update to main rev.486

.bzrignore

@@ -1,3 +1,2 @@
 no vars
 ./config.inc.local.php
-./include/limesurvey/.htaccess

.htaccess.example

@@ -1,5 +0,0 @@
-AuthType Basic
-AuthName "queXS CATI: Authentication Required"
-AuthUserFile /var/opt/quexs/htpasswd
-AuthGroupFile /var/opt/quexs/htgroup
-require group interviewers

CHANGELOG

@@ -1,23 +1,52 @@
 queXS 1.14.0 - Changes since 1.13.1
 
+
+Changes for session authentication:
+
+queXS now uses the Limesurvey session based authentication system to authenticate all users.
+Sessions are stored in the lime_sessions table and are managed by adodb. 
+
+If this is a fresh install - you can ignore the notes below. Otherwise - please read through 
+the following for converting from directory based authentication to session based authentication.
+
+File changes for session authentication:
+
+If you have used the example .htaccess files or created your own, and you want to move to purely
+session based authentication, you can remove these files. They are typcially at these locations:
+
+.htaccess
+client/.htaccess
+admin/.htaccess
+include/limesurvey/.htaccess
+include/limesurvey/admin/.htaccess
+
+This will remove restrictions for access via directory based authentication and rely solely on session authentication.
+
 Database changes for session authentication:
 
+These queries will:
+1. Make the first queXS user an admin user, and assign them the password "password"
+2. Make all other users regular users, and assign them the password "password"
+3. Make all clients regular clients, and assign them the password "password"
+
+Once you have run these - please go to the operator management page and update passwords for all users.
+
 /* Make the first user the admin user - with default password of: password */
 INSERT INTO `lime_users` (`users_name`, `password`, `full_name`, `parent_id`, `lang`, `superadmin`) 
 SELECT username, '0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438', firstName, 0, 'auto', 1
-FROM operators
+FROM operator
 WHERE operator_id = 1;
 
 /* Make all other users operators - with default password of: password */
 INSERT INTO `lime_users` (`users_name`, `password`, `full_name`, `parent_id`, `lang`, `superadmin`) 
 SELECT username, '0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438', firstName, 1, 'auto', 0
-FROM operators
+FROM operator
 WHERE operator_id != 1;
 
 /* Make all clients - with default password of: password */
 INSERT INTO `lime_users` (`users_name`, `password`, `full_name`, `parent_id`, `lang`, `superadmin`) 
 SELECT username, '0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438', firstName, 1, 'auto', 0
-FROM clients
+FROM client
 WHERE 1;
 
 /* Remove redundant table */

admin/.htaccess.example

@@ -1,5 +0,0 @@
-AuthType Basic
-AuthName "queXS CATI: Authentication Required"
-AuthUserFile /var/opt/quexs/htpasswd
-AuthGroupFile /var/opt/quexs/htgroup
-require group admin

admin/index.php

@@ -106,7 +106,7 @@ include ("../functions/functions.operator.php");
 	<!-- Sidebar menu -->
 	<div class="sidebar" >
 	    <ul class="panel-group nav"    id="nav">
-		  <li><a class="" href="?page=../display/index.php"><i class="fa fa-tachometer fa-lg"></i><span><?php print T_("Dashboard") ;?></span></a></li>
+		  <li><a class="" href="?"><i class="fa fa-tachometer fa-lg"></i><span><?php print T_("Dashboard") ;?></span></a></li>
           <li class="has_sub"><a href="" class=""><i class="fa fa-list-alt fa-lg"></i><span class="arrow"><?php print T_("Questionnairies") ;?></span></a>
           <ul style="<?php if ($g == 1) echo "display:block";?>">
 				<li><a href="?g=1&amp;page=<?php echo LIME_URL ;?>admin/admin.php?action=newsurvey"><i class="fa fa-file-text-o lime fa-fw"></i><?php print T_("Create an instrument in Limesurvey") ;?></a></li>

