From 48fd9db2b8c44129de7ef7435efe8bbc7f0acf44 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Thu, 28 Jun 2012 00:31:40 -0400
Subject: [PATCH] Fix path related issues for the upgrader to work

---
 include/upgrader/aborted.inc.php | 2 +-
 include/upgrader/done.inc.php    | 2 +-
 include/upgrader/prereq.inc.php  | 2 +-
 include/upgrader/upgrade.inc.php | 2 +-
 scp/admin.inc.php                | 9 ++++++---
 scp/admin.php                    | 4 ++--
 scp/login.php                    | 2 +-
 scp/staff.inc.php                | 8 +++++---
 scp/upgrade.php                  | 7 +------
 9 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/include/upgrader/aborted.inc.php b/include/upgrader/aborted.inc.php
index 50f34c721..b8fad7034 100644
--- a/include/upgrader/aborted.inc.php
+++ b/include/upgrader/aborted.inc.php
@@ -1,5 +1,5 @@
 <?php
-if(!defined('OSTADMININC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
+if(!defined('OSTSCPINC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
 ?>    
 <div id="upgrader">
    <div id="main">
diff --git a/include/upgrader/done.inc.php b/include/upgrader/done.inc.php
index e229fd328..ddd5cab75 100644
--- a/include/upgrader/done.inc.php
+++ b/include/upgrader/done.inc.php
@@ -1,5 +1,5 @@
 <?php
-if(!defined('OSTADMININC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
+if(!defined('OSTSCPINC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
 ?> 
 <div id="upgrader">
     <div id="main">
diff --git a/include/upgrader/prereq.inc.php b/include/upgrader/prereq.inc.php
index d5b759172..ae77e1161 100644
--- a/include/upgrader/prereq.inc.php
+++ b/include/upgrader/prereq.inc.php
@@ -1,5 +1,5 @@
 <?php
-if(!defined('OSTADMININC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
+if(!defined('OSTSCPINC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
 ?>
 <h2>osTicket Upgrader</h2>
 <div id="upgrader">
diff --git a/include/upgrader/upgrade.inc.php b/include/upgrader/upgrade.inc.php
index 2af78a9d6..73fac12bf 100644
--- a/include/upgrader/upgrade.inc.php
+++ b/include/upgrader/upgrade.inc.php
@@ -1,5 +1,5 @@
 <?php
-if(!defined('OSTADMININC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
+if(!defined('OSTSCPINC') || !$thisstaff || !$thisstaff->isAdmin()) die('Access Denied');
 $action=$upgrader->getNextAction();
 ?>
 <h2>osTicket Upgrade</h2>
diff --git a/scp/admin.inc.php b/scp/admin.inc.php
index 1d2eb6455..fe14f5c97 100644
--- a/scp/admin.inc.php
+++ b/scp/admin.inc.php
@@ -20,10 +20,16 @@ if(!$ost or !$thisstaff or !$thisstaff->isAdmin()){
     require('index.php'); // just in case!
     exit;
 }
+//Define some constants.
+define('OSTADMININC',TRUE); //checked by admin include files
+define('ADMINPAGE',TRUE);   //Used by the header to swap menus.
 
 //Some security related warnings - bitch until fixed!!! :)
 if($ost->isUpgradePending()) {
     $errors['err']=$sysnotice='System upgrade is pending <a href="upgrade.php">Upgrade Now</a>';
+    if(basename($_SERVER['SCRIPT_NAME'])!='upgrade.php')
+        header('Location: upgrade.php');
+    
     require('upgrade.php');
     exit;
 } else {
@@ -44,9 +50,6 @@ if($ost->isUpgradePending()) {
         $sysnotice='Please consider turning off register globals if possible';
 }
 
