source: trunk/admin/include/functions_upgrade.php @ 6654

Last change on this file since 6654 was 6654, checked in by nikrou, 14 years ago

Bug 1755 : Needs single quotes in queries official plugins

  • Property svn:eol-style set to LF
File size: 7.7 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2010 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24function check_upgrade()
25{
26  if (defined('PHPWG_IN_UPGRADE'))
27  {
28    return PHPWG_IN_UPGRADE;
29  }
30  return false;
31}
32
33// concerning upgrade, we use the default tables
34function prepare_conf_upgrade()
35{
36  global $prefixeTable;
37
38  // $conf is not used for users tables
39  // define cannot be re-defined
40  define('CATEGORIES_TABLE', $prefixeTable.'categories');
41  define('COMMENTS_TABLE', $prefixeTable.'comments');
42  define('CONFIG_TABLE', $prefixeTable.'config');
43  define('FAVORITES_TABLE', $prefixeTable.'favorites');
44  define('GROUP_ACCESS_TABLE', $prefixeTable.'group_access');
45  define('GROUPS_TABLE', $prefixeTable.'groups');
46  define('HISTORY_TABLE', $prefixeTable.'history');
47  define('HISTORY_SUMMARY_TABLE', $prefixeTable.'history_summary');
48  define('IMAGE_CATEGORY_TABLE', $prefixeTable.'image_category');
49  define('IMAGES_TABLE', $prefixeTable.'images');
50  define('SESSIONS_TABLE', $prefixeTable.'sessions');
51  define('SITES_TABLE', $prefixeTable.'sites');
52  define('USER_ACCESS_TABLE', $prefixeTable.'user_access');
53  define('USER_GROUP_TABLE', $prefixeTable.'user_group');
54  define('USERS_TABLE', $prefixeTable.'users');
55  define('USER_INFOS_TABLE', $prefixeTable.'user_infos');
56  define('USER_FEED_TABLE', $prefixeTable.'user_feed');
57  define('WAITING_TABLE', $prefixeTable.'waiting');
58  define('RATE_TABLE', $prefixeTable.'rate');
59  define('USER_CACHE_TABLE', $prefixeTable.'user_cache');
60  define('USER_CACHE_CATEGORIES_TABLE', $prefixeTable.'user_cache_categories');
61  define('CADDIE_TABLE', $prefixeTable.'caddie');
62  define('UPGRADE_TABLE', $prefixeTable.'upgrade');
63  define('SEARCH_TABLE', $prefixeTable.'search');
64  define('USER_MAIL_NOTIFICATION_TABLE', $prefixeTable.'user_mail_notification');
65  define('TAGS_TABLE', $prefixeTable.'tags');
66  define('IMAGE_TAG_TABLE', $prefixeTable.'image_tag');
67  define('PLUGINS_TABLE', $prefixeTable.'plugins');
68  define('OLD_PERMALINKS_TABLE', $prefixeTable.'old_permalinks');
69  define('THEMES_TABLE', $prefixeTable.'themes');
70  define('LANGUAGES_TABLE', $prefixeTable.'languages');
71}
72
73// Deactivate all non-standard plugins
74function deactivate_non_standard_plugins()
75{
76  global $page;
77
78  $standard_plugins = array(
79    'admin_multi_view',
80    'c13y_upgrade',
81    'event_tracer',
82    'language_switch',
83    'LocalFilesEditor'
84    );
85
86  $query = '
87SELECT id
88FROM '.PREFIX_TABLE.'plugins
89WHERE state = \'active\'
90AND id NOT IN (\'' . implode('\',\'', $standard_plugins) . '\')
91;';
92
93  $result = pwg_query($query);
94  $plugins = array();
95  while ($row = pwg_db_fetch_assoc($result))
96  {
97    array_push($plugins, $row['id']);
98  }
99
100  if (!empty($plugins))
101  {
102    $query = '
103UPDATE '.PREFIX_TABLE.'plugins
104SET state=\'inactive\'
105WHERE id IN (\'' . implode('\',\'', $plugins) . '\')
106;';
107    pwg_query($query);
108
109    array_push($page['infos'],
110      l10n('As a precaution, following plugins have been deactivated. You must check for plugins upgrade before reactiving them:').'<p><i>'.implode(', ', $plugins).'</i></p>');
111  }
112}
113
114// Check access rights
115function check_upgrade_access_rights()
116{
117  global $conf, $page, $current_release;
118
119  if (version_compare($current_release, '2.0', '>=') and isset($_COOKIE[session_name()]))
120  {
121    // Check if user is already connected as webmaster
122    session_start();
123    if (!empty($_SESSION['pwg_uid']))
124    {
125      $query = '
126SELECT status
127  FROM '.USER_INFOS_TABLE.'
128  WHERE user_id = '.$_SESSION['pwg_uid'].'
129;';
130      pwg_query($query);
131
132      $row = pwg_db_fetch_assoc(pwg_query($query));
133      if (isset($row['status']) and $row['status'] == 'webmaster')
134      {
135        define('PHPWG_IN_UPGRADE', true);
136        return;
137      }
138    }
139  }
140
141  if (!isset($_POST['username']) or !isset($_POST['password']))
142  {
143    return;
144  }
145
146  $username = $_POST['username'];
147  $password = $_POST['password'];
148
149  if(!@get_magic_quotes_gpc())
150  {
151    $username = pwg_db_real_escape_string($username);
152  }
153
154  if (version_compare($current_release, '2.0', '<'))
155  {
156    $username = utf8_decode($username);
157    $password = utf8_decode($password);
158  }
159
160  if (version_compare($current_release, '1.5', '<'))
161  {
162    $query = '
163SELECT password, status
164FROM '.USERS_TABLE.'
165WHERE username = \''.$username.'\'
166;';
167  }
168  else
169  {
170    $query = '
171SELECT u.password, ui.status
172FROM '.USERS_TABLE.' AS u
173INNER JOIN '.USER_INFOS_TABLE.' AS ui
174ON u.'.$conf['user_fields']['id'].'=ui.user_id
175WHERE '.$conf['user_fields']['username'].'=\''.$username.'\'
176;';
177  }
178  $row = pwg_db_fetch_assoc(pwg_query($query));
179
180  if (!isset($conf['pass_convert']))
181  {
182    $conf['pass_convert'] = create_function('$s', 'return md5($s);');
183  }
184
185  if ($row['password'] != $conf['pass_convert']($password))
186  {
187    array_push($page['errors'], l10n('Invalid password!'));
188  }
189  elseif ($row['status'] != 'admin' and $row['status'] != 'webmaster')
190  {
191    array_push($page['errors'], l10n('You do not have access rights to run upgrade'));
192  }
193  else
194  {
195    define('PHPWG_IN_UPGRADE', true);
196  }
197}
198
199/**
200 * which upgrades are available ?
201 *
202 * @return array
203 */
204function get_available_upgrade_ids()
205{
206  $upgrades_path = PHPWG_ROOT_PATH.'install/db';
207
208  $available_upgrade_ids = array();
209
210  if ($contents = opendir($upgrades_path))
211  {
212    while (($node = readdir($contents)) !== false)
213    {
214      if (is_file($upgrades_path.'/'.$node)
215          and preg_match('/^(.*?)-database\.php$/', $node, $match))
216      {
217        array_push($available_upgrade_ids, $match[1]);
218      }
219    }
220  }
221  natcasesort($available_upgrade_ids);
222
223  return $available_upgrade_ids;
224}
225
226
227/**
228 * returns true if there are available upgrade files
229 */
230function check_upgrade_feed()
231{
232  // retrieve already applied upgrades
233  $query = '
234SELECT id
235  FROM '.UPGRADE_TABLE.'
236;';
237  $applied = array_from_query($query, 'id');
238
239  // retrieve existing upgrades
240  $existing = get_available_upgrade_ids();
241
242  // which upgrades need to be applied?
243  return (count(array_diff($existing, $applied)) > 0);
244}
245
246function upgrade_db_connect()
247{
248  global $conf;
249
250  try
251  {
252    $pwg_db_link = pwg_db_connect($conf['db_host'], $conf['db_user'], $conf['db_password'], $conf['db_base']);
253    if ($pwg_db_link)
254    {
255      pwg_db_check_version();
256    }
257  }
258  catch (Exception $e)
259  {
260    my_error(l10n($e->getMessage()), true); 
261  }
262}
263?>
Note: See TracBrowser for help on using the repository browser.