This commit forces the User to set a password for the Administrator before doing anything else after the installation.

2025-01-22 17:40:35 +03:00 · 2011-04-13 16:44:09 +02:00 · 2011-04-13 16:44:09 +02:00 · 68f0e13e09
commit 68f0e13e09
parent 5bba5ed824
14 changed files with 45 additions and 4 deletions
--- a/src/messenger/webim/libs/operator.php
+++ b/src/messenger/webim/libs/operator.php
@ -116,6 +116,12 @@ function update_operator($operatorid, $login, $email, $password, $localename, $c

 	perform_query($query, $link);
 	mysql_close($link);
+	// update the session password
+	if (isset($password))
+	{
+		$_SESSION[$mysqlprefix.'operator']['vcpassword']=md5($password);
+	}
+
 }

 function update_operator_avatar($operatorid, $avatar)
@ -235,6 +241,17 @@ function check_login($redirect = true)
 	return $_SESSION["${mysqlprefix}operator"];
 }

+// Force the admin to set a password after the installation
+function force_password($operator)
+{
+	global $webimroot;
+	if($operator['vcpassword']==md5(''))
+	{
+		header("Location: $webimroot/operator/operator.php?op=1");
+		exit;
+	}
+}
+
 function get_logged_in()
 {
 	global $mysqlprefix;
--- a/src/messenger/webim/locales/de/properties
+++ b/src/messenger/webim/locales/de/properties
@ -212,6 +212,7 @@ menu.translate=Regionalisieren
 menu.updates.content=Auf Nachrichten und Updates prüfen.
 menu.updates=Updates
 my_settings.error.password_match=Die Passwörter stimmen nicht überein
+my_settings.error.no_password=Es ist noch kein Passwort für den Administrator gesetzt
 no_such_operator=Kein solcher Operator
 operator.group.no_description=&lt;keine Beschreibung&gt;
 operator.groups.intro=Wähle Gruppen nach Operator Qualifikation.
--- a/src/messenger/webim/locales/en/properties
+++ b/src/messenger/webim/locales/en/properties
@ -236,6 +236,7 @@ menu.profile=Profile
 menu.translate=Localize
 menu.updates.content=Check for news and updates.
 menu.updates=Updates
+my_settings.error.no_password=No Password set for the Administrator
 my_settings.error.password_match=Entered passwords do not match
 no_such_operator=No such operator
 operator.group.no_description=&lt;no description&gt;
--- a/src/messenger/webim/operator/canned.php
+++ b/src/messenger/webim/operator/canned.php
@ -26,6 +26,8 @@ require_once('../libs/groups.php');
 require_once('../libs/pagination.php');

 $operator = check_login();
+force_password($operator);
+
 loadsettings();

 $errors = array();
--- a/src/messenger/webim/operator/getcode.php
+++ b/src/messenger/webim/operator/getcode.php
@ -25,6 +25,8 @@ require_once('../libs/groups.php');
 require_once('../libs/getcode.php');

 $operator = check_login();
+force_password($operator);
+
 loadsettings();

 $imageLocales = get_image_locales_map("../locales");
--- a/src/messenger/webim/operator/history.php
+++ b/src/messenger/webim/operator/history.php
@ -26,6 +26,8 @@ require_once('../libs/userinfo.php');
 require_once('../libs/pagination.php');

 $operator = check_login();
+force_password($operator);
+
 loadsettings();

 setlocale(LC_TIME, getstring("time.locale"));
--- a/src/messenger/webim/operator/index.php
+++ b/src/messenger/webim/operator/index.php
@ -23,6 +23,7 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');

 $operator = check_login();
+force_password($operator);

 $link = connect();
 loadsettings_($link);
--- a/src/messenger/webim/operator/operator.php
+++ b/src/messenger/webim/operator/operator.php
@ -96,6 +96,12 @@ if (isset($_POST['login']) && isset($_POST['password'])) {
 		$errors[] = getlocal("no_such_operator");
 		$page['opid'] = topage($opId);
 	} else {
+		//show an error if the admin password hasn't been set yet.
+		if ($operator['vcpassword']==md5('') && !isset($_GET['stored']))
+		{
+			$errors[] = getlocal("my_settings.error.no_password");
+		}
+
 		$page['formlogin'] = topage($op['vclogin']);
 		$page['formname'] = topage($op['vclocalename']);
 		$page['formemail'] = topage($op['vcemail']);
--- a/src/messenger/webim/operator/operators.php
+++ b/src/messenger/webim/operator/operators.php
@ -23,6 +23,8 @@ require_once('../libs/common.php');
 require_once('../libs/operator.php');

 $operator = check_login();
+force_password($operator);
+

 if (isset($_GET['act']) && $_GET['act'] == 'del') {
 	$operatorid = isset($_GET['id']) ? $_GET['id'] : "";
--- a/src/messenger/webim/operator/settings.php
+++ b/src/messenger/webim/operator/settings.php
@ -24,6 +24,7 @@ require_once('../libs/operator.php');
 require_once('../libs/settings.php');

 $operator = check_login();
+force_password($operator);

 $page = array('agentId' => '');
 $errors = array();
--- a/src/messenger/webim/operator/statistics.php
+++ b/src/messenger/webim/operator/statistics.php
@ -24,6 +24,7 @@ require_once('../libs/chat.php');
 require_once('../libs/operator.php');

 $operator = check_login();
+force_password($operator);

 setlocale(LC_TIME, getstring("time.locale"));

--- a/src/messenger/webim/operator/translate.php
+++ b/src/messenger/webim/operator/translate.php
@ -119,6 +119,8 @@ function get_auxiliary($s)
 }

 $operator = check_login();
+force_password($operator);
+

 $source = verifyparam("source", "/^[\w-]{2,5}$/", $default_locale);
 $target = verifyparam("target", "/^[\w-]{2,5}$/", $current_locale);
--- a/src/messenger/webim/operator/updates.php
+++ b/src/messenger/webim/operator/updates.php
@ -24,6 +24,7 @@ require_once('../libs/operator.php');
 require_once('../libs/settings.php');

 $operator = check_login();
+force_password($operator);

 $default_extensions = array('mysql', 'gd', 'iconv');

--- a/src/messenger/webim/operator/users.php
+++ b/src/messenger/webim/operator/users.php
@ -24,6 +24,8 @@ require_once('../libs/operator.php');
 require_once('../libs/groups.php');

 $operator = check_login();
+force_password($operator);
+
 $status = isset($_GET['away']) ? 1 : 0;

 notify_operator_alive($operator['operatorid'], $status);