merged rev. 479 from main

admin/addshift.php

@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/assignsample.php

@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/assigntimeslots.php

@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/** 
+ * Authentication
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/auth-admin.php

@@ -0,0 +1,70 @@
+<?php
+/**
+ * Session based authentication using the Limesurvey database (administrator)
+ *
+ *
+ *	This file is part of queXS
+ *	
+ *	queXS is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *	
+ *	queXS is distributed in the hope that it will be useful,
+ *	but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *	GNU General Public License for more details.
+ *	
+ *	You should have received a copy of the GNU General Public License
+ *	along with queXS; if not, write to the Free Software
+ *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ *
+ * @author Adam Zammit <adam.zammit@acspri.org.au>
+ * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
+ * @package queXS
+ * @subpackage user
+ * @link http://www.acspri.org.au/ queXS was writen for ACSPRI
+ * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
+ * 
+ */
+
+/**
+ * Configuration file
+ */
+include_once(dirname(__FILE__) . "/../config.inc.php");
+
+/**
+ * Database file
+ */
+include_once(dirname(__FILE__) . "/../db.inc.php");
+
+
+//get session name from DB
+//
+$sql = "SELECT stg_value
+        FROM " . LIME_PREFIX . "settings_global
+        WHERE stg_name = 'SessionName'";
+
+session_name($db->GetOne($sql));
+
+session_start();
+
+//check if the session exists or loginID not set
+if (session_id() == "" || !isset($_SESSION['loginID']))
+{
+  //need to log in
+  header('Location: ../include/limesurvey/admin/admin.php');
+  die();
+}
+
+if ($_SESSION['USER_RIGHT_SUPERADMIN'] != 1)
+{
+  include_once(dirname(__FILE__) . "/../lang.inc.php");
+  include_once(dirname(__FILE__) . "/../functions/functions.xhtml.php");
+  xhtml_head();
+  print "<p>" . T_("You do not have permission to access this area") . "</p>";
+  print "<p><a href='../include/limesurvey/admin/admin.php?action=logout'>" . T_("Logout") . "</a></p>";
+  xhtml_foot();
+  die();
+}

admin/availability.php

@@ -39,6 +39,12 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
+
 /**
  * XHTML functions
  */

admin/availabilitygroup.php

@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/bulkappointment.php

@@ -44,6 +44,11 @@ include ("../functions/functions.xhtml.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * Operator functions
  */

admin/callhistory.php

@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/callrestrict.php

@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/casesbyoutcome.php

@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/casestatus.php

@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/centreinfo.php

@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/clientquestionnaire.php

@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/clients.php

@@ -42,6 +42,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
@@ -56,6 +61,7 @@ if (isset($_POST['client']))
 {
 	$client = $db->qstr($_POST['client'],get_magic_quotes_gpc());
 	$firstname = $db->qstr($_POST['firstname'],get_magic_quotes_gpc());
+	$email = $db->qstr($_POST['email'],get_magic_quotes_gpc());
 	$lastname = $db->qstr($_POST['lastname'],get_magic_quotes_gpc());
 	$time_zone_name = $db->qstr($_POST['Time_zone_name'],get_magic_quotes_gpc());
 	
@@ -67,17 +73,15 @@ if (isset($_POST['client']))
 	
 		if ($db->Execute($sql))
 		{
-			if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false)
-			{
-				//Get password and add it to the configured htpassword
-				include_once("../functions/functions.htpasswd.php");
-				$htp = New Htpasswd(HTPASSWD_PATH);
-				$htg = New Htgroup(HTGROUP_PATH);
-				
-				$htp->addUser($_POST['client'],$_POST['password']);
-				$htg->addUserToGroup($_POST['client'],HTGROUP_CLIENT);
-			}
+      include_once("../include/limesurvey/admin/classes/core/sha256.php");
 
+      //Insert into lime_users
+      $sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`)
+              VALUES ($client, '" . SHA256::hashing($_POST['password']) . "',$firstname,1,0,$email,'auto')";
+
+      $db->Execute($sql);
+
+	
 			$a =  T_("Added: $client");	
 		}
 		else
@@ -142,23 +146,20 @@ function generate() {
 
 <div class="well">
 	<p><?php  echo T_("Adding a client here will allow them to access project information in the client subdirectory. You can assign a client to a particular project using the"); ?> <a href="clientquestionnaire.php"><?php  echo T_("Assign client to Questionnaire"); ?></a> <?php  echo T_("tool."); ?></p>
-	<p><?php  echo T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here."); ?></p></div>
 	
