Added authentication includes to all files

2024-04-02 12:12:16 +00:00 · 2015-08-14 16:15:20 +10:00
parent cfba7e27f4
commit ec8522e316
95 changed files with 738 additions and 173 deletions
--- a/admin/addshift.php
+++ b/admin/addshift.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/assignsample.php
+++ b/admin/assignsample.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/assigntimeslots.php
+++ b/admin/assigntimeslots.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/auth-admin.php
+++ b/admin/auth-admin.php
@@ -0,0 +1,67 @@
 <?php
 /**
 * Session based authentication using the Limesurvey database (administrator)
 *
 *
 *	This file is part of queXS
 *	
 *	queXS is free software; you can redistribute it and/or modify
 *	it under the terms of the GNU General Public License as published by
 *	the Free Software Foundation; either version 2 of the License, or
 *	(at your option) any later version.
 *	
 *	queXS is distributed in the hope that it will be useful,
 *	but WITHOUT ANY WARRANTY; without even the implied warranty of
 *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *	GNU General Public License for more details.
 *	
 *	You should have received a copy of the GNU General Public License
 *	along with queXS; if not, write to the Free Software
 *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 *
 * @author Adam Zammit <adam.zammit@acspri.org.au>
 * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
 * @package queXS
 * @subpackage user
 * @link http://www.acspri.org.au/ queXS was writen for ACSPRI
 * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
 * 
 */
 /**
 * Configuration file
 */
 include_once(dirname(__FILE__) . "/../config.inc.php");
 /**
 * Database file
 */
 include_once(dirname(__FILE__) . "/../db.inc.php");
 //get session name from DB
 //
 $sql = "SELECT stg_value
        FROM " . LIME_PREFIX . "settings_global
        WHERE stg_name = 'SessionName'";
 session_name($db->GetOne($sql));
 //check if the session exists or loginID not set
 if (session_id() == "" || !isset($_SESSION['loginID']))
 {
  //need to log in
  header('Location: ../include/limesurvey/admin/admin.php');
  die();
 }
 if ($_SESSION['USER_RIGHT_SUPERADMIN'] != 1)
 {
  include_once(dirname(__FILE__) . "/../lang.inc.php");
  include_once(dirname(__FILE__) . "/../functions/functions.xhtml.php");
  xhtml_head();
  print "<p>" . T_("You do not have permission to access this area") . "</p>";
  print "<p><a href='../include/limesurvey/admin/admin.php?action=logout'>" . T_("Logout") . "</a></p>";
  xhtml_foot();
 }
--- a/admin/availability.php
+++ b/admin/availability.php
@@ -39,6 +39,12 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/availabilitygroup.php
+++ b/admin/availabilitygroup.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/bulkappointment.php
+++ b/admin/bulkappointment.php
@@ -44,6 +44,11 @@ include ("../functions/functions.xhtml.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * Operator functions
 */
--- a/admin/callhistory.php
+++ b/admin/callhistory.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/callrestrict.php
+++ b/admin/callrestrict.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/casesbyoutcome.php
+++ b/admin/casesbyoutcome.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/casestatus.php
+++ b/admin/casestatus.php
@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/centreinfo.php
+++ b/admin/centreinfo.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/clientquestionnaire.php
+++ b/admin/clientquestionnaire.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/clients.php
+++ b/admin/clients.php
@@ -42,6 +42,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/dataoutput.php
+++ b/admin/dataoutput.php
@@ -1,4 +1,5 @@
-<?php /**
+<?php 
 /**
 * Output data as a fixed width ASCII file
 *
 *
@@ -43,6 +44,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/displayappointments.php
+++ b/admin/displayappointments.php
@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/extensionstatus.php
+++ b/admin/extensionstatus.php
@@ -38,6 +38,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/import.php
+++ b/admin/import.php
@@ -8,6 +8,11 @@
 */
 include ("../config.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/index.php
