From dcd69ccc709a46dbe2208c951fd9c0408268873c Mon Sep 17 00:00:00 2001
From: Sean Burke <seantomburke@users.noreply.github.com>
Date: Fri, 7 Feb 2014 02:06:06 -0500
Subject: [PATCH] dissallowed install.php when user is not admin

---
 install.php | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/install.php b/install.php
index d2e734f..aa6c32c 100644
--- a/install.php
+++ b/install.php
@@ -28,13 +28,28 @@
 
 $sql = "SELECT * FROM users WHERE access = '". WEBMASTER ."'";
 $db->query($sql);
-$web_admin = $db->resultToSingleArray();
+$web_admins = $db->resultToArray();
 
 if(!$db->isEmpty())
 {
+    $authorized = false;
+    $emails = '';
+    foreach($web_admins as $webadmin)
+    {
+        $emails .= '<a href="mailto:'.$webadmin['email'].'">'.$webadmin['email'].'</a>, ';
+        if($_SESSION['ucinetid'] == $webadmin['ucinetid'])
+        {
+            $authorized = true;
+        }
+    }
+    if(!$authorized)
+    {
     $sniper = new Sniper();
     $sniper->storeMessage("Illegall access of install.php", $_SESSION['ucinetid'], "hacker");
-    die('This is an unauthorized page. This incident will be reported. Please contact the Web Admin at <a href="'.$web_admin['email'].'">'.$web_admin['email'].'</a> if you feel you received this message in error');
+    die('ESCan has already been installed. If you are the webadmin and would like to reinstall ESCan go to the 
+    <a href="admin.php">Admin Page</a>. This incident will be reported. Please contact the Web Admin at 
+    '.$emails.' or <a href="mailto:esc.uci@gmail.com">esc.uci@gmail.com</a> if you feel you received this message in error');
+    }
 }
 
 $sql = explode(';', file_get_contents('inc/setup/setup.sql'));