diff --git a/CHANGELOG b/CHANGELOG
index ab44ad16..b2390e9b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,29 @@
+queXS 1.14.0 - Changes since 1.13.1
+
+Database changes for session authentication:
+
+/* Make the first user the admin user - with default password of: password */
+INSERT INTO `lime_users` (`users_name`, `password`, `full_name`, `parent_id`, `lang`, `superadmin`) 
+SELECT username, '0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438', firstName, 0, 'auto', 1
+FROM operators
+WHERE operator_id = 1;
+
+/* Make all other users operators - with default password of: password */
+INSERT INTO `lime_users` (`users_name`, `password`, `full_name`, `parent_id`, `lang`, `superadmin`) 
+SELECT username, '0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438', firstName, 1, 'auto', 0
+FROM operators
+WHERE operator_id != 1;
+
+/* Make all clients - with default password of: password */
+INSERT INTO `lime_users` (`users_name`, `password`, `full_name`, `parent_id`, `lang`, `superadmin`) 
+SELECT username, '0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438', firstName, 1, 'auto', 0
+FROM clients
+WHERE 1;
+
+/* Remove redundant table */
+DROP TABLE `sessions2`;
+
+
 queXS 1.13.1 - Changes since 1.13.0
 
 Fixed Bug: Remove references to old DEFAULT_TIME_ZONE config constant (use get_settings instead)
@@ -23,7 +49,6 @@ INSERT INTO `outcome` (`outcome_id`, `aapor_id`, `description`, `default_delay_m
 INSERT INTO `outcome` (`outcome_id`, `aapor_id`, `description`, `default_delay_minutes`, `outcome_type_id`, `tryanother`, `contacted`, `tryagain`, `eligible`, `require_note`, `calc`) VALUES(44, '2.30', 'Max call attempts reached (Eligible)', 0, 1, 0, 1, 1, 1, 0, 'O');
 INSERT INTO `outcome` (`outcome_id`, `aapor_id`, `description`, `default_delay_minutes`, `outcome_type_id`, `tryanother`, `contacted`, `tryagain`, `eligible`, `require_note`, `calc`) VALUES(45, '2.30', 'Max calls reached (Eligible)', 0, 1, 0, 1, 1, 1, 0, 'O');
 
-
 queXS 1.13.0 - Changes since 1.12.1
 
 Overall changes:
diff --git a/admin/addshift.php b/admin/addshift.php
index ffed2451..271e90fc 100644
--- a/admin/addshift.php
+++ b/admin/addshift.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/assignsample.php b/admin/assignsample.php
index 61c563a0..d4522b5a 100644
--- a/admin/assignsample.php
+++ b/admin/assignsample.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/assigntimeslots.php b/admin/assigntimeslots.php
index 1e92ec99..ff191027 100644
--- a/admin/assigntimeslots.php
+++ b/admin/assigntimeslots.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/auth-admin.php b/admin/auth-admin.php
new file mode 100644
index 00000000..b650c000
--- /dev/null
+++ b/admin/auth-admin.php
@@ -0,0 +1,70 @@
+<?php
+/**
+ * Session based authentication using the Limesurvey database (administrator)
+ *
+ *
+ *	This file is part of queXS
+ *	
+ *	queXS is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *	
+ *	queXS is distributed in the hope that it will be useful,
+ *	but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *	GNU General Public License for more details.
+ *	
+ *	You should have received a copy of the GNU General Public License
+ *	along with queXS; if not, write to the Free Software
+ *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ *
+ * @author Adam Zammit <adam.zammit@acspri.org.au>
+ * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
+ * @package queXS
+ * @subpackage user
+ * @link http://www.acspri.org.au/ queXS was writen for ACSPRI
+ * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
+ * 
+ */
+
+/**
+ * Configuration file
+ */
+include_once(dirname(__FILE__) . "/../config.inc.php");
+
+/**
+ * Database file
+ */
+include_once(dirname(__FILE__) . "/../db.inc.php");
+
+
+//get session name from DB
+//
+$sql = "SELECT stg_value
+        FROM " . LIME_PREFIX . "settings_global
+        WHERE stg_name = 'SessionName'";
+
+session_name($db->GetOne($sql));
+
+session_start();
+
+//check if the session exists or loginID not set
+if (session_id() == "" || !isset($_SESSION['loginID']))
+{
+  //need to log in
+  header('Location: ../include/limesurvey/admin/admin.php');
+  die();
+}
+
+if ($_SESSION['USER_RIGHT_SUPERADMIN'] != 1)
+{
+  include_once(dirname(__FILE__) . "/../lang.inc.php");
+  include_once(dirname(__FILE__) . "/../functions/functions.xhtml.php");
+  xhtml_head();
+  print "<p>" . T_("You do not have permission to access this area") . "</p>";
+  print "<p><a href='../include/limesurvey/admin/admin.php?action=logout'>" . T_("Logout") . "</a></p>";
+  xhtml_foot();
+  die();
+}
diff --git a/admin/availability.php b/admin/availability.php
index 892d438a..0808e9bf 100644
--- a/admin/availability.php
+++ b/admin/availability.php
@@ -39,6 +39,12 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/admin/availabilitygroup.php b/admin/availabilitygroup.php
index 4b7db070..2029f348 100644
--- a/admin/availabilitygroup.php
+++ b/admin/availabilitygroup.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/bulkappointment.php b/admin/bulkappointment.php
index 567bc8f6..e3afc406 100644
--- a/admin/bulkappointment.php
+++ b/admin/bulkappointment.php
@@ -44,6 +44,11 @@ include ("../functions/functions.xhtml.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * Operator functions
  */
diff --git a/admin/callhistory.php b/admin/callhistory.php
index 660cd5fa..102e3cca 100644
--- a/admin/callhistory.php
+++ b/admin/callhistory.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/callrestrict.php b/admin/callrestrict.php
index a078dbba..2d6c591c 100644
--- a/admin/callrestrict.php
+++ b/admin/callrestrict.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/casesbyoutcome.php b/admin/casesbyoutcome.php
index 61704e6d..cb3d5b48 100644
--- a/admin/casesbyoutcome.php
+++ b/admin/casesbyoutcome.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/casestatus.php b/admin/casestatus.php
index 25fbfb70..f44e201a 100644
--- a/admin/casestatus.php
+++ b/admin/casestatus.php
@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/centreinfo.php b/admin/centreinfo.php
index cd14a844..9bc2929b 100644
--- a/admin/centreinfo.php
+++ b/admin/centreinfo.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/clientquestionnaire.php b/admin/clientquestionnaire.php
index 17385e3f..67ad774d 100644
--- a/admin/clientquestionnaire.php
+++ b/admin/clientquestionnaire.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/clients.php b/admin/clients.php
index c59cb1ef..f9309c2a 100644
--- a/admin/clients.php
+++ b/admin/clients.php
@@ -42,6 +42,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
@@ -56,6 +61,7 @@ if (isset($_POST['client']))
 {
 	$client = $db->qstr($_POST['client'],get_magic_quotes_gpc());
 	$firstname = $db->qstr($_POST['firstname'],get_magic_quotes_gpc());
+	$email = $db->qstr($_POST['email'],get_magic_quotes_gpc());
 	$lastname = $db->qstr($_POST['lastname'],get_magic_quotes_gpc());
 	$time_zone_name = $db->qstr($_POST['Time_zone_name'],get_magic_quotes_gpc());
 	
@@ -67,17 +73,15 @@ if (isset($_POST['client']))
 	
 		if ($db->Execute($sql))
 		{
-			if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false)
-			{
-				//Get password and add it to the configured htpassword
-				include_once("../functions/functions.htpasswd.php");
-				$htp = New Htpasswd(HTPASSWD_PATH);
-				$htg = New Htgroup(HTGROUP_PATH);
-				
-				$htp->addUser($_POST['client'],$_POST['password']);
-				$htg->addUserToGroup($_POST['client'],HTGROUP_CLIENT);
-			}
+      include_once("../include/limesurvey/admin/classes/core/sha256.php");
 
+      //Insert into lime_users
+      $sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`)
+              VALUES ($client, '" . SHA256::hashing($_POST['password']) . "',$firstname,1,0,$email,'auto')";
+
+      $db->Execute($sql);
+
+	
 			$a =  T_("Added: $client");	
 		}
 		else
@@ -142,23 +146,20 @@ function generate() {
 
 <div class="well">
 	<p><?php  echo T_("Adding a client here will allow them to access project information in the client subdirectory. You can assign a client to a particular project using the"); ?> <a href="clientquestionnaire.php"><?php  echo T_("Assign client to Questionnaire"); ?></a> <?php  echo T_("tool."); ?></p>
-	<p><?php  echo T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here."); ?></p></div>
 	
