From 6e239bbf0f15b60bc9b57529be6b55b365d80cc0 Mon Sep 17 00:00:00 2001 From: Evgeny Gryaznov Date: Fri, 15 Apr 2011 01:24:33 +0200 Subject: [PATCH 1/2] redirect to profile page after first login; informational banner when password is blank; do not enforce password change; rename Home -> Dashboard --- src/messenger/webim/locales/en/properties | 6 ++++-- src/messenger/webim/operator/index.php | 2 ++ src/messenger/webim/operator/login.php | 8 +++++--- src/messenger/webim/operator/operator.php | 12 +++++++++++- src/messenger/webim/operator/users.php | 2 ++ src/messenger/webim/view/agent.php | 13 +++++++++---- src/messenger/webim/view/menu.php | 8 ++++++-- 7 files changed, 39 insertions(+), 12 deletions(-) diff --git a/src/messenger/webim/locales/en/properties b/src/messenger/webim/locales/en/properties index 7f917ba4..d11cda56 100644 --- a/src/messenger/webim/locales/en/properties +++ b/src/messenger/webim/locales/en/properties @@ -124,6 +124,8 @@ errors.prefix=
  • errors.required=Please fill "{0}". errors.suffix=
    • errors.wrong_field=Please fill "{0}" correctly. +error.no_password=This is your first time logging in and your password is blank. For security reasons you have to change it. +error.no_password.visit_profile=Visit your Profile Page. features.saved=Features activated form.field.address.description=Ex: 12.23.45.123 or todo.com form.field.address=Visitor's Address @@ -512,9 +514,9 @@ time.never=Never time.timeformat=%I:%M %p time.today.at=Today at time.yesterday.at=Yesterday at -topMenu.admin=Home +topMenu.admin=Dashboard topMenu.logoff=Exit -topMenu.main=Home +topMenu.main=Dashboard topMenu.users.nomenu=without menu topMenu.users=Visitors tracked.date=Visit time diff --git a/src/messenger/webim/operator/index.php b/src/messenger/webim/operator/index.php index bb2a940a..b4af107c 100644 --- a/src/messenger/webim/operator/index.php +++ b/src/messenger/webim/operator/index.php @@ -33,6 +33,8 @@ $page = array( 'version' => $version, 'localeLinks' => get_locale_links("$webimroot/operator/index.php"), 'needUpdate' => $settings['dbversion'] != $dbversion, + 'needChangePassword' => $operator['vcpassword'] == md5(''), + 'profilePage' => "$webimroot/operator/operator.php?op=".$operator['operatorid'], 'updateWizard' => "$webimroot/install/", 'newFeatures' => $settings['featuresversion'] != $featuresversion, 'featuresPage' => "$webimroot/operator/features.php", diff --git a/src/messenger/webim/operator/login.php b/src/messenger/webim/operator/login.php index 88c31ff7..df202de5 100644 --- a/src/messenger/webim/operator/login.php +++ b/src/messenger/webim/operator/login.php @@ -33,9 +33,11 @@ if (isset($_POST['login']) && isset($_POST['password'])) { $operator = operator_by_login($login); if ($operator && isset($operator['vcpassword']) && $operator['vcpassword'] == md5($password)) { - $target = isset($_SESSION['backpath']) - ? $_SESSION['backpath'] - : "$webimroot/operator/index.php"; + $target = $password == '' + ? "$webimroot/operator/operator.php?op=" . $operator['operatorid'] + : (isset($_SESSION['backpath']) + ? $_SESSION['backpath'] + : "$webimroot/operator/index.php"); login_operator($operator, $remember); header("Location: $target"); diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php index 155d764c..00413716 100644 --- a/src/messenger/webim/operator/operator.php +++ b/src/messenger/webim/operator/operator.php @@ -77,6 +77,15 @@ if (isset($_POST['login']) && isset($_POST['password'])) { exit; } else { update_operator($opId, $login, $email, $password, $localname, $commonname); + // update the session password + if (isset($password) && $opId == $operator['operatorid']) { + $toDashboard = $operator['vcpassword'] == md5('') && $password != ''; + $_SESSION["${mysqlprefix}operator"]['vcpassword'] = md5($password); + if($toDashboard) { + header("Location: $webimroot/operator/index.php"); + exit; + } + } header("Location: $webimroot/operator/operator.php?op=$opId&stored"); exit; } @@ -113,9 +122,10 @@ $canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $page['stored'] = isset($_GET['stored']); $page['canmodify'] = $canmodify ? "1" : ""; +$page['needChangePassword'] = $operator['vcpassword'] == md5(''); prepare_menu($operator); setup_operator_settings_tabs($opId, 0); start_html_output(); require('../view/agent.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/operator/users.php b/src/messenger/webim/operator/users.php index 97160e24..c73fb037 100644 --- a/src/messenger/webim/operator/users.php +++ b/src/messenger/webim/operator/users.php @@ -24,6 +24,8 @@ require_once('../libs/operator.php'); require_once('../libs/groups.php'); $operator = check_login(); +force_password($operator); + $status = isset($_GET['away']) ? 1 : 0; notify_operator_alive($operator['operatorid'], $status); diff --git a/src/messenger/webim/view/agent.php b/src/messenger/webim/view/agent.php index 056d0aea..23912f81 100644 --- a/src/messenger/webim/view/agent.php +++ b/src/messenger/webim/view/agent.php @@ -39,15 +39,20 @@ function tpl_content() { global $page, $webimroot, $errors; - + +
