Fix path related issues for the upgrader to work

48fd9db2 · Peter Rotich · 000204d6 · 48fd9db2 · 48fd9db2 · 48fd9db2
Commit 48fd9db2 authored 12 years ago by Peter Rotich
--- a/include/upgrader/aborted.inc.php
+++ b/include/upgrader/aborted.inc.php
 <?php
-if(!defined('OSTADMININC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
+if(!defined('OSTSCPINC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
 ?>    
 <div id="upgrader">
   <div id="main">

--- a/include/upgrader/done.inc.php
+++ b/include/upgrader/done.inc.php
 <?php
-if(!defined('OSTADMININC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
+if(!defined('OSTSCPINC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
 ?> 
 <div id="upgrader">
    <div id="main">

--- a/include/upgrader/prereq.inc.php
+++ b/include/upgrader/prereq.inc.php
 <?php
-if(!defined('OSTADMININC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
+if(!defined('OSTSCPINC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
 ?>
 <h2>osTicket Upgrader</h2>
 <div id="upgrader">

--- a/include/upgrader/upgrade.inc.php
+++ b/include/upgrader/upgrade.inc.php
 <?php
-if(!defined('OSTADMININC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
+if(!defined('OSTSCPINC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
 $action=$upgrader->getNextAction();
 ?>
 <h2>osTicket Upgrade</h2>

--- a/scp/admin.inc.php
+++ b/scp/admin.inc.php
@@ -20,10 +20,16 @@ if(!$ost or !$thisstaff or !$thisstaff->isAdmin()){
    require('index.php'); // just in case!
    exit;
 }
+//Define some constants.
+define('OSTADMININC',TRUE); //checked by admin include files
+define('ADMINPAGE',TRUE);   //Used by the header to swap menus.

 //Some security related warnings - bitch until fixed!!! :)
 if($ost->isUpgradePending()) {
    $errors['err']=$sysnotice='System upgrade is pending <a href="upgrade.php">Upgrade Now</a>';
+    if(basename($_SERVER['SCRIPT_NAME'])!='upgrade.php')
+        header('Location: upgrade.php');
+    
    require('upgrade.php');
    exit;
 } else {
@@ -44,9 +50,6 @@ if($ost->isUpgradePending()) {
        $sysnotice='Please consider turning off register globals if possible';
 }

-//Define some constants.
-define('OSTADMININC',TRUE); //checked by admin include files
-define('ADMINPAGE',TRUE);   //Used by the header to swap menus.
 //Admin navigation - overwrites what was set in staff.inc.php
 $nav = new AdminNav($thisstaff);
 ?>
--- a/scp/admin.php
+++ b/scp/admin.php
 <?php
-header('Location: syslogs.php');
-require('syslogs.php');
+header('Location: settings.php');
+require('./settings.php');
 ?>
--- a/scp/login.php
+++ b/scp/login.php
@@ -24,7 +24,7 @@ if($_POST && (!empty($_POST['username']) && !empty($_POST['passwd']))){
    //$_SESSION['_staff']=array(); #Uncomment to disable login strikes.
    $msg='Invalid login';
    if(($user=Staff::login($_POST['username'],$_POST['passwd'],$errors))){
-        $dest=$_SESSION['_user']['auth']['dest'];
+        $dest=$_SESSION['_staff']['auth']['dest'];
        $dest=($dest && (!strstr($dest,'login.php') && !strstr($dest,'ajax.php')))?$dest:'index.php';
        @header("Location: $dest");
        require_once('index.php'); //Just incase header is messed up.

--- a/scp/staff.inc.php
+++ b/scp/staff.inc.php
@@ -13,7 +13,7 @@

    vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
-if(basename($_SERVER['SCRIPT_NAME'])==basename(__FILE__)) die('Kwaheri rafiki!'); //Say hi to our friend..
+if(basename($_SERVER['SCRIPT_NAME'])==basename(__FILE__)) die('Access denied'); //Say hi to our friend..

 if(!file_exists('../main.inc.php')) die('Fatal error... get technical support');

@@ -92,7 +92,9 @@ $errors=array();
 $msg=$warn=$sysnotice='';
 $tabs=array();
 $submenu=array();
-if($ost->isUpgradePending()) {
+$exempt = in_array(basename($_SERVER['SCRIPT_NAME']), array('logout.php','ajax.php'));
+
+if($ost->isUpgradePending() && !$exempt) {
    $errors['err']=$sysnotice='System upgrade is pending <a href="upgrade.php">Upgrade Now</a>';
    require('upgrade.php');
    exit;
@@ -103,7 +105,7 @@ if($ost->isUpgradePending()) {

 $nav = new StaffNav($thisstaff);
 //Check for forced password change.
-if($thisstaff->forcePasswdChange()){
+if($thisstaff->forcePasswdChange() && !$exempt) {
    # XXX: Call staffLoginPage() for AJAX and API requests _not_ to honor
    #      the request
    require('profile.php'); //profile.php must request this file as require_once to avoid problems.

--- a/scp/upgrade.php
+++ b/scp/upgrade.php
@@ -18,12 +18,6 @@ require_once INCLUDE_DIR.'class.upgrader.php';

 //$_SESSION['ost_upgrader']=null;
 $upgrader = new Upgrader($cfg->getSchemaSignature(), TABLE_PREFIX, PATCH_DIR);
-
-$wizard['title']='osTicket Upgrade Wizard';
-$wizard['tagline']='Upgrading osTicket to v'.$upgrader->getVersionVerbose();
-$wizard['logo']='logo-upgrade.png';
-$wizard['menu']=array('Upgrade Guide'=>'http://osticket.com/wiki/Upgrade_and_Migration',
-                      'Get Professional Help'=>'http://osticket.com/support');
 $errors=array();
 if($_POST && $_POST['s'] && !$upgrader->isAborted()) {
    switch(strtolower($_POST['s'])) {
@@ -76,6 +70,7 @@ switch(strtolower($upgrader->getState())) {
            $errors['err']='The upgrader does NOT support upgrading from the current vesion!';
 }

+$nav = new AdminNav($thisstaff);
 $nav->setTabActive('dashboard');
 $nav->addSubMenu(array('desc'=>'Upgrader',
                           'title'=>'Upgrader',