diff --git a/CHANGELOG b/CHANGELOG index a2b565a7..e53e5b72 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,25 @@ +Database changes for session authentication: + + +/* Make the first user the admin user - with default password of: password */ +INSERT INTO `lime_users` (`users_name`, `password`, `full_name`, `parent_id`, `lang`, `superadmin`) +SELECT username, '0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438', firstName, 1, 'auto', 1 +FROM operators +WHERE operator_id = 1; + +/* Make all other users operators - with default password of: password */ +INSERT INTO `lime_users` (`users_name`, `password`, `full_name`, `parent_id`, `lang`, `superadmin`) +SELECT username, '0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438', firstName, 1, 'auto', 0 +FROM operators +WHERE operator_id != 1; + +/* Make all clients - with default password of: password */ +INSERT INTO `lime_users` (`users_name`, `password`, `full_name`, `parent_id`, `lang`, `superadmin`) +SELECT username, '0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438', firstName, 1, 'auto', 0 +FROM clients +WHERE 1; + +/* Remove redundant table */ DROP TABLE `sessions2`; queXS 1.13.0 - Changes since 1.12.1 diff --git a/admin/clients.php b/admin/clients.php index 8b23f23f..a10c6c98 100644 --- a/admin/clients.php +++ b/admin/clients.php @@ -61,6 +61,7 @@ if (isset($_POST['client'])) { $client = $db->qstr($_POST['client'],get_magic_quotes_gpc()); $firstname = $db->qstr($_POST['firstname'],get_magic_quotes_gpc()); + $email = $db->qstr($_POST['email'],get_magic_quotes_gpc()); $lastname = $db->qstr($_POST['lastname'],get_magic_quotes_gpc()); $time_zone_name = $db->qstr($_POST['Time_zone_name'],get_magic_quotes_gpc()); @@ -72,17 +73,15 @@ if (isset($_POST['client'])) if ($db->Execute($sql)) { - if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false) - { - //Get password and add it to the configured htpassword - include_once("../functions/functions.htpasswd.php"); - $htp = New Htpasswd(HTPASSWD_PATH); - $htg = New Htgroup(HTGROUP_PATH); - - $htp->addUser($_POST['client'],$_POST['password']); - $htg->addUserToGroup($_POST['client'],HTGROUP_CLIENT); - } + include_once("../include/limesurvey/admin/classes/core/sha256.php"); + //Insert into lime_users + $sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`) + VALUES ($client, '" . SHA256::hashing($_POST['password']) . "',$firstname,1,0,$email,'auto')"; + + $db->Execute($sql); + + $a = T_("Added: $client"); } else @@ -154,16 +153,14 @@ function generate() { -
- +
   " class="btn btn-default fa" /> 
-
@@ -171,7 +168,11 @@ function generate() {
-
+
+
+ + +
"; display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,false,array("value",get_setting("DEFAULT_TIME_ZONE")),true,"pull-left"); ?> diff --git a/admin/operatorlist.php b/admin/operatorlist.php index 0a3d7b62..972becac 100644 --- a/admin/operatorlist.php +++ b/admin/operatorlist.php @@ -60,25 +60,43 @@ if (isset($_POST['submit'])) if (isset($_POST['chat_enable'])) $chat_enable = 1; if (isset($_POST['enabled'])) $enabled = 1; - if (HTPASSWD_PATH !== false && $_POST['existing_username'] != $_POST['username'] && empty($_POST['password'])) - { - $msg = "

" . T_("If changing usernames, you must specify a new password") . "

