Added authentication includes to all files

2024-04-02 12:12:16 +00:00 · 2015-08-14 16:15:20 +10:00
parent cfba7e27f4
commit ec8522e316
95 changed files with 738 additions and 173 deletions
--- a/admin/addshift.php
+++ b/admin/addshift.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/** 
+ * Authentication
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/assignsample.php
+++ b/admin/assignsample.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");

+/** 
+ * Authentication
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/assigntimeslots.php
+++ b/admin/assigntimeslots.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");

+/** 
+ * Authentication
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/auth-admin.php
+++ b/admin/auth-admin.php
@@ -0,0 +1,67 @@
+<?php
+/**
+ * Session based authentication using the Limesurvey database (administrator)
+ *
+ *
+ *	This file is part of queXS
+ *	
+ *	queXS is free software; you can redistribute it and/or modify
+ *	it under the terms of the GNU General Public License as published by
+ *	the Free Software Foundation; either version 2 of the License, or
+ *	(at your option) any later version.
+ *	
+ *	queXS is distributed in the hope that it will be useful,
+ *	but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *	GNU General Public License for more details.
+ *	
+ *	You should have received a copy of the GNU General Public License
+ *	along with queXS; if not, write to the Free Software
+ *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ *
+ *
+ * @author Adam Zammit <adam.zammit@acspri.org.au>
+ * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
+ * @package queXS
+ * @subpackage user
+ * @link http://www.acspri.org.au/ queXS was writen for ACSPRI
+ * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
+ * 
+ */
+
+/**
+ * Configuration file
+ */
+include_once(dirname(__FILE__) . "/../config.inc.php");
+
+/**
+ * Database file
+ */
+include_once(dirname(__FILE__) . "/../db.inc.php");
+
+
+//get session name from DB
+//
+$sql = "SELECT stg_value
+        FROM " . LIME_PREFIX . "settings_global
+        WHERE stg_name = 'SessionName'";
+
+session_name($db->GetOne($sql));
+
+//check if the session exists or loginID not set
+if (session_id() == "" || !isset($_SESSION['loginID']))
+{
+  //need to log in
+  header('Location: ../include/limesurvey/admin/admin.php');
+  die();
+}
+
+if ($_SESSION['USER_RIGHT_SUPERADMIN'] != 1)
+{
+  include_once(dirname(__FILE__) . "/../lang.inc.php");
+  include_once(dirname(__FILE__) . "/../functions/functions.xhtml.php");
+  xhtml_head();
+  print "<p>" . T_("You do not have permission to access this area") . "</p>";
+  print "<p><a href='../include/limesurvey/admin/admin.php?action=logout'>" . T_("Logout") . "</a></p>";
+  xhtml_foot();
+}
--- a/admin/availability.php
+++ b/admin/availability.php
@@ -39,6 +39,12 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
+
 /**
 * XHTML functions
 */
--- a/admin/availabilitygroup.php
+++ b/admin/availabilitygroup.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/bulkappointment.php
+++ b/admin/bulkappointment.php
@@ -44,6 +44,11 @@ include ("../functions/functions.xhtml.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * Operator functions
 */
--- a/admin/callhistory.php
+++ b/admin/callhistory.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/callrestrict.php
+++ b/admin/callrestrict.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/casesbyoutcome.php
+++ b/admin/casesbyoutcome.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/casestatus.php
+++ b/admin/casestatus.php
@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/centreinfo.php
+++ b/admin/centreinfo.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/clientquestionnaire.php
+++ b/admin/clientquestionnaire.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/clients.php
+++ b/admin/clients.php
@@ -42,6 +42,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/dataoutput.php
+++ b/admin/dataoutput.php
@@ -1,4 +1,5 @@
-<?php /**
+<?php 
+/**
 * Output data as a fixed width ASCII file
 *
 *
@@ -43,6 +44,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/displayappointments.php
+++ b/admin/displayappointments.php
@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/extensionstatus.php
+++ b/admin/extensionstatus.php
@@ -38,6 +38,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/import.php
+++ b/admin/import.php
@@ -8,6 +8,11 @@
 */
 include ("../config.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/index.php
+++ b/admin/index.php
@@ -1,6 +1,5 @@
 <?php
- /*
-
+ /**
 * Display an index of Admin tools
 *
 *
@@ -37,9 +36,15 @@ include ("../lang.inc.php");
 /**
 * Config file
 */
- include ("../config.inc.php");
+include ("../config.inc.php");
+ 
+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 include ("../functions/functions.xhtml.php");
- $username = $_SERVER['PHP_AUTH_USER'];
+ $username = $_SESSION['loginID'];
 $g = 0;
 if (isset($_GET['g'])) 
   $g = intval($_GET['g']);
@@ -75,11 +80,11 @@ include ("../lang.inc.php");
              <i class="fa fa-user fa fa-fw "></i><?php print T_("Logged as:") . "&ensp;" . $username ;?>           
            </a>
 			<!--- User menu // not connected to pages so not working yet //  could be hidden -->
-<!---       <ul class="dropdown-menu" role="menu">
-              <li><a href="?page=settings.php"><i class="fa fa-cogs fa-fw "></i>&ensp;<?php print T_("Settings"); ?></a></li>
-			  <li><a href="../screenloc.php"><i class="fa fa-lock fa-fw "></i>&ensp;<?php print T_("Lock Screen"); ?></a></li>
-              <li><a href="../logout.php"><i class="fa fa-sign-out fa-fw "></i>&ensp;<?php print T_("Logout"); ?> </a></li>
-            </ul> -->
+       <ul class="dropdown-menu" role="menu">
+              <li><a href="../include/limesurvey/admin/admin.php?action=editusers"><i class="fa fa-cogs fa-fw "></i>&ensp;<?php print T_("Settings"); ?></a></li>
+<!---			  <li><a href="../screenloc.php"><i class="fa fa-lock fa-fw "></i>&ensp;<?php print T_("Lock Screen"); ?></a></li> -->
+              <li><a href="../include/limesurvey/admin/admin.php?action=logout"><i class="fa fa-sign-out fa-fw "></i>&ensp;<?php print T_("Logout"); ?> </a></li>
+            </ul> 
          </li>
        </ul>
 	  
