From 037369b6e6c3668f0f2a9563702f395e5b0bf04d Mon Sep 17 00:00:00 2001
From: Miles Lott <milosch@alumni.egroupware.org>
Date: Sun, 18 Jan 2004 21:03:56 +0000
Subject: [PATCH] Add header and per-domain user login values - default is
 admin during the upgrade process. Hopefully these are all the files.

---
 header.inc.php.template                       |  6 ++-
 phpgwapi/inc/class.setup.inc.php              | 50 ++++++++++++++++---
 phpgwapi/inc/class.setup_html.inc.php         | 26 +++++++++-
 phpgwapi/setup/setup.inc.php                  |  2 +-
 setup/config.php                              |  2 +-
 setup/lang/phpgw_en.lang                      | 11 ++++
 setup/manageheader.php                        | 28 +++++++++--
 setup/templates/default/config.tpl            | 13 ++++-
 setup/templates/default/login_main.tpl        | 12 +++--
 .../templates/default/login_stage_header.tpl  | 24 ++++++---
 setup/templates/default/manageheader.tpl      | 12 +++--
 11 files changed, 156 insertions(+), 30 deletions(-)

diff --git a/header.inc.php.template b/header.inc.php.template
index 50ec1425c5..02fe8c35e9 100644
--- a/header.inc.php.template
+++ b/header.inc.php.template
@@ -20,6 +20,7 @@
 
 	define('PHPGW_SERVER_ROOT','{SERVER_ROOT}');
 	define('PHPGW_INCLUDE_ROOT','{INCLUDE_ROOT}');
+	$GLOBALS['phpgw_info']['server']['header_admin_user'] = '{HEADER_ADMIN_USER}';
 	$GLOBALS['phpgw_info']['server']['header_admin_password'] = '{HEADER_ADMIN_PASSWORD}';
 
 	/* eGroupWare domain-specific db settings */{domains}
@@ -92,7 +93,7 @@
 	$GLOBALS['phpgw_info']['server']['versions']['phpgwapi'] = $setup_info['phpgwapi']['version'];
 	$GLOBALS['phpgw_info']['server']['versions']['current_header'] = $setup_info['phpgwapi']['versions']['current_header'];
 	unset($setup_info);
-	$GLOBALS['phpgw_info']['server']['versions']['header'] = '1.25';
+	$GLOBALS['phpgw_info']['server']['versions']['header'] = '1.26';
 	/* This is a fix for NT */
 	if(!isset($GLOBALS['phpgw_info']['flags']['noapi']) || !$GLOBALS['phpgw_info']['flags']['noapi'] == True)
 	{
@@ -105,7 +106,7 @@
 	  Leave off the final php closing tag, some editors will add
 	  a \n or space after which will mess up cookies later on
 	*/<!-- BEGIN domain -->
-	$GLOBALS['phpgw_domain']['{DB_DOMAIN}'] = array (
+	$GLOBALS['phpgw_domain']['{DB_DOMAIN}'] = array(
 		'db_host' => '{DB_HOST}',
 		'db_port' => '{DB_PORT}',
 		'db_name' => '{DB_NAME}',
@@ -114,6 +115,7 @@
 		// Look at the README file
 		'db_type' => '{DB_TYPE}',
 		// This will limit who is allowed to make configuration modifications
+		'config_user'   => '{CONFIG_USER}',
 		'config_passwd' => '{CONFIG_PASS}'
 	);
 
diff --git a/phpgwapi/inc/class.setup.inc.php b/phpgwapi/inc/class.setup.inc.php
index 0105056446..353c3d9656 100644
--- a/phpgwapi/inc/class.setup.inc.php
+++ b/phpgwapi/inc/class.setup.inc.php
@@ -126,20 +126,35 @@
 		function auth($auth_type='Config')
 		{
 			#phpinfo();
-			$remoteip     = $_SERVER['REMOTE_ADDR'];
+			#$remoteip   = $_SERVER['REMOTE_ADDR'];
 
-			$FormLogout   = get_var('FormLogout',  array('GET','POST'));
+			$FormLogout = get_var('FormLogout',  array('GET','POST'));
 			if(!$FormLogout)
 			{
 				$ConfigLogin  = get_var('ConfigLogin', array('POST'));
 				$HeaderLogin  = get_var('HeaderLogin', array('POST'));
 				$FormDomain   = get_var('FormDomain',  array('POST'));
+				$FormUser     = get_var('FormUser',    array('POST'));
 				$FormPW       = get_var('FormPW',      array('POST'));
 
 				$this->ConfigDomain = get_var('ConfigDomain',array('POST','COOKIE'));
+				$ConfigUser   = get_var('ConfigUser',  array('POST','COOKIE'));
 				$ConfigPW     = get_var('ConfigPW',    array('POST','COOKIE'));
+				$HeaderUser   = get_var('HeaderUser',  array('POST','COOKIE'));
 				$HeaderPW     = get_var('HeaderPW',    array('POST','COOKIE'));
 				$ConfigLang   = get_var('ConfigLang',  array('POST','COOKIE'));
+
+				/* Setup defaults to aid in header upgrade to version 1.26.
+				 * This was the first version to include the following values.
+				 */
+				if(!@isset($GLOBALS['phpgw_domain'][$FormDomain]['config_user']))
+				{
+					@$GLOBALS['phpgw_domain'][$FormDomain]['config_user'] = 'admin';
+				}
+				if(!@isset($GLOBALS['phpgw_info']['server']['header_admin_user']))
+				{
+					@$GLOBALS['phpgw_info']['server']['header_admin_user'] = 'admin';
+				}
 			}
 
 			/* if(!empty($remoteip) && !$this->checkip($remoteip)) { return False; } */
@@ -150,6 +165,7 @@
 				case 'config':
 					/* config logout */
 					$expire = time() - 86400;
+					$this->set_cookie('ConfigUser','',$expire,'/');
 					$this->set_cookie('ConfigPW','',$expire,'/');
 					$this->set_cookie('ConfigDomain','',$expire,'/');
 					$this->set_cookie('ConfigLang','',$expire,'/');
@@ -160,6 +176,7 @@
 				case 'header':
 					/* header admin logout */
 					$expire = time() - 86400;
+					$this->set_cookie('HeaderUser','',$expire,'/');
 					$this->set_cookie('HeaderPW','',$expire,'/');
 					$this->set_cookie('ConfigLang','',$expire,'/');
 					$GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = lang('You have successfully logged out');
@@ -177,8 +194,13 @@
 					if(!empty($HeaderLogin))
 					{
 						/* header admin login */
-						if($FormPW == stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password']))
+						/* New test is md5, cleartext version is for header < 1.26 */
+						if($FormUser == stripslashes($GLOBALS['phpgw_info']['server']['header_admin_user']) &&
+							(md5($FormPW) == stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password']) ||
+							$FormPW == stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password']))
+						)
 						{
+							$this->set_cookie('HeaderUser',"$FormUser",$expire,'/');
 							$this->set_cookie('HeaderPW',"$FormPW",$expire,'/');
 							$this->set_cookie('ConfigLang',"$ConfigLang",$expire,'/');
 							return True;
@@ -193,8 +215,13 @@
 					elseif(!empty($HeaderPW) && $auth_type == 'Header')
 					{
 						// Returning after login to header admin
-						if($HeaderPW == stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password']))
+						/* New test is md5, cleartext version is for header < 1.26 */
+						if($HeaderUser == stripslashes($GLOBALS['phpgw_info']['server']['header_admin_user']) &&
+							(md5($HeaderPW) == stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password']) ||
+							$HeaderPW == stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password']))
+						)
 						{
+							$this->set_cookie('HeaderUser',"$HeaderUser",$expire,'/');
 							$this->set_cookie('HeaderPW',"$HeaderPW",$expire,'/');
 							$this->set_cookie('ConfigLang',"$ConfigLang",$expire,'/');
 							return True;
@@ -211,8 +238,14 @@
 					if(!empty($ConfigLogin))
 					{
 						/* config login */
-						if(isset($GLOBALS['phpgw_domain'][$FormDomain]) && $FormPW == stripslashes(@$GLOBALS['phpgw_domain'][$FormDomain]['config_passwd']))
+						/* New test is md5, cleartext version is for header < 1.26 */
+						if(isset($GLOBALS['phpgw_domain'][$FormDomain]) &&
+							$FormUser == stripslashes(@$GLOBALS['phpgw_domain'][$FormDomain]['config_user']) &&
+							(md5($FormPW) == stripslashes(@$GLOBALS['phpgw_domain'][$FormDomain]['config_passwd']) ||
+							$FormPW == stripslashes(@$GLOBALS['phpgw_domain'][$FormDomain]['config_passwd']))
+						)
 						{
+							$this->set_cookie('ConfigUser',"$FormUser",$expire,'/');
 							$this->set_cookie('ConfigPW',"$FormPW",$expire,'/');
 							$this->set_cookie('ConfigDomain',"$FormDomain",$expire,'/');
 							/* Set this now since the cookie will not be available until the next page load */
@@ -230,8 +263,13 @@
 					elseif(!empty($ConfigPW))
 					{
 						// Returning after login to config
-						if($ConfigPW == stripslashes($GLOBALS['phpgw_domain'][$this->ConfigDomain]['config_passwd']))
+						/* New test is md5, cleartext version is for header < 1.26 */
+						if($ConfigUser == stripslashes($GLOBALS['phpgw_domain'][$this->ConfigDomain]['config_user']) &&
+							(md5($ConfigPW) == stripslashes($GLOBALS['phpgw_domain'][$this->ConfigDomain]['config_passwd']) ||
+							$ConfigPW == stripslashes($GLOBALS['phpgw_domain'][$this->ConfigDomain]['config_passwd']))
+						)
 						{
+							$this->set_cookie('ConfigUser',"$ConfigUser",$expire,'/');
 							$this->set_cookie('ConfigPW',"$ConfigPW",$expire,'/');
 							$this->set_cookie('ConfigDomain',$this->ConfigDomain,$expire,'/');
 							$this->set_cookie('ConfigLang',"$ConfigLang",$expire,'/');
diff --git a/phpgwapi/inc/class.setup_html.inc.php b/phpgwapi/inc/class.setup_html.inc.php
index 237de35d03..a16604d120 100644
--- a/phpgwapi/inc/class.setup_html.inc.php
+++ b/phpgwapi/inc/class.setup_html.inc.php
@@ -43,7 +43,14 @@
 				$GLOBALS['header_template']->set_var('DB_DOMAIN',$v);
 				while(list($x,$y) = @each($dom))
 				{
-					$GLOBALS['header_template']->set_var(strtoupper($x),$y);
+					if(strtoupper($x) == 'CONFIG_PASS' || strtoupper($x) == 'CONFIG_PASSWORD')
+					{
+						$GLOBALS['header_template']->set_var(strtoupper($x),md5($y));
+					}
+					else
+					{
+						$GLOBALS['header_template']->set_var(strtoupper($x),$y);
+					}
 				}
 				/* If the admin didn't select a db_port, set to the default */
 				if(!$dom['db_port'])
@@ -58,7 +65,15 @@
 			$setting = get_var('setting',Array('POST'));
 			while($setting && list($k,$v) = @each($setting))
 			{
-				$var[strtoupper($k)] = $v;
+				if(strtoupper($k) == 'HEADER_ADMIN_PASSWORD' ||
+					strtoupper($k) == 'HEADER_PASSWORD')
+				{
+					$var[strtoupper($k)] = md5($v);
+				}
+				else
+				{
+					$var[strtoupper($k)] = $v;
+				}
 			}
 			$GLOBALS['header_template']->set_var($var);
 			return $GLOBALS['header_template']->parse('out','header');
@@ -163,6 +178,13 @@
 			/* begin use TEMPLATE login_main.tpl */
 			$GLOBALS['setup_tpl']->set_var('ConfigLoginMSG',@$GLOBALS['phpgw_info']['setup']['ConfigLoginMSG']);
 			$GLOBALS['setup_tpl']->set_var('HeaderLoginMSG',@$GLOBALS['phpgw_info']['setup']['HeaderLoginMSG']);
+			$GLOBALS['setup_tpl']->set_var('lang_header_username',lang('Header Username'));
+			$GLOBALS['setup_tpl']->set_var('lang_header_password',lang('Header Password'));
+			$GLOBALS['setup_tpl']->set_var('lang_header_login',lang('Header Admin Login'));
+			$GLOBALS['setup_tpl']->set_var('lang_config_login',lang('Setup/Config Admin Login'));
+			$GLOBALS['setup_tpl']->set_var('lang_config_username',lang('Config Username'));
+			$GLOBALS['setup_tpl']->set_var('lang_config_password',lang('Config Password'));
+			$GLOBALS['setup_tpl']->set_var('lang_domain',lang('Domain'));
 
 			$GLOBALS['setup_tpl']->set_var('lang_select',lang_select());
 
diff --git a/phpgwapi/setup/setup.inc.php b/phpgwapi/setup/setup.inc.php
index 5a710b32a4..6eed6ebd10 100755
--- a/phpgwapi/setup/setup.inc.php
+++ b/phpgwapi/setup/setup.inc.php
@@ -16,7 +16,7 @@
 	$setup_info['phpgwapi']['name']      = 'phpgwapi';
 	$setup_info['phpgwapi']['title']     = 'phpgwapi';
 	$setup_info['phpgwapi']['version']   = '0.9.99.010';
-	$setup_info['phpgwapi']['versions']['current_header'] = '1.25';
+	$setup_info['phpgwapi']['versions']['current_header'] = '1.26';
 	$setup_info['phpgwapi']['enable']    = 3;
 	$setup_info['phpgwapi']['app_order'] = 1;
 
diff --git a/setup/config.php b/setup/config.php
index 12fcd09a69..f57186e19b 100644
--- a/setup/config.php
+++ b/setup/config.php
@@ -226,7 +226,7 @@
 				case 'value':
 					$newval = str_replace(' ','_',$newval);
 					/* Don't show passwords in the form */
-					if(ereg('passwd',$value) || ereg('password',$value) || ereg('root_pw',$value))
+					if(strstr($value,'passwd') || strstr($value,'password') || strstr($value,'root_pw'))
 					{
 						$t->set_var($value,'');
 					}
diff --git a/setup/lang/phpgw_en.lang b/setup/lang/phpgw_en.lang
index ae40bc48db..853607dd3b 100644
--- a/setup/lang/phpgw_en.lang
+++ b/setup/lang/phpgw_en.lang
@@ -306,6 +306,7 @@ setup main menu	setup	en	Setup Main Menu
 setup the database	setup	en	Setup the database
 show 'powered by' logo on	setup	en	Show 'powered by' logo on
 some or all of its tables are missing	setup	en	Some or all of its tables are missing
+SQL encryption type	setup	en	SQL encryption type for passwords (default - md5)
 start the postmaster	setup	en	Start the postmaster
 status	setup	en	Status
 step 1 - simple application management	setup	en	Step 1 - Simple Application Management
@@ -377,7 +378,9 @@ you appear to have oracle v8 (oci) support enabled	setup	en	You appear to have O
 you appear to have postgresql support enabled	setup	en	You appear to have PostgreSQL support enabled
 you appear to have xml support enabled	setup	en	You appear to have XML support enabled
 you are ready for this stage, but this stage is not yet written.<br>	setup	en	You are ready for this stage, but this stage is not yet written.<br>
+you didn't enter a config username for domain %1	setup	en	You didn't enter a config username for domain %1
 you didn't enter a config password for domain %1	setup	en	You didn't enter a config password for domain %1
+you didn't enter a header admin username	setup	en	You didn't enter a header admin username 
 you didn't enter a header admin password	setup	en	You didn't enter a header admin password
 you do not have any languages installed. please install one now <br>	setup	en	You do not have any languages installed. Please install one now <br>
 you have not created your header.inc.php yet!<br> you can create it now.	setup	en	You have not created your header.inc.php yet!<br> You can create it now.
@@ -398,3 +401,11 @@ your header.inc.php needs upgrading.<br><blink><b class="msg">warning!</b></blin
 your tables are current	setup	en	Your tables are current
 your tables may be altered and you may lose data	setup	en	Your tables may be altered and you may lose data.
 your tables will be dropped and you will lose data	setup	en	Your tables will be dropped and you will lose data !!
+config username	setup	en	Config Username
+config password	setup	en	Config Password
+configuration user	setup	en	Configuration User
+admin user for header manager	setup	en	Admin user for header manager
+header username	setup	en	Header Username
+header password	setup	en	Header Password
+setup/config admin login	setup	en	Setup/Config Admin Login
+header admin login	setup	en	Header Admin Login
diff --git a/setup/manageheader.php b/setup/manageheader.php
index b2d5e55810..21c13f7612 100644
--- a/setup/manageheader.php
+++ b/setup/manageheader.php
@@ -69,17 +69,25 @@
 				continue;
 			}
 			$dom = get_var('setting_'.$variableName,Array('POST'));
-			if(!$dom['config_pass'])
+			if(!$dom['config_pass'] && !$dom['config_password'])
 			{
 				$errors .= '<br>' . lang("You didn't enter a config password for domain %1",$v);
 			}
+			if(!$dom['config_user'])
+			{
+				$errors .= '<br>' . lang("You didn't enter a config username for domain %1",$v);
+			}
 		}
 
