From 5baf5a0b91858fc5fd0fef8c6e145551b1d99531 Mon Sep 17 00:00:00 2001
From: vgilc <noreply@pandorafms.org>
Date: Mon, 18 Jun 2012 14:08:02 +0000
Subject: [PATCH] 2012-06-18  Vanessa Gil <vanessa.gil@artica.es>

	* include/functions_config.php: Fixed bug: Notice to change
	Admin password is displayed for other users.


git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6571 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
---
 pandora_console/ChangeLog                    |  5 +++++
 pandora_console/include/functions_config.php | 17 ++++++++++-------
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index dec496495d..df1312cbd5 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,8 @@
+2012-06-18  Vanessa Gil <vanessa.gil@artica.es>
+
+	* include/functions_config.php: Fixed bug: Notice to change
+	Admin password is displayed for other users.
+
 2012-06-18 Miguel de Dios <miguel.dedios@artica.es>
 	
 	* include/auth/ldap.php, include/javascript/pandora.js,
diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php
index c9c8261e1b..1a4fe6adcd 100644
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@@ -682,14 +682,17 @@ function config_check (){
 	
 	// At this first version I'm passing errors using session variables, because the error management
 	// is done by an AJAX request. Better solutions could be implemented in the future :-)
-	
+
 	// Check default password for "admin"
-	$hashpass = db_get_sql ("SELECT password FROM tusuario WHERE id_user = 'admin'");
-	if ($hashpass == "1da7ee7d45b96d0e1f45ee4ee23da560"){
-		$config["alert_cnt"]++;
-		$_SESSION["alert_msg"] .= ui_print_error_message(
-			array('message' => __('Default password for "Admin" user has not been changed.').'</h3>'.'<p>'.__('Please change the default password because is a common vulnerability reported.'),
-				'no_close' => true, 'force_style' => 'color: #000000 !important'), '', true);
+	$is_admin = db_get_value('is_admin', 'tusuario', 'id_user', $config['id_user']);
+	if ($is_admin) {	
+		$hashpass = db_get_sql ("SELECT password FROM tusuario WHERE id_user = 'admin'");
+		if ($hashpass == "1da7ee7d45b96d0e1f45ee4ee23da560"){
+			$config["alert_cnt"]++;
+			$_SESSION["alert_msg"] .= ui_print_error_message(
+				array('message' => __('Default password for "Admin" user has not been changed.').'</h3>'.'<p>'.__('Please change the default password because is a common vulnerability reported.'),
+					'no_close' => true, 'force_style' => 'color: #000000 !important'), '', true);
+		}
 	}
 	
 	if (!is_writable ("attachment")){