source: trunk/admin/include/functions_upgrade.php @ 2838

Last change on this file since 2838 was 2838, checked in by patdenice, 16 years ago
  • improve 1.3.1 upgrade (automatic write in mysql.inc.php).
  • translate 1.3.1 upgrade informations messages.
  • security fix in upgrade login.
  • Property svn:eol-style set to LF
  • Property svn:keywords set to Author Date Id Revision
File size: 5.9 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008      Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24function check_upgrade()
25{
26  if (defined('PHPWG_IN_UPGRADE'))
27  {
28    return PHPWG_IN_UPGRADE;
29  }
30  return false;
31}
32
33// concerning upgrade, we use the default tables
34function prepare_conf_upgrade()
35{
36  global $prefixeTable;
37
38  // $conf is not used for users tables
39  // define cannot be re-defined
40  define('CATEGORIES_TABLE', $prefixeTable.'categories');
41  define('COMMENTS_TABLE', $prefixeTable.'comments');
42  define('CONFIG_TABLE', $prefixeTable.'config');
43  define('FAVORITES_TABLE', $prefixeTable.'favorites');
44  define('GROUP_ACCESS_TABLE', $prefixeTable.'group_access');
45  define('GROUPS_TABLE', $prefixeTable.'groups');
46  define('HISTORY_TABLE', $prefixeTable.'history');
47  define('HISTORY_SUMMARY_TABLE', $prefixeTable.'history_summary');
48  define('IMAGE_CATEGORY_TABLE', $prefixeTable.'image_category');
49  define('IMAGES_TABLE', $prefixeTable.'images');
50  define('SESSIONS_TABLE', $prefixeTable.'sessions');
51  define('SITES_TABLE', $prefixeTable.'sites');
52  define('USER_ACCESS_TABLE', $prefixeTable.'user_access');
53  define('USER_GROUP_TABLE', $prefixeTable.'user_group');
54  define('USERS_TABLE', $prefixeTable.'users');
55  define('USER_INFOS_TABLE', $prefixeTable.'user_infos');
56  define('USER_FEED_TABLE', $prefixeTable.'user_feed');
57  define('WAITING_TABLE', $prefixeTable.'waiting');
58  define('RATE_TABLE', $prefixeTable.'rate');
59  define('USER_CACHE_TABLE', $prefixeTable.'user_cache');
60  define('USER_CACHE_CATEGORIES_TABLE', $prefixeTable.'user_cache_categories');
61  define('CADDIE_TABLE', $prefixeTable.'caddie');
62  define('UPGRADE_TABLE', $prefixeTable.'upgrade');
63  define('SEARCH_TABLE', $prefixeTable.'search');
64  define('USER_MAIL_NOTIFICATION_TABLE', $prefixeTable.'user_mail_notification');
65  define('TAGS_TABLE', $prefixeTable.'tags');
66  define('IMAGE_TAG_TABLE', $prefixeTable.'image_tag');
67  define('PLUGINS_TABLE', $prefixeTable.'plugins');
68  define('OLD_PERMALINKS_TABLE', $prefixeTable.'old_permalinks');
69}
70
71// Create empty local files to avoid log errors
72function create_empty_local_files()
73{
74   $files =
75      array (
76         PHPWG_ROOT_PATH . 'template-common/local-layout.css',
77         PHPWG_ROOT_PATH . 'template/yoga/local-layout.css'
78         );
79
80   foreach ($files as $path)
81   {
82      if (!file_exists ($path))
83      {
84         $file = @fopen($path, "w");
85         @fwrite($file , '/* You can modify this file */');
86         @fclose($file);
87      }
88   }
89}
90
91// Deactivate all non-standard plugins
92function deactivate_non_standard_plugins()
93{
94  global $page;
95
96  $standard_plugins = array(
97    'add_index',
98    'admin_advices',
99    'admin_multi_view',
100    'c13y_upgrade',
101    'event_tracer',
102    'language_switch',
103    'LocalFilesEditor'
104    );
105
106  $query = '
107SELECT id
108FROM '.PREFIX_TABLE.'plugins
109WHERE state = "active"
110AND id NOT IN ("' . implode('","', $standard_plugins) . '")
111;';
112
113  $result = pwg_query($query);
114  $plugins = array();
115  while ($row = mysql_fetch_assoc($result))
116  {
117    array_push($plugins, $row['id']);
118  }
119
120  if (!empty($plugins))
121  {
122    $query = '
123UPDATE '.PREFIX_TABLE.'plugins
124SET state="inactive"
125WHERE id IN ("' . implode('","', $plugins) . '")
126;';
127    mysql_query($query);
128
129    array_push($page['infos'],
130      l10n('deactivated plugins') . '<pre>' . implode(', ', $plugins) . '</pre>');
131  }
132}
133
134// Check access rights
135function check_upgrade_access_rights($current_release, $username, $password)
136{
137  global $conf, $page;
138
139  if(!get_magic_quotes_gpc())
140  {
141    $username = mysql_real_escape_string($username);
142  }
143
144  if (version_compare($current_release, '1.5.0', '<'))
145  {
146    $query = '
147SELECT password, status
148FROM '.USERS_TABLE.'
149WHERE username = "'.$username.'"
150;';
151  }
152  else
153  {
154    $query = '
155SELECT u.password, ui.status
156FROM '.$conf['users_table'].' AS u
157INNER JOIN '.USER_INFOS_TABLE.' AS ui
158ON u.'.$conf['user_fields']['id'].'=ui.user_id
159WHERE '.$conf['user_fields']['username'].'="'.$username.'"
160;';
161  }
162  $row = mysql_fetch_assoc(mysql_query($query));
163
164  if (!isset($conf['pass_convert']))
165  {
166    $conf['pass_convert'] = create_function('$s', 'return md5($s);');
167  }
168
169  if ($row['password'] != $conf['pass_convert']($_POST['password']))
170  {
171    array_push($page['errors'], l10n('invalid_pwd'));
172  }
173  elseif ($row['status'] != 'admin' and $row['status'] != 'webmaster')
174  {
175    array_push($page['errors'], l10n('You do not have access rights to run upgrade'));
176  }
177  else
178  {
179    define('PHPWG_IN_UPGRADE', true);
180  }
181}
182?>
Note: See TracBrowser for help on using the repository browser.