Merge pull request #532 from vboctor/Issue17806_UpgradeError

Fixes #17806: Upgrade your installation consistently failing The admin checks were mostly moved as is to the top of the page to use them to set a hidden field on the form. However, the warnings are displayed at the same location as before.
mantisbt · Nov 2, 2014 · b5b0867 · b5b0867
2 parents 24ea18e + b420f32
commit b5b0867
Show file tree

Hide file tree

Showing 3 changed files with 87 additions and 68 deletions.
diff --git a/core/install_helper_functions_api.php b/core/install_helper_functions_api.php
@@ -673,6 +673,12 @@ function install_check_token_serialization() {
 
 		$t_token = unserialize( $t_value );
 		if( $t_token === false ) {
+			# If user hits a page other than install, tokens may be created using new code.
+			$t_token = json_decode( $t_value );
+			if( $t_token !== null ) {
+				continue;
+			}
+
 			return 1; # Fatal: invalid data found in tokens table
 		}
 

diff --git a/login.php b/login.php
@@ -49,6 +49,12 @@
 $t_return		= string_url( string_sanitize_url( gpc_get_string( 'return', config_get( 'default_home_page' ) ) ) );
 $f_from			= gpc_get_string( 'from', '' );
 $f_secure_session = gpc_get_bool( 'secure_session', false );
+$f_install = gpc_get_bool( 'install' );
+
+# If upgrade required, always redirect to install page.
+if( $f_install ) {
+	$t_return = 'admin/install.php';
+}
 
 $f_username = auth_prepare_username( $f_username );
 $f_password = auth_prepare_password( $f_password );

diff --git a/login_page.php b/login_page.php
@@ -132,6 +132,68 @@
 	echo '</ul>';
 	echo '</div>';
 }
+
+$t_warnings = array();
+$t_upgrade_required = false;
+if( config_get_global( 'admin_checks' ) == ON ) {
+	# Generate a warning if default user administrator/root is valid.
+	$t_admin_user_id = user_get_id_by_name( 'administrator' );
+	if( $t_admin_user_id !== false ) {
+		if( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) {
+			$t_warnings[] = lang_get( 'warning_default_administrator_account_present' );
+		}
+	}
+
+	/**
+	 * Display Warnings for enabled debugging / developer settings
+	 * @param string $p_type    Message Type.
+	 * @param string $p_setting Setting.
+	 * @param string $p_value   Value.
+	 * @return string
+	 */
+	function debug_setting_message ( $p_type, $p_setting, $p_value ) {
+		return sprintf( lang_get( 'warning_change_setting' ), $p_setting, $p_value )
+			. sprintf( lang_get( 'word_separator' ) )
+			. sprintf( lang_get( "warning_${p_type}_hazard" ) );
+	}
+
+	$t_config = 'show_detailed_errors';
+	if( config_get( $t_config ) != OFF ) {
+		$t_warnings[] = debug_setting_message( 'security', $t_config, 'OFF' );
+	}
+	$t_config = 'display_errors';
+	$t_errors = config_get_global( $t_config );
+	if( $t_errors[E_USER_ERROR] != DISPLAY_ERROR_HALT ) {
+		$t_warnings[] = debug_setting_message(
+			'integrity',
+			$t_config . '[E_USER_ERROR]',
+			DISPLAY_ERROR_HALT );
+	}
+
+	# since admin directory and db_upgrade lists are available check for missing db upgrades
+	# if db version is 0, we do not have a valid database.
+	$t_db_version = config_get( 'database_version', 0 );
+	if( $t_db_version == 0 ) {
+		$t_warnings[] = lang_get( 'error_database_no_schema_version' );
+	}
+
+	# Check for db upgrade for versions > 1.0.0 using new installer and schema
+	# Note: install_helper_functions_api.php required for db_null_date() function definition
+	require_api( 'install_helper_functions_api.php' );
+	require_once( 'admin' . DIRECTORY_SEPARATOR . 'schema.php' );
+	$t_upgrades_reqd = count( $g_upgrade ) - 1;
+
+	if( ( 0 < $t_db_version ) &&
+			( $t_db_version != $t_upgrades_reqd ) ) {
+
+		if( $t_db_version < $t_upgrades_reqd ) {
+			$t_warnings[] = lang_get( 'error_database_version_out_of_date_2' );
+			$t_upgrade_required = true;
+		} else {
+			$t_warnings[] = lang_get( 'error_code_version_out_of_date' );
+		}
+	}
+}
 ?>
 
