Talenttic_survey/CATI_Tool
2
0
Fork 0
mirror of https://github.com/ACSPRI/queXS synced 2024-04-02 12:12:16 +00:00
Code Issues Releases Activity

merged rev. 479 from main

Browse Source
This commit is contained in:
Alex
2015-09-03 14:47:03 +03:00
parent c70eb93ef5 32b4f042eb
commit b0ea86fc34
104 changed files with 1016 additions and 344 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
CHANGELOG
View File

@@ -1,3 +1,29 @@
queXS 1.14.0 - Changes since 1.13.1
Database changes for session authentication:
/* Make the first user the admin user - with default password of: password */
INSERT INTO `lime_users` (`users_name`, `password`, `full_name`, `parent_id`, `lang`, `superadmin`)
SELECT username, '0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438', firstName, 0, 'auto', 1
FROM operators
WHERE operator_id = 1;
/* Make all other users operators - with default password of: password */
INSERT INTO `lime_users` (`users_name`, `password`, `full_name`, `parent_id`, `lang`, `superadmin`)
SELECT username, '0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438', firstName, 1, 'auto', 0
FROM operators
WHERE operator_id != 1;
/* Make all clients - with default password of: password */
INSERT INTO `lime_users` (`users_name`, `password`, `full_name`, `parent_id`, `lang`, `superadmin`)
SELECT username, '0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438', firstName, 1, 'auto', 0
FROM clients
WHERE 1;
/* Remove redundant table */
DROP TABLE `sessions2`;
queXS 1.13.1 - Changes since 1.13.0
Fixed Bug: Remove references to old DEFAULT_TIME_ZONE config constant (use get_settings instead)
@@ -23,7 +49,6 @@ INSERT INTO `outcome` (`outcome_id`, `aapor_id`, `description`, `default_delay_m
INSERT INTO `outcome` (`outcome_id`, `aapor_id`, `description`, `default_delay_minutes`, `outcome_type_id`, `tryanother`, `contacted`, `tryagain`, `eligible`, `require_note`, `calc`) VALUES(44, '2.30', 'Max call attempts reached (Eligible)', 0, 1, 0, 1, 1, 1, 0, 'O');
INSERT INTO `outcome` (`outcome_id`, `aapor_id`, `description`, `default_delay_minutes`, `outcome_type_id`, `tryanother`, `contacted`, `tryagain`, `eligible`, `require_note`, `calc`) VALUES(45, '2.30', 'Max calls reached (Eligible)', 0, 1, 0, 1, 1, 1, 0, 'O');
queXS 1.13.0 - Changes since 1.12.1
Overall changes:

5
admin/addshift.php
View File

@@ -39,6 +39,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/assignsample.php
View File

@@ -40,6 +40,11 @@ include("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/assigntimeslots.php
View File

@@ -40,6 +40,11 @@ include("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

70
admin/auth-admin.php Normal file
View File

@@ -0,0 +1,70 @@
<?php
/**
* Session based authentication using the Limesurvey database (administrator)
*
*
* This file is part of queXS
*
* queXS is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* queXS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with queXS; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*
* @author Adam Zammit <adam.zammit@acspri.org.au>
* @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
* @package queXS
* @subpackage user
* @link http://www.acspri.org.au/ queXS was writen for ACSPRI
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
*
*/
/**
* Configuration file
*/
include_once(dirname(__FILE__) . "/../config.inc.php");
/**
* Database file
*/
include_once(dirname(__FILE__) . "/../db.inc.php");
//get session name from DB
//
$sql = "SELECT stg_value
FROM " . LIME_PREFIX . "settings_global
WHERE stg_name = 'SessionName'";
session_name($db->GetOne($sql));
session_start();
//check if the session exists or loginID not set
if (session_id() == "" || !isset($_SESSION['loginID']))
{
//need to log in
header('Location: ../include/limesurvey/admin/admin.php');
die();
}
if ($_SESSION['USER_RIGHT_SUPERADMIN'] != 1)
{
include_once(dirname(__FILE__) . "/../lang.inc.php");
include_once(dirname(__FILE__) . "/../functions/functions.xhtml.php");
xhtml_head();
print "<p>" . T_("You do not have permission to access this area") . "</p>";
print "<p><a href='../include/limesurvey/admin/admin.php?action=logout'>" . T_("Logout") . "</a></p>";
xhtml_foot();
die();
}

6
admin/availability.php
View File

@@ -39,6 +39,12 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/availabilitygroup.php
View File

@@ -40,6 +40,11 @@ include("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/bulkappointment.php
View File

@@ -44,6 +44,11 @@ include ("../functions/functions.xhtml.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* Operator functions
*/

5
admin/callhistory.php
View File

@@ -39,6 +39,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/callrestrict.php
View File

@@ -39,6 +39,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/casesbyoutcome.php
View File

@@ -39,6 +39,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/casestatus.php
View File

@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/centreinfo.php
View File

@@ -40,6 +40,11 @@ include("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/clientquestionnaire.php
View File

