256
+ − 1 <?php
+ − 2
+ − 3 /*
+ − 4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ − 5 * Version 1.0.2 (Coblynau)
+ − 6 * Copyright (C) 2006-2007 Dan Fuhry
+ − 7 * install.php - handles everything related to installation and initial configuration
+ − 8 *
+ − 9 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11 *
+ − 12 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14 */
+ − 15
+ − 16 @include('config.php');
+ − 17 if( ( defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED') ) && ((isset($_GET['mode']) && ($_GET['mode']!='finish' && $_GET['mode']!='css')) || !isset($_GET['mode'])))
+ − 18 {
+ − 19 $_GET['title'] = 'Enano:Installation_locked';
+ − 20 require('includes/common.php');
+ − 21 die_friendly('Installation locked', '<p>The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.</p><p>If you wish to upgrade an older Enano installation to this version, please use the <a href="upgrade.php">upgrade script</a>.</p>');
+ − 22 exit;
+ − 23 }
+ − 24
+ − 25 define('IN_ENANO_INSTALL', 'true');
+ − 26
+ − 27 define('ENANO_VERSION', '1.0.2');
+ − 28 // In beta versions, define ENANO_BETA_VERSION here
+ − 29
+ − 30 if(!defined('scriptPath')) {
+ − 31 $sp = dirname($_SERVER['REQUEST_URI']);
+ − 32 if($sp == '/' || $sp == '\\') $sp = '';
+ − 33 define('scriptPath', $sp);
+ − 34 }
+ − 35
+ − 36 if(!defined('contentPath')) {
+ − 37 $sp = dirname($_SERVER['REQUEST_URI']);
+ − 38 if($sp == '/' || $sp == '\\') $sp = '';
+ − 39 define('contentPath', $sp);
+ − 40 }
+ − 41 global $_starttime, $this_page, $sideinfo;
+ − 42 $_starttime = microtime(true);
+ − 43
+ − 44 // Determine directory (special case for development servers)
+ − 45 if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
+ − 46 {
+ − 47 $filename = str_replace('/repo/', '/', __FILE__);
+ − 48 }
+ − 49 else
+ − 50 {
+ − 51 $filename = __FILE__;
+ − 52 }
+ − 53
+ − 54 define('ENANO_ROOT', dirname($filename));
+ − 55
+ − 56 function is_page($p)
+ − 57 {
+ − 58 return true;
+ − 59 }
+ − 60
+ − 61 require('includes/wikiformat.php');
+ − 62 require('includes/constants.php');
+ − 63 require('includes/rijndael.php');
+ − 64 require('includes/functions.php');
+ − 65
+ − 66 strip_magic_quotes_gpc();
+ − 67 $neutral_color = 'C';
+ − 68
+ − 69 //
+ − 70 // INSTALLER LIBRARY
+ − 71 //
+ − 72
+ − 73 function run_installer_stage($stage_id, $stage_name, $function, $failure_explanation, $allow_skip = true)
+ − 74 {
+ − 75 static $resumed = false;
+ − 76 static $resume_stack = array();
+ − 77
+ − 78 if ( empty($resume_stack) && isset($_POST['resume_stack']) && preg_match('/[a-z_]+((\|[a-z_]+)+)/', $_POST['resume_stack']) )
+ − 79 {
+ − 80 $resume_stack = explode('|', $_POST['resume_stack']);
+ − 81 }
+ − 82
+ − 83 $already_run = false;
+ − 84 if ( in_array($stage_id, $resume_stack) )
+ − 85 {
+ − 86 $already_run = true;
+ − 87 }
+ − 88
+ − 89 if ( !$resumed )
+ − 90 {
+ − 91 if ( !isset($_GET['stage']) )
+ − 92 $resumed = true;
+ − 93 if ( isset($_GET['stage']) && $_GET['stage'] == $stage_id )
+ − 94 {
+ − 95 $resumed = true;
+ − 96 }
+ − 97 }
+ − 98 if ( !$resumed && $allow_skip )
+ − 99 {
267
+ − 100 echo_stage_success($stage_id, $stage_name);
256
+ − 101 return false;
+ − 102 }
+ − 103 if ( !function_exists($function) )
+ − 104 die('libenanoinstall: CRITICAL: function "' . $function . '" for ' . $stage_id . ' doesn\'t exist');
+ − 105 $result = @call_user_func($function, false, $already_run);
+ − 106 if ( $result )
