From 68f0e13e099dae85790dec2c5b2cff5c81d494ed Mon Sep 17 00:00:00 2001
From: Haynes <haynes@chmods.de>
Date: Wed, 13 Apr 2011 16:44:09 +0200
Subject: [PATCH] This commit forces the User to set a password for the
 Administrator before doing anything else after the installation.

---
 src/messenger/webim/libs/operator.php       | 17 +++++++++++++++++
 src/messenger/webim/locales/de/properties   |  1 +
 src/messenger/webim/locales/en/properties   |  1 +
 src/messenger/webim/operator/canned.php     |  4 +++-
 src/messenger/webim/operator/getcode.php    |  2 ++
 src/messenger/webim/operator/history.php    |  4 +++-
 src/messenger/webim/operator/index.php      |  1 +
 src/messenger/webim/operator/operator.php   |  6 ++++++
 src/messenger/webim/operator/operators.php  |  4 +++-
 src/messenger/webim/operator/settings.php   |  1 +
 src/messenger/webim/operator/statistics.php |  3 ++-
 src/messenger/webim/operator/translate.php  |  2 ++
 src/messenger/webim/operator/updates.php    |  1 +
 src/messenger/webim/operator/users.php      |  2 ++
 14 files changed, 45 insertions(+), 4 deletions(-)

diff --git a/src/messenger/webim/libs/operator.php b/src/messenger/webim/libs/operator.php
index 4f4f3240..ecfed251 100755
--- a/src/messenger/webim/libs/operator.php
+++ b/src/messenger/webim/libs/operator.php
@@ -116,6 +116,12 @@ function update_operator($operatorid, $login, $email, $password, $localename, $c
 
 	perform_query($query, $link);
 	mysql_close($link);
+	// update the session password
+	if (isset($password))
+	{
+		$_SESSION[$mysqlprefix.'operator']['vcpassword']=md5($password);
+	}
+
 }
 
 function update_operator_avatar($operatorid, $avatar)
@@ -235,6 +241,17 @@ function check_login($redirect = true)
 	return $_SESSION["${mysqlprefix}operator"];
 }
 
+// Force the admin to set a password after the installation
+function force_password($operator)
+{
+	global $webimroot;
+	if($operator['vcpassword']==md5(''))
+	{
+		header("Location: $webimroot/operator/operator.php?op=1");
+		exit;
+	}
+}
+
 function get_logged_in()
 {
 	global $mysqlprefix;
diff --git a/src/messenger/webim/locales/de/properties b/src/messenger/webim/locales/de/properties
index 8b3d807e..0f395517 100644
--- a/src/messenger/webim/locales/de/properties
+++ b/src/messenger/webim/locales/de/properties
@@ -212,6 +212,7 @@ menu.translate=Regionalisieren
 menu.updates.content=Auf Nachrichten und Updates prüfen.
 menu.updates=Updates
 my_settings.error.password_match=Die Passwörter stimmen nicht überein
+my_settings.error.no_password=Es ist noch kein Passwort für den Administrator gesetzt
 no_such_operator=Kein solcher Operator
 operator.group.no_description=&lt;keine Beschreibung&gt;
 operator.groups.intro=Wähle Gruppen nach Operator Qualifikation.
diff --git a/src/messenger/webim/locales/en/properties b/src/messenger/webim/locales/en/properties
index 135d4d70..878a2c47 100644
--- a/src/messenger/webim/locales/en/properties
+++ b/src/messenger/webim/locales/en/properties
@@ -236,6 +236,7 @@ menu.profile=Profile
 menu.translate=Localize
 menu.updates.content=Check for news and updates.
 menu.updates=Updates
+my_settings.error.no_password=No Password set for the Administrator
 my_settings.error.password_match=Entered passwords do not match
 no_such_operator=No such operator
 operator.group.no_description=&lt;no description&gt;
diff --git a/src/messenger/webim/operator/canned.php b/src/messenger/webim/operator/canned.php
index 84f5610c..c665ddf0 100644
--- a/src/messenger/webim/operator/canned.php
+++ b/src/messenger/webim/operator/canned.php
@@ -26,6 +26,8 @@ require_once('../libs/groups.php');
 require_once('../libs/pagination.php');
 
 $operator = check_login();
+force_password($operator);
+
 loadsettings();
 
 $errors = array();
@@ -131,4 +133,4 @@ $page['formgroup'] = $groupid;
 prepare_menu($operator);
 start_html_output();
 require('../view/canned.php');
-?>
\ No newline at end of file
+?>
diff --git a/src/messenger/webim/operator/getcode.php b/src/messenger/webim/operator/getcode.php
index 1c738f9e..c8dc3c14 100644
--- a/src/messenger/webim/operator/getcode.php
+++ b/src/messenger/webim/operator/getcode.php
@@ -25,6 +25,8 @@ require_once('../libs/groups.php');
 require_once('../libs/getcode.php');
 
 $operator = check_login();
+force_password($operator);
+
 loadsettings();
 
 $imageLocales = get_image_locales_map("../locales");
diff --git a/src/messenger/webim/operator/history.php b/src/messenger/webim/operator/history.php
index 4dce7b1e..015ce66d 100644
--- a/src/messenger/webim/operator/history.php
+++ b/src/messenger/webim/operator/history.php
@@ -26,6 +26,8 @@ require_once('../libs/userinfo.php');
 require_once('../libs/pagination.php');
 
 $operator = check_login();
+force_password($operator);
+
 loadsettings();
 
 setlocale(LC_TIME, getstring("time.locale"));
@@ -68,4 +70,4 @@ if ($query !== false) {
 prepare_menu($operator);
 start_html_output();
 require('../view/thread_search.php');
-?>
\ No newline at end of file
+?>
diff --git a/src/messenger/webim/operator/index.php b/src/messenger/webim/operator/index.php
index bb2a940a..adbbfba0 100644
--- a/src/messenger/webim/operator/index.php
+++ b/src/messenger/webim/operator/index.php
@@ -23,6 +23,7 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 
 $operator = check_login();
+force_password($operator);
 
 $link = connect();
 loadsettings_($link);
diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php
index 155d764c..cf681141 100644
--- a/src/messenger/webim/operator/operator.php
+++ b/src/messenger/webim/operator/operator.php
@@ -96,6 +96,12 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 		$errors[] = getlocal("no_such_operator");
 		$page['opid'] = topage($opId);
 	} else {
+		//show an error if the admin password hasn't been set yet.
+		if ($operator['vcpassword']==md5('') && !isset($_GET['stored']))
+		{
+			$errors[] = getlocal("my_settings.error.no_password");
+		}
+
 		$page['formlogin'] = topage($op['vclogin']);
 		$page['formname'] = topage($op['vclocalename']);
 		$page['formemail'] = topage($op['vcemail']);
diff --git a/src/messenger/webim/operator/operators.php b/src/messenger/webim/operator/operators.php
index e3288a5d..eeb01e37 100644
--- a/src/messenger/webim/operator/operators.php
+++ b/src/messenger/webim/operator/operators.php
@@ -23,6 +23,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');
 
 $operator = check_login();
+force_password($operator);
+
 
 if (isset($_GET['act']) && $_GET['act'] == 'del') {
 	$operatorid = isset($_GET['id']) ? $_GET['id'] : "";
@@ -68,4 +70,4 @@ setlocale(LC_TIME, getstring("time.locale"));
 prepare_menu($operator);
 start_html_output();
 require('../view/agents.php');
-?>
\ No newline at end of file
+?>
diff --git a/src/messenger/webim/operator/settings.php b/src/messenger/webim/operator/settings.php
index 77025774..894e8d6d 100644
--- a/src/messenger/webim/operator/settings.php
+++ b/src/messenger/webim/operator/settings.php
@@ -24,6 +24,7 @@ require_once('../libs/operator.php');
 require_once('../libs/settings.php');
 
 $operator = check_login();
+force_password($operator);
 
 $page = array('agentId' => '');
 $errors = array();
diff --git a/src/messenger/webim/operator/statistics.php b/src/messenger/webim/operator/statistics.php
index 9d12d506..dc5b0af2 100644
--- a/src/messenger/webim/operator/statistics.php
+++ b/src/messenger/webim/operator/statistics.php
@@ -24,6 +24,7 @@ require_once('../libs/chat.php');
 require_once('../libs/operator.php');
 
 $operator = check_login();
+force_password($operator);
 
 setlocale(LC_TIME, getstring("time.locale"));
 
@@ -86,4 +87,4 @@ mysql_close($link);
 prepare_menu($operator);
 start_html_output();
 require('../view/statistics.php');
-?>
\ No newline at end of file
+?>
diff --git a/src/messenger/webim/operator/translate.php b/src/messenger/webim/operator/translate.php
index 5e271ce6..575d6eb7 100644
--- a/src/messenger/webim/operator/translate.php
+++ b/src/messenger/webim/operator/translate.php
@@ -119,6 +119,8 @@ function get_auxiliary($s)
 }
 
 $operator = check_login();
+force_password($operator);
+
 
 $source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale);
 $target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale);
diff --git a/src/messenger/webim/operator/updates.php b/src/messenger/webim/operator/updates.php
index d36f8f12..63455e0c 100644
--- a/src/messenger/webim/operator/updates.php
+++ b/src/messenger/webim/operator/updates.php
@@ -24,6 +24,7 @@ require_once('../libs/operator.php');
 require_once('../libs/settings.php');
 
 $operator = check_login();
+force_password($operator);
 
 $default_extensions = array('mysql', 'gd', 'iconv');
 
diff --git a/src/messenger/webim/operator/users.php b/src/messenger/webim/operator/users.php
index dba8d1f4..d69d7528 100644
--- a/src/messenger/webim/operator/users.php
+++ b/src/messenger/webim/operator/users.php
@@ -24,6 +24,8 @@ require_once('../libs/operator.php');
 require_once('../libs/groups.php');
 
 $operator = check_login();
+force_password($operator);
+
 $status = isset($_GET['away']) ? 1 : 0;
 
 notify_operator_alive($operator['operatorid'], $status);