+++ b/admin/index.php
@@ -1,6 +1,5 @@
 <?php
- /*
+ /**
 * Display an index of Admin tools
 *
 *
@@ -37,9 +36,15 @@ include ("../lang.inc.php");
 /**
 * Config file
 */
- include ("../config.inc.php");
+include ("../config.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 include ("../functions/functions.xhtml.php");
- $username = $_SERVER['PHP_AUTH_USER'];
+ $username = $_SESSION['loginID'];
 $g = 0;
 if (isset($_GET['g'])) 
   $g = intval($_GET['g']);
@@ -75,11 +80,11 @@ include ("../lang.inc.php");
              <i class="fa fa-user fa fa-fw "></i><?php print T_("Logged as:") . "&ensp;" . $username ;?>           
            </a>
 			<!--- User menu // not connected to pages so not working yet //  could be hidden -->
-<!---       <ul class="dropdown-menu" role="menu">
+       <ul class="dropdown-menu" role="menu">
-              <li><a href="?page=settings.php"><i class="fa fa-cogs fa-fw "></i>&ensp;<?php print T_("Settings"); ?></a></li>
+              <li><a href="../include/limesurvey/admin/admin.php?action=editusers"><i class="fa fa-cogs fa-fw "></i>&ensp;<?php print T_("Settings"); ?></a></li>
-			  <li><a href="../screenloc.php"><i class="fa fa-lock fa-fw "></i>&ensp;<?php print T_("Lock Screen"); ?></a></li>
+<!---			  <li><a href="../screenloc.php"><i class="fa fa-lock fa-fw "></i>&ensp;<?php print T_("Lock Screen"); ?></a></li> -->
-              <li><a href="../logout.php"><i class="fa fa-sign-out fa-fw "></i>&ensp;<?php print T_("Logout"); ?> </a></li>
+              <li><a href="../include/limesurvey/admin/admin.php?action=logout"><i class="fa fa-sign-out fa-fw "></i>&ensp;<?php print T_("Logout"); ?> </a></li>
-            </ul> -->
+            </ul> 
          </li>
        </ul>
--- a/admin/new.php
+++ b/admin/new.php
@@ -11,6 +11,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/operatorlist.php
+++ b/admin/operatorlist.php
@@ -39,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include_once(dirname(__FILE__).'/../db.inc.php');
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/operatorperformance.php
+++ b/admin/operatorperformance.php
@@ -38,6 +38,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/operatorquestionnaire.php
+++ b/admin/operatorquestionnaire.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/operators.php
+++ b/admin/operators.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/operatorskill.php
+++ b/admin/operatorskill.php
@@ -34,6 +34,11 @@
 */
 include ("../config.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * Database file
 */
--- a/admin/outcomes.php
+++ b/admin/outcomes.php
@@ -12,6 +12,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include_once(dirname(__FILE__).'/../db.inc.php');
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/process.php
+++ b/admin/process.php
@@ -39,6 +39,11 @@ include (dirname(__FILE__) . "/../config.inc.php");
 */
 include (dirname(__FILE__) . "/../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * Process
 */
--- a/admin/questionnairelist.php
+++ b/admin/questionnairelist.php
@@ -39,6 +39,11 @@ include("../config.inc.php");
 */
 include("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/questionnaireprefill.php
+++ b/admin/questionnaireprefill.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/quota.php
+++ b/admin/quota.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/quotareport.php
+++ b/admin/quotareport.php
@@ -41,6 +41,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/quotarow.php
+++ b/admin/quotarow.php
@@ -41,6 +41,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/samplecallattempts.php
+++ b/admin/samplecallattempts.php
@@ -1,4 +1,5 @@
-<?php /**
+<?php 
 /**
 * Display sample call attempt report (A listing of how many attempts made for cases within a sample)
 *
 *
@@ -38,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/samplelist.php
+++ b/admin/samplelist.php
@@ -39,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include_once(dirname(__FILE__).'/../db.inc.php');
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/samplesearch.php
+++ b/admin/samplesearch.php
@@ -41,6 +41,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/shiftreport.php
+++ b/admin/shiftreport.php
@@ -1,4 +1,5 @@
-<?php /**
+<?php 
 /**
