From e78a250c822da2678b9275bfca88a345a4a41fcc Mon Sep 17 00:00:00 2001
From: "Fedor A. Fetisov" <faf@ossg.ru>
Date: Wed, 26 Nov 2014 00:40:42 +0300
Subject: [PATCH 1/2] Disable login changes

---
 src/mibew/operator/operator.php | 16 ++++++++++++++--
 src/mibew/view/agent.php        |  2 +-
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/mibew/operator/operator.php b/src/mibew/operator/operator.php
index 57df2b50..77a80d88 100644
--- a/src/mibew/operator/operator.php
+++ b/src/mibew/operator/operator.php
@@ -29,9 +29,21 @@ $errors = array();
 $opId = '';
 
 loadsettings();
-if (isset($_POST['login']) && isset($_POST['password'])) {
+if ((isset($_POST['opid']) || isset($_POST['login'])) && isset($_POST['password'])) {
 	$opId = verifyparam("opid", "/^(\d{1,10})?$/", "");
-	$login = getparam('login');
+	if ($opId) {
+	    $given_operator = operator_by_id($opId);
+	    if (!$given_operator) {
+		$errors[] = getlocal("no_such_operator");
+		$login = '';
+	    }
+	    else {
+		$login = $given_operator['vclogin'];
+	    }
+	}
+	else {
+	    $login = getparam('login');
+	}
 	$email = getparam('email');
 	$jabber = getparam('jabber');
 	$password = getparam('password');
diff --git a/src/mibew/view/agent.php b/src/mibew/view/agent.php
index 7814a1ae..14e0495c 100644
--- a/src/mibew/view/agent.php
+++ b/src/mibew/view/agent.php
@@ -62,7 +62,7 @@ require_once('inc_errors.php');
 		<div class="field">
 			<div class="flabel"><?php echo getlocal('form.field.login') ?><span class="required">*</span></div>
 			<div class="fvalue">
-				<input type="text" name="login" size="40" value="<?php echo form_value('login') ?>" class="formauth"<?php echo $page['canmodify'] ? "" : " disabled=\"disabled\"" ?>/>
+				<input type="text" name="login" size="40" value="<?php echo form_value('login') ?>" class="formauth"<?php echo $page['canmodify'] && !$page['opid'] ? "" : " disabled=\"disabled\"" ?>/>
 			</div>
 			<div class="fdescr"> &mdash; <?php echo getlocal('form.field.login.description') ?></div>
 			<br clear="all"/>

From fbaefff37dc2e2a92ab2d50901670f7d62d3a6a6 Mon Sep 17 00:00:00 2001
From: "Fedor A. Fetisov" <faf@ossg.ru>
Date: Wed, 26 Nov 2014 00:54:14 +0300
Subject: [PATCH 2/2] Fix possible use of undefined variable

---
 src/mibew/operator/operators.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/mibew/operator/operators.php b/src/mibew/operator/operators.php
index f940f488..49ed4667 100644
--- a/src/mibew/operator/operators.php
+++ b/src/mibew/operator/operators.php
@@ -24,6 +24,8 @@ $operator = check_login();
 csrfchecktoken();
 check_permissions($operator, $can_administrate);
 
+$errors = array();
+
 if (isset($_GET['act']) && $_GET['act'] == 'del') {
 	$operatorid = isset($_GET['id']) ? $_GET['id'] : "";