search

fearless359 / simpleinvoices

Fearless359 SimpleInvoices beyond great beginnings
https://simpleinvoices.group
GNU General Public License v3.0
28 stars 7 forks source link

Empty database password not allowed #59

Closed gabbe closed 5 years ago

gabbe commented 5 years ago

When using an empty database password in custom.config.php, the "Initial Setup" message is displayed and you cannot continue.

This is due to line 133 in include/class/DbInfo.php

        if (empty($this->dbname) || empty($this->password) || empty($this->username)) {                                        
                throw new PdoDbException("DbInfo loadSectionInfo(): Missing one or more of dbname, password and username.");
        }

Either the check for empty password could be removed or the installation instructions could explicitly state that an empty password is not allowed. The error message would then need to be improved IMHO.

fearless359 commented 5 years ago

The solution is to supply a password. Non-protected databases is not something I believe this product should support.

gabbe commented 5 years ago

I agree that a database without a password is a bad idea. Still, I think the default config.php should contain a password (and helpful hint to change this) so new users aren't tricked by this. Maybe the "Initial Setup" message should mention it as well, since someone who tries the default settings would be without a clue to why they are not allowed to continue. If you want, I could try to write something - but be aware that English is not my primary language.

fearless359 commented 5 years ago

There are values in their fields in config.php:

database.params.host = localhost database.params.username = root database.params.password = password database.params.dbname = simple_invoices

If custom.config.php does not exist, it is made by a straight copy of the config.php file. So unless someone removes settings from custom.config.php, they should be set.

Do you know how your custom.config.php ended up without a password?

gabbe commented 5 years ago

I just cloned this repository (since I wanted to take advantage of the php7-support and your other great patches) and there was no password set in the default config.php?

fearless359 commented 5 years ago

OK. I was looking at the namespace_autoload version which does have the password. I updated the master version so it also has a password value. Sorry about the confusion.