[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] phpgwapi/inc/class.setup.inc.php, 1.18
|
From: |
nomail |
|
Subject: |
[Phpgroupware-cvs] phpgwapi/inc/class.setup.inc.php, 1.18 |
|
Date: |
Tue, 27 Jul 2004 12:43:05 +0200 |
Update of /phpgwapi/inc
Modified Files:
Branch:
class.setup.inc.php
date: 2004/07/27 10:43:05; author: skwashd; state: Exp; lines: +88 -60
Log Message:
security fix - sorry if i break head setup - no time to test
=====================================================================
Index: phpgwapi/inc/class.setup.inc.php
diff -u phpgwapi/inc/class.setup.inc.php:1.17
phpgwapi/inc/class.setup.inc.php:1.18
--- phpgwapi/inc/class.setup.inc.php:1.17 Mon Apr 28 08:25:59 2003
+++ phpgwapi/inc/class.setup.inc.php Tue Jul 27 10:43:05 2004
@@ -1,21 +1,23 @@
<?php
- /**************************************************************************\
- * phpGroupWare - Setup *
- * http://www.phpgroupware.org *
- * -------------------------------------------- *
- * This file written by Joseph Engo<address@hidden> *
- * and Dan Kuykendall<address@hidden> *
- * and Mark Peters<address@hidden> *
- * and Miles Lott<address@hidden> *
- * -------------------------------------------- *
- * This program is free software; you can redistribute it and/or modify it *
- * under the terms of the GNU General Public License as published by the *
- * Free Software Foundation; either version 2 of the License, or (at your *
- * option) any later version. *
- \**************************************************************************/
-
- /* $Id$ */
-
+ /**
+ * Setup
+ * @author Joseph Engo<address@hidden>
+ * @author Dan Kuykendall<address@hidden>
+ * @author Mark Peters<address@hidden>
+ * @author Miles Lott<address@hidden>
+ * @copyright Portions Copyright (C) 2001-2004 Free Software Foundation,
Inc. http://www.fsf.org/
+ * @license http://www.fsf.org/licenses/gpl.html GNU General Public
License
+ * @package phpgwapi
+ * @subpackage application
+ * @version $Id$
+ */
+
+ /**
+ * Setup
+ *
+ * @package phpgwapi
+ * @subpackage application
+ */
class setup
{
var $db;
@@ -26,16 +28,24 @@
var $lang = '';
var $html = '';
var $appreg = '';
+
+ /* table name vars */
+ var $tbl_apps;
+ var $tbl_config;
+ var $tbl_hooks;
function setup($html=False, $translation=False)
{
$this->detection =
CreateObject('phpgwapi.setup_detection');
$this->process =
CreateObject('phpgwapi.setup_process');
- $this->appreg =
CreateObject('phpgwapi.app_registry');
/* The setup application needs these */
- $this->html = $html ?
CreateObject('phpgwapi.setup_html') : '';
+ $this->html = $html ?
CreateObject('phpgwapi.setup_html') : '';
$this->translation = $translation ?
CreateObject('phpgwapi.setup_translation') : '';
+
+ //$this->tbl_apps = $this->get_apps_table_name();
+ //$this->tbl_config = $this->get_config_table_name();
+ $this->tbl_hooks = $this->get_hooks_table_name();
}
/*!
