diff options
| author | Chaoyi Zha <summermontreal@gmail.com> | 2016-02-12 19:45:51 +0300 |
|---|---|---|
| committer | Chaoyi Zha <summermontreal@gmail.com> | 2016-02-12 19:45:51 +0300 |
| commit | 99b2d887889bff0ce7d491f2dbfac37f65d290b7 (patch) | |
| tree | 11edee58b5dcc2dc158bdc49bd232a59a237aff0 | |
| parent | 5f761fd219bd756a7140defc66a209fa867cc4c2 (diff) | |
Fix #130, allow setup_finish only if setup previously ran
| -rw-r--r-- | app/Http/Controllers/SetupController.php | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/app/Http/Controllers/SetupController.php b/app/Http/Controllers/SetupController.php index 5afc36e..048ddf8 100644 --- a/app/Http/Controllers/SetupController.php +++ b/app/Http/Controllers/SetupController.php @@ -155,12 +155,11 @@ class SetupController extends Controller { 'message' => 'Could not write configuration to disk.' ]); } else { - $response = redirect(route('setup_finish'))->with( 'acct_username', $acct_username)->with( 'acct_email', $acct_email)->with( - 'acct_password', $acct_password); - + 'acct_password', $acct_password)->with( + 'setup_transaction', true); } fclose($handle); @@ -169,6 +168,12 @@ class SetupController extends Controller { } public static function finishSetup(Request $request) { + $transaction_authorised = session('setup_transaction'); + + if ($transaction_authorised != true) { + abort(403, 'Transaction unauthorised.'); + } + $database_created = self::createDatabase(); if (!$database_created) { return redirect(route('setup'))->with('error', 'Could not create database. Perhaps some credentials were incorrect?'); |