@@ -39,6 +39,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

35
admin/clients.php
View File

@@ -42,6 +42,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/
@@ -56,6 +61,7 @@ if (isset($_POST['client']))
{
$client = $db->qstr($_POST['client'],get_magic_quotes_gpc());
$firstname = $db->qstr($_POST['firstname'],get_magic_quotes_gpc());
$email = $db->qstr($_POST['email'],get_magic_quotes_gpc());
$lastname = $db->qstr($_POST['lastname'],get_magic_quotes_gpc());
$time_zone_name = $db->qstr($_POST['Time_zone_name'],get_magic_quotes_gpc());
@@ -67,17 +73,15 @@ if (isset($_POST['client']))
if ($db->Execute($sql))
{
if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false)
{
//Get password and add it to the configured htpassword
include_once("../functions/functions.htpasswd.php");
$htp = New Htpasswd(HTPASSWD_PATH);
$htg = New Htgroup(HTGROUP_PATH);
$htp->addUser($_POST['client'],$_POST['password']);
$htg->addUserToGroup($_POST['client'],HTGROUP_CLIENT);
}
include_once("../include/limesurvey/admin/classes/core/sha256.php");
//Insert into lime_users
$sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`)
VALUES ($client, '" . SHA256::hashing($_POST['password']) . "',$firstname,1,0,$email,'auto')";
$db->Execute($sql);
$a = T_("Added: $client");
}
else
@@ -142,23 +146,20 @@ function generate() {
<div class="well">
<p><?php echo T_("Adding a client here will allow them to access project information in the client subdirectory. You can assign a client to a particular project using the"); ?> <a href="clientquestionnaire.php"><?php echo T_("Assign client to Questionnaire"); ?></a> <?php echo T_("tool."); ?></p>
<p><?php echo T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here."); ?></p></div>
<form enctype="multipart/form-data" action="" method="post" class="form-horizontal" name="addclient" >
<div class="form-group form-inline">
<label class="control-label col-sm-3"><?php echo T_("Enter the username of a client to add:"); ?></label>
<input name="client" type="text" class="form-control pull-left" required size="40" />
</div>
<?php if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false) { ?>
<div class="form-group form-inline">
<label class="control-label col-sm-3"><?php echo T_("Enter the password of a client to add:"); ?></label>
<input name="password" type="text" class="form-control pull-left" size="40" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" />
<input name="password" type="text" class="form-control pull-left" size="40" required />
<div class="form-inline">&emsp;&emsp;
<input type="button" onclick="generate();" value="<?php echo T_("Generate");?>" class="btn btn-default fa" />&emsp;<?php echo T_("Password with");?>&ensp;
<input type="number" name="number" value="25" min="8" max="50" style="width:5em;" class="form-control" />&ensp;<?php echo T_("characters");?>
</div>
</div>
<?php } ?>
<div class="form-group form-inline">
<label class="control-label col-sm-3"><?php echo T_("Enter the first name of a client to add:"); ?></label>
<input name="firstname" type="text" class="form-control pull-left" size="40" />
@@ -166,7 +167,11 @@ function generate() {
<div class="form-group form-inline">
<label class="control-label col-sm-3"><?php echo T_("Enter the surname of a client to add:"); ?></label>
<input name="lastname" type="text" class="form-control pull-left" size="40"/>
</div>
</div>
<div class="form-group form-inline">
<label class="col-sm-3 control-label"><?php echo T_("Email") . ": ";?></label>
<input name="email" type="text" class="form-control pull-left"/>
</div>
<div class="form-group form-inline">
<label class="control-label col-sm-3"><a href='timezonetemplate.php'><?php echo T_("Enter the Time Zone of a client to add:"); echo "</a></label>";
display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,false,array("value",get_setting("DEFAULT_TIME_ZONE")),true,"pull-left"); ?>

8
admin/dataoutput.php
View File

@@ -1,4 +1,5 @@
<?php /**
<?php
/**
* Output data as a fixed width ASCII file
*
*
@@ -43,6 +44,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/displayappointments.php
View File

@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/extensionstatus.php
View File

@@ -38,6 +38,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/import.php
View File

@@ -8,6 +8,11 @@
*/
include ("../config.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

34
admin/index.php
View File

@@ -1,6 +1,5 @@
<?php
/*
/**
* Display an index of Admin tools
*
*
@@ -37,9 +36,24 @@ include ("../lang.inc.php");
/**
* Config file
*/
include ("../config.inc.php");
include ("../functions/functions.xhtml.php");
$username = $_SERVER['PHP_AUTH_USER'];
include ("../config.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/*
* XHTML file
*/
include ("../functions/functions.xhtml.php");
/*
* Operator functions
*/
include ("../functions/functions.operator.php");
$username = $_SESSION['user'];
$g = 0;
if (isset($_GET['g']))
$g = intval($_GET['g']);
@@ -75,11 +89,11 @@ include ("../lang.inc.php");
<i class="fa fa-user fa fa-fw "></i><?php print T_("Logged as:") . "&ensp;" . $username ;?>
</a>
<!--- User menu // not connected to pages so not working yet // could be hidden -->
<!--- <ul class="dropdown-menu" role="menu">
<li><a href="?page=settings.php"><i class="fa fa-cogs fa-fw "></i>&ensp;<?php print T_("Settings"); ?></a></li>
<li><a href="../screenloc.php"><i class="fa fa-lock fa-fw "></i>&ensp;<?php print T_("Lock Screen"); ?></a></li>
<li><a href="../logout.php"><i class="fa fa-sign-out fa-fw "></i>&ensp;<?php print T_("Logout"); ?> </a></li>
</ul> -->
<ul class="dropdown-menu" role="menu">
<li><a href="?g=5&amp;page=operatorlist.php?edit=<?php print get_operator_id(); ?>"><i class="fa fa-cogs fa-fw "></i>&ensp;<?php print T_("Settings"); ?></a></li>
<!--- <li><a href="../screenloc.php"><i class="fa fa-lock fa-fw "></i>&ensp;<?php print T_("Lock Screen"); ?></a></li> -->
<li><a href="../include/limesurvey/admin/admin.php?action=logout"><i class="fa fa-sign-out fa-fw "></i>&ensp;<?php print T_("Logout"); ?> </a></li>
</ul>
</li>
</ul>

7
admin/new.php
View File

@@ -11,6 +11,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/
@@ -378,4 +383,4 @@ else { ?>
<?php
xhtml_foot($js_foot);//
?>
?>