 <form enctype="multipart/form-data" action="" method="post" class="form-horizontal" name="addclient" >
 	<div class="form-group form-inline">
 		<label class="control-label col-sm-3"><?php  echo T_("Enter the username of a client to add:"); ?></label>
 		<input name="client" type="text" class="form-control pull-left" required size="40" />
 	</div>
-<?php  if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false) { ?>
 	<div class="form-group form-inline">
 		<label class="control-label col-sm-3"><?php  echo T_("Enter the password of a client to add:"); ?></label>
-		<input name="password" type="text" class="form-control pull-left" size="40" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" />
+		<input name="password" type="text" class="form-control pull-left" size="40" required />
 		<div class="form-inline">&emsp;&emsp;
 			<input type="button" onclick="generate();" value="<?php echo T_("Generate");?>" class="btn btn-default fa" />&emsp;<?php echo T_("Password with");?>&ensp;
 			<input type="number" name="number" value="25" min="8" max="50" style="width:5em;"  class="form-control" />&ensp;<?php echo T_("characters");?>
 		</div>
 	</div>
-<?php  } ?>
 	<div class="form-group form-inline">
 		<label class="control-label col-sm-3"><?php  echo T_("Enter the first name of a client to add:"); ?></label>
 		<input name="firstname" type="text" class="form-control pull-left" size="40" />
@@ -166,7 +167,11 @@ function generate() {
 	<div class="form-group form-inline">
 		<label class="control-label col-sm-3"><?php  echo T_("Enter the surname of a client to add:"); ?></label>
 		<input name="lastname" type="text" class="form-control pull-left" size="40"/>
-	</div>
+  </div>
+  <div class="form-group form-inline">
+		<label class="col-sm-3 control-label"><?php echo T_("Email") . ": ";?></label>
+    <input name="email" type="text" class="form-control pull-left"/>
+  </div>
 	<div class="form-group form-inline">
 		<label class="control-label col-sm-3"><a href='timezonetemplate.php'><?php  echo T_("Enter the Time Zone of a client to add:"); echo "</a></label>";
 		display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,false,array("value",get_setting("DEFAULT_TIME_ZONE")),true,"pull-left"); ?>

admin/dataoutput.php

@@ -1,4 +1,5 @@
-<?php /**
+<?php 
+/**
  * Output data as a fixed width ASCII file
  *
  *
@@ -43,6 +44,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/displayappointments.php

@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/extensionstatus.php

@@ -38,6 +38,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/import.php

@@ -8,6 +8,11 @@
  */
 include ("../config.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/index.php

@@ -1,6 +1,5 @@
  <?php
- /*
-
+ /**
  * Display an index of Admin tools
  *
  *
@@ -37,9 +36,24 @@ include ("../lang.inc.php");
 /**
  * Config file
  */
- include ("../config.inc.php");
- include ("../functions/functions.xhtml.php");
- $username = $_SERVER['PHP_AUTH_USER'];
+include ("../config.inc.php");
+ 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
+/*
+ * XHTML file
+ */
+include ("../functions/functions.xhtml.php");
+
+/*
+ * Operator functions
+ */
+include ("../functions/functions.operator.php");
+
+ $username = $_SESSION['user'];
  $g = 0;
  if (isset($_GET['g'])) 
    $g = intval($_GET['g']);
@@ -75,11 +89,11 @@ include ("../lang.inc.php");
               <i class="fa fa-user fa fa-fw "></i><?php print T_("Logged as:") . "&ensp;" . $username ;?>           
             </a>
 			<!--- User menu // not connected to pages so not working yet //  could be hidden -->
-<!---       <ul class="dropdown-menu" role="menu">
-              <li><a href="?page=settings.php"><i class="fa fa-cogs fa-fw "></i>&ensp;<?php print T_("Settings"); ?></a></li>
-			  <li><a href="../screenloc.php"><i class="fa fa-lock fa-fw "></i>&ensp;<?php print T_("Lock Screen"); ?></a></li>
-              <li><a href="../logout.php"><i class="fa fa-sign-out fa-fw "></i>&ensp;<?php print T_("Logout"); ?> </a></li>
-            </ul> -->
+       <ul class="dropdown-menu" role="menu">
+              <li><a href="?g=5&amp;page=operatorlist.php?edit=<?php print get_operator_id(); ?>"><i class="fa fa-cogs fa-fw "></i>&ensp;<?php print T_("Settings"); ?></a></li>
+<!---			  <li><a href="../screenloc.php"><i class="fa fa-lock fa-fw "></i>&ensp;<?php print T_("Lock Screen"); ?></a></li> -->
+              <li><a href="../include/limesurvey/admin/admin.php?action=logout"><i class="fa fa-sign-out fa-fw "></i>&ensp;<?php print T_("Logout"); ?> </a></li>
+            </ul> 
           </li>
         </ul>
 	  

admin/new.php

@@ -11,6 +11,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
@@ -378,4 +383,4 @@ else { ?>
 
