From ec8522e316d7105e9eaf7ce844bc9413c705ab35 Mon Sep 17 00:00:00 2001 From: Adam Zammit Date: Fri, 14 Aug 2015 16:15:20 +1000 Subject: [PATCH] Added authentication includes to all files --- admin/addshift.php | 5 + admin/assignsample.php | 5 + admin/assigntimeslots.php | 5 + admin/auth-admin.php | 67 +++++++++ admin/availability.php | 6 + admin/availabilitygroup.php | 5 + admin/bulkappointment.php | 5 + admin/callhistory.php | 5 + admin/callrestrict.php | 5 + admin/casesbyoutcome.php | 5 + admin/casestatus.php | 5 + admin/centreinfo.php | 5 + admin/clientquestionnaire.php | 5 + admin/clients.php | 5 + admin/dataoutput.php | 8 +- admin/displayappointments.php | 5 + admin/extensionstatus.php | 5 + admin/import.php | 5 + admin/index.php | 23 +-- admin/new.php | 7 +- admin/operatorlist.php | 5 + admin/operatorperformance.php | 5 + admin/operatorquestionnaire.php | 5 + admin/operators.php | 5 + admin/operatorskill.php | 5 + admin/outcomes.php | 5 + admin/process.php | 5 + admin/questionnairelist.php | 5 + admin/questionnaireprefill.php | 5 + admin/quota.php | 5 + admin/quotareport.php | 5 + admin/quotarow.php | 5 + admin/samplecallattempts.php | 8 +- admin/samplelist.php | 5 + admin/samplesearch.php | 5 + admin/shiftreport.php | 8 +- admin/shifttemplate.php | 5 + admin/supervisor.php | 5 + admin/supervisorchat.php | 5 + admin/systemsort.php | 5 + admin/systemsortprocess.php | 5 + admin/timezonetemplate.php | 5 + admin/voipmonitor.php | 5 + appointment.php | 5 + appointmentlist.php | 5 + auth-interviewer.php | 57 ++++++++ availability.php | 5 + call.php | 6 + call_interface2.php | 5 + callhistory.php | 5 + calllist.php | 5 + casenote.php | 6 + client/auth-client.php | 57 ++++++++ client/index.php | 6 + contactdetails.php | 6 + display/index.php | 149 -------------------- email.php | 6 + endwork.php | 7 + functions/functions.client.php | 9 +- functions/functions.operator.php | 10 +- include/limesurvey/admin/admin.php | 5 +- include/limesurvey/admin/sessioncontrol.php | 2 +- include/limesurvey/admin/usercontrol.php | 7 + index.php | 5 + index_interface2.php | 6 + info.php | 6 + nocallavailable.php | 5 + nocaseavailable.php | 6 + performance.php | 6 + project_info.php | 6 + record.php | 6 + referral.php | 6 + respondent.php | 6 + rs_answeringmachine.php | 6 + rs_answeringmachine_interface2.php | 6 + rs_business.php | 6 + rs_business_interface2.php | 6 + rs_callback.php | 6 + rs_callback_interface2.php | 6 + rs_intro.php | 6 + rs_intro_interface2.php | 6 + rs_project_end.php | 6 + rs_project_end_interface2.php | 6 + rs_project_intro.php | 6 + rs_project_intro_interface2.php | 6 + rs_quota_end.php | 6 + selectextension.php | 6 + shifts.php | 6 + status.php | 6 + status_interface2.php | 6 + supervisor.php | 6 + supervisorchat.php | 6 + voip/auth-interviewer.php | 57 ++++++++ voip/downloadvoipclient.php | 6 + waitnextcase_interface2.php | 6 + 95 files changed, 738 insertions(+), 173 deletions(-) create mode 100644 admin/auth-admin.php create mode 100644 auth-interviewer.php create mode 100644 client/auth-client.php delete mode 100644 display/index.php create mode 100644 voip/auth-interviewer.php diff --git a/admin/addshift.php b/admin/addshift.php index ffed2451..271e90fc 100644 --- a/admin/addshift.php +++ b/admin/addshift.php @@ -39,6 +39,11 @@ include ("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/assignsample.php b/admin/assignsample.php index fc3798fe..0e5f2349 100644 --- a/admin/assignsample.php +++ b/admin/assignsample.php @@ -40,6 +40,11 @@ include("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/assigntimeslots.php b/admin/assigntimeslots.php index 1e92ec99..ff191027 100644 --- a/admin/assigntimeslots.php +++ b/admin/assigntimeslots.php @@ -40,6 +40,11 @@ include("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/auth-admin.php b/admin/auth-admin.php new file mode 100644 index 00000000..e2857f81 --- /dev/null +++ b/admin/auth-admin.php @@ -0,0 +1,67 @@ + + * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013 + * @package queXS + * @subpackage user + * @link http://www.acspri.org.au/ queXS was writen for ACSPRI + * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2 + * + */ + +/** + * Configuration file + */ +include_once(dirname(__FILE__) . "/../config.inc.php"); + +/** + * Database file + */ +include_once(dirname(__FILE__) . "/../db.inc.php"); + + +//get session name from DB +// +$sql = "SELECT stg_value + FROM " . LIME_PREFIX . "settings_global + WHERE stg_name = 'SessionName'"; + +session_name($db->GetOne($sql)); + +//check if the session exists or loginID not set +if (session_id() == "" || !isset($_SESSION['loginID'])) +{ + //need to log in + header('Location: ../include/limesurvey/admin/admin.php'); + die(); +} + +if ($_SESSION['USER_RIGHT_SUPERADMIN'] != 1) +{ + include_once(dirname(__FILE__) . "/../lang.inc.php"); + include_once(dirname(__FILE__) . "/../functions/functions.xhtml.php"); + xhtml_head(); + print "