116
admin/operatorlist.php
View File

@@ -39,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
*/
include_once(dirname(__FILE__).'/../db.inc.php');
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/
@@ -50,30 +55,50 @@ $msg = "";
if (isset($_POST['submit']))
{
$operator_id = intval($_POST['operator_id']);
$chat_enable = $voip = $enabled = 0;
$superadmin = $chat_enable = $voip = $enabled = 0;
if (isset($_POST['voip'])) $voip = 1;
if (isset($_POST['chat_enable'])) $chat_enable = 1;
if (isset($_POST['enabled'])) $enabled = 1;
if (isset($_POST['admin'])) $superadmin = 1;
if (HTPASSWD_PATH !== false && $_POST['existing_username'] != $_POST['username'] && empty($_POST['password']))
{
$msg = "<div class='alert alert-danger'><h3>" . T_("If changing usernames, you must specify a new password") . "</h3></div>";
}
else
{
$sql = "UPDATE operator
SET username = " . $db->qstr($_POST['username']) . ",
lastName = " . $db->qstr($_POST['lastName']) . ",
firstName = " . $db->qstr($_POST['firstName']) . ",
chat_user = " . $db->qstr($_POST['chat_user']) . ",
chat_password = " . $db->qstr($_POST['chat_password']) . ",
Time_zone_name = " . $db->qstr($_POST['timezone']) . ",
voip = $voip, enabled = $enabled, chat_enable = $chat_enable
WHERE operator_id = $operator_id";
//get username
$sql = "SELECT username
FROM operator
WHERE operator_id = $operator_id";
$rs = $db->Execute($sql);
$uname = $db->GetOne($sql);
if (!empty($rs))
$sql = "UPDATE " . LIME_PREFIX . "users
SET users_name = " . $db->qstr($_POST['username']) . ",
email = " . $db->qstr($_POST['email']) . ",
full_name = " . $db->qstr($_POST['firstName']) . ",
superadmin = $superadmin";
if (!empty($_POST['password']))
{
include_once("../include/limesurvey/admin/classes/core/sha256.php");
$sql .= ", password = '" . SHA256::hashing($_POST['password']) . "' ";
}
$sql .= " WHERE users_name = '$uname'";
$rs = $db->Execute($sql);
if (!empty($rs))
{
$sql = "UPDATE operator
SET username = " . $db->qstr($_POST['username']) . ",
lastName = " . $db->qstr($_POST['lastName']) . ",
firstName = " . $db->qstr($_POST['firstName']) . ",
chat_user = " . $db->qstr($_POST['chat_user']) . ",
chat_password = " . $db->qstr($_POST['chat_password']) . ",
Time_zone_name = " . $db->qstr($_POST['timezone']) . ",
voip = $voip, enabled = $enabled, chat_enable = $chat_enable
WHERE operator_id = $operator_id";
$rs = $db->Execute($sql);
if (!empty($rs))
{
//only update extension if we aren't on a case
$sql = "SELECT case_id
@@ -89,38 +114,28 @@ if (isset($_POST['submit']))
WHERE current_operator_id= $operator_id";
$db->Execute($sql);
if (!empty($_POST['extension_id']))
{
$sql = "UPDATE extension
SET current_operator_id = $operator_id
WHERE extension_id = " . intval($_POST['extension_id']);
$db->Execute($sql);
}
}
if (HTPASSWD_PATH !== false && !empty($_POST['password']))
{
//update password in htaccess
include_once(dirname(__FILE__).'/../functions/functions.htpasswd.php');
$htp = New Htpasswd(HTPASSWD_PATH);
$htp->deleteUser($_POST["existing_username"]);
$htp->deleteUser($_POST["username"]);
$htp->addUser($_POST["username"],$_POST["password"]);
$htg = New Htgroup(HTGROUP_PATH);
$htg->deleteUserFromGroup($_POST["existing_username"],HTGROUP_INTERVIEWER);
$htg->addUserToGroup($_POST["username"],HTGROUP_INTERVIEWER);
}
$msg = "<div class='alert alert-info'><h3>" . T_("Successfully updated user") . ": " . $_POST['username'] . "</h3></div>";
}
else
{
$msg = "<div class='alert alert-danger'><h3>" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "</h3></div>";
}
}
$_GET['edit'] = $operator_id;
$msg = "<div class='alert alert-info'><h3>" . T_("Successfully updated user") . ": " . $_POST['username'] . "</h3></div>";
}
else
{
$msg = "<div class='alert alert-danger'><h3>" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "</h3></div>";
}
}
else
{
$msg = "<div class='alert alert-danger'><h3>" . T_("Failed to update user") . ": " . $_POST['username'] . " " . T_("Please make sure the username is unique") . "</h3></div>";
}
$_GET['edit'] = $operator_id;
}
@@ -130,9 +145,10 @@ if (isset($_GET['edit']))
$operator_id = intval($_GET['edit']);
$sql = "SELECT *
FROM operator
WHERE operator_id = $operator_id";
$sql = "SELECT o.*,l.superadmin,l.email,l.parent_id
FROM operator as o, " . LIME_PREFIX ."users as l
WHERE o.operator_id = $operator_id
AND l.users_name = o.username";
$rs = $db->GetRow($sql);
@@ -200,7 +216,6 @@ function generate() {
<label for="username" class="col-sm-3 control-label"><?php echo T_("Username") . ": "; ?></label>
<div class="col-sm-3"><input type='text' name='username' class="form-control" value="<?php echo $rs['username'];?>"/></div>
</div>
<?php if (HTPASSWD_PATH !== false) { ?>
<div class="form-group">
<label for="password" class="col-sm-3 control-label"><?php echo T_("Password") . ": "; ?></label>
<div class="col-sm-3"><input type='text' name='password' class="form-control" placeholder="<?php echo T_("leave blank to keep existing password");?>"/></div>
@@ -209,7 +224,6 @@ function generate() {
<input type="number" name="number" value="25" min="8" max="50" style="width:5em;" class="form-control" />&ensp;<?php echo T_("characters");?>
</div>
</div>
<?php } ?>
<div class="form-group">
<label for="firstName" class="col-sm-3 control-label"><?php echo T_("First name") . ": "; ?></label>
<div class="col-sm-3"><input type='text' name='firstName' class="form-control" value="<?php echo $rs['firstName'];?>"/></div>
@@ -218,6 +232,10 @@ function generate() {
<label for="lastName" class="col-sm-3 control-label"><?php echo T_("Last name") . ": "; ?></label>
<div class="col-sm-3"><input type='text' name='lastName' class="form-control" value="<?php echo $rs['lastName'];?>"/></div>
</div>
<div class="form-group">
<label for="email" class="col-sm-3 control-label"><?php echo T_("Email") . ": "; ?></label>
<div class="col-sm-3"><input type='text' name='email' class="form-control" value="<?php echo $rs['email'];?>"/></div>
</div>
<div class="form-group">
<label for="timezone" class="col-sm-3 control-label"><?php echo T_("Timezone") . ": ";?></label>
<div class="col-sm-3"><?php display_chooser($tz,"timezone","timezone",false,false,false,true,array("value",$rs['Time_zone_name']),true,"form-inline"); ?></div>
@@ -245,6 +263,10 @@ function generate() {
<div class="form-group">
<label for="chat_password" class="col-sm-3 control-label"><?php echo T_("Jabber/XMPP chat password") . ": "; ?></label>
<div class="col-sm-3"><input type='text' name='chat_password' class="form-control" value="<?php echo $rs['chat_password'];?>"/></div>
</div>
<div class="form-group">
<label for="admin" class="col-sm-3 control-label"><?php echo T_("Is the operator a system administrator?");?></label>
<div class="col-sm-3"><input name="admin" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="primary" data-onstyle="danger" <?php if ($rs['superadmin'] || ($rs['parent_id'] == 0)) echo " checked=\"checked\" "; if ($rs['parent_id'] == 0) echo " disabled=\"disabled\" "; ?> value="1"/></div>
</div>
<div class="form-group">
<label for="chat_enable" class="col-sm-3 control-label"><?php echo T_("Uses chat") . "? ";?></label>

5
admin/operatorperformance.php
View File

@@ -38,6 +38,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/operatorquestionnaire.php
View File

