upgrade version, fix security issue

Author: dweeves

magmi/ReleaseNotes.txt

@@ -1,3 +1,9 @@
+------------------------------------------------
+-     RELEASE NOTES FOR MAGMI 0.7.24           -
+-------------------------------------------------
+
+IMPORTANT Security fix, remove default login magmi:magmi since it can be exploited.
+
 ------------------------------------------------
 -     RELEASE NOTES FOR MAGMI 0.7.23           -
 -------------------------------------------------

magmi/inc/magmi_auth.php

@@ -32,7 +32,9 @@ public function __construct($user,$pass){
 
 
     public function authenticate(){
-		if (!$this->_hasDB) return ($this->user == 'magmi' && $this->pass == 'magmi');
+        if(!$this->_hasDB) {
+            die("Please create magmi.ini file in magmi/conf directory , by copying & editing magmi.ini.default file and filling appropriate values");
+        }
 		$tn=$this->tablename('admin_user');
         $result = $this->select("SELECT * FROM $tn WHERE username = ?",array($this->user))->fetch(PDO::FETCH_ASSOC);
         return $this->validatePass($result['password'],$this->pass);

magmi/inc/magmi_version.php

@@ -1,5 +1,5 @@
 <?php
     	class Magmi_Version
     	{
-    		 public static $version="0.7.23-git";
+    		 public static $version="0.7.24-git";
     	}

magmi/web/security.php

@@ -39,7 +39,7 @@ function authenticate($username="",$password=""){
 if (!isset($_SERVER['PHP_AUTH_USER'])) {
     header('WWW-Authenticate:Basic realm="Magmi"');
     header('HTTP/1.0 401 Unauthorized');
-    echo 'You must be logged in to use Magmi';
+    echo 'You must be logged into magento admin to use Magmi';
     die();
 } else {
     if (!authenticate($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW'])){