 <form enctype="multipart/form-data" action="" method="post" class="form-horizontal" name="addclient" >
 	<div class="form-group form-inline">
 		<label class="control-label col-sm-3"><?php  echo T_("Enter the username of a client to add:"); ?></label>
 		<input name="client" type="text" class="form-control pull-left" required size="40" />
 	</div>
-<?php  if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false) { ?>
 	<div class="form-group form-inline">
 		<label class="control-label col-sm-3"><?php  echo T_("Enter the password of a client to add:"); ?></label>
-		<input name="password" type="text" class="form-control pull-left" size="40" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" />
+		<input name="password" type="text" class="form-control pull-left" size="40" required />
 		<div class="form-inline">&emsp;&emsp;
 			<input type="button" onclick="generate();" value="<?php echo T_("Generate");?>" class="btn btn-default fa" />&emsp;<?php echo T_("Password with");?>&ensp;
 			<input type="number" name="number" value="25" min="8" max="50" style="width:5em;"  class="form-control" />&ensp;<?php echo T_("characters");?>
 		</div>
 	</div>
-<?php  } ?>
 	<div class="form-group form-inline">
 		<label class="control-label col-sm-3"><?php  echo T_("Enter the first name of a client to add:"); ?></label>
 		<input name="firstname" type="text" class="form-control pull-left" size="40" />
@@ -166,7 +167,11 @@ function generate() {
 	<div class="form-group form-inline">
 		<label class="control-label col-sm-3"><?php  echo T_("Enter the surname of a client to add:"); ?></label>
 		<input name="lastname" type="text" class="form-control pull-left" size="40"/>
-	</div>
+  </div>
+  <div class="form-group form-inline">
+		<label class="col-sm-3 control-label"><?php echo T_("Email") . ": ";?></label>
+    <input name="email" type="text" class="form-control pull-left"/>
+  </div>
 	<div class="form-group form-inline">
 		<label class="control-label col-sm-3"><a href='timezonetemplate.php'><?php  echo T_("Enter the Time Zone of a client to add:"); echo "</a></label>";
 		display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,false,array("value",get_setting("DEFAULT_TIME_ZONE")),true,"pull-left"); ?>
diff --git a/admin/dataoutput.php b/admin/dataoutput.php
index 5874df97..1ad770b3 100644
--- a/admin/dataoutput.php
+++ b/admin/dataoutput.php
@@ -1,4 +1,5 @@
-<?php /**
+<?php 
+/**
  * Output data as a fixed width ASCII file
  *
  *
@@ -43,6 +44,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/displayappointments.php b/admin/displayappointments.php
index 4b5d1d96..98c5adfb 100644
--- a/admin/displayappointments.php
+++ b/admin/displayappointments.php
@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/extensionstatus.php b/admin/extensionstatus.php
index 1f609742..97022fba 100644
--- a/admin/extensionstatus.php
+++ b/admin/extensionstatus.php
@@ -38,6 +38,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/import.php b/admin/import.php
index 63b8132a..5cbc9581 100644
--- a/admin/import.php
+++ b/admin/import.php
@@ -8,6 +8,11 @@
  */
 include ("../config.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/index.php b/admin/index.php
index 29b92050..aeb4c32a 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -1,6 +1,5 @@
  <?php
- /*
-
+ /**
  * Display an index of Admin tools
  *
  *
@@ -37,9 +36,24 @@ include ("../lang.inc.php");
 /**
  * Config file
  */
- include ("../config.inc.php");
- include ("../functions/functions.xhtml.php");
- $username = $_SERVER['PHP_AUTH_USER'];
+include ("../config.inc.php");
+ 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
+/*
+ * XHTML file
+ */
+include ("../functions/functions.xhtml.php");
+
+/*
+ * Operator functions
+ */
+include ("../functions/functions.operator.php");
+
+ $username = $_SESSION['user'];
  $g = 0;
  if (isset($_GET['g'])) 
    $g = intval($_GET['g']);
@@ -75,11 +89,11 @@ include ("../lang.inc.php");
               <i class="fa fa-user fa fa-fw "></i><?php print T_("Logged as:") . "&ensp;" . $username ;?>           
             </a>
 			<!--- User menu // not connected to pages so not working yet //  could be hidden -->
-<!---       <ul class="dropdown-menu" role="menu">
-              <li><a href="?page=settings.php"><i class="fa fa-cogs fa-fw "></i>&ensp;<?php print T_("Settings"); ?></a></li>
-			  <li><a href="../screenloc.php"><i class="fa fa-lock fa-fw "></i>&ensp;<?php print T_("Lock Screen"); ?></a></li>
-              <li><a href="../logout.php"><i class="fa fa-sign-out fa-fw "></i>&ensp;<?php print T_("Logout"); ?> </a></li>
-            </ul> -->
+       <ul class="dropdown-menu" role="menu">
+              <li><a href="?g=5&amp;page=operatorlist.php?edit=<?php print get_operator_id(); ?>"><i class="fa fa-cogs fa-fw "></i>&ensp;<?php print T_("Settings"); ?></a></li>
+<!---			  <li><a href="../screenloc.php"><i class="fa fa-lock fa-fw "></i>&ensp;<?php print T_("Lock Screen"); ?></a></li> -->
+              <li><a href="../include/limesurvey/admin/admin.php?action=logout"><i class="fa fa-sign-out fa-fw "></i>&ensp;<?php print T_("Logout"); ?> </a></li>
+            </ul> 
           </li>
         </ul>
 	  
diff --git a/admin/new.php b/admin/new.php
index f9ae671f..940296d0 100644
--- a/admin/new.php
+++ b/admin/new.php
@@ -11,6 +11,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
@@ -378,4 +383,4 @@ else { ?>
 
 <?php 
 xhtml_foot($js_foot);//
-?>
\ No newline at end of file
+?>
diff --git a/admin/operatorlist.php b/admin/operatorlist.php
index f459f787..42ee50b2 100644
--- a/admin/operatorlist.php
+++ b/admin/operatorlist.php
@@ -39,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include_once(dirname(__FILE__).'/../db.inc.php');
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
@@ -50,30 +55,50 @@ $msg = "";
 if (isset($_POST['submit']))
 {
 	$operator_id = intval($_POST['operator_id']);
-	$chat_enable = $voip = $enabled = 0;
+  $superadmin = $chat_enable = $voip = $enabled = 0;
 	if (isset($_POST['voip'])) $voip = 1;
 	if (isset($_POST['chat_enable'])) $chat_enable = 1;
 	if (isset($_POST['enabled'])) $enabled = 1;
+	if (isset($_POST['admin'])) $superadmin = 1;
 
-	if (HTPASSWD_PATH !== false && $_POST['existing_username'] != $_POST['username'] && empty($_POST['password']))
-	{
-		$msg = "<div class='alert alert-danger'><h3>" . T_("If changing usernames, you must specify a new password") . "</h3></div>";
-	}
-	else
-	{
-		$sql = "UPDATE operator
-			SET username = " . $db->qstr($_POST['username']) . ",
-			lastName = " . $db->qstr($_POST['lastName']) . ",
-			firstName = " . $db->qstr($_POST['firstName']) . ",
-			chat_user = " . $db->qstr($_POST['chat_user']) . ",
-			chat_password = " . $db->qstr($_POST['chat_password']) . ",
-			Time_zone_name = " . $db->qstr($_POST['timezone']) . ",
-			voip = $voip, enabled = $enabled, chat_enable = $chat_enable
-			WHERE operator_id = $operator_id";
+  //get username
+  $sql = "SELECT username
+          FROM operator
+          WHERE operator_id = $operator_id";
 
-		$rs = $db->Execute($sql);
+  $uname = $db->GetOne($sql);
 
-		if (!empty($rs))
+  $sql = "UPDATE " . LIME_PREFIX . "users 
+          SET users_name = " . $db->qstr($_POST['username']) . ",
+          email = " . $db->qstr($_POST['email']) . ",
+          full_name = " . $db->qstr($_POST['firstName']) . ",
+          superadmin = $superadmin";
+
+  if (!empty($_POST['password']))
+  {
+    include_once("../include/limesurvey/admin/classes/core/sha256.php");
+    $sql .= ", password = '" . SHA256::hashing($_POST['password']) . "' ";
+  }
+
+  $sql .= " WHERE users_name = '$uname'";
+
+  $rs = $db->Execute($sql);
+
+  if (!empty($rs))
+  {
+    $sql = "UPDATE operator
+      SET username = " . $db->qstr($_POST['username']) . ",
+      lastName = " . $db->qstr($_POST['lastName']) . ",
+      firstName = " . $db->qstr($_POST['firstName']) . ",
+      chat_user = " . $db->qstr($_POST['chat_user']) . ",
+      chat_password = " . $db->qstr($_POST['chat_password']) . ",
+      Time_zone_name = " . $db->qstr($_POST['timezone']) . ",
+      voip = $voip, enabled = $enabled, chat_enable = $chat_enable
+      WHERE operator_id = $operator_id";
+
+    $rs = $db->Execute($sql);
+
+    if (!empty($rs))
     {
       //only update extension if we aren't on a case
       $sql = "SELECT case_id
@@ -89,38 +114,28 @@ if (isset($_POST['submit']))
                 WHERE current_operator_id= $operator_id";
 
