Fixed session validation bug in upgrade script; fixed non-object reference in template_nodb
--- a/includes/sessions.php Thu Mar 06 23:04:45 2008 -0500
+++ b/includes/sessions.php Thu Mar 06 23:27:50 2008 -0500
@@ -1267,9 +1267,18 @@
}
if($ip != $row['source_ip'])
{
+ // Special exception for 1.1.x upgrade - the 1.1.3 upgrade changes the size of the column and this is what validate_session
+ // expects, but if the column size hasn't changed yet just check the first 10 digits of the IP.
+ $fail = true;
+ if ( defined('IN_ENANO_UPGRADE') )
+ {
+ if ( installer_enano_version() == '1.1.3' )
+ $fail = false;
+ }
// Failed IP address check
// echo '(debug) $session->validate_session: IP address mismatch<br />';
- return false;
+ if ( $fail )
+ return false;
}
// Do the password validation
--- a/includes/template.php Thu Mar 06 23:04:45 2008 -0500
+++ b/includes/template.php Thu Mar 06 23:27:50 2008 -0500
@@ -2202,10 +2202,13 @@
$q_loc = '<a href="' . $this->tpl_strings['REPORT_URI'] . '">' . ( is_object($db) ? "{$db->num_queries} SQL" : 'Queries: N/A' ) . '</a>';
$dbg = $t_loc;
$dbg_long = $t_loc_long;
- if ( $session->user_level >= USER_LEVEL_ADMIN )
+ if ( is_object($session) )
{
- $dbg .= " | $q_loc";
- $dbg_long .= " | $q_loc";
+ if ( $session->user_level >= USER_LEVEL_ADMIN )
+ {
+ $dbg .= " | $q_loc";
+ $dbg_long .= " | $q_loc";
+ }
}
$t = str_replace('[[EnanoPoweredLink]]', 'Powered by <a href="http://enanocms.org/" onclick="window.open(this.href); return false;">Enano</a>', $t);
$t = str_replace('[[EnanoPoweredLinkLong]]', 'Website engine powered by <a href="http://enanocms.org/" onclick="window.open(this.href); return false;">Enano</a>', $t);
--- a/install/upgrade.php Thu Mar 06 23:04:45 2008 -0500
+++ b/install/upgrade.php Thu Mar 06 23:27:50 2008 -0500
@@ -101,6 +101,8 @@
if ( !$session->user_logged_in )
{
$result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, USER_LEVEL_MEMBER);
+ echo '<b>Session manager returned error:</b>' . '<pre>' . print_r($result, true) . '</pre>';
+ exit();
}
$result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, USER_LEVEL_ADMIN);
if ( $result['success'] )
@@ -121,11 +123,11 @@
if ( isset($result) )
{
- echo '<b>Session manager returned error: ' . $result['error'] . '</b>';
+ echo '<b>Session manager returned error:</b>' . '<pre>' . print_r($result, true) . '</pre>';
}
?>
- <p>You need an active admin session to continue.</p>
+ <p>You need <?php if ( !$session->user_logged_in ) echo 'to be logged in and have '; ?>an active admin session to continue.</p>
<p>
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />