2022-06-24 / ct_chen

Actions:
1. Webservice add "old password"  when changing login password on web page and web api

Files:
1. EVSE/rootfs/var/www/set_passwd.php
   EVSE/rootfs/var/www/set_passwd_action.php

EVSE/rootfs/var/www/set_passwd.php

@@ -33,6 +33,10 @@
 								<article class="envor-sorting-item css">
 									<header><?php echo $lang->showWord("passwd"); ?><i class="fa fa-plus"></i></header>
 									<section>
+										<div class="form-group">
+											<label>Old Password</label>
+											<input type="text" name="passwd0" id="passwd0" class="form-control">
+										</div>
 										<div class="form-group">
 											<label><?php echo $lang->showWord("passwd_keyin"); ?></label>
 											<input type="text" name="passwd1" id="passwd1" class="form-control">
@@ -69,7 +73,8 @@
 		{
 			// POST 參數須使用 send() 發送
 			var data =  "passwd=" + escape(document.getElementById("passwd1").value)+
-			"&user=<?php echo $_SERVER['PHP_AUTH_USER'];?>";
+			"&user=<?php echo $_SERVER['PHP_AUTH_USER'];?>"+
+			"&passwd0="+escape(document.getElementById("passwd0").value);
 			// POST 請求必須設置表頭在 open() 下面，send() 上面
 			request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
 			request.send(data);

EVSE/rootfs/var/www/set_passwd_action.php

@@ -1,6 +1,6 @@
 <?php
 	header('Content-Type: application/json; charset=UTF-8');
-	
+
 	if ($_SERVER['REQUEST_METHOD'] == "GET") {
 		create();
 	} else if ($_SERVER['REQUEST_METHOD'] == "POST") {
@@ -9,6 +9,20 @@
 
 	// 
 	function create() {
+		include 'valid.php';
+		$valid = new Valid;
+		//=======================================
+		// Auth
+		//=======================================
+		$_REQUEST['user']=$_REQUEST['user']==""?"admin":$_REQUEST['user'];
+		if(!$valid->validUser($_REQUEST['user'], $_REQUEST['passwd0']))  
+		 {
+			$jsone['result'] = "Error";
+			$jsone['message'] = "Old password is incorrect";
+			echo json_encode($jsone);
+			return false;
+			exit;
+		}
 		$json = json_decode(file_get_contents("valid_info"), true);
 		/*
 		$json['admin'] 			= md5($_REQUEST['passwd']);

board-support/linux-4.9.59+gitAUTOINC+a75d8e9305-ga75d8e9305/lib/.lib.a.cmd

@@ -1 +0,0 @@
-cmd_lib/lib.a := rm -f lib/lib.a; /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/linux-devkit/sysroots/x86_64-arago-linux/usr/bin/arm-linux-gnueabihf-ar rcsD lib/lib.a lib/argv_split.o lib/bug.o lib/chacha20.o lib/cmdline.o lib/ctype.o lib/dec_and_lock.o lib/decompress.o lib/decompress_inflate.o lib/dma-noop.o lib/dump_stack.o lib/earlycpio.o lib/extable.o lib/fdt.o lib/fdt_empty_tree.o lib/fdt_ro.o lib/fdt_rw.o lib/fdt_strerror.o lib/fdt_sw.o lib/fdt_wip.o lib/flex_proportions.o lib/idr.o lib/int_sqrt.o lib/ioremap.o lib/irq_regs.o lib/is_single_threaded.o lib/klist.o lib/kobject.o lib/kobject_uevent.o lib/md5.o lib/nmi_backtrace.o lib/nodemask.o lib/plist.o lib/radix-tree.o lib/ratelimit.o lib/rbtree.o lib/seq_buf.o lib/sha1.o lib/show_mem.o lib/string.o lib/timerqueue.o lib/vsprintf.o lib/win_minmax.o

board-support/linux-4.9.59+gitAUTOINC+a75d8e9305-ga75d8e9305/lib/.ts_bm.ko.cmd

@@ -1 +0,0 @@
-cmd_lib/ts_bm.ko := /opt/ti-processor-sdk-linux-am335x-evm-04.02.00.09/linux-devkit/sysroots/x86_64-arago-linux/usr/bin/arm-linux-gnueabihf-ld -EL -r  -T ./scripts/module-common.lds --build-id  -o lib/ts_bm.ko lib/ts_bm.o lib/ts_bm.mod.o ;  true