From 07a605a8185e8daddaadf462a79d6442dd73e331 Mon Sep 17 00:00:00 2001 From: opencart Date: Fri, 30 Nov 2012 13:23:54 +0800 Subject: [PATCH] a fix for http://www.slideshare.net/DefconRussia/reutov-yunusov-nagibin-random-numbers-take-ii --- upload/admin/controller/common/forgotten.php | 6 +++++- upload/admin/controller/common/login.php | 10 +++++++--- upload/admin/controller/common/reset.php | 6 ++++++ upload/admin/controller/setting/setting.php | 8 +++++++- upload/admin/language/english/setting/setting.php | 1 + upload/admin/model/setting/setting.php | 8 ++++++++ upload/admin/view/template/common/login.tpl | 5 ++++- upload/admin/view/template/setting/setting.tpl | 14 ++++++++++++++ upload/install/opencart.sql | 3 ++- 9 files changed, 54 insertions(+), 7 deletions(-) diff --git a/upload/admin/controller/common/forgotten.php b/upload/admin/controller/common/forgotten.php index 423d5164631..ceeb1fa76a2 100644 --- a/upload/admin/controller/common/forgotten.php +++ b/upload/admin/controller/common/forgotten.php @@ -6,7 +6,11 @@ public function index() { if ($this->user->isLogged()) { $this->redirect($this->url->link('common/home', '', 'SSL')); } - + + if (!$this->config->get('config_password')) { + $this->redirect($this->url->link('common/login', '', 'SSL')); + } + $this->language->load('common/forgotten'); $this->document->setTitle($this->language->get('heading_title')); diff --git a/upload/admin/controller/common/login.php b/upload/admin/controller/common/login.php index fede9cd7c48..4889b01215b 100644 --- a/upload/admin/controller/common/login.php +++ b/upload/admin/controller/common/login.php @@ -82,9 +82,13 @@ public function index() { } else { $this->data['redirect'] = ''; } - - $this->data['forgotten'] = $this->url->link('common/forgotten', '', 'SSL'); - + + if ($this->config->get('config_password')) { + $this->data['forgotten'] = $this->url->link('common/forgotten', '', 'SSL'); + } else { + $this->data['forgotten'] = ''; + } + $this->template = 'common/login.tpl'; $this->children = array( 'common/header', diff --git a/upload/admin/controller/common/reset.php b/upload/admin/controller/common/reset.php index b16ea950e9e..cf891f7618a 100644 --- a/upload/admin/controller/common/reset.php +++ b/upload/admin/controller/common/reset.php @@ -7,6 +7,10 @@ public function index() { $this->redirect($this->url->link('common/home', '', 'SSL')); } + if (!$this->config->get('config_password')) { + $this->redirect($this->url->link('common/login', '', 'SSL')); + } + if (isset($this->request->get['code'])) { $code = $this->request->get['code']; } else { @@ -88,6 +92,8 @@ public function index() { $this->response->setOutput($this->render()); } else { + $this->model_setting_setting->editSettingValue('config', 'config_password', '0'); + return $this->forward('common/login'); } } diff --git a/upload/admin/controller/setting/setting.php