" . T_("You do not have permission to access this area") . "

"; + print "

" . T_("Logout") . "

"; + xhtml_foot(); +} diff --git a/admin/availability.php b/admin/availability.php index 892d438a..0808e9bf 100644 --- a/admin/availability.php +++ b/admin/availability.php @@ -39,6 +39,12 @@ include ("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + + /** * XHTML functions */ diff --git a/admin/availabilitygroup.php b/admin/availabilitygroup.php index 4b7db070..2029f348 100644 --- a/admin/availabilitygroup.php +++ b/admin/availabilitygroup.php @@ -40,6 +40,11 @@ include("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/bulkappointment.php b/admin/bulkappointment.php index 567bc8f6..e3afc406 100644 --- a/admin/bulkappointment.php +++ b/admin/bulkappointment.php @@ -44,6 +44,11 @@ include ("../functions/functions.xhtml.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * Operator functions */ diff --git a/admin/callhistory.php b/admin/callhistory.php index 49fce497..b7fe2bc7 100644 --- a/admin/callhistory.php +++ b/admin/callhistory.php @@ -39,6 +39,11 @@ include ("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/callrestrict.php b/admin/callrestrict.php index a078dbba..2d6c591c 100644 --- a/admin/callrestrict.php +++ b/admin/callrestrict.php @@ -39,6 +39,11 @@ include ("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/casesbyoutcome.php b/admin/casesbyoutcome.php index 61704e6d..cb3d5b48 100644 --- a/admin/casesbyoutcome.php +++ b/admin/casesbyoutcome.php @@ -39,6 +39,11 @@ include ("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/casestatus.php b/admin/casestatus.php index 25fbfb70..f44e201a 100644 --- a/admin/casestatus.php +++ b/admin/casestatus.php @@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php'); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/centreinfo.php b/admin/centreinfo.php index cd14a844..9bc2929b 100644 --- a/admin/centreinfo.php +++ b/admin/centreinfo.php @@ -40,6 +40,11 @@ include("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/clientquestionnaire.php b/admin/clientquestionnaire.php index 17385e3f..67ad774d 100644 --- a/admin/clientquestionnaire.php +++ b/admin/clientquestionnaire.php @@ -39,6 +39,11 @@ include ("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/clients.php b/admin/clients.php index c59cb1ef..8b23f23f 100644 --- a/admin/clients.php +++ b/admin/clients.php @@ -42,6 +42,11 @@ include ("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/dataoutput.php b/admin/dataoutput.php index 5874df97..1ad770b3 100644 --- a/admin/dataoutput.php +++ b/admin/dataoutput.php @@ -1,4 +1,5 @@ - - + diff --git a/admin/new.php b/admin/new.php index f9ae671f..940296d0 100644 --- a/admin/new.php +++ b/admin/new.php @@ -11,6 +11,11 @@ include ("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ @@ -378,4 +383,4 @@ else { ?> \ No newline at end of file +?> diff --git a/admin/operatorlist.php b/admin/operatorlist.php index f459f787..0a3d7b62 100644 --- a/admin/operatorlist.php +++ b/admin/operatorlist.php @@ -39,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php'); */ include_once(dirname(__FILE__).'/../db.inc.php'); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/operatorperformance.php b/admin/operatorperformance.php index 0b81c3a9..8b796a75 100644 --- a/admin/operatorperformance.php +++ b/admin/operatorperformance.php @@ -38,6 +38,11 @@ include_once(dirname(__FILE__).'/../config.inc.php'); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/operatorquestionnaire.php b/admin/operatorquestionnaire.php index b6c5cc93..adec1d2c 100644 --- a/admin/operatorquestionnaire.php +++ b/admin/operatorquestionnaire.php @@ -39,6 +39,11 @@ include ("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/operators.php b/admin/operators.php index 8860ab08..a94c661e 100644 --- a/admin/operators.php +++ b/admin/operators.php @@ -39,6 +39,11 @@ include ("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/operatorskill.php b/admin/operatorskill.php index d115c0ce..614ebb6b 100644 --- a/admin/operatorskill.php +++ b/admin/operatorskill.php @@ -34,6 +34,11 @@ */ include ("../config.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * Database file */ diff --git a/admin/outcomes.php b/admin/outcomes.php index 26aa5208..a187d901 100644 --- a/admin/outcomes.php +++ b/admin/outcomes.php @@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php'); */ include_once(dirname(__FILE__).'/../db.inc.php'); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/process.php b/admin/process.php index c6da8ad4..0ca6e49c 100644 --- a/admin/process.php +++ b/admin/process.php @@ -39,6 +39,11 @@ include (dirname(__FILE__) . "/../config.inc.php"); */ include (dirname(__FILE__) . "/../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * Process */ diff --git a/admin/questionnairelist.php b/admin/questionnairelist.php index 08db3ba8..8e689346 100644 --- a/admin/questionnairelist.php +++ b/admin/questionnairelist.php @@ -39,6 +39,11 @@ include("../config.inc.php"); */ include("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/questionnaireprefill.php b/admin/questionnaireprefill.php index 94dbff31..8afea37c 100644 --- a/admin/questionnaireprefill.php +++ b/admin/questionnaireprefill.php @@ -40,6 +40,11 @@ include("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/quota.php b/admin/quota.php index fce93b21..f12b6c16 100755 --- a/admin/quota.php +++ b/admin/quota.php @@ -40,6 +40,11 @@ include("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/quotareport.php b/admin/quotareport.php index a915574d..40666da2 100644 --- a/admin/quotareport.php +++ b/admin/quotareport.php @@ -41,6 +41,11 @@ include_once(dirname(__FILE__).'/../config.inc.php'); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/quotarow.php b/admin/quotarow.php index 129f3910..c5176f6c 100755 --- a/admin/quotarow.php +++ b/admin/quotarow.php @@ -41,6 +41,11 @@ include("../config.inc.php"); */ include ("../db.inc.php"); +/** + * Authentication file + */ +include ("auth-admin.php"); + /** * XHTML functions */ diff --git a/admin/samplecallattempts.php b/admin/samplecallattempts.php index 3de6161f..c6d42669 100644 --- a/admin/samplecallattempts.php +++ b/admin/samplecallattempts.php @@ -1,4 +1,5 @@ - + * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013 + * @package queXS + * @subpackage user + * @link http://www.acspri.org.au/ queXS was writen for ACSPRI + * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2 + * + */ + +/** + * Configuration file + */ +include_once("config.inc.php"); + +/** + * Database file + */ +include_once("db.inc.php"); + + +//get session name from DB +// +$sql = "SELECT stg_value + FROM " . LIME_PREFIX . "settings_global + WHERE stg_name = 'SessionName'"; + +session_name($db->GetOne($sql)); + +//check if the session exists or loginID not set +if (session_id() == "" || !isset($_SESSION['loginID'])) +{ + //need to log in + header('Location: include/limesurvey/admin/admin.php'); + die(); +} diff --git a/availability.php b/availability.php index fd9adb02..6d873cc5 100644 --- a/availability.php +++ b/availability.php @@ -39,6 +39,11 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + /** * XHTML functions */ diff --git a/call.php b/call.php index 3ff2b79f..977b96f6 100644 --- a/call.php +++ b/call.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/call_interface2.php b/call_interface2.php index 65567369..6c8844f1 100644 --- a/call_interface2.php +++ b/call_interface2.php @@ -39,6 +39,11 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + /** * XHTML functions */ diff --git a/callhistory.php b/callhistory.php index 4adf9546..3a44f7a3 100644 --- a/callhistory.php +++ b/callhistory.php @@ -39,6 +39,11 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + /** * XHTML functions */ diff --git a/calllist.php b/calllist.php index 45c60c31..cf00994c 100644 --- a/calllist.php +++ b/calllist.php @@ -39,6 +39,11 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + /** * XHTML functions */ diff --git a/casenote.php b/casenote.php index 1bb68fd9..777eecff 100644 --- a/casenote.php +++ b/casenote.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/client/auth-client.php b/client/auth-client.php new file mode 100644 index 00000000..4a2570a5 --- /dev/null +++ b/client/auth-client.php @@ -0,0 +1,57 @@ + + * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013 + * @package queXS + * @subpackage user + * @link http://www.acspri.org.au/ queXS was writen for ACSPRI + * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2 + * + */ + +/** + * Configuration file + */ +include_once(dirname(__FILE__)."/../config.inc.php"); + +/** + * Database file + */ +include_once(dirname(__FILE__)."/../db.inc.php"); + + +//get session name from DB +// +$sql = "SELECT stg_value + FROM " . LIME_PREFIX . "settings_global + WHERE stg_name = 'SessionName'"; + +session_name($db->GetOne($sql)); + +//check if the session exists or loginID not set +if (session_id() == "" || !isset($_SESSION['loginID'])) +{ + //need to log in + header('Location: ../include/limesurvey/admin/admin.php'); + die(); +} diff --git a/client/index.php b/client/index.php index ce8d4ccb..c3b0728c 100644 --- a/client/index.php +++ b/client/index.php @@ -38,6 +38,12 @@ include_once(dirname(__FILE__).'/../config.inc.php'); */ include_once(dirname(__FILE__).'/../db.inc.php'); +/** + * Authentication + */ +include ("auth-client.php"); + + /** * XHTML functions */ diff --git a/contactdetails.php b/contactdetails.php index f5254bd8..8c93ad60 100644 --- a/contactdetails.php +++ b/contactdetails.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/display/index.php b/display/index.php deleted file mode 100644 index e503bc27..00000000 --- a/display/index.php +++ /dev/null @@ -1,149 +0,0 @@ - - * @copyright Deakin University 2007,2008 - * @package queXS - * @subpackage user - * @link http://www.deakin.edu.au/dcarf/ queXS was writen for DCARF - Deakin Computer Assisted Research Facility - * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2 - * - * - */ - -/** - * Configuration file - */ -include ("../config.inc.php"); - -/** - * Database file - */ -include('../db.inc.php'); - -/** - * XHTML functions - */ -include ("../functions/functions.xhtml.php"); - -/** - * Display functions - */ -include ("../functions/functions.performance.php"); - -/** - * Input functions - */ -include("../functions/functions.input.php"); - -$shift_id = 0; -$questionnaire_id = 0; -$display_type = 0; - -if (isset($_GET['shift_id'])) $shift_id = bigintval($_GET['shift_id']); -if (isset($_GET['questionnaire_id'])) $questionnaire_id = bigintval($_GET['questionnaire_id']); -if (isset($_GET['display_type'])) $display_type= bigintval($_GET['display_type']); - - -if ($display_type >= 6) -{ - $sql = "SELECT shift_id,questionnaire_id - FROM shift - WHERE start <= CONVERT_TZ(NOW(),'System','UTC') - AND end >= CONVERT_TZ(NOW(),'System','UTC') - AND shift_id > '$shift_id' - ORDER BY shift_id ASC - LIMIT 1"; - $s = $db->GetRow($sql); - - $display_type = 0; - $shift_id = 0; - $questionnaire_id = 0; - - if (!empty($s)) - { - $shift_id = $s['shift_id']; - $questionnaire_id = $s['questionnaire_id']; - } -} - -if ($shift_id == 0) -{ - $sql = "SELECT shift_id,questionnaire_id - FROM shift - WHERE start <= CONVERT_TZ(NOW(),'System','UTC') - AND end >= CONVERT_TZ(NOW(),'System','UTC') - ORDER BY shift_id ASC - LIMIT 1"; - - $s = $db->GetRow($sql); - - $display_type = 0; - - if (!empty($s)) - { - $shift_id = $s['shift_id']; - $questionnaire_id = $s['questionnaire_id']; - } -} - -$dt1 = $display_type + 1; -xhtml_head(T_("Display"),true,array("../css/display.css"),false,false,"6;url=?shift_id=$shift_id&questionnaire_id=$questionnaire_id&display_type=$dt1"); - -if ($shift_id == 0 || $questionnaire_id == 0) - display_none(); -else -{ - $sql = "SELECT description - FROM questionnaire - WHERE questionnaire_id = '$questionnaire_id'"; - $n = $db->GetRow($sql); - - print "

{$n['description']}

\n"; - - switch($display_type) - { - case 0: - display_total_completions($questionnaire_id); - break; - case 1: - display_completions_this_shift($questionnaire_id,$shift_id); - break; - case 2: - display_completions_same_time_last_shift($questionnaire_id,$shift_id); - break; - case 3: - display_completions_last_shift($questionnaire_id,$shift_id); - break; - case 4: - display_top_cph_this_shift($questionnaire_id,$shift_id); - break; - case 5: - display_top_cph($questionnaire_id); - break; - } -} - -xhtml_foot(); - -?> diff --git a/email.php b/email.php index a5e9f823..9e8d1d4a 100644 --- a/email.php +++ b/email.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/endwork.php b/endwork.php index c3e16290..56ec1092 100644 --- a/endwork.php +++ b/endwork.php @@ -36,6 +36,12 @@ */ include_once("lang.inc.php"); +/** + * Authentication + */ +include_once("auth-interviewer.php"); + + /** * XHTML functions @@ -73,6 +79,7 @@ if (ALLOW_OPERATOR_EXTENSION_SELECT && VOIP_ENABLED) } print "

" . T_("Go back to work") . "

"; +print "

" . T_("Logout") . "

"; xhtml_foot(); diff --git a/functions/functions.client.php b/functions/functions.client.php index 0815f873..99dc1fea 100644 --- a/functions/functions.client.php +++ b/functions/functions.client.php @@ -41,7 +41,7 @@ include_once(dirname(__FILE__).'/../config.inc.php'); include_once(dirname(__FILE__).'/../db.inc.php'); /** - * Return the current client id based on PHP_AUTH_USER + * Return the current client id based on the SESSION loginID * * @return bool|int False if none otherwise the client id * @@ -50,9 +50,12 @@ function get_client_id() { global $db; + if (!isset($_SESSION['loginID'])) + return false; + $sql = "SELECT client_id FROM client - WHERE username = '{$_SERVER['PHP_AUTH_USER']}'"; + WHERE username = '{$_SESSION['loginID']}'"; $o = $db->GetRow($sql); @@ -87,4 +90,4 @@ function get_client_questionnaire($client_id) } -?> \ No newline at end of file +?> diff --git a/functions/functions.operator.php b/functions/functions.operator.php index 50fbea9d..a426f8d7 100644 --- a/functions/functions.operator.php +++ b/functions/functions.operator.php @@ -893,24 +893,24 @@ function get_extension($operator_id) /** - * Return the current operator id based on PHP_AUTH_USER + * Return the current operator id based on SESSION loginID * * @return bool|int False if none otherwise the operator id * */ function get_operator_id() { - if (!isset($_SERVER['PHP_AUTH_USER'])) + if (!isset($_SESSION['loginID'])) { - print "

" . T_("ERROR: You do not have server side authentication enabled therefore queXS cannot determine which user is accessing the system.") . "

"; - return false; + print "

" . T_("ERROR: You are not logged in.") . "

"; + die(); } global $db; $sql = "SELECT operator_id FROM operator - WHERE username = " . $db->qstr($_SERVER['PHP_AUTH_USER']) . " + WHERE username = " . $db->qstr($_SESSION['loginID']) . " AND enabled = 1"; $o = $db->GetRow($sql); diff --git a/include/limesurvey/admin/admin.php b/include/limesurvey/admin/admin.php index 49e55b04..7100d16f 100644 --- a/include/limesurvey/admin/admin.php +++ b/include/limesurvey/admin/admin.php @@ -794,9 +794,10 @@ else sendcacheheaders(); if (!isset($_SESSION['metaHeader'])) {$_SESSION['metaHeader']='';} - $adminoutput = getAdminHeader($_SESSION['metaHeader']).$adminoutput.$loginsummary; // All future output is written into this and then outputted at the end of file + //$adminoutput = getAdminHeader($_SESSION['metaHeader']).$adminoutput.$loginsummary; // All future output is written into this and then outputted at the end of file + $adminoutput =$loginsummary; unset($_SESSION['metaHeader']); - $adminoutput.= "\n".getAdminFooter("http://docs.limesurvey.org", $clang->gT("LimeSurvey online manual")); + $adminoutput.= "\n";//.getAdminFooter("http://docs.limesurvey.org", $clang->gT("LimeSurvey online manual")); } if (($action=='showphpinfo') && ($_SESSION['USER_RIGHT_CONFIGURATOR'] == 1)) { diff --git a/include/limesurvey/admin/sessioncontrol.php b/include/limesurvey/admin/sessioncontrol.php index f7d6f2b6..8c78d60b 100644 --- a/include/limesurvey/admin/sessioncontrol.php +++ b/include/limesurvey/admin/sessioncontrol.php @@ -31,7 +31,7 @@ else {session_name("LimeSurveyAdmin");} if (session_id() == "") { - session_set_cookie_params(0,$relativeurl.'/'); + session_set_cookie_params(0,QUEXS_PATH); if ($debug==0) {@session_start();} else {session_start();} } diff --git a/include/limesurvey/admin/usercontrol.php b/include/limesurvey/admin/usercontrol.php index 9c9c7f32..d36a9615 100644 --- a/include/limesurvey/admin/usercontrol.php +++ b/include/limesurvey/admin/usercontrol.php @@ -236,6 +236,13 @@ if (!isset($_SESSION['loginID'])) } $loginsummary .= "

\n"; GetSessionUserRights($_SESSION['loginID']); + + //go to queXS + $loc = ""; + if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) + $loc = "/admin"; + header('Location: ' . QUEXS_URL . $loc); + die(); } else { diff --git a/index.php b/index.php index 738bae87..5000ddc4 100644 --- a/index.php +++ b/index.php @@ -35,6 +35,11 @@ */ include ("config.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + /** * XHTML functions */ diff --git a/index_interface2.php b/index_interface2.php index c1706c12..1baa7e8e 100644 --- a/index_interface2.php +++ b/index_interface2.php @@ -45,6 +45,12 @@ include ("functions/functions.xhtml.php"); */ include("functions/functions.operator.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + $popupcall = false; diff --git a/info.php b/info.php index 68bfddde..040d1cb3 100644 --- a/info.php +++ b/info.php @@ -49,6 +49,12 @@ include ("lang.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + $js = false; if (AUTO_LOGOUT_MINUTES !== false) $js = array("include/jquery/jquery-1.4.2.min.js","js/childnap.js"); diff --git a/nocallavailable.php b/nocallavailable.php index ae2b2ffc..5e9acc13 100644 --- a/nocallavailable.php +++ b/nocallavailable.php @@ -39,6 +39,11 @@ include ("config.inc.php"); */ include ("functions/functions.xhtml.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + /** * Language functions */ diff --git a/nocaseavailable.php b/nocaseavailable.php index faa9072f..e56a972c 100644 --- a/nocaseavailable.php +++ b/nocaseavailable.php @@ -41,6 +41,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/performance.php b/performance.php index b3ac4af1..f10cfe09 100644 --- a/performance.php +++ b/performance.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/project_info.php b/project_info.php index ff14ecb0..e736183c 100644 --- a/project_info.php +++ b/project_info.php @@ -49,6 +49,12 @@ include ("lang.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * Operator */ diff --git a/record.php b/record.php index cccfcfd6..09fb4de4 100644 --- a/record.php +++ b/record.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("functions/functions.xhtml.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * Operator functions */ diff --git a/referral.php b/referral.php index 97964d6b..69f28389 100644 --- a/referral.php +++ b/referral.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/respondent.php b/respondent.php index f8b8db6b..d6789dde 100644 --- a/respondent.php +++ b/respondent.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/rs_answeringmachine.php b/rs_answeringmachine.php index 77e93164..121856a2 100644 --- a/rs_answeringmachine.php +++ b/rs_answeringmachine.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML */ diff --git a/rs_answeringmachine_interface2.php b/rs_answeringmachine_interface2.php index a30d9ff3..378fbe41 100644 --- a/rs_answeringmachine_interface2.php +++ b/rs_answeringmachine_interface2.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML */ diff --git a/rs_business.php b/rs_business.php index f8e5bcda..eda0cf00 100644 --- a/rs_business.php +++ b/rs_business.php @@ -34,6 +34,12 @@ */ include ("config.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML */ diff --git a/rs_business_interface2.php b/rs_business_interface2.php index eaa309bb..5c2fb5c4 100644 --- a/rs_business_interface2.php +++ b/rs_business_interface2.php @@ -34,6 +34,12 @@ */ include ("config.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML */ diff --git a/rs_callback.php b/rs_callback.php index aa54b1cc..5bec0ada 100644 --- a/rs_callback.php +++ b/rs_callback.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/rs_callback_interface2.php b/rs_callback_interface2.php index c582af9d..670355a8 100644 --- a/rs_callback_interface2.php +++ b/rs_callback_interface2.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/rs_intro.php b/rs_intro.php index dc0a6f8e..1f545d7a 100644 --- a/rs_intro.php +++ b/rs_intro.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/rs_intro_interface2.php b/rs_intro_interface2.php index 5b0140c7..acd4c690 100644 --- a/rs_intro_interface2.php +++ b/rs_intro_interface2.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/rs_project_end.php b/rs_project_end.php index 5bf150fd..53ad88a6 100644 --- a/rs_project_end.php +++ b/rs_project_end.php @@ -40,6 +40,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/rs_project_end_interface2.php b/rs_project_end_interface2.php index e2e10c72..a520293e 100644 --- a/rs_project_end_interface2.php +++ b/rs_project_end_interface2.php @@ -39,6 +39,12 @@ include_once ("config.inc.php"); */ include_once ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/rs_project_intro.php b/rs_project_intro.php index 92600f28..5c6dabf2 100644 --- a/rs_project_intro.php +++ b/rs_project_intro.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/rs_project_intro_interface2.php b/rs_project_intro_interface2.php index 2f21a3a3..568e014e 100644 --- a/rs_project_intro_interface2.php +++ b/rs_project_intro_interface2.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/rs_quota_end.php b/rs_quota_end.php index daf4afcf..e65bfc0b 100644 --- a/rs_quota_end.php +++ b/rs_quota_end.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/selectextension.php b/selectextension.php index 42487bbb..246f284f 100644 --- a/selectextension.php +++ b/selectextension.php @@ -35,6 +35,12 @@ */ include_once("config.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/shifts.php b/shifts.php index 0bc76406..48235aee 100644 --- a/shifts.php +++ b/shifts.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/status.php b/status.php index 1f0d4f74..2573463a 100644 --- a/status.php +++ b/status.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/status_interface2.php b/status_interface2.php index a8fdf644..c5ba8858 100644 --- a/status_interface2.php +++ b/status_interface2.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/supervisor.php b/supervisor.php index a26d578b..8bbc9e94 100644 --- a/supervisor.php +++ b/supervisor.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/supervisorchat.php b/supervisorchat.php index 57467d03..03b51e8f 100644 --- a/supervisorchat.php +++ b/supervisorchat.php @@ -39,6 +39,12 @@ include ("config.inc.php"); */ include ("db.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */ diff --git a/voip/auth-interviewer.php b/voip/auth-interviewer.php new file mode 100644 index 00000000..4a2570a5 --- /dev/null +++ b/voip/auth-interviewer.php @@ -0,0 +1,57 @@ + + * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013 + * @package queXS + * @subpackage user + * @link http://www.acspri.org.au/ queXS was writen for ACSPRI + * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2 + * + */ + +/** + * Configuration file + */ +include_once(dirname(__FILE__)."/../config.inc.php"); + +/** + * Database file + */ +include_once(dirname(__FILE__)."/../db.inc.php"); + + +//get session name from DB +// +$sql = "SELECT stg_value + FROM " . LIME_PREFIX . "settings_global + WHERE stg_name = 'SessionName'"; + +session_name($db->GetOne($sql)); + +//check if the session exists or loginID not set +if (session_id() == "" || !isset($_SESSION['loginID'])) +{ + //need to log in + header('Location: ../include/limesurvey/admin/admin.php'); + die(); +} diff --git a/voip/downloadvoipclient.php b/voip/downloadvoipclient.php index fb09f7e0..ebb7a342 100644 --- a/voip/downloadvoipclient.php +++ b/voip/downloadvoipclient.php @@ -32,6 +32,12 @@ include_once("../config.inc.php"); include_once("../db.inc.php"); + +/** + * Authentication + */ +include ("../auth-interviewer.php"); + include_once("../functions/functions.operator.php"); //--------------------- diff --git a/waitnextcase_interface2.php b/waitnextcase_interface2.php index 4545022c..88847278 100644 --- a/waitnextcase_interface2.php +++ b/waitnextcase_interface2.php @@ -35,6 +35,12 @@ */ include_once("lang.inc.php"); +/** + * Authentication + */ +include ("auth-interviewer.php"); + + /** * XHTML functions */