merged rev. 479 from main

functions/functions.client.php

@@ -41,7 +41,7 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 include_once(dirname(__FILE__).'/../db.inc.php');
 
 /**
- * Return the current client id based on PHP_AUTH_USER
+ * Return the current client id based on the SESSION loginID
  *
  * @return bool|int False if none otherwise the client id
  *
@@ -50,9 +50,12 @@ function get_client_id()
 {
 	global $db;
 
+  if (!isset($_SESSION['user']))
+    return false;
+
 	$sql = "SELECT client_id
 		FROM client
-		WHERE username = '{$_SERVER['PHP_AUTH_USER']}'";
+		WHERE username = '{$_SESSION['user']}'";
 
 	$o = $db->GetRow($sql);
 
@@ -87,4 +90,4 @@ function get_client_questionnaire($client_id)
 }
 
 
-?>
+?>

functions/functions.operator.php

@@ -960,24 +960,24 @@ function get_extension($operator_id)
 
 
 /**
- * Return the current operator id based on PHP_AUTH_USER
+ * Return the current operator id based on SESSION loginID
  *
  * @return bool|int False if none otherwise the operator id
  *
  */
 function get_operator_id()
 {
-	if (!isset($_SERVER['PHP_AUTH_USER']))
+	if (!isset($_SESSION['user']))
 	{
-		print "<p>" . T_("ERROR: You do not have server side authentication enabled therefore queXS cannot determine which user is accessing the system.") . "</p>";
-		return false;
+    print "<p>" . T_("ERROR: You are not logged in.") . "</p>";
+		die();
 	}
 
 	global $db;
 
 	$sql = "SELECT operator_id
 		FROM operator
-		WHERE username = " . $db->qstr($_SERVER['PHP_AUTH_USER']) . "
+		WHERE username = " . $db->qstr($_SESSION['user']) . "
 		AND enabled = 1";
 
 	$o = $db->GetRow($sql);