@@ -39,6 +39,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

47
admin/operators.php
View File

@@ -39,6 +39,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/
@@ -52,6 +57,8 @@ $a = false;
if (isset($_POST['operator']) && isset($_POST['adduser']))
{
$operator = $db->qstr($_POST['operator'],get_magic_quotes_gpc());
$email= $db->qstr($_POST['email'],get_magic_quotes_gpc());
$password = $db->qstr($_POST['password'],get_magic_quotes_gpc());
$firstname = $db->qstr($_POST['firstname'],get_magic_quotes_gpc());
$lastname = $db->qstr($_POST['lastname'],get_magic_quotes_gpc());
$chat_user = $db->qstr($_POST['chat_user'],get_magic_quotes_gpc());
@@ -91,12 +98,14 @@ if (isset($_POST['operator']) && isset($_POST['adduser']))
}
$supervisor = 0;
$temporary = 0;
$admin = 0;
$refusal = 0;
$voip = 0;
$chat = 0;
if (isset($_POST['supervisor']) && $_POST['supervisor'] == "on") $supervisor = 1;
if (isset($_POST['refusal']) && $_POST['refusal'] == "on") $refusal = 1;
if (isset($_POST['temporary']) && $_POST['temporary'] == "on") $temporary = 1;
if (isset($_POST['admin']) && $_POST['admin'] == "on") $admin = 1;
if (isset($_POST['voip']) && $_POST['voip'] == "on") $voip = 1;
if (isset($_POST['chat_enable']) && $_POST['chat_enable'] == "on") $chat = 1;
@@ -108,7 +117,15 @@ if (isset($_POST['operator']) && isset($_POST['adduser']))
if ($db->Execute($sql))
{
$oid = $db->Insert_ID();
$oid = $db->Insert_ID();
include_once("../include/limesurvey/admin/classes/core/sha256.php");
//Insert into lime_users
$sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`)
VALUES ($operator, '" . SHA256::hashing($_POST['password']) . "',$firstname,1,$admin,$email,'auto')";
$db->Execute($sql);
if (FREEPBX_PATH !== false)
{
@@ -130,20 +147,6 @@ if (isset($_POST['operator']) && isset($_POST['adduser']))
$db->Execute($sql);
}
if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false)
{
//Get password and add it to the configured htpassword
include_once("../functions/functions.htpasswd.php");
$htp = New Htpasswd(HTPASSWD_PATH);
$htg = New Htgroup(HTGROUP_PATH);
$htp->addUser($_POST['operator'],$_POST['password']);
$htg->addUserToGroup($_POST['operator'],HTGROUP_INTERVIEWER);
if ($supervisor)
$htg->addUserGroup(HTGROUP_ADMIN);
}
$a = "<div class='alert alert-info'><h3>" . T_("Added operator :") . " " . $operator . "</h3>";
if (FREEPBX_PATH !== false)
@@ -183,7 +186,7 @@ if ($a) {
else {
echo "<div class='well'>";
//echo "<p>" . T_("Adding an operator here will give the user the ability to call cases") . "<a href='operatorquestionnaire.php'>" . T_("Assign Operator to Questionnaire") . "</a>" . T_("tool") . ".</p>";
echo "<p>" . T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here.") . "</p>";
//echo "<p>" . T_("Use this form to enter the username of a user based on your directory security system. For example, if you have secured the base directory of queXS using Apache file based security, enter the usernames of the users here.") . "</p>";
echo "<p>" . T_("The username and extension must be unique for each operator.") . "</p>";
echo "</div>";
}
@@ -242,16 +245,14 @@ function generate() {
<label class="col-sm-3 control-label"><?php echo T_("Username") . ": ";?></label>
<div class="col-sm-3"><input name="operator" type="text" class="form-control" required /></div>
</div>
<?php if (HTPASSWD_PATH !== false && HTGROUP_PATH !== false) { ?>
<div class="form-group">
<label class="col-sm-3 control-label"><?php echo T_("Password") . ": ";?></label>
<div class="col-sm-3"><input name="password" id="password" type="text" class="form-control" required pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" /></div>
<div class="col-sm-3"><input name="password" id="password" type="text" class="form-control" required /></div>
<div class="col-sm-6 form-inline">&emsp;
<input type="button" onclick="generate();" value="<?php echo T_("Generate");?>" class="btn btn-default fa" />&emsp;<?php echo T_("Password with");?>&ensp;
<input type="number" name="number" value="25" min="8" max="50" style="width:5em;" class="form-control" />&ensp;<?php echo T_("characters");?>
</div>
</div>
<?php } ?>
<div class="form-group">
<label class="col-sm-3 control-label"><?php echo T_("First name") . ": ";?></label>
<div class="col-sm-3"><input name="firstname" type="text" class="form-control" required/></div>
@@ -260,6 +261,10 @@ function generate() {
<label class="col-sm-3 control-label"><?php echo T_("Last name") . ": ";?></label>
<div class="col-sm-3"><input name="lastname" type="text" class="form-control"/></div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label"><?php echo T_("Email") . ": ";?></label>
<div class="col-sm-3"><input name="email" type="text" class="form-control"/></div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label"><?php echo T_("Timezone") . ": ";?></label>
<div class="col-sm-3"><?php display_chooser($rs,"Time_zone_name","Time_zone_name",false,false,false,true,array("value",get_setting("DEFAULT_TIME_ZONE")),true,"form-inline");?></div>
@@ -295,6 +300,10 @@ function generate() {
<label class="col-sm-3 control-label"><?php echo T_("Uses chat") . "? ";?></label>
<div class="col-sm-3"><input name="chat_enable" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" /></div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label"><?php echo T_("Is the operator a system administrator?");?></label>
<div class="col-sm-3"><input name="admin" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="primary" data-onstyle="danger"/></div>
</div>
<div class="form-group">
<label class="col-sm-3 control-label"><?php echo T_("Is the operator a normal interviewer?");?></label>
<div class="col-sm-3"><input name="temporary" type="checkbox" data-toggle="toggle" data-on="<?php echo T_("Yes"); ?>" data-off="<?php echo T_("No"); ?>" data-offstyle="danger" checked="checked"/></div>

5
admin/operatorskill.php
View File

@@ -39,6 +39,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/outcomes.php
View File

@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
*/
include_once(dirname(__FILE__).'/../db.inc.php');
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/process.php
View File

@@ -39,6 +39,11 @@ include (dirname(__FILE__) . "/../config.inc.php");
*/
include (dirname(__FILE__) . "/../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* Process
*/

5
admin/questionnairelist.php
View File

@@ -39,6 +39,11 @@ include("../config.inc.php");
*/
include("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/questionnaireprefill.php
View File

@@ -40,6 +40,11 @@ include("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/quota.php
View File

@@ -40,6 +40,11 @@ include("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/quotareport.php
View File

@@ -41,6 +41,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/quotarow.php
View File

@@ -41,6 +41,11 @@ include("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

8
admin/samplecallattempts.php
View File

@@ -1,4 +1,5 @@
<?php /**
<?php
/**
* Display sample call attempt report (A listing of how many attempts made for cases within a sample)
*
*
@@ -38,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/samplelist.php
View File

@@ -39,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
*/
include_once(dirname(__FILE__).'/../db.inc.php');
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/samplesearch.php
View File

@@ -41,6 +41,11 @@ include("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