@@ -44,17 +54,11 @@
*/
function loaddb()
{
- $GLOBALS['ConfigDomain'] =
get_var('ConfigDomain',array('COOKIE','POST'));
-
- if(empty($GLOBALS['ConfigDomain']))
- {
- /* This is to fix the reading of this value
immediately after the cookie was set on login */
- $GLOBALS['ConfigDomain'] =
get_var('ConfigDomain',Array('DEFAULT','POST'),'default');
- }
+ $GLOBALS['ConfigDomain'] =
get_var('ConfigDomain',array('COOKIE','POST'),$_POST['FormDomain']);
$GLOBALS['phpgw_info']['server']['db_type'] =
$GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_type'];
- $this->db = CreateObject('phpgwapi.db');
+ $this->db = CreateObject('phpgwapi.db');
$this->db->Host =
$GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_host'];
$this->db->Type =
$GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_type'];
$this->db->Database =
$GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_name'];
@@ -69,7 +73,7 @@
*/
function auth($auth_type='Config')
{
- $remoteip = $GLOBALS['REMOTE_ADDR'];
+ $remoteip = $_SERVER['REMOTE_ADDR'];
$FormLogout = get_var('FormLogout',
array('GET','POST'));
$ConfigLogin = get_var('ConfigLogin', array('POST'));
@@ -103,11 +107,11 @@
if(!empty($HeaderLogin) && $auth_type == 'Header')
{
/* header admin login */
- if($FormPW ==
$GLOBALS['phpgw_info']['server']['header_admin_password'])
+ if($FormPW ==
stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password']))
{
-
setcookie('HeaderPW',"$FormPW","$expire");
- header('Location: manageheader.php');
- echo '<meta http-equiv="Refresh"
content="1">' . lang('Please Wait...');
+
setcookie('HeaderPW',md5($FormPW),$expire);
+
setcookie('ConfigLang',$ConfigLang,$expire);
+ return True;
}
else
{
@@ -119,12 +123,12 @@
elseif(!empty($ConfigLogin) && $auth_type == 'Config')
{
/* config login */
- if($FormPW ==
@$GLOBALS['phpgw_domain'][$FormDomain]['config_passwd'])
+ if($FormPW ==
stripslashes(@$GLOBALS['phpgw_domain'][$FormDomain]['config_passwd']))
{
-
setcookie('ConfigPW',"$FormPW","$expire");
-
setcookie('ConfigDomain',"$FormDomain","$expire");
-
setcookie('ConfigLang',"$ConfigLang","$expire");
- echo '<meta http-equiv="Refresh"
content="1">' . lang('Please Wait...');
+ setcookie('ConfigPW', md5($FormPW),
$expire);
+ setcookie('ConfigDomain', $FormDomain,
$expire);
+ setcookie('ConfigLang', $ConfigLang,
$expire);
+ return True;
}
else
{
@@ -140,6 +144,7 @@
{
/* config logout */
setcookie('ConfigPW','');
+
$GLOBALS['phpgw_info']['setup']['LastDomain'] = $_COOKIE['ConfigDomain'];
setcookie('ConfigDomain','');
$GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = lang('You have successfully
logged out');
setcookie('ConfigLang','');
@@ -161,11 +166,11 @@
elseif(!empty($ConfigPW) && $auth_type == 'Config')
{
/* Returning after login to config */
- if($ConfigPW ==
$GLOBALS['phpgw_domain'][$ConfigDomain]['config_passwd'])
+ if($ConfigPW ==
md5(stripslashes($GLOBALS['phpgw_domain'][$ConfigDomain]['config_passwd'])))
{
-
setcookie('ConfigPW',"$ConfigPW","$expire");
-
setcookie('ConfigDomain',"$ConfigDomain","$expire");
-
setcookie('ConfigLang',"$ConfigLang","$expire");
+ setcookie('ConfigPW', $ConfigPW,
$expire);
+ setcookie('ConfigDomain',
$ConfigDomain, $expire);
+ setcookie('ConfigLang', $ConfigLang,
$expire);
return True;
}
else
@@ -178,9 +183,10 @@
elseif(!empty($HeaderPW) && $auth_type == 'Header')
{
/* Returning after login to header admin */
- if($HeaderPW ==
$GLOBALS['phpgw_info']['server']['header_admin_password'])
+ if($HeaderPW ==
md5(stripslashes($GLOBALS['phpgw_info']['server']['header_admin_password'])))
{
-
setcookie('HeaderPW',"$HeaderPW","$expire");
+ setcookie('HeaderPW', $HeaderPW ,
$expire);
+ setcookie('ConfigLang', $ConfigLang,
$expire);
return True;
}
else
@@ -264,7 +270,7 @@
return False;
}
- $version = ereg_replace('pre','.',$versionstring);
+ $version = str_replace('pre','.',$versionstring);
$varray = explode('.',$version);
$major =
implode('.',array($varray[0],$varray[1],$varray[2]));
@@ -280,7 +286,7 @@
{
$tables = Array();
$tablenames = $this->db->table_names();
- while(list($key,$val) = @each($tablenames))
+ foreach($tablenames as $key => $val)
{
$tables[] = $val['table_name'];
}
@@ -315,8 +321,8 @@
$enable = intval($enable);
/*
- Use old applications table if the currentver is less
than 0.9.10pre8,
- but not if the currentver = '', which probably means
new install.
+ Use old applications table if the currentver is less
than 0.9.10pre8,
+ but not if the currentver = '', which probably means
new install.