 <!-- Login Form BEGIN -->
@@ -143,6 +205,11 @@
 			if( !is_blank( $f_return ) ) {
 				echo '<input type="hidden" name="return" value="', string_html_specialchars( $f_return ), '" />';
 			}
+
+			if( $t_upgrade_required ) {
+				echo '<input type="hidden" name="install" value="true" />';
+			}
+
 			# CSRF protection not required here - form does not result in modifications
 			echo '<ul id="login-links">';
 
@@ -202,74 +269,14 @@
 # Do some checks to warn administrators of possible security holes.
 #
 
-if( config_get_global( 'admin_checks' ) == ON ) {
-	$t_warnings = array();
-
-	# Generate a warning if default user administrator/root is valid.
-	$t_admin_user_id = user_get_id_by_name( 'administrator' );
-	if( $t_admin_user_id !== false ) {
-		if( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) {
-			$t_warnings[] = lang_get( 'warning_default_administrator_account_present' );
-		}
-	}
-
-	/**
-	 * Display Warnings for enabled debugging / developer settings
-	 * @param string $p_type    Message Type.
-	 * @param string $p_setting Setting.
-	 * @param string $p_value   Value.
-	 * @return string
-	 */
-	function debug_setting_message ( $p_type, $p_setting, $p_value ) {
-		return sprintf( lang_get( 'warning_change_setting' ), $p_setting, $p_value )
-			. sprintf( lang_get( 'word_separator' ) )
-			. sprintf( lang_get( "warning_${p_type}_hazard" ) );
-	}
-
-	$t_config = 'show_detailed_errors';
-	if( config_get( $t_config ) != OFF ) {
-		$t_warnings[] = debug_setting_message( 'security', $t_config, 'OFF' );
-	}
-	$t_config = 'display_errors';
-	$t_errors = config_get_global( $t_config );
-	if( $t_errors[E_USER_ERROR] != DISPLAY_ERROR_HALT ) {
-		$t_warnings[] = debug_setting_message(
-			'integrity',
-			$t_config . '[E_USER_ERROR]',
-			DISPLAY_ERROR_HALT );
-	}
-
-	# since admin directory and db_upgrade lists are available check for missing db upgrades
-	# if db version is 0, we do not have a valid database.
-	$t_db_version = config_get( 'database_version', 0 );
-	if( $t_db_version == 0 ) {
-		$t_warnings[] = lang_get( 'error_database_no_schema_version' );
-	}
-
-	# Check for db upgrade for versions > 1.0.0 using new installer and schema
-	# Note: install_helper_functions_api.php required for db_null_date() function definition
-	require_api( 'install_helper_functions_api.php' );
-	require_once( 'admin' . DIRECTORY_SEPARATOR . 'schema.php' );
-	$t_upgrades_reqd = count( $g_upgrade ) - 1;
-
-	if( ( 0 < $t_db_version ) &&
-			( $t_db_version != $t_upgrades_reqd ) ) {
-
-		if( $t_db_version < $t_upgrades_reqd ) {
-			$t_warnings[] = lang_get( 'error_database_version_out_of_date_2' );
-		} else {
-			$t_warnings[] = lang_get( 'error_code_version_out_of_date' );
-		}
-	}
-	if( count( $t_warnings ) > 0 ) {
-		echo '<div class="important-msg">';
-		echo '<ul>';
-		foreach( $t_warnings as $t_warning ) {
-			echo '<li>' . $t_warning . '</li>';
-		}
-		echo '</ul>';
-		echo '</div>';
+if( count( $t_warnings ) > 0 ) {
+	echo '<div class="important-msg">';
+	echo '<ul>';
+	foreach( $t_warnings as $t_warning ) {
+		echo '<li>' . $t_warning . '</li>';
 	}
-} # if 'admin_checks'
+	echo '</ul>';
+	echo '</div>';
+}
 
 html_page_bottom1a( __FILE__ );