--- a/admin/new.php
+++ b/admin/new.php
@@ -11,6 +11,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
@@ -378,4 +383,4 @@ else { ?>

 <?php 
 xhtml_foot($js_foot);//
-?>
+?>
--- a/admin/operatorlist.php
+++ b/admin/operatorlist.php
@@ -39,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include_once(dirname(__FILE__).'/../db.inc.php');

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/operatorperformance.php
+++ b/admin/operatorperformance.php
@@ -38,6 +38,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/operatorquestionnaire.php
+++ b/admin/operatorquestionnaire.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/operators.php
+++ b/admin/operators.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/operatorskill.php
+++ b/admin/operatorskill.php
@@ -34,6 +34,11 @@
 */
 include ("../config.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * Database file
 */
--- a/admin/outcomes.php
+++ b/admin/outcomes.php
@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include_once(dirname(__FILE__).'/../db.inc.php');

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/process.php
+++ b/admin/process.php
@@ -39,6 +39,11 @@ include (dirname(__FILE__) . "/../config.inc.php");
 */
 include (dirname(__FILE__) . "/../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * Process
 */
--- a/admin/questionnairelist.php
+++ b/admin/questionnairelist.php
@@ -39,6 +39,11 @@ include("../config.inc.php");
 */
 include("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/questionnaireprefill.php
+++ b/admin/questionnaireprefill.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/quota.php
+++ b/admin/quota.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/quotareport.php
+++ b/admin/quotareport.php
@@ -41,6 +41,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/quotarow.php
+++ b/admin/quotarow.php
@@ -41,6 +41,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/samplecallattempts.php
+++ b/admin/samplecallattempts.php
@@ -1,4 +1,5 @@
-<?php /**
+<?php 
+/**
 * Display sample call attempt report (A listing of how many attempts made for cases within a sample)
 *
 *
@@ -38,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/samplelist.php
+++ b/admin/samplelist.php
@@ -39,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include_once(dirname(__FILE__).'/../db.inc.php');

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/samplesearch.php
+++ b/admin/samplesearch.php
@@ -41,6 +41,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/shiftreport.php
+++ b/admin/shiftreport.php
@@ -1,4 +1,5 @@
-<?php /**
+<?php 
+/**
 * List and edit reports on shifts
 *
 *
@@ -38,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/shifttemplate.php
+++ b/admin/shifttemplate.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/supervisor.php
+++ b/admin/supervisor.php
@@ -13,6 +13,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/supervisorchat.php
+++ b/admin/supervisorchat.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/systemsort.php
+++ b/admin/systemsort.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * Process
 */
--- a/admin/systemsortprocess.php
+++ b/admin/systemsortprocess.php
@@ -39,6 +39,11 @@ include (dirname(__FILE__) . "/../config.inc.php");
 */
 include (dirname(__FILE__) . "/../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * Process
 */
--- a/admin/timezonetemplate.php
+++ b/admin/timezonetemplate.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * XHTML functions
 */
--- a/admin/voipmonitor.php
+++ b/admin/voipmonitor.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");

+/**
+ * Authentication file
+ */
+include ("auth-admin.php");
+
 /**
 * Process
 */