From b1d924c60af994e48f573c4ed138ec3e51ca78dd Mon Sep 17 00:00:00 2001
From: Evgeny Gryaznov <egryaznov@gmail.com>
Date: Fri, 15 Apr 2011 01:24:33 +0200
Subject: [PATCH] redirect to profile page after first login; informational
 banner when password is blank; do not enforce password change; rename Home ->
 Dashboard

---
 src/messenger/webim/locales/en/properties |  6 ++++--
 src/messenger/webim/operator/index.php    |  2 ++
 src/messenger/webim/operator/login.php    |  8 +++++---
 src/messenger/webim/operator/operator.php | 12 +++++++++++-
 src/messenger/webim/operator/users.php    |  2 ++
 src/messenger/webim/view/agent.php        | 13 +++++++++----
 src/messenger/webim/view/menu.php         |  8 ++++++--
 7 files changed, 39 insertions(+), 12 deletions(-)

diff --git a/src/messenger/webim/locales/en/properties b/src/messenger/webim/locales/en/properties
index 7f917ba4..d11cda56 100644
--- a/src/messenger/webim/locales/en/properties
+++ b/src/messenger/webim/locales/en/properties
@@ -124,6 +124,8 @@ errors.prefix=<li class="error">
 errors.required=Please fill "{0}".  
 errors.suffix=</li>
 errors.wrong_field=Please fill "{0}" correctly.
+error.no_password=This is your first time logging in and your password is blank. For security reasons you have to change it.
+error.no_password.visit_profile=Visit your <a href="{0}">Profile Page</a>.
 features.saved=Features activated
 form.field.address.description=Ex: 12.23.45.123 or todo.com
 form.field.address=Visitor's Address
@@ -512,9 +514,9 @@ time.never=Never
 time.timeformat=%I:%M %p
 time.today.at=Today at
 time.yesterday.at=Yesterday at
-topMenu.admin=Home
+topMenu.admin=Dashboard
 topMenu.logoff=Exit
-topMenu.main=Home
+topMenu.main=Dashboard
 topMenu.users.nomenu=without menu
 topMenu.users=Visitors
 tracked.date=Visit time
diff --git a/src/messenger/webim/operator/index.php b/src/messenger/webim/operator/index.php
index bb2a940a..b4af107c 100644
--- a/src/messenger/webim/operator/index.php
+++ b/src/messenger/webim/operator/index.php
@@ -33,6 +33,8 @@ $page = array(
 	'version' => $version,
 	'localeLinks' => get_locale_links("$webimroot/operator/index.php"),
 	'needUpdate' => $settings['dbversion'] != $dbversion,
+	'needChangePassword' => $operator['vcpassword'] == md5(''),
+	'profilePage' => "$webimroot/operator/operator.php?op=".$operator['operatorid'],
 	'updateWizard' => "$webimroot/install/",
 	'newFeatures' => $settings['featuresversion'] != $featuresversion,
 	'featuresPage' => "$webimroot/operator/features.php",
diff --git a/src/messenger/webim/operator/login.php b/src/messenger/webim/operator/login.php
index 88c31ff7..df202de5 100644
--- a/src/messenger/webim/operator/login.php
+++ b/src/messenger/webim/operator/login.php
@@ -33,9 +33,11 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 	$operator = operator_by_login($login);
 	if ($operator && isset($operator['vcpassword']) && $operator['vcpassword'] == md5($password)) {
 
-		$target = isset($_SESSION['backpath'])
-				? $_SESSION['backpath']
-				: "$webimroot/operator/index.php";
+		$target = $password == ''
+				? "$webimroot/operator/operator.php?op=" . $operator['operatorid']
+				: (isset($_SESSION['backpath'])
+					? $_SESSION['backpath']
+					: "$webimroot/operator/index.php");
 
 		login_operator($operator, $remember);
 		header("Location: $target");
diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php
index 155d764c..00413716 100644
--- a/src/messenger/webim/operator/operator.php
+++ b/src/messenger/webim/operator/operator.php
@@ -77,6 +77,15 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 			exit;
 		} else {
 			update_operator($opId, $login, $email, $password, $localname, $commonname);
+			// update the session password
+			if (isset($password) && $opId == $operator['operatorid']) {
+				$toDashboard = $operator['vcpassword'] == md5('') && $password != '';
+				$_SESSION["${mysqlprefix}operator"]['vcpassword'] = md5($password);
+				if($toDashboard) {
+					header("Location: $webimroot/operator/index.php");
+					exit;
+				}
+			}
 			header("Location: $webimroot/operator/operator.php?op=$opId&stored");
 			exit;
 		}
@@ -113,9 +122,10 @@ $canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile,
 
 $page['stored'] = isset($_GET['stored']);
 $page['canmodify'] = $canmodify ? "1" : "";
+$page['needChangePassword'] = $operator['vcpassword'] == md5('');
 
 prepare_menu($operator);
 setup_operator_settings_tabs($opId, 0);
 start_html_output();
 require('../view/agent.php');
-?>
\ No newline at end of file
+?>
diff --git a/src/messenger/webim/operator/users.php b/src/messenger/webim/operator/users.php
index 97160e24..c73fb037 100644
--- a/src/messenger/webim/operator/users.php
+++ b/src/messenger/webim/operator/users.php
@@ -24,6 +24,8 @@ require_once('../libs/operator.php');
 require_once('../libs/groups.php');
 
 $operator = check_login();
+force_password($operator);
+
 $status = isset($_GET['away']) ? 1 : 0;
 
 notify_operator_alive($operator['operatorid'], $status);
diff --git a/src/messenger/webim/view/agent.php b/src/messenger/webim/view/agent.php
index 056d0aea..23912f81 100644
--- a/src/messenger/webim/view/agent.php
+++ b/src/messenger/webim/view/agent.php
@@ -39,15 +39,20 @@ function tpl_content() { global $page, $webimroot, $errors;
 <?php 
 require_once('inc_errors.php');
 ?>
-<?php if( $page['stored'] ) { ?>
+<?php if( $page['needChangePassword'] ) { ?>
+<div id="formmessage"><?php echo getlocal("error.no_password") ?></div>
+<br/>
+<?php } else if( $page['stored'] ) { ?>
 <div id="formmessage"><?php echo getlocal("data.saved") ?></div>
 <?php } ?>
 
+
+
 <?php if( $page['opid'] || $page['canmodify'] ) { ?>
 <form name="agentForm" method="post" action="<?php echo $webimroot ?>/operator/operator.php">
 <input type="hidden" name="opid" value="<?php echo $page['opid'] ?>"/>
 	<div>
-<?php print_tabbar(); ?>
+<?php if(!$page['needChangePassword']) { print_tabbar(); } ?>
 	<div class="mform"><div class="formtop"><div class="formtopi"></div></div><div class="forminner">
 
 	<div class="fieldForm">
@@ -70,7 +75,7 @@ require_once('inc_errors.php');
 		</div>
 
 		<div class="field">
-			<div class="flabel"><?php echo getlocal('form.field.password') ?><?php if( !$page['opid'] ) { ?><span class="required">*</span><?php } ?></div>
+			<div class="flabel"><?php echo getlocal('form.field.password') ?><?php if( !$page['opid'] || $page['needChangePassword'] ) { ?><span class="required">*</span><?php } ?></div>
 			<div class="fvalue">
 				<input type="password" name="password" size="40" value="" class="formauth"<?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
 			</div>
@@ -79,7 +84,7 @@ require_once('inc_errors.php');
 		</div>
 
 		<div class="field">
-			<div class="flabel"><?php echo getlocal('form.field.password_confirm') ?><?php if( !$page['opid'] ) { ?><span class="required">*</span><?php } ?></div>
+			<div class="flabel"><?php echo getlocal('form.field.password_confirm') ?><?php if( !$page['opid'] || $page['needChangePassword'] ) { ?><span class="required">*</span><?php } ?></div>
 			<div class="fvalue">
 				<input type="password" name="passwordConfirm" size="40" value="" class="formauth"<?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
 			</div>
diff --git a/src/messenger/webim/view/menu.php b/src/messenger/webim/view/menu.php
index f907b794..3441ed47 100644
--- a/src/messenger/webim/view/menu.php
+++ b/src/messenger/webim/view/menu.php
@@ -41,8 +41,12 @@ function menuseparator() {
 function tpl_content() { global $page, $webimroot, $current_locale, $menuItemsCount, $version;
 ?>
 
-<br/>   
-<?php if( $page['needUpdate'] ) { ?>
+<br/>
+
+<?php if( $page['needChangePassword'] ) { ?>
+<div id="formmessage"><?php echo getlocal("error.no_password") ?> <?php echo getlocal2("error.no_password.visit_profile", array($page['profilePage'])) ?></div>
+<br/>
+<?php } else if( $page['needUpdate'] ) { ?>
 <div id="formmessage"><?php echo getlocal2("install.updatedb",array($page['updateWizard'])) ?></div>
 <br/>
 <?php } else if($page['newFeatures']) { ?>