From: <vb...@us...> - 2004-01-08 14:26:40
|
Update of /cvsroot/mantisbt/mantisbt In directory sc8-pr-cvs1:/tmp/cvs-serv6810 Modified Files: login_page.php Log Message: Fixed #3495: Warning even if administrator account is disabled M login_page.php - The warning for administrator account was displayed if the account exists with the default password. It didn't check for the enabled flag. Index: login_page.php =================================================================== RCS file: /cvsroot/mantisbt/mantisbt/login_page.php,v retrieving revision 1.32 retrieving revision 1.33 diff -u -d -r1.32 -r1.33 --- login_page.php 21 Aug 2003 14:31:42 -0000 1.32 +++ login_page.php 8 Jan 2004 14:26:37 -0000 1.33 @@ -112,8 +112,9 @@ } # Generate a warning if administrator/root is valid. - if ( user_get_id_by_name( 'administrator' ) !== false ) { - if ( auth_does_password_match( user_get_id_by_name( 'administrator' ), 'root' ) ) { + $t_admin_user_id = user_get_id_by_name( 'administrator' ); + if ( $t_admin_user_id !== false ) { + if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) { echo '<div class="warning" align="center">'; echo '<p><font color="red"><strong>WARNING:</strong> You should disable the default "administrator" account or change its password.</font></p>'; echo '</div>'; |