diff --git a/setup/inc/class.setup.inc.php b/setup/inc/class.setup.inc.php index 66af438d13..bb068f813b 100644 --- a/setup/inc/class.setup.inc.php +++ b/setup/inc/class.setup.inc.php @@ -27,11 +27,11 @@ */ function loaddb() { - $ConfigDomain = $GLOBALS['HTTP_COOKIE_VARS']['ConfigDomain'] ? $GLOBALS['HTTP_COOKIE_VARS']['ConfigDomain'] : $GLOBALS['HTTP_POST_VARS']['ConfigDomain']; - if(empty($ConfigDomain)) + $GLOBALS['ConfigDomain'] = @$GLOBALS['HTTP_COOKIE_VARS']['ConfigDomain'] ? @$GLOBALS['HTTP_COOKIE_VARS']['ConfigDomain'] : @$GLOBALS['HTTP_POST_VARS']['ConfigDomain']; + if(empty($GLOBALS['ConfigDomain'])) { /* This is to fix the reading of this value immediately after the cookie was set on login */ - $ConfigDomain = $GLOBALS['HTTP_POST_VARS']['FormDomain']; + $GLOBALS['ConfigDomain'] = @$GLOBALS['HTTP_POST_VARS']['FormDomain'] ? @$GLOBALS['HTTP_POST_VARS']['FormDomain'] : 'default'; } /* Database setup */ @@ -39,13 +39,13 @@ { $GLOBALS['phpgw_info']['server']['api_inc'] = PHPGW_SERVER_ROOT . '/phpgwapi/inc'; } - include($GLOBALS['phpgw_info']['server']['api_inc'] . '/class.db_'.$GLOBALS['phpgw_domain'][$ConfigDomain]['db_type'].'.inc.php'); + include($GLOBALS['phpgw_info']['server']['api_inc'] . '/class.db_'.$GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_type'].'.inc.php'); $this->db = new db; - $this->db->Host = $GLOBALS['phpgw_domain'][$ConfigDomain]['db_host']; - $this->db->Type = $GLOBALS['phpgw_domain'][$ConfigDomain]['db_type']; - $this->db->Database = $GLOBALS['phpgw_domain'][$ConfigDomain]['db_name']; - $this->db->User = $GLOBALS['phpgw_domain'][$ConfigDomain]['db_user']; - $this->db->Password = $GLOBALS['phpgw_domain'][$ConfigDomain]['db_pass']; + $this->db->Host = $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_host']; + $this->db->Type = $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_type']; + $this->db->Database = $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_name']; + $this->db->User = $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_user']; + $this->db->Password = $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_pass']; } /*! @@ -55,17 +55,15 @@ */ function auth($auth_type = "Config") { - global $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS; - - $FormLogout = $HTTP_GET_VARS['FormLogout'] ? $HTTP_GET_VARS['FormLogout'] : $HTTP_POST_VARS['FormLogout']; - $ConfigLogin = $HTTP_POST_VARS['ConfigLogin'] ? $HTTP_POST_VARS['ConfigLogin'] : $HTTP_COOKIE_VARS['ConfigLogin']; - $HeaderLogin = $HTTP_POST_VARS['HeaderLogin'] ? $HTTP_POST_VARS['HeaderLogin'] : $HTTP_COOKIE_VARS['HeaderLogin']; - $FormDomain = $HTTP_POST_VARS['FormDomain']; - $FormPW = $HTTP_POST_VARS['FormPW']; - $ConfigDomain = $HTTP_POST_VARS['ConfigDomain'] ? $HTTP_POST_VARS['ConfigDomain'] : $HTTP_COOKIE_VARS['ConfigDomain']; - $ConfigPW = $HTTP_POST_VARS['ConfigPW'] ? $HTTP_POST_VARS['ConfigPW'] : $HTTP_COOKIE_VARS['ConfigPW']; - $HeaderPW = $HTTP_COOKIE_VARS['HeaderPW'] ? $HTTP_COOKIE_VARS['HeaderPW'] : $HTTP_POST_VARS['HeaderPW']; - $ConfigLang = $HTTP_POST_VARS['ConfigLang'] ? $HTTP_POST_VARS['ConfigLang'] : $HTTP_COOKIE_VARS['ConfigLang']; + $FormLogout = @$GLOBALS['HTTP_GET_VARS']['FormLogout'] ? @$GLOBALS['HTTP_GET_VARS']['FormLogout'] : @$GLOBALS['HTTP_POST_VARS']['FormLogout']; + $ConfigLogin = @$GLOBALS['HTTP_POST_VARS']['ConfigLogin'] ? @$GLOBALS['HTTP_POST_VARS']['ConfigLogin'] : @$GLOBALS['HTTP_COOKIE_VARS']['ConfigLogin']; + $HeaderLogin = @$GLOBALS['HTTP_POST_VARS']['HeaderLogin'] ? @$GLOBALS['HTTP_POST_VARS']['HeaderLogin'] : @$GLOBALS['HTTP_COOKIE_VARS']['HeaderLogin']; + $FormDomain = @$GLOBALS['HTTP_POST_VARS']['FormDomain']; + $FormPW = @$GLOBALS['HTTP_POST_VARS']['FormPW']; + $ConfigDomain = @$GLOBALS['HTTP_POST_VARS']['ConfigDomain'] ? @$GLOBALS['HTTP_POST_VARS']['ConfigDomain'] : @$GLOBALS['HTTP_COOKIE_VARS']['ConfigDomain']; + $ConfigPW = @$GLOBALS['HTTP_POST_VARS']['ConfigPW'] ? @$GLOBALS['HTTP_POST_VARS']['ConfigPW'] : @$GLOBALS['HTTP_COOKIE_VARS']['ConfigPW']; + $HeaderPW = @$GLOBALS['HTTP_COOKIE_VARS']['HeaderPW'] ? @$GLOBALS['HTTP_COOKIE_VARS']['HeaderPW'] : @$GLOBALS['HTTP_POST_VARS']['HeaderPW']; + $ConfigLang = @$GLOBALS['HTTP_POST_VARS']['ConfigLang'] ? @$GLOBALS['HTTP_POST_VARS']['ConfigLang'] : @$GLOBALS['HTTP_COOKIE_VARS']['ConfigLang']; if (isset($FormLogout) && !empty($FormLogout)) { @@ -79,12 +77,14 @@ setcookie('ConfigDomain'); /* scrub the old one */ setcookie('ConfigLang'); $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = 'You have successfully logged out'; + $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = ''; return False; } elseif($FormLogout == 'header') { setcookie('HeaderPW'); /* scrub the old one */ $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = 'You have successfully logged out'; + $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = ''; return False; } } @@ -96,6 +96,7 @@ setcookie('ConfigDomain'); /* scrub the old one */ setcookie('ConfigLang'); $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = 'Invalid session cookie (cookies must be enabled)'; + $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = ''; return False; } else @@ -119,6 +120,7 @@ else { $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = 'Invalid password'; + $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = ''; return False; } } @@ -132,6 +134,7 @@ else { $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = 'Invalid password'; + $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = ''; return False; } } @@ -142,6 +145,7 @@ { setcookie('HeaderPW'); /* scrub the old one */ $GLOBALS['phpgw_info']['setup']['HeaderLoginMSG'] = 'Invalid session cookie (cookies must be enabled)'; + $GLOBALS['phpgw_info']['setup']['ConfigLoginMSG'] = ''; return False; } else @@ -198,7 +202,6 @@ */ function clear_session_cache() { - $tablenames = @$this->db->table_names(); while(list($key,$val) = @each($tablenames)) { diff --git a/setup/inc/class.setup_html.inc.php b/setup/inc/class.setup_html.inc.php index 567434bcf6..1b1f144cec 100644 --- a/setup/inc/class.setup_html.inc.php +++ b/setup/inc/class.setup_html.inc.php @@ -22,10 +22,12 @@ $setting = $GLOBALS['HTTP_POST_VARS']['setting']; $GLOBALS['header_template']->set_file(array('header' => 'header.inc.php.template')); + $var = Array(); while(list($k,$v) = @each($setting)) { - $GLOBALS['header_template']->set_var(strtoupper($k),$v); + $var[strtoupper($k)] = $v; } + $GLOBALS['header_template']->set_var($var); return $GLOBALS['header_template']->parse('out','header'); } @@ -68,7 +70,7 @@ { $GLOBALS['setup_tpl']->set_var('configdomain',' - ' . lang('Domain') . ': '.$configdomain); } - $GLOBALS['setup_tpl']->set_var('pgw_ver',$phpgw_info['server']['versions']['phpgwapi']); + $GLOBALS['setup_tpl']->set_var('pgw_ver',$GLOBALS['phpgw_info']['server']['versions']['phpgwapi']); $GLOBALS['setup_tpl']->set_var('logoutbutton',$btn_logout); $GLOBALS['setup_tpl']->pparse('out','T_head'); /* $setup_tpl->set_var('T_head',''); */ diff --git a/setup/inc/class.setup_lang.inc.php b/setup/inc/class.setup_lang.inc.php index df6409d693..029ef51054 100644 --- a/setup/inc/class.setup_lang.inc.php +++ b/setup/inc/class.setup_lang.inc.php @@ -34,7 +34,7 @@ */ function phpgw_setup_lang() { - $ConfigLang = $GLOBALS['HTTP_COOKIE_VARS']['ConfigLang'] ? $GLOBALS['HTTP_COOKIE_VARS']['ConfigLang'] : $GLOBALS['HTTP_POST_VARS']['ConfigLang']; + $ConfigLang = @$GLOBALS['HTTP_COOKIE_VARS']['ConfigLang'] ? @$GLOBALS['HTTP_COOKIE_VARS']['ConfigLang'] : @$GLOBALS['HTTP_POST_VARS']['ConfigLang']; if(!