From 2e2233eb8174ba9bd2d6722d7e07c4a3f9873548 Mon Sep 17 00:00:00 2001
From: Phyks <webmaster@phyks.me>
Date: Mon, 26 Aug 2013 09:29:30 +0200
Subject: [PATCH] Added a check that tables don't exist in install.php + don't
 version tmp/

---
 .gitignore                                    |  1 +
 TODO                                          |  6 +-
 install.php                                   | 36 +++++++--
 ....af3906cfde643ae7f290cfdc51cc9342.rtpl.php | 15 ----
 ....af3906cfde643ae7f290cfdc51cc9342.rtpl.php | 76 -------------------
 ....36ba0f7e771a8681573a91518b54b424.rtpl.php |  4 -
 ....36ba0f7e771a8681573a91518b54b424.rtpl.php | 33 --------
 ....af3906cfde643ae7f290cfdc51cc9342.rtpl.php | 66 ----------------
 ....af3906cfde643ae7f290cfdc51cc9342.rtpl.php | 66 ----------------
 9 files changed, 33 insertions(+), 270 deletions(-)
 delete mode 100644 tmp/connexion.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
 delete mode 100644 tmp/edit_users.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
 delete mode 100644 tmp/footer.36ba0f7e771a8681573a91518b54b424.rtpl.php
 delete mode 100644 tmp/header.36ba0f7e771a8681573a91518b54b424.rtpl.php
 delete mode 100644 tmp/index.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
 delete mode 100644 tmp/settings.af3906cfde643ae7f290cfdc51cc9342.rtpl.php

diff --git a/.gitignore b/.gitignore
index bdc750e..6e24876 100755
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 .*.sw*
 old
 data/
+tmp/
diff --git a/TODO b/TODO
index 05a5b1d..a7e0429 100755
--- a/TODO
+++ b/TODO
@@ -5,10 +5,6 @@
 * Refactor load method to avoir load_* methods !
 * Test remember_me
 
-install.php :
-=============
-* TRUNCATE before CREATE TABLE in install.php
-
 inc/Invoices.class.php :
 ========================
 * Better way to store users in ? => reprendre cette partie
@@ -24,7 +20,6 @@ Tests :
 * Remember me ?
 * Add a bill
 * Edit a bill
-* Change settings
 
 Tests passed (quick tests) :
 ============================
@@ -32,3 +27,4 @@ Tests passed (quick tests) :
 * Edit notice
 * Add / Edit user
 * Change password
+* Change settings
diff --git a/install.php b/install.php
index 77e36ee..f7c554d 100644
--- a/install.php
+++ b/install.php
@@ -26,16 +26,36 @@
 
             //Create table "Users"
             $db->query('CREATE TABLE IF NOT EXISTS '.$mysql_prefix.'Users (id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, login VARCHAR(255), display_name VARCHAR(255), password VARCHAR(130), admin TINYINT(1)) DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
+
+            $count_users = $db->query('SELECT COUNT(*) FROM information_schema.tables WHERE table_schema = "'.$mysql_db.'" AND table_name = "'.$mysql_prefix.'"Users');
+            $count_users = $count_users->fetch();
+            if($count_users[0] > 0) {
+                $warning = 'Table '.$mysql_prefix.'Users already exists. Not doing anything on this table. Please check manually that this table is correct.<br/>';
+            }
+
  
             //Create table "Invoices"
             $db->query('CREATE TABLE IF NOT EXISTS '.$mysql_prefix.'Invoices (id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY, date INT(11), users_in VARCHAR(255), buyer INT(11), amount FLOAT, what TEXT) DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
 
-            //Create table "Users_in_invoice"
+            $count_invoices = $db->query('SELECT COUNT(*) FROM information_schema.tables WHERE table_schema = "'.$mysql_db.'" AND table_name = "'.$mysql_prefix.'"Invoices');
+            $count_invoices = $count_users->fetch();
+            if($count_invoices[0] > 0) {
+                $warning .= 'Table '.$mysql_prefix.'Users already exists. Not doing anything on this table. Please check manually that this table is correct.<br/>';
+            }
+
+
+            //Create table "Users_in_invoices"
             $db->query('CREATE TABLE IF NOT EXISTS '.$mysql_prefix.'Users_in_invoices (invoice_id INT(11) NOT NULL, KEY invoice_id (invoice_id), user_id INT(11), KEY user_id (user_id), guests INT(11)) DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
+
+            $count_users_in_invoices = $db->query('SELECT COUNT(*) FROM information_schema.tables WHERE table_schema = "'.$mysql_db.'" AND table_name = "'.$mysql_prefix.'"Users_in_invoices');
+            $count_users_in_invoices = $count_users_in_invoices->fetch();
+            if($count_users_in_invoices[0] > 0) {
+                $warning .= 'Table '.$mysql_prefix.'Users_in_invoices already exists. Not doing anything on this table. Please check manually that this table is correct.<br/>';
+            }
             
