* Remove SQLPASS as suggested password, use MailOrderTo or one custom…

…-set. * Make dump permission persistent after providing password once. * Make dump permission automatic if logged in as admin.
interchange · Mar 25, 2014 · 5e7f66d · 5e7f66d
1 parent a7d81f9
commit 5e7f66d
Showing 1 changed file with 14 additions and 3 deletions.
diff --git a/dist/standard/pages/dump.html b/dist/standard/pages/dump.html
@@ -1,7 +1,14 @@
 [calc]
     $Tag->tmp('tmp_gate_dump');
-    $pass = $Variable->{SQLPASS} || $Variable->{ORDERS_TO} || $Config->{MailOrderTo} || 'bogus';
-    if($CGI->{password} eq $pass) {
+    $pass = $Variable->{DUMP_PASSWORD} || $Variable->{ORDERS_TO} || $Config->{MailOrderTo}
+		or return;
+    if(
+		$Session->{given_dump_password}
+		or $Session->{admin}
+		or $CGI->{password} eq $pass
+		)
+	{
+		$Session->{given_dump_password} = 1;
         $Scratch->{tmp_gate_dump} = 1;
     } 
     $CGI->{sort} = 1 unless defined $CGI->{sort};
@@ -10,10 +17,14 @@
 [if scratch tmp_gate_dump]
 <xmp>[dump key="[cgi key]" sort="[cgi sort]"]</xmp>
 [else]
-    You must provide the password. It is usually the SQL server password, or the email address where orders go.
+    You must provide the password. It is usually the email address where orders go.
     <form action="[process href=@@MV_PAGE@@ secure=1]" METHOD=post>
     Password: <input type="text" name=password value="">
     <input type="submit" value="Dump">
+	<br>
+	sort keys
+	<input type=radio name=sort value=1 checked> yes 
+	<input type=radio name=sort value=0> no 
     </form>
 [/else]
 [/if]