Sfoglia il codice sorgente

Revision de la seguidad para ejecutar el instalar luego de que se instalo el gelato.

ravenlp 17 anni fa
parent
commit
f851b1dc7b
3 ha cambiato i file con 45 aggiunte e 33 eliminazioni
  1. 3 1
      admin/css/style.css
  2. 29 19
      classes/install.class.php
  3. 13 13
      install.php

+ 3 - 1
admin/css/style.css Vedi File

@@ -74,7 +74,9 @@ form.newpost textarea{background: #fff url(images/grad-big.png) top left repeat-
74 74
 form.newpost select{ position:absolute; right:10px; top:1px;}
75 75
 html > body form.newpost select{min-width:100px;}
76 76
 
77
-legend.install{font: normal 16.5px/17px georgia, "times new roman", serif; border: 0; margin-top: 0px; padding-top:0; margin-bottom: 0; padding-bottom: 0; color: #c60; margin-bottom: 10px;}
77
+legend.install{font: normal 16.5px/17px georgia, "times new roman", serif; border: 1px solid #ddd; margin-top: 0px; padding:5px; margin-bottom: 0; color: #c60; margin-bottom: 5px; background-color:#fff;}
78
+fieldset.install{border:1px solid #dfdfdf; padding:10px;}
79
+fieldset.install input.txt{width:468px;}
78 80
 
79 81
 .tabla{  margin:15px 15px; }
80 82
 .entry{ background-color:#efefef; border:1px solid #ccc; margin:20px 15px;}

+ 29 - 19
classes/install.class.php Vedi File

@@ -17,6 +17,8 @@ class Install {
17 17
 		$this->errors_d[6]="Error establishing a database connection";
18 18
 		$this->errors_d[7]="Please add a hostname for the database server";
19 19
 		$this->errors_d[8]="Please name the database";
20
+		$this->errors_d[9]="Password does not match the confirm password";
21
+		$this->errors_d[10]="The login field cannot be empty";
20 22
 	}
21 23
 	
22 24
     function run() {
@@ -157,38 +159,37 @@ class Install {
157 159
 	}
158 160
 	
159 161
 	function is_gelato_installed(){
160
-		if (!$this->check_for_config()){ 
161
-			return false; 
162
-		} else {
163
-			if (!$this->is_db_installed()){
164
-				return false;
162
+		if(file_exists('config.php')) {
163
+			@include("config.php");
164
+			if (!$this->check_for_config()){ 
165
+				return false; 
166
+			} else {
167
+				if (!$this->is_db_installed()){
168
+					return false;
169
+				}
165 170
 			}
166
-			
171
+			return true;
172
+		}else{
173
+			return false;
167 174
 		}
168
-		
169
-		return true;
170 175
 	}
171 176
 	
172 177
 	function is_db_installed(){
173
-			global $db;	
174
-			if (function_exists($db->ejecutarConsulta)){
178
+			$db = new Conexion_Mysql(DB_name, DB_Server, DB_User, DB_Password);	
175 179
 				$sqlStr = "SELECT * FROM `".Table_prefix."config`";
176 180
 				if($db->ejecutarConsulta($sqlStr)) {
177 181
 					return ($db->contarRegistros() > 0);
178
-				}
179
-			} else {
180
-				false;
182
+			}else{
183
+			return false;
181 184
 			}
182 185
 	
183 186
 	}
184 187
 	
185 188
 	function check_for_config(){
186
-		if(!file_exists('config.php')) return false;
187 189
 		if(!defined('DB_Server')) return false;
188 190
 		if(!defined('DB_name')) return false;
189 191
 		if(!defined('DB_User')) return false;
190 192
 		if(!defined('DB_Password')) return false;
191
-		
192 193
 		return true;
193 194
 	}
194 195
 	
@@ -242,11 +243,15 @@ define(\'Absolute_Path\', dirname(__FILE__).DIRECTORY_SEPARATOR);
242 243
 				$sep_err="";
243 244
 				$this->errors = false;
244 245
 				
245
-				if (!$this->data['login'] || !$this->data['db_login']) {
246
+				if (!$this->data['login']) {
246 247
 					$this->errors =$this->errors.$sep_err."1";
247 248
 					$sep_err="|";
248 249
 				}
249
-				if (!$this->data['password'] ||  !$this->data['db_password']) {
250
+				if (!$this->data['db_login']) {
251
+					$this->errors =$this->errors.$sep_err."10";
252
+					$sep_err="|";
253
+				}
254
+				if (!$this->data['password']) {
250 255
 					$this->errors=$this->errors.$sep_err."2";
251 256
 					$sep_err="|";
252 257
 				}
@@ -266,10 +271,15 @@ define(\'Absolute_Path\', dirname(__FILE__).DIRECTORY_SEPARATOR);
266 271
 					$this->errors=$this->errors.$sep_err."8";
267 272
 					$sep_err="|";
268 273
 				}
269
-				if ($this->data['password']!=$_POST['password2'] ||  $_POST['db_password']!=$_POST['db_password2'] ) {
274
+				if ($this->data['password']!=$_POST['password2']) {
270 275
 					$this->errors=$this->errors.$sep_err."3";
271 276
 					$sep_err="|";
272
-				}
277
+				}				
278
+				if ( $_POST['db_password']!=$_POST['db_password2']) {
279
+					$this->errors=$this->errors.$sep_err."9";
280
+					$sep_err="|";
281
+				}				
282
+				
273 283
 				$off_r= split("," , $this->data['time_offsets']);
274 284
 				$this->data['offset_time'] = $off_r[0];
275 285
 				$this->data['offset_city'] = $off_r[1];

