diff options
Diffstat (limited to 'app/Http/Controllers/SetupController.php')
-rw-r--r-- | app/Http/Controllers/SetupController.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/app/Http/Controllers/SetupController.php b/app/Http/Controllers/SetupController.php index 23b161d..f5f2ef8 100644 --- a/app/Http/Controllers/SetupController.php +++ b/app/Http/Controllers/SetupController.php @@ -3,6 +3,7 @@ namespace App\Http\Controllers; use Illuminate\Http\Request; use Illuminate\Http\Redirect; use Illuminate\Support\Facades\Artisan; +use Illuminate\Support\Facades\Schema; use App\Helpers\CryptoHelper; use App\Models\User; @@ -218,8 +219,8 @@ class SetupController extends Controller { } public static function finishSetup(Request $request) { - // get data from cookie, decode JSON if (!isset($_COOKIE['setup_arguments'])) { + // Abort if setup arguments are missing. abort(404); } @@ -229,12 +230,19 @@ class SetupController extends Controller { // unset cookie setcookie('setup_arguments', '', time()-3600); - $transaction_authorised = env('TMP_SETUP_AUTH_KEY') == $setup_finish_args->setup_auth_key; + $transaction_authorised = env('TMP_SETUP_AUTH_KEY') === $setup_finish_args->setup_auth_key; if ($transaction_authorised != true) { abort(403, 'Transaction unauthorised.'); } + $usersTableExists = Schema::hasTable('users'); + + if ($usersTableExists) { + // If the users table exists, then the setup process may have already been completed before. + abort(403, 'Setup has been completed already.'); + } + $database_created = self::createDatabase(); if (!$database_created) { return redirect(route('setup'))->with('error', 'Could not create database. Perhaps your credentials were incorrect?'); |