8
admin/shiftreport.php
View File

@@ -1,4 +1,5 @@
<?php /**
<?php
/**
* List and edit reports on shifts
*
*
@@ -38,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/shifttemplate.php
View File

@@ -39,6 +39,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/supervisor.php
View File

@@ -13,6 +13,11 @@ include("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/supervisorchat.php
View File

@@ -40,6 +40,11 @@ include("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/systemsort.php
View File

@@ -39,6 +39,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* Process
*/

5
admin/systemsortprocess.php
View File

@@ -39,6 +39,11 @@ include (dirname(__FILE__) . "/../config.inc.php");
*/
include (dirname(__FILE__) . "/../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* Process
*/

5
admin/timezonetemplate.php
View File

@@ -40,6 +40,11 @@ include("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* XHTML functions
*/

5
admin/voipmonitor.php
View File

@@ -39,6 +39,11 @@ include ("../config.inc.php");
*/
include ("../db.inc.php");
/**
* Authentication file
*/
include ("auth-admin.php");
/**
* Process
*/

5
appointment.php
View File

@@ -39,6 +39,11 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

5
appointmentlist.php
View File

@@ -39,6 +39,11 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

59
auth-interviewer.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
/**
* Session based authentication using the Limesurvey database (interviewer)
*
*
* This file is part of queXS
*
* queXS is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* queXS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with queXS; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*
* @author Adam Zammit <adam.zammit@acspri.org.au>
* @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
* @package queXS
* @subpackage user
* @link http://www.acspri.org.au/ queXS was writen for ACSPRI
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
*
*/
/**
* Configuration file
*/
include_once("config.inc.php");
/**
* Database file
*/
include_once("db.inc.php");
//get session name from DB
//
$sql = "SELECT stg_value
FROM " . LIME_PREFIX . "settings_global
WHERE stg_name = 'SessionName'";
session_name($db->GetOne($sql));
session_start();
//check if the session exists or loginID not set
if (session_id() == "" || !isset($_SESSION['loginID']))
{
//need to log in
header('Location: include/limesurvey/admin/admin.php');
die();
}

5
availability.php
View File

@@ -39,6 +39,11 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
call.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

5
call_interface2.php
View File

@@ -39,6 +39,11 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

5
callhistory.php
View File

@@ -39,6 +39,11 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

5
calllist.php
View File

@@ -39,6 +39,11 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
casenote.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

59
client/auth-client.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
/**
* Session based authentication using the Limesurvey database (client)
*
*
* This file is part of queXS
*
* queXS is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* queXS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with queXS; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*
* @author Adam Zammit <adam.zammit@acspri.org.au>
* @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
* @package queXS
* @subpackage user
* @link http://www.acspri.org.au/ queXS was writen for ACSPRI
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
*
*/
/**
* Configuration file
*/
include_once(dirname(__FILE__)."/../config.inc.php");
/**
* Database file
*/
include_once(dirname(__FILE__)."/../db.inc.php");
//get session name from DB
//
$sql = "SELECT stg_value
FROM " . LIME_PREFIX . "settings_global
WHERE stg_name = 'SessionName'";
session_name($db->GetOne($sql));
session_start();
//check if the session exists or loginID not set
if (session_id() == "" || !isset($_SESSION['loginID']))
{
//need to log in
header('Location: ../include/limesurvey/admin/admin.php');
die();
}

6
client/index.php
View File

@@ -38,6 +38,12 @@ include_once(dirname(__FILE__).'/../config.inc.php');
*/
include_once(dirname(__FILE__).'/../db.inc.php');
/**
* Authentication
*/
include ("auth-client.php");
/**
* XHTML functions
*/

25
config.default.php
View File

@@ -168,31 +168,6 @@ if (!defined('PHP_EXEC')) define('PHP_EXEC', "php");
*/
if (!defined('ADODB_PATH')) define('ADODB_PATH',dirname(__FILE__).'/include/limesurvey/classes/adodb/');
/**
* Path to the HTPASSWD file read/writable by the web server user for htpasswd integration
*/
if (!defined('HTPASSWD_PATH')) define('HTPASSWD_PATH',false);
/**
* Path to the HTGROUP file read/writable by the web server user for htpasswd integration
*/
if (!defined('HTGROUP_PATH')) define('HTGROUP_PATH',false);
/**
* The name of the admin group for htaccess
*/
if (!defined('HTGROUP_ADMIN')) define('HTGROUP_ADMIN','admin');
/**
* The name of the interviewers group for htaccess
*/
if (!defined('HTGROUP_INTERVIEWER')) define('HTGROUP_INTERVIEWER','interviewers');
/**
* The name of the clients group for htaccess
*/
if (!defined('HTGROUP_CLIENT')) define('HTGROUP_CLIENT','clients');
/**
* Whether to automatically assign a call as complete if VoIP disabled at the end of a completed questionnaire
*/

6
contactdetails.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

40
css/signin.css Normal file
View File

@@ -0,0 +1,40 @@
body {
padding-top: 40px;
padding-bottom: 40px;
background-color: #eee;
}
.form-signin {
max-width: 330px;
padding: 15px;
margin: 0 auto;
}
.form-signin .form-signin-heading,
.form-signin .checkbox {
margin-bottom: 10px;
}
.form-signin .checkbox {
font-weight: normal;
}
.form-signin .form-control {
position: relative;
height: auto;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
padding: 10px;
font-size: 16px;
}
.form-signin .form-control:focus {
z-index: 2;
}
.form-signin input[type="user"] {
margin-bottom: -1px;
border-bottom-right-radius: 0;
border-bottom-left-radius: 0;
}
.form-signin input[type="password"] {
margin-bottom: 10px;
border-top-left-radius: 0;
border-top-right-radius: 0;
}