b/upload/admin/controller/setting/setting.php index 1fcfca999a0..c2d5fc37091 100644 --- a/upload/admin/controller/setting/setting.php +++ b/upload/admin/controller/setting/setting.php @@ -10,7 +10,6 @@ public function index() { $this->load->model('setting/setting'); if (($this->request->server['REQUEST_METHOD'] == 'POST') && $this->validate()) { - $this->model_setting_setting->editSetting('config', $this->request->post); if ($this->config->get('config_currency_auto')) { @@ -132,6 +131,7 @@ public function index() { $this->data['entry_shared'] = $this->language->get('entry_shared'); $this->data['entry_robots'] = $this->language->get('entry_robots'); $this->data['entry_maintenance'] = $this->language->get('entry_maintenance'); + $this->data['entry_password'] = $this->language->get('entry_password'); $this->data['entry_encryption'] = $this->language->get('entry_encryption'); $this->data['entry_seo_url'] = $this->language->get('entry_seo_url'); $this->data['entry_compression'] = $this->language->get('entry_compression'); @@ -997,6 +997,12 @@ public function index() { $this->data['config_maintenance'] = $this->config->get('config_maintenance'); } + if (isset($this->request->post['config_password'])) { + $this->data['config_password'] = $this->request->post['config_password']; + } else { + $this->data['config_password'] = $this->config->get('config_password'); + } + if (isset($this->request->post['config_encryption'])) { $this->data['config_encryption'] = $this->request->post['config_encryption']; } else { diff --git a/upload/admin/language/english/setting/setting.php b/upload/admin/language/english/setting/setting.php index d0a5dca832c..4dc4c93c0d0 100644 --- a/upload/admin/language/english/setting/setting.php +++ b/upload/admin/language/english/setting/setting.php @@ -108,6 +108,7 @@ $_['entry_robots'] = 'Robots:
A list of web crawler user agents that shared sessions will not be used with. Use separate lines for each user agent.'; $_['entry_seo_url'] = 'Use SEO URL\'s:
To use SEO URL\'s apache module mod-rewrite must be installed and you need to rename the htaccess.txt to .htaccess.'; $_['entry_maintenance'] = 'Maintenance Mode:
Prevents customers from browsing your store. They will instead see a maintenance message. If logged in as admin, you will see the store as normal.'; +$_['entry_password'] = 'Allow Forgotten Password:
Allow forgotten password to be used for the admin. This will be disabled automatically if the system detects a hack attempt.'; $_['entry_encryption'] = 'Encryption Key:
Please provide a secret key that will be used to encrypt private information when processing orders.'; $_['entry_compression'] = 'Output Compression Level:
