views:

84

answers:

1

Hi all!

I'm making a system called NCIV in PHP. In that system you can change a setting in settings.php, which allows the system's admin to enable or disable the usage of MySQL rather then a bunch of text files. However, changing that setting if the site already has content, will move all the data from/to the MySQL Database to/from the text-file based database (according to the setting's value). This is the code:

/*******************************************************/
/* __          __     _____  _   _ _____ _   _  _____  */
/* \ \        / /\   |  __ \| \ | |_   _| \ | |/ ____| */
/*  \ \  /\  / /  \  | |__) |  \| | | | |  \| | |  __  */
/*   \ \/  \/ / /\ \ |  _  /| . ` | | | | . ` | | |_ | */
/*    \  /\  / ____ \| | \ \| |\  |_| |_| |\  | |__| | */
/*     \/  \/_/    \_\_|  \_\_| \_|_____|_| \_|\_____| */
/*                                                     */
/*    CHANGING ["server"]["mysql"] WHILE THE SITE IS   */
/*      ALREADY IN USE WILL MIGRATE ALL DATA TO THE    */
/*               MySQL DATABASE IF TRUE                */
/*        OR TO THE TEXTUAL DATABASE IF FALSE!!        */
/*                                                     */
/* IF YOU HAVE A HUGE SITE, THIS CAN TAKE A FEW HOURS  */
/*              OR EVEN A FEW DAYS OR WEEKS!!          */
/*       PLEASE ONLY CHANGE THIS SETTING IF YOU HAVE   */
/*                 JUST INSTALLED NCIV!                */
/*                                                     */
/*                                                     */
/*                                                     */
/*   REMOVING OR MODIFYING THIS WARNING WILL TAKE THE  */
/*                   ENTIRE SITE OFFLINE!              */
/*                                                     */
/*               YOU WILL NEED TO ENTER THE            */
/*   SERVER'S SUPERUSER/ROOT PASSWORD AFTER CHANGING   */
/*                      THIS SETTING!                  */
/*                                                     */
/*        NEVER TRY TO MIGRATE THE DATA MANUALLY!      */
/*******************************************************/
$GLOBALS["NCIV"]["server"]["mysql"] = FALSE;               //Enable MySQL? See the WARNING above!

Is there a way to check if the user entered the correct superuser/root password in PHP after the setting has changed?

Thanks in advance!

+3  A: 

Well, there's always PAM... but this is a very, very, very bad idea.

Also, keep in mind things like, say, shared hosting, where the user won't have root.

If this setting is so dangerous, perhaps you should reconsider it even being a setting to begin with.

Charles
Thanks! I'll change it so that the user must enter the admin password. This feature is required for compatibility.
Time Machine
I assume you're moving the data storage from old flat files to the new MySQL database? If so, perhaps instead of (just) a setting, you should build an external or otherwise not-automatic conversion script, so that there's not a high chance of someone accidentally shooting themselves in the foot.
Charles