27
database/quexs.sql
View File

@@ -955,7 +955,7 @@ CREATE TABLE `lime_users` (
-- Dumping data for table `lime_users`
--
INSERT INTO `lime_users` (`uid`, `users_name`, `password`, `full_name`, `parent_id`, `lang`, `email`, `create_survey`, `create_user`, `participant_panel`, `delete_user`, `superadmin`, `configurator`, `manage_template`, `manage_label`, `htmleditormode`, `templateeditormode`, `questionselectormode`, `one_time_pw`, `dateformat`) VALUES(1, 'admin', 0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438, 'Your Name', 0, 'en', 'your-email@example.net', 1, 1, 0, 1, 1, 1, 1, 1, 'default', 'default', 'default', NULL, 1);
INSERT INTO `lime_users` (`uid`, `users_name`, `password`, `full_name`, `parent_id`, `lang`, `email`, `create_survey`, `create_user`, `participant_panel`, `delete_user`, `superadmin`, `configurator`, `manage_template`, `manage_label`, `htmleditormode`, `templateeditormode`, `questionselectormode`, `one_time_pw`, `dateformat`) VALUES(1, 'admin', 0x35653838343839386461323830343731353164306535366638646336323932373733363033643064366161626264643632613131656637323164313534326438, 'Your Name', 0, 'auto', 'your-email@example.net', 1, 1, 0, 1, 1, 1, 1, 1, 'default', 'default', 'default', NULL, 1);
-- --------------------------------------------------------
@@ -1007,6 +1007,9 @@ CREATE TABLE `operator` (
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
-- --------------------------------------------------------
INSERT INTO `operator` (`operator_id`, `username`, `firstName`, `lastName`, `Time_zone_name`, `enabled`, `voip`, `next_case_id`, `chat_enable`, `chat_user`, `chat_password`) VALUES
(1, 'admin', 'CATI', 'Admin', 'Australia/Victoria', 1, 0, NULL, 0, '', '');
--
-- Table structure for table `operator_questionnaire`
@@ -1032,6 +1035,10 @@ CREATE TABLE `operator_skill` (
-- --------------------------------------------------------
INSERT INTO `operator_skill` (`operator_id`, `outcome_type_id`) VALUES
(1, 1),
(1, 5);
--
-- Table structure for table `outcome`
--
@@ -1511,24 +1518,6 @@ INSERT INTO `sample_var_type` (`type`, `description`, `table`) VALUES(8, 'Email
-- --------------------------------------------------------
--
-- Table structure for table `sessions2`
--
CREATE TABLE `sessions2` (
`sesskey` varchar(64) COLLATE utf8_unicode_ci NOT NULL DEFAULT '',
`expiry` datetime NOT NULL,
`expireref` varchar(250) COLLATE utf8_unicode_ci DEFAULT '',
`created` datetime NOT NULL,
`modified` datetime NOT NULL,
`sessdata` longtext COLLATE utf8_unicode_ci,
PRIMARY KEY (`sesskey`),
KEY `sess2_expiry` (`expiry`),
KEY `sess2_expireref` (`expireref`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;
-- --------------------------------------------------------
--
-- Table structure for table `setting`
--

2
db.inc.php
View File

@@ -75,7 +75,7 @@ if (DEBUG == true) $db->debug = true;
$db->Execute("set names 'utf8'");
//store session in database (see sessions2 table)
ADOdb_Session::config(DB_TYPE, DB_HOST, DB_USER, DB_PASS, DB_NAME,$options=false);
ADOdb_Session::config(DB_TYPE, DB_HOST, DB_USER, DB_PASS, DB_NAME, array('table' => LIME_PREFIX . 'sessions'));
/**

149
display/index.php
View File

@@ -1,149 +0,0 @@
<?php
/**
* Display a "full screen" view of outcomes for display on a large
* communal screen - will change views periodically
*
*
* This file is part of queXS
*
* queXS is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* queXS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with queXS; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*
* @author Adam Zammit <adam.zammit@deakin.edu.au>
* @copyright Deakin University 2007,2008
* @package queXS
* @subpackage user
* @link http://www.deakin.edu.au/dcarf/ queXS was writen for DCARF - Deakin Computer Assisted Research Facility
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
*
*
*/
/**
* Configuration file
*/
include ("../config.inc.php");
/**
* Database file
*/
include('../db.inc.php');
/**
* XHTML functions
*/
include ("../functions/functions.xhtml.php");
/**
* Display functions
*/
include ("../functions/functions.performance.php");
/**
* Input functions
*/
include("../functions/functions.input.php");
$shift_id = 0;
$questionnaire_id = 0;
$display_type = 0;
if (isset($_GET['shift_id'])) $shift_id = bigintval($_GET['shift_id']);
if (isset($_GET['questionnaire_id'])) $questionnaire_id = bigintval($_GET['questionnaire_id']);
if (isset($_GET['display_type'])) $display_type= bigintval($_GET['display_type']);
if ($display_type >= 6)
{
$sql = "SELECT shift_id,questionnaire_id
FROM shift
WHERE start <= CONVERT_TZ(NOW(),'System','UTC')
AND end >= CONVERT_TZ(NOW(),'System','UTC')
AND shift_id > '$shift_id'
ORDER BY shift_id ASC
LIMIT 1";
$s = $db->GetRow($sql);
$display_type = 0;
$shift_id = 0;
$questionnaire_id = 0;
if (!empty($s))
{
$shift_id = $s['shift_id'];
$questionnaire_id = $s['questionnaire_id'];
}
}
if ($shift_id == 0)
{
$sql = "SELECT shift_id,questionnaire_id
FROM shift
WHERE start <= CONVERT_TZ(NOW(),'System','UTC')
AND end >= CONVERT_TZ(NOW(),'System','UTC')
ORDER BY shift_id ASC
LIMIT 1";
$s = $db->GetRow($sql);
$display_type = 0;
if (!empty($s))
{
$shift_id = $s['shift_id'];
$questionnaire_id = $s['questionnaire_id'];
}
}
$dt1 = $display_type + 1;
xhtml_head(T_("Display"),true,array("../include/bootstrap/css/bootstrap.min.css","../include/bootstrap/css/bootstrap-theme.min.css","../css/custom.css"),false,false,"6;url=?shift_id=$shift_id&amp;questionnaire_id=$questionnaire_id&amp;display_type=$dt1");
if ($shift_id == 0 || $questionnaire_id == 0)
display_none();
else
{
$sql = "SELECT description
FROM questionnaire
WHERE questionnaire_id = '$questionnaire_id'";
$n = $db->GetRow($sql);
print "<h1>{$n['description']}</h1>\n";
switch($display_type)
{
case 0:
display_total_completions($questionnaire_id);
break;
case 1:
display_completions_this_shift($questionnaire_id,$shift_id);
break;
case 2:
display_completions_same_time_last_shift($questionnaire_id,$shift_id);
break;
case 3:
display_completions_last_shift($questionnaire_id,$shift_id);
break;
case 4:
display_top_cph_this_shift($questionnaire_id,$shift_id);
break;
case 5:
display_top_cph($questionnaire_id);
break;
}
}
xhtml_foot();
?>

6
email.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

7
endwork.php
View File

@@ -36,6 +36,12 @@
*/
include_once("lang.inc.php");
/**
* Authentication
*/
include_once("auth-interviewer.php");
/**
* XHTML functions
@@ -73,6 +79,7 @@ if (ALLOW_OPERATOR_EXTENSION_SELECT && VOIP_ENABLED)
}
print "<p><a href='index.php'>" . T_("Go back to work") . "</a></p>";
print "<p><a href='include/limesurvey/admin/admin.php?action=logout'>" . T_("Logout") . "</a></p>";
xhtml_foot();

9
functions/functions.client.php
View File

@@ -41,7 +41,7 @@ include_once(dirname(__FILE__).'/../config.inc.php');
include_once(dirname(__FILE__).'/../db.inc.php');
/**
* Return the current client id based on PHP_AUTH_USER
* Return the current client id based on the SESSION loginID
*
* @return bool|int False if none otherwise the client id
*
@@ -50,9 +50,12 @@ function get_client_id()
{
global $db;
if (!isset($_SESSION['user']))
return false;
$sql = "SELECT client_id
FROM client
WHERE username = '{$_SERVER['PHP_AUTH_USER']}'";
WHERE username = '{$_SESSION['user']}'";
$o = $db->GetRow($sql);
@@ -87,4 +90,4 @@ function get_client_questionnaire($client_id)
}
?>
?>

10
functions/functions.operator.php
View File

@@ -960,24 +960,24 @@ function get_extension($operator_id)
/**
* Return the current operator id based on PHP_AUTH_USER
* Return the current operator id based on SESSION loginID
*
* @return bool|int False if none otherwise the operator id
*
*/
function get_operator_id()
{
if (!isset($_SERVER['PHP_AUTH_USER']))
if (!isset($_SESSION['user']))
{
print "<p>" . T_("ERROR: You do not have server side authentication enabled therefore queXS cannot determine which user is accessing the system.") . "</p>";
return false;
print "<p>" . T_("ERROR: You are not logged in.") . "</p>";
die();
}
global $db;
$sql = "SELECT operator_id
FROM operator
WHERE username = " . $db->qstr($_SERVER['PHP_AUTH_USER']) . "
WHERE username = " . $db->qstr($_SESSION['user']) . "
AND enabled = 1";
$o = $db->GetRow($sql);

32
include/limesurvey/admin/admin.php
View File

@@ -792,11 +792,35 @@ if(isset($_SESSION['loginID']))
else
{ //not logged in
sendcacheheaders();
if (!isset($_SESSION['metaHeader'])) {$_SESSION['metaHeader']='';}
$adminoutput = getAdminHeader($_SESSION['metaHeader']).$adminoutput.$loginsummary; // All future output is written into this and then outputted at the end of file
sendcacheheaders();
$adminoutput = <<<EOD
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags -->
<meta name="description" content="">
<meta name="author" content="">
<title>queXS Authentication</title>
<!-- Bootstrap core CSS -->
<link href="../../../include/bootstrap/css/bootstrap.min.css" rel="stylesheet">
<!-- Custom styles for this template -->
<link href="../../../css/signin.css" rel="stylesheet">
</head>
<body>
<div class="container">
EOD;
$adminoutput .= $loginsummary;
$adminoutput .= "</div></body></html>";
unset($_SESSION['metaHeader']);
$adminoutput.= "</div>\n".getAdminFooter("http://docs.limesurvey.org", $clang->gT("LimeSurvey online manual"));
}
if (($action=='showphpinfo') && ($_SESSION['USER_RIGHT_CONFIGURATOR'] == 1))
{

40
include/limesurvey/admin/login_check.php
View File

@@ -154,15 +154,13 @@ if(!isset($_SESSION['loginID']) && $action != "forgotpass" && ($action != "logou
{
$loginsummary = '
<form class="form44" name="forgotpassword" id="forgotpassword" method="post" action="'.$homeurl.'/admin.php" >
<p><strong>'.$clang->gT('You have to enter user name and email.').'</strong></p>
<ul>
<li><label for="user">'.$clang->gT('Username').'</label><input name="user" id="user" type="text" size="60" maxlength="60" value="" /></li>
<li><label for="email">'.$clang->gT('Email').'</label><input name="email" id="email" type="text" size="60" maxlength="60" value="" /></li>
<p><input type="hidden" name="action" value="forgotpass" />
<input class="action" type="submit" value="'.$clang->gT('Check Data').'" />
<p><a href="'.$scriptname.'">'.$clang->gT('Main Admin Screen').'</a>
<form class="form-signin" name="forgotpassword" id="forgotpassword" method="post" action="'.$homeurl.'/admin.php" >
<h2>'.$clang->gT('You have to enter user name and email.').'</h2>
<label for="user">'.$clang->gT('Username').'</label><input name="user" id="user" class="form-control" placeholder="User name" required autofocus type="text" size="60" maxlength="60" value="" />
<label for="email">'.$clang->gT('Email').'</label><input name="email" id="email" class="form-control" placeholder="Email" required type="text" size="60" maxlength="60" value="" />
<input type="hidden" name="action" value="forgotpass" />
<button class="action btn btn-lg btn-primary btn-block" type="submit">'.$clang->gT('Check Data').'</button>
<p><a href="'.$scriptname.'">'.$clang->gT('Main Admin Screen').'</a></p>
</form>
<p>&nbsp;</p>
';
@@ -211,21 +209,19 @@ if(!isset($_SESSION['loginID']) && $action != "forgotpass" && ($action != "logou
{
if (!isset($logoutsummary))
{
$loginsummary = "<form name='loginform' id='loginform' method='post' action='$homeurl/admin.php' ><p><strong>".$clang->gT("You have to login first.")."</strong><br /> <br />";
$loginsummary = "<form name='loginform' id='loginform' class='form-signin' method='post' action='$homeurl/admin.php' ><h2>".$clang->gT("You have to login first.")."</h2><p><br /> <br />";
}
else
{
$loginsummary = "<form name='loginform' id='loginform' method='post' action='$homeurl/admin.php' ><br /><strong>".$logoutsummary."</strong><br /> <br />";
$loginsummary = "<form name='loginform' id='loginform' class='form-signin' method='post' action='$homeurl/admin.php' ><br /><strong>".$logoutsummary."</strong><br /> <br />";
}
$loginsummary .= "
<ul>
<li><label for='user'>".$clang->gT("Username")."</label>
<input name='user' id='user' type='text' size='40' maxlength='40' value='' /></li>
<li><label for='password'>".$clang->gT("Password")."</label>
<input name='password' id='password' type='password' size='40' maxlength='40' /></li>
<li><label for='loginlang'>".$clang->gT("Language")."</label>
<select id='loginlang' name='loginlang' style='width:216px;'>\n";
$loginsummary .= "<label for='user'>".$clang->gT("Username")."</label>
<input class='form-control' placeholder='User name' required autofocus name='user' id='user' type='text' size='40' maxlength='40' value='' />
<label for='password'>".$clang->gT("Password")."</label>
<input name='password' id='password' class='form-control' placeholder='Password' required type='password' size='40' maxlength='40' />
<label for='loginlang'>".$clang->gT("Language")."</label>
<select id='loginlang' class='form-control' name='loginlang'>\n";
$loginsummary .='<option value="default" selected="selected">'.$clang->gT('Default').'</option>';
$lan=array();
foreach (getlanguagedata(true) as $langkey=>$languagekind)
@@ -238,12 +234,10 @@ if(!isset($_SESSION['loginID']) && $action != "forgotpass" && ($action != "logou
//The following conditional statements select the browser language in the language drop down box and echoes the other options.
$loginsummary .= "\t\t\t\t<option value='$langkey'>".$languagekind['nativedescription']." - ".$languagekind['description']."</option>\n";
}
$loginsummary .= "\t\t\t</select>\n"
. "</li>
</ul>
$loginsummary .= "\t\t\t</select>\n
<p><input type='hidden' name='action' value='login' />
<input type='hidden' name='refererargs' value='".$refererargs."' />
<input class='action' type='submit' value='".$clang->gT("Login")."' /><br />&nbsp;\n<br/>";
<button class='action btn btn-lg btn-primary btn-block' type='submit'>".$clang->gT("Login")."</button>";
}
else{
$loginsummary .= "<p>".sprintf($clang->gT("You have exceeded you maximum login attempts. Please wait %d minutes before trying again"),($timeOutTime/60))."<br /></p>";