 * List and edit reports on shifts
 *
 *
@@ -38,6 +39,11 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/shifttemplate.php
+++ b/admin/shifttemplate.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/supervisor.php
+++ b/admin/supervisor.php
@@ -13,6 +13,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/supervisorchat.php
+++ b/admin/supervisorchat.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/systemsort.php
+++ b/admin/systemsort.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * Process
 */
--- a/admin/systemsortprocess.php
+++ b/admin/systemsortprocess.php
@@ -39,6 +39,11 @@ include (dirname(__FILE__) . "/../config.inc.php");
 */
 include (dirname(__FILE__) . "/../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * Process
 */
--- a/admin/timezonetemplate.php
+++ b/admin/timezonetemplate.php
@@ -40,6 +40,11 @@ include("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * XHTML functions
 */
--- a/admin/voipmonitor.php
+++ b/admin/voipmonitor.php
@@ -39,6 +39,11 @@ include ("../config.inc.php");
 */
 include ("../db.inc.php");
 /**
 * Authentication file
 */
 include ("auth-admin.php");
 /**
 * Process
 */
--- a/appointment.php
+++ b/appointment.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /**
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/appointmentlist.php
+++ b/appointmentlist.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /**
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/auth-interviewer.php
+++ b/auth-interviewer.php
@@ -0,0 +1,57 @@
 <?php
 /**
 * Session based authentication using the Limesurvey database (interviewer)
 *
 *
 *	This file is part of queXS
 *	
 *	queXS is free software; you can redistribute it and/or modify
 *	it under the terms of the GNU General Public License as published by
 *	the Free Software Foundation; either version 2 of the License, or
 *	(at your option) any later version.
 *	
 *	queXS is distributed in the hope that it will be useful,
 *	but WITHOUT ANY WARRANTY; without even the implied warranty of
 *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *	GNU General Public License for more details.
 *	
 *	You should have received a copy of the GNU General Public License
 *	along with queXS; if not, write to the Free Software
 *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 *
 * @author Adam Zammit <adam.zammit@acspri.org.au>
 * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
 * @package queXS
 * @subpackage user
 * @link http://www.acspri.org.au/ queXS was writen for ACSPRI
 * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
 * 
 */
 /**
 * Configuration file
 */
 include_once("config.inc.php");
 /**
 * Database file
 */
 include_once("db.inc.php");
 //get session name from DB
 //
 $sql = "SELECT stg_value
        FROM " . LIME_PREFIX . "settings_global
        WHERE stg_name = 'SessionName'";
 session_name($db->GetOne($sql));
 //check if the session exists or loginID not set
 if (session_id() == "" || !isset($_SESSION['loginID']))
 {
  //need to log in
  header('Location: include/limesurvey/admin/admin.php');
  die();
 }
--- a/availability.php
+++ b/availability.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/call.php
+++ b/call.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/call_interface2.php
+++ b/call_interface2.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/callhistory.php
+++ b/callhistory.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/calllist.php
+++ b/calllist.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/casenote.php
+++ b/casenote.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/client/auth-client.php
+++ b/client/auth-client.php
@@ -0,0 +1,57 @@
 <?php
 /**
 * Session based authentication using the Limesurvey database (client)
 *
 *
 *	This file is part of queXS
 *	
 *	queXS is free software; you can redistribute it and/or modify
 *	it under the terms of the GNU General Public License as published by
 *	the Free Software Foundation; either version 2 of the License, or
 *	(at your option) any later version.
 *	
 *	queXS is distributed in the hope that it will be useful,
 *	but WITHOUT ANY WARRANTY; without even the implied warranty of
 *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *	GNU General Public License for more details.