 		$setting = get_var('setting',Array('POST'));
-		if(!$setting['HEADER_ADMIN_PASSWORD'])
+		if(!$setting['HEADER_ADMIN_PASSWORD'] && !$setting['HEADER_ADMIN_PASS'])
 		{
 			$errors .= '<br>' . lang("You didn't enter a header admin password");
 		}
+		if(!$setting['HEADER_ADMIN_USER'])
+		{
+			$errors .= '<br>' . lang("You didn't enter a header admin username");
+		}
 
 		if($errors)
 		{
@@ -349,6 +357,7 @@
 					$setup_tpl->set_var('db_user','egroupware');
 					$setup_tpl->set_var('db_pass','your_password');
 					$setup_tpl->set_var('db_type','mysql');
+					$setup_tpl->set_var('config_user','changeme');
 					$setup_tpl->set_var('config_pass','changeme');
 					while(list($k,$v) = @each($supported_db))
 					{
@@ -378,6 +387,9 @@
 					$GLOBALS['phpgw_info']['server']['default_domain'] = $default_domain[0];
 					unset($default_domain); // we kill this for security reasons
 					$GLOBALS['phpgw_info']['server']['config_passwd'] = $GLOBALS['phpgw_domain'][$GLOBALS['phpgw_info']['server']['default_domain']]['config_passwd'];
+					$GLOBALS['phpgw_info']['server']['config_user'] = $GLOBALS['phpgw_domain'][$GLOBALS['phpgw_info']['server']['default_domain']]['config_user'];
+
+
 
 					if(@$adddomain)
 					{
@@ -400,7 +412,9 @@
 						$setup_tpl->set_var('db_user',$GLOBALS['phpgw_domain'][$key]['db_user']);
 						$setup_tpl->set_var('db_pass',$GLOBALS['phpgw_domain'][$key]['db_pass']);
 						$setup_tpl->set_var('db_type',$GLOBALS['phpgw_domain'][$key]['db_type']);
-						$setup_tpl->set_var('config_pass',$GLOBALS['phpgw_domain'][$key]['config_passwd']);
+						$setup_tpl->set_var('config_user',$GLOBALS['phpgw_domain'][$key]['config_user']);
+						$setup_tpl->set_var('config_pass','');
+						$setup_tpl->set_var('config_password',$GLOBALS['phpgw_domain'][$key]['config_passwd']);
 
 						$selected = '';
 						$dbtype_options = '';
@@ -505,7 +519,9 @@
 
 			$setup_tpl->set_var('server_root',@$GLOBALS['phpgw_info']['server']['server_root']);
 			$setup_tpl->set_var('include_root',@$GLOBALS['phpgw_info']['server']['include_root']);
-			$setup_tpl->set_var('header_admin_password',@$GLOBALS['phpgw_info']['server']['header_admin_password']);
+			$setup_tpl->set_var('header_admin_user',@$GLOBALS['phpgw_info']['server']['header_admin_user']);
+			$setup_tpl->set_var('header_admin_pass',@$GLOBALS['phpgw_info']['server']['header_admin_password']);
+			$setup_tpl->set_var('header_admin_password','');
 
