diff --git a/classes/dlg.php b/classes/dlg.php index 6f22c81e6..9ac5cd12f 100644 --- a/classes/dlg.php +++ b/classes/dlg.php @@ -185,4 +185,16 @@ class Dlg extends Handler_Protected { //return; } + function defaultPasswordWarning() { + + print_warning(__("You are using default tt-rss password. Please change it in the Preferences (Personal data / Authentication).")); + + print "
"; + print " "; + print ""; + print "
"; + } } \ No newline at end of file diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index ff778cbce..03563d8b0 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -207,7 +207,7 @@ class Pref_Prefs extends Handler_Protected { $email = htmlspecialchars($row["email"]); $full_name = htmlspecialchars($row["full_name"]); - $otp_enabled = $row["otp_enabled"]; + $otp_enabled = sql_bool_to_bool($row["otp_enabled"]); print "".__('Full name').""; print "encode(sha1($row["salt"])); @@ -888,7 +888,7 @@ class Pref_Prefs extends Handler_Protected { if ($authenticator->check_password($_SESSION["uid"], $password)) { - $sth = $this->pdo->prepare("SELECT salt + $sth = $this->pdo->query("SELECT salt FROM ttrss_users WHERE id = ?"); $sth->execute([$_SESSION['uid']]); @@ -920,6 +920,16 @@ class Pref_Prefs extends Handler_Protected { } + static function isdefaultpassword() { + $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); + + if ($authenticator->check_password($_SESSION["uid"], "password")) { + return true; + } + + return false; + } + function otpdisable() { $password = $_REQUEST["password"]; diff --git a/include/functions.php b/include/functions.php index 531653f93..fc0cdec7c 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1077,6 +1077,7 @@ $params["default_view_limit"] = (int) get_pref("_DEFAULT_VIEW_LIMIT"); $params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY"); $params["bw_limit"] = (int) $_SESSION["bw_limit"]; + $params["is_default_pw"] = Pref_Prefs::isdefaultpassword(); $params["label_base_index"] = (int) LABEL_BASE_INDEX; $theme = get_pref( "USER_CSS_THEME", false, false); diff --git a/js/feedlist.js b/js/feedlist.js index 887d84453..d9bc0a0c9 100644 --- a/js/feedlist.js +++ b/js/feedlist.js @@ -198,6 +198,28 @@ function feedlist_init() { hideOrShowFeeds(getInitParam("hide_read_feeds") == 1); + if (getInitParam("is_default_pw")) { + console.warn("user password is at default value"); + + var dialog = new dijit.Dialog({ + title: __("Your password is at default value"), + href: "backend.php?op=dlg&method=defaultpasswordwarning", + id: 'infoBox', + style: "width: 600px", + onCancel: function() { + return true; + }, + onExecute: function() { + return true; + }, + onClose: function() { + return true; + } + }); + + dialog.show(); + } + // bw_limit disables timeout() so we request initial counters separately if (getInitParam("bw_limit") == "1") { request_counters(true);