mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-07 16:44:20 +01:00
Added authorization against the setup password
This commit is contained in:
parent
ed3540db30
commit
89afb762df
@ -18,6 +18,12 @@
|
||||
|
||||
$phpgw_info["server"]["api_dir"] = $phpgw_info["server"]["include_root"]."/phpgwapi";
|
||||
|
||||
// Authorize the user to use setup app
|
||||
include("setup_auth.inc.php");
|
||||
// Does not return unless user is authorized
|
||||
echo "<html><head><title>phpGroupWare Setup</title></head>\n";
|
||||
echo "<body bgcolor='#ffffff'>\n";
|
||||
|
||||
/* Database setup */
|
||||
switch($phpgw_info["server"]["db_type"]){
|
||||
case "postgresql":
|
||||
@ -289,3 +295,4 @@
|
||||
</tr>
|
||||
</table>
|
||||
</form>
|
||||
</body></html>
|
||||
|
@ -1,4 +1,4 @@
|
||||
<?
|
||||
<?php
|
||||
/**************************************************************************\
|
||||
* phpGroupWare *
|
||||
* http://www.phpgroupware.org *
|
||||
@ -16,6 +16,12 @@
|
||||
|
||||
$phpgw_info["server"]["api_dir"] = $phpgw_info["server"]["include_root"]."/phpgwapi";
|
||||
|
||||
// Authorize the user to use setup app
|
||||
include("setup_auth.inc.php");
|
||||
// Does not return unless user is authorized
|
||||
echo "<html><head><title>phpGroupWare Setup</title></head>\n";
|
||||
echo "<body bgcolor='#ffffff'>\n";
|
||||
|
||||
/* Database setup */
|
||||
switch($phpgw_info["server"]["db_type"]){
|
||||
case "postgresql":
|
||||
@ -176,5 +182,6 @@
|
||||
}
|
||||
}
|
||||
|
||||
echo "</body></html>";
|
||||
//db->disconnect();
|
||||
?>
|
59
setup/setup_auth.inc.php
Normal file
59
setup/setup_auth.inc.php
Normal file
@ -0,0 +1,59 @@
|
||||
<?php
|
||||
/**************************************************************************\
|
||||
* phpGroupWare *
|
||||
* http://www.phpgroupware.org *
|
||||
* -------------------------------------------- *
|
||||
* This program is free software; you can redistribute it and/or modify it *
|
||||
* under the terms of the GNU General Public License as published by the *
|
||||
* Free Software Foundation; either version 2 of the License, or (at your *
|
||||
* option) any later version. *
|
||||
\**************************************************************************/
|
||||
|
||||
/* $Id$ */
|
||||
|
||||
// Include to check user authorization against the
|
||||
// password in ../header.inc.php to protect all of the setup
|
||||
// pages from unauthorized use.
|
||||
|
||||
function loginForm($err="") {
|
||||
global $PHP_SELF;
|
||||
echo "<html><head><title>phpGroupWare Setup - please Login</title></head>\n";
|
||||
echo "<body bgcolor='#ffffff'>\n";
|
||||
echo "<table border=\"0\" align=\"center\">\n";
|
||||
echo " <tr bgcolor=\"486591\">\n";
|
||||
echo " <td colspan=\"2\"><font color=\"fefefe\"> <b>Setup Login</b></font></td>\n";
|
||||
echo " </tr>\n";
|
||||
if ($err != "") {
|
||||
echo " <tr bgcolor='#e6e6e6'><td colspan='2'><font color='#ff0000'>".$err."</font></td></tr>\n";
|
||||
}
|
||||
echo " <tr bgcolor=\"e6e6e6\">\n";
|
||||
echo " <td><form action='".$PHP_SELF."' method='POST'>\n";
|
||||
echo " <input type='password' name='FormPW' value=''>\n";
|
||||
echo " <input type='submit' name='Login' value='Login'>\n";
|
||||
echo " </form></td>\n";
|
||||
echo " </tr>\n";
|
||||
echo "</table>\n";
|
||||
echo "<!-- cookipw = ".$SetupCookie." should be ".$phpgw_info["server"]["config_passwd"]." -->\n";
|
||||
echo "</body></html>\n";
|
||||
}
|
||||
|
||||
if (isset($FormPW) ) {
|
||||
if ($FormPW != $phpgw_info["server"]["config_passwd"]) {
|
||||
loginForm("Invalid password.");
|
||||
exit;
|
||||
}
|
||||
// Valid login, fall through and set the cookie
|
||||
$SetupCookie = $FormPW;
|
||||
} else if (isset($SetupCookie)) {
|
||||
if ($SetupCookie != $phpgw_info["server"]["config_passwd"]) {
|
||||
setcookie("SetupCookie",""); // scrub the old one
|
||||
loginForm("Invalid session cookie (cookies must be enabled)");
|
||||
exit;
|
||||
}
|
||||
} else {
|
||||
loginForm();
|
||||
exit;
|
||||
}
|
||||
// Auth ok.
|
||||
setcookie("SetupCookie","$SetupCookie");
|
||||
?>
|
Loading…
Reference in New Issue
Block a user