 <?php 
 xhtml_foot($js_foot);//
-?>
+?>

admin/operatorlist.php

@@ -39,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include_once(dirname(__FILE__).'/../db.inc.php');
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
@@ -50,30 +55,50 @@ $msg = "";
 if (isset($_POST['submit']))
 {
 	$operator_id = intval($_POST['operator_id']);
-	$chat_enable = $voip = $enabled = 0;
+  $superadmin = $chat_enable = $voip = $enabled = 0;
 	if (isset($_POST['voip'])) $voip = 1;
 	if (isset($_POST['chat_enable'])) $chat_enable = 1;
 	if (isset($_POST['enabled'])) $enabled = 1;
+	if (isset($_POST['admin'])) $superadmin = 1;
 
-	if (HTPASSWD_PATH !== false && $_POST['existing_username'] != $_POST['username'] && empty($_POST['password']))
-	{
-		$msg = "<div class='alert alert-danger'><h3>" . T_("If changing usernames, you must specify a new password") . "</h3></div>";
-	}
-	else
-	{
-		$sql = "UPDATE operator
-			SET username = " . $db->qstr($_POST['username']) . ",
-			lastName = " . $db->qstr($_POST['lastName']) . ",
-			firstName = " . $db->qstr($_POST['firstName']) . ",
-			chat_user = " . $db->qstr($_POST['chat_user']) . ",
-			chat_password = " . $db->qstr($_POST['chat_password']) . ",
-			Time_zone_name = " . $db->qstr($_POST['timezone']) . ",
-			voip = $voip, enabled = $enabled, chat_enable = $chat_enable
-			WHERE operator_id = $operator_id";
+  //get username
+  $sql = "SELECT username
+          FROM operator
+          WHERE operator_id = $operator_id";
 
-		$rs = $db->Execute($sql);
+  $uname = $db->GetOne($sql);
 
-		if (!empty($rs))
+  $sql = "UPDATE " . LIME_PREFIX . "users 
+          SET users_name = " . $db->qstr($_POST['username']) . ",
+          email = " . $db->qstr($_POST['email']) . ",
+          full_name = " . $db->qstr($_POST['firstName']) . ",
+          superadmin = $superadmin";
+
+  if (!empty($_POST['password']))
+  {
+    include_once("../include/limesurvey/admin/classes/core/sha256.php");
+    $sql .= ", password = '" . SHA256::hashing($_POST['password']) . "' ";
+  }
+
+  $sql .= " WHERE users_name = '$uname'";
+
+  $rs = $db->Execute($sql);
+
+  if (!empty($rs))
+  {
+    $sql = "UPDATE operator
+      SET username = " . $db->qstr($_POST['username']) . ",
+      lastName = " . $db->qstr($_POST['lastName']) . ",
+      firstName = " . $db->qstr($_POST['firstName']) . ",
+      chat_user = " . $db->qstr($_POST['chat_user']) . ",
+      chat_password = " . $db->qstr($_POST['chat_password']) . ",
+      Time_zone_name = " . $db->qstr($_POST['timezone']) . ",
+      voip = $voip, enabled = $enabled, chat_enable = $chat_enable
+      WHERE operator_id = $operator_id";
+
+    $rs = $db->Execute($sql);
+
+    if (!empty($rs))
     {
       //only update extension if we aren't on a case
       $sql = "SELECT case_id
@@ -89,38 +114,28 @@ if (isset($_POST['submit']))
                 WHERE current_operator_id= $operator_id";
 
