Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
authorDan
Thu, 06 Mar 2008 23:27:50 -0500
changeset 484 340c81fdd350
parent 483 2cb1c8a6d3db
child 485 7134d4bf7a23
Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
includes/sessions.php
includes/template.php
install/upgrade.php
--- a/includes/sessions.php	Thu Mar 06 23:04:45 2008 -0500
+++ b/includes/sessions.php	Thu Mar 06 23:27:50 2008 -0500
@@ -1267,9 +1267,18 @@
     }
     if($ip != $row['source_ip'])
     {
+      // Special exception for 1.1.x upgrade - the 1.1.3 upgrade changes the size of the column and this is what validate_session
+      // expects, but if the column size hasn't changed yet just check the first 10 digits of the IP.
+      $fail = true;
+      if ( defined('IN_ENANO_UPGRADE') )
+      {
+        if ( installer_enano_version() == '1.1.3' )
+          $fail = false;
+      }
       // Failed IP address check
       // echo '(debug) $session->validate_session: IP address mismatch<br />';
-      return false;
+      if ( $fail )
+        return false;
     }
     
     // Do the password validation
--- a/includes/template.php	Thu Mar 06 23:04:45 2008 -0500
+++ b/includes/template.php	Thu Mar 06 23:27:50 2008 -0500
@@ -2202,10 +2202,13 @@
         $q_loc = '<a href="' . $this->tpl_strings['REPORT_URI'] . '">' . ( is_object($db) ? "{$db->num_queries} SQL" : 'Queries: N/A' ) . '</a>';
         $dbg = $t_loc;
         $dbg_long = $t_loc_long;
-        if ( $session->user_level >= USER_LEVEL_ADMIN )
+        if ( is_object($session) )
         {
-          $dbg .= "&nbsp;&nbsp;|&nbsp;&nbsp;$q_loc";
-          $dbg_long .= "&nbsp;&nbsp;|&nbsp;&nbsp;$q_loc";
+          if ( $session->user_level >= USER_LEVEL_ADMIN )
+          {
+            $dbg .= "&nbsp;&nbsp;|&nbsp;&nbsp;$q_loc";
+            $dbg_long .= "&nbsp;&nbsp;|&nbsp;&nbsp;$q_loc";
+          }
         }
         $t = str_replace('[[EnanoPoweredLink]]', 'Powered by <a href="http://enanocms.org/" onclick="window.open(this.href); return false;">Enano</a>', $t);
         $t = str_replace('[[EnanoPoweredLinkLong]]', 'Website engine powered by <a href="http://enanocms.org/" onclick="window.open(this.href); return false;">Enano</a>', $t);
--- a/install/upgrade.php	Thu Mar 06 23:04:45 2008 -0500
+++ b/install/upgrade.php	Thu Mar 06 23:27:50 2008 -0500
@@ -101,6 +101,8 @@
     if ( !$session->user_logged_in )
     {
       $result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, USER_LEVEL_MEMBER);
+      echo '<b>Session manager returned error:</b>' . '<pre>' . print_r($result, true) . '</pre>';
+      exit();
     }
     $result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, USER_LEVEL_ADMIN);
     if ( $result['success'] )
@@ -121,11 +123,11 @@
   
   if ( isset($result) )
   {
-    echo '<b>Session manager returned error: ' . $result['error'] . '</b>';
+    echo '<b>Session manager returned error:</b>' . '<pre>' . print_r($result, true) . '</pre>';
   }
   
   ?>
-  <p>You need an active admin session to continue.</p>
+  <p>You need <?php if ( !$session->user_logged_in ) echo 'to be logged in and have '; ?>an active admin session to continue.</p>
   <p>
     Username:&nbsp;&nbsp;&nbsp;<input type="text" name="username" /><br />
     Password:&nbsp;&nbsp;&nbsp;<input type="password" name="password" /><br />