add defaultPasswordWarning nag dialog

diff --git a/classes/dlg.php b/classes/dlg.php
index 6f22c81e6f147f227c2eb54d30f6bd767779e2b1..9ac5cd12fef16f8a1bcec52a7ab24edec59aa239 100644 (file)
--- a/classes/dlg.php
+++ b/classes/dlg.php
@@ -185,4 +185,16 @@ class Dlg extends Handler_Protected {
                //return;
        }
 
+       function defaultPasswordWarning() {
+
+       print_warning(__("You are using default tt-rss password. Please change it in the Preferences (Personal data / Authentication)."));
+
+               print "<div align='center'>";
+               print "<button dojoType=\"dijit.form.Button\" onclick=\"gotoPreferences()\">".
+                       __('Open Preferences')."</button> ";
+               print "<button dojoType=\"dijit.form.Button\"
+                       onclick=\"return closeInfoBox()\">".
+                       __('Close this window')."</button>";
+               print "</div>";
+       }
 }
\ No newline at end of file

diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php
index ff778cbceac6fcdf7e595614e3d25a31c7c61912..03563d8b093d220058d70a5884eb25d34d44d4a4 100644 (file)
--- a/classes/pref/prefs.php
+++ b/classes/pref/prefs.php
@@ -207,7 +207,7 @@ class Pref_Prefs extends Handler_Protected {
 
                $email = htmlspecialchars($row["email"]);
                $full_name = htmlspecialchars($row["full_name"]);
-               $otp_enabled = $row["otp_enabled"];
+               $otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
 
                print "<tr><td width=\"40%\">".__('Full name')."</td>";
                print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
@@ -864,7 +864,7 @@ class Pref_Prefs extends Handler_Protected {
                        $base32 = new Base32();
 
                        $login = $row["login"];
-                       $otp_enabled = $row["otp_enabled"];
+                       $otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
 
                        if (!$otp_enabled) {
                                $secret = $base32->encode(sha1($row["salt"]));
@@ -888,7 +888,7 @@ class Pref_Prefs extends Handler_Protected {
 
                if ($authenticator->check_password($_SESSION["uid"], $password)) {
 
-                       $sth = $this->pdo->prepare("SELECT salt
+                       $sth = $this->pdo->query("SELECT salt
                                FROM ttrss_users
                                WHERE id = ?");
                        $sth->execute([$_SESSION['uid']]);
@@ -920,6 +920,16 @@ class Pref_Prefs extends Handler_Protected {
 
        }
 
+       static function isdefaultpassword() {
+               $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
+
+               if ($authenticator->check_password($_SESSION["uid"], "password")) {
+                       return true;
+               }
+
+               return false;
+       }
+
        function otpdisable() {
                $password = $_REQUEST["password"];
 

diff --git a/include/functions.php b/include/functions.php
index 531653f93236b59c9b4c62a806fb533694269edd..fc0cdec7c67b166aaba9e564738a5c4e173d1f73 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -1077,6 +1077,7 @@
                $params["default_view_limit"] = (int) get_pref("_DEFAULT_VIEW_LIMIT");
                $params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY");
                $params["bw_limit"] = (int) $_SESSION["bw_limit"];
+               $params["is_default_pw"] = Pref_Prefs::isdefaultpassword();
                $params["label_base_index"] = (int) LABEL_BASE_INDEX;
 
                $theme = get_pref( "USER_CSS_THEME", false, false);

diff --git a/js/feedlist.js b/js/feedlist.js
index 887d844538486bc9a23de97f5aa763a82cdf736a..d9bc0a0c9f768840b3c7516a61330a683636d0c7 100644 (file)
--- a/js/feedlist.js
+++ b/js/feedlist.js
@@ -198,6 +198,28 @@ function feedlist_init() {
 
        hideOrShowFeeds(getInitParam("hide_read_feeds") == 1);
 
+       if (getInitParam("is_default_pw")) {
+               console.warn("user password is at default value");
+
+               var dialog = new dijit.Dialog({
+                       title: __("Your password is at default value"),
+                       href: "backend.php?op=dlg&method=defaultpasswordwarning",
+                       id: 'infoBox',
+                       style: "width: 600px",
+                       onCancel: function() {
+                               return true;
+                       },
+                       onExecute: function() {
+                               return true;
+                       },
+                       onClose: function() {
+                               return true;
+                       }
+               });
+
+               dialog.show();
+       }
+
        // bw_limit disables timeout() so we request initial counters separately
     if (getInitParam("bw_limit") == "1") {
                request_counters(true);