         $db->Execute($sql);
-  
+
         if (!empty($_POST['extension_id']))
         {
           $sql = "UPDATE extension
                   SET current_operator_id = $operator_id
                   WHERE extension_id = " . intval($_POST['extension_id']);
-  
+
           $db->Execute($sql);
         }
       }
-
-			if (HTPASSWD_PATH !== false && !empty($_POST['password']))
-			{
-				//update password in htaccess
-				include_once(dirname(__FILE__).'/../functions/functions.htpasswd.php');
-				$htp = New Htpasswd(HTPASSWD_PATH);
-				$htp->deleteUser($_POST["existing_username"]);
-				$htp->deleteUser($_POST["username"]);
-				$htp->addUser($_POST["username"],$_POST["password"]);
-				$htg = New Htgroup(HTGROUP_PATH);
-				$htg->deleteUserFromGroup($_POST["existing_username"],HTGROUP_INTERVIEWER);
-				$htg->addUserToGroup($_POST["username"],HTGROUP_INTERVIEWER);
-			}
-
-			$msg = "<div class='alert alert-info'><h3>" . T_("Successfully updated user") . ": " . $_POST['username'] . "</h3></div>";
-		}
-		else
-		{
-			$msg = "<div class='alert alert-danger'><h3>" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "</h3></div>";
-		}
-	}
-	$_GET['edit'] = $operator_id;
+      $msg = "<div class='alert alert-info'><h3>" . T_("Successfully updated user") . ": " . $_POST['username'] . "</h3></div>";
+    }
+    else
+    {
+      $msg = "<div class='alert alert-danger'><h3>" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "</h3></div>";
+    }
+  }
+  else
+  {
+      $msg = "<div class='alert alert-danger'><h3>" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "</h3></div>";
+  }
+  $_GET['edit'] = $operator_id;
 }
 
 
@@ -130,9 +145,10 @@ if (isset($_GET['edit']))
 
 	$operator_id = intval($_GET['edit']);
 
-	$sql = "SELECT *
-		FROM operator
-		WHERE operator_id = $operator_id";
+	$sql = "SELECT o.*,l.superadmin,l.email,l.parent_id
+		FROM operator as o, " . LIME_PREFIX ."users as l
+    WHERE o.operator_id = $operator_id
+    AND l.users_name = o.username";
 
 	$rs = $db->GetRow($sql);
 
@@ -200,7 +216,6 @@ function generate() {
 		<label for="username" class="col-sm-3 control-label"><?php echo T_("Username") . ": "; ?></label>
 		<div class="col-sm-3"><input type='text' name='username' class="form-control" value="<?php echo $rs['username'];?>"/></div>
 	</div>
-<?php if (HTPASSWD_PATH !== false) { ?>
 	<div class="form-group">
 		<label for="password" class="col-sm-3 control-label"><?php echo T_("Password") . ": "; ?></label>
 		<div class="col-sm-3"><input type='text' name='password' class="form-control" placeholder="<?php echo T_("leave blank to keep existing password");?>"/></div>
@@ -209,7 +224,6 @@ function generate() {
 			<input type="number" name="number" value="25" min="8" max="50" style="width:5em;" class="form-control" />&ensp;<?php echo T_("characters");?>
 		</div>
 	</div>
-<?php } ?>
 	<div class="form-group">
 		<label for="firstName" class="col-sm-3 control-label"><?php echo T_("First name") . ": "; ?></label>
 		<div class="col-sm-3"><input type='text' name='firstName' class="form-control" value="<?php echo $rs['firstName'];?>"/></div>
@@ -218,6 +232,10 @@ function generate() {
 		<label for="lastName" class="col-sm-3 control-label"><?php echo T_("Last name") . ": "; ?></label>
 		<div class="col-sm-3"><input type='text' name='lastName'  class="form-control" value="<?php echo $rs['lastName'];?>"/></div>
 	</div>
+	<div class="form-group">
+		<label for="email" class="col-sm-3 control-label"><?php echo T_("Email") . ": "; ?></label>
+		<div class="col-sm-3"><input type='text' name='email'  class="form-control" value="<?php echo $rs['email'];?>"/></div>
+	</div>
 	<div class="form-group">
 		<label for="timezone" class="col-sm-3 control-label"><?php echo T_("Timezone") . ": ";?></label>
 		<div class="col-sm-3"><?php display_chooser($tz,"timezone","timezone",false,false,false,true,array("value",$rs['Time_zone_name']),true,"form-inline"); ?></div>
@@ -245,6 +263,10 @@ function generate() {
 	<div class="form-group">
 		<label for="chat_password" class="col-sm-3 control-label"><?php echo T_("Jabber/XMPP chat password") . ": "; ?></label>
 		<div class="col-sm-3"><input type='text' name='chat_password' class="form-control" value="<?php echo $rs['chat_password'];?>"/></div>
+  </div>
+	<div class="form-group">
+		<label for="admin" class="col-sm-3 control-label"><?php echo T_("Is the operator a system administrator?");?></label>
+    <div class="col-sm-3"><input name="admin" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="primary" data-onstyle="danger" <?php if ($rs['superadmin'] || ($rs['parent_id'] == 0)) echo " checked=\"checked\" "; if ($rs['parent_id'] == 0) echo " disabled=\"disabled\" "; ?> value="1"/></div>
 	</div>
 	<div class="form-group">
 		<label for="chat_enable" class="col-sm-3 control-label"><?php echo T_("Uses chat") . "? ";?></label>