"; - } - else - { - $sql = "UPDATE operator - SET username = " . $db->qstr($_POST['username']) . ", - lastName = " . $db->qstr($_POST['lastName']) . ", - firstName = " . $db->qstr($_POST['firstName']) . ", - chat_user = " . $db->qstr($_POST['chat_user']) . ", - chat_password = " . $db->qstr($_POST['chat_password']) . ", - Time_zone_name = " . $db->qstr($_POST['timezone']) . ", - voip = $voip, enabled = $enabled, chat_enable = $chat_enable - WHERE operator_id = $operator_id"; + //get username + $sql = "SELECT username + FROM operator + WHERE operator_id = $operator_id"; - $rs = $db->Execute($sql); + $uname = $db->GetOne($sql); - if (!empty($rs)) + $sql = "UPDATE " . LIME_PREFIX . "users + SET users_name = " . $db->qstr($_POST['username']) . ", + email = " . $db->qstr($_POST['email']) . ", + full_name = " . $db->qstr($_POST['firstName']); + + if (!empty($_POST['password'])) + { + include_once("../include/limesurvey/admin/classes/core/sha256.php"); + $sql .= ", password = '" . SHA256::hashing($_POST['password']) . "' "; + } + + $sql .= " WHERE users_name = '$uname'"; + + $rs = $db->Execute($sql); + + if (!empty($rs)) + { + $sql = "UPDATE operator + SET username = " . $db->qstr($_POST['username']) . ", + lastName = " . $db->qstr($_POST['lastName']) . ", + firstName = " . $db->qstr($_POST['firstName']) . ", + chat_user = " . $db->qstr($_POST['chat_user']) . ", + chat_password = " . $db->qstr($_POST['chat_password']) . ", + Time_zone_name = " . $db->qstr($_POST['timezone']) . ", + voip = $voip, enabled = $enabled, chat_enable = $chat_enable + WHERE operator_id = $operator_id"; + + $rs = $db->Execute($sql); + + if (!empty($rs)) { //only update extension if we aren't on a case $sql = "SELECT case_id @@ -94,38 +112,28 @@ if (isset($_POST['submit'])) WHERE current_operator_id= $operator_id"; $db->Execute($sql); - + if (!empty($_POST['extension_id'])) { $sql = "UPDATE extension SET current_operator_id = $operator_id WHERE extension_id = " . intval($_POST['extension_id']); - + $db->Execute($sql); } } - - if (HTPASSWD_PATH !== false && !empty($_POST['password'])) - { - //update password in htaccess - include_once(dirname(__FILE__).'/../functions/functions.htpasswd.php'); - $htp = New Htpasswd(HTPASSWD_PATH); - $htp->deleteUser($_POST["existing_username"]); - $htp->deleteUser($_POST["username"]); - $htp->addUser($_POST["username"],$_POST["password"]); - $htg = New Htgroup(HTGROUP_PATH); - $htg->deleteUserFromGroup($_POST["existing_username"],HTGROUP_INTERVIEWER); - $htg->addUserToGroup($_POST["username"],HTGROUP_INTERVIEWER); - } - - $msg = "

" . T_("Successfully updated user") . ": " . $_POST['username'] . "

"; - } - else - { - $msg = "

" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "

"; - } - } - $_GET['edit'] = $operator_id; + $msg = "

" . T_("Successfully updated user") . ": " . $_POST['username'] . "

"; + } + else + { + $msg = "

" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "

"; + } + } + else + { + $msg = "

" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "

"; + } + $_GET['edit'] = $operator_id; } @@ -135,9 +143,10 @@ if (isset($_GET['edit'])) $operator_id = intval($_GET['edit']); - $sql = "SELECT * - FROM operator - WHERE operator_id = $operator_id"; + $sql = "SELECT o.*,l.superadmin,l.email + FROM operator as o, " . LIME_PREFIX ."users as l + WHERE o.operator_id = $operator_id + AND l.users_name = o.username"; $rs = $db->GetRow($sql); @@ -205,7 +214,6 @@ function generate() {
-
"/>
@@ -214,7 +222,6 @@ function generate() {
-
@@ -223,6 +230,10 @@ function generate() {
+
+ +
+
@@ -250,6 +261,10 @@ function generate() {
+
+
+ +
" data-off="" data-offstyle="primary" data-onstyle="danger" value="1"/>
diff --git a/admin/operators.php b/admin/operators.php index a94c661e..dc33c56b 100644 --- a/admin/operators.php +++ b/admin/operators.php @@ -57,6 +57,8 @@ $a = false; if (isset($_POST['operator']) && isset($_POST['adduser'])) { $operator = $db->qstr($_POST['operator'],get_magic_quotes_gpc()); + $email= $db->qstr($_POST['email'],get_magic_quotes_gpc()); + $password = $db->qstr($_POST['password'],get_magic_quotes_gpc()); $firstname = $db->qstr($_POST['firstname'],get_magic_quotes_gpc()); $lastname = $db->qstr($_POST['lastname'],get_magic_quotes_gpc()); $chat_user = $db->qstr($_POST['chat_user'],get_magic_quotes_gpc()); @@ -96,12 +98,14 @@ if (isset($_POST['operator']) && isset($_POST['adduser'])) } $supervisor = 0; $temporary = 0; + $admin = 0; $refusal = 0; $voip = 0; $chat = 0; if (isset($_POST['supervisor']) && $_POST['supervisor'] == "on") $supervisor = 1; if (isset($_POST['refusal']) && $_POST['refusal'] == "on") $refusal = 1; if (isset($_POST['temporary']) && $_POST['temporary'] == "on") $temporary = 1; + if (isset($_POST['admin']) && $_POST['admin'] == "on") $admin = 1; if (isset($_POST['voip']) && $_POST['voip'] == "on") $voip = 1; if (isset($_POST['chat_enable']) && $_POST['chat_enable'] == "on") $chat = 1; @@ -113,7 +117,15 @@ if (isset($_POST['operator']) && isset($_POST['adduser'])) if ($db->Execute($sql)) { - $oid = $db->Insert_ID(); + $oid = $db->Insert_ID(); + + include_once("../include/limesurvey/admin/classes/core/sha256.php"); + + //Insert into lime_users + $sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`) + VALUES ($operator, '" . SHA256::hashing($_POST['password']) . "',$firstname,1,$admin,$email,'auto')"; + + $db->Execute($sql); if (FREEPBX_PATH !== false) { @@ -135,20 +147,6 @@ if (isset($_POST['operator']) && isset($_POST['adduser'])) $db->Execute($sql); } - if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false) - { - //Get password and add it to the configured htpassword - include_once("../functions/functions.htpasswd.php"); - $htp = New Htpasswd(HTPASSWD_PATH); - $htg = New Htgroup(HTGROUP_PATH); - - $htp->addUser($_POST['operator'],$_POST['password']); - $htg->addUserToGroup($_POST['operator'],HTGROUP_INTERVIEWER); - - if ($supervisor) - $htg->addUserGroup(HTGROUP_ADMIN); - } - $a = "

" . T_("Added operator :") . " " . $operator . "

"; if (FREEPBX_PATH !== false) @@ -188,7 +186,7 @@ if ($a) { else { echo "
"; //echo "

" . T_("Adding an operator here will give the user the ability to call cases") . "" . T_("Assign Operator to Questionnaire") . "" . T_("tool") . ".

"; - echo "

" . T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here.") . "

"; + //echo "

" . T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here.") . "

"; echo "

" . T_("The username and extension must be unique for each operator.") . "