*/
if($this->alessthanb($setup_info['phpgwapi']['currentver'],'0.9.10pre8') &&
($setup_info['phpgwapi']['currentver'] != ''))
{
@@ -343,9 +349,20 @@
{
$tables =
implode(',',$setup_info[$appname]['tables']);
}
+ if ($setup_info[$appname]['tables_use_prefix']
== True)
+ {
+ echo $setup_info[$appname]['name'] . '
uses tables_use_prefix, storing '
+ . $setup_info[$appname]['tables_prefix']
+ . ' as prefix for ' .
$setup_info[$appname]['name'] . " tables\n";
+
+ $sql = "INSERT INTO phpgw_config
(config_app,config_name,config_value) "
+ ."VALUES
('".$setup_info[$appname]['name']."','"
+
.$appname."_tables_prefix','".$setup_info[$appname]['tables_prefix']."')";
+
$this->db->query($sql,__LINE__,__FILE__);
+ }
if($use_appid)
{
- $this->db->query("SELECT MAX(app_id)
FROM $appstbl");
+ $this->db->query("SELECT MAX(app_id)
FROM $appstbl",__LINE__,__FILE__);
$this->db->next_record();
if($this->db->f(0))
{
@@ -367,7 +384,8 @@
. $enable . ","
.
intval($setup_info[$appname]['app_order']) . ","
. "'" . $tables . "',"
- . "'" .
$setup_info[$appname]['version'] . "');"
+ . "'" .
$setup_info[$appname]['version'] . "')"
+ ,__LINE__,__FILE__
);
$this->clear_session_cache();
}
@@ -403,7 +421,7 @@
// _debug_array($setup_info[$appname]);
}
- $this->db->query("SELECT COUNT(app_name) FROM $appstbl
WHERE app_name='".$appname."'");
+ $this->db->query("SELECT COUNT(app_name) FROM $appstbl
WHERE app_name='".$appname."'",__LINE__,__FILE__);
$this->db->next_record();
if($this->db->f(0))
{
@@ -450,7 +468,7 @@
// _debug_array($setup_info[$appname]);
}
- $this->db->query("SELECT COUNT(app_name) FROM $appstbl
WHERE app_name='".$appname."'");
+ $this->db->query("SELECT COUNT(app_name) FROM $appstbl
WHERE app_name='".$appname."'",__LINE__,__FILE__);
$this->db->next_record();
if(!$this->db->f(0))
{
@@ -474,7 +492,7 @@
. " WHERE app_name='" . $appname . "'";
//echo $sql; exit;
- $this->db->query($sql);
+ $this->db->query($sql,__LINE__,__FILE__);
}
}
@@ -507,7 +525,7 @@
}
if($setup_info[$appname]['currentver'])
{
- $this->db->query("UPDATE $appstbl SET
app_version='" . $setup_info[$appname]['currentver'] . "' WHERE
app_name='".$appname."'");
+ $this->db->query("UPDATE $appstbl SET
app_version='" . $setup_info[$appname]['currentver'] . "' WHERE
app_name='".$appname."'",__LINE__,__FILE__);
}
return $setup_info;
}
@@ -535,7 +553,7 @@
}
//echo 'DELETING application: ' . $appname;
- $this->db->query("DELETE FROM $appstbl WHERE
app_name='". $appname ."'");
+ $this->db->query("DELETE FROM $appstbl WHERE
app_name='". $appname ."'",__LINE__,__FILE__);
$this->clear_session_cache();
}
@@ -603,11 +621,11 @@
}
/*!
- @function hook
- @abstract call the hooks for a single application
- @param $location hook location - required
- @param $appname application name - optional
- */
+ @function hook
+ @abstract call the hooks for a single application
+ @param $location hook location - required
+ @param $appname application name - optional
+ */
function hook($location, $appname='')
{
if (!is_object($this->hooks))
@@ -786,5 +804,15 @@
return False;
}
}
- }
+
+ function get_hooks_table_name()
+ {
+
if($this->alessthanb($GLOBALS['setup_info']['phpgwapi']['currentver'],'0.9.8pre5')
&& ($GLOBALS['setup_info']['phpgwapi']['currentver'] != ''))
+ {
+ /* No phpgw_hooks table yet. */
+ return False;
+ }
+ return 'phpgw_hooks';
+ }
+}
?>
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] phpgwapi/inc/class.setup.inc.php, 1.18,
nomail <=