This commit forces the User to set a password for the Administrator before doing anything else after the installation.

src/messenger/webim/libs/operator.php

@@ -116,6 +116,12 @@ function update_operator($operatorid, $login, $email, $password, $localename, $c
 
 	perform_query($query, $link);
 	mysql_close($link);
+	// update the session password
+	if (isset($password))
+	{
+		$_SESSION[$mysqlprefix.'operator']['vcpassword']=md5($password);
+	}
+
 }
 
 function update_operator_avatar($operatorid, $avatar)
@@ -235,6 +241,17 @@ function check_login($redirect = true)
 	return $_SESSION["${mysqlprefix}operator"];
 }
 
+// Force the admin to set a password after the installation
+function force_password($operator)
+{
+	global $webimroot;
+	if($operator['vcpassword']==md5(''))
+	{
+		header("Location: $webimroot/operator/operator.php?op=1");
+		exit;
+	}
+}
+
 function get_logged_in()
 {
 	global $mysqlprefix;

src/messenger/webim/locales/de/properties

@@ -212,6 +212,7 @@ menu.translate=Regionalisieren
 menu.updates.content=Auf Nachrichten und Updates prüfen.
 menu.updates=Updates
 my_settings.error.password_match=Die Passwörter stimmen nicht überein
+my_settings.error.no_password=Es ist noch kein Passwort für den Administrator gesetzt
 no_such_operator=Kein solcher Operator
 operator.group.no_description=<keine Beschreibung>
 operator.groups.intro=Wähle Gruppen nach Operator Qualifikation.

src/messenger/webim/locales/en/properties

@@ -236,6 +236,7 @@ menu.profile=Profile
 menu.translate=Localize
 menu.updates.content=Check for news and updates.
 menu.updates=Updates
+my_settings.error.no_password=No Password set for the Administrator
 my_settings.error.password_match=Entered passwords do not match
 no_such_operator=No such operator
 operator.group.no_description=<no description>

src/messenger/webim/operator/canned.php

@@ -26,6 +26,8 @@ require_once('../libs/groups.php');
 require_once('../libs/pagination.php');
 
 $operator = check_login();
+force_password($operator);
+
 loadsettings();
 
 $errors = array();
@@ -131,4 +133,4 @@ $page['formgroup'] = $groupid;
 prepare_menu($operator);
 start_html_output();
 require('../view/canned.php');
-?>
+?>

src/messenger/webim/operator/getcode.php

@@ -25,6 +25,8 @@ require_once('../libs/groups.php');
 require_once('../libs/getcode.php');
 
 $operator = check_login();
+force_password($operator);
+
 loadsettings();
 
 $imageLocales = get_image_locales_map("../locales");

src/messenger/webim/operator/history.php

@@ -26,6 +26,8 @@ require_once('../libs/userinfo.php');
 require_once('../libs/pagination.php');
 
 $operator = check_login();
+force_password($operator);
+
 loadsettings();
 
 setlocale(LC_TIME, getstring("time.locale"));
@@ -68,4 +70,4 @@ if ($query !== false) {
 prepare_menu($operator);
 start_html_output();
 require('../view/thread_search.php');
-?>
+?>

src/messenger/webim/operator/index.php

@@ -23,6 +23,7 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 
 $operator = check_login();
+force_password($operator);
 
 $link = connect();
 loadsettings_($link);

src/messenger/webim/operator/operator.php

@@ -96,6 +96,12 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 		$errors[] = getlocal("no_such_operator");
 		$page['opid'] = topage($opId);
 	} else {
+		//show an error if the admin password hasn't been set yet.
+		if ($operator['vcpassword']==md5('') && !isset($_GET['stored']))
+		{
+			$errors[] = getlocal("my_settings.error.no_password");
+		}
+
 		$page['formlogin'] = topage($op['vclogin']);
 		$page['formname'] = topage($op['vclocalename']);
 		$page['formemail'] = topage($op['vcemail']);

src/messenger/webim/operator/operators.php

@@ -23,6 +23,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 
 $operator = check_login();
+force_password($operator);
+
 
 if (isset($_GET['act']) && $_GET['act'] == 'del') {
 	$operatorid = isset($_GET['id']) ? $_GET['id'] : "";
@@ -68,4 +70,4 @@ setlocale(LC_TIME, getstring("time.locale"));
 prepare_menu($operator);
 start_html_output();
 require('../view/agents.php');
-?>
+?>

src/messenger/webim/operator/settings.php

@@ -24,6 +24,7 @@ require_once('../libs/operator.php');
 require_once('../libs/settings.php');
 
 $operator = check_login();
+force_password($operator);
 
 $page = array('agentId' => '');
 $errors = array();

src/messenger/webim/operator/statistics.php

@@ -24,6 +24,7 @@ require_once('../libs/chat.php');
 require_once('../libs/operator.php');
 
 $operator = check_login();
+force_password($operator);
 
 setlocale(LC_TIME, getstring("time.locale"));
 
@@ -86,4 +87,4 @@ mysql_close($link);
 prepare_menu($operator);
 start_html_output();
 require('../view/statistics.php');
-?>
+?>

src/messenger/webim/operator/translate.php

@@ -119,6 +119,8 @@ function get_auxiliary($s)
 }
 
 $operator = check_login();
+force_password($operator);
+
 
 $source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale);
 $target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale);

src/messenger/webim/operator/updates.php

@@ -24,6 +24,7 @@ require_once('../libs/operator.php');
 require_once('../libs/settings.php');
 
 $operator = check_login();
+force_password($operator);
 
 $default_extensions = array('mysql', 'gd', 'iconv');
 

src/messenger/webim/operator/users.php

@@ -24,6 +24,8 @@ require_once('../libs/operator.php');
 require_once('../libs/groups.php');
 
 $operator = check_login();
+force_password($operator);
+
 $status = isset($_GET['away']) ? 1 : 0;
 
 notify_operator_alive($operator['operatorid'], $status);