         $db->Execute($sql);
-  
+
         if (!empty($_POST['extension_id']))
         {
           $sql = "UPDATE extension
                   SET current_operator_id = $operator_id
                   WHERE extension_id = " . intval($_POST['extension_id']);
-  
+
           $db->Execute($sql);
         }
       }
-
-			if (HTPASSWD_PATH !== false && !empty($_POST['password']))
-			{
-				//update password in htaccess
-				include_once(dirname(__FILE__).'/../functions/functions.htpasswd.php');
-				$htp = New Htpasswd(HTPASSWD_PATH);
-				$htp->deleteUser($_POST["existing_username"]);
-				$htp->deleteUser($_POST["username"]);
-				$htp->addUser($_POST["username"],$_POST["password"]);
-				$htg = New Htgroup(HTGROUP_PATH);
-				$htg->deleteUserFromGroup($_POST["existing_username"],HTGROUP_INTERVIEWER);
-				$htg->addUserToGroup($_POST["username"],HTGROUP_INTERVIEWER);
-			}
-
-			$msg = "<div class='alert alert-info'><h3>" . T_("Successfully updated user") . ": " . $_POST['username'] . "</h3></div>";
-		}
-		else
-		{
-			$msg = "<div class='alert alert-danger'><h3>" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "</h3></div>";
-		}
-	}
-	$_GET['edit'] = $operator_id;
+      $msg = "<div class='alert alert-info'><h3>" . T_("Successfully updated user") . ": " . $_POST['username'] . "</h3></div>";
+    }
+    else
+    {
+      $msg = "<div class='alert alert-danger'><h3>" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "</h3></div>";
+    }
+  }
+  else
+  {
+      $msg = "<div class='alert alert-danger'><h3>" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "</h3></div>";
+  }
+  $_GET['edit'] = $operator_id;
 }
 
 
@@ -130,9 +145,10 @@ if (isset($_GET['edit']))
 
 	$operator_id = intval($_GET['edit']);
 
-	$sql = "SELECT *
-		FROM operator
-		WHERE operator_id = $operator_id";
+	$sql = "SELECT o.*,l.superadmin,l.email,l.parent_id
+		FROM operator as o, " . LIME_PREFIX ."users as l
+    WHERE o.operator_id = $operator_id
+    AND l.users_name = o.username";
 
 	$rs = $db->GetRow($sql);
 
@@ -200,7 +216,6 @@ function generate() {
 		<label for="username" class="col-sm-3 control-label"><?php echo T_("Username") . ": "; ?></label>
 		<div class="col-sm-3"><input type='text' name='username' class="form-control" value="<?php echo $rs['username'];?>"/></div>
 	</div>
-<?php if (HTPASSWD_PATH !== false) { ?>
 	<div class="form-group">
 		<label for="password" class="col-sm-3 control-label"><?php echo T_("Password") . ": "; ?></label>
 		<div class="col-sm-3"><input type='text' name='password' class="form-control" placeholder="<?php echo T_("leave blank to keep existing password");?>"/></div>
@@ -209,7 +224,6 @@ function generate() {
 			<input type="number" name="number" value="25" min="8" max="50" style="width:5em;" class="form-control" />&ensp;<?php echo T_("characters");?>
 		</div>
 	</div>
-<?php } ?>
 	<div class="form-group">
 		<label for="firstName" class="col-sm-3 control-label"><?php echo T_("First name") . ": "; ?></label>
 		<div class="col-sm-3"><input type='text' name='firstName' class="form-control" value="<?php echo $rs['firstName'];?>"/></div>
@@ -218,6 +232,10 @@ function generate() {
 		<label for="lastName" class="col-sm-3 control-label"><?php echo T_("Last name") . ": "; ?></label>
 		<div class="col-sm-3"><input type='text' name='lastName'  class="form-control" value="<?php echo $rs['lastName'];?>"/></div>
 	</div>
+	<div class="form-group">
+		<label for="email" class="col-sm-3 control-label"><?php echo T_("Email") . ": "; ?></label>
+		<div class="col-sm-3"><input type='text' name='email'  class="form-control" value="<?php echo $rs['email'];?>"/></div>
+	</div>
 	<div class="form-group">
 		<label for="timezone" class="col-sm-3 control-label"><?php echo T_("Timezone") . ": ";?></label>
 		<div class="col-sm-3"><?php display_chooser($tz,"timezone","timezone",false,false,false,true,array("value",$rs['Time_zone_name']),true,"form-inline"); ?></div>
@@ -245,6 +263,10 @@ function generate() {
 	<div class="form-group">
 		<label for="chat_password" class="col-sm-3 control-label"><?php echo T_("Jabber/XMPP chat password") . ": "; ?></label>
 		<div class="col-sm-3"><input type='text' name='chat_password' class="form-control" value="<?php echo $rs['chat_password'];?>"/></div>
+  </div>
+	<div class="form-group">
+		<label for="admin" class="col-sm-3 control-label"><?php echo T_("Is the operator a system administrator?");?></label>
+    <div class="col-sm-3"><input name="admin" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="primary" data-onstyle="danger" <?php if ($rs['superadmin'] || ($rs['parent_id'] == 0)) echo " checked=\"checked\" "; if ($rs['parent_id'] == 0) echo " disabled=\"disabled\" "; ?> value="1"/></div>
 	</div>
 	<div class="form-group">
 		<label for="chat_enable" class="col-sm-3 control-label"><?php echo T_("Uses chat") . "? ";?></label>
diff --git a/admin/operatorperformance.php b/admin/operatorperformance.php
index 0b81c3a9..8b796a75 100644
--- a/admin/operatorperformance.php
+++ b/admin/operatorperformance.php
@@ -38,6 +38,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/operatorquestionnaire.php b/admin/operatorquestionnaire.php
index 87391409..b6a9760d 100644
--- a/admin/operatorquestionnaire.php
+++ b/admin/operatorquestionnaire.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/operators.php b/admin/operators.php
index a3061154..657fb80c 100644
--- a/admin/operators.php
+++ b/admin/operators.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
@@ -52,6 +57,8 @@ $a = false;
 if (isset($_POST['operator']) && isset($_POST['adduser']))
 {
 	$operator = $db->qstr($_POST['operator'],get_magic_quotes_gpc());
+	$email= $db->qstr($_POST['email'],get_magic_quotes_gpc());
+	$password = $db->qstr($_POST['password'],get_magic_quotes_gpc());
 	$firstname = $db->qstr($_POST['firstname'],get_magic_quotes_gpc());
 	$lastname = $db->qstr($_POST['lastname'],get_magic_quotes_gpc());
 	$chat_user = $db->qstr($_POST['chat_user'],get_magic_quotes_gpc());
@@ -91,12 +98,14 @@ if (isset($_POST['operator']) && isset($_POST['adduser']))
 	}
 	$supervisor = 0;
 	$temporary = 0;
+	$admin = 0;
 	$refusal = 0;
 	$voip = 0;
 	$chat = 0;
 	if (isset($_POST['supervisor']) && $_POST['supervisor'] == "on") $supervisor = 1;
 	if (isset($_POST['refusal']) && $_POST['refusal'] == "on") $refusal = 1;
 	if (isset($_POST['temporary']) && $_POST['temporary'] == "on") $temporary = 1;	
+	if (isset($_POST['admin']) && $_POST['admin'] == "on") $admin = 1;	
 	if (isset($_POST['voip']) && $_POST['voip'] == "on") $voip = 1;	
 	if (isset($_POST['chat_enable']) && $_POST['chat_enable'] == "on") $chat = 1;	
 
@@ -108,7 +117,15 @@ if (isset($_POST['operator']) && isset($_POST['adduser']))
 	
 		if ($db->Execute($sql))
     {
-			$oid = $db->Insert_ID();
+      $oid = $db->Insert_ID();
+
+      include_once("../include/limesurvey/admin/classes/core/sha256.php");
+
+      //Insert into lime_users
+      $sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`)
+              VALUES ($operator, '" . SHA256::hashing($_POST['password']) . "',$firstname,1,$admin,$email,'auto')";
+
+      $db->Execute($sql);
 
 			if (FREEPBX_PATH !== false)
       {
@@ -130,20 +147,6 @@ if (isset($_POST['operator']) && isset($_POST['adduser']))
         $db->Execute($sql);
       }
 