GZIP for more efficient transfer to requesting clients. Compression level must be between 0 - 9'; $_['entry_error_display'] = 'Display Errors:'; diff --git a/upload/admin/model/setting/setting.php b/upload/admin/model/setting/setting.php index 557806a3be3..6f1fc1cbf1f 100644 --- a/upload/admin/model/setting/setting.php +++ b/upload/admin/model/setting/setting.php @@ -31,5 +31,13 @@ public function editSetting($group, $data, $store_id = 0) { public function deleteSetting($group, $store_id = 0) { $this->db->query("DELETE FROM " . DB_PREFIX . "setting WHERE store_id = '" . (int)$store_id . "' AND `group` = '" . $this->db->escape($group) . "'"); } + + public function editSettingValue($group = '', $key = '', $value = '', $store_id = 0) { + if (!is_array($value)) { + $this->db->query("UDPATE " . DB_PREFIX . "setting SET `value` = '" . $this->db->escape($value) . " WHERE `group` = '" . $this->db->escape($group) . "' AND `key` = '" . $this->db->escape($key) . "' AND store_id = '" . (int)$store_id . "'"); + } else { + $this->db->query("UDPATE " . DB_PREFIX . "setting SET `value` = '" . $this->db->escape(serialize($value)) . "' WHERE `group` = '" . $this->db->escape($group) . "' AND `key` = '" . $this->db->escape($key) . "' AND store_id = '" . (int)$store_id . "', serialized = '1'"); + } + } } ?> \ No newline at end of file diff --git a/upload/admin/view/template/common/login.tpl b/upload/admin/view/template/common/login.tpl index d7a144b9ced..7da7c2e543a 100644 --- a/upload/admin/view/template/common/login.tpl +++ b/upload/admin/view/template/common/login.tpl @@ -23,8 +23,11 @@

+
- + + +   diff --git a/upload/admin/view/template/setting/setting.tpl b/upload/admin/view/template/setting/setting.tpl index 21bc5e4a64c..5ff2ed78e84 100644 --- a/upload/admin/view/template/setting/setting.tpl +++ b/upload/admin/view/template/setting/setting.tpl @@ -930,6 +930,20 @@ + + + + + + + + + + + + + + diff --git a/upload/install/opencart.sql b/upload/install/opencart.sql index 34268bfb3fb..5e364877c6e 100644 --- a/upload/install/opencart.sql +++ b/upload/install/opencart.sql @@ -2824,7 +2824,8 @@ INSERT INTO `oc_setting` (`setting_id`, `store_id`, `group`, `key`, `value`, `se (124, 0, 'config', 'config_voucher_min', '1', 0), (125, 0, 'config', 'config_voucher_max', '1000', 0), (126, 0, 'config', 'config_customer_group_display', 'a:1:{i:0;s:1:\"1\";}', 1), -(127, 0, 'config', 'config_robots', 'abot\r\ndbot\r\nebot\r\nhbot\r\nkbot\r\nlbot\r\nmbot\r\nnbot\r\nobot\r\npbot\r\nrbot\r\nsbot\r\ntbot\r\nvbot\r\nybot\r\nzbot\r\nbot.\r\nbot/\r\n_bot\r\n.bot\r\n/bot\r\n-bot\r\n:bot\r\n(bot\r\ncrawl\r\nslurp\r\nspider\r\nseek\r\naccoona\r\nacoon\r\nadressendeutschland\r\nah-ha.com\r\nahoy\r\naltavista\r\nananzi\r\nanthill\r\nappie\r\narachnophilia\r\narale\r\naraneo\r\naranha\r\narchitext\r\naretha\r\narks\r\nasterias\r\natlocal\r\natn\r\natomz\r\naugurfind\r\nbackrub\r\nbannana_bot\r\nbaypup\r\nbdfetch\r\nbig brother\r\nbiglotron\r\nbjaaland\r\nblackwidow\r\nblaiz\r\nblog\r\nblo.