From bcd2b6f5f166923a7fd9a11d1d60d1e8d08e6632 Mon Sep 17 00:00:00 2001
From: Robin <robin@Amaya.(none)>
Date: Thu, 18 Mar 2010 21:37:25 +0100
Subject: [PATCH] ask for current password when editing the settings

---
 inc/lib_config.php           | 20 +++++++++++++++-----
 inc/templates/configform.php | 17 +++++++++++------
 inc/templates/header.php     |  2 ++
 settings/index.php           |  5 ++---
 4 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/inc/lib_config.php b/inc/lib_config.php
index 9a1c56d7e78..e31dcea7f83 100644
--- a/inc/lib_config.php
+++ b/inc/lib_config.php
@@ -28,15 +28,22 @@ class OC_CONFIG{
     global $CONFIG_DBNAME;
     global $CONFIG_DBUSER;
     global $CONFIG_DBPASSWORD;
-    
+    global $CONFIG_ADMINLOGIN;
+    global $CONFIG_ADMINPASSWORD;
     if(isset($_POST['set_config'])){
 
       //checkdata
       $error='';
-
+      $FIRSTRUN=empty($CONFIG_ADMINLOGIN);
+      if(!$FIRSTRUN){
+         if($_POST['currentpassword']!=$CONFIG_ADMINPASSWORD){
+            $error.='wrong password';
+         }
+      }
+      
       if(!isset($_POST['adminlogin'])        or empty($_POST['adminlogin']))        $error.='admin login not set<br />';
-      if(!isset($_POST['adminpassword'])     or empty($_POST['adminpassword']))     $error.='admin password not set<br />';
-      if(!isset($_POST['adminpassword2'])    or empty($_POST['adminpassword2']))    $error.='retype admin password not set<br />';
+      if(!isset($_POST['adminpassword'])     or empty($_POST['adminpassword']) and $FIRSTRUN)     $error.='admin password not set<br />';
+      if(!isset($_POST['adminpassword2'])    or empty($_POST['adminpassword2']) and $FIRSTRUN)    $error.='retype admin password not set<br />';
       if(!isset($_POST['datadirectory'])     or empty($_POST['datadirectory']))     $error.='data directory not set<br />';
       if(!isset($_POST['dateformat'])        or empty($_POST['dateformat']))        $error.='dteformat not set<br />';
       if(!isset($_POST['dbhost'])            or empty($_POST['dbhost']))            $error.='database host not set<br />';
@@ -46,7 +53,10 @@ class OC_CONFIG{
       if(!isset($_POST['dbpassword2'])       or empty($_POST['dbpassword2']))       $error.='retype database password not set<br />';
       if($_POST['dbpassword']<>$_POST['dbpassword2'] )                              $error.='database passwords are not the same<br />';
       if($_POST['adminpassword']<>$_POST['adminpassword2'] )                        $error.='admin passwords are not the same<br />';
-
+      
+       if(!isset($_POST['adminpassword']) or empty($_POST['adminpassword']) and !$FIRSTRUN){
+          $_POST['adminpassword']=$CONFIG_ADMINPASSWORD;
+       }
 