-			if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false)
-			{
-				//Get password and add it to the configured htpassword
-				include_once("../functions/functions.htpasswd.php");
-				$htp = New Htpasswd(HTPASSWD_PATH);
-				$htg = New Htgroup(HTGROUP_PATH);
-				
-				$htp->addUser($_POST['operator'],$_POST['password']);
-				$htg->addUserToGroup($_POST['operator'],HTGROUP_INTERVIEWER);
-
-				if ($supervisor)
-					$htg->addUserGroup(HTGROUP_ADMIN);
-			}
-	
 			$a = "<div class='alert alert-info'><h3>" . T_("Added operator :") . " " .  $operator . "</h3>";	
 
 			if (FREEPBX_PATH !== false)
@@ -183,7 +186,7 @@ if ($a) {
 else {
 	echo "<div class='well'>";
 		//echo "<p>" . T_("Adding an operator here will give the user the ability to call cases") . "<a href='operatorquestionnaire.php'>" . T_("Assign Operator to Questionnaire") . "</a>" . T_("tool") . ".</p>"; 
-		echo "<p>" . T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here.") . "</p>"; 
+		//echo "<p>" . T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here.") . "</p>"; 
 		echo "<p>" . T_("The username and extension must be unique for each operator.") . "</p>";
 	echo "</div>";
 }
@@ -242,16 +245,14 @@ function generate() {
 		<label class="col-sm-3 control-label"><?php echo T_("Username") . ": ";?></label>
 		<div class="col-sm-3"><input name="operator" type="text" class="form-control" required /></div>
 	</div>
-<?php  if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false) { ?>
 	<div class="form-group">
 		<label class="col-sm-3 control-label"><?php echo T_("Password") . ": ";?></label>
-		<div class="col-sm-3"><input name="password" id="password" type="text" class="form-control" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" /></div>
+		<div class="col-sm-3"><input name="password" id="password" type="text" class="form-control" required /></div>
 		<div class="col-sm-6 form-inline">&emsp;
 			<input type="button" onclick="generate();" value="<?php echo T_("Generate");?>" class="btn btn-default fa" />&emsp;<?php echo T_("Password with");?>&ensp;
 			<input type="number" name="number" value="25" min="8" max="50" style="width:5em;"  class="form-control" />&ensp;<?php echo T_("characters");?>
 		</div>
 	</div>
-<?php  } ?> 
 	<div class="form-group">
 		<label class="col-sm-3 control-label"><?php echo T_("First name") . ": ";?></label>
 		<div class="col-sm-3"><input name="firstname" type="text" class="form-control" required/></div>
@@ -260,6 +261,10 @@ function generate() {
 		<label class="col-sm-3 control-label"><?php echo T_("Last name") . ": ";?></label>
 		<div class="col-sm-3"><input name="lastname" type="text" class="form-control"/></div>
 	</div>
+  <div class="form-group">
+		<label class="col-sm-3 control-label"><?php echo T_("Email") . ": ";?></label>
+		<div class="col-sm-3"><input name="email" type="text" class="form-control"/></div>
+	</div>
 	<div class="form-group">
 		<label class="col-sm-3 control-label"><?php echo T_("Timezone") . ": ";?></label>
 		<div class="col-sm-3"><?php display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,true,array("value",get_setting("DEFAULT_TIME_ZONE")),true,"form-inline");?></div>
@@ -295,6 +300,10 @@ function generate() {
 		<label class="col-sm-3 control-label"><?php echo T_("Uses chat") . "? ";?></label>
 		<div class="col-sm-3"><input name="chat_enable" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" /></div>
 	</div>
+	<div class="form-group">
+		<label class="col-sm-3 control-label"><?php echo T_("Is the operator a system administrator?");?></label>
+		<div class="col-sm-3"><input name="admin" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="primary" data-onstyle="danger"/></div>
+	</div>
 	<div class="form-group">
 		<label class="col-sm-3 control-label"><?php echo T_("Is the operator a normal interviewer?");?></label>
 		<div class="col-sm-3"><input name="temporary" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="danger" checked="checked"/></div>
diff --git a/admin/operatorskill.php b/admin/operatorskill.php
index d115c0ce..48cef0ff 100644
--- a/admin/operatorskill.php
+++ b/admin/operatorskill.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/outcomes.php b/admin/outcomes.php
index 26aa5208..a187d901 100644
--- a/admin/outcomes.php
+++ b/admin/outcomes.php
@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include_once(dirname(__FILE__).'/../db.inc.php');
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/process.php b/admin/process.php
index c6da8ad4..0ca6e49c 100644
--- a/admin/process.php
+++ b/admin/process.php
@@ -39,6 +39,11 @@ include (dirname(__FILE__) . "/../config.inc.php");
  */
 include (dirname(__FILE__) . "/../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * Process
  */
diff --git a/admin/questionnairelist.php b/admin/questionnairelist.php
index 8a012b46..99ed8803 100644
--- a/admin/questionnairelist.php
+++ b/admin/questionnairelist.php
@@ -39,6 +39,11 @@ include("../config.inc.php");
  */
 include("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/questionnaireprefill.php b/admin/questionnaireprefill.php
index 94dbff31..8afea37c 100644
--- a/admin/questionnaireprefill.php
+++ b/admin/questionnaireprefill.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/quota.php b/admin/quota.php
index fce93b21..f12b6c16 100755
--- a/admin/quota.php
+++ b/admin/quota.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/quotareport.php b/admin/quotareport.php
index a915574d..40666da2 100644
--- a/admin/quotareport.php
+++ b/admin/quotareport.php
@@ -41,6 +41,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/quotarow.php b/admin/quotarow.php
index 129f3910..c5176f6c 100755
--- a/admin/quotarow.php
+++ b/admin/quotarow.php
@@ -41,6 +41,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/samplecallattempts.php b/admin/samplecallattempts.php
index 3de6161f..c6d42669 100644
--- a/admin/samplecallattempts.php
+++ b/admin/samplecallattempts.php
@@ -1,4 +1,5 @@
-<?php /**
+<?php 
+/**
  * Display sample call attempt report (A listing of how many attempts made for cases within a sample)
  *
  *
@@ -38,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/samplelist.php b/admin/samplelist.php
index 16df767c..9e6f338f 100644
--- a/admin/samplelist.php
+++ b/admin/samplelist.php
@@ -39,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include_once(dirname(__FILE__).'/../db.inc.php');
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/samplesearch.php b/admin/samplesearch.php
index 0946786e..3d35e38c 100644
--- a/admin/samplesearch.php
+++ b/admin/samplesearch.php
@@ -41,6 +41,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/shiftreport.php b/admin/shiftreport.php
index ba0e9822..9e9af606 100644
--- a/admin/shiftreport.php
+++ b/admin/shiftreport.php
@@ -1,4 +1,5 @@
-<?php /**
+<?php 
+/**
  * List and edit reports on shifts
  *
  *
@@ -38,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/shifttemplate.php b/admin/shifttemplate.php
index 79f05c91..c7651ab6 100644
--- a/admin/shifttemplate.php
+++ b/admin/shifttemplate.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/supervisor.php b/admin/supervisor.php
index f9fccb89..66328b96 100644
--- a/admin/supervisor.php
+++ b/admin/supervisor.php
@@ -13,6 +13,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/supervisorchat.php b/admin/supervisorchat.php
index eb90efe0..e28e728d 100644
--- a/admin/supervisorchat.php
+++ b/admin/supervisorchat.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/systemsort.php b/admin/systemsort.php
index 49c6b960..412ff0e9 100644
--- a/admin/systemsort.php
+++ b/admin/systemsort.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * Process
  */
diff --git a/admin/systemsortprocess.php b/admin/systemsortprocess.php
index 1a9c3bbc..9a3da1fe 100644
--- a/admin/systemsortprocess.php
+++ b/admin/systemsortprocess.php
@@ -39,6 +39,11 @@ include (dirname(__FILE__) . "/../config.inc.php");
  */
 include (dirname(__FILE__) . "/../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * Process
  */
diff --git a/admin/timezonetemplate.php b/admin/timezonetemplate.php
index 78442d1f..5f82230e 100644
--- a/admin/timezonetemplate.php
+++ b/admin/timezonetemplate.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
diff --git a/admin/voipmonitor.php b/admin/voipmonitor.php
index bb5d7155..5e454b33 100644
--- a/admin/voipmonitor.php
+++ b/admin/voipmonitor.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * Process
  */
diff --git a/appointment.php b/appointment.php
index 6085ce68..cc7eb96a 100644
--- a/appointment.php
+++ b/appointment.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/**
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
 /**
  * XHTML functions
  */
diff --git a/appointmentlist.php b/appointmentlist.php
index 88ce8265..53696a18 100644
--- a/appointmentlist.php
+++ b/appointmentlist.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/**
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
 /**
  * XHTML functions
  */
diff --git a/auth-interviewer.php b/auth-interviewer.php
new file mode 100644
index 00000000..ee9704b2
--- /dev/null
+++ b/auth-interviewer.php
@@ -0,0 +1,59 @@
+<?php
+/**
+ * Session based authentication using the Limesurvey database (interviewer)
+ *
+ *
+ *	This file is part of queXS
+ *	
+ *	queXS is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *	
+ *	queXS is distributed in the hope that it will be useful,
+ *	but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *	GNU General Public License for more details.
+ *	
+ *	You should have received a copy of the GNU General Public License
+ *	along with queXS; if not, write to the Free Software
+ *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ *
+ * @author Adam Zammit <adam.zammit@acspri.org.au>
+ * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
+ * @package queXS
+ * @subpackage user
+ * @link http://www.acspri.org.au/ queXS was writen for ACSPRI
+ * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
+ * 
+ */
+
+/**
+ * Configuration file
+ */
+include_once("config.inc.php");
+
+/**
+ * Database file
+ */
+include_once("db.inc.php");
+
+
+//get session name from DB
+//
+$sql = "SELECT stg_value
+        FROM " . LIME_PREFIX . "settings_global
+        WHERE stg_name = 'SessionName'";
+
+session_name($db->GetOne($sql));
+
+session_start();
+
+//check if the session exists or loginID not set
+if (session_id() == "" || !isset($_SESSION['loginID']))
+{
+  //need to log in
+  header('Location: include/limesurvey/admin/admin.php');
+  die();
+}
diff --git a/availability.php b/availability.php
index fd9adb02..6d873cc5 100644
--- a/availability.php
+++ b/availability.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
 /**
  * XHTML functions
  */
diff --git a/call.php b/call.php
index 3ff2b79f..977b96f6 100644
--- a/call.php
+++ b/call.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/call_interface2.php b/call_interface2.php
index ae5b3247..72e73314 100644
--- a/call_interface2.php
+++ b/call_interface2.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
 /**
  * XHTML functions
  */
diff --git a/callhistory.php b/callhistory.php
index 4adf9546..3a44f7a3 100644
--- a/callhistory.php
+++ b/callhistory.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
 /**
  * XHTML functions
  */
diff --git a/calllist.php b/calllist.php
index 45c60c31..cf00994c 100644
--- a/calllist.php
+++ b/calllist.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
 /**
  * XHTML functions
  */
diff --git a/casenote.php b/casenote.php
index 1bb68fd9..777eecff 100644
--- a/casenote.php
+++ b/casenote.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/client/auth-client.php b/client/auth-client.php
new file mode 100644
index 00000000..e27ec16c
--- /dev/null
+++ b/client/auth-client.php
@@ -0,0 +1,59 @@
+<?php
+/**
+ * Session based authentication using the Limesurvey database (client)
+ *
+ *
+ *	This file is part of queXS
+ *	
+ *	queXS is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *	
+ *	queXS is distributed in the hope that it will be useful,
+ *	but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *	GNU General Public License for more details.
+ *	
+ *	You should have received a copy of the GNU General Public License
+ *	along with queXS; if not, write to the Free Software
+ *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ *
+ * @author Adam Zammit <adam.zammit@acspri.org.au>
+ * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
+ * @package queXS
+ * @subpackage user
+ * @link http://www.acspri.org.au/ queXS was writen for ACSPRI
+ * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
+ * 
+ */
+
+/**
+ * Configuration file
+ */
+include_once(dirname(__FILE__)."/../config.inc.php");
+
+/**
+ * Database file
+ */
+include_once(dirname(__FILE__)."/../db.inc.php");
+
+
+//get session name from DB
+//
+$sql = "SELECT stg_value
+        FROM " . LIME_PREFIX . "settings_global
+        WHERE stg_name = 'SessionName'";
+
+session_name($db->GetOne($sql));
+
+session_start();
+
+//check if the session exists or loginID not set
+if (session_id() == "" || !isset($_SESSION['loginID']))
+{
+  //need to log in
+  header('Location: ../include/limesurvey/admin/admin.php');
+  die();
+}
diff --git a/client/index.php b/client/index.php
index ce8d4ccb..c3b0728c 100644
--- a/client/index.php
+++ b/client/index.php
@@ -38,6 +38,12 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include_once(dirname(__FILE__).'/../db.inc.php');
 