    +
    +
    + +
    - +
    @@ -70,7 +75,7 @@ require_once('inc_errors.php');
    -
    *
    +
    *
    />
    @@ -79,7 +84,7 @@ require_once('inc_errors.php');
    -
    *
    +
    *
    />
    diff --git a/src/messenger/webim/view/menu.php b/src/messenger/webim/view/menu.php index f907b794..3441ed47 100644 --- a/src/messenger/webim/view/menu.php +++ b/src/messenger/webim/view/menu.php @@ -41,8 +41,12 @@ function menuseparator() { function tpl_content() { global $page, $webimroot, $current_locale, $menuItemsCount, $version; ?> -
    - +
    + + +
    +
    +

    From 152c15dde4d097f9f6583499a8173e4ae06cba28 Mon Sep 17 00:00:00 2001 From: Haynes Date: Wed, 13 Apr 2011 16:44:09 +0200 Subject: [PATCH 2/2] This commit forces the User to set a password for the Administrator before doing anything else after the installation. --- src/messenger/webim/libs/operator.php | 17 +++++++++++++++++ src/messenger/webim/locales/de/properties | 1 + src/messenger/webim/locales/en/properties | 1 + src/messenger/webim/operator/canned.php | 4 +++- src/messenger/webim/operator/getcode.php | 2 ++ src/messenger/webim/operator/history.php | 4 +++- src/messenger/webim/operator/index.php | 1 + src/messenger/webim/operator/operator.php | 6 ++++++ src/messenger/webim/operator/operators.php | 4 +++- src/messenger/webim/operator/settings.php | 1 + src/messenger/webim/operator/statistics.php | 3 ++- src/messenger/webim/operator/translate.php | 2 ++ src/messenger/webim/operator/updates.php | 1 + 13 files changed, 43 insertions(+), 4 deletions(-) diff --git a/src/messenger/webim/libs/operator.php b/src/messenger/webim/libs/operator.php index 4f4f3240..ecfed251 100755 --- a/src/messenger/webim/libs/operator.php +++ b/src/messenger/webim/libs/operator.php @@ -116,6 +116,12 @@ function update_operator($operatorid, $login, $email, $password, $localename, $c perform_query($query, $link); mysql_close($link); + // update the session password + if (isset($password)) + { + $_SESSION[$mysqlprefix.'operator']['vcpassword']=md5($password); + } + } function update_operator_avatar($operatorid, $avatar) @@ -235,6 +241,17 @@ function check_login($redirect = true) return $_SESSION["${mysqlprefix}operator"]; } +// Force the admin to set a password after the installation +function force_password($operator) +{ + global $webimroot; + if($operator['vcpassword']==md5('')) + { + header("Location: $webimroot/operator/operator.php?op=1"); + exit; + } +} + function get_logged_in() { global $mysqlprefix; diff --git a/src/messenger/webim/locales/de/properties b/src/messenger/webim/locales/de/properties index 8b3d807e..0f395517 100644 --- a/src/messenger/webim/locales/de/properties +++ b/src/messenger/webim/locales/de/properties @@ -212,6 +212,7 @@ menu.translate=Regionalisieren menu.updates.content=Auf Nachrichten und Updates prüfen. menu.updates=Updates my_settings.error.password_match=Die Passwörter stimmen nicht überein +my_settings.error.no_password=Es ist noch kein Passwort für den Administrator gesetzt no_such_operator=Kein solcher Operator operator.group.no_description=<keine Beschreibung> operator.groups.intro=Wähle Gruppen nach Operator Qualifikation. diff --git a/src/messenger/webim/locales/en/properties b/src/messenger/webim/locales/en/properties index d11cda56..6976aeae 100644 --- a/src/messenger/webim/locales/en/properties +++ b/src/messenger/webim/locales/en/properties @@ -243,6 +243,7 @@ menu.profile=Profile menu.translate=Localize menu.updates.content=Check for news and updates. menu.updates=Updates +my_settings.error.no_password=No Password set for the Administrator my_settings.error.password_match=Entered passwords do not match no_such_operator=No such operator operator.group.no_description=<no description> diff --git a/src/messenger/webim/operator/canned.php b/src/messenger/webim/operator/canned.php index 84f5610c..c665ddf0 100644 --- a/src/messenger/webim/operator/canned.php +++ b/src/messenger/webim/operator/canned.php @@ -26,6 +26,8 @@ require_once('../libs/groups.php'); require_once('../libs/pagination.php'); $operator = check_login(); +force_password($operator); + loadsettings(); $errors = array(); @@ -131,4 +133,4 @@ $page['formgroup'] = $groupid; prepare_menu($operator); start_html_output(); require('../view/canned.