database: Fix bug in function checkConfig()

Because of how this function was implemented, any failure during
database instance construction is treated the same way.  IE. we cannot
tell the difference between 'no db config' (as is the initial default
state) and a 'bad db config' (either bogus data, or the server happens
to be down).

Because of this, if, after the database access is initially set up,
access to the db becomes unavailable or someone makes a bad edit to the
dbconfig.php file, Scrott behaves as if it is being configured for the
first time.  This is *dangerous* behavior! (unexpected, at the least)

The implication of this is that if Scrott's database access is ever
incidentially interrupted, the very next visitor to the site is offered
the chance to (silently) reconfigure the server to point to any database
of his choosing.

This patch updates the checkConfig() function to only 'soft fail'
(return false) in the case where the configuration is _actually_
missing. IE. $_SCROTT['conf'] is not defined.  This function will
otherwise passthrough any and all exceptions which result from
instanciating the database instance and will only return true if both of
these steps succeed.

1 files changed, 4 insertions, 7 deletions

diff --git a/app/class/database.class.php b/app/class/database.class.php
index 3d94e16..a2cab42 100644
--- a/app/class/database.class.php
+++ b/app/class/database.class.php
@@ -104,15 +104,12 @@ abstract class database
      */
     public static function checkConfig() : bool
     {
-        try
-        {
-            $db = self::getInstance();
-        }
-        catch (Exception $e)
-        {
+        global $_SCROTT;
+
+        if (!isset($_SCROTT['conf']))
             return false;
-        }
 
+        $db = self::getInstance();
         return true;
     }