 *	
 *	You should have received a copy of the GNU General Public License
 *	along with queXS; if not, write to the Free Software
 *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 *
 * @author Adam Zammit <adam.zammit@acspri.org.au>
 * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
 * @package queXS
 * @subpackage user
 * @link http://www.acspri.org.au/ queXS was writen for ACSPRI
 * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
 * 
 */
 /**
 * Configuration file
 */
 include_once(dirname(__FILE__)."/../config.inc.php");
 /**
 * Database file
 */
 include_once(dirname(__FILE__)."/../db.inc.php");
 //get session name from DB
 //
 $sql = "SELECT stg_value
        FROM " . LIME_PREFIX . "settings_global
        WHERE stg_name = 'SessionName'";
 session_name($db->GetOne($sql));
 //check if the session exists or loginID not set
 if (session_id() == "" || !isset($_SESSION['loginID']))
 {
  //need to log in
  header('Location: ../include/limesurvey/admin/admin.php');
  die();
 }
--- a/client/index.php
+++ b/client/index.php
@@ -38,6 +38,12 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 */
 include_once(dirname(__FILE__).'/../db.inc.php');
 /** 
 * Authentication
 */
 include ("auth-client.php");
 /**
 * XHTML functions
 */
--- a/contactdetails.php
+++ b/contactdetails.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/display/index.php
+++ b/display/index.php
@@ -1,149 +0,0 @@
 <?php 
 /**
 * Display a "full screen" view of outcomes for display on a large
 * communal screen - will change views periodically
 *
 *
 *	This file is part of queXS
 *	
 *	queXS is free software; you can redistribute it and/or modify
 *	it under the terms of the GNU General Public License as published by
 *	the Free Software Foundation; either version 2 of the License, or
 *	(at your option) any later version.
 *	
 *	queXS is distributed in the hope that it will be useful,
 *	but WITHOUT ANY WARRANTY; without even the implied warranty of
 *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *	GNU General Public License for more details.
 *	
 *	You should have received a copy of the GNU General Public License
 *	along with queXS; if not, write to the Free Software
 *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 *
 * @author Adam Zammit <adam.zammit@deakin.edu.au>
 * @copyright Deakin University 2007,2008
 * @package queXS
 * @subpackage user
 * @link http://www.deakin.edu.au/dcarf/ queXS was writen for DCARF - Deakin Computer Assisted Research Facility
 * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
 * 
 *
 */
 /**
 * Configuration file
 */
 include ("../config.inc.php");
 /**
 * Database file
 */
 include('../db.inc.php');
 /**
 * XHTML functions
 */
 include ("../functions/functions.xhtml.php");
 /**
 * Display functions
 */
 include ("../functions/functions.performance.php");
 /**
 * Input functions
 */
 include("../functions/functions.input.php");
 $shift_id = 0;
 $questionnaire_id = 0;
 $display_type = 0;
 if (isset($_GET['shift_id'])) $shift_id = bigintval($_GET['shift_id']);
 if (isset($_GET['questionnaire_id'])) $questionnaire_id = bigintval($_GET['questionnaire_id']);
 if (isset($_GET['display_type'])) $display_type= bigintval($_GET['display_type']);
 if ($display_type >= 6)
 {
 	$sql = "SELECT shift_id,questionnaire_id
 		FROM shift
 		WHERE start <= CONVERT_TZ(NOW(),'System','UTC')
 		AND end >= CONVERT_TZ(NOW(),'System','UTC')
 		AND shift_id > '$shift_id'
 		ORDER BY shift_id ASC
 		LIMIT 1";
 	$s = $db->GetRow($sql);
 	$display_type = 0;
 	$shift_id = 0;
 	$questionnaire_id = 0;
 	if (!empty($s)) 
 	{
 		$shift_id = $s['shift_id'];
 		$questionnaire_id = $s['questionnaire_id'];
 	}
 }
 if ($shift_id == 0)
 {
 	$sql = "SELECT shift_id,questionnaire_id
 		FROM shift
