[CS-Project-svn_notify] SF.net SVN: cs-project: [768] trunk/includes/setup.inc

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 768
          http://cs-project.svn.sourceforge.net/cs-project/?rev=768&view=rev
Author:   crazedsanity
Date:     2008-01-31 20:55:51 -0800 (Thu, 31 Jan 2008)

Log Message:
-----------
Protect setup system from potential evil-doers.

AFFECTS ISSUE:::
#34: Protect Setup System

Modified Paths:
--------------
    trunk/includes/setup.inc

Modified: trunk/includes/setup.inc
===================================================================

--- trunk/includes/setup.inc	2008-01-31 23:19:33 UTC (rev 767)
+++ trunk/includes/setup.inc	2008-02-01 04:55:51 UTC (rev 768)
@@ -4,10 +4,10 @@
  * 
  * SVN INFORMATION:::
  * ------------------
- * Last Author::::::::: $Author$ 
- * Current Revision:::: $Revision$ 
- * Repository Location: $HeadURL$ 
- * Last Updated:::::::: $Date$
+ * Last Author::::::::: $Author:crazedsanity $ 
+ * Current Revision:::: $Revision:638 $ 
+ * Repository Location: $HeadURL:https://cs-project.svn.sourceforge.net/svnroot/cs-project/trunk/includes/setup.inc $ 
+ * Last Updated:::::::: $Date:2007-11-20 11:04:59 -0600 (Tue, 20 Nov 2007) $
  * 
  * TODO: check for the existence of the /lib/config.xml file
  * TODO: if the config.xml exists, check if the database connection works, and if we can get ANY version data: if so, give fatal message saying it won't work.
@@ -19,104 +19,120 @@
 require_once(dirname(__FILE__) .'/../lib/simpletest/unit_tester.php');
 require_once(dirname(__FILE__) .'/../lib/simpletest/reporter.php');
 
-if(!is_numeric($_SESSION['setup']['lastStep'])) {
-	$_SESSION['setup']['lastStep'] = 1;
+$configData = read_config_file(FALSE);
+
+if(strlen($configData['DATABASE__DBNAME'])) {
+	//setup already complete.  Stop 'em.
+	$page->set_message_wrapper(array(
+		'title'		=> "Setup Unavailable",
+		'message'	=> "It appears that CS-Project has already been installed.  Please use " .
+					"the administrative section of the <a href=\"/content/settings\">Settings " .
+					"Tab</a> to make changes to your configuration (<i><b>NOTE:</b> you must be " .
+					"an admin to be able to see administrative options</i>).",
+		'type'		=> "error"
+	));
+	$page->conditional_header('/login.php');
 }
-
-$stepNames = array(
-	1	=> "Database Information",
-	2	=> "Create Database + Build Schema",
-	3	=> "Create Default Values",
-	4	=> "Get Extra Information",
-	5	=> "Write Config File + Tests"
-);
-
-//do some checking to make sure they're not doing something we don't want them to.
-if(count($sectionArr) > 2 || ((count($sectionArr)) == 2 && !is_numeric($sectionArr[1]))) {
-	//too many things in the URL.
-	$page->set_message_wrapper(
-		array(
-			'title'		=> "Invalid URL",
-			'message'	=> "The page you were trying to go view was invalid.",
-			'type'		=> "error"
-		)
+else {
+	//setup hasn't run; we're good.
+	if(!is_numeric($_SESSION['setup']['lastStep'])) {
+		$_SESSION['setup']['lastStep'] = 1;
+	}
+	
+	$stepNames = array(
+		1	=> "Database Information",
+		2	=> "Create Database + Build Schema",
+		3	=> "Create Default Values",
+		4	=> "Get Extra Information",
+		5	=> "Write Config File + Tests"
 	);
-	$page->conditional_header("/setup/". $_SESSION['setup']['lastStep'], TRUE);
-}
-elseif(count($sectionArr) == 2 && is_numeric($sectionArr[1]) && $sectionArr[1] != 1) {
-	if(!is_numeric(get_setup_data($sectionArr[1], 'accessible'))) {
+	
+	//do some checking to make sure they're not doing something we don't want them to.
+	if(count($sectionArr) > 2 || ((count($sectionArr)) == 2 && !is_numeric($sectionArr[1]))) {
+		//too many things in the URL.
 		$page->set_message_wrapper(
 			array(
-				'title'		=> "Incomplete Step",
-				'message'	=> "Tried to go to a step that wasn't complete... ",
+				'title'		=> "Invalid URL",
+				'message'	=> "The page you were trying to go view was invalid.",
 				'type'		=> "error"
 			)
 		);
 		$page->conditional_header("/setup/". $_SESSION['setup']['lastStep'], TRUE);
 	}
-}
-
-
-$page->add_template_var("VERSION_STRING", read_version_file());
-$page->rip_all_block_rows('stepData');
-$page->clear_content('infobar');
-
-
-//determine the current step based on the URL ($sectionArr is provided by contentSystem).
-$currentStep = $sectionArr[1];
-
-
-$tmplStepTitle = "Main Setup Screen";
-foreach($stepNames as $num=>$name) {
-	$stepResult = get_setup_data($num, 'result');
-	if(!is_numeric($stepResult)) {
-		$passFail = "Incomplete";
-		$bgColor  = "yellow";
-		if(strlen(get_setup_data($num, 'text'))) {
-			$stepText = get_setup_data($num, 'text');
+	elseif(count($sectionArr) == 2 && is_numeric($sectionArr[1]) && $sectionArr[1] != 1) {
+		if(!is_numeric(get_setup_data($sectionArr[1], 'accessible'))) {
+			$page->set_message_wrapper(
+				array(
+					'title'		=> "Incomplete Step",
+					'message'	=> "Tried to go to a step that wasn't complete... ",
+					'type'		=> "error"
+				)
+			);
+			$page->conditional_header("/setup/". $_SESSION['setup']['lastStep'], TRUE);
 		}
-		else {
-			$stepText = "Step incomplete...";
-		}
 	}
-	else {
-		$passFail = interpret_bool($stepResult, array('FAIL', 'Pass'));
-		$bgColor = interpret_bool($stepResult, array('red', 'green'));
-		
-		if(strlen(get_setup_data($num, 'text'))) {
-			$stepText = get_setup_data($num, 'text');
+	
+	
+	$page->add_template_var("VERSION_STRING", read_version_file());
+	$page->rip_all_block_rows('stepData');
+	$page->clear_content('infobar');
+	
+	
+	//determine the current step based on the URL ($sectionArr is provided by contentSystem).
+	$currentStep = $sectionArr[1];
+	
+	
+	$tmplStepTitle = "Main Setup Screen";
+	foreach($stepNames as $num=>$name) {
+		$stepResult = get_setup_data($num, 'result');
+		if(!is_numeric($stepResult)) {
+			$passFail = "Incomplete";
+			$bgColor  = "yellow";
+			if(strlen(get_setup_data($num, 'text'))) {
+				$stepText = get_setup_data($num, 'text');
+			}
+			else {
+				$stepText = "Step incomplete...";
+			}
 		}
 		else {
-			$stepText = "&nbsp;";
+			$passFail = interpret_bool($stepResult, array('FAIL', 'Pass'));
+			$bgColor = interpret_bool($stepResult, array('red', 'green'));
+			
+			if(strlen(get_setup_data($num, 'text'))) {
+				$stepText = get_setup_data($num, 'text');
+			}
+			else {
+				$stepText = "&nbsp;";
+			}
+			
+			store_setup_data($num, 1, 'accessible');
+			if($passFail == 'Pass') {
+				$_SESSION['setup']['lastStep'] = $num;
+			}
 		}
-		
-		store_setup_data($num, 1, 'accessible');
-		if($passFail == 'Pass') {
-			$_SESSION['setup']['lastStep'] = $num;
+		$curStepL = "&nbsp;";
+		$curStepR = "&nbsp;";
+		if($currentStep == $num) {
+			$curStepL = "&gt;";
+			$curStepR = "&lt;";
+			$tmplStepTitle = "Step #". $num .": ". $name;
 		}
+		$repArr = array(
+			'stepNum'		=> $num,
+			'stepName'		=> $name,
+			'passFail'		=> $passFail,
+			'stepBGColor'	=> $bgColor,
+			'stepText'		=> $stepText,
+			'isCurStepL'	=> $curStepL,
+			'isCurStepR'	=> $curStepR
+		);
+		$myRows .= $page->gfObj->mini_parser($page->templateRows['step_data_row'], $repArr, '%%', '%%');
 	}
-	$curStepL = "&nbsp;";
-	$curStepR = "&nbsp;";
-	if($currentStep == $num) {
-		$curStepL = "&gt;";
-		$curStepR = "&lt;";
-		$tmplStepTitle = "Step #". $num .": ". $name;
-	}
-	$repArr = array(
-		'stepNum'		=> $num,
-		'stepName'		=> $name,
-		'passFail'		=> $passFail,
-		'stepBGColor'	=> $bgColor,
-		'stepText'		=> $stepText,
-		'isCurStepL'	=> $curStepL,
-		'isCurStepR'	=> $curStepR
-	);
-	$myRows .= $page->gfObj->mini_parser($page->templateRows['step_data_row'], $repArr, '%%', '%%');
+	$page->add_template_var('stepTitle', $tmplStepTitle);
+	$page->add_template_var('step_data_row', $myRows);
 }
-$page->add_template_var('stepTitle', $tmplStepTitle);
-$page->add_template_var('step_data_row', $myRows);
 
-
 //=============================================================================
 function store_setup_data($step, $data, $type='data') {
 	$_SESSION['setup'][$type][$step] = $data;


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


