$adminoutput = "";
// just to avoid notices
include "database.php";
$query = "SELECT uid, password, lang FROM " . db_table_name('users') . " WHERE users_name=" . $connect->qstr($username);
$ADODB_FETCH_MODE = ADODB_FETCH_ASSOC;
$result = $connect->SelectLimit($query, 1) or die($query . "\n" . $connect->ErrorMsg());
if ($result->RecordCount() < 1) {
// wrong or unknown username and/or email
echo "\n" . $clang->gT("User name invalid!") . "\n";
exit;
} else {
$fields = $result->FetchRow();
if (SHA256::hashing($userpass) == $fields['password']) {
$_SESSION['loginID'] = intval($fields['uid']);
$clang = new limesurvey_lang($fields['lang']);
GetSessionUserRights($_SESSION['loginID']);
if (!$_SESSION['USER_RIGHT_CREATE_SURVEY']) {
// no permission to create survey!
echo "\n" . $clang->gT("You are not allowed to import a survey!") . "\n";
exit;
}
} else {
// password don't match username
echo "\n" . $clang->gT("User name and password do not match!") . "\n";
exit;
}
}
echo "\n";
$importsurvey = "";
$importingfrom = "cmdline";
// "http" for the web version and "cmdline" for the command line version
{
$_SESSION['adminlang']=returnglobal('lang');
}
elseif (!isset($_SESSION['adminlang']) || $_SESSION['adminlang']=='' )
{
$_SESSION['adminlang']=$defaultlang;
}
// Construct the language class, and set the language.
if (isset($_REQUEST['rootdir'])) {die('You cannot start this script directly');}
require_once($rootdir.'/classes/core/language.php');
$clang = new limesurvey_lang($_SESSION['adminlang']);
// get user rights
if(isset($_SESSION['loginID'])) {GetSessionUserRights($_SESSION['loginID']);}
// check that requests that modify the DB are using POST
// and not GET requests
$dangerousActionsArray = Array
(
'activate' => Array(
0 => Array ('ok' => 'Y')
),
'adduser' => Array(),
'addusertogroup' => Array(),
'deleteuserfromgroup' => Array(),
'deluser' => Array(),
'delusergroup' => Array(),
'editusergroupindb' => Array(),
'mailsendusergroup' => Array(),
