From a0ea681bfb09a56f905580a0673534272f677f32 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 7 Oct 2007 17:49:50 +0000 Subject: [PATCH] - force user to delete setup.php (which allows creation of superadmins now!) Note: Developers can use $CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php' to avoid deletion of setup.php after every "svn up". WARNING: THIS ALLOWS NON-AUTHENTIFICATED USERS TO CREATE SUPERADMIN ACCOUNTS! Use this setting only on development systems, where the database is not used by postfix. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@137 a1433add-5e2c-0410-b055-b7f2511e0802 --- index.php | 4 +++- login.php | 13 +++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/index.php b/index.php index ec729da5..75eb5b7b 100644 --- a/index.php +++ b/index.php @@ -21,7 +21,9 @@ * Form POST \ GET Variables: -none- */ -if (!file_exists (realpath ("./setup.php"))) +$CONF['configured'] = FALSE; +@include_once('config.inc.php'); # hide error message because only $CONF['configured'] is checked here +if (!file_exists (realpath ("./setup.php")) || $CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php') { header ("Location: login.php"); exit; diff --git a/login.php b/login.php index 9f8d84be..11c6bd14 100644 --- a/login.php +++ b/login.php @@ -28,6 +28,19 @@ */ require_once('common.php'); + +# force user to delete setup.php (allows creation of superadmins!) +if (file_exists (realpath ("./setup.php"))) { + if (is_string($CONF['configured']) && $CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php') + { + } + else + { + print "Please delete setup.php before using Postfix Admin!"; + exit; + } +} + if ($_SERVER['REQUEST_METHOD'] == "GET") { include ("./templates/header.tpl");