 			if(@$GLOBALS['phpgw_info']['server']['db_persistent'])
 			{
@@ -585,6 +601,7 @@
 			list($firstDomain) = @each($GLOBALS['phpgw_domain']);
 			$setup_tpl->set_var(array(
 				'FormDomain' => $firstDomain,
+				'FormUser'   => $GLOBALS['phpgw_domain'][$firstDomain]['config_user'],
 				'FormPW'     => $GLOBALS['phpgw_domain'][$firstDomain]['config_passwd']
 			));
 			$setup_tpl->set_var('errors',$errors);
@@ -593,6 +610,7 @@
 			$setup_tpl->set_var('lang_adddomain',lang('Add a domain'));
 			$setup_tpl->set_var('lang_serverroot',lang('Server Root'));
 			$setup_tpl->set_var('lang_includeroot',lang('Include Root (this should be the same as Server Root unless you know what you are doing)'));
+			$setup_tpl->set_var('lang_adminuser',lang('Admin user for header manager'));
 			$setup_tpl->set_var('lang_adminpass',lang('Admin password to header manager'));
 			$setup_tpl->set_var('lang_dbhost',lang('DB Host'));
 			$setup_tpl->set_var('lang_dbhostdescr',lang('Hostname/IP of database server'));
@@ -606,6 +624,7 @@
 			$setup_tpl->set_var('lang_dbpassdescr',lang('Password of db user'));
 			$setup_tpl->set_var('lang_dbtype',lang('DB Type'));
 			$setup_tpl->set_var('lang_whichdb',lang('Which database type do you want to use with eGroupWare?'));
+			$setup_tpl->set_var('lang_configuser',lang('Configuration User'));
 			$setup_tpl->set_var('lang_configpass',lang('Configuration Password'));
 			$setup_tpl->set_var('lang_passforconfig',lang('Password needed for configuration'));
 			$setup_tpl->set_var('lang_persist',lang('Persistent connections'));
@@ -622,6 +641,7 @@
 			$setup_tpl->set_var('lang_finaldescr',lang('After retrieving the file, put it into place as the header.inc.php.  Then, click "continue".'));
 			$setup_tpl->set_var('lang_continue',lang('Continue'));
 
+
 			$setup_tpl->pfp('out','manageheader');
 
 			$GLOBALS['phpgw_setup']->html->show_footer();
diff --git a/setup/templates/default/config.tpl b/setup/templates/default/config.tpl
index f7382fd597..537e1df52d 100644
--- a/setup/templates/default/config.tpl
+++ b/setup/templates/default/config.tpl
@@ -133,7 +133,7 @@
     <td colspan="2"><b>{lang_Authentication_/_Accounts}</b></td>
    </tr>
 
-   <tr class="row_off">
+   <tr class="row_on">
     <td>{lang_Select_which_type_of_authentication_you_are_using}:</td>
     <td>
      <select name="newsettings[auth_type]">
@@ -148,7 +148,8 @@
     </td>
    </tr>
 
-   <tr class="row_on">
+
+   <tr class="row_off">
     <td>{lang_Select_where_you_want_to_store/retrieve_user_accounts}:</td>
     <td>
      <select name="newsettings[account_repository]">
@@ -159,6 +160,14 @@
     </td>
    </tr>
 
+   <tr class="row_on">
+    <td>{lang_sql_encryption_type}:</td>
+    <td>
+     <select name="newsettings[sql_encryption_type]">
+{hook_sql_passwdhashes}
+     </select>
+    </td>
+   </tr>
 