2
include/limesurvey/admin/sessioncontrol.php
View File

@@ -31,7 +31,7 @@ else {session_name("LimeSurveyAdmin");}
if (session_id() == "")
{
session_set_cookie_params(0,$relativeurl.'/');
session_set_cookie_params(0,QUEXS_PATH);
if ($debug==0) {@session_start();}
else {session_start();}
}

13
include/limesurvey/admin/usercontrol.php
View File

@@ -236,6 +236,19 @@ if (!isset($_SESSION['loginID']))
}
$loginsummary .= "<br /><br />\n";
GetSessionUserRights($_SESSION['loginID']);
//go to queXS
$loc = "";
if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1)
$loc = "admin";
else
{
$utest = $connect->GetOne("SELECT username FROM client WHERE username = '" . $_SESSION['user'] . "'");
if (!empty($utest))
$loc = "client";
}
header('Location: ' . QUEXS_URL . $loc);
die();
}
else
{

38
include/limesurvey/config.php
View File

@@ -67,22 +67,26 @@ $debug = 0; // Set this to 1 if you are looking f
// LimeSurvey developers: Set this to 3 to circumvent the restriction to remove the installation directory and full access to standard templates
// or to change the password. If you set it to 3 then PHP STRICT warnings will be shown additionally.
$defaultlang = DEFAULT_LOCALE;
$defaultlang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
if (empty($defaultlang)) $defaultlang = DEFAULT_LOCALE;
$defaulttemplate = "quexs";
$useWebserverAuth = true;
$WebserverAuth_autocreateUser = true;
$WebserverAuth_autouserprofile = Array(
'full_name' => 'autouser',
'email' => $siteadminemail,
'htmledtirmode' => $defaulthtmleditormode,
'templatelist' => 'default,basic',
'create_survey' => 1,
'lang' => DEFAULT_LOCALE,
'create_user' => 1,
'delete_user' => 1,
'superadmin' => 1,
'configurator' => 1,
'manage_template' => 1,
'manage_label' => 1);
$siteadminemail = "quexs@acspri.org.au";
//$useWebserverAuth = true;
//$WebserverAuth_autocreateUser = true;
//$WebserverAuth_autouserprofile = Array(
// 'full_name' => 'autouser',
// 'email' => $siteadminemail,
// 'htmledtirmode' => $defaulthtmleditormode,
// 'templatelist' => 'default,basic',
// 'create_survey' => 1,
// 'lang' => DEFAULT_LOCALE,
// 'create_user' => 1,
// 'delete_user' => 1,
// 'superadmin' => 1,
// 'configurator' => 1,
// 'manage_template' => 1,
// 'manage_label' => 1);
//
$sessionhandler = 'db';

5
index.php
View File

@@ -35,6 +35,11 @@
*/
include ("config.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
index_interface2.php
View File

@@ -45,6 +45,12 @@ include ("functions/functions.xhtml.php");
*/
include("functions/functions.operator.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
$popupcall = false;

6
info.php
View File

@@ -49,6 +49,12 @@ include ("lang.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
$js = false;
if (AUTO_LOGOUT_MINUTES !== false)
$js = array("include/jquery/jquery-1.4.2.min.js","js/childnap.js");

5
nocallavailable.php
View File

@@ -39,6 +39,11 @@ include ("config.inc.php");
*/
include ("functions/functions.xhtml.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* Language functions
*/

6
nocaseavailable.php
View File

@@ -41,6 +41,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
performance.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
project_info.php
View File

@@ -49,6 +49,12 @@ include ("lang.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* Operator
*/

6
record.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("functions/functions.xhtml.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* Operator functions
*/

6
referral.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
respondent.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
rs_answeringmachine.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML
*/

6
rs_answeringmachine_interface2.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML
*/

6
rs_business.php
View File

@@ -34,6 +34,12 @@
*/
include ("config.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML
*/

6
rs_business_interface2.php
View File

@@ -34,6 +34,12 @@
*/
include ("config.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML
*/

6
rs_callback.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
rs_callback_interface2.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
rs_intro.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
rs_intro_interface2.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
rs_project_end.php
View File

@@ -40,6 +40,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
rs_project_end_interface2.php
View File

@@ -39,6 +39,12 @@ include_once ("config.inc.php");
*/
include_once ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
rs_project_intro.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
rs_project_intro_interface2.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
rs_quota_end.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
selectextension.php
View File

@@ -35,6 +35,12 @@
*/
include_once("config.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
shifts.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
status.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
status_interface2.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
supervisor.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

6
supervisorchat.php
View File

@@ -39,6 +39,12 @@ include ("config.inc.php");
*/
include ("db.inc.php");
/**
* Authentication
*/
include ("auth-interviewer.php");
/**
* XHTML functions
*/

59
voip/auth-interviewer.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
/**
* Session based authentication using the Limesurvey database (client)
*
*
* This file is part of queXS
*
* queXS is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* queXS is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with queXS; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*
* @author Adam Zammit <adam.zammit@acspri.org.au>
* @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
* @package queXS
* @subpackage user
* @link http://www.acspri.org.au/ queXS was writen for ACSPRI
* @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
*
*/
/**
* Configuration file
*/
include_once(dirname(__FILE__)."/../config.inc.php");
/**
* Database file
*/
include_once(dirname(__FILE__)."/../db.inc.php");
//get session name from DB
//
$sql = "SELECT stg_value
FROM " . LIME_PREFIX . "settings_global
WHERE stg_name = 'SessionName'";
session_name($db->GetOne($sql));
session_start();
//check if the session exists or loginID not set
if (session_id() == "" || !isset($_SESSION['loginID']))
{
//need to log in
header('Location: ../include/limesurvey/admin/admin.php');
die();
}

Some files were not shown because too many files have changed in this diff Show More