\r\nbloodhound\r\nboitho\r\nbooch\r\nbradley\r\nbutterfly\r\ncalif\r\ncassandra\r\nccubee\r\ncfetch\r\ncharlotte\r\nchurl\r\ncienciaficcion\r\ncmc\r\ncollective\r\ncomagent\r\ncombine\r\ncomputingsite\r\ncsci\r\ncurl\r\ncusco\r\ndaumoa\r\ndeepindex\r\ndelorie\r\ndepspid\r\ndeweb\r\ndie blinde kuh\r\ndigger\r\nditto\r\ndmoz\r\ndocomo\r\ndownload express\r\ndtaagent\r\ndwcp\r\nebiness\r\nebingbong\r\ne-collector\r\nejupiter\r\nemacs-w3 search engine\r\nesther\r\nevliya celebi\r\nezresult\r\nfalcon\r\nfelix ide\r\nferret\r\nfetchrover\r\nfido\r\nfindlinks\r\nfireball\r\nfish search\r\nfouineur\r\nfunnelweb\r\ngazz\r\ngcreep\r\ngenieknows\r\ngetterroboplus\r\ngeturl\r\nglx\r\ngoforit\r\ngolem\r\ngrabber\r\ngrapnel\r\ngralon\r\ngriffon\r\ngromit\r\ngrub\r\ngulliver\r\nhamahakki\r\nharvest\r\nhavindex\r\nhelix\r\nheritrix\r\nhku www octopus\r\nhomerweb\r\nhtdig\r\nhtml index\r\nhtml_analyzer\r\nhtmlgobble\r\nhubater\r\nhyper-decontextualizer\r\nia_archiver\r\nibm_planetwide\r\nichiro\r\niconsurf\r\niltrovatore\r\nimage.kapsi.net\r\nimagelock\r\nincywincy\r\nindexer\r\ninfobee\r\ninformant\r\ningrid\r\ninktomisearch.com\r\ninspector web\r\nintelliagent\r\ninternet shinchakubin\r\nip3000\r\niron33\r\nisraeli-search\r\nivia\r\njack\r\njakarta\r\njavabee\r\njetbot\r\njumpstation\r\nkatipo\r\nkdd-explorer\r\nkilroy\r\nknowledge\r\nkototoi\r\nkretrieve\r\nlabelgrabber\r\nlachesis\r\nlarbin\r\nlegs\r\nlibwww\r\nlinkalarm\r\nlink validator\r\nlinkscan\r\nlockon\r\nlwp\r\nlycos\r\nmagpie\r\nmantraagent\r\nmapoftheinternet\r\nmarvin/\r\nmattie\r\nmediafox\r\nmediapartners\r\nmercator\r\nmerzscope\r\nmicrosoft url control\r\nminirank\r\nmiva\r\nmj12\r\nmnogosearch\r\nmoget\r\nmonster\r\nmoose\r\nmotor\r\nmultitext\r\nmuncher\r\nmuscatferret\r\nmwd.search\r\nmyweb\r\nnajdi\r\nnameprotect\r\nnationaldirectory\r\nnazilla\r\nncsa beta\r\nnec-meshexplorer\r\nnederland.zoek\r\nnetcarta webmap engine\r\nnetmechanic\r\nnetresearchserver\r\nnetscoop\r\nnewscan-online\r\nnhse\r\nnokia6682/\r\nnomad\r\nnoyona\r\nnutch\r\nnzexplorer\r\nobjectssearch\r\noccam\r\nomni\r\nopen text\r\nopenfind\r\nopenintelligencedata\r\norb search\r\nosis-project\r\npack rat\r\npageboy\r\npagebull\r\npage_verifier\r\npanscient\r\nparasite\r\npartnersite\r\npatric\r\npear.\r\npegasus\r\nperegrinator\r\npgp key agent\r\nphantom\r\nphpdig\r\npicosearch\r\npiltdownman\r\npimptrain\r\npinpoint\r\npioneer\r\npiranha\r\nplumtreewebaccessor\r\npogodak\r\npoirot\r\npompos\r\npoppelsdorf\r\npoppi\r\npopular iconoclast\r\npsycheclone\r\npublisher\r\npython\r\nrambler\r\nraven search\r\nroach\r\nroad runner\r\nroadhouse\r\nrobbie\r\nrobofox\r\nrobozilla\r\nrules\r\nsalty\r\nsbider\r\nscooter\r\nscoutjet\r\nscrubby\r\nsearch.