+/** 
+ * Authentication
+ */
+include ("auth-client.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/config.default.php b/config.default.php
index 85e84afc..e71f5f90 100644
--- a/config.default.php
+++ b/config.default.php
@@ -168,31 +168,6 @@ if (!defined('PHP_EXEC')) define('PHP_EXEC', "php");
  */
 if (!defined('ADODB_PATH')) define('ADODB_PATH',dirname(__FILE__).'/include/limesurvey/classes/adodb/');
 
-/**
- * Path to the HTPASSWD file read/writable by the web server user for htpasswd integration
- */
-if (!defined('HTPASSWD_PATH')) define('HTPASSWD_PATH',false);
-
-/**
- * Path to the HTGROUP file read/writable by the web server user for htpasswd integration
- */
-if (!defined('HTGROUP_PATH')) define('HTGROUP_PATH',false);
-
-/**
- * The name of the admin group for htaccess
- */
-if (!defined('HTGROUP_ADMIN')) define('HTGROUP_ADMIN','admin');
-
-/**
- * The name of the interviewers group for htaccess
- */
-if (!defined('HTGROUP_INTERVIEWER')) define('HTGROUP_INTERVIEWER','interviewers');
-
-/**
- * The name of the clients group for htaccess
- */
-if (!defined('HTGROUP_CLIENT')) define('HTGROUP_CLIENT','clients');
-
 /**
  * Whether to automatically assign a call as complete if VoIP disabled at the end of a completed questionnaire
  */
diff --git a/contactdetails.php b/contactdetails.php
index f5254bd8..8c93ad60 100644
--- a/contactdetails.php
+++ b/contactdetails.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/css/signin.css b/css/signin.css
new file mode 100644
index 00000000..f9a1623f
--- /dev/null
+++ b/css/signin.css
@@ -0,0 +1,40 @@
+body {
+  padding-top: 40px;
+  padding-bottom: 40px;
+  background-color: #eee;
+}
+
+.form-signin {
+  max-width: 330px;
+  padding: 15px;
+  margin: 0 auto;
+}
+.form-signin .form-signin-heading,
+.form-signin .checkbox {
+  margin-bottom: 10px;
+}
+.form-signin .checkbox {
+  font-weight: normal;
+}
+.form-signin .form-control {
+  position: relative;
+  height: auto;
+  -webkit-box-sizing: border-box;
+     -moz-box-sizing: border-box;
+          box-sizing: border-box;
+  padding: 10px;
+  font-size: 16px;
+}
+.form-signin .form-control:focus {
+  z-index: 2;
+}
+.form-signin input[type="user"] {
+  margin-bottom: -1px;
+  border-bottom-right-radius: 0;
+  border-bottom-left-radius: 0;
+}
+.form-signin input[type="password"] {
+  margin-bottom: 10px;
+  border-top-left-radius: 0;
+  border-top-right-radius: 0;
+}
diff --git a/database/quexs.sql b/database/quexs.sql
index 70968a0d..b5995636 100644
--- a/database/quexs.sql
+++ b/database/quexs.sql
@@ -955,7 +955,7 @@ CREATE TABLE `lime_users` (
 -- Dumping data for table `lime_users`
 --
 
-INSERT INTO `lime_users` (`uid`, `users_name`, `password`, `full_name`, `parent_id`, `lang`, `email`, `create_survey`, `create_user`, `participant_panel`, `delete_user`, `superadmin`, `configurator`, `manage_template`, `manage_label`, `htmleditormode`, `templateeditormode`, `questionselectormode`, `one_time_pw`, `dateformat`) VALUES(1, 'admin', 0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438, 'Your Name', 0, 'en', 'your-email@example.net', 1, 1, 0, 1, 1, 1, 1, 1, 'default', 'default', 'default', NULL, 1);
+INSERT INTO `lime_users` (`uid`, `users_name`, `password`, `full_name`, `parent_id`, `lang`, `email`, `create_survey`, `create_user`, `participant_panel`, `delete_user`, `superadmin`, `configurator`, `manage_template`, `manage_label`, `htmleditormode`, `templateeditormode`, `questionselectormode`, `one_time_pw`, `dateformat`) VALUES(1, 'admin', 0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438, 'Your Name', 0, 'auto', 'your-email@example.net', 1, 1, 0, 1, 1, 1, 1, 1, 'default', 'default', 'default', NULL, 1);
 
 -- --------------------------------------------------------
 
@@ -1007,6 +1007,9 @@ CREATE TABLE `operator` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
 
 -- --------------------------------------------------------
+INSERT INTO `operator` (`operator_id`, `username`, `firstName`, `lastName`, `Time_zone_name`, `enabled`, `voip`, `next_case_id`, `chat_enable`, `chat_user`, `chat_password`) VALUES
+(1, 'admin', 'CATI', 'Admin', 'Australia/Victoria', 1, 0, NULL, 0, '', '');
+
 
 --
 -- Table structure for table `operator_questionnaire`
@@ -1032,6 +1035,10 @@ CREATE TABLE `operator_skill` (
 
 -- --------------------------------------------------------
 
+INSERT INTO `operator_skill` (`operator_id`, `outcome_type_id`) VALUES
+(1, 1),
+(1, 5);
+
 --
 -- Table structure for table `outcome`
 --
@@ -1511,24 +1518,6 @@ INSERT INTO `sample_var_type` (`type`, `description`, `table`) VALUES(8, 'Email
 
 -- --------------------------------------------------------
 
---
--- Table structure for table `sessions2`
---
-
-CREATE TABLE `sessions2` (
-  `sesskey` varchar(64) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
-  `expiry` datetime NOT NULL,
-  `expireref` varchar(250) COLLATE utf8_unicode_ci DEFAULT '',
-  `created` datetime NOT NULL,
-  `modified` datetime NOT NULL,
-  `sessdata` longtext COLLATE utf8_unicode_ci,
-  PRIMARY KEY (`sesskey`),
-  KEY `sess2_expiry` (`expiry`),
-  KEY `sess2_expireref` (`expireref`)
-) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
-
--- --------------------------------------------------------
-
 --
 -- Table structure for table `setting`
 --
diff --git a/db.inc.php b/db.inc.php
index 568c37ba..fbacc33a 100644
--- a/db.inc.php
+++ b/db.inc.php
@@ -75,7 +75,7 @@ if (DEBUG == true) $db->debug = true;
 $db->Execute("set names 'utf8'");
 
 //store session in database (see sessions2 table)
-ADOdb_Session::config(DB_TYPE, DB_HOST, DB_USER, DB_PASS, DB_NAME,$options=false);
+ADOdb_Session::config(DB_TYPE, DB_HOST, DB_USER, DB_PASS, DB_NAME, array('table' => LIME_PREFIX . 'sessions'));
 