admin/operatorperformance.php

@@ -38,6 +38,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/operatorquestionnaire.php

@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/operators.php

@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */
@@ -52,6 +57,8 @@ $a = false;
 if (isset($_POST['operator']) && isset($_POST['adduser']))
 {
 	$operator = $db->qstr($_POST['operator'],get_magic_quotes_gpc());
+	$email= $db->qstr($_POST['email'],get_magic_quotes_gpc());
+	$password = $db->qstr($_POST['password'],get_magic_quotes_gpc());
 	$firstname = $db->qstr($_POST['firstname'],get_magic_quotes_gpc());
 	$lastname = $db->qstr($_POST['lastname'],get_magic_quotes_gpc());
 	$chat_user = $db->qstr($_POST['chat_user'],get_magic_quotes_gpc());
@@ -91,12 +98,14 @@ if (isset($_POST['operator']) && isset($_POST['adduser']))
 	}
 	$supervisor = 0;
 	$temporary = 0;
+	$admin = 0;
 	$refusal = 0;
 	$voip = 0;
 	$chat = 0;
 	if (isset($_POST['supervisor']) && $_POST['supervisor'] == "on") $supervisor = 1;
 	if (isset($_POST['refusal']) && $_POST['refusal'] == "on") $refusal = 1;
 	if (isset($_POST['temporary']) && $_POST['temporary'] == "on") $temporary = 1;	
+	if (isset($_POST['admin']) && $_POST['admin'] == "on") $admin = 1;	
 	if (isset($_POST['voip']) && $_POST['voip'] == "on") $voip = 1;	
 	if (isset($_POST['chat_enable']) && $_POST['chat_enable'] == "on") $chat = 1;	
 
@@ -108,7 +117,15 @@ if (isset($_POST['operator']) && isset($_POST['adduser']))
 	
 		if ($db->Execute($sql))
     {
-			$oid = $db->Insert_ID();
+      $oid = $db->Insert_ID();
+
+      include_once("../include/limesurvey/admin/classes/core/sha256.php");
+
+      //Insert into lime_users
+      $sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`)
+              VALUES ($operator, '" . SHA256::hashing($_POST['password']) . "',$firstname,1,$admin,$email,'auto')";
+
+      $db->Execute($sql);
 
 			if (FREEPBX_PATH !== false)
       {
@@ -130,20 +147,6 @@ if (isset($_POST['operator']) && isset($_POST['adduser']))
         $db->Execute($sql);
       }
 
-			if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false)
-			{
-				//Get password and add it to the configured htpassword
-				include_once("../functions/functions.htpasswd.php");
-				$htp = New Htpasswd(HTPASSWD_PATH);
-				$htg = New Htgroup(HTGROUP_PATH);
-				
-				$htp->addUser($_POST['operator'],$_POST['password']);
-				$htg->addUserToGroup($_POST['operator'],HTGROUP_INTERVIEWER);
-
-				if ($supervisor)
-					$htg->addUserGroup(HTGROUP_ADMIN);
-			}
-	
 			$a = "<div class='alert alert-info'><h3>" . T_("Added operator :") . " " .  $operator . "</h3>";	
 
