Security fix in qa-install.php

6013ca1c · Scott · 2455ca3e · 6013ca1c
Commit 6013ca1c authored Aug 08, 2017 by Scott
Show whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

qa-install.php qa-include/qa-install.php +3 -0

No files found.
--- a/qa-include/qa-install.php
+++ b/qa-include/qa-install.php
@@ -65,9 +65,11 @@ $hidden = array();
 // Process user handling higher up to avoid 'headers already sent' warning

 if (!isset($pass_failure_type) && qa_clicked('super')) {
+	require_once QA_INCLUDE_DIR.'db/admin.php';
 	require_once QA_INCLUDE_DIR.'db/users.php';
 	require_once QA_INCLUDE_DIR.'app/users-edit.php';

+	if (qa_db_count_users() == 0) { // prevent creating multiple accounts
 		$inemail = qa_post_text('email');
 		$inpassword = qa_post_text('password');
 		$inhandle = qa_post_text('handle');
@@ -87,6 +89,7 @@ if (!isset($pass_failure_type) && qa_clicked('super')) {

 			$success .= "Congratulations - Your Question2Answer site is ready to go!\n\nYou are logged in as the super administrator and can start changing settings.\n\nThank you for installing Question2Answer.";
 		}
+	}
 }