             //Create table "Payback" - TODO
         } catch (PDOException $e) {
-            $error = 'Unable to connect to database, check your credentials and config.<br/>Error message : '.$e->getMessage().'.';
+            $error = 'Unable to connect to database and create database, check your credentials and config.<br/>Error message : '.$e->getMessage().'.';
         }
 
         if(!filter_var($_POST['email_webmaster'], FILTER_VALIDATE_EMAIL)) {
@@ -53,7 +73,7 @@
             $salt = sprintf("$2a$%02d$", 10) . $salt; //prefix for blowfish
 
             $config = "<?php
-    define('VERSION_NUMBER', '2.0');
+    define('VERSION_NUMBER', '0.1beta');
     define('MYSQL_HOST', '".$mysql_host."');
     define('MYSQL_LOGIN', '".$mysql_login."');
     define('MYSQL_PASSWORD', '".$mysql_password."');
@@ -77,8 +97,14 @@
                     $admin->setPassword($admin->encrypt($_POST['admin_password']));
                     $admin->setAdmin(true);
                     $admin->save();
-                    header('location: index.php');
-                    exit();
+
+                    if(empty($warning)) {
+                        header('location: index.php');
+                        exit();
+                    }
+                    else {
+                        echo '<p>'.$warning.'<a href="index.php">Go to your instance.</a></p>';
+                    }
                 } catch (Exception $e) {
                     $erreur = 'An error occurred when inserting user in the database.<br/> Error message : '.$e->getMessage().'.';
                 }
diff --git a/tmp/connexion.af3906cfde643ae7f290cfdc51cc9342.rtpl.php b/tmp/connexion.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
deleted file mode 100644
index 7f35588..0000000
--- a/tmp/connexion.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
+++ /dev/null
@@ -1,15 +0,0 @@
-<?php if(!class_exists('raintpl')){exit;}?><?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("header") . ( substr("header",-1,1) != "/" ? "/" : "" ) . basename("header") );?>
-
-
-<h1 id="title"><?php echo $instance_title;?> - Connexion</h1>
-
-<form method="post" action="index.php?do=connect" id="connexion_form">
-    <p><label for="login" class="label-block">Username : </label><input type="text" name="login" id="login" value="<?php echo $user_post;?>"/></p>
-    <p><label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/></p>
-    <p><input type="checkbox" name="remember_me" id="remember_me"/><label for="remember_me"> Remember me ?</label></p>
-    <p><input type="submit" value="Connect"/></p>
-    <p><a href="mailto:<?php echo $email_webmaster;?>?subject=<?php echo $instance_title;?>%20password">Forgotten password ?</a></p>
-</form>
-
-<?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("footer") . ( substr("footer",-1,1) != "/" ? "/" : "" ) . basename("footer") );?>
-
diff --git a/tmp/edit_users.af3906cfde643ae7f290cfdc51cc9342.rtpl.php b/tmp/edit_users.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
deleted file mode 100644
index acf8606..0000000
--- a/tmp/edit_users.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
+++ /dev/null
@@ -1,76 +0,0 @@
-<?php if(!class_exists('raintpl')){exit;}?><?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("header") . ( substr("header",-1,1) != "/" ? "/" : "" ) . basename("header") );?>
-
-
-<?php if( $error != '' ){ ?>
-
-    <p class="error"><?php echo $error;?></p>
-<?php } ?>
-
-
-<?php if( $view == 'list_users' ){ ?>
-
-<h2>List of users</h2>
-<p>You can also <a href="?do=add_user">add a user</a>.</p>
-<table>
-    <tr>
-        <th>Id</th>
-        <th>Login</th>
-        <th>Display Name</th>
-        <th>Is admin ?</th>
-        <th>Edit</th>
-        <th>Delete</th>
-    </tr>
-    <?php $counter1=-1; if( isset($users) && is_array($users) && sizeof($users) ) foreach( $users as $key1 => $value1 ){ $counter1++; ?>
-
-    <tr>
-        <td><?php echo $value1->getId();?></td>
-        <td><?php echo $value1->getLogin();?></td>
-        <td><?php echo $value1->getDisplayName();?></td>
-        <td><?php echo $value1->getAdmin() ? "Yes" : "No";?></td>
-        <td><a href="index.php?do=edit_users&user_id=<?php echo $value1->getId();?>">Edit</a></td>
-        <td><?php if( $value1->getId() != $current_user->getId() ){ ?><a href="index.php?do=delete_user&user_id=<?php echo $value1->getId();?>">Delete</a><?php } ?></td>
-    </tr>
-    <?php } ?>
-
-</table>
-<?php }elseif( $view == 'edit_user' ){ ?>
-
-<h2><?php echo $user_id != -1 ? 'Edit' : 'Add';?> a user</h2>
-<form method="post" action="index.php?do=<?php echo $user_id != -1 ? 'edit_users' : 'add_user';?>" id="edit_user_form">
-    <p>
-        <label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" <?php if( $login_post != '' ){ ?> value="<?php echo $login_post;?>" <?php }else{ ?> <?php echo $user_id != -1 ? 'value="'.$user_data->getLogin().'"' : '';?> <?php } ?>/>
-    </p>
-    <p>
-        <label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" <?php if( $display_name_post != '' ){ ?> value="<?php echo $display_name_post;?>" <?php }else{ ?> <?php echo $user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : '';?> <?php } ?>/>
-    </p>
-    <p>
-        <label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
-        <?php if( $user_id != -1 ){ ?>
-
-            <br/><em>Note :</em> Leave blank this field if you don't want to edit password.
-        <?php } ?>
-
-    </p>
-    <p id="edit_user_admin_rights">
-        Give admin rights to this user ?<br/>
-    <input type="radio" id="admin_yes" value="1" name="admin" <?php if( $admin_post == 1 || ($admin_post == -1 && $user_id != -1 && $user_data->getAdmin()) ){ ?> checked<?php } ?>/><label for="admin_yes">Yes</label><br/>
-    <input type="radio" id="admin_no" value="0" name="admin" <?php if( $admin_post == 0 || ($admin_post == -1 && ($user_id == -1 || !$user_data->getAdmin())) ){ ?> checked<?php } ?>/><label for="admin_no">No</label>
-    </p>
-    <p class="center">
-        <input type="submit" value="<?php echo $user_id != -1 ? 'Edit' : 'Add';?>"/>
-        <?php if( $user_id != -1 ){ ?><input type="hidden" name="user_id" value="<?php echo $user_id;?>"/><?php } ?>
-
-        <input type="hidden" name="token" value="<?php echo $token;?>"/>
-    </p>
-</form>
-
-<?php }elseif( $view == 'password' ){ ?>
-
-<h2>Edit your password</h2>
-<form method="post" action="index.php?do=password" id="edit_password_form">
-    <p><label for="password" class="label-block">New password : </label><input type="password" id="password" name="password"/></p>
-    <p><label for="password_confirm" class="label-block">Confirm new password : </label><input type="password" id="password_confirm" name="password_confirm"/></p>
-    <p class="center"><input type="submit" value="Update"/><input type="hidden" name="token" value="<?php echo $token;?>"</p>
-</form>
-<?php } ?>
-
diff --git a/tmp/footer.36ba0f7e771a8681573a91518b54b424.rtpl.php b/tmp/footer.36ba0f7e771a8681573a91518b54b424.rtpl.php
deleted file mode 100644
index 4a96630..0000000
--- a/tmp/footer.36ba0f7e771a8681573a91518b54b424.rtpl.php
+++ /dev/null
@@ -1,4 +0,0 @@
-<?php if(!class_exists('raintpl')){exit;}?>    <script type="text/javascript" src="tpl/./js/main.js"></script>
-    <script type="text/javascript" src="tpl/./js/jquery-1.10.2.min.js"></script>
-    </body>
-</html>
diff --git a/tmp/header.36ba0f7e771a8681573a91518b54b424.rtpl.php b/tmp/header.36ba0f7e771a8681573a91518b54b424.rtpl.php
deleted file mode 100644
index 39f9034..0000000
--- a/tmp/header.36ba0f7e771a8681573a91518b54b424.rtpl.php
+++ /dev/null
@@ -1,33 +0,0 @@
-<?php if(!class_exists('raintpl')){exit;}?><!DOCTYPE html>
-<html lang="fr">
-<head>
-    <meta charset="utf-8">
-    <title><?php echo $instance_title;?></title>
-    <link rel="stylesheet" media="screen" type="text/css" href="tpl/./css/style.css" />
-    <link rel="icon" href="tpl/./favicon.ico" />
-</head>
-<body>
-<?php if( !$connection ){ ?>
-
-<h1 id="title"><a href="<?php echo $base_url;?>"><?php echo $instance_title;?></a></h1>
-
-<div id="menu">
-    <ul>
-        <li><a href="index.php?do=new_invoice">Add a bill</a></li>
-        <li><a href="index.php?do=password">Change your password</a></li>
-        <li><a href="index.php?do=paybacks">See paybacks</a></li>
-        <li><a href="index.php?do=disconnect">Disconnect</a></li>
-    </ul>
-    <?php if( $current_user->getAdmin() == 1 ){ ?>
-
-    <ul>
-        <li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li>
-        <li><a href="index.php?do=edit_users">Edit users</a></li>
-        <li><a href="index.php?do=edit_notice">Edit notice on homepage</a></li>
-        <li><a href="index.php?do=settings">Settings</a></li>
-    </ul>
-    <?php } ?>
-
-</div>
-<?php } ?>
-
diff --git a/tmp/index.af3906cfde643ae7f290cfdc51cc9342.rtpl.php b/tmp/index.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
deleted file mode 100644
index d02587f..0000000
--- a/tmp/index.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
+++ /dev/null
@@ -1,66 +0,0 @@
-<?php if(!class_exists('raintpl')){exit;}?><?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("header") . ( substr("header",-1,1) != "/" ? "/" : "" ) . basename("header") );?>
-
-
-<?php if( $notice != '' ){ ?>
-
-    <div id="notice"><p><?php echo $notice;?></p></div>
-<?php } ?>
-
-
-<div id="quick_summary">
-    <h2>Balance</h2>
-    <p class="center">Read <em>line</em> owes <em>case</em> <?php echo $currency;?> to <em>column</em>. You can click on links to confirm the payback.
-    <table> 
-        <tr>
-            <th>Owes\To</th>
-            <?php $counter1=-1; if( isset($users) && is_array($users) && sizeof($users) ) foreach( $users as $key1 => $value1 ){ $counter1++; ?>
-
-            <th><?php echo $value1->getDisplayName();?></th>
-            <?php } ?>
-
-        </tr>
-        <?php $counter1=-1; if( isset($users) && is_array($users) && sizeof($users) ) foreach( $users as $key1 => $value1 ){ $counter1++; ?>
-
-            <tr>
-                <th><?php echo $value1->getDisplayName();?></th>
-                <?php $counter2=-1; if( isset($users) && is_array($users) && sizeof($users) ) foreach( $users as $key2 => $value2 ){ $counter2++; ?>
-
-                    <td><a href=""><?php echo $value2->getDisplayName();?></a></td>
-                <?php } ?>
-
-            </tr>
-        <?php } ?>
-
-    </table>
-</div>
-<div id="detailed_summary">
-    <h2>Detailed list of bills for last month</h2>
-
-    <table>
-        <tr>
-            <th>Date</th>
-            <th>Paid by</th>
-            <th>Users in</th>
-            <th>Amount</th>
-            <th>What ?</th>
-            <th>Edit</th>
-            <th>Delete</th>
-        </tr>
-        <?php $counter1=-1; if( isset($invoices) && is_array($invoices) && sizeof($invoices) ) foreach( $invoices as $key1 => $value1 ){ $counter1++; ?>
-
-            <tr>
-                <td><?php echo $value1->getDate();?></td>
-                <td><?php echo $value1->getBuyer();?></td>
-                <td><?php echo $value1->getUsersIn();?></td>
-                <td><?php echo $value1->getAmount();?></td>
-                <td><?php echo $value1->getWhat();?></td>
-                <td><a href="index.php?do=edit_invoice&id=<?php echo $value1->getId();?>">Edit</a></td>
-                <td><a href="index.php?do=delete_invoice&id=<?php echo $value1->getId();?>">Delete</a></td>
-            </tr>
-        <?php } ?>
-
-    </table>
-</div>
-
-<?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("footer") . ( substr("footer",-1,1) != "/" ? "/" : "" ) . basename("footer") );?>
-
diff --git a/tmp/settings.af3906cfde643ae7f290cfdc51cc9342.rtpl.php b/tmp/settings.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
deleted file mode 100644
index 6d72e6d..0000000
--- a/tmp/settings.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
+++ /dev/null
@@ -1,66 +0,0 @@
-<?php if(!class_exists('raintpl')){exit;}?><?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("header") . ( substr("header",-1,1) != "/" ? "/" : "" ) . basename("header") );?>
-
-
-<?php if( !$show_settings ){ ?>
-
-<h2>Edit homepage notice</h2>
-<?php if( $error ){ ?><p class="error"><?php echo $error;?></p><?php } ?>
-
-<form method="post" id="notice_form" action="index.php?do=edit_notice">
-    <p>
-        <label for="textarea_notice">Homepage notice :</label><br/>
-        <textarea name="notice" rows="15" id="textarea_notice"><?php echo $notice;?></textarea>
-    </p>
-    <p><em>Note :</em> You can use HTML formatting in this form.</p>
-    <p>
-        <input type="submit" value="Submit"/>
-        <input type="hidden" name="token" value="<?php echo $token;?>"/>
-    </p>
-</form>
-
-<?php }else{ ?>
-
-<h2>Change settings of your Bouffe@Ulm installation</h2>
-<?php if( $error ){ ?><p class="error"><?php echo $error;?></p><?php } ?>
-
-<form method="post" action="index.php?do=settings" id="settings_form">
-    <fieldset>
-        <legend>Database</legend>
-        <p><em>Note :</em> Use these settings carefully. Your database won't be updated by the script as it was during install and you'll have to manually update it.</p>
-        <p><label for="mysql_host">MySQL host : </label><input type="text" name="mysql_host" id="mysql_host" value="<?php echo $mysql_host;?>"/></p>
-
-        <p><label for="mysql_login">MySQL login : </label><input type="text" name="mysql_login" id="mysql_login" value="<?php echo $mysql_login;?>"/></p>
-        <p>
-            <label for="mysql_password">MySQL password : </label><input type="password" name="mysql_password" id="mysql_password"/> <a href="" onclick="toggle_password('mysql_password'); return false;"><img src="tpl/tpl/img/toggle_password.jpg" alt="Toggle visible"/></a><br/>
-            <em>Note :</em> Leave the above field blank if you don't want to change your password.
-        </p>
-        <p>
-            <label for="mysql_db">Name of the MySQL database to use : </label><input type="text" name="mysql_db" id="mysql_db" value="<?php echo $mysql_db;?>"/><br/>
-            <em>Note :</em> You <em>must</em> create this database first.
-        </p>
-        <p>
-            <label for="mysql_prefix">Prefix for the created tables : </label><input type="text" name="mysql_prefix" id="mysql_prefix" value="<?php echo $mysql_prefix;?>"/><br/>
-            <em>Note :</em> Leave the field blank to not use any.</p>
-    </fieldset>
-    <fieldset>
-        <legend>General options</legend>
-        <p><label for="instance_title">Title to display in pages : </label><input type="text" name="instance_title" id="instance_title" value="<?php echo $instance_title;?>"/></p>
-        <p>
-        <label for="base_url">Base URL : </label><input type="text" size="30" name="base_url" id="base_url" value="<?php echo $base_url;?>"/><br/>
-            <em>Note :</em> This is the base URL from which you access this page. You must keep the trailing "/" in the above address.
-        </p>
-        <p><label for="currency">Currency : </label><input type="text" name="currency" id="currency" size="3" value="<?php echo $currency;?>"/></p>
-        <p>
-            <label for="timezone">Timezone : </label><input type="text" name="timezone" id="timezone" value="<?php echo $timezone;?>"/><br/>
-            <em>For example :</em> Europe/Paris. See the doc for more info.
-        </p>
-        <p><label for="email_webmaster">Webmaster's email : </label><input type="text" name="email_webmaster" id="email_webmaster" value="<?php echo $email_webmaster;?>"/></p>
-    </fieldset>
-    <p class="center"><input type="submit" value="Update settings"><input type="hidden" name="token" value="<?php echo $token;?>"/></p>
-</form>
-
-<?php } ?>
-
-
-<?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("footer") . ( substr("footer",-1,1) != "/" ? "/" : "" ) . basename("footer") );?>
-