- force user to delete setup.php (which allows creation of superadmins now!)

Note: Developers can use $CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php' to avoid deletion of setup.php after every "svn up". WARNING: THIS ALLOWS NON-AUTHENTIFICATED USERS TO CREATE SUPERADMIN ACCOUNTS! Use this setting only on development systems, where the database is not used by postfix. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@137 a1433add-5e2c-0410-b055-b7f2511e0802
17 years ago · a0ea681bfb
parent ac6af2c99e
commit a0ea681bfb
2 changed files with 16 additions and 1 deletions
--- a/index.php
+++ b/index.php
@ -21,7 +21,9 @@
 * Form POST \ GET Variables: -none-
 */

-if (!file_exists (realpath ("./setup.php")))
+$CONF['configured'] = FALSE;
+@include_once('config.inc.php'); # hide error message because only $CONF['configured'] is checked here
+if (!file_exists (realpath ("./setup.php")) || $CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php')
 {
    header ("Location: login.php");
    exit;
--- a/login.php
+++ b/login.php
@ -28,6 +28,19 @@
 */

 require_once('common.php');
+
+# force user to delete setup.php (allows creation of superadmins!)
+if (file_exists (realpath ("./setup.php"))) {
+   if (is_string($CONF['configured']) && $CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php')
+   {
+   }
+   else
+   {
+      print "Please delete setup.php before using Postfix Admin!";
+      exit;
+   }
+}
+
 if ($_SERVER['REQUEST_METHOD'] == "GET")
 {
    include ("./templates/header.tpl");