$ConfigLang) { diff --git a/setup/inc/functions.inc.php b/setup/inc/functions.inc.php index 96a45eb645..775d915217 100644 --- a/setup/inc/functions.inc.php +++ b/setup/inc/functions.inc.php @@ -12,9 +12,9 @@ /* $Id$ */ /* ######## Start security check ########## */ - $d1 = strtolower(substr($GLOBALS['phpgw_info']['server']['api_inc'],0,3)); - $d2 = strtolower(substr($GLOBALS['phpgw_info']['server']['server_root'],0,3)); - $d3 = strtolower(substr($GLOBALS['phpgw_info']['server']['app_inc'],0,3)); + $d1 = strtolower(substr(@$GLOBALS['phpgw_info']['server']['api_inc'],0,3)); + $d2 = strtolower(substr(@$GLOBALS['phpgw_info']['server']['server_root'],0,3)); + $d3 = strtolower(substr(@$GLOBALS['phpgw_info']['server']['app_inc'],0,3)); if($d1 == 'htt' || $d1 == 'ftp' || $d2 == 'htt' || $d2 == 'ftp' || $d3 == 'htt' || $d3 == 'ftp') { echo 'Failed attempt to break in via an old Security Hole!
'; diff --git a/setup/index.php b/setup/index.php index 923148fb90..a64b717b3e 100644 --- a/setup/index.php +++ b/setup/index.php @@ -18,7 +18,7 @@ */ $DEBUG = False; - $phpgw_info = array(); + $GLOBALS['phpgw_info'] = array(); $GLOBALS['phpgw_info']['flags'] = array( 'noheader' => True, 'nonavbar' => True, @@ -64,14 +64,15 @@ $phpgw_setup->show_header(lang('Please login'),True); $phpgw_setup->login_form(); $phpgw_setup->show_footer(); - - /* Add cleaning of app_sessions per skeeter, but with a check for the table being there, just in case */ - $phpgw_setup->clear_session_cache(); exit; } - // Database actions $phpgw_setup->loaddb(); + + /* Add cleaning of app_sessions per skeeter, but with a check for the table being there, just in case */ + $phpgw_setup->clear_session_cache(); + + // Database actions $setup_info = $phpgw_setup->get_versions(); $GLOBALS['phpgw_info']['setup']['stage']['db'] = $phpgw_setup->check_db(); if ($GLOBALS['phpgw_info']['setup']['stage']['db'] != 1) @@ -91,7 +92,7 @@ //$action = 'Upgrade'; // end DEBUG code - switch($HTTP_POST_VARS['action']) + switch(@$GLOBALS['HTTP_POST_VARS']['action']) { case 'Uninstall all applications': $subtitle = lang('Deleting Tables'); @@ -129,9 +130,9 @@ $GLOBALS['phpgw_info']['setup']['stage']['db'] = 6; break; } - $setup_tpl->set_var('subtitle',$subtitle); - $setup_tpl->set_var('submsg',$submsg); - $setup_tpl->set_var('subaction',lang($subaction)); + $setup_tpl->set_var('subtitle',@$subtitle); + $setup_tpl->set_var('submsg',@$submsg); + $setup_tpl->set_var('subaction',lang(@$subaction)); // Old PHP if (phpversion() < '3.0.16') @@ -155,8 +156,6 @@ $setup_tpl->set_var('db_step_text',lang('Step 1 - Simple Application Management')); - $ConfigDomain = $HTTP_COOKIE_VARS['ConfigDomain'] ? $HTTP_COOKIE_VARS['ConfigDomain'] : $HTTP_POST_VARS['ConfigDomain']; - switch($GLOBALS['phpgw_info']['setup']['stage']['db']) { case 1: @@ -165,7 +164,7 @@ $setup_tpl->set_var('notcomplete',lang('not complete')); $setup_tpl->set_var('oncesetup',lang('Once the database is setup correctly')); $setup_tpl->set_var('createdb',lang('Or we can attempt to create the database for you:')); - switch ($phpgw_domain[$ConfigDomain]['db_type']) + switch ($phpgw_domain[$GLOBALS['ConfigDomain']]['db_type']) { case 'mysql': $setup_tpl->set_var('instr',lang('mysqlinstr')); @@ -391,15 +390,7 @@ reset ($GLOBALS['phpgw_info']['setup']['installed_langs']); while (list ($key, $value) = each ($GLOBALS['phpgw_info']['setup']['installed_langs'])) { - if (!$notfirst) - { - $langs_list = $value; - } - else - { - $langs_list = $langs_list .', ' .$value; - } - $notfirst = True; + $langs_list = ($langs_list?$langs_list.', ':'') . $value; } $setup_tpl->set_var('lang_status_img',$completed); @@ -440,7 +431,7 @@ break; } - $phpgw_setup->show_header($GLOBALS['phpgw_info']['setup']['header_msg'],False,'config',$ConfigDomain . '(' . $phpgw_domain[$ConfigDomain]['db_type'] . ')'); + $phpgw_setup->show_header($GLOBALS['phpgw_info']['setup']['header_msg'],False,'config',$GLOBALS['ConfigDomain'] . '(' . $GLOBALS['phpgw_domain'][$GLOBALS['ConfigDomain']]['db_type'] . ')'); $setup_tpl->pparse('out','T_setup_main'); $phpgw_setup->show_footer(); ?>