    <tr class="row_off">
     <td>{lang_Minimum_account_id_(e.g._500_or_100,_etc.)}:</td>
diff --git a/setup/templates/default/login_main.tpl b/setup/templates/default/login_main.tpl
index 0ab014d5d6..6d0d0a7a91 100644
--- a/setup/templates/default/login_main.tpl
+++ b/setup/templates/default/login_main.tpl
@@ -7,7 +7,7 @@
 	<td colspan="2">&nbsp;</strong></td>
 </tr>
 <tr class="th">
-		<td bgcolor="#cccccc" colspan="2">&nbsp;<strong>Header Admin Login</strong></td>
+		<td bgcolor="#cccccc" colspan="2">&nbsp;<strong>{lang_header_login}</strong></td>
 	</tr>
 	<tr class="row_on">
 		<td colspan="2" class="msg" align="center">{HeaderLoginMSG}</td>
@@ -15,9 +15,15 @@
 	<tr class="row_on">
 		<td>
 	<form action="manageheader.php" method="post" name="admin">
-			Header Password:
-			<input type="password" name="FormPW" value="">
+			{lang_header_username}:
+			<input type="text" name="FormUser" value="">
 			{lang_select}
+		</td>
+	</tr>
+	<tr class="row_on">
+		<td>
+			{lang_header_password}:
+			<input type="password" name="FormPW" value="">
 			<input type="submit" name="Submit" value="Login">
 			<input type="hidden" name="HeaderLogin" value="Login">
 	</form>
diff --git a/setup/templates/default/login_stage_header.tpl b/setup/templates/default/login_stage_header.tpl
index 9bd1e3af8f..af6d07a124 100644
--- a/setup/templates/default/login_stage_header.tpl
+++ b/setup/templates/default/login_stage_header.tpl
@@ -2,7 +2,7 @@
 <tbody>
 <tr class="th">
 		<td colspan="2" bgcolor="#cccccc">
-			&nbsp;<strong>Setup/Config Admin Login</strong>
+			&nbsp;<strong>{lang_config_login}</strong>
 		</td>
 	</tr>
 	<tr class="row_on">
@@ -14,33 +14,45 @@
 			<!-- BEGIN B_multi_domain -->
 				<table>
 				<tr>
-					<td>Domain:</td>
+					<td>{lang_domain}:</td>
 					<td colspan="2">
 						<select name="FormDomain">{domains}</select>
 					</td>
 				</tr>
 				<tr>
-					<td>Config Password:</td>
+					<td>{lang_config_username}:</td>
 					<td>
-						<input type="password" name="FormPW" value="">
+						<input type="text" name="FormUser" value="">
 					</td>
 					<td>
 						{lang_select}
 					</td>
 				</tr>
+				<tr>
+					<td>{lang_config_password}:</td>
+					<td>
+						<input type="password" name="FormPW" value="">
+					</td>
+				</tr>
 				</table>
 			<!-- END B_multi_domain -->
 			<!-- &nbsp; stupid seperator -->
 		<!-- BEGIN B_single_domain -->
 				<table>
 				<tr>
-					<td>Config Password:</td>
+					<td>{lang_config_username}:</td>
 					<td>
-						<input type="password" name="FormPW" value="">
+						<input type="text" name="FormUser" value="">
 					</td>
 					<td>
 						{lang_select}
 					</td>
+				</tr>
+				<tr>
+					<td>{lang_config_password}:</td>
+					<td>
+						<input type="password" name="FormPW" value="">
+					</td>
 				</table>
 				<input type="hidden" name="FormDomain" value="{default_domain_zero}">
 		<!-- END B_single_domain -->
diff --git a/setup/templates/default/manageheader.tpl b/setup/templates/default/manageheader.tpl
index fafa46bb38..945278b70a 100644
--- a/setup/templates/default/manageheader.tpl
+++ b/setup/templates/default/manageheader.tpl
@@ -35,7 +35,10 @@
     <td colspan="2"><b>{lang_includeroot}</b><br><input type="text" name="setting[include_root]" size="80" value="{include_root}"></td>
   </tr>
   <tr>
-    <td colspan="2"><b>{lang_adminpass}</b><br><input type="password" name="setting[HEADER_ADMIN_PASSWORD]" size="80" value="{header_admin_password}"></td>
+    <td colspan="2"><b>{lang_adminuser}</b><br><input type="text" name="setting[HEADER_ADMIN_USER]" size="30" value="{header_admin_user}"></td>
+  </tr>
+  <tr>
+    <td colspan="2"><b>{lang_adminpass}</b><br><input type="password" name="setting[HEADER_ADMIN_PASSWORD]" size="80" value="{header_admin_password}"><input type="hidden" name="setting[HEADER_ADMIN_PASS]" value="{header_admin_pass}"></td>
   </tr>
   <br><br>
   <tr>
@@ -93,8 +96,8 @@
  <form action="index.php" method="post">
   <br>{lang_finaldescr}<br>
   <input type="hidden" name="FormLogout"  value="header">
-  <input type="hidden" name="FormLogout"  value="config">
   <input type="hidden" name="ConfigLogin" value="Login">
+  <input type="hidden" name="FormUser"    value="{FormUser}">
   <input type="hidden" name="FormPW"      value="{FormPW}">
   <input type="hidden" name="FormDomain"  value="{FormDomain}">
   <input type="submit" name="junk"        value="{lang_continue}">
@@ -138,7 +141,10 @@
     <td><b>{lang_dbpass}</b><br><input type="password" name="setting_{db_domain}[db_pass]" value="{db_pass}"></td><td>{lang_dbpassdescr}</td>
   </tr>
   <tr>
-    <td><b>{lang_configpass}</b><br><input type="password" name="setting_{db_domain}[config_pass]" value="{config_pass}"></td>
+    <td><b>{lang_configuser}</b><br><input type="text" name="setting_{db_domain}[config_user]" value="{config_user}"></td>
+  </tr>
+  <tr>
+    <td><b>{lang_configpass}</b><br><input type="password" name="setting_{db_domain}[config_pass]" value="{config_pass}"><input type="hidden" name="setting_{db_domain}[config_password]" value="{config_password}"></td>
     <td>{lang_passforconfig}</td>
   </tr>
 <!-- END domain -->