admin/samplelist.php

@@ -473,7 +473,7 @@ $sql = "SELECT
 	CASE WHEN enabled = 0 THEN
 		CONCAT('<a href=\'?sampleenable=',sample_import_id,'\' class=\'btn btn-default col-sm-12\'>" . TQ_("Enable") . "&emsp;<i class=\'fa fa-play fa-lg\' style=\'color:blue;\'></i></a>') 
 	ELSE
-		CONCAT('<a href=\'\' class=\'btn btn-default col-sm-12\' data-toggle=\'confirmation\' data-href=\'?sampledisable=',sample_import_id,'\' data-title=\'" . TQ_("ARE YOU SHURE?") . "\' data-btnOkLabel=\'" . TQ_("Yes") . "\' data-btnCancelLabel=\'" . TQ_("Cancel") . "\'><i class=\'fa fa-ban fa-lg\' style=\'color:red;\'></i>&ensp;&nbsp;" . TQ_("Disable") . "</a> ') 
+		CONCAT('<a href=\'\' class=\'btn btn-default col-sm-12\' data-toggle=\'confirmation\' data-href=\'?sampledisable=',sample_import_id,'\' data-title=\'" . TQ_("ARE YOU SURE?") . "\' data-btnOkLabel=\'" . TQ_("Yes") . "\' data-btnCancelLabel=\'" . TQ_("Cancel") . "\'><i class=\'fa fa-ban fa-lg\' style=\'color:red;\'></i>&ensp;&nbsp;" . TQ_("Disable") . "</a> ') 
 	END
 	as enabledisable,
 	CASE WHEN enabled = 1 THEN
@@ -484,7 +484,7 @@ $sql = "SELECT
 	CASE WHEN enabled = 1 THEN
 		CONCAT('<a href=\'\' class=\'btn btn-default disabled\'><i class=\'fa fa-trash fa-lg fa-fw\' style=\'color:grey;\'></i></a>')
 	ELSE
-		CONCAT('<a href=\'\' class=\'btn btn-default \' data-toggle=\'confirmation\' data-href=\'?delete_sample=',sample_import_id,'\' data-title=\'" . TQ_("ARE YOU SHURE?") . "\' data-btnOkLabel=\'" . TQ_("Yes") . "\' data-btnCancelLabel=\'" . TQ_("Cancel") . "\' ><i class=\'fa fa-trash fa-lg fa-fw text-danger \' data-toggle=\'tooltip\' title=\'" . TQ_("DELETE SAMPLE") . "\'></i></a>')
+		CONCAT('<a href=\'\' class=\'btn btn-default \' data-toggle=\'confirmation\' data-href=\'?delete_sample=',sample_import_id,'\' data-title=\'" . TQ_("ARE YOU SURE?") . "\' data-btnOkLabel=\'" . TQ_("Yes") . "\' data-btnCancelLabel=\'" . TQ_("Cancel") . "\' ><i class=\'fa fa-trash fa-lg fa-fw text-danger \' data-toggle=\'tooltip\' title=\'" . TQ_("DELETE SAMPLE") . "\'></i></a>')
 	END as delsample,
 	CONCAT('<a href=\'samplesearch.php?sample_import_id=',sample_import_id,'\' class=\'btn btn-default\' data-toggle=\'tooltip\' title=\'" . TQ_("Search the sample") . "',sample_import_id,'\'><i class=\'fa fa-search fa-lg fa-fw text-primary\'></i></a>')  as ssearch,
 	CONCAT('<a href=\'callhistory.php?sample_import_id=',sample_import_id,'\' class=\'btn btn-default\' data-toggle=\'tooltip\' title=\'" . TQ_("Call history"). "&ensp;\n" . TQ_("sample"). "&ensp;',sample_import_id,'\'><i class=\'fa fa-phone fa-lg text-primary\'></i></a>') as calls,

admin/samplesearch.php

@@ -94,7 +94,7 @@ xhtml_head(T_("Search the sample"),true,$css,$js_head);
           <h4 class="modal-title text-danger " ><?php echo T_("WARNING !");?></h4>
         </div>
 		<div class="modal-body">
-			<p><?php echo T_("Are you shure you want to delete") . "&ensp;" . T_("Sample ID") . "&ensp;<b class='text-danger'>" . "</b>?";?></p>		
+			<p><?php echo T_("Are you sure you want to delete") . "&ensp;" . T_("Sample ID") . "&ensp;<b class='text-danger'>" . "</b>?";?></p>		
 		</div>
 	  <div class="modal-footer">
         <button type="button" class="btn btn-default pull-left" data-dismiss="modal"><?php echo T_("NOOOO...");?></button>

admin/supervisor.php

@@ -188,7 +188,7 @@ if (!empty($rs))
           <h4 class="modal-title text-danger " ><?php echo T_("WARNING !");?></h4>
         </div>
 		<div class="modal-body">
-			<p><?php echo T_("Are you shure you want to delete") . "&ensp;" . T_("Sample ID") . "&ensp;<b class='text-danger'>" . "</b>?";?></p>		
+			<p><?php echo T_("Are you sure you want to delete") . "&ensp;" . T_("Sample ID") . "&ensp;<b class='text-danger'>" . "</b>?";?></p>		
 		</div>
 	  <div class="modal-footer">
         <button type="button" class="btn btn-default pull-left" data-dismiss="modal"><?php echo T_("NOOOO...");?></button>
@@ -385,7 +385,7 @@ if ($case_id != false)
 			print "<div class='alert text-danger col-sm-6' role='alert'><b>" . T_("No appointments for this case") . "</b></div>";
 		
