X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=install%2Fsave.php;h=e6de3fe9297251518ee9e0a22e4a68f325365fbb;hb=492d633dd684e8308c7aafd5922ec52cbfc60498;hp=74403dd02bbf96cc933ccca45333b6092aae332e;hpb=da8311619dd73feae101d246a1957b972e00cbd2;p=fa-stable.git

diff --git a/install/save.php b/install/save.php
index 74403dd0..e6de3fe9 100644
--- a/install/save.php
+++ b/install/save.php
@@ -185,8 +185,8 @@ elseif (isset($_POST['world_writeable']) && $_POST['world_writeable'] == 'true')
 } 
 else 
 {
-	$file_mode = default_file_mode('../temp');
-	$dir_mode = default_dir_mode('../temp');
+	$file_mode = default_file_mode('../includes');
+	$dir_mode = default_dir_mode('../includes');
 }
 // End operating system specific code
 
@@ -253,7 +253,7 @@ else
 // End website company name
 
 // Check if the user has entered a correct path
-if (!file_exists($path_to_root.'/sql/basic.sql')) 
+if (!file_exists($path_to_root.'/sql/en_US-demo.sql')) 
 {
 	set_error('It appears the Absolute path that you entered is incorrect');
 }
@@ -340,9 +340,6 @@ if($install_tables == true)
 		mysql_query('CREATE DATABASE '.$database_name);
 		mysql_select_db($database_name, $db);
 	}	
-	$import_filename = $path_to_root."/sql/basic.sql";
-	if (!db_import($import_filename, $db_connections[$id]))
-		set_error("Import error, try to import $import_filename and $path_to_root/en_US-demo.sql manually via phpMyAdmin");
 	$import_filename = $path_to_root."/sql/en_US-demo.sql";
 	if (!db_import($import_filename, $db_connections[$id]))
 		set_error("Import error, try to import $import_filename manually via phpMyAdmin");
@@ -351,9 +348,9 @@ else
 {
 	mysql_select_db($database_name, $db);
 }
-$sql = "UPDATE ".$table_prefix."users SET password = '" . md5($admin_password) . "', email = '$admin_email' WHERE user_id = 'admin'";
+$sql = "UPDATE ".$table_prefix."users SET password = '" . md5($admin_password) . "', email = ".db_escape($admin_email)." WHERE user_id = 'admin'";
 db_query($sql, "could not update admin account");
-$sql = "UPDATE ".$table_prefix."company SET coy_name = '$company_name' WHERE coy_code = 1";
+$sql = "UPDATE ".$table_prefix."company SET coy_name = ".db_escape($company_name)." WHERE coy_code = 1";
 db_query($sql, "could not update company name. Do it manually later in Setup");
 
 session_unset();