From e91161f33103f7f415b0cb06045dc5ef1549e27a Mon Sep 17 00:00:00 2001
From: patdenice <patdenice@piwigo.org>
Date: Thu, 6 Nov 2008 14:44:51 +0000
Subject: - Webmaster or administrator can login to run upgrade. - Inserting
 upgrade line in mysql.inc.php still work. - Convert espagnol upgrade file to
 utf8. - Minor changes in upgrade processus. - Remove all comments in
 pclzip.lib.php.

git-svn-id: http://piwigo.org/svn/trunk@2836 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/include/functions_upgrade.php | 55 +++++++++++++++++++++++++++++++------
 1 file changed, 46 insertions(+), 9 deletions(-)

(limited to 'admin/include/functions_upgrade.php')

diff --git a/admin/include/functions_upgrade.php b/admin/include/functions_upgrade.php
index e29eb15c3..afa6596e8 100644
--- a/admin/include/functions_upgrade.php
+++ b/admin/include/functions_upgrade.php
@@ -23,17 +23,11 @@
 
 function check_upgrade()
 {
-  // Is Piwigo already installed ?
-  if (!defined('PHPWG_IN_UPGRADE') or !PHPWG_IN_UPGRADE)
+  if (defined('PHPWG_IN_UPGRADE'))
   {
-    $message = 'Piwigo is not in upgrade mode. In include/mysql.inc.php,
-insert line
-<pre style="background-color:lightgray">
-define(\'PHPWG_IN_UPGRADE\', true);
-</pre>
-if you want to upgrade';
-    die($message);
+    return PHPWG_IN_UPGRADE;
   }
+  return false;
 }
 
 // concerning upgrade, we use the default tables
@@ -137,4 +131,47 @@ WHERE id IN ("' . implode('","', $plugins) . '")
   }
 }
 
+// Check access rights
+function check_upgrade_access_rights($current_release, $username, $password)
+{
+  global $conf, $page;
+
+  if (version_compare($current_release, '1.5.0', '<'))
+  {
+    $query = '
+SELECT password, status
+FROM '.PREFIX_TABLE.'users
+WHERE username = "'.$username.'"
+;';
+  }
+  else
+  {
+    $query = '
+SELECT u.password, ui.status
+FROM '.$conf['users_table'].' AS u
+INNER JOIN '.PREFIX_TABLE.'user_infos AS ui
+ON u.id = ui.user_id
+WHERE '.$conf['user_fields']['username'].'="'.$username.'"
+;';
+  }
+  $row = mysql_fetch_assoc(mysql_query($query));
+
+  if (!isset($conf['pass_convert']))
+  {
+    $conf['pass_convert'] = create_function('$s', 'return md5($s);');
+  }
+
+  if ($row['password'] != $conf['pass_convert']($_POST['password']))
+  {
+    array_push($page['errors'], l10n('invalid_pwd'));
+  }
+  elseif ($row['status'] != 'admin' and $row['status'] != 'webmaster')
+  {
+    array_push($page['errors'], l10n('You do not have access rights to run upgrade'));
+  }
+  else
+  {
+    define('PHPWG_IN_UPGRADE', true);
+  }
+}
 ?>
-- 
cgit v1.2.3