From bcd2b6f5f166923a7fd9a11d1d60d1e8d08e6632 Mon Sep 17 00:00:00 2001 From: Robin Date: Thu, 18 Mar 2010 21:37:25 +0100 Subject: [PATCH] ask for current password when editing the settings --- inc/lib_config.php | 20 +++++++++++++++----- inc/templates/configform.php | 17 +++++++++++------ inc/templates/header.php | 2 ++ settings/index.php | 5 ++--- 4 files changed, 30 insertions(+), 14 deletions(-) diff --git a/inc/lib_config.php b/inc/lib_config.php index 9a1c56d7e78..e31dcea7f83 100644 --- a/inc/lib_config.php +++ b/inc/lib_config.php @@ -28,15 +28,22 @@ class OC_CONFIG{ global $CONFIG_DBNAME; global $CONFIG_DBUSER; global $CONFIG_DBPASSWORD; - + global $CONFIG_ADMINLOGIN; + global $CONFIG_ADMINPASSWORD; if(isset($_POST['set_config'])){ //checkdata $error=''; - + $FIRSTRUN=empty($CONFIG_ADMINLOGIN); + if(!$FIRSTRUN){ + if($_POST['currentpassword']!=$CONFIG_ADMINPASSWORD){ + $error.='wrong password'; + } + } + if(!isset($_POST['adminlogin']) or empty($_POST['adminlogin'])) $error.='admin login not set
'; - if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword'])) $error.='admin password not set
'; - if(!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2'])) $error.='retype admin password not set
'; + if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword']) and $FIRSTRUN) $error.='admin password not set
'; + if(!isset($_POST['adminpassword2']) or empty($_POST['adminpassword2']) and $FIRSTRUN) $error.='retype admin password not set
'; if(!isset($_POST['datadirectory']) or empty($_POST['datadirectory'])) $error.='data directory not set
'; if(!isset($_POST['dateformat']) or empty($_POST['dateformat'])) $error.='dteformat not set
'; if(!isset($_POST['dbhost']) or empty($_POST['dbhost'])) $error.='database host not set
'; @@ -46,7 +53,10 @@ class OC_CONFIG{ if(!isset($_POST['dbpassword2']) or empty($_POST['dbpassword2'])) $error.='retype database password not set
'; if($_POST['dbpassword']<>$_POST['dbpassword2'] ) $error.='database passwords are not the same
'; if($_POST['adminpassword']<>$_POST['adminpassword2'] ) $error.='admin passwords are not the same
'; - + + if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword']) and !$FIRSTRUN){ + $_POST['adminpassword']=$CONFIG_ADMINPASSWORD; + } if(empty($error)) { //create/fill database diff --git a/inc/templates/configform.php b/inc/templates/configform.php index f981eae1c25..c78006c375c 100755 --- a/inc/templates/configform.php +++ b/inc/templates/configform.php @@ -1,6 +1,5 @@ @@ -13,9 +12,15 @@ document.getElementById('dbAdminPwd').style.display=(show)?'table-row':'none';
+ + + - - + + @@ -24,10 +29,10 @@ document.getElementById('dbAdminPwd').style.display=(show)?'table-row':'none'; - + - +
current password
admin login:
admin password:
retype admin password:
admin password:(leave empty to keep current password)
retype admin password:
data directory:
force ssl:
date format:
database user:
database password:
retype database password:
create database and user: onchange='showDBAdmin()'>
create database and user: onchange='showDBAdmin()'>
database administrative user:
database administrative password:
automaticly fill initial database:>
automaticly fill initial database:>
\ No newline at end of file diff --git a/inc/templates/header.php b/inc/templates/header.php index b5b7538f8af..57e45e708a9 100755 --- a/inc/templates/header.php +++ b/inc/templates/header.php @@ -12,7 +12,9 @@ echo('

'); echo('

'.$error.'

'); echo('

First Run Wizard

'); diff --git a/settings/index.php b/settings/index.php index a34a551e922..7cdb993e45e 100755 --- a/settings/index.php +++ b/settings/index.php @@ -24,11 +24,10 @@ require_once('../inc/lib_base.php'); + OC_UTIL::showheader(); -//uncheck the create and fill db options on default. -$createDB=false; -$fillDB=false; +$FIRSTRUN=false; echo('
'); OC_CONFIG::showconfigform(); -- 2.39.5