$adminoutput = ""; // just to avoid notices include "database.php"; $query = "SELECT uid, password, lang FROM " . db_table_name('users') . " WHERE users_name=" . $connect->qstr($username); $ADODB_FETCH_MODE = ADODB_FETCH_ASSOC; $result = $connect->SelectLimit($query, 1) or die($query . "\n" . $connect->ErrorMsg()); if ($result->RecordCount() < 1) { // wrong or unknown username and/or email echo "\n" . $clang->gT("User name invalid!") . "\n"; exit; } else { $fields = $result->FetchRow(); if (SHA256::hashing($userpass) == $fields['password']) { $_SESSION['loginID'] = intval($fields['uid']); $clang = new limesurvey_lang($fields['lang']); GetSessionUserRights($_SESSION['loginID']); if (!$_SESSION['USER_RIGHT_CREATE_SURVEY']) { // no permission to create survey! echo "\n" . $clang->gT("You are not allowed to import a survey!") . "\n"; exit; } } else { // password don't match username echo "\n" . $clang->gT("User name and password do not match!") . "\n"; exit; } } echo "\n"; $importsurvey = ""; $importingfrom = "cmdline"; // "http" for the web version and "cmdline" for the command line version
{ $_SESSION['adminlang']=returnglobal('lang'); } elseif (!isset($_SESSION['adminlang']) || $_SESSION['adminlang']=='' ) { $_SESSION['adminlang']=$defaultlang; } // Construct the language class, and set the language. if (isset($_REQUEST['rootdir'])) {die('You cannot start this script directly');} require_once($rootdir.'/classes/core/language.php'); $clang = new limesurvey_lang($_SESSION['adminlang']); // get user rights if(isset($_SESSION['loginID'])) {GetSessionUserRights($_SESSION['loginID']);} // check that requests that modify the DB are using POST // and not GET requests $dangerousActionsArray = Array ( 'activate' => Array( 0 => Array ('ok' => 'Y') ), 'adduser' => Array(), 'addusertogroup' => Array(), 'deleteuserfromgroup' => Array(), 'deluser' => Array(), 'delusergroup' => Array(), 'editusergroupindb' => Array(), 'mailsendusergroup' => Array(),