From 80c599c5e58dd251ed811d27f0ed3c76cf6ffc48 Mon Sep 17 00:00:00 2001
From: Jamie Furness <jamie@jamierf.co.uk>
Date: Wed, 20 Oct 2010 20:06:01 +0100
Subject: [PATCH] Adding a more user friendly update required message, and
 forcing the admin to enter the database password to perform a database
 update. #30 and #153.

---
 db_update.php           |  35 ++++++++++--
 include/common.php      |   2 +-
 include/functions.php   | 120 ++++++++++++++++++++++++++++++++++++++++
 lang/English/update.php |  16 ++++++
 4 files changed, 166 insertions(+), 7 deletions(-)
 create mode 100644 lang/English/update.php

diff --git a/db_update.php b/db_update.php
index 03a399e56..6369a773d 100644
--- a/db_update.php
+++ b/db_update.php
@@ -106,6 +106,35 @@ function stripslashes_array($array)
 define('PUN_GUEST', 3);
 define('PUN_MEMBER', 4);
 
+// Start a session, used to queue up errors if duplicate users occur when converting from FluxBB v1.2.
+session_start();
+
+if (!isset($_SESSION['dupe_users']))
+	$_SESSION['dupe_users'] = array();
+
+if (isset($_POST['req_db_pass']))
+	$_SESSION['db_pass'] = strtolower(trim($_POST['req_db_pass']));
+
+// Ensure we have a password of some type
+if (empty($_SESSION['db_pass']))
+	exit('No database password provided.');
+
+switch ($db_type)
+{
+	// For SQLite we compare against the database file name, since the password is left blank
+	case 'sqlite':
+		if ($_SESSION['db_pass'] != strtolower($db_name))
+			exit('Invalid database file name.');
+
+		break;
+	// For everything else, check the password matches
+	default:
+		if ($_SESSION['db_pass'] != strtolower($db_password))
+			exit('Invalid database password.');
+
+		break;
+}
+
 // Load DB abstraction layer and try to connect
 require PUN_ROOT.'include/dblayer/common_db.php';
 
@@ -161,12 +190,6 @@ function stripslashes_array($array)
 if (!file_exists(PUN_ROOT.'style/'.$default_style.'.css'))
 	$default_style = 'Air';
 
-// Start a session, used to queue up errors if duplicate users occur when converting from FluxBB v1.2.
-session_start();
-
-if (!isset($_SESSION['dupe_users']))
-	$_SESSION['dupe_users'] = array();
-
 //
 // Determines whether $str is UTF-8 encoded or not
 //
diff --git a/include/common.php b/include/common.php
index edff03b45..d2d47f8e0 100644
--- a/include/common.php
+++ b/include/common.php
@@ -120,7 +120,7 @@ function stripslashes_array($array)
 		!isset($pun_config['o_searchindex_revision']) || $pun_config['o_searchindex_revision'] < FORUM_SI_REVISION ||
 		!isset($pun_config['o_parser_revision']) || $pun_config['o_parser_revision'] < FORUM_PARSER_REVISION ||
 		version_compare($pun_config['o_cur_version'], FORUM_VERSION, '<'))
-	exit('Your FluxBB database is out-of-date and must be upgraded in order to continue. Please run <a href="'.PUN_ROOT.'db_update.php">db_update.php</a> in order to complete the upgrade process.');
+	update_message();
 
 // Enable output buffering
 if (!defined('PUN_DISABLE_BUFFERING'))
diff --git a/include/functions.php b/include/functions.php
index aab91721a..c1cd3ff10 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1369,6 +1369,126 @@ function install_message()
 }
 
 
+//
+// Display a message when the board needs installed
+//
+function update_message()
+{
+	global $pun_config, $db_password;
+
+	$default_style = $pun_config['o_default_style'];
+	if (!file_exists(PUN_ROOT.'style/'.$default_style.'.css'))
+		$default_style = 'Air';
+
+	$default_lang = $pun_config['o_default_lang'];
+	if (!file_exists(PUN_ROOT.'lang/'.$default_lang.'/common.php'))
+		$default_lang = 'English';
+
+	// Attempt to load the common language file
+	if (file_exists(PUN_ROOT.'lang/'.$default_lang.'/common.php'))
+	{
+		include PUN_ROOT.'lang/'.$default_lang.'/common.php';
+		include PUN_ROOT.'lang/'.$default_lang.'/update.php';
+	}
+	else
+		error('There is no valid language pack \''.pun_htmlspecialchars($default_lang).'\' installed. Please reinstall a language of that name');
+
+	if (file_exists(PUN_ROOT.'style/'.$default_style.'/maintenance.tpl'))
+	{
+		$tpl_file = PUN_ROOT.'style/'.$default_style.'/maintenance.tpl';
+		$tpl_inc_dir = PUN_ROOT.'style/'.$default_style.'/';
+	}
+	else
+	{
+		$tpl_file = PUN_ROOT.'include/template/maintenance.tpl';
+		$tpl_inc_dir = PUN_ROOT.'include/user/';
+	}
+
+	$tpl_maint = file_get_contents($tpl_file);
+
+	// START SUBST - <pun_include "*">
+	preg_match_all('#<pun_include "([^/\\\\]*?)\.(php[45]?|inc|html?|txt)">#', $tpl_maint, $pun_includes, PREG_SET_ORDER);
+
+	foreach ($pun_includes as $cur_include)
+	{
+		ob_start();
+
+		// Allow for overriding user includes, too.
+		if (file_exists($tpl_inc_dir.$cur_include[1].'.'.$cur_include[2]))
+			require $tpl_inc_dir.$cur_include[1].'.'.$cur_include[2];
+		else if (file_exists(PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2]))
+			require PUN_ROOT.'include/user/'.$cur_include[1].'.'.$cur_include[2];
+		else
+			error(sprintf($lang_common['Pun include error'], htmlspecialchars($cur_include[0]), basename($tpl_file)));
+
+		$tpl_temp = ob_get_contents();
+		$tpl_maint = str_replace($cur_include[0], $tpl_temp, $tpl_maint);
+		ob_end_clean();
+	}
+	// END SUBST - <pun_include "*">
+
+
+	// START SUBST - <pun_language>
+	$tpl_maint = str_replace('<pun_language>', $lang_common['lang_identifier'], $tpl_maint);
+	// END SUBST - <pun_language>
+
+
+	// START SUBST - <pun_content_direction>
+	$tpl_maint = str_replace('<pun_content_direction>', $lang_common['lang_direction'], $tpl_maint);
+	// END SUBST - <pun_content_direction>
+
+
+	// START SUBST - <pun_head>
+	ob_start();
+
+	$page_title = array($lang_update['Update']);
+
+?>
+<title><?php echo generate_page_title($page_title) ?></title>
+<link rel="stylesheet" type="text/css" href="style/<?php echo $default_style.'.css' ?>" />
+<?php
+
+	$tpl_temp = trim(ob_get_contents());
+	$tpl_maint = str_replace('<pun_head>', $tpl_temp, $tpl_maint);
+	ob_end_clean();
+	// END SUBST - <pun_head>
+
+
+	// START SUBST - <pun_maint_main>
+	ob_start();
+
+?>
+<div class="blockform">
+	<h2><span><?php echo $lang_update['Update'] ?></span></h2>
+	<p><?php echo $lang_update['Update message'] ?></p>
+	<p><strong><?php echo $lang_update['Note']; ?></strong> <?php echo $lang_update['Members message']; ?></p>
+	<div class="box">
+		<form id="update" method="post" action="db_update.php">
+			<div class="inform">
+				<fieldset>
+				<legend><?php echo $lang_update['Administrator only'] ?></legend>
+					<div class="infldset">
+						<p><?php echo $lang_update['Database password info'] ?></p>
+						<p><strong><?php echo $lang_update['Note']; ?></strong> <?php echo $lang_update['Database password note'] ?></p>
+						<label class="required"><strong><?php echo $lang_update['Database password'] ?> <span><?php echo $lang_update['Required'] ?></span></strong><br /><input type="text" id="req_db_pass" name="req_db_pass" /><br /></label>
+					</div>
+				</fieldset>
+			</div>
+			<p class="buttons"><input type="submit" name="submit" value="<?php echo $lang_update['Next'] ?>" /></p>
+		</form>
+	</div>
+</div>
+<?php
+
+	$tpl_temp = trim(ob_get_contents());
+	$tpl_maint = str_replace('<pun_maint_main>', $tpl_temp, $tpl_maint);
+	ob_end_clean();
+	// END SUBST - <pun_maint_main>
+
+	exit($tpl_maint);
+}
+
+
 //
 // Display $message and redirect user to $destination_url
 //
diff --git a/lang/English/update.php b/lang/English/update.php
new file mode 100644
index 000000000..1c72c1e55
--- /dev/null
+++ b/lang/English/update.php
@@ -0,0 +1,16 @@
+<?php
+
+// Language definitions used in db_update.php
+
+$lang_update = array(
+'Update'						=>	'Update FluxBB',
+'Update message'				=>	'Your FluxBB database is out-of-date and must be upgraded in order to continue. If you are the board administrator, please follow the instructions below to complete the upgrade.',
+'Note'							=>	'Note:',
+'Members message'				=>	'This process is for board administators only. If you are a member there is nothing to worry about - the forums will be back shortly!',
+'Administrator only'			=>	'This step is for the board administrator only!',
+'Database password info'		=>	'To perform the database update please enter the database password with which FluxBB was installed. If you cannot remember, this is stored in your \'config.php\' file.',
+'Database password note'		=>	'If you are running SQLite (and hence have no database password) please use the database file name instead. This must exactly match the database file name given in your configuration file.',
+'Database password'				=>	'Database password',
+'Next'							=>	'Next',
+
+);