Browse Source

add defaultPasswordWarning nag dialog

Andrew Dolgov 1 year ago
parent
commit
7c0eb1b621
4 changed files with 48 additions and 3 deletions
  1. 12 0
      classes/dlg.php
  2. 13 3
      classes/pref/prefs.php
  3. 1 0
      include/functions.php
  4. 22 0
      js/feedlist.js

+ 12 - 0
classes/dlg.php

@@ -185,4 +185,16 @@ class Dlg extends Handler_Protected {
 		//return;
 	}
 
+	function defaultPasswordWarning() {
+
+    	print_warning(__("You are using default tt-rss password. Please change it in the Preferences (Personal data / Authentication)."));
+
+		print "<div align='center'>";
+		print "<button dojoType=\"dijit.form.Button\" onclick=\"gotoPreferences()\">".
+			__('Open Preferences')."</button> ";
+		print "<button dojoType=\"dijit.form.Button\"
+			onclick=\"return closeInfoBox()\">".
+			__('Close this window')."</button>";
+		print "</div>";
+	}
 }

+ 13 - 3
classes/pref/prefs.php

@@ -207,7 +207,7 @@ class Pref_Prefs extends Handler_Protected {
 
 		$email = htmlspecialchars($row["email"]);
 		$full_name = htmlspecialchars($row["full_name"]);
-		$otp_enabled = $row["otp_enabled"];
+		$otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
 
 		print "<tr><td width=\"40%\">".__('Full name')."</td>";
 		print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
@@ -864,7 +864,7 @@ class Pref_Prefs extends Handler_Protected {
 			$base32 = new Base32();
 
 			$login = $row["login"];
-			$otp_enabled = $row["otp_enabled"];
+			$otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
 
 			if (!$otp_enabled) {
 				$secret = $base32->encode(sha1($row["salt"]));
@@ -888,7 +888,7 @@ class Pref_Prefs extends Handler_Protected {
 
 		if ($authenticator->check_password($_SESSION["uid"], $password)) {
 
-			$sth = $this->pdo->prepare("SELECT salt
+			$sth = $this->pdo->query("SELECT salt
 				FROM ttrss_users
 				WHERE id = ?");
 			$sth->execute([$_SESSION['uid']]);
@@ -920,6 +920,16 @@ class Pref_Prefs extends Handler_Protected {
 
 	}
 
+	static function isdefaultpassword() {
+		$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
+
+		if ($authenticator->check_password($_SESSION["uid"], "password")) {
+			return true;
+		}
+
+		return false;
+	}
+
 	function otpdisable() {
 		$password = $_REQUEST["password"];
 

+ 1 - 0
include/functions.php

@@ -1077,6 +1077,7 @@
 		$params["default_view_limit"] = (int) get_pref("_DEFAULT_VIEW_LIMIT");
 		$params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY");
 		$params["bw_limit"] = (int) $_SESSION["bw_limit"];
+		$params["is_default_pw"] = Pref_Prefs::isdefaultpassword();
 		$params["label_base_index"] = (int) LABEL_BASE_INDEX;
 
 		$theme = get_pref( "USER_CSS_THEME", false, false);

+ 22 - 0
js/feedlist.js

@@ -198,6 +198,28 @@ function feedlist_init() {
 
 	hideOrShowFeeds(getInitParam("hide_read_feeds") == 1);
 
+	if (getInitParam("is_default_pw")) {
+		console.warn("user password is at default value");
+
+		var dialog = new dijit.Dialog({
+			title: __("Your password is at default value"),
+			href: "backend.php?op=dlg&method=defaultpasswordwarning",
+			id: 'infoBox',
+			style: "width: 600px",
+			onCancel: function() {
+				return true;
+			},
+			onExecute: function() {
+				return true;
+			},
+			onClose: function() {
+				return true;
+			}
+		});
+
+		dialog.show();
+	}
+
 	// bw_limit disables timeout() so we request initial counters separately
     if (getInitParam("bw_limit") == "1") {
 		request_counters(true);