       if(empty($error)) {
         //create/fill database
diff --git a/inc/templates/configform.php b/inc/templates/configform.php
index f981eae1c25..c78006c375c 100755
--- a/inc/templates/configform.php
+++ b/inc/templates/configform.php
@@ -1,6 +1,5 @@
 <?php
-global $createDB;
-global $fillDB;
+global $FIRSTRUN;
 if(!isset($createDB)) $createDB=true;
 if(!isset($fillDB)) $fillDB=true;
 ?>
@@ -13,9 +12,15 @@ document.getElementById('dbAdminPwd').style.display=(show)?'table-row':'none';
 </script>
 <form method="post" enctype="multipart/form-data">
 <table cellpadding="5" cellspacing="5" border="0" class="loginform">
+<?php
+   if(!$FIRSTRUN){?>
+      <tr><td>current password</td><td><input type="password" name="currentpassword" size="30" class="formstyle"></input></td></tr>
+      <?php
+   }
+?>
 <tr><td>admin login:</td><td><input type="text" name="adminlogin" size="30" class="formstyle" value="<?php echo($CONFIG_ADMINLOGIN);?>"></input></td></tr>
-<tr><td>admin password:</td><td><input type="password" name="adminpassword" size="30" class="formstyle" value="<?php echo($CONFIG_ADMINPASSWORD);?>"></input></td></tr>
-<tr><td>retype admin password:</td><td><input type="password" name="adminpassword2" size="30" class="formstyle" value="<?php echo($CONFIG_ADMINPASSWORD);?>"></input></td></tr>
+<tr><td>admin password:</td><td><input type="password" name="adminpassword" size="30" class="formstyle"></input></td><td>(leave empty to keep current password)</td></tr>
+<tr><td>retype admin password:</td><td><input type="password" name="adminpassword2" size="30" class="formstyle"></input></td></tr>
 <tr><td>data directory:</td><td><input type="text" name="datadirectory" size="30" class="formstyle" value="<?php echo($CONFIG_DATADIRECTORY);?>"></input></td></tr>
 <tr><td>force ssl:</td><td><input type="checkbox" name="forcessl" size="30" class="formstyle" value='<?php echo($CONFIG_HTTPFORCESSL);?>'></input></td></tr>
 <tr><td>date format:</td><td><input type="text" name="dateformat" size="30" class="formstyle" value='<?php echo($CONFIG_DATEFORMAT);?>'></input></td></tr>
@@ -24,10 +29,10 @@ document.getElementById('dbAdminPwd').style.display=(show)?'table-row':'none';
 <tr><td>database user:</td><td><input type="text" name="dbuser" size="30" class="formstyle" value='<?php echo($CONFIG_DBUSER);?>'></input></td></tr>
 <tr><td>database password:</td><td><input type="password" name="dbpassword" size="30" class="formstyle" value='<?php echo($CONFIG_DBPASSWORD);?>'></input></td></tr>
 <tr><td>retype database password:</td><td><input type="password" name="dbpassword2" size="30" class="formstyle" value='<?php echo($CONFIG_DBPASSWORD);?>'></input></td></tr>
-<tr><td>create database and user:</td><td><input id='dbCreate' type="checkbox" name="createdatabase" size="30" class="formstyle" value='1' <?php if($createDB) echo 'checked'; ?> onchange='showDBAdmin()'></input></td></tr>
+<tr><td>create database and user:</td><td><input id='dbCreate' type="checkbox" name="createdatabase" size="30" class="formstyle" value='1' <?php if($FIRSTRUN) echo 'checked'; ?> onchange='showDBAdmin()'></input></td></tr>
 <tr id='dbAdminUser'><td>database administrative user:</td><td><input type="text" name="dbadminuser" size="30" class="formstyle" value='root'></input></td></tr>
 <tr id='dbAdminPwd'><td>database administrative password:</td><td><input type="password" name="dbadminpwd" size="30" class="formstyle" value=''></input></td></tr>
-<tr><td>automaticly fill initial database:</td><td><input type="checkbox" name="filldb" size="30" class="formstyle" value='1' <?php if($fillDB) echo 'checked'; ?>></input></td></tr>
+<tr><td>automaticly fill initial database:</td><td><input type="checkbox" name="filldb" size="30" class="formstyle" value='1' <?php if($FIRSTRUN) echo 'checked'; ?>></input></td></tr>
 <tr><td></td><td><input type="submit" name="set_config" alt="save" value="save" class="formstyle" /></td></tr>
 </table></form>
 <script type="text/javascript">showDBAdmin()</script>
\ No newline at end of file
diff --git a/inc/templates/header.php b/inc/templates/header.php
index b5b7538f8af..57e45e708a9 100755
--- a/inc/templates/header.php
+++ b/inc/templates/header.php
@@ -12,7 +12,9 @@ echo('<h1><a id="owncloud-logo" href="'.$WEBROOT.'/"><span>ownCloud</span></a></
 
   // check if already configured. otherwise start configuration wizard
   $error=OC_CONFIG::writeconfiglisener();
+  echo $error;
   if(empty($CONFIG_ADMINLOGIN)) {
+    $FIRSTRUN=true;
     echo('<div class="center">');
     echo('<p class="errortext">'.$error.'</p>');
     echo('<p class="highlighttext">First Run Wizard</p>');
diff --git a/settings/index.php b/settings/index.php
index a34a551e922..7cdb993e45e 100755
--- a/settings/index.php
+++ b/settings/index.php
@@ -24,11 +24,10 @@
 
 require_once('../inc/lib_base.php');
 
+
 OC_UTIL::showheader();
 
-//uncheck the create and fill db options on default.
-$createDB=false;
-$fillDB=false;
+$FIRSTRUN=false;
 
 echo('<div class="center">');
 OC_CONFIG::showconfigform();
-- 
GitLab