add defaultPasswordWarning nag dialog

4 files changed, 48 insertions, 3 deletions

diff --git a/classes/dlg.php b/classes/dlg.php
index 6f22c81e6..9ac5cd12f 100644
--- a/classes/dlg.php
+++ b/classes/dlg.php
@@ -185,4 +185,16 @@ class Dlg extends Handler_Protected {
 		//return;
 	}
 
+	function defaultPasswordWarning() {
+
+    	print_warning(__("You are using default tt-rss password. Please change it in the Preferences (Personal data / Authentication)."));
+
+		print "<div align='center'>";
+		print "<button dojoType=\"dijit.form.Button\" onclick=\"gotoPreferences()\">".
+			__('Open Preferences')."</button> ";
+		print "<button dojoType=\"dijit.form.Button\"
+			onclick=\"return closeInfoBox()\">".
+			__('Close this window')."</button>";
+		print "</div>";
+	}
 }
\ No newline at end of file
diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php
index ff778cbce..03563d8b0 100644
--- a/classes/pref/prefs.php
+++ b/classes/pref/prefs.php
@@ -207,7 +207,7 @@ class Pref_Prefs extends Handler_Protected {
 
 		$email = htmlspecialchars($row["email"]);
 		$full_name = htmlspecialchars($row["full_name"]);
-		$otp_enabled = $row["otp_enabled"];
+		$otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
 
 		print "<tr><td width=\"40%\">".__('Full name')."</td>";
 		print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
@@ -864,7 +864,7 @@ class Pref_Prefs extends Handler_Protected {
 			$base32 = new Base32();
 
 			$login = $row["login"];
-			$otp_enabled = $row["otp_enabled"];
+			$otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
 
 			if (!$otp_enabled) {
 				$secret = $base32->encode(sha1($row["salt"]));
@@ -888,7 +888,7 @@ class Pref_Prefs extends Handler_Protected {
 
 		if ($authenticator->check_password($_SESSION["uid"], $password)) {
 
-			$sth = $this->pdo->prepare("SELECT salt
+			$sth = $this->pdo->query("SELECT salt
 				FROM ttrss_users
 				WHERE id = ?");
 			$sth->execute([$_SESSION['uid']]);
@@ -920,6 +920,16 @@ class Pref_Prefs extends Handler_Protected {
 
 	}
 
+	static function isdefaultpassword() {
+		$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
+
+		if ($authenticator->check_password($_SESSION["uid"], "password")) {
+			return true;
+		}
+
+		return false;
+	}
+
 	function otpdisable() {
 		$password = $_REQUEST["password"];
 
diff --git a/include/functions.php b/include/functions.php
index 531653f93..fc0cdec7c 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1077,6 +1077,7 @@
 		$params["default_view_limit"] = (int) get_pref("_DEFAULT_VIEW_LIMIT");
 		$params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY");
 		$params["bw_limit"] = (int) $_SESSION["bw_limit"];
+		$params["is_default_pw"] = Pref_Prefs::isdefaultpassword();
 		$params["label_base_index"] = (int) LABEL_BASE_INDEX;
 
 		$theme = get_pref( "USER_CSS_THEME", false, false);
diff --git a/js/feedlist.js b/js/feedlist.js
index 887d84453..d9bc0a0c9 100644
--- a/js/feedlist.js
+++ b/js/feedlist.js
@@ -198,6 +198,28 @@ function feedlist_init() {
 
 	hideOrShowFeeds(getInitParam("hide_read_feeds") == 1);
 
+	if (getInitParam("is_default_pw")) {
+		console.warn("user password is at default value");
+
+		var dialog = new dijit.Dialog({
+			title: __("Your password is at default value"),
+			href: "backend.php?op=dlg&method=defaultpasswordwarning",
+			id: 'infoBox',
+			style: "width: 600px",
+			onCancel: function() {
+				return true;
+			},
+			onExecute: function() {
+				return true;
+			},
+			onClose: function() {
+				return true;
+			}
+		});
+
+		dialog.show();
+	}
+
 	// bw_limit disables timeout() so we request initial counters separately
     if (getInitParam("bw_limit") == "1") {
 		request_counters(true);