-//Define some constants.
-define('OSTADMININC',TRUE); //checked by admin include files
-define('ADMINPAGE',TRUE);   //Used by the header to swap menus.
 //Admin navigation - overwrites what was set in staff.inc.php
 $nav = new AdminNav($thisstaff);
 ?>
diff --git a/scp/admin.php b/scp/admin.php
index d84edfed8..ffe48ee59 100644
--- a/scp/admin.php
+++ b/scp/admin.php
@@ -1,4 +1,4 @@
 <?php
-header('Location: syslogs.php');
-require('syslogs.php');
+header('Location: settings.php');
+require('./settings.php');
 ?>
diff --git a/scp/login.php b/scp/login.php
index 2af73c318..c96e5ad56 100644
--- a/scp/login.php
+++ b/scp/login.php
@@ -24,7 +24,7 @@ if($_POST && (!empty($_POST['username']) && !empty($_POST['passwd']))){
     //$_SESSION['_staff']=array(); #Uncomment to disable login strikes.
     $msg='Invalid login';
     if(($user=Staff::login($_POST['username'],$_POST['passwd'],$errors))){
-        $dest=$_SESSION['_user']['auth']['dest'];
+        $dest=$_SESSION['_staff']['auth']['dest'];
         $dest=($dest && (!strstr($dest,'login.php') && !strstr($dest,'ajax.php')))?$dest:'index.php';
         @header("Location: $dest");
         require_once('index.php'); //Just incase header is messed up.
diff --git a/scp/staff.inc.php b/scp/staff.inc.php
index 42bd65ca0..490be1457 100644
--- a/scp/staff.inc.php
+++ b/scp/staff.inc.php
@@ -13,7 +13,7 @@
 
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
-if(basename($_SERVER['SCRIPT_NAME'])==basename(__FILE__)) die('Kwaheri rafiki!'); //Say hi to our friend..
+if(basename($_SERVER['SCRIPT_NAME'])==basename(__FILE__)) die('Access denied'); //Say hi to our friend..
 
 if(!file_exists('../main.inc.php')) die('Fatal error... get technical support');
 
@@ -92,7 +92,9 @@ $errors=array();
 $msg=$warn=$sysnotice='';
 $tabs=array();
 $submenu=array();
-if($ost->isUpgradePending()) {
+$exempt = in_array(basename($_SERVER['SCRIPT_NAME']), array('logout.php','ajax.php'));
+
+if($ost->isUpgradePending() && !$exempt) {
     $errors['err']=$sysnotice='System upgrade is pending <a href="upgrade.php">Upgrade Now</a>';
     require('upgrade.php');
     exit;
@@ -103,7 +105,7 @@ if($ost->isUpgradePending()) {
 
 $nav = new StaffNav($thisstaff);
 //Check for forced password change.
-if($thisstaff->forcePasswdChange()){
+if($thisstaff->forcePasswdChange() && !$exempt) {
     # XXX: Call staffLoginPage() for AJAX and API requests _not_ to honor
     #      the request
     require('profile.php'); //profile.php must request this file as require_once to avoid problems.
diff --git a/scp/upgrade.php b/scp/upgrade.php
index 7a9c35b57..e7766bb0d 100644
--- a/scp/upgrade.php
+++ b/scp/upgrade.php
@@ -18,12 +18,6 @@ require_once INCLUDE_DIR.'class.upgrader.php';
 
 //$_SESSION['ost_upgrader']=null;
 $upgrader = new Upgrader($cfg->getSchemaSignature(), TABLE_PREFIX, PATCH_DIR);
-
-$wizard['title']='osTicket Upgrade Wizard';
-$wizard['tagline']='Upgrading osTicket to v'.$upgrader->getVersionVerbose();
-$wizard['logo']='logo-upgrade.png';
-$wizard['menu']=array('Upgrade Guide'=>'http://osticket.com/wiki/Upgrade_and_Migration',
-                      'Get Professional Help'=>'http://osticket.com/support');
 $errors=array();
 if($_POST && $_POST['s'] && !$upgrader->isAborted()) {
     switch(strtolower($_POST['s'])) {
@@ -76,6 +70,7 @@ switch(strtolower($upgrader->getState())) {
             $errors['err']='The upgrader does NOT support upgrading from the current vesion!';
 }
 
+$nav = new AdminNav($thisstaff);
 $nav->setTabActive('dashboard');
 $nav->addSubMenu(array('desc'=>'Upgrader',
                            'title'=>'Upgrader',
-- 
GitLab