From aee46f9e2af8282b395dc15f3e4e16307ca21224 Mon Sep 17 00:00:00 2001
From: Haynes <haynes@chmods.de>
Date: Wed, 13 Apr 2011 16:44:09 +0200
Subject: [PATCH] This commit forces the User to set a password for the
 Administrator before doing anything else after the installation.

---
 src/messenger/webim/libs/operator.php          | 17 +++++++++++++++++
 src/messenger/webim/locales/de/properties      |  1 +
 src/messenger/webim/locales/en/properties      |  1 +
 src/messenger/webim/operator/canned.php        |  2 ++
 src/messenger/webim/operator/getcode.php       |  2 ++
 src/messenger/webim/operator/history.php       |  2 ++
 src/messenger/webim/operator/index.php         |  1 +
 src/messenger/webim/operator/notifications.php |  2 ++
 src/messenger/webim/operator/operator.php      |  6 ++++++
 src/messenger/webim/operator/operators.php     |  2 ++
 src/messenger/webim/operator/settings.php      |  1 +
 src/messenger/webim/operator/statistics.php    |  1 +
 src/messenger/webim/operator/translate.php     |  2 ++
 src/messenger/webim/operator/updates.php       |  1 +
 src/messenger/webim/operator/users.php         |  2 ++
 15 files changed, 43 insertions(+)

diff --git a/src/messenger/webim/libs/operator.php b/src/messenger/webim/libs/operator.php
index 9fb9f2c5..46591e64 100755
--- a/src/messenger/webim/libs/operator.php
+++ b/src/messenger/webim/libs/operator.php
@@ -117,6 +117,12 @@ function update_operator($operatorid, $login, $email, $jabber, $password, $local
 
 	perform_query($query, $link);
 	mysql_close($link);
+	// update the session password
+	if (isset($password))
+	{
+		$_SESSION[$mysqlprefix.'operator']['vcpassword']=md5($password);
+	}
+
 }
 
 function update_operator_avatar($operatorid, $avatar)
@@ -238,6 +244,17 @@ function check_login($redirect = true)
 	return $_SESSION["${mysqlprefix}operator"];
 }
 
+// Force the admin to set a password after the installation
+function force_password($operator)
+{
+	global $webimroot;
+	if($operator['vcpassword']==md5(''))
+	{
+		header("Location: $webimroot/operator/operator.php?op=1");
+		exit;
+	}
+}
+
 function get_logged_in()
 {
 	global $mysqlprefix;
diff --git a/src/messenger/webim/locales/de/properties b/src/messenger/webim/locales/de/properties
index 8b3d807e..0f395517 100644
--- a/src/messenger/webim/locales/de/properties
+++ b/src/messenger/webim/locales/de/properties
@@ -212,6 +212,7 @@ menu.translate=Regionalisieren
 menu.updates.content=Auf Nachrichten und Updates prüfen.
 menu.updates=Updates
 my_settings.error.password_match=Die Passwörter stimmen nicht überein
+my_settings.error.no_password=Es ist noch kein Passwort für den Administrator gesetzt
 no_such_operator=Kein solcher Operator
 operator.group.no_description=&lt;keine Beschreibung&gt;
 operator.groups.intro=Wähle Gruppen nach Operator Qualifikation.
diff --git a/src/messenger/webim/locales/en/properties b/src/messenger/webim/locales/en/properties
index 21db0a24..c9bcd360 100644
--- a/src/messenger/webim/locales/en/properties
+++ b/src/messenger/webim/locales/en/properties
@@ -242,6 +242,7 @@ menu.profile=Profile
 menu.translate=Localize
 menu.updates.content=Check for news and updates.
 menu.updates=Updates
+my_settings.error.no_password=No Password set for the Administrator
 my_settings.error.password_match=Entered passwords do not match
 no_such_operator=No such operator
 notification.back_to_list=Back to the list
diff --git a/src/messenger/webim/operator/canned.php b/src/messenger/webim/operator/canned.php
index 9d9f7886..c665ddf0 100644
--- a/src/messenger/webim/operator/canned.php
+++ b/src/messenger/webim/operator/canned.php
@@ -26,6 +26,8 @@ require_once('../libs/groups.php');
 require_once('../libs/pagination.php');
 
 $operator = check_login();
+force_password($operator);
+
 loadsettings();
 
 $errors = array();
diff --git a/src/messenger/webim/operator/getcode.php b/src/messenger/webim/operator/getcode.php
index 27446db7..943b8309 100644
--- a/src/messenger/webim/operator/getcode.php
+++ b/src/messenger/webim/operator/getcode.php
@@ -25,6 +25,8 @@ require_once('../libs/groups.php');
 require_once('../libs/getcode.php');
 
 $operator = check_login();
+force_password($operator);
+
 loadsettings();
 
 $imageLocales = get_image_locales_map("../locales");
diff --git a/src/messenger/webim/operator/history.php b/src/messenger/webim/operator/history.php
index 0f0e6b8b..015ce66d 100644
--- a/src/messenger/webim/operator/history.php
+++ b/src/messenger/webim/operator/history.php
@@ -26,6 +26,8 @@ require_once('../libs/userinfo.php');
 require_once('../libs/pagination.php');
 
 $operator = check_login();
+force_password($operator);
+
 loadsettings();
 
 setlocale(LC_TIME, getstring("time.locale"));
diff --git a/src/messenger/webim/operator/index.php b/src/messenger/webim/operator/index.php
index bb2a940a..adbbfba0 100644
--- a/src/messenger/webim/operator/index.php
+++ b/src/messenger/webim/operator/index.php
@@ -23,6 +23,7 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 
 $operator = check_login();
+force_password($operator);
 
 $link = connect();
 loadsettings_($link);
diff --git a/src/messenger/webim/operator/notifications.php b/src/messenger/webim/operator/notifications.php
index cb9ebc9b..2d678995 100644
--- a/src/messenger/webim/operator/notifications.php
+++ b/src/messenger/webim/operator/notifications.php
@@ -25,6 +25,8 @@ require_once('../libs/operator.php');
 require_once('../libs/pagination.php');
 
 $operator = check_login();
+force_password($operator);
+
 $page = array();
 $errors = array();
 
diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php
index fda2479b..4efb6776 100644
--- a/src/messenger/webim/operator/operator.php
+++ b/src/messenger/webim/operator/operator.php
@@ -112,6 +112,12 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 		$errors[] = getlocal("no_such_operator");
 		$page['opid'] = topage($opId);
 	} else {
+		//show an error if the admin password hasn't been set yet.
+		if ($operator['vcpassword']==md5('') && !isset($_GET['stored']))
+		{
+			$errors[] = getlocal("my_settings.error.no_password");
+		}
+
 		$page['formlogin'] = topage($op['vclogin']);
 		$page['formname'] = topage($op['vclocalename']);
 		$page['formemail'] = topage($op['vcemail']);
diff --git a/src/messenger/webim/operator/operators.php b/src/messenger/webim/operator/operators.php
index b73d976f..eeb01e37 100644
--- a/src/messenger/webim/operator/operators.php
+++ b/src/messenger/webim/operator/operators.php
@@ -23,6 +23,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 
 $operator = check_login();
+force_password($operator);
+
 
 if (isset($_GET['act']) && $_GET['act'] == 'del') {
 	$operatorid = isset($_GET['id']) ? $_GET['id'] : "";
diff --git a/src/messenger/webim/operator/settings.php b/src/messenger/webim/operator/settings.php
index 77025774..894e8d6d 100644
--- a/src/messenger/webim/operator/settings.php
+++ b/src/messenger/webim/operator/settings.php
@@ -24,6 +24,7 @@ require_once('../libs/operator.php');
 require_once('../libs/settings.php');
 
 $operator = check_login();
+force_password($operator);
 
 $page = array('agentId' => '');
 $errors = array();
diff --git a/src/messenger/webim/operator/statistics.php b/src/messenger/webim/operator/statistics.php
index f2c1add5..dc5b0af2 100644
--- a/src/messenger/webim/operator/statistics.php
+++ b/src/messenger/webim/operator/statistics.php
@@ -24,6 +24,7 @@ require_once('../libs/chat.php');
 require_once('../libs/operator.php');
 
 $operator = check_login();
+force_password($operator);
 
 setlocale(LC_TIME, getstring("time.locale"));
 
diff --git a/src/messenger/webim/operator/translate.php b/src/messenger/webim/operator/translate.php
index 5e271ce6..575d6eb7 100644
--- a/src/messenger/webim/operator/translate.php
+++ b/src/messenger/webim/operator/translate.php
@@ -119,6 +119,8 @@ function get_auxiliary($s)
 }
 
 $operator = check_login();
+force_password($operator);
+
 
 $source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale);
 $target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale);
diff --git a/src/messenger/webim/operator/updates.php b/src/messenger/webim/operator/updates.php
index d36f8f12..63455e0c 100644
--- a/src/messenger/webim/operator/updates.php
+++ b/src/messenger/webim/operator/updates.php
@@ -24,6 +24,7 @@ require_once('../libs/operator.php');
 require_once('../libs/settings.php');
 
 $operator = check_login();
+force_password($operator);
 
 $default_extensions = array('mysql', 'gd', 'iconv');
 
diff --git a/src/messenger/webim/operator/users.php b/src/messenger/webim/operator/users.php
index dba8d1f4..d69d7528 100644
--- a/src/messenger/webim/operator/users.php
+++ b/src/messenger/webim/operator/users.php
@@ -24,6 +24,8 @@ require_once('../libs/operator.php');
 require_once('../libs/groups.php');
 
 $operator = check_login();
+force_password($operator);
+
 $status = isset($_GET['away']) ? 1 : 0;
 
 notify_operator_alive($operator['operatorid'], $status);