Update Locking

Block IP Address with .htaccess

# ALLOW ACCESS ONLY FROM YOUR IP ADDRESS

# Apache 2.2
<IfModule !authz_core_module>
	Order Deny,Allow
	Deny from all
	Allow from 123.123.123.123
</IfModule>

# Apache 2.4+
<IfModule authz_core_module>
	<RequireAll>
		Require ip 123.123.123.123
	</RequireAll>
</IfModule>	

Basic HTTP Authentication


doc/INSTALL
doc/UPGRADE


This patch works locally with XAMPP for me, but it does not on our server.


In this process we should also update the install and upgrade file and use the markdown format for them.

Warning

Before you complete the update script, everybody who will browse to your WackoWiki will see it, too. So if you run a relatively high traffic site, you may want to lock down your Wacko installation temporarily by placing a file called lock_install into your Wacko directory; once Wacko sees it, it will ask for a username ('admin') and a password (whatever you put into that file). Don't forget to remove the lock_install file once you're done with upgrading!

HTTP authentication with PHP
Basic access authentication


Basic HTTP Authentication

<?php

// check for locking
if (@file_exists('locked'))
{
  // read password from lockfile
  $lines    = file('locked');
  $lockpw    = trim($lines[0]);

  // is authentification given?
  if (isset($_SERVER['PHP_AUTH_USER']))
  {
    if (!(($_SERVER['PHP_AUTH_USER'] == 'admin') && ($_SERVER['PHP_AUTH_PW'] == $lockpw)))
    {
      $ask = 1;
    }
  }
  else
  {
    $ask = 1;
  }

  if ($ask)
  {
    header('WWW-Authenticate: Basic realm="' . $db->site_name . ' Install/Upgrade Interface"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'This site is currently being upgraded. Please try again later.';
    exit;
    }
}

diff --git a/src/config/constants.php b/src/config/constants.php
index ce0e508..618184c 100644
--- a/src/config/constants.php
+++ b/src/config/constants.php
@@ -10,6 +10,7 @@
 const CONFIG_DEFAULTS                = 'config/config_defaults.php';
 const SITE_LOCK                        = 'config/lock';
 const AP_LOCK                        = 'config/lock_ap';
+const INSTALL_LOCK                    = 'config/lock_install';
 
 const ACTION_DIR                    = 'action';
 const LANG_DIR                        = 'lang';

diff --git a/src/class/installer.php b/src/class/installer.php
index 945ceaf..1ad12d6 100644
--- a/src/class/installer.php
+++ b/src/class/installer.php
@@ -12,11 +12,50 @@
 {
     static function run(&$db)
     {
+        // check for missing setup folder
         if (!file_exists('setup/header.php'))
         {
-            die("WackoWiki fatal error: setup/ folder is missing or empty. Please add the missing setup folder in order to upgrade your WackoWiki installation.");
+            header('HTTP/1.0 503 Service Unavailable'); // $http->status(503);
+            die('WackoWiki fatal error: setup/ folder is missing or empty. Please add the missing setup folder in order to upgrade your WackoWiki installation.');
         }
 
+        // check for install lock
+        if (@file_exists(INSTALL_LOCK))
+        {
+            // read password from lockfile
+            $lines        = file(INSTALL_LOCK);
+            $lock_pw    = trim($lines[0] ?? '');
+            $promt        = false;
+
+            if (!$lock_pw || strlen($lock_pw) < 10)
+            {
+                header('HTTP/1.0 503 Service Unavailable'); // $http->status(503);
+                die('WackoWiki fatal error: HTTP authentication password in ' . INSTALL_LOCK . ' is empty or too short. Please, use at least 10 characters to define your password.');
+            }
+
+            // is authentification given?
+            if (isset($_SERVER['PHP_AUTH_USER']))
+            {
+                if (!(($_SERVER['PHP_AUTH_USER'] == 'admin') && ($_SERVER['PHP_AUTH_PW'] == $lock_pw)))
+                {
+                    $promt = true;
+                }
+            }
+            else
+            {
+                $promt = true;
+            }
+
+            if ($promt)
+            {
+                header('WWW-Authenticate: Basic realm="' . $db->site_name . ' Install/Upgrade Interface"');
+                header('HTTP/1.0 401 Unauthorized'); // $http->status(401);
+                echo 'This site is currently being upgraded. Please try again later.';
+                exit;
+            }
+        }
+
+        // call installer
         if (!($install_action = trim(@$_REQUEST['installAction'])))
         {
             $install_action = 'lang';