From 7c0eb1b6210a019926ec69179c81d545ac865b64 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sun, 3 Dec 2017 20:46:27 +0300
Subject: add defaultPasswordWarning nag dialog

---
 classes/pref/prefs.php | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

(limited to 'classes/pref/prefs.php')

diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php
index ff778cbce..03563d8b0 100644
--- a/classes/pref/prefs.php
+++ b/classes/pref/prefs.php
@@ -207,7 +207,7 @@ class Pref_Prefs extends Handler_Protected {
 
 		$email = htmlspecialchars($row["email"]);
 		$full_name = htmlspecialchars($row["full_name"]);
-		$otp_enabled = $row["otp_enabled"];
+		$otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
 
 		print "<tr><td width=\"40%\">".__('Full name')."</td>";
 		print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
@@ -864,7 +864,7 @@ class Pref_Prefs extends Handler_Protected {
 			$base32 = new Base32();
 
 			$login = $row["login"];
-			$otp_enabled = $row["otp_enabled"];
+			$otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
 
 			if (!$otp_enabled) {
 				$secret = $base32->encode(sha1($row["salt"]));
@@ -888,7 +888,7 @@ class Pref_Prefs extends Handler_Protected {
 
 		if ($authenticator->check_password($_SESSION["uid"], $password)) {
 
-			$sth = $this->pdo->prepare("SELECT salt
+			$sth = $this->pdo->query("SELECT salt
 				FROM ttrss_users
 				WHERE id = ?");
 			$sth->execute([$_SESSION['uid']]);
@@ -920,6 +920,16 @@ class Pref_Prefs extends Handler_Protected {
 
 	}
 
+	static function isdefaultpassword() {
+		$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
+
+		if ($authenticator->check_password($_SESSION["uid"], "password")) {
+			return true;
+		}
+
+		return false;
+	}
+
 	function otpdisable() {
 		$password = $_REQUEST["password"];
 
-- 
cgit v1.2.3