"; echo "
"; } @@ -247,16 +245,14 @@ function generate() {
-
-
+
" class="btn btn-default fa" /> 
-
@@ -265,6 +261,10 @@ function generate() {
+
+ +
+
@@ -300,6 +300,10 @@ function generate() {
" data-off="" />
+
+ +
" data-off="" data-offstyle="primary" data-onstyle="danger"/>
+
" data-off="" data-offstyle="danger" checked="checked"/>
diff --git a/config.default.php b/config.default.php index 85e84afc..e71f5f90 100644 --- a/config.default.php +++ b/config.default.php @@ -168,31 +168,6 @@ if (!defined('PHP_EXEC')) define('PHP_EXEC', "php"); */ if (!defined('ADODB_PATH')) define('ADODB_PATH',dirname(__FILE__).'/include/limesurvey/classes/adodb/'); -/** - * Path to the HTPASSWD file read/writable by the web server user for htpasswd integration - */ -if (!defined('HTPASSWD_PATH')) define('HTPASSWD_PATH',false); - -/** - * Path to the HTGROUP file read/writable by the web server user for htpasswd integration - */ -if (!defined('HTGROUP_PATH')) define('HTGROUP_PATH',false); - -/** - * The name of the admin group for htaccess - */ -if (!defined('HTGROUP_ADMIN')) define('HTGROUP_ADMIN','admin'); - -/** - * The name of the interviewers group for htaccess - */ -if (!defined('HTGROUP_INTERVIEWER')) define('HTGROUP_INTERVIEWER','interviewers'); - -/** - * The name of the clients group for htaccess - */ -if (!defined('HTGROUP_CLIENT')) define('HTGROUP_CLIENT','clients'); - /** * Whether to automatically assign a call as complete if VoIP disabled at the end of a completed questionnaire */ diff --git a/database/quexs.sql b/database/quexs.sql index 2d15698f..8b1de6eb 100644 --- a/database/quexs.sql +++ b/database/quexs.sql @@ -955,7 +955,7 @@ CREATE TABLE `lime_users` ( -- Dumping data for table `lime_users` -- -INSERT INTO `lime_users` (`uid`, `users_name`, `password`, `full_name`, `parent_id`, `lang`, `email`, `create_survey`, `create_user`, `participant_panel`, `delete_user`, `superadmin`, `configurator`, `manage_template`, `manage_label`, `htmleditormode`, `templateeditormode`, `questionselectormode`, `one_time_pw`, `dateformat`) VALUES(1, 'admin', 0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438, 'Your Name', 0, 'en', 'your-email@example.net', 1, 1, 0, 1, 1, 1, 1, 1, 'default', 'default', 'default', NULL, 1); +INSERT INTO `lime_users` (`uid`, `users_name`, `password`, `full_name`, `parent_id`, `lang`, `email`, `create_survey`, `create_user`, `participant_panel`, `delete_user`, `superadmin`, `configurator`, `manage_template`, `manage_label`, `htmleditormode`, `templateeditormode`, `questionselectormode`, `one_time_pw`, `dateformat`) VALUES(1, 'admin', 0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438, 'Your Name', 0, 'auto', 'your-email@example.net', 1, 1, 0, 1, 1, 1, 1, 1, 'default', 'default', 'default', NULL, 1); -- -------------------------------------------------------- @@ -1007,6 +1007,9 @@ CREATE TABLE `operator` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci; -- -------------------------------------------------------- +INSERT INTO `operator` (`operator_id`, `username`, `firstName`, `lastName`, `Time_zone_name`, `enabled`, `voip`, `next_case_id`, `chat_enable`, `chat_user`, `chat_password`) VALUES +(1, 'admin', 'CATI', 'Admin', 'Australia/Victoria', 1, 0, NULL, 0, '', ''); + -- -- Table structure for table `operator_questionnaire` @@ -1032,6 +1035,10 @@ CREATE TABLE `operator_skill` ( -- -------------------------------------------------------- +INSERT INTO `operator_skill` (`operator_id`, `outcome_type_id`) VALUES +(1, 1), +(1, 5); + -- -- Table structure for table `outcome` -- diff --git a/include/limesurvey/admin/usercontrol.php b/include/limesurvey/admin/usercontrol.php index d36a9615..dbdf31de 100644 --- a/include/limesurvey/admin/usercontrol.php +++ b/include/limesurvey/admin/usercontrol.php @@ -240,7 +240,13 @@ if (!isset($_SESSION['loginID'])) //go to queXS $loc = ""; if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) - $loc = "/admin"; + $loc = "admin"; + else + { + $utest = $connect->GetOne("SELECT username FROM client WHERE username = '" . $_SESSION['user'] . "'"); + if (!empty($utest)) + $loc = "client"; + } header('Location: ' . QUEXS_URL . $loc); die(); }