Renamed var to distinguish from ftpSite, which is checked for existance
with isset and if available jumps into FTP mode. Having it previously
set to false, it's available, so erroneously goes into FTP mode with no
creds. This is a standalone var name now just to establish connection
channel.
The 2 x if conditions added a security measure to avoid path traversals,
should languageBase or languageUser ever be set to something malicious
such as (eg ../../../../../../../etc/passwd)
However, it meant that the ICEcoder dir and the doc root dir paths had
to both start the same, and so be in the same location really. It was
previously a benefit to have them possibly contain different paths, but
this security point restricts this.
We can remove these 2 if conditions however and simply wrap the 2 array
values with basename(), so we take only the trailing file name and so
avoid path traversal issues.
Causes file locking issues if allowed to be called from anywhere
Because we only call from index.php now, also need dirname(___FILE___)
to complete paths
configCreateDate set if 0 now on every load, not just save
14 full days setup (1296000 - 1 sec), so doesn't start by showing 13
days (and 23 hrs, 59 secs)
If configCreateDate == 0, $tRemaining is the $tPeriod
If there has been a change of language, set a bool flag for a reload
later
Save languageUser to file also on settings update
realpath checking on language file name also, dies if fails
We should indeed only output if index.php and top.iceRoot is updated
after a settings change in settings-update.php (top.docRoot only changes
if you manually change the file, in which case a reload is needed and
this is picked up again from scratch).
Avoids having something output to the browser in places where we don't
want it, such as the new file-control-xhr.php file. Temporary
console.log for now as reminder to finish checking this out.
Moved huge chunks of isolated code to their own files
Reordered and improved remaining code
Lots of die messages added to stop code continuing after a header
location
!loginRequired now also setting loggedIn = true as demoMode does
Boot user to new login page instead of back to this page
loginRequired added to final elseif condition
Added 2 big notes re probably showing he login screen and continuing
with what we're doing
Because we may include this file from a couple of dirs and I'd rather it
continued to be run from lib/settings.php. By doing it this way round,
we're ensuring this, as lib/lib/settings.php won't exist.
By doing this we don't end up with a lib/lib path issue
Used longhand if else statement instead of ternary for clarity
Also added die to stop it going any further and having a new header
location replace this one
Increase salt from 9 to 12 chars to move along with technology
Replace all backslashes with 2. This means we escape PHP and then JS to
ensure we will maintain \n instead of ending up with a line break
Don't display errors, just silently log them
Don't produce warnings if we can't session_start due to headers already
being sent
Test if the mb_detect_encoding function exists before using
