From f7e8fd33fd396c6830af6854192a4fd86f4d2a7a Mon Sep 17 00:00:00 2001
From: denise <denise@denise-DX4860sourcefabric.org>
Date: Wed, 16 Jan 2013 14:36:56 -0500
Subject: [PATCH] CC-4848: Streaming server passwords should be hidden with
 dots, once entered

-fixed
---
 .../controllers/PreferenceController.php      | 33 +++++++++++++++++--
 .../forms/StreamSettingSubForm.php            |  2 +-
 .../application/models/StreamSetting.php      |  9 ++++-
 .../js/airtime/preferences/streamsetting.js   | 20 +++++++++++
 4 files changed, 60 insertions(+), 4 deletions(-)

diff --git a/airtime_mvc/application/controllers/PreferenceController.php b/airtime_mvc/application/controllers/PreferenceController.php
index a6b32419f..4f2d7cc35 100644
--- a/airtime_mvc/application/controllers/PreferenceController.php
+++ b/airtime_mvc/application/controllers/PreferenceController.php
@@ -15,6 +15,7 @@ class PreferenceController extends Zend_Controller_Action
                     ->addActionContext('change-stream-setting', 'json')
                     ->addActionContext('get-liquidsoap-status', 'json')
                     ->addActionContext('set-source-connection-url', 'json')
+                    ->addActionContext('get-admin-password-status', 'json')
                     ->initContext();
     }
 
@@ -161,7 +162,6 @@ class PreferenceController extends Zend_Controller_Action
 
         $this->view->headScript()->appendFile($baseUrl.'js/airtime/preferences/streamsetting.js?'.$CC_CONFIG['airtime_version'],'text/javascript');
 
-
         // get current settings
         $temp = Application_Model_StreamSetting::getStreamSetting();
         $setting = array();
@@ -248,6 +248,16 @@ class PreferenceController extends Zend_Controller_Action
 
                 Application_Model_StreamSetting::setStreamSetting($values);
 
+                /* If the admin password values are empty then we should not
+                 * set the pseudo password ('xxxxxx') on the front-end
+                 */
+                $s1_set_admin_pass = true;
+                $s2_set_admin_pass = true;
+                $s3_set_admin_pass = true;
+                if (empty($values["s1_data"]["admin_pass"])) $s1_set_admin_pass = false;
+                if (empty($values["s2_data"]["admin_pass"])) $s2_set_admin_pass = false;
+                if (empty($values["s3_data"]["admin_pass"])) $s3_set_admin_pass = false;
+
                 // this goes into cc_pref table
                 Application_Model_Preference::SetStreamLabelFormat($values['streamFormat']);
                 Application_Model_Preference::SetLiveStreamMasterUsername($values["master_username"]);
@@ -313,7 +323,13 @@ class PreferenceController extends Zend_Controller_Action
                 $this->view->form = $form;
                 $this->view->num_stream = $num_of_stream;
                 $this->view->statusMsg = "<div class='success'>"._("Stream Setting Updated.")."</div>";
-                die(json_encode(array("valid"=>"true", "html"=>$this->view->render('preference/stream-setting.phtml'))));
+                die(json_encode(array(
+                    "valid"=>"true",
+                    "html"=>$this->view->render('preference/stream-setting.phtml'),
+                    "s1_set_admin_pass"=>$s1_set_admin_pass,
+                    "s2_set_admin_pass"=>$s2_set_admin_pass,
+                    "s3_set_admin_pass"=>$s3_set_admin_pass,
+                )));
             } else {
                 $live_stream_subform->updateVariables();
                 $this->view->enable_stream_conf = Application_Model_Preference::GetEnableStreamConf();
@@ -460,4 +476,17 @@ class PreferenceController extends Zend_Controller_Action
 