 // * disable appointment creation if no sample_id
-		if ($r[0]['sample_id']){
+		if (isset($r[0]['sample_id'])){
 			$rtz= $r[0]['Time_zone_name'];
 			print "&emsp;<a href='displayappointments.php?case_id=$case_id&rtz=$rtz&new=new' class='btn btn-default'><i class='fa fa-clock-o fa-lg'></i>&emsp;" . T_("Create appointment") . "</a>"; }
 
@@ -464,7 +464,7 @@ if ($case_id != false)
 	
 		print "<div class='clearfix '></div><div class='col-sm-6'>";
 		
-		if ($r[0]['sample_id']){  //if sample data exists assign this to an operator for their next case
+		if (isset($r[0]['sample_id'])){  //if sample data exists assign this to an operator for their next case
 		
 		print "<div class='panel-body'><h4><i class='fa fa-link'></i>&emsp;" . T_("Assign this case to operator (will appear as next case for them)") . "</h4>";
 		?>
@@ -493,7 +493,7 @@ if ($case_id != false)
 			print "<div class='alert text-danger' role='alert'>" . T_("Case not yet started in Limesurvey") .  "</div>";
 		print "</div></div>";
 		
-		if ($r[0]['sample_id']){   // if sample data exists  view availability
+		if (isset($r[0]['sample_id'])){   // if sample data exists  view availability
 		
 		print "<div class='panel-body col-sm-6'><h4 class=''><i class='fa fa-calendar'></i>&emsp;" . T_("Availability groups") . "</h4>";
 		if (is_using_availability($case_id))
@@ -551,7 +551,7 @@ if ($case_id != false)
 		<?php 
 		print "</div>";	
 		
-		if ($r[0]['sample_id']){   // if sample data exists  deidentify record
+		if (isset($r[0]['sample_id'])){   // if sample data exists  deidentify record
 		print "<div class='panel-body col-sm-6 pull-right'><h4 class ='text-danger'><i class='fa fa-trash-o fa-lg'></i>&emsp;" . T_("Deidentify") . "</h4>";
 		print "<div class='well'>" . T_("Remove all sample details and contact numbers from this case") . "</div>";
 		?>

admin/timezonetemplate.php

@@ -100,8 +100,7 @@ $dtz = get_setting("DEFAULT_TIME_ZONE");
 
 $sql = "SELECT name as value, name as description, 
 		CASE WHEN name LIKE '$dtz' THEN 'selected=\'selected\'' ELSE '' END AS selected
-		FROM mysql.time_zone_name
+		FROM mysql.time_zone_name";
-		WHERE `Name` LIKE 'Europe%' OR `Name` LIKE 'Asia%' ";
 
 $tzl = $db->GetAll($sql);
 

client/.htaccess.example

@@ -1,5 +0,0 @@
-AuthType Basic
-AuthName "queXS CATI: Authentication Required"
-AuthUserFile /var/opt/quexs/htpasswd
-AuthGroupFile /var/opt/quexs/htgroup
-require group clients

config.inc.local.php.example

@@ -29,16 +29,6 @@
  * 
  */
 
-
-// This Site name will appear as Limesurvey {ENDURL} 
-define ('SITE_URL', 'http://Your site name.com/'); 
-
-//  Specify Your Local namings 
-define ('COMPANY_NAME', 'MY Company');
-define ('ADMIN_PANEL_NAME','Admin Panel');
-define ('OPERATOR_PANEL_NAME','Operator Panel');
- 
- 
 /**
  *
  * Only some of the configuration directives are here. See the file: config.default.php for them all

include/limesurvey/.htaccess.example

@@ -1,4 +0,0 @@
-AuthType None
-Satisfy Any
-Order Deny,Allow
-Allow from All

include/limesurvey/admin/.htaccess.example

@@ -1,8 +0,0 @@
-AuthType Basic
-AuthName "queXS CATI: Authentication Required"
-AuthUserFile /var/opt/quexs/htpasswd
-AuthGroupFile /var/opt/quexs/htgroup
-require group admin
-Satisfy Any
-Order Deny,Allow
-Deny from all

locale/updatepo.sh

@@ -2,7 +2,7 @@
 #Source: http://stackoverflow.com/questions/7496156/gettext-how-to-update-po-and-pot-files-after-the-source-is-modified
 echo '' > messages.po # xgettext needs that file, and we need it empty
 cd ..
-find . -type f -iname "*.php" | xgettext --keyword='T_' -o locale/messages.po -j -f -
+find . -type f -iname "*.php" | xgettext --keyword='T_' --keyword='TQ_' -o locale/messages.po -j -f -
 cd locale
 msgmerge -N quexs.pot messages.po > new.po
 mv new.po quexs.pot