 		WHERE start <= CONVERT_TZ(NOW(),'System','UTC')
 		AND end >= CONVERT_TZ(NOW(),'System','UTC')
 		ORDER BY shift_id ASC
 		LIMIT 1";
 	$s = $db->GetRow($sql);
 	$display_type = 0;
 	if (!empty($s))
 	{
 		$shift_id = $s['shift_id'];
 		$questionnaire_id = $s['questionnaire_id'];
 	}	
 }
 $dt1 = $display_type + 1;
 xhtml_head(T_("Display"),true,array("../css/display.css"),false,false,"6;url=?shift_id=$shift_id&amp;questionnaire_id=$questionnaire_id&amp;display_type=$dt1");
 if ($shift_id == 0 || $questionnaire_id == 0)
 	display_none();
 else
 {
 	$sql = "SELECT description
 		FROM questionnaire
 		WHERE questionnaire_id = '$questionnaire_id'";
 	$n = $db->GetRow($sql);
 	print "<h1>{$n['description']}</h1>\n";
 	switch($display_type)
 	{
 		case 0:
 			display_total_completions($questionnaire_id);
 			break;
 		case 1:
 			display_completions_this_shift($questionnaire_id,$shift_id);
 			break;
 		case 2:
 			display_completions_same_time_last_shift($questionnaire_id,$shift_id);
 			break;
 		case 3:
 			display_completions_last_shift($questionnaire_id,$shift_id);
 			break;
 		case 4:
 			display_top_cph_this_shift($questionnaire_id,$shift_id);
 			break;
 		case 5:
 			display_top_cph($questionnaire_id);
 			break;
 	}
 }
 xhtml_foot();
 ?>
--- a/email.php
+++ b/email.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/endwork.php
+++ b/endwork.php
@@ -36,6 +36,12 @@
 */
 include_once("lang.inc.php");
 /** 
 * Authentication
 */
 include_once("auth-interviewer.php");
 /**
 * XHTML functions
@@ -73,6 +79,7 @@ if (ALLOW_OPERATOR_EXTENSION_SELECT && VOIP_ENABLED)
 }
 print "<p><a href='index.php'>" . T_("Go back to work") . "</a></p>";
 print "<p><a href='include/limesurvey/admin/admin.php?action=logout'>" . T_("Logout") . "</a></p>";
 xhtml_foot();
--- a/functions/functions.client.php
+++ b/functions/functions.client.php
@@ -41,7 +41,7 @@ include_once(dirname(__FILE__).'/../config.inc.php');
 include_once(dirname(__FILE__).'/../db.inc.php');
 /**
- * Return the current client id based on PHP_AUTH_USER
+ * Return the current client id based on the SESSION loginID
 *
 * @return bool|int False if none otherwise the client id
 *
@@ -50,9 +50,12 @@ function get_client_id()
 {
 	global $db;
  if (!isset($_SESSION['loginID']))
    return false;
 	$sql = "SELECT client_id
 		FROM client
-		WHERE username = '{$_SERVER['PHP_AUTH_USER']}'";
+		WHERE username = '{$_SESSION['loginID']}'";
 	$o = $db->GetRow($sql);
--- a/functions/functions.operator.php
+++ b/functions/functions.operator.php
@@ -893,24 +893,24 @@ function get_extension($operator_id)
 /**
- * Return the current operator id based on PHP_AUTH_USER
+ * Return the current operator id based on SESSION loginID
 *
 * @return bool|int False if none otherwise the operator id
 *
 */
 function get_operator_id()
 {
-	if (!isset($_SERVER['PHP_AUTH_USER']))
+	if (!isset($_SESSION['loginID']))
 	{
-		print "<p>" . T_("ERROR: You do not have server side authentication enabled therefore queXS cannot determine which user is accessing the system.") . "</p>";
+    print "<p>" . T_("ERROR: You are not logged in.") . "</p>";
-		return false;
+		die();
 	}
 	global $db;
 	$sql = "SELECT operator_id
 		FROM operator
-		WHERE username = " . $db->qstr($_SERVER['PHP_AUTH_USER']) . "
+		WHERE username = " . $db->qstr($_SESSION['loginID']) . "
 		AND enabled = 1";
 	$o = $db->GetRow($sql);
--- a/include/limesurvey/admin/admin.php
+++ b/include/limesurvey/admin/admin.php
@@ -794,9 +794,10 @@ else
    sendcacheheaders();
    if (!isset($_SESSION['metaHeader'])) {$_SESSION['metaHeader']='';}
-    $adminoutput = getAdminHeader($_SESSION['metaHeader']).$adminoutput.$loginsummary;  // All future output is written into this and then outputted at the end of file
