main/survey/uporabnost.php
index f0eab0854..d5036cd89 100644
--- a/main/survey/uporabnost.php
+++ b/main/survey/uporabnost.php
@@ -26,13 +26,13 @@ if (true || ($row['uporabnost_link'] != null && $row['uporabnost_link'] != ""))
 	echo '
 	<frameset '.($uporabnost_razdeli!=1?'rows':'cols').'="50%,50%">
 	    <frame name="link" src="'.(strlen($row['uporabnost_link'])>7?$row['uporabnost_link']:'').'">
-	    <frame name="survey" src="'.$site_url.'main/survey/index.php?anketa='.$anketa.''.($_GET['preview']=='on'?'&preview=on':'').''.(isset($_GET['sist_link'])?'&sist_link='.$_GET['sist_link']:'').(isset($_GET['code'])?'&code='.$_GET['code']:'').'">
+	    <frame name="survey" src="'.$site_url.'main/survey/index.php?anketa='.$anketa_hash.''.($_GET['preview']=='on'?'&preview=on':'').''.(isset($_GET['sist_link'])?'&sist_link='.$_GET['sist_link']:'').(isset($_GET['code'])?'&code='.$_GET['code']:'').'">
 	</frameset>
 	';	
 } else {
 	echo '
 	<frameset>
-	    <frame name="survey" src="'.$site_url.'main/survey/index.php?anketa='.$anketa.''.($_GET['preview']=='on'?'&preview=on':'').''.(isset($_GET['sist_link'])?'&sist_link='.$_GET['sist_link']:'').(isset($_GET['code'])?'&code='.$_GET['code']:'').'">
+	    <frame name="survey" src="'.$site_url.'main/survey/index.php?anketa='.$anketa_hash.''.($_GET['preview']=='on'?'&preview=on':'').''.(isset($_GET['sist_link'])?'&sist_link='.$_GET['sist_link']:'').(isset($_GET['code'])?'&code='.$_GET['code']:'').'">
 	</frameset>
 	';
 }
diff --git a/sql/update2.sql b/sql/update2.sql
index f6d106192..5857d28b5 100644
--- a/sql/update2.sql
+++ b/sql/update2.sql
@@ -9569,3 +9569,11 @@ CREATE TABLE app_settings(
 
 UPDATE misc SET value='21.09.21' WHERE what="version";
 
+## Ankete vec ne stevilcimo ampak jih identificiramo po hashu
+ALTER TABLE srv_anketa ADD hash VARCHAR(8) CHARACTER SET utf8 NOT NULL DEFAULT '' AFTER id;
+ALTER TABLE srv_anketa ADD UNIQUE (hash);
+
+## Stare ankete imajo za hash kar id (da je kompatibilno za nazaj ker so ze objavljene)
+UPDATE srv_anketa SET hash=id;
+
+UPDATE misc SET value='22.09.30' WHERE what="version";