Peter M. Groen / knowledgetree

Commit ccedd619b04eb44165c6683b2838dd91d172e957

Authored by Conrad Vermeulen
1 parent 57aa7e16

"KTS-1781" 

"New Upgrade Utility should be password protected"
Implemented. Also applied some recommendations to 'back' and 'next' vs previous 'home' and 'continue'.

Reviewed By: Kevin Fourie

git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6697 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 2 changed files with 116 additions and 27 deletions
setup/upgrade-title.jpg
View file @ccedd61

4.77 KB | W: | H:

9.28 KB | W: | H:

  • 2-up
  • Swipe
  • Onion skin
setup/upgrade.php
  View file @ccedd61
... ... @@ -32,6 +32,7 @@
32 32 $GLOBALS["checkup"] = true;
33 33 session_start();
34 34 require_once('../config/dmsDefaults.php');
  35 +require_once(KT_LIB_DIR . '/authentication/authenticationutil.inc.php');
35 36 require_once(KT_LIB_DIR . '/upgrades/upgrade.inc.php');
36 37 require_once(KT_LIB_DIR . '/plugins/pluginutil.inc.php');
37 38  
... ... @@ -177,8 +178,6 @@ $action = trim($_REQUEST["go"]);
177 178 switch ($action)
178 179 {
179 180 case 'UpgradeConfirm':
180   - upgradeConfirm();
181   - break;
182 181 case 'UpgradePreview':
183 182 UpgradePreview();
184 183 break;
... ... @@ -209,11 +208,92 @@ switch ($action)
209 208 case 'RestoreDone':
210 209 restoreDone();
211 210 break;
  211 + case 'Login':
  212 + login();
  213 + break;
  214 + case 'LoginProcess':
  215 + loginProcess();
  216 + break;
212 217 default:
213   - welcome();
  218 + if (!isset($_SESSION['setup_user']))
  219 + login();
  220 + else
  221 + welcome();
214 222 break;
215 223 }
216 224  
  225 +function login()
  226 +{
  227 +?>
  228 +<P>
  229 +The database upgrade wizard completes the upgrade process on an existing KnowledgeTree installation. It applies
  230 +any upgrades to the database that may be required.
  231 +<P>
  232 +Only administrator users may access the upgrade wizard.
  233 +<P>
  234 +
  235 +<form method=post action="?go=LoginProcess">
  236 +<table>
  237 +<tr><td>Username<td><input name=username>
  238 +<tr><td>Password<td><input name=password type="password">
  239 +<tr><td colspan=2 align=center><input type=submit value="login">
  240 +</table>
  241 +</form>
  242 +<?
  243 +}
  244 +
  245 +function loginProcess()
  246 +{
  247 + $username=$_REQUEST['username'];
  248 + $password=$_REQUEST['password'];
  249 +
  250 + $oUser = User::getByUserName($username);
  251 +
  252 + if (PEAR::isError($oUser))
  253 + {
  254 + session_unset();
  255 + loginFailed(_kt('Could not identify user'));
  256 + return;
  257 + }
  258 +
  259 + $is_admin=false;
  260 + $groups = GroupUtil::listGroupsForUser($oUser);
  261 + foreach($groups as $group)
  262 + {
  263 + if ($group->getSysAdmin())
  264 + {
  265 + $is_admin=true;
  266 + break;
  267 + }
  268 + }
  269 +
  270 + if (!$is_admin)
  271 + {
  272 + session_unset();
  273 + loginFailed(_kt('Could not identify administrator'));
  274 + return;
  275 + }
  276 +
  277 + $authenticated = KTAuthenticationUtil::checkPassword($oUser, $password);
  278 +
  279 + if (!$authenticated)
  280 + {
  281 + session_unset();
  282 + loginFailed(_kt('Could not authenticate user'));
  283 + return;
  284 + }
  285 +
  286 + $_SESSION['setup_user'] = $oUser;
  287 +
  288 + welcome();
  289 +}
  290 +
  291 +function loginFailed($message)
  292 +{
  293 + print "<font color=red>$message</font>";
  294 + login();
  295 +}
  296 +
217 297 function resolveMysqlDir()
218 298 {
219 299  
... ... @@ -336,11 +416,16 @@ function create_restore_stmt($targetfile)
336 416  
337 417 function title($title)
338 418 {
  419 + if (!isset($_SESSION['setup_user']))
  420 + {
  421 + print "<script>document.location='?go=Login'</script>";
  422 + }
339 423 print "<h1>$title</h1>";
340 424 }
341 425  
342 426 function resolveTempDir()
343 427 {
  428 +
344 429 if (OS_UNIX)
345 430 {
346 431 $dir='/tmp/kt-db-backup';
... ... @@ -349,6 +434,9 @@ function resolveTempDir()
349 434 {
