diff --git a/public/include/admin_checks.php b/public/include/admin_checks.php
index d1c099cd..7522c6c4 100644
--- a/public/include/admin_checks.php
+++ b/public/include/admin_checks.php
@@ -104,9 +104,9 @@ if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA'][
// salts too short -> notice, salts default -> error
if ((strlen($config['SALT']) < 24) || (strlen($config['SALTY']) < 24) || $config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
if ($config['SALT'] == 'PLEASEMAKEMESOMETHINGRANDOM' || $config['SALTY'] == 'THISSHOULDALSOBERRAANNDDOOM') {
- $error[] = "You absolutely SHOULD NOT leave your SALT or SALTY default";
+ $error[] = "You absolutely SHOULD NOT leave your SALT or SALTY default changing them will require registering again";
} else {
- $notice[] = "SALT or SALTY is too short, they should be more than 24 characters and changing them will require registering again.";
+ $notice[] = "SALT or SALTY is too short, they should be more than 24 characters and changing them will require registering again";
}
}
diff --git a/public/include/autoloader.inc.php b/public/include/autoloader.inc.php
index f2df9ae4..7a12442c 100644
--- a/public/include/autoloader.inc.php
+++ b/public/include/autoloader.inc.php
@@ -68,11 +68,4 @@ require_once(CLASS_DIR . '/api.class.php');
require_once(INCLUDE_DIR . '/lib/Michelf/Markdown.php');
require_once(INCLUDE_DIR . '/lib/scrypt.php');
-// Include our versions
-require_once(INCLUDE_DIR . '/version.inc.php');
-
-if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA']['id'])) {
- include_once(INCLUDE_DIR . '/admin_checks.inc.php');
-}
-
?>
diff --git a/public/include/config/global.inc.dist.php b/public/include/config/global.inc.dist.php
index 44efc690..a06e3e5c 100644
--- a/public/include/config/global.inc.dist.php
+++ b/public/include/config/global.inc.dist.php
@@ -13,7 +13,6 @@ $config['version'] = '0.0.7';
*/
$config['skip_config_tests'] = false;
-
/**
* Defines
* Debug setting and salts for hashing passwords
diff --git a/public/include/config/security.inc.dist.php b/public/include/config/security.inc.dist.php
index 6856e601..56cd4e32 100644
--- a/public/include/config/security.inc.dist.php
+++ b/public/include/config/security.inc.dist.php
@@ -53,7 +53,7 @@ $config['twofactor']['options']['changepw'] = true;
/**
* Lock account after X
- * Lock accounts after X attempts
+ * Lock accounts after X invalid logins or pins
* https://github.com/MPOS/php-mpos/wiki/Config-Setup#wiki-lock-accounts-after-failed-logins
**/
$config['maxfailed']['login'] = 3;
diff --git a/public/include/version.inc.php b/public/include/version.inc.php
index d1db6f62..c6204c76 100644
--- a/public/include/version.inc.php
+++ b/public/include/version.inc.php
@@ -9,12 +9,9 @@ define('CONFIG_VERSION', '0.0.7');
$db_version = $setting->getValue('DB_VERSION');
if ($db_version != DB_VERSION) {
// Notify admins via error popup
- if (isset($_SESSION['USERDATA']) && $user->isAdmin($_SESSION['USERDATA']['id']))
- $_SESSION['POPUP'][] = array('CONTENT' => 'Database version mismatch (Installed: ' . $db_version . ', Current: ' . DB_VERSION . '). Database update required, please import any new SQL files. Cronjobs have been halted.', 'TYPE' => 'errormsg');
+ $_SESSION['POPUP'][] = array('CONTENT' => 'Database version mismatch (Installed: ' . $db_version . ', Current: ' . DB_VERSION . '). Database update required, please import any new SQL files. Cronjobs have been halted.', 'TYPE' => 'errormsg');
}
-
-if (@$config['version'] != CONFIG_VERSION) {
+if (@$config['version'] !== CONFIG_VERSION) {
// Notify admins via error popup
- if (isset($_SESSION['USERDATA']) && $user->isAdmin($_SESSION['USERDATA']['id']))
- $_SESSION['POPUP'][] = array('CONTENT' => 'Configuration file version mismatch (Installed: ' . @$config['version'] . ', Current: ' . CONFIG_VERSION . '). Configuration update required, please check dist config for changes. Cronjobs have been halted.', 'TYPE' => 'errormsg');
+ $_SESSION['POPUP'][] = array('CONTENT' => 'Configuration file version mismatch (Installed: ' . @$config['version'] . ', Current: ' . CONFIG_VERSION . '). Configuration update required, please check dist config for changes. Cronjobs have been halted.', 'TYPE' => 'errormsg');
}
diff --git a/public/index.php b/public/index.php
index 40a313b9..f7ebd91a 100644
--- a/public/index.php
+++ b/public/index.php
@@ -72,7 +72,6 @@ if ($config['memcache']['enabled'] && $config['strict']) {
}
@setcookie(session_name(), session_id(), time()+$config['cookie']['duration'], $config['cookie']['path'], $config['cookie']['domain'], $config['cookie']['secure'], $config['cookie']['httponly']);
}
-
// Rate limiting
if ($config['memcache']['enabled'] && ($config['mc_antidos']['enabled'] || $config['strict'])) {
$skip_check = false;
@@ -116,7 +115,8 @@ if ($config['memcache']['enabled'] && ($config['mc_antidos']['enabled'] || $conf
}
}
-// Got past rate limiter and session manager, show last logged in popup if it's still set
+// Got past rate limiter and session manager
+// show last logged in popup if it's still set
if (@$_GET['clp'] == 1 && @$_SESSION['last_ip_pop']) unset($_SESSION['last_ip_pop']);
if (count(@$_SESSION['last_ip_pop']) == 2) {
$data = $_SESSION['last_ip_pop'];
@@ -130,9 +130,12 @@ if (count(@$_SESSION['last_ip_pop']) == 2) {
}
}
-// Quick config check
-if (@$_SESSION['USERDATA']['is_admin'] && !@$config['skip_config_tests']) {
- require_once(INCLUDE_DIR. '/admin_checks.php');
+// version check and config check if not disabled
+if (@$_SESSION['USERDATA']['is_admin'] && $user->isAdmin(@$_SESSION['USERDATA']['id'])) {
+ require_once(INCLUDE_DIR . '/version.inc.php');
+ if (!@$config['skip_config_checks']) {
+ require_once(INCLUDE_DIR . '/admin_checks.php');
+ }
}
// Create our pages array from existing files