 			if (FREEPBX_PATH !== false)
@@ -183,7 +186,7 @@ if ($a) {
 else {
 	echo "<div class='well'>";
 		//echo "<p>" . T_("Adding an operator here will give the user the ability to call cases") . "<a href='operatorquestionnaire.php'>" . T_("Assign Operator to Questionnaire") . "</a>" . T_("tool") . ".</p>"; 
-		echo "<p>" . T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here.") . "</p>"; 
+		//echo "<p>" . T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here.") . "</p>"; 
 		echo "<p>" . T_("The username and extension must be unique for each operator.") . "</p>";
 	echo "</div>";
 }
@@ -242,16 +245,14 @@ function generate() {
 		<label class="col-sm-3 control-label"><?php echo T_("Username") . ": ";?></label>
 		<div class="col-sm-3"><input name="operator" type="text" class="form-control" required /></div>
 	</div>
-<?php  if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false) { ?>
 	<div class="form-group">
 		<label class="col-sm-3 control-label"><?php echo T_("Password") . ": ";?></label>
-		<div class="col-sm-3"><input name="password" id="password" type="text" class="form-control" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" /></div>
+		<div class="col-sm-3"><input name="password" id="password" type="text" class="form-control" required /></div>
 		<div class="col-sm-6 form-inline">&emsp;
 			<input type="button" onclick="generate();" value="<?php echo T_("Generate");?>" class="btn btn-default fa" />&emsp;<?php echo T_("Password with");?>&ensp;
 			<input type="number" name="number" value="25" min="8" max="50" style="width:5em;"  class="form-control" />&ensp;<?php echo T_("characters");?>
 		</div>
 	</div>
-<?php  } ?> 
 	<div class="form-group">
 		<label class="col-sm-3 control-label"><?php echo T_("First name") . ": ";?></label>
 		<div class="col-sm-3"><input name="firstname" type="text" class="form-control" required/></div>
@@ -260,6 +261,10 @@ function generate() {
 		<label class="col-sm-3 control-label"><?php echo T_("Last name") . ": ";?></label>
 		<div class="col-sm-3"><input name="lastname" type="text" class="form-control"/></div>
 	</div>
+  <div class="form-group">
+		<label class="col-sm-3 control-label"><?php echo T_("Email") . ": ";?></label>
+		<div class="col-sm-3"><input name="email" type="text" class="form-control"/></div>
+	</div>
 	<div class="form-group">
 		<label class="col-sm-3 control-label"><?php echo T_("Timezone") . ": ";?></label>
 		<div class="col-sm-3"><?php display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,true,array("value",get_setting("DEFAULT_TIME_ZONE")),true,"form-inline");?></div>
@@ -295,6 +300,10 @@ function generate() {
 		<label class="col-sm-3 control-label"><?php echo T_("Uses chat") . "? ";?></label>
 		<div class="col-sm-3"><input name="chat_enable" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" /></div>
 	</div>
+	<div class="form-group">
+		<label class="col-sm-3 control-label"><?php echo T_("Is the operator a system administrator?");?></label>
+		<div class="col-sm-3"><input name="admin" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="primary" data-onstyle="danger"/></div>
+	</div>
 	<div class="form-group">
 		<label class="col-sm-3 control-label"><?php echo T_("Is the operator a normal interviewer?");?></label>
 		<div class="col-sm-3"><input name="temporary" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="danger" checked="checked"/></div>

admin/operatorskill.php

@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/outcomes.php

@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include_once(dirname(__FILE__).'/../db.inc.php');
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/process.php

@@ -39,6 +39,11 @@ include (dirname(__FILE__) . "/../config.inc.php");
  */
 include (dirname(__FILE__) . "/../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * Process
  */

admin/questionnairelist.php

@@ -39,6 +39,11 @@ include("../config.inc.php");
  */
 include("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/questionnaireprefill.php

@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/quota.php

@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/quotareport.php

@@ -41,6 +41,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/quotarow.php

@@ -41,6 +41,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/samplecallattempts.php

@@ -1,4 +1,5 @@
-<?php /**
+<?php 
+/**
  * Display sample call attempt report (A listing of how many attempts made for cases within a sample)
  *
  *
@@ -38,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/samplelist.php

@@ -39,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include_once(dirname(__FILE__).'/../db.inc.php');
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/samplesearch.php

@@ -41,6 +41,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/shiftreport.php

@@ -1,4 +1,5 @@
-<?php /**
+<?php 
+/**
  * List and edit reports on shifts
  *
  *
@@ -38,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/shifttemplate.php

@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/supervisor.php

@@ -13,6 +13,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/supervisorchat.php

@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/systemsort.php

@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * Process
  */

admin/systemsortprocess.php

@@ -39,6 +39,11 @@ include (dirname(__FILE__) . "/../config.inc.php");
  */
 include (dirname(__FILE__) . "/../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * Process
  */

admin/timezonetemplate.php

@@ -40,6 +40,11 @@ include("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * XHTML functions
  */

admin/voipmonitor.php

@@ -39,6 +39,11 @@ include ("../config.inc.php");
  */
 include ("../db.inc.php");
 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
  * Process
  */