\r\nsearchprocess\r\nsemanticdiscovery\r\nsenrigan\r\nsg-scout\r\nshai''hulud\r\nshark\r\nshopwiki\r\nsidewinder\r\nsift\r\nsilk\r\nsimmany\r\nsite searcher\r\nsite valet\r\nsitetech-rover\r\nskymob.com\r\nsleek\r\nsmartwit\r\nsna-\r\nsnappy\r\nsnooper\r\nsohu\r\nspeedfind\r\nsphere\r\nsphider\r\nspinner\r\nspyder\r\nsteeler/\r\nsuke\r\nsuntek\r\nsupersnooper\r\nsurfnomore\r\nsven\r\nsygol\r\nszukacz\r\ntach black widow\r\ntarantula\r\ntempleton\r\n/teoma\r\nt-h-u-n-d-e-r-s-t-o-n-e\r\ntheophrastus\r\ntitan\r\ntitin\r\ntkwww\r\ntoutatis\r\nt-rex\r\ntutorgig\r\ntwiceler\r\ntwisted\r\nucsd\r\nudmsearch\r\nurl check\r\nupdated\r\nvagabondo\r\nvalkyrie\r\nverticrawl\r\nvictoria\r\nvision-search\r\nvolcano\r\nvoyager/\r\nvoyager-hc\r\nw3c_validator\r\nw3m2\r\nw3mir\r\nwalker\r\nwallpaper\r\nwanderer\r\nwauuu\r\nwavefire\r\nweb core\r\nweb hopper\r\nweb wombat\r\nwebbandit\r\nwebcatcher\r\nwebcopy\r\nwebfoot\r\nweblayers\r\nweblinker\r\nweblog monitor\r\nwebmirror\r\nwebmonkey\r\nwebquest\r\nwebreaper\r\nwebsitepulse\r\nwebsnarf\r\nwebstolperer\r\nwebvac\r\nwebwalk\r\nwebwatch\r\nwebwombat\r\nwebzinger\r\nwget\r\nwhizbang\r\nwhowhere\r\nwild ferret\r\nworldlight\r\nwwwc\r\nwwwster\r\nxenu\r\nxget\r\nxift\r\nxirq\r\nyandex\r\nyanga\r\nyeti\r\nyodao\r\nzao\r\nzippp\r\nzyborg', 0); +(127, 0, 'config', 'config_robots', 'abot\r\ndbot\r\nebot\r\nhbot\r\nkbot\r\nlbot\r\nmbot\r\nnbot\r\nobot\r\npbot\r\nrbot\r\nsbot\r\ntbot\r\nvbot\r\nybot\r\nzbot\r\nbot.\r\nbot/\r\n_bot\r\n.bot\r\n/bot\r\n-bot\r\n:bot\r\n(bot\r\ncrawl\r\nslurp\r\nspider\r\nseek\r\naccoona\r\nacoon\r\nadressendeutschland\r\nah-ha.com\r\nahoy\r\naltavista\r\nananzi\r\nanthill\r\nappie\r\narachnophilia\r\narale\r\naraneo\r\naranha\r\narchitext\r\naretha\r\narks\r\nasterias\r\natlocal\r\natn\r\natomz\r\naugurfind\r\nbackrub\r\nbannana_bot\r\nbaypup\r\nbdfetch\r\nbig brother\r\nbiglotron\r\nbjaaland\r\nblackwidow\r\nblaiz\r\nblog\r\nblo.\r\nbloodhound\r\nboitho\r\nbooch\r\nbradley\r\nbutterfly\r\ncalif\r\ncassandra\r\nccubee\r\ncfetch\r\ncharlotte\r\nchurl\r\ncienciaficcion\r\ncmc\r\ncollective\r\ncomagent\r\ncombine\r\ncomputingsite\r\ncsci\r\ncurl\r\ncusco\r\ndaumoa\r\ndeepindex\r\ndelorie\r\ndepspid\r\ndeweb\r\ndie blinde kuh\r\ndigger\r\nditto\r\ndmoz\r\ndocomo\r\ndownload express\r\ndtaagent\r\ndwcp\r\nebiness\r\nebingbong\r\ne-collector\r\nejupiter\r\nemacs-w3 search engine\r\nesther\r\nevliya celebi\r\nezresult\r\nfalcon\r\nfelix ide\r\nferret\r\nfetchrover\r\nfido\r\nfindlinks\r\nfireball\r\nfish search\r\nfouineur\r\nfunnelweb\r\ngazz\r\ngcreep\r\ngenieknows\r\ngetterroboplus\r\ngeturl\r\nglx\r\ngoforit\r\ngolem\r\ngrabber\r\ngrapnel\r\ngralon\r\ngriffon\r\ngromit\r\ngrub\r\ngulliver\r\nhamahakki\r\nharvest\r\nhavindex\r\nhelix\r\nheritrix\r\nhku www octopus\r\nhomerweb\r\nhtdig\r\nhtml index\r\nhtml_analyzer\r\nhtmlgobble\r\nhubater\r\nhyper-decontextualizer\r\nia_archiver\r\nibm_planetwide\r\nichiro\r\niconsurf\r\niltrovatore\r\nimage.kapsi.net\r\nimagelock\r\nincywincy\r\nindexer\r\ninfobee\r\ninformant\r\ningrid\r\ninktomisearch.com\r\ninspector web\r\nintelliagent\r\ninternet