+      //$adminoutput = getAdminHeader($_SESSION['metaHeader']).$adminoutput.$loginsummary;  // All future output is written into this and then outputted at the end of file
      $adminoutput =$loginsummary;
    unset($_SESSION['metaHeader']);
-    $adminoutput.= "</div>\n".getAdminFooter("http://docs.limesurvey.org", $clang->gT("LimeSurvey online manual"));
+    $adminoutput.= "</div>\n";//.getAdminFooter("http://docs.limesurvey.org", $clang->gT("LimeSurvey online manual"));
 }
 if (($action=='showphpinfo') && ($_SESSION['USER_RIGHT_CONFIGURATOR'] == 1))
 {
--- a/include/limesurvey/admin/sessioncontrol.php
+++ b/include/limesurvey/admin/sessioncontrol.php
@@ -31,7 +31,7 @@ else {session_name("LimeSurveyAdmin");}
 if (session_id() == "")
 {
-    session_set_cookie_params(0,$relativeurl.'/');
+    session_set_cookie_params(0,QUEXS_PATH);
    if ($debug==0) {@session_start();}
    else  {session_start();}
 }
--- a/include/limesurvey/admin/usercontrol.php
+++ b/include/limesurvey/admin/usercontrol.php
@@ -236,6 +236,13 @@ if (!isset($_SESSION['loginID']))
                        }
                        $loginsummary .= "<br /><br />\n";
                        GetSessionUserRights($_SESSION['loginID']);
                        //go to queXS
                        $loc = "";
                        if ($_SESSION['USER_RIGHT_SUPERADMIN'] == 1) 
                          $loc = "/admin";
                        header('Location: ' . QUEXS_URL . $loc);
                        die();
                    }
                    else
                    {
--- a/index.php
+++ b/index.php
@@ -35,6 +35,11 @@
 */
 include ("config.inc.php");
 /**
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/index_interface2.php
+++ b/index_interface2.php
@@ -45,6 +45,12 @@ include ("functions/functions.xhtml.php");
 */
 include("functions/functions.operator.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 $popupcall = false;
--- a/info.php
+++ b/info.php
@@ -49,6 +49,12 @@ include ("lang.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 $js = false;
 if (AUTO_LOGOUT_MINUTES !== false)
        $js = array("include/jquery/jquery-1.4.2.min.js","js/childnap.js");
--- a/nocallavailable.php
+++ b/nocallavailable.php
@@ -39,6 +39,11 @@ include ("config.inc.php");
 */
 include ("functions/functions.xhtml.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /** 
 * Language functions
 */
--- a/nocaseavailable.php
+++ b/nocaseavailable.php
@@ -41,6 +41,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/performance.php
+++ b/performance.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/project_info.php
+++ b/project_info.php
@@ -49,6 +49,12 @@ include ("lang.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * Operator
 */
--- a/record.php
+++ b/record.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("functions/functions.xhtml.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * Operator functions
 */
--- a/referral.php
+++ b/referral.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/respondent.php
+++ b/respondent.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/rs_answeringmachine.php
+++ b/rs_answeringmachine.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML
 */
--- a/rs_answeringmachine_interface2.php
+++ b/rs_answeringmachine_interface2.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML
 */
--- a/rs_business.php
+++ b/rs_business.php
@@ -34,6 +34,12 @@
 */
 include ("config.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML
 */
--- a/rs_business_interface2.php
+++ b/rs_business_interface2.php
@@ -34,6 +34,12 @@
 */
 include ("config.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML
 */
--- a/rs_callback.php
+++ b/rs_callback.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/rs_callback_interface2.php
