add defaultPasswordWarning nag dialog

This commit is contained in:
Andrew Dolgov 2017-12-03 20:46:27 +03:00
parent 31e2811a63
commit 7c0eb1b621
4 changed files with 48 additions and 3 deletions

View file

@ -185,4 +185,16 @@ class Dlg extends Handler_Protected {
//return; //return;
} }
function defaultPasswordWarning() {
print_warning(__("You are using default tt-rss password. Please change it in the Preferences (Personal data / Authentication)."));
print "<div align='center'>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"gotoPreferences()\">".
__('Open Preferences')."</button> ";
print "<button dojoType=\"dijit.form.Button\"
onclick=\"return closeInfoBox()\">".
__('Close this window')."</button>";
print "</div>";
}
} }

View file

@ -207,7 +207,7 @@ class Pref_Prefs extends Handler_Protected {
$email = htmlspecialchars($row["email"]); $email = htmlspecialchars($row["email"]);
$full_name = htmlspecialchars($row["full_name"]); $full_name = htmlspecialchars($row["full_name"]);
$otp_enabled = $row["otp_enabled"]; $otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
print "<tr><td width=\"40%\">".__('Full name')."</td>"; print "<tr><td width=\"40%\">".__('Full name')."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\" print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
@ -864,7 +864,7 @@ class Pref_Prefs extends Handler_Protected {
$base32 = new Base32(); $base32 = new Base32();
$login = $row["login"]; $login = $row["login"];
$otp_enabled = $row["otp_enabled"]; $otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
if (!$otp_enabled) { if (!$otp_enabled) {
$secret = $base32->encode(sha1($row["salt"])); $secret = $base32->encode(sha1($row["salt"]));
@ -888,7 +888,7 @@ class Pref_Prefs extends Handler_Protected {
if ($authenticator->check_password($_SESSION["uid"], $password)) { if ($authenticator->check_password($_SESSION["uid"], $password)) {
$sth = $this->pdo->prepare("SELECT salt $sth = $this->pdo->query("SELECT salt
FROM ttrss_users FROM ttrss_users
WHERE id = ?"); WHERE id = ?");
$sth->execute([$_SESSION['uid']]); $sth->execute([$_SESSION['uid']]);
@ -920,6 +920,16 @@ class Pref_Prefs extends Handler_Protected {
} }
static function isdefaultpassword() {
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
if ($authenticator->check_password($_SESSION["uid"], "password")) {
return true;
}
return false;
}
function otpdisable() { function otpdisable() {
$password = $_REQUEST["password"]; $password = $_REQUEST["password"];

View file

@ -1077,6 +1077,7 @@
$params["default_view_limit"] = (int) get_pref("_DEFAULT_VIEW_LIMIT"); $params["default_view_limit"] = (int) get_pref("_DEFAULT_VIEW_LIMIT");
$params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY"); $params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY");
$params["bw_limit"] = (int) $_SESSION["bw_limit"]; $params["bw_limit"] = (int) $_SESSION["bw_limit"];
$params["is_default_pw"] = Pref_Prefs::isdefaultpassword();
$params["label_base_index"] = (int) LABEL_BASE_INDEX; $params["label_base_index"] = (int) LABEL_BASE_INDEX;
$theme = get_pref( "USER_CSS_THEME", false, false); $theme = get_pref( "USER_CSS_THEME", false, false);

View file

@ -198,6 +198,28 @@ function feedlist_init() {
hideOrShowFeeds(getInitParam("hide_read_feeds") == 1); hideOrShowFeeds(getInitParam("hide_read_feeds") == 1);
if (getInitParam("is_default_pw")) {
console.warn("user password is at default value");
var dialog = new dijit.Dialog({
title: __("Your password is at default value"),
href: "backend.php?op=dlg&method=defaultpasswordwarning",
id: 'infoBox',
style: "width: 600px",
onCancel: function() {
return true;
},
onExecute: function() {
return true;
},
onClose: function() {
return true;
}
});
dialog.show();
}
// bw_limit disables timeout() so we request initial counters separately // bw_limit disables timeout() so we request initial counters separately
if (getInitParam("bw_limit") == "1") { if (getInitParam("bw_limit") == "1") {
request_counters(true); request_counters(true);