mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
- force user to delete setup.php (which allows creation of superadmins now!)
Note: Developers can use $CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php' to avoid deletion of setup.php after every "svn up". WARNING: THIS ALLOWS NON-AUTHENTIFICATED USERS TO CREATE SUPERADMIN ACCOUNTS! Use this setting only on development systems, where the database is not used by postfix. git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@137 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
parent
ac6af2c99e
commit
a0ea681bfb
@ -21,7 +21,9 @@
|
||||
* Form POST \ GET Variables: -none-
|
||||
*/
|
||||
|
||||
if (!file_exists (realpath ("./setup.php")))
|
||||
$CONF['configured'] = FALSE;
|
||||
@include_once('config.inc.php'); # hide error message because only $CONF['configured'] is checked here
|
||||
if (!file_exists (realpath ("./setup.php")) || $CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php')
|
||||
{
|
||||
header ("Location: login.php");
|
||||
exit;
|
||||
|
13
login.php
13
login.php
@ -28,6 +28,19 @@
|
||||
*/
|
||||
|
||||
require_once('common.php');
|
||||
|
||||
# force user to delete setup.php (allows creation of superadmins!)
|
||||
if (file_exists (realpath ("./setup.php"))) {
|
||||
if (is_string($CONF['configured']) && $CONF['configured'] == 'I_know_the_risk_of_not_deleting_setup.php')
|
||||
{
|
||||
}
|
||||
else
|
||||
{
|
||||
print "Please delete setup.php before using Postfix Admin!";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] == "GET")
|
||||
{
|
||||
include ("./templates/header.tpl");
|
||||
|
Loading…
Reference in New Issue
Block a user