         die();
     }
+
+    public function getAdminPasswordStatusAction()
+    {
+        $out = array();
+        for ($i=1; $i<=3; $i++) {
+            if (Application_Model_StreamSetting::getAdminPass('s'.$i)=='') {
+                $out["s".$i] = false;
+            } else {
+                $out["s".$i] = true;
+            }
+        }
+        die(json_encode($out));
+    }
 }
diff --git a/airtime_mvc/application/forms/StreamSettingSubForm.php b/airtime_mvc/application/forms/StreamSettingSubForm.php
index eea40d8a7..874f38dc5 100644
--- a/airtime_mvc/application/forms/StreamSettingSubForm.php
+++ b/airtime_mvc/application/forms/StreamSettingSubForm.php
@@ -203,7 +203,7 @@ class Application_Form_StreamSettingSubForm extends Zend_Form_SubForm
         $adminUser->setAttrib('alt', 'regular_text');
         $this->addElement($adminUser);
         
-        $adminPass = new Zend_Form_Element_Text('admin_pass');
+        $adminPass = new Zend_Form_Element_Password('admin_pass');
         $adminPass->setLabel(_("Admin Password"))
                          ->setValue(Application_Model_StreamSetting::getAdminPass($prefix))
                          ->setValidators(array(
diff --git a/airtime_mvc/application/models/StreamSetting.php b/airtime_mvc/application/models/StreamSetting.php
index 6bac3f02b..58c8fb496 100644
--- a/airtime_mvc/application/models/StreamSetting.php
+++ b/airtime_mvc/application/models/StreamSetting.php
@@ -242,7 +242,14 @@ class Application_Model_StreamSetting
                         $v = $d['enable'] == 1 ? 'true' : 'false';
                     }
                     $v = trim($v);
-                    self::saveStreamSetting($keyname, $v);
+                    if ($k != 'admin_pass') {
+                        self::saveStreamSetting($keyname, $v);
+                    /* We use 'xxxxxx' as the admin password placeholder so we
+                     * only want to save it when it is a different string
+                     */
+                    } elseif ($v != 'xxxxxx') {
+                        self::saveStreamSetting($keyname, $v);
+                    }
                 }
             }
         }
diff --git a/airtime_mvc/public/js/airtime/preferences/streamsetting.js b/airtime_mvc/public/js/airtime/preferences/streamsetting.js
index a1da4b30e..54bb986ca 100644
--- a/airtime_mvc/public/js/airtime/preferences/streamsetting.js
+++ b/airtime_mvc/public/js/airtime/preferences/streamsetting.js
@@ -412,9 +412,28 @@ function setSliderForReplayGain(){
     $( "#replayGainModifier" ).val( $( "#slider-range-max" ).slider( "value" ) );
 }
 
+function setPseudoAdminPassword(s1, s2, s3) {
+    if (s1) {
+        $('#s1_data-admin_pass').val('xxxxxx');
+    }
+    if (s2) {
+        $('#s2_data-admin_pass').val('xxxxxx');
+    }
+    if (s3) {
+        $('#s3_data-admin_pass').val('xxxxxx');
+    }
+}
+
+function getAdminPasswordStatus() {
+    $.ajax({ url: baseUrl+'Preference/get-admin-password-status/format/json', dataType:"json", success:function(data){
+        setPseudoAdminPassword(data.s1, data.s2, data.s3);
+      }});   
+}
+
 $(document).ready(function() {
     setupEventListeners();
     setSliderForReplayGain();
+    getAdminPasswordStatus();
     
     $('#stream_save').live('click', function(){
         var confirm_pypo_restart_text = $.i18n._("If you change the username or password values for an enabled stream the playout engine will be rebooted and your listeners will hear silence for 5-10 seconds. Changing the following fields will NOT cause a reboot: Stream Label (Global Settings), and Switch Transition Fade(s), Master Username, and Master Password (Input Stream Settings). If Airtime is recording, and if the change causes a playout engine restart, the recording will be interrupted.");
@@ -427,6 +446,7 @@ $(document).ready(function() {
                 $('#content').empty().append(json.html);
                 setupEventListeners();
                 setSliderForReplayGain();
+                setPseudoAdminPassword(json.s1_set_admin_pass, json.s2_set_admin_pass, json.s3_set_admin_pass);
             });
         }
     });