Navigation

← Previous Changeset
Next Changeset →

Changeset 1687

Timestamp:

02/13/2008 05:49:06 PM (9 months ago)

Author:

driehle

Message:

finished installer for Jlog 1.1.0
==============================================
- restricted access to admin/update.php with

password only

- forward all requests to admin/update.php as

long as update script didn't run

Files:

trunk/admin/update.php (modified) (4 diffs)
trunk/scripts/prepend.inc.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/admin/update.php

r1667	r1687
22	22	require('..'.DIRECTORY_SEPARATOR.'scripts'.DIRECTORY_SEPARATOR.'version.inc.php');
23	23
24
	24
25	25	$c['meta']['title'] = "Update";
26	26	$c['main'] = "<h2>Update von <var>1.0.2</var> auf <var>1.1.0</var></h2>";
…	…
28	28	if(!isset($_POST['update'])) {
29	29	$c['main'] .= "<form action='".$_SERVER['PHP_SELF']."' method='post'>
30		<p><label for='language'>Bitte wÃ€hlen Sie die gewÃŒnschte Sprache fÃŒr Ihren Weblog:</label><br />
	30	<p><label for='password'>Bitte geben Sie Ihr aktuelles Administrator-Passwort ein (zum Schutz gegen unbefugtes Aufrufen dieses Scriptes):</label><br />
	31	<input type='password' name='password' id='password' value='' /></p>
	32	<p><label for='language'>Bitte wÃ€hlen Sie die gewÃŒnschte Sprache fÃŒr Ihren Weblog:</label><br />
31	33	<select class='userdata' id='language' name='jlog_language'>";
32	34	foreach($languages as $lang) {
…	…
46	48	}
47	49	else {
48		require(JLOG_BASEPATH."scripts".DIRECTORY_SEPARATOR."settings.class.php");
	50	/**
	51	* Wir mÃŒssen an dieser Stelle das Administrator-Passwort prÃŒfen, wÃŒrde ich
	52	* hierfÃŒr /personal/settings.inc.php einbinden, um die Konstante
	53	* JLOG_ADMIN_PASSWORT zu erhalten, wÃŒrde mir gleichzeitig /scripts/prepend.inc.php
	54	* eingebunden werden, was weiteren Code ausfÃŒhren wÃŒrde, welcher letztendlich
	55	* eine Endlosschleife ergÃ€be (Redirect auf dieses Script).
	56	*
	57	* Aus diesem Grund mÃŒssen wir es wohl etwas komplizierter machen und den
	58	* Passwort-Hash von Hand auslesen, welcher ungefÃ€hr so aussieht:
	59	*
	60	* define('JLOG_ADMIN_PASSWORD', '3858f62230ac3c915f300c664312c63f');
	61	**/
	62	$lines = file(JLOG_BASEPATH."personal".DIRECTORY_SEPARATOR."settings.inc.php");
	63	$password_hash = '';
	64	foreach($lines as $line) {
	65	if(preg_match("/'JLOG_ADMIN_PASSWORD', '([^']*)'/", $line, $result)) {
	66	$password_hash = $result[1];
	67	break;
	68	}
	69	}
49	70
50		$update = new Settings($l);
51		$update->get_data();
52		$update->get_userdata();
53		$errors = $update->do_settings();
54
55		if($_POST['languagekeep'] == 'yes') {
56		rename(JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang.inc.php", JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang.OldLanguage.inc.php");
57		rename(JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang-admin.inc.php", JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang-admin.OldLanguage.inc.php");
	71	if(md5($_POST['password']) !== $password_hash) {
	72	$errors[] = 'Administrator-Passwort fehlerhaft!';
58	73	}
59		else {
60		unlink(JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang.inc.php");
61		unlink(JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang-admin.inc.php");
	74	if(!in_array($_POST['languagekeep'], array('yes', 'no'))) {
	75	$errors[] = 'Bitte Auswahl treffen, ob Sie die alten Sprachdateien behalten mÃ¶chten oder nicht.';
62	76	}
63	77
64	78	if(empty($errors)) {
	79	require(JLOG_BASEPATH."scripts".DIRECTORY_SEPARATOR."settings.class.php");
	80
	81	$update = new Settings($l);
	82	$update->get_data();
	83	$update->get_userdata();
	84	$errors = $update->do_settings();
	85
	86	if($_POST['languagekeep'] == 'yes') {
	87	$f1 = @rename(JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang.inc.php", JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang.OLD.inc.php");
	88	$f2 = @rename(JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang-admin.inc.php", JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang-admin.OLD.inc.php");
	89	// falls umbenennen scheitert, es mit kopieren und lÃ¶schen probieren
	90	if($f1 === false) {
	91	@copy(JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang.inc.php", JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang.OLD.inc.php");
	92	@unlink(JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang.inc.php");
	93	}
	94	if($f2 === false) {
	95	@copy(JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang-admin.inc.php", JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang-admin.OLD.inc.php");
	96	@unlink(JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang-admin.inc.php");
	97	}
	98	}
	99	else {
	100	@unlink(JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang.inc.php");
	101	@unlink(JLOG_BASEPATH."lang".DIRECTORY_SEPARATOR."lang-admin.inc.php");
	102	}
	103
65	104	require(JLOG_BASEPATH."scripts".DIRECTORY_SEPARATOR."update.php");
66	105	$c['main'] .= "<p>Update erfolgreich, <a href='../'>Viel SpaÃ</a>!</p>";
…	…
71	110	$c['main'] .= '<li>'.htmlspecialchars($error).'</li>';
72	111	}
73		$c['main'] .= '</ul>';
	112	$c['main'] .= '</ul><p><a href="">Erneut versuchen</a></p>';
74	113	}
75	114	}

trunk/scripts/prepend.inc.php

r1665	r1687
11	11
12	12	// need this in every page
	13	if(!defined('JLOG_LANGUAGE')) {
	14	if(dirname($_SERVER['PHP_SELF']) !== "/") $dir = dirname($_SERVER['PHP_SELF']);
	15	header("Location: http://".$_SERVER['HTTP_HOST'].$dir."/admin/update.php");
	16	}
13	17	require_once(JLOG_BASEPATH.'lang'.DIRECTORY_SEPARATOR.'lang.'.JLOG_LANGUAGE.'.inc.php');
14	18	require_once(JLOG_BASEPATH.'scripts'.DIRECTORY_SEPARATOR.'database.class.php');

Navigation

Changeset 1687

Legend:

trunk/admin/update.php

trunk/scripts/prepend.inc.php

Download in other formats: