diff --git a/core/install_helper_functions_api.php b/core/install_helper_functions_api.php index dac52271c3..a604c71f40 100644 --- a/core/install_helper_functions_api.php +++ b/core/install_helper_functions_api.php @@ -673,6 +673,12 @@ function install_check_token_serialization() { $t_token = unserialize( $t_value ); if( $t_token === false ) { + # If user hits a page other than install, tokens may be created using new code. + $t_token = json_decode( $t_value ); + if( $t_token !== null ) { + continue; + } + return 1; # Fatal: invalid data found in tokens table } diff --git a/login.php b/login.php index 46c05e13b4..fe8417e21a 100644 --- a/login.php +++ b/login.php @@ -49,6 +49,12 @@ $t_return = string_url( string_sanitize_url( gpc_get_string( 'return', config_get( 'default_home_page' ) ) ) ); $f_from = gpc_get_string( 'from', '' ); $f_secure_session = gpc_get_bool( 'secure_session', false ); +$f_install = gpc_get_bool( 'install' ); + +# If upgrade required, always redirect to install page. +if( $f_install ) { + $t_return = 'admin/install.php'; +} $f_username = auth_prepare_username( $f_username ); $f_password = auth_prepare_password( $f_password ); diff --git a/login_page.php b/login_page.php index 12cd7e54b7..c9c932b788 100644 --- a/login_page.php +++ b/login_page.php @@ -132,6 +132,68 @@ echo ''; echo ''; } + +$t_warnings = array(); +$t_upgrade_required = false; +if( config_get_global( 'admin_checks' ) == ON ) { + # Generate a warning if default user administrator/root is valid. + $t_admin_user_id = user_get_id_by_name( 'administrator' ); + if( $t_admin_user_id !== false ) { + if( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) { + $t_warnings[] = lang_get( 'warning_default_administrator_account_present' ); + } + } + + /** + * Display Warnings for enabled debugging / developer settings + * @param string $p_type Message Type. + * @param string $p_setting Setting. + * @param string $p_value Value. + * @return string + */ + function debug_setting_message ( $p_type, $p_setting, $p_value ) { + return sprintf( lang_get( 'warning_change_setting' ), $p_setting, $p_value ) + . sprintf( lang_get( 'word_separator' ) ) + . sprintf( lang_get( "warning_${p_type}_hazard" ) ); + } + + $t_config = 'show_detailed_errors'; + if( config_get( $t_config ) != OFF ) { + $t_warnings[] = debug_setting_message( 'security', $t_config, 'OFF' ); + } + $t_config = 'display_errors'; + $t_errors = config_get_global( $t_config ); + if( $t_errors[E_USER_ERROR] != DISPLAY_ERROR_HALT ) { + $t_warnings[] = debug_setting_message( + 'integrity', + $t_config . '[E_USER_ERROR]', + DISPLAY_ERROR_HALT ); + } + + # since admin directory and db_upgrade lists are available check for missing db upgrades + # if db version is 0, we do not have a valid database. + $t_db_version = config_get( 'database_version', 0 ); + if( $t_db_version == 0 ) { + $t_warnings[] = lang_get( 'error_database_no_schema_version' ); + } + + # Check for db upgrade for versions > 1.0.0 using new installer and schema + # Note: install_helper_functions_api.php required for db_null_date() function definition + require_api( 'install_helper_functions_api.php' ); + require_once( 'admin' . DIRECTORY_SEPARATOR . 'schema.php' ); + $t_upgrades_reqd = count( $g_upgrade ) - 1; + + if( ( 0 < $t_db_version ) && + ( $t_db_version != $t_upgrades_reqd ) ) { + + if( $t_db_version < $t_upgrades_reqd ) { + $t_warnings[] = lang_get( 'error_database_version_out_of_date_2' ); + $t_upgrade_required = true; + } else { + $t_warnings[] = lang_get( 'error_code_version_out_of_date' ); + } + } +} ?> @@ -143,6 +205,11 @@ if( !is_blank( $f_return ) ) { echo ''; } + + if( $t_upgrade_required ) { + echo ''; + } + # CSRF protection not required here - form does not result in modifications echo '