 
 /**
diff --git a/display/index.php b/display/index.php
deleted file mode 100644
index 8c9c4da0..00000000
--- a/display/index.php
+++ /dev/null
@@ -1,149 +0,0 @@
-<?php 
-/**
- * Display a "full screen" view of outcomes for display on a large
- * communal screen - will change views periodically
- *
- *
- *	This file is part of queXS
- *	
- *	queXS is free software; you can redistribute it and/or modify
- *	it under the terms of the GNU General Public License as published by
- *	the Free Software Foundation; either version 2 of the License, or
- *	(at your option) any later version.
- *	
- *	queXS is distributed in the hope that it will be useful,
- *	but WITHOUT ANY WARRANTY; without even the implied warranty of
- *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *	GNU General Public License for more details.
- *	
- *	You should have received a copy of the GNU General Public License
- *	along with queXS; if not, write to the Free Software
- *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- *
- *
- * @author Adam Zammit <adam.zammit@deakin.edu.au>
- * @copyright Deakin University 2007,2008
- * @package queXS
- * @subpackage user
- * @link http://www.deakin.edu.au/dcarf/ queXS was writen for DCARF - Deakin Computer Assisted Research Facility
- * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
- * 
- *
- */
-
-/**
- * Configuration file
- */
-include ("../config.inc.php");
-
-/**
- * Database file
- */
-include('../db.inc.php');
-
-/**
- * XHTML functions
- */
-include ("../functions/functions.xhtml.php");
-
-/**
- * Display functions
- */
-include ("../functions/functions.performance.php");
-
-/**
- * Input functions
- */
-include("../functions/functions.input.php");
-
-$shift_id = 0;
-$questionnaire_id = 0;
-$display_type = 0;
-
-if (isset($_GET['shift_id'])) $shift_id = bigintval($_GET['shift_id']);
-if (isset($_GET['questionnaire_id'])) $questionnaire_id = bigintval($_GET['questionnaire_id']);
-if (isset($_GET['display_type'])) $display_type= bigintval($_GET['display_type']);
-
-
-if ($display_type >= 6)
-{
-	$sql = "SELECT shift_id,questionnaire_id
-		FROM shift
-		WHERE start <= CONVERT_TZ(NOW(),'System','UTC')
-		AND end >= CONVERT_TZ(NOW(),'System','UTC')
-		AND shift_id > '$shift_id'
-		ORDER BY shift_id ASC
-		LIMIT 1";
-	$s = $db->GetRow($sql);
-
-	$display_type = 0;
-	$shift_id = 0;
-	$questionnaire_id = 0;
-
-	if (!empty($s)) 
-	{
-		$shift_id = $s['shift_id'];
-		$questionnaire_id = $s['questionnaire_id'];
-	}
-}
-
-if ($shift_id == 0)
-{
-	$sql = "SELECT shift_id,questionnaire_id
-		FROM shift
-		WHERE start <= CONVERT_TZ(NOW(),'System','UTC')
-		AND end >= CONVERT_TZ(NOW(),'System','UTC')
-		ORDER BY shift_id ASC
-		LIMIT 1";
-
-	$s = $db->GetRow($sql);
-
-	$display_type = 0;
-
-	if (!empty($s))
-	{
-		$shift_id = $s['shift_id'];
-		$questionnaire_id = $s['questionnaire_id'];
-	}	
-}
-
-$dt1 = $display_type + 1;
-xhtml_head(T_("Display"),true,array("../include/bootstrap/css/bootstrap.min.css","../include/bootstrap/css/bootstrap-theme.min.css","../css/custom.css"),false,false,"6;url=?shift_id=$shift_id&amp;questionnaire_id=$questionnaire_id&amp;display_type=$dt1");
-
-if ($shift_id == 0 || $questionnaire_id == 0)
-	display_none();
-else
-{
-	$sql = "SELECT description
-		FROM questionnaire
-		WHERE questionnaire_id = '$questionnaire_id'";
-	$n = $db->GetRow($sql);
-
-	print "<h1>{$n['description']}</h1>\n";
-
-	switch($display_type)
-	{
-		case 0:
-			display_total_completions($questionnaire_id);
-			break;
-		case 1:
-			display_completions_this_shift($questionnaire_id,$shift_id);
-			break;
-		case 2:
-			display_completions_same_time_last_shift($questionnaire_id,$shift_id);
-			break;
-		case 3:
-			display_completions_last_shift($questionnaire_id,$shift_id);
-			break;
-		case 4:
-			display_top_cph_this_shift($questionnaire_id,$shift_id);
-			break;
-		case 5:
-			display_top_cph($questionnaire_id);
-			break;
-	}
-}
-
-xhtml_foot();
-
-?>
diff --git a/email.php b/email.php
index a5e9f823..9e8d1d4a 100644
--- a/email.php
+++ b/email.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/endwork.php b/endwork.php
index c3e16290..56ec1092 100644
--- a/endwork.php
+++ b/endwork.php
@@ -36,6 +36,12 @@
  */
 include_once("lang.inc.php");
 
+/** 
+ * Authentication
+ */
+include_once("auth-interviewer.php");
+
+
 
 /**
  * XHTML functions
@@ -73,6 +79,7 @@ if (ALLOW_OPERATOR_EXTENSION_SELECT && VOIP_ENABLED)
 }
 
 print "<p><a href='index.php'>" . T_("Go back to work") . "</a></p>";
+print "<p><a href='include/limesurvey/admin/admin.php?action=logout'>" . T_("Logout") . "</a></p>";
 
 xhtml_foot();
 
diff --git a/functions/functions.client.php b/functions/functions.client.php
index 0815f873..9107b56a 100644
--- a/functions/functions.client.php
+++ b/functions/functions.client.php
@@ -41,7 +41,7 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 include_once(dirname(__FILE__).'/../db.inc.php');
 
 /**
- * Return the current client id based on PHP_AUTH_USER
+ * Return the current client id based on the SESSION loginID
  *
  * @return bool|int False if none otherwise the client id
  *
@@ -50,9 +50,12 @@ function get_client_id()
 {
 	global $db;
 
+  if (!isset($_SESSION['user']))
+    return false;
+
 	$sql = "SELECT client_id
 		FROM client
-		WHERE username = '{$_SERVER['PHP_AUTH_USER']}'";
+		WHERE username = '{$_SESSION['user']}'";
 
 	$o = $db->GetRow($sql);
 
@@ -87,4 +90,4 @@ function get_client_questionnaire($client_id)
 }
 
 
-?>
\ No newline at end of file
+?>
diff --git a/functions/functions.operator.php b/functions/functions.operator.php
index c4cd52f5..e2e39c4c 100644
--- a/functions/functions.operator.php
+++ b/functions/functions.operator.php
@@ -960,24 +960,24 @@ function get_extension($operator_id)
 
 
 /**
- * Return the current operator id based on PHP_AUTH_USER
+ * Return the current operator id based on SESSION loginID
  *
  * @return bool|int False if none otherwise the operator id
  *
  */
 function get_operator_id()
 {
-	if (!isset($_SERVER['PHP_AUTH_USER']))
+	if (!isset($_SESSION['user']))
 	{
-		print "<p>" . T_("ERROR: You do not have server side authentication enabled therefore queXS cannot determine which user is accessing the system.") . "</p>";
-		return false;
+    print "<p>" . T_("ERROR: You are not logged in.") . "</p>";
+		die();
 	}
 
 	global $db;
 
 	$sql = "SELECT operator_id
 		FROM operator
-		WHERE username = " . $db->qstr($_SERVER['PHP_AUTH_USER']) . "
+		WHERE username = " . $db->qstr($_SESSION['user']) . "
 		AND enabled = 1";
 
 	$o = $db->GetRow($sql);
diff --git a/include/limesurvey/admin/admin.php b/include/limesurvey/admin/admin.php
index 49e55b04..f4fb9c6f 100644
--- a/include/limesurvey/admin/admin.php
+++ b/include/limesurvey/admin/admin.php
@@ -792,11 +792,35 @@ if(isset($_SESSION['loginID']))
 else
 { //not logged in
 
-    sendcacheheaders();
-    if (!isset($_SESSION['metaHeader'])) {$_SESSION['metaHeader']='';}
-    $adminoutput = getAdminHeader($_SESSION['metaHeader']).$adminoutput.$loginsummary;  // All future output is written into this and then outputted at the end of file
+  sendcacheheaders();
+  $adminoutput = <<<EOD
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
+    <meta name="description" content="">
+    <meta name="author" content="">
+
+    <title>queXS Authentication</title>
+
+    <!-- Bootstrap core CSS -->
+    <link href="../../../include/bootstrap/css/bootstrap.min.css" rel="stylesheet">
+
+    <!-- Custom styles for this template -->
+    <link href="../../../css/signin.css" rel="stylesheet">
+  </head>
+
+  <body>
+
+    <div class="container">
+EOD;
+
+  $adminoutput .= $loginsummary;
+  $adminoutput .= "</div></body></html>";
     unset($_SESSION['metaHeader']);
-    $adminoutput.= "</div>\n".getAdminFooter("http://docs.limesurvey.org", $clang->gT("LimeSurvey online manual"));
 }
 if (($action=='showphpinfo') && ($_SESSION['USER_RIGHT_CONFIGURATOR'] == 1))
 {
diff --git a/include/limesurvey/admin/login_check.php b/include/limesurvey/admin/login_check.php
index fe619694..0a621678 100644
--- a/include/limesurvey/admin/login_check.php
+++ b/include/limesurvey/admin/login_check.php
@@ -154,15 +154,13 @@ if(!isset($_SESSION['loginID']) && $action != "forgotpass" && ($action != "logou
     {
         $loginsummary = '
 
