diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-06-10 21:05:24 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-06-10 21:05:24 -0700 |
| commit | 4118ca4f1db76447da8846fc4835fea702687d21 (patch) | |
| tree | 7bec0702827a3fe132cfc4d981d16f487da8bc3f | |
| parent | 0d5826ab9ff919a9a191e654cb3a3032d31494f4 (diff) | |
Provide a way for non-admins to authenticate and use the upgrader,
without using our regular code paths.
| -rw-r--r-- | modules/gallery/controllers/upgrader.php | 19 | ||||
| -rw-r--r-- | modules/gallery/views/upgrader.html.php | 16 |
2 files changed, 30 insertions, 5 deletions
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php index 0833e253..5eb96fdd 100644 --- a/modules/gallery/controllers/upgrader.php +++ b/modules/gallery/controllers/upgrader.php @@ -19,24 +19,33 @@ */ class Upgrader_Controller extends Controller { public function index() { - // Todo: give the admin a chance to log in here - if (!user::active()->admin) { - access::forbidden(); + $session = Session::instance(); + + // Make sure we have an upgrade token + if (!($upgrade_token = $session->get("upgrade_token", null))) { + $session->set("upgrade_token", $upgrade_token = md5(rand())); + } + + // If the upgrade token exists, then bless this session + if (file_exists(TMPPATH . $upgrade_token)) { + $session->set("can_upgrade", true); + @unlink(TMPPATH . $upgrade_token); } $view = new View("upgrader.html"); + $view->can_upgrade = user::active()->admin || $session->get("can_upgrade"); + $view->upgrade_token = $upgrade_token; $view->available = module::available(); $view->done = Input::instance()->get("done"); print $view; } public function upgrade() { - // Todo: give the admin a chance to log in here if (php_sapi_name() == "cli") { // @todo this may screw up some module installers, but we don't have a better answer at // this time. $_SERVER["HTTP_HOST"] = "example.com"; - } else if (!user::active()->admin) { + } else if (!user::active()->admin && !Session::instance()->get("can_upgrade", false)) { access::forbidden(); } diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php index 6b9a0110..fa21e196 100644 --- a/modules/gallery/views/upgrader.html.php +++ b/modules/gallery/views/upgrader.html.php @@ -9,6 +9,9 @@ font-family: Trebuchet MS; font-size: 1.1em; } + h1 { + font-size: 1.4em; + } div#outer { width: 650px; background: white; @@ -93,11 +96,17 @@ .gray_on_done { opacity: <?= $done ? "0.5" : "1" ?>; } + pre { + display: inline; + margin: 0px; + padding: 0px; + } </style> <body> <div id="outer"> <img src="<?= url::file("modules/gallery/images/gallery.png") ?>" /> <div id="inner"> + <? if ($can_upgrade): ?> <? if ($done): ?> <div id="confirmation"> <div> @@ -158,6 +167,13 @@ <? endforeach ?> </p> <? endif ?> + <? else: // can_upgrade ?> + <h1> <?= t("Who are you?") ?> </h1> + <p> + <?= t("You're not logged in as an administrator, so we have to verify you to make sure it's ok for you to do an upgrade. To prove you can run an upgrade, create a file called %name in your <b>gallery3/var/tmp</b> directory.", array("name" => "<br/><b>$upgrade_token</b>")) ?> + </p> + <a href="<?= url::site("upgrader?") ?>"><?= t("Ok, I've done that") ?></a> + <? endif // can_upgrade ?> </div> <div id="footer"> <p> |