+ 13 - 13
install.php Vedi File

@@ -54,41 +54,41 @@ $install->check_form();
54 54
 	
55 55
 		<div class="tabla">
56 56
 			<form action="install.php" method="post" id="config_form" autocomplete="off" class="newpost">
57
-				<fieldset>
57
+				<fieldset class="install">
58 58
 					<legend class="install">Database Settings</legend>
59 59
 					<ul>
60 60
 						<li><label for="login">User:</label>
61
-							<input type="text" name="db_login" id="db_login" value="" class="txt"/><?php echo $install->mostrarerror("1")?></li>
61
+							<input type="text" name="db_login" id="db_login" value="<?php echo $install->data['db_login']?>" class="txt"/><?php echo $install->mostrarerror("10")?></li>
62 62
 						<li><label for="password">Password:</label>
63
-							<input type="password" name="db_password" id="db_password" value="" class="txt"/><?php echo $install->mostrarerror("2")?></li>
63
+							<input type="password" name="db_password" id="db_password" value="" class="txt"/></li>
64 64
 						<li><label for="password2">Re-type password:</label>
65
-							<input type="password" name="db_password2" id="db_password2" value="" class="txt"/><?php echo $install->mostrarerror("3")?></li>						
65
+							<input type="password" name="db_password2" id="db_password2" value="" class="txt"/><?php echo $install->mostrarerror("9")?></li>						
66 66
 						<li><label for="email">Database Host:</label>
67
-							<input type="text" name="db_host" id="db_host" value="localhost" class="txt"/><?php echo $install->mostrarerror("7")?></li>	
67
+							<input type="text" name="db_host" id="db_host" value="<?php echo (!empty($install->data['db_host']))?  $install->data['db_host'] : 'localhost'?>" class="txt"/><?php echo $install->mostrarerror("7")?></li>	
68 68
 						<li><label for="email">Database Name:</label>
69
-							<input type="text" name="db_name" id="db_name" value="gelatocms" class="txt"/><?php echo $install->mostrarerror("8")?></li>											
69
+							<input type="text" name="db_name" id="db_name" value="<?php echo (!empty($install->data['db_name']))?  $install->data['db_name'] : 'gelatocms'?>" class="txt"/><?php echo $install->mostrarerror("8")?></li>											
70 70
 					</ul>
71 71
 				</fieldset><br  />
72
-				<fieldset>
72
+				<fieldset class="install">
73 73
 					<legend class="install">Admin user</legend>
74 74
 					<ul>
75 75
 						<li><label for="login">User:</label>
76
-							<input type="text" name="login" id="login" value="" class="txt"/><?php echo $install->mostrarerror("1")?></li>
76
+							<input type="text" name="login" id="login" value="<?php echo $install->data['login']?>" class="txt"/><?php echo $install->mostrarerror("1")?></li>
77 77
 						<li><label for="password">Password:</label>
78 78
 							<input type="password" name="password" id="password" value="" class="txt"/><?php echo $install->mostrarerror("2")?></li>
79 79
 						<li><label for="password2">Re-type password:</label>
80 80
 							<input type="password" name="password2" id="password2" value="" class="txt"/><?php echo $install->mostrarerror("3")?></li>						
81 81
 						<li><label for="email">E-mail:</label>
82
-							<input type="text" name="email" id="email" value="" class="txt"/><?php echo $install->mostrarerror("4")?></li>						
82
+							<input type="text" name="email" id="email" value="<?php echo $install->data['email']?>" class="txt"/><?php echo $install->mostrarerror("4")?></li>						
83 83
 					</ul>
84 84
 				</fieldset><br  />
85
-				<fieldset>
85
+				<fieldset class="install">
86 86
 					<legend class="install">Tumblelog configuration</legend>
87 87
 					<ul>							
88 88
 						<li><label for="title">Title:</label>
89
-							<input type="text" name="title" id="title" value="" class="txt"/></li>
89
+							<input type="text" name="title" id="title" value="<?php echo $install->data['title']?>" class="txt"/></li>
90 90
 						<li><label for="description">Description:</label>
91
-							<input type="text" name="description" id="description" value="" class="txt"/></li>
91
+							<input type="text" name="description" id="description" value="<?php echo $install->data['description']?>" class="txt"/></li>
92 92
 						<li><label for="url_installation">Installation URL</label>
93 93
 							<input type="text" name="url_installation" id="url_installation" value="<?php if(isset($_SERVER['SCRIPT_URI']))echo substr($_SERVER["SCRIPT_URI"], '0', '-12'); ?>" class="txt"/><?php echo $install->mostrarerror("5")?></li>
94 94
 						<li><label for="posts_limit">Post limit:</label>
@@ -167,7 +167,7 @@ $install->check_form();
167 167
 								<option value="9.50,Australia/Adelaide">(GMT +9:30) Adelaide</option>
168 168
 								<option value="9.50Australia/Darwin">(GMT +9:30) Darwin</option>
169 169
 								<option value="10,Australia/Brisbane">(GMT +10:00) Brisbane, Guam, Port Moresby</option>
170
-								<option value="10,Australia/Canberra">(GMT +10:00) Canberra, Hobart, Melbourne, Sydney, Vladivostok</option>
170
+								<option value="10,Australia/Canberra">(GMT +10:00) Canberra, Hobart, Melbourne, Sydney</option>
171 171
 								<option value="11,Asia/Magadan">(GMT +11:00) Magadan, Soloman Is., New Caledonia</option>
172 172
 								<option value="12,Pacific/Auckland">(GMT +12:00) Auckland, Wellington</option>
173 173
 								<option value="12,Pacific/Fiji">(GMT +12:00) Fiji, Kamchatka, Marshall Is.</option>