+++ b/rs_callback_interface2.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/rs_intro.php
+++ b/rs_intro.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/rs_intro_interface2.php
+++ b/rs_intro_interface2.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/rs_project_end.php
+++ b/rs_project_end.php
@@ -40,6 +40,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/rs_project_end_interface2.php
+++ b/rs_project_end_interface2.php
@@ -39,6 +39,12 @@ include_once ("config.inc.php");
 */
 include_once ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/rs_project_intro.php
+++ b/rs_project_intro.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/rs_project_intro_interface2.php
+++ b/rs_project_intro_interface2.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/rs_quota_end.php
+++ b/rs_quota_end.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/selectextension.php
+++ b/selectextension.php
@@ -35,6 +35,12 @@
 */
 include_once("config.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/shifts.php
+++ b/shifts.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/status.php
+++ b/status.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/status_interface2.php
+++ b/status_interface2.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/supervisor.php
+++ b/supervisor.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/supervisorchat.php
+++ b/supervisorchat.php
@@ -39,6 +39,12 @@ include ("config.inc.php");
 */
 include ("db.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */
--- a/voip/auth-interviewer.php
+++ b/voip/auth-interviewer.php
@@ -0,0 +1,57 @@
 <?php
 /**
 * Session based authentication using the Limesurvey database (client)
 *
 *
 *	This file is part of queXS
 *	
 *	queXS is free software; you can redistribute it and/or modify
 *	it under the terms of the GNU General Public License as published by
 *	the Free Software Foundation; either version 2 of the License, or
 *	(at your option) any later version.
 *	
 *	queXS is distributed in the hope that it will be useful,
 *	but WITHOUT ANY WARRANTY; without even the implied warranty of
 *	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *	GNU General Public License for more details.
 *	
 *	You should have received a copy of the GNU General Public License
 *	along with queXS; if not, write to the Free Software
 *	Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 *
 * @author Adam Zammit <adam.zammit@acspri.org.au>
 * @copyright Australian Consortium for Social and Political Research Incorporated (ACSPRI) 2013
 * @package queXS
 * @subpackage user
 * @link http://www.acspri.org.au/ queXS was writen for ACSPRI
 * @license http://opensource.org/licenses/gpl-2.0.php The GNU General Public License (GPL) Version 2
 * 
 */
 /**
 * Configuration file
 */
 include_once(dirname(__FILE__)."/../config.inc.php");
 /**
 * Database file
 */
 include_once(dirname(__FILE__)."/../db.inc.php");
 //get session name from DB
 //
 $sql = "SELECT stg_value
        FROM " . LIME_PREFIX . "settings_global
        WHERE stg_name = 'SessionName'";
 session_name($db->GetOne($sql));
 //check if the session exists or loginID not set
 if (session_id() == "" || !isset($_SESSION['loginID']))
 {
  //need to log in
  header('Location: ../include/limesurvey/admin/admin.php');
  die();
 }
--- a/voip/downloadvoipclient.php
+++ b/voip/downloadvoipclient.php
@@ -32,6 +32,12 @@
 include_once("../config.inc.php");
 include_once("../db.inc.php");
 /** 
 * Authentication
 */
 include ("../auth-interviewer.php");
 include_once("../functions/functions.operator.php");
 //---------------------
--- a/waitnextcase_interface2.php
+++ b/waitnextcase_interface2.php
@@ -35,6 +35,12 @@
 */
 include_once("lang.inc.php");
 /** 
 * Authentication
 */
 include ("auth-interviewer.php");
 /**
 * XHTML functions
 */