-			<form class="form44" name="forgotpassword" id="forgotpassword" method="post" action="'.$homeurl.'/admin.php" >
-				<p><strong>'.$clang->gT('You have to enter user name and email.').'</strong></p>
-
-				<ul>
-						<li><label for="user">'.$clang->gT('Username').'</label><input name="user" id="user" type="text" size="60" maxlength="60" value="" /></li>
-						<li><label for="email">'.$clang->gT('Email').'</label><input name="email" id="email" type="text" size="60" maxlength="60" value="" /></li>
-						<p><input type="hidden" name="action" value="forgotpass" />
-						<input class="action" type="submit" value="'.$clang->gT('Check Data').'" />
-						<p><a href="'.$scriptname.'">'.$clang->gT('Main Admin Screen').'</a>
+			<form class="form-signin" name="forgotpassword" id="forgotpassword" method="post" action="'.$homeurl.'/admin.php" >
+				<h2>'.$clang->gT('You have to enter user name and email.').'</h2>
+						<label for="user">'.$clang->gT('Username').'</label><input name="user" id="user" class="form-control" placeholder="User name" required autofocus type="text" size="60" maxlength="60" value="" />
+						<label for="email">'.$clang->gT('Email').'</label><input name="email" id="email" class="form-control" placeholder="Email" required type="text" size="60" maxlength="60" value="" />
+						<input type="hidden" name="action" value="forgotpass" />
+						<button class="action btn btn-lg btn-primary btn-block" type="submit">'.$clang->gT('Check Data').'</button>
+						<p><a href="'.$scriptname.'">'.$clang->gT('Main Admin Screen').'</a></p>
 			</form>
             <p>&nbsp;</p>
 ';
@@ -211,21 +209,19 @@ if(!isset($_SESSION['loginID']) && $action != "forgotpass" && ($action != "logou
         {
             if (!isset($logoutsummary))
             {
-                $loginsummary = "<form name='loginform' id='loginform' method='post' action='$homeurl/admin.php' ><p><strong>".$clang->gT("You have to login first.")."</strong><br />	<br />";
+                $loginsummary = "<form name='loginform' id='loginform' class='form-signin' method='post' action='$homeurl/admin.php' ><h2>".$clang->gT("You have to login first.")."</h2><p><br />	<br />";
             }
             else
             {
-                $loginsummary = "<form name='loginform' id='loginform' method='post' action='$homeurl/admin.php' ><br /><strong>".$logoutsummary."</strong><br />	<br />";
+                $loginsummary = "<form name='loginform' id='loginform' class='form-signin' method='post' action='$homeurl/admin.php' ><br /><strong>".$logoutsummary."</strong><br />	<br />";
             }
 
-            $loginsummary .= "
-                                                            <ul>
-                                                                            <li><label for='user'>".$clang->gT("Username")."</label>
-                                                                            <input name='user' id='user' type='text' size='40' maxlength='40' value='' /></li>
-                                                                            <li><label for='password'>".$clang->gT("Password")."</label>
-                                                                            <input name='password' id='password' type='password' size='40' maxlength='40' /></li>
-                                        <li><label for='loginlang'>".$clang->gT("Language")."</label>
-                                        <select id='loginlang' name='loginlang' style='width:216px;'>\n";
+            $loginsummary .= "<label for='user'>".$clang->gT("Username")."</label>
+                                                                            <input class='form-control' placeholder='User name' required autofocus name='user' id='user' type='text' size='40' maxlength='40' value='' />
+                                                                            <label for='password'>".$clang->gT("Password")."</label>
+                                                                            <input name='password' id='password' class='form-control' placeholder='Password' required type='password' size='40' maxlength='40' />
+                                        <label for='loginlang'>".$clang->gT("Language")."</label>
+                                        <select id='loginlang' class='form-control' name='loginlang'>\n";
             $loginsummary .='<option value="default" selected="selected">'.$clang->gT('Default').'</option>';
             $lan=array();
             foreach (getlanguagedata(true) as $langkey=>$languagekind)
@@ -238,12 +234,10 @@ if(!isset($_SESSION['loginID']) && $action != "forgotpass" && ($action != "logou
 				//The following conditional statements select the browser language in the language drop down box and echoes the other options.
                 $loginsummary .= "\t\t\t\t<option value='$langkey'>".$languagekind['nativedescription']." - ".$languagekind['description']."</option>\n";
             }
-            $loginsummary .= "\t\t\t</select>\n"
-            . "</li>
-                                    </ul>
+            $loginsummary .= "\t\t\t</select>\n
                                                                             <p><input type='hidden' name='action' value='login' />
                                                                             <input type='hidden' name='refererargs' value='".$refererargs."' />
-                                                                            <input class='action' type='submit' value='".$clang->gT("Login")."' /><br />&nbsp;\n<br/>";
+                                                                            <button class='action btn btn-lg btn-primary btn-block' type='submit'>".$clang->gT("Login")."</button>";
         }
         else{
             $loginsummary .= "<p>".sprintf($clang->gT("You have exceeded you maximum login attempts. Please wait %d minutes before trying again"),($timeOutTime/60))."<br /></p>";
diff --git a/include/limesurvey/admin/sessioncontrol.php b/include/limesurvey/admin/sessioncontrol.php
index f7d6f2b6..8c78d60b 100644
--- a/include/limesurvey/admin/sessioncontrol.php
+++ b/include/limesurvey/admin/sessioncontrol.php
@@ -31,7 +31,7 @@ else {session_name("LimeSurveyAdmin");}
 
 if (session_id() == "")
 {
-    session_set_cookie_params(0,$relativeurl.'/');
+    session_set_cookie_params(0,QUEXS_PATH);
     if ($debug==0) {@session_start();}
     else  {session_start();}
 }
diff --git a/include/limesurvey/admin/usercontrol.php b/include/limesurvey/admin/usercontrol.php
index 9c9c7f32..dbdf31de 100644
--- a/include/limesurvey/admin/usercontrol.php
+++ b/include/limesurvey/admin/usercontrol.php
@@ -236,6 +236,19 @@ if (!isset($_SESSION['loginID']))
                         }
                         $loginsummary .= "<br /><br />\n";
                         GetSessionUserRights($_SESSION['loginID']);
+
+                        //go to queXS
+                        $loc = "";
+                        if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) 
+                          $loc = "admin";
+                        else
+                        {
+                          $utest = $connect->GetOne("SELECT username FROM client WHERE username = '" . $_SESSION['user'] . "'");
+                          if (!empty($utest))
+                            $loc = "client";
+                        }
+                        header('Location: ' . QUEXS_URL . $loc);
+                        die();
                     }
                     else
                     {
diff --git a/include/limesurvey/config.php b/include/limesurvey/config.php
index f98ed831..061b82cc 100644
--- a/include/limesurvey/config.php
+++ b/include/limesurvey/config.php
@@ -67,22 +67,26 @@ $debug              =   0;                 // Set this to 1 if you are looking f
                                            // LimeSurvey developers: Set this to 3 to circumvent the restriction to remove the installation directory and full access to standard templates
                                            // or to change the password. If you set it to 3 then PHP STRICT warnings will be shown additionally.
 
-$defaultlang = DEFAULT_LOCALE;
+$defaultlang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
+if (empty($defaultlang)) $defaultlang = DEFAULT_LOCALE;
+
 $defaulttemplate = "quexs";
-$useWebserverAuth = true;
-$WebserverAuth_autocreateUser = true;
-$WebserverAuth_autouserprofile = Array(
-				'full_name' => 'autouser',
-				'email' => $siteadminemail,
-				'htmledtirmode' => $defaulthtmleditormode,
-				'templatelist' => 'default,basic',
-				'create_survey' => 1,
-				'lang' => DEFAULT_LOCALE,
-				'create_user' => 1,
-				'delete_user' => 1,
-				'superadmin' => 1,
-				'configurator' => 1,
-				'manage_template' => 1,
-				'manage_label' => 1);
-
+$siteadminemail = "quexs@acspri.org.au";
+//$useWebserverAuth = true;
+//$WebserverAuth_autocreateUser = true;
+//$WebserverAuth_autouserprofile = Array(
+//				'full_name' => 'autouser',
+//				'email' => $siteadminemail,
+//				'htmledtirmode' => $defaulthtmleditormode,
+//				'templatelist' => 'default,basic',
+//				'create_survey' => 1,
+//				'lang' => DEFAULT_LOCALE,
+//				'create_user' => 1,
+//				'delete_user' => 1,
+//				'superadmin' => 1,
+//				'configurator' => 1,
+//				'manage_template' => 1,
+//				'manage_label' => 1);
+//
 
