From 4560135eb95161ab3c67ce34361b245bf70dc303 Mon Sep 17 00:00:00 2001 From: Andrew O'Neil Date: Mon, 6 Aug 2007 00:47:31 +0000 Subject: [PATCH] FIxed db/build authentification errors, merged from gsoc r39559 and r37162 git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@39609 467b73ca-7a2a-4603-9d3b-597d59a354a9 --- core/model/DatabaseAdmin.php | 283 +++++++++++++++++++++-------------- security/Member.php | 20 +++ 2 files changed, 190 insertions(+), 113 deletions(-) diff --git a/core/model/DatabaseAdmin.php b/core/model/DatabaseAdmin.php index c544ea914..ecbf91dbb 100644 --- a/core/model/DatabaseAdmin.php +++ b/core/model/DatabaseAdmin.php @@ -1,27 +1,41 @@ Add missing database fields (similar to sanity check).

"; echo "

Flush all of the generated images.

"; } - + + /** * Updates the database schema, creating tables & fields as necessary. */ function build() { - if(Director::isLive() && ClassInfo::hasTable('Member') && ClassInfo::hasTable('Group') && ClassInfo::hasTable('Permission')) { - BasicAuth::requireLogin("SilverStripe developer access. Use your CMS login", "ADMIN"); + if((Director::isLive() && ClassInfo::hasTable('Member') && + ClassInfo::hasTable('Group') && ClassInfo::hasTable('Permission')) + && (!Member::currentUser() || !Member::currentUser()->isAdmin())) { + Security::permissionFailure($this, + "This page is secured and you need administrator rights to access it. " . + "Enter your credentials below and we will send you right along."); + return; } - - $this->doBuild(isset($_REQUEST['quiet']) || isset($_REQUEST['from_installer'])); + + // The default time limit of 30 seconds is normally not enough + set_time_limit(600); + + $this->doBuild(isset($_REQUEST['quiet']) || + isset($_REQUEST['from_installer'])); } - /** * Check if database needs to be built, and build it if it does. */ @@ -71,21 +95,28 @@ class DatabaseAdmin extends Controller { } } } - + + /** * Returns the timestamp of the time that the database was last built - * @return string - */ + * + * @return string Returns the timestamp of the time that the database was + * last built + */ static function lastBuilt() { - $file = TEMP_FOLDER . '/database-last-generated-' .str_replace(array('\\','/',':'),'.',Director::baseFolder()); + $file = TEMP_FOLDER . '/database-last-generated-' . + str_replace(array('\\','/',':'), '.' , Director::baseFolder()); + if(file_exists($file)) { return filemtime($file); } } - + + /** * Updates the database schema, creating tables & fields as necessary. - * @param boolean $quiet Don't show messages' + * + * @param boolean $quiet Don't show messages */ function doBuild($quiet = false) { if($quiet) { @@ -106,14 +137,14 @@ class DatabaseAdmin extends Controller { ManifestBuilder::compileManifest(); ManifestBuilder::includeEverything(); - // Build the database. Most of the hard work is handled by DataObject + // Build the database. Most of the hard work is handled by DataObject $dataClasses = ClassInfo::subclassesFor('DataObject'); array_shift($dataClasses); - + if(!$quiet) { echo '

Creating database tables

'; } - + foreach($dataClasses as $dataClass) { // Test_ indicates that it's the data class is part of testing system @@ -121,17 +152,17 @@ class DatabaseAdmin extends Controller { if(!$quiet) { echo "
  • $dataClass"; } - + singleton($dataClass)->requireTable(); } } - + ManifestBuilder::compileManifest(); - + if(!$quiet) { echo '

    Creating database records

    '; } - + foreach($dataClasses as $dataClass) { // Test_ indicates that it's the data class is part of testing system @@ -139,28 +170,30 @@ class DatabaseAdmin extends Controller { if(!$quiet) { echo "
  • $dataClass"; } - + singleton($dataClass)->requireDefaultRecords(); } } - + touch(TEMP_FOLDER . '/database-last-generated-' .str_replace(array('\\','/',':'),'.', Director::baseFolder())); - + if(isset($_REQUEST['from_installer'])) { echo "OK"; } } - + + /** * Method used to check mod_rewrite is working correctly in the installer. */ function testinstall() { echo "OK"; } - + + /** - * Remove invalid records from tables - that is, records that - * don't have corresponding records in their parent class tables. + * Remove invalid records from tables - that is, records that don't have + * corresponding records in their parent class tables. */ function cleanup() { $allClasses = get_declared_classes(); @@ -169,7 +202,7 @@ class DatabaseAdmin extends Controller { $baseClasses[] = $class; } } - + foreach($baseClasses as $baseClass) { // Get data classes $subclasses = ClassInfo::subclassesFor($baseClass); @@ -179,19 +212,22 @@ class DatabaseAdmin extends Controller { unset($subclasses[$k]); } } - + if($subclasses) { $records = DB::query("SELECT * FROM `$baseClass`"); - - + + foreach($subclasses as $subclass) { - $recordExists[$subclass] = DB::query("SELECT ID FROM `$subclass")->keyedColumn(); + $recordExists[$subclass] = + DB::query("SELECT ID FROM `$subclass")->keyedColumn(); } - + foreach($records as $record) { foreach($subclasses as $subclass) { $id = $record['ID']; - if($record['ClassName'] != $subclass && !is_subclass_of($record['ClassName'], $subclass) && $recordExists[$subclass][$id]) { + if(($record['ClassName'] != $subclass) && + (!is_subclass_of($record['ClassName'], $subclass)) && + ($recordExists[$subclass][$id])) { $sql = "DELETE FROM `$subclass` WHERE ID = $record[ID]"; echo "
  • $sql"; DB::query($sql); @@ -201,71 +237,80 @@ class DatabaseAdmin extends Controller { } } } - + + /** * Imports objects based on a specified CSV file in $_GET['FileName'] */ function import(){ $FileName = $_GET['FileName']; - $FileName = $_SERVER['DOCUMENT_ROOT'] . substr($_SERVER['PHP_SELF'],0,strlen($_SERVER['PHP_SELF'])-18) ."/assets/". $FileName; - + $FileName = $_SERVER['DOCUMENT_ROOT'] . + substr($_SERVER['PHP_SELF'], 0, strlen($_SERVER['PHP_SELF'])-18) . + "/assets/" . $FileName; + if(file_exists($FileName)) { $handle = fopen($FileName,'r'); - + if($handle){ while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { $num = count($data); $row++; - + if($row == 1){ - for ($c=0; $c < $num; $c++) + for ($c=0; $c < $num; $c++) { $ColumnHeaders[] = str_replace(' ','',$data[$c]); - // Have to add code here to remove unsafe chars.. - + // Have to add code here to remove unsafe chars.. + } + } else { $Product = new Product(); - + for ($c=0; $c < $num; $c++) { $Product->$ColumnHeaders[$c] = trim($data[$c]); } - - $MainCategory = DataObject::get("ProductGroup", "URLSegment LIKE '". $Product->generateURLSegment($Product->Category) ."'"); - - if(!$MainCategory){ - // if we cant find a main category, create all three sub categories, as they must be unique. - + + $MainCategory = DataObject::get("ProductGroup", + "URLSegment LIKE '" . $Product->generateURLSegment( + $Product->Category) ."'"); + + if(!$MainCategory) { + // if we can't find a main category, create all three sub + // categories, as they must be unique. + $ProductGroup = new ProductGroup(); $ProductGroup->Title = $Product->Category; print_r("