shinchakubin\r\nip3000\r\niron33\r\nisraeli-search\r\nivia\r\njack\r\njakarta\r\njavabee\r\njetbot\r\njumpstation\r\nkatipo\r\nkdd-explorer\r\nkilroy\r\nknowledge\r\nkototoi\r\nkretrieve\r\nlabelgrabber\r\nlachesis\r\nlarbin\r\nlegs\r\nlibwww\r\nlinkalarm\r\nlink validator\r\nlinkscan\r\nlockon\r\nlwp\r\nlycos\r\nmagpie\r\nmantraagent\r\nmapoftheinternet\r\nmarvin/\r\nmattie\r\nmediafox\r\nmediapartners\r\nmercator\r\nmerzscope\r\nmicrosoft url control\r\nminirank\r\nmiva\r\nmj12\r\nmnogosearch\r\nmoget\r\nmonster\r\nmoose\r\nmotor\r\nmultitext\r\nmuncher\r\nmuscatferret\r\nmwd.search\r\nmyweb\r\nnajdi\r\nnameprotect\r\nnationaldirectory\r\nnazilla\r\nncsa beta\r\nnec-meshexplorer\r\nnederland.zoek\r\nnetcarta webmap engine\r\nnetmechanic\r\nnetresearchserver\r\nnetscoop\r\nnewscan-online\r\nnhse\r\nnokia6682/\r\nnomad\r\nnoyona\r\nnutch\r\nnzexplorer\r\nobjectssearch\r\noccam\r\nomni\r\nopen text\r\nopenfind\r\nopenintelligencedata\r\norb search\r\nosis-project\r\npack rat\r\npageboy\r\npagebull\r\npage_verifier\r\npanscient\r\nparasite\r\npartnersite\r\npatric\r\npear.\r\npegasus\r\nperegrinator\r\npgp key agent\r\nphantom\r\nphpdig\r\npicosearch\r\npiltdownman\r\npimptrain\r\npinpoint\r\npioneer\r\npiranha\r\nplumtreewebaccessor\r\npogodak\r\npoirot\r\npompos\r\npoppelsdorf\r\npoppi\r\npopular iconoclast\r\npsycheclone\r\npublisher\r\npython\r\nrambler\r\nraven search\r\nroach\r\nroad runner\r\nroadhouse\r\nrobbie\r\nrobofox\r\nrobozilla\r\nrules\r\nsalty\r\nsbider\r\nscooter\r\nscoutjet\r\nscrubby\r\nsearch.\r\nsearchprocess\r\nsemanticdiscovery\r\nsenrigan\r\nsg-scout\r\nshai''hulud\r\nshark\r\nshopwiki\r\nsidewinder\r\nsift\r\nsilk\r\nsimmany\r\nsite searcher\r\nsite valet\r\nsitetech-rover\r\nskymob.com\r\nsleek\r\nsmartwit\r\nsna-\r\nsnappy\r\nsnooper\r\nsohu\r\nspeedfind\r\nsphere\r\nsphider\r\nspinner\r\nspyder\r\nsteeler/\r\nsuke\r\nsuntek\r\nsupersnooper\r\nsurfnomore\r\nsven\r\nsygol\r\nszukacz\r\ntach black widow\r\ntarantula\r\ntempleton\r\n/teoma\r\nt-h-u-n-d-e-r-s-t-o-n-e\r\ntheophrastus\r\ntitan\r\ntitin\r\ntkwww\r\ntoutatis\r\nt-rex\r\ntutorgig\r\ntwiceler\r\ntwisted\r\nucsd\r\nudmsearch\r\nurl check\r\nupdated\r\nvagabondo\r\nvalkyrie\r\nverticrawl\r\nvictoria\r\nvision-search\r\nvolcano\r\nvoyager/\r\nvoyager-hc\r\nw3c_validator\r\nw3m2\r\nw3mir\r\nwalker\r\nwallpaper\r\nwanderer\r\nwauuu\r\nwavefire\r\nweb core\r\nweb hopper\r\nweb wombat\r\nwebbandit\r\nwebcatcher\r\nwebcopy\r\nwebfoot\r\nweblayers\r\nweblinker\r\nweblog monitor\r\nwebmirror\r\nwebmonkey\r\nwebquest\r\nwebreaper\r\nwebsitepulse\r\nwebsnarf\r\nwebstolperer\r\nwebvac\r\nwebwalk\r\nwebwatch\r\nwebwombat\r\nwebzinger\r\nwget\r\nwhizbang\r\nwhowhere\r\nwild ferret\r\nworldlight\r\nwwwc\r\nwwwster\r\nxenu\r\nxget\r\nxift\r\nxirq\r\nyandex\r\nyanga\r\nyeti\r\nyodao\r\nzao\r\nzippp\r\nzyborg', 0), +(128, 0, 'config', 'config_password', '1', 0); -- --------------------------------------------------------