+$sessionhandler     =  'db';
diff --git a/index.php b/index.php
index 738bae87..5000ddc4 100644
--- a/index.php
+++ b/index.php
@@ -35,6 +35,11 @@
  */
 include ("config.inc.php");
 
+/**
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
 /**
  * XHTML functions
  */
diff --git a/index_interface2.php b/index_interface2.php
index c1706c12..1baa7e8e 100644
--- a/index_interface2.php
+++ b/index_interface2.php
@@ -45,6 +45,12 @@ include ("functions/functions.xhtml.php");
  */
 include("functions/functions.operator.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 
 
 $popupcall = false;
diff --git a/info.php b/info.php
index 68bfddde..040d1cb3 100644
--- a/info.php
+++ b/info.php
@@ -49,6 +49,12 @@ include ("lang.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 $js = false;
 if (AUTO_LOGOUT_MINUTES !== false)
         $js = array("include/jquery/jquery-1.4.2.min.js","js/childnap.js");
diff --git a/nocallavailable.php b/nocallavailable.php
index ae2b2ffc..5e9acc13 100644
--- a/nocallavailable.php
+++ b/nocallavailable.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
  */
 include ("functions/functions.xhtml.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
 /** 
  * Language functions
  */
diff --git a/nocaseavailable.php b/nocaseavailable.php
index 9e8fdbdc..82e8695a 100644
--- a/nocaseavailable.php
+++ b/nocaseavailable.php
@@ -41,6 +41,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/performance.php b/performance.php
index b3ac4af1..f10cfe09 100644
--- a/performance.php
+++ b/performance.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/project_info.php b/project_info.php
index ff14ecb0..e736183c 100644
--- a/project_info.php
+++ b/project_info.php
@@ -49,6 +49,12 @@ include ("lang.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * Operator
  */
diff --git a/record.php b/record.php
index cccfcfd6..09fb4de4 100644
--- a/record.php
+++ b/record.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("functions/functions.xhtml.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * Operator functions
  */
diff --git a/referral.php b/referral.php
index 97964d6b..69f28389 100644
--- a/referral.php
+++ b/referral.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/respondent.php b/respondent.php
index f8b8db6b..d6789dde 100644
--- a/respondent.php
+++ b/respondent.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/rs_answeringmachine.php b/rs_answeringmachine.php
index 77e93164..121856a2 100644
--- a/rs_answeringmachine.php
+++ b/rs_answeringmachine.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML
  */
diff --git a/rs_answeringmachine_interface2.php b/rs_answeringmachine_interface2.php
index a30d9ff3..378fbe41 100644
--- a/rs_answeringmachine_interface2.php
+++ b/rs_answeringmachine_interface2.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML
  */
diff --git a/rs_business.php b/rs_business.php
index f8e5bcda..eda0cf00 100644
--- a/rs_business.php
+++ b/rs_business.php
@@ -34,6 +34,12 @@
  */
 include ("config.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML
  */
diff --git a/rs_business_interface2.php b/rs_business_interface2.php
index eaa309bb..5c2fb5c4 100644
--- a/rs_business_interface2.php
+++ b/rs_business_interface2.php
@@ -34,6 +34,12 @@
  */
 include ("config.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML
  */
diff --git a/rs_callback.php b/rs_callback.php
index aa54b1cc..5bec0ada 100644
--- a/rs_callback.php
+++ b/rs_callback.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/rs_callback_interface2.php b/rs_callback_interface2.php
index c582af9d..670355a8 100644
--- a/rs_callback_interface2.php
+++ b/rs_callback_interface2.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/rs_intro.php b/rs_intro.php
index dc0a6f8e..1f545d7a 100644
--- a/rs_intro.php
+++ b/rs_intro.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/rs_intro_interface2.php b/rs_intro_interface2.php
index 5b0140c7..acd4c690 100644
--- a/rs_intro_interface2.php
+++ b/rs_intro_interface2.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/rs_project_end.php b/rs_project_end.php
index 5bf150fd..53ad88a6 100644
--- a/rs_project_end.php
+++ b/rs_project_end.php
@@ -40,6 +40,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/rs_project_end_interface2.php b/rs_project_end_interface2.php
index e2e10c72..a520293e 100644
--- a/rs_project_end_interface2.php
+++ b/rs_project_end_interface2.php
@@ -39,6 +39,12 @@ include_once ("config.inc.php");
  */
 include_once ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/rs_project_intro.php b/rs_project_intro.php
index 92600f28..5c6dabf2 100644
--- a/rs_project_intro.php
+++ b/rs_project_intro.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/rs_project_intro_interface2.php b/rs_project_intro_interface2.php
index 2f21a3a3..568e014e 100644
--- a/rs_project_intro_interface2.php
+++ b/rs_project_intro_interface2.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/rs_quota_end.php b/rs_quota_end.php
index daf4afcf..e65bfc0b 100644
--- a/rs_quota_end.php
+++ b/rs_quota_end.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/selectextension.php b/selectextension.php
index 42487bbb..246f284f 100644
--- a/selectextension.php
+++ b/selectextension.php
@@ -35,6 +35,12 @@
  */
 include_once("config.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/shifts.php b/shifts.php
index 0bc76406..48235aee 100644
--- a/shifts.php
+++ b/shifts.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/status.php b/status.php
index 1f0d4f74..2573463a 100644
--- a/status.php
+++ b/status.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/status_interface2.php b/status_interface2.php
index a8fdf644..c5ba8858 100644
--- a/status_interface2.php
+++ b/status_interface2.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/supervisor.php b/supervisor.php
index a26d578b..8bbc9e94 100644
--- a/supervisor.php
+++ b/supervisor.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/supervisorchat.php b/supervisorchat.php
index 57467d03..03b51e8f 100644
--- a/supervisorchat.php
+++ b/supervisorchat.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
  */
 include ("db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */
diff --git a/voip/auth-interviewer.php b/voip/auth-interviewer.php
new file mode 100644
index 00000000..e27ec16c
--- /dev/null
+++ b/voip/auth-interviewer.php
@@ -0,0 +1,59 @@
+<?php
+/**
+ * Session based authentication using the Limesurvey database (client)
+ *
+ *
+ *	This file is part of queXS
+ *	
+ *	queXS is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *	
+ *	queXS is distributed in the hope that it will be useful,
+ *	but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *	GNU General Public License for more details.
+ *	
+ *	You should have received a copy of the GNU General Public License
+ *	along with queXS; if not, write to the Free Software
+ *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ *
+ * @author Adam Zammit <adam.zammit@acspri.org.au>
+ * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
+ * @package queXS
+ * @subpackage user
+ * @link http://www.acspri.org.au/ queXS was writen for ACSPRI
+ * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
+ * 
+ */
+
+/**
+ * Configuration file
+ */
+include_once(dirname(__FILE__)."/../config.inc.php");
+
+/**
+ * Database file
+ */
+include_once(dirname(__FILE__)."/../db.inc.php");
+
+
+//get session name from DB
+//
+$sql = "SELECT stg_value
+        FROM " . LIME_PREFIX . "settings_global
+        WHERE stg_name = 'SessionName'";
+
+session_name($db->GetOne($sql));
+
+session_start();
+
+//check if the session exists or loginID not set
+if (session_id() == "" || !isset($_SESSION['loginID']))
+{
+  //need to log in
+  header('Location: ../include/limesurvey/admin/admin.php');
+  die();
+}
diff --git a/voip/downloadvoipclient.php b/voip/downloadvoipclient.php
index 89d16d96..ebb7a342 100644
--- a/voip/downloadvoipclient.php
+++ b/voip/downloadvoipclient.php
@@ -1,4 +1,5 @@
-<?php /**
+<?php 
+/**
  * Download VoIP client on an operator by operator basis
  *
  *
@@ -31,6 +32,12 @@
 
 include_once("../config.inc.php");
 include_once("../db.inc.php");
+
+/** 
+ * Authentication
+ */
+include ("../auth-interviewer.php");
+
 include_once("../functions/functions.operator.php");
 
 //---------------------
diff --git a/voip/startvoipprocess.php b/voip/startvoipprocess.php
index bc731415..5bd7cbfa 100644
--- a/voip/startvoipprocess.php
+++ b/voip/startvoipprocess.php
@@ -29,6 +29,11 @@
  * 
  */
 
+if (php_sapi_name() !== "cli")
+{
+  die();
+}
+
 /**
  * Configuration file
  */
diff --git a/voip/voipwatch.php b/voip/voipwatch.php
index e4020b91..6388a0a7 100644
--- a/voip/voipwatch.php
+++ b/voip/voipwatch.php
@@ -30,6 +30,12 @@
  * 
  */
 
+if (php_sapi_name() !== "cli")
+{
+  die();
+}
+
+
 /**
  * VoIP functions
  */
diff --git a/waitnextcase_interface2.php b/waitnextcase_interface2.php
index d1f1ded3..9e97c434 100644
--- a/waitnextcase_interface2.php
+++ b/waitnextcase_interface2.php
@@ -35,6 +35,12 @@
  */
 include_once("lang.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-interviewer.php");
+
+
 /**
  * XHTML functions
  */