dissallowed install.php when user is not admin

seantomburke · Feb 7, 2014 · dcd69cc · dcd69cc
1 parent e2ce241
commit dcd69cc
Showing 1 changed file with 17 additions and 2 deletions.
diff --git a/install.php b/install.php
@@ -28,13 +28,28 @@
 
 $sql = "SELECT * FROM users WHERE access = '". WEBMASTER ."'";
 $db->query($sql);
-$web_admin = $db->resultToSingleArray();
+$web_admins = $db->resultToArray();
 
 if(!$db->isEmpty())
 {
+    $authorized = false;
+    $emails = '';
+    foreach($web_admins as $webadmin)
+    {
+        $emails .= '<a href="mailto:'.$webadmin['email'].'">'.$webadmin['email'].'</a>, ';
+        if($_SESSION['ucinetid'] == $webadmin['ucinetid'])
+        {
+            $authorized = true;
+        }
+    }
+    if(!$authorized)
+    {
     $sniper = new Sniper();
     $sniper->storeMessage("Illegall access of install.php", $_SESSION['ucinetid'], "hacker");
-    die('This is an unauthorized page. This incident will be reported. Please contact the Web Admin at <a href="'.$web_admin['email'].'">'.$web_admin['email'].'</a> if you feel you received this message in error');
+    die('ESCan has already been installed. If you are the webadmin and would like to reinstall ESCan go to the 
+    <a href="admin.php">Admin Page</a>. This incident will be reported. Please contact the Web Admin at 
+    '.$emails.' or <a href="mailto:[email protected]">[email protected]</a> if you feel you received this message in error');
+    }
 }
 
 $sql = explode(';', file_get_contents('inc/setup/setup.sql'));