350 435 $dir='c:/kt-db-backup';
351 436 }
  437 +
  438 + $dir = $oKTConfig->get('backups/backupDirectory',$dir);
  439 +
352 440 if (!is_dir($dir))
353 441 {
354 442 mkdir($dir);
... ... @@ -374,8 +462,8 @@ function upgradeConfirm()
374 462 We are about to start the upgrade process.
375 463 <P>
376 464  
377   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="home" onclick="javascript:do_start('welcome')">
378   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="continue to preview available upgrades" onclick="javascript:do_start('UpgradePreview')">
  465 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="back" onclick="javascript:do_start('welcome')">
  466 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="next" onclick="javascript:do_start('UpgradePreview')">
379 467  
380 468 <?
381 469  
... ... @@ -425,14 +513,14 @@ You can continue to do the backup manually using the following process:
425 513 Press <i>continue to backup</i> to attempt the command(s) above.
426 514 <P>
427 515  
428   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="home" onclick="javascript:do_start('home')"> &nbsp;&nbsp; &nbsp; &nbsp;
  516 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="back" onclick="javascript:do_start('home')"> &nbsp;&nbsp; &nbsp; &nbsp;
429 517  
430 518 <?
431 519 if ($dir != '')
432 520 {
433 521 ?>
434 522  
435   -<input type=button value="continue to backup" onclick="javascript:do_start('Backup')">
  523 +<input type=button value="next" onclick="javascript:do_start('Backup')">
436 524  
437 525  
438 526 <?
... ... @@ -501,7 +589,7 @@ function restoreSelect()
501 589 ?>
502 590  
503 591 <p>
504   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="home" onclick="javascript:do_start('welcome')">
  592 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="back" onclick="javascript:do_start('welcome')">
505 593 <?
506 594  
507 595 }
... ... @@ -577,8 +665,8 @@ Press &lt;i&gt;continue to restore&lt;/i&gt; to attempt the command(s) above.
577 665 }
578 666 ?>
579 667  
580   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="home" onclick="javascript:do_start('home')">
581   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="select another backup to restore" onclick="javascript:do_start('RestoreSelect')">
  668 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="back" onclick="javascript:do_start('home')">
  669 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="select another backup" onclick="javascript:do_start('RestoreSelect')">
582 670  
583 671 <?
584 672 if ($dir != '')
... ... @@ -593,7 +681,7 @@ function restore()
593 681 }
594 682 }
595 683 </script>
596   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="continue to restore" onclick="javascript:restore()">
  684 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="next" onclick="javascript:restore()">
597 685  
598 686  
599 687 <?
... ... @@ -666,12 +754,12 @@ We appologise for the inconvenience.
666 754 ?>
667 755 <br>
668 756  
669   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="home" onclick="javascript:do_start('welcome')">
  757 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="back" onclick="javascript:do_start('welcome')">
670 758 <?
671 759 if ($status)
672 760 {
673 761 ?>
674   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="continue to upgrade" onclick="javascript:do_start('UpgradeConfirm')">
  762 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="next" onclick="javascript:do_start('UpgradeConfirm')">
675 763  
676 764 <?
677 765 }
... ... @@ -718,7 +806,7 @@ We appologise for the inconvenience.
718 806  
719 807 <br>
720 808  
721   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="home" onclick="javascript:do_start('welcome')">
  809 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="back" onclick="javascript:do_start('welcome')">
722 810  
723 811 <?
724 812  
... ... @@ -758,7 +846,7 @@ function backup()
758 846 ob_flush();
759 847 flush();
760 848 ?>
761   - The back is now underway. Please wait till it completes.
  849 + The backup is now underway. Please wait till it completes.
762 850 <?
763 851  
764 852 ob_flush();
... ... @@ -798,7 +886,7 @@ function backup()
798 886 <P>
799 887 The <i>mysqldump</i> utility was not found in the <?=$dir?> subdirectory.
800 888  
801   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="home" onclick="javascript:do_start('welcome')">
  889 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="back" onclick="javascript:do_start('welcome')">
802 890 <?
803 891 }
804 892  
... ... @@ -870,7 +958,7 @@ function restore()
870 958 <P>
871 959 The <i>mysql</i> utility was not found in the <?=$dir?> subdirectory.
872 960  
873   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="home" onclick="javascript:do_start('welcome')">
  961 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="back" onclick="javascript:do_start('welcome')">
874 962 <?
875 963 }
876 964  
... ... @@ -884,20 +972,21 @@ function welcome()
884 972 set_state(1);
885 973 ?>
886 974 <br>
887   -Welcome to the <?php echo APP_NAME;?> Database Upgrade Utility.<P> If you have just applied an upgrade stack installer or have updated
  975 +Welcome to the <?php echo APP_NAME;?> Database Upgrade Wizard.<P> If you have just updated
888 976 your <?php echo APP_NAME;?> code base, you will need to complete the upgrade process in order to ensure your system is fully operational with the new version.
889 977 <P>
  978 +You will not be able to log into <?php echo APP_NAME;?> until your the database upgrade process is completed.
  979 +<P>
890 980 <font color=orange>!!NB!! You are advised to backup the database before attempting the upgrade. !!NB!!</font>
891   -
892 981 <P>
893 982 If you have already done this, you may skip this step can continue directly to the upgade.
894 983 <P>
895 984  
896 985  
897   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="return to <?php echo APP_NAME;?>" onclick="document.location='..';">
898   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="backup" onclick="javascript:do_start('BackupConfirm');">
899   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="continue to upgrade" onclick="javascript:do_start('UpgradeConfirm');">
900   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="restore" onclick="javascript:do_start('RestoreConfirm');">
  986 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="cancel" onclick="document.location='..';">
  987 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="backup now" onclick="javascript:do_start('BackupConfirm');">
  988 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="next" onclick="javascript:do_start('UpgradeConfirm');">
  989 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="restore database" onclick="javascript:do_start('RestoreConfirm');">
901 990  
902 991  
903 992 <?
... ... @@ -920,8 +1009,8 @@ function UpgradePreview()
920 1009 ?>
921 1010 <br>
922 1011  
923   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="home" onclick="javascript:do_start('home')">
924   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="upgrade" onclick="javascript:do_start('Upgrade')">
  1012 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="back" onclick="javascript:do_start('home')">
  1013 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="next" onclick="javascript:do_start('Upgrade')">
925 1014 <?
926 1015  
927 1016 }
... ... @@ -954,8 +1043,8 @@ function Upgrade()
954 1043 ?>
955 1044 <p>
956 1045  
957   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="home" onclick="javascript:do_start('home')">
958   -&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="return to <?php echo APP_NAME;?>" onclick="javascript:document.location='..';">
  1046 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="back" onclick="javascript:do_start('home')">
  1047 +&nbsp;&nbsp; &nbsp; &nbsp; <input type=button value="next" onclick="javascript:document.location='..';">
959 1048 <?
960 1049 }
961 1050  
... ...