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/operator/getcode.php b/src/messenger/webim/operator/getcode.php index 1c738f9e..c8dc3c14 100644 --- a/src/messenger/webim/operator/getcode.php +++ b/src/messenger/webim/operator/getcode.php @@ -25,6 +25,8 @@ require_once('../libs/groups.php'); require_once('../libs/getcode.php'); $operator = check_login(); +force_password($operator); + loadsettings(); $imageLocales = get_image_locales_map("../locales"); diff --git a/src/messenger/webim/operator/history.php b/src/messenger/webim/operator/history.php index 4dce7b1e..015ce66d 100644 --- a/src/messenger/webim/operator/history.php +++ b/src/messenger/webim/operator/history.php @@ -26,6 +26,8 @@ require_once('../libs/userinfo.php'); require_once('../libs/pagination.php'); $operator = check_login(); +force_password($operator); + loadsettings(); setlocale(LC_TIME, getstring("time.locale")); @@ -68,4 +70,4 @@ if ($query !== false) { prepare_menu($operator); start_html_output(); require('../view/thread_search.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/operator/index.php b/src/messenger/webim/operator/index.php index b4af107c..244fc239 100644 --- a/src/messenger/webim/operator/index.php +++ b/src/messenger/webim/operator/index.php @@ -23,6 +23,7 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); $operator = check_login(); +force_password($operator); $link = connect(); loadsettings_($link); diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php index 00413716..b1d61ec5 100644 --- a/src/messenger/webim/operator/operator.php +++ b/src/messenger/webim/operator/operator.php @@ -105,6 +105,12 @@ if (isset($_POST['login']) && isset($_POST['password'])) { $errors[] = getlocal("no_such_operator"); $page['opid'] = topage($opId); } else { + //show an error if the admin password hasn't been set yet. + if ($operator['vcpassword']==md5('') && !isset($_GET['stored'])) + { + $errors[] = getlocal("my_settings.error.no_password"); + } + $page['formlogin'] = topage($op['vclogin']); $page['formname'] = topage($op['vclocalename']); $page['formemail'] = topage($op['vcemail']); diff --git a/src/messenger/webim/operator/operators.php b/src/messenger/webim/operator/operators.php index e3288a5d..eeb01e37 100644 --- a/src/messenger/webim/operator/operators.php +++ b/src/messenger/webim/operator/operators.php @@ -23,6 +23,8 @@ require_once('../libs/common.php'); require_once('../libs/operator.php'); $operator = check_login(); +force_password($operator); + if (isset($_GET['act']) && $_GET['act'] == 'del') { $operatorid = isset($_GET['id']) ? $_GET['id'] : ""; @@ -68,4 +70,4 @@ setlocale(LC_TIME, getstring("time.locale")); prepare_menu($operator); start_html_output(); require('../view/agents.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/operator/settings.php b/src/messenger/webim/operator/settings.php index 77025774..894e8d6d 100644 --- a/src/messenger/webim/operator/settings.php +++ b/src/messenger/webim/operator/settings.php @@ -24,6 +24,7 @@ require_once('../libs/operator.php'); require_once('../libs/settings.php'); $operator = check_login(); +force_password($operator); $page = array('agentId' => ''); $errors = array(); diff --git a/src/messenger/webim/operator/statistics.php b/src/messenger/webim/operator/statistics.php index 9d12d506..dc5b0af2 100644 --- a/src/messenger/webim/operator/statistics.php +++ b/src/messenger/webim/operator/statistics.php @@ -24,6 +24,7 @@ require_once('../libs/chat.php'); require_once('../libs/operator.php'); $operator = check_login(); +force_password($operator); setlocale(LC_TIME, getstring("time.locale")); @@ -86,4 +87,4 @@ mysql_close($link); prepare_menu($operator); start_html_output(); require('../view/statistics.php'); -?> \ No newline at end of file +?> diff --git a/src/messenger/webim/operator/translate.php b/src/messenger/webim/operator/translate.php index 5e271ce6..575d6eb7 100644 --- a/src/messenger/webim/operator/translate.php +++ b/src/messenger/webim/operator/translate.php @@ -119,6 +119,8 @@ function get_auxiliary($s) } $operator = check_login(); +force_password($operator); + $source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale); $target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale); diff --git a/src/messenger/webim/operator/updates.php b/src/messenger/webim/operator/updates.php index d36f8f12..63455e0c 100644 --- a/src/messenger/webim/operator/updates.php +++ b/src/messenger/webim/operator/updates.php @@ -24,6 +24,7 @@ require_once('../libs/operator.php'); require_once('../libs/settings.php'); $operator = check_login(); +force_password($operator); $default_extensions = array('mysql', 'gd', 'iconv');