+ − 107 {
+ − 108 echo_stage_success($stage_id, $stage_name);
+ − 109 $resume_stack[] = $stage_id;
+ − 110 return true;
+ − 111 }
+ − 112 else
+ − 113 {
+ − 114 echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack);
+ − 115 return false;
+ − 116 }
+ − 117 }
+ − 118
+ − 119 function start_install_table()
+ − 120 {
+ − 121 echo '<table border="0" cellspacing="0" cellpadding="0">' . "\n";
+ − 122 }
+ − 123
+ − 124 function close_install_table()
+ − 125 {
+ − 126 echo '</table>' . "\n\n";
+ − 127 }
+ − 128
+ − 129 function echo_stage_success($stage_id, $stage_name)
+ − 130 {
+ − 131 global $neutral_color;
+ − 132 $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
+ − 133 ob_start();
+ − 134 echo '<tr><td style="width: 500px; background-color: #' . "{$neutral_color}{$neutral_color}FF{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Done" src="images/good.gif" /></td></tr>' . "\n";
+ − 135 ob_end_flush();
+ − 136 }
+ − 137
+ − 138 function echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack)
+ − 139 {
+ − 140 global $neutral_color;
+ − 141
+ − 142 $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
+ − 143 ob_start();
+ − 144 echo '<tr><td style="width: 500px; background-color: #' . "FF{$neutral_color}{$neutral_color}{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Failed" src="images/bad.gif" /></td></tr>' . "\n";
+ − 145 ob_end_flush();
+ − 146 close_install_table();
+ − 147 $post_data = '';
+ − 148 $mysql_error = mysql_error();
+ − 149 foreach ( $_POST as $key => $value )
+ − 150 {
269
+ − 151 // FIXME: These should really also be sanitized for double quotes
256
+ − 152 $value = htmlspecialchars($value);
+ − 153 $key = htmlspecialchars($key);
+ − 154 $post_data .= " <input type=\"hidden\" name=\"$key\" value=\"$value\" />\n";
+ − 155 }
+ − 156 echo '<form action="install.php?mode=install&stage=' . $stage_id . '" method="post">
+ − 157 ' . $post_data . '
+ − 158 <input type="hidden" name="resume_stack" value="' . htmlspecialchars(implode('|', $resume_stack)) . '" />
+ − 159 <h3>Enano installation failed.</h3>
+ − 160 <p>' . $failure_explanation . '</p>
+ − 161 ' . ( !empty($mysql_error) ? "<p>The error returned from MySQL was: $mysql_error</p>" : '' ) . '
+ − 162 <p>When you have corrected the error, click the button below to attempt to continue the installation.</p>
+ − 163 <p style="text-align: center;"><input type="submit" value="Retry installation" /></p>
+ − 164 </form>';
+ − 165 global $template, $template_bak;
+ − 166 if ( is_object($template_bak) )
+ − 167 $template_bak->footer();
+ − 168 else
+ − 169 $template->footer();
+ − 170 exit;
+ − 171 }
+ − 172
+ − 173 //
+ − 174 // INSTALLER STAGES
+ − 175 //
+ − 176
+ − 177 function stg_mysql_connect($act_get = false)
+ − 178 {
+ − 179 static $conn = false;
+ − 180 if ( $act_get )
+ − 181 return $conn;
+ − 182
258
+ − 183 $db_user =& $_POST['db_user'];
+ − 184 $db_pass =& $_POST['db_pass'];
+ − 185 $db_name =& $_POST['db_name'];
256
+ − 186
258
+ − 187 if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) )
+ − 188 {
+ − 189 $db_name = htmlspecialchars($db_name);
+ − 190 die("<p>SECURITY: malformed database name \"$db_name\"</p>");
+ − 191 }
256
+ − 192
+ − 193 // First, try to connect using the normal credentials
+ − 194 $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+ − 195 if ( !$conn )
+ − 196 {
+ − 197 // Connection failed. Do we have the root username and password?
+ − 198 if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+ − 199 {
+ − 200 $conn_root = @mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
+ − 201 if ( !$conn_root )
+ − 202 {
+ − 203 // Couldn't connect using either set of credentials. Bail out.
+ − 204 return false;
+ − 205 }
258
+ − 206 unset($db_user, $db_pass);
+ − 207 $db_user = mysql_real_escape_string($_POST['db_user']);
+ − 208 $db_pass = mysql_real_escape_string($_POST['db_pass']);
256
+ − 209 // Create the user account
+ − 210 $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root);
+ − 211 if ( !$q )
+ − 212 {
+ − 213 return false;
+ − 214 }
+ − 215 // Revoke privileges from test, we don't need them
+ − 216 $q = @mysql_query("REVOKE ALL PRIVILEGES ON test.* FROM '{$db_user}'@'localhost';", $conn_root);
+ − 217 if ( !$q )
+ − 218 {
+ − 219 return false;
+ − 220 }
+ − 221 if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' )
+ − 222 {
+ − 223 // If not connecting to a server running on localhost, allow from any host
+ − 224 // this is safer than trying to detect the hostname of the webserver, but less secure
+ − 225 $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'%' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root);
+ − 226 if ( !$q )
+ − 227 {
+ − 228 return false;
+ − 229 }
+ − 230 // Revoke privileges from test, we don't need them
+ − 231 $q = @mysql_query("REVOKE ALL PRIVILEGES ON test.* FROM '{$db_user}'@'%';", $conn_root);
+ − 232 if ( !$q )
+ − 233 {
+ − 234 return false;
+ − 235 }
+ − 236 }
258
+ − 237 mysql_close($conn_root);
+ − 238 $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+ − 239 if ( !$conn )
+ − 240 {
+ − 241 // This should honestly never happen.
+ − 242 return false;
+ − 243 }
256
+ − 244 }
+ − 245 }
258
+ − 246 $q = @mysql_query("USE `$db_name`;", $conn);
256
+ − 247 if ( !$q )
+ − 248 {
+ − 249 // access denied to the database; try the whole root schenanegan again
+ − 250 if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+ − 251 {
+ − 252 $conn_root = @mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
+ − 253 if ( !$conn_root )
+ − 254 {
+ − 255 // Couldn't connect as root; bail out
+ − 256 return false;
+ − 257 }
+ − 258 // create the database, if it doesn't exist
258
+ − 259 $q = @mysql_query("CREATE DATABASE IF NOT EXISTS `$db_name`;", $conn_root);
256
+ − 260 if ( !$q )
+ − 261 {
+ − 262 // this really should never fail, so don't give any tolerance to it
+ − 263 return false;
+ − 264 }
258
+ − 265 unset($db_user, $db_pass);
+ − 266 $db_user = mysql_real_escape_string($_POST['db_user']);
+ − 267 $db_pass = mysql_real_escape_string($_POST['db_pass']);
256
+ − 268 // we're in with root rights; grant access to the database
258
+ − 269 $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'localhost';", $conn_root);
256
+ − 270 if ( !$q )
+ − 271 {
+ − 272 return false;
+ − 273 }
+ − 274 if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' )
+ − 275 {
258
+ − 276 $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'%';", $conn_root);
256
+ − 277 if ( !$q )
+ − 278 {
+ − 279 return false;
+ − 280 }
+ − 281 }
258
+ − 282 mysql_close($conn_root);
+ − 283 // grant tables have hopefully been flushed, kill and reconnect our regular user connection
+ − 284 mysql_close($conn);
+ − 285 $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+ − 286 if ( !$conn )
+ − 287 {
+ − 288 return false;
+ − 289 }
256
+ − 290 }
+ − 291 else
+ − 292 {
+ − 293 return false;
+ − 294 }
+ − 295 // try again
258
+ − 296 $q = @mysql_query("USE `$db_name`;", $conn);
256
+ − 297 if ( !$q )
+ − 298 {
+ − 299 // really failed this time; bail out
+ − 300 return false;
+ − 301 }
+ − 302 }
+ − 303 // connected and database exists
+ − 304 return true;
+ − 305 }
+ − 306
+ − 307 function stg_drop_tables()
+ − 308 {
+ − 309 $conn = stg_mysql_connect(true);
+ − 310 if ( !$conn )
+ − 311 return false;
+ − 312 // Our list of tables included in Enano
+ − 313 $tables = Array( 'categories', 'comments', 'config', 'logs', 'page_text', 'session_keys', 'pages', 'users', 'users_extra', 'themes', 'buddies', 'banlist', 'files', 'privmsgs', 'sidebar', 'hits', 'search_index', 'groups', 'group_members', 'acl', 'search_cache', 'tags', 'page_groups', 'page_group_members' );
+ − 314
+ − 315 // Drop each table individually; if it fails, it probably means we're trying to drop a
+ − 316 // table that didn't exist in the Enano version we're deleting the database for.
+ − 317 foreach ( $tables as $table )
+ − 318 {
+ − 319 // Remember that table_prefix is sanitized.
+ − 320 $table = "{$_POST['table_prefix']}$table";
+ − 321 @mysql_query("DROP TABLE $table;", $conn);
+ − 322 }
+ − 323 return true;
+ − 324 }
+ − 325
+ − 326 function stg_decrypt_admin_pass($act_get = false)
+ − 327 {
+ − 328 static $decrypted_pass = false;
+ − 329 if ( $act_get )
+ − 330 return $decrypted_pass;
+ − 331
+ − 332 $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ − 333
+ − 334 if ( !empty($_POST['crypt_data']) )
+ − 335 {
+ − 336 require('config.new.php');
+ − 337 if ( !isset($cryptkey) )
+ − 338 {
+ − 339 return false;
+ − 340 }
+ − 341 define('_INSTRESUME_AES_KEYBACKUP', $key);
+ − 342 $key = hexdecode($cryptkey);
+ − 343
+ − 344 $decrypted_pass = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
+ − 345
+ − 346 }
+ − 347 else
+ − 348 {
+ − 349 $decrypted_pass = $_POST['admin_pass'];
+ − 350 }
+ − 351 if ( empty($decrypted_pass) )
+ − 352 return false;
+ − 353 return true;
+ − 354 }
+ − 355
+ − 356 function stg_generate_aes_key($act_get = false)
+ − 357 {
+ − 358 static $key = false;
+ − 359 if ( $act_get )
+ − 360 return $key;
+ − 361
+ − 362 $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ − 363 $key = $aes->gen_readymade_key();
+ − 364 return true;
+ − 365 }
+ − 366
+ − 367 function stg_parse_schema($act_get = false)
+ − 368 {
+ − 369 static $schema;
+ − 370 if ( $act_get )
+ − 371 return $schema;
+ − 372
+ − 373 $admin_pass = stg_decrypt_admin_pass(true);
+ − 374 $key = stg_generate_aes_key(true);
+ − 375 $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ − 376 $key = $aes->hextostring($key);
+ − 377 $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
+ − 378
+ − 379 $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
+ − 380
+ − 381 $schema = file_get_contents('schema.sql');
+ − 382 $schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string($_POST['sitename'] ), $schema);
+ − 383 $schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string($_POST['sitedesc'] ), $schema);
+ − 384 $schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string($_POST['copyright'] ), $schema);
+ − 385 $schema = str_replace('{{ADMIN_USER}}', mysql_real_escape_string($_POST['admin_user'] ), $schema);
+ − 386 $schema = str_replace('{{ADMIN_PASS}}', mysql_real_escape_string($admin_pass ), $schema);
+ − 387 $schema = str_replace('{{ADMIN_EMAIL}}', mysql_real_escape_string($_POST['admin_email']), $schema);
+ − 388 $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff ), $schema);
+ − 389 $schema = str_replace('{{REAL_NAME}}', '', $schema);
+ − 390 $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema);
+ − 391 $schema = str_replace('{{VERSION}}', ENANO_VERSION, $schema);
+ − 392 $schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'], $schema);
+ − 393 // Not anymore!! :-D
+ − 394 // $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION, $schema);
+ − 395
+ − 396 if(isset($_POST['wiki_mode']))
+ − 397 {
+ − 398 $schema = str_replace('{{WIKI_MODE}}', '1', $schema);
+ − 399 }
+ − 400 else
+ − 401 {
+ − 402 $schema = str_replace('{{WIKI_MODE}}', '0', $schema);
+ − 403 }
+ − 404
+ − 405 // Build an array of queries
+ − 406 $schema = explode("\n", $schema);
+ − 407
+ − 408 foreach ( $schema as $i => $sql )
+ − 409 {
+ − 410 $query =& $schema[$i];
+ − 411 $t = trim($query);
+ − 412 if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
+ − 413 {
+ − 414 unset($schema[$i]);
+ − 415 unset($query);
+ − 416 }
+ − 417 }
+ − 418
+ − 419 $schema = array_values($schema);
+ − 420 $schema = implode("\n", $schema);
+ − 421 $schema = explode(";\n", $schema);
+ − 422
+ − 423 foreach ( $schema as $i => $sql )
+ − 424 {
+ − 425 $query =& $schema[$i];
+ − 426 if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' )
+ − 427 {
+ − 428 $query .= ';';
+ − 429 }
+ − 430 }
+ − 431
+ − 432 return true;
+ − 433 }
+ − 434
+ − 435 function stg_install($_unused, $already_run)
+ − 436 {
+ − 437 // This one's pretty easy.
+ − 438 $conn = stg_mysql_connect(true);
+ − 439 if ( !is_resource($conn) )
+ − 440 return false;
+ − 441 $schema = stg_parse_schema(true);
+ − 442 if ( !is_array($schema) )
+ − 443 return false;
+ − 444
+ − 445 // If we're resuming installation, the encryption key was regenerated.
+ − 446 // This means we'll have to update the encrypted password in the database.
+ − 447 if ( $already_run )
+ − 448 {
+ − 449 $admin_pass = stg_decrypt_admin_pass(true);
+ − 450 $key = stg_generate_aes_key(true);
+ − 451 $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ − 452 $key = $aes->hextostring($key);
+ − 453 $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
+ − 454 $admin_user = mysql_real_escape_string($_POST['admin_user']);
+ − 455
+ − 456 $q = @mysql_query("UPDATE {$_POST['table_prefix']}users SET password='$admin_pass' WHERE username='$admin_user';");
+ − 457 if ( !$q )
+ − 458 {
+ − 459 echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
+ − 460 return false;
+ − 461 }
+ − 462
+ − 463 return true;
+ − 464 }
+ − 465
+ − 466 // OK, do the loop, baby!!!
+ − 467 foreach($schema as $q)
+ − 468 {
+ − 469 $r = mysql_query($q, $conn);
+ − 470 if ( !$r )
+ − 471 {
+ − 472 echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
+ − 473 return false;
+ − 474 }
+ − 475 }
+ − 476
+ − 477 return true;
+ − 478 }
+ − 479
+ − 480 function stg_write_config()
+ − 481 {
+ − 482 $privkey = stg_generate_aes_key(true);
+ − 483
+ − 484 switch($_POST['urlscheme'])
+ − 485 {
+ − 486 case "ugly":
+ − 487 default:
+ − 488 $cp = scriptPath.'/index.php?title=';
+ − 489 break;
+ − 490 case "short":
+ − 491 $cp = scriptPath.'/index.php/';
+ − 492 break;
+ − 493 case "tiny":
+ − 494 $cp = scriptPath.'/';
+ − 495 break;
+ − 496 }
+ − 497
+ − 498 if ( $_POST['urlscheme'] == 'tiny' )
+ − 499 {
+ − 500 $contents = '# Begin Enano rules
+ − 501 RewriteEngine on
+ − 502 RewriteCond %{REQUEST_FILENAME} !-d
+ − 503 RewriteCond %{REQUEST_FILENAME} !-f
+ − 504 RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA]
+ − 505 RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L]
+ − 506 # End Enano rules
+ − 507 ';
+ − 508 if ( file_exists('./.htaccess') )
+ − 509 $ht = fopen(ENANO_ROOT.'/.htaccess', 'a+');
+ − 510 else
+ − 511 $ht = fopen(ENANO_ROOT.'/.htaccess.new', 'w');
+ − 512 if ( !$ht )
+ − 513 return false;
+ − 514 fwrite($ht, $contents);
+ − 515 fclose($ht);
+ − 516 }
+ − 517
+ − 518 $config_file = '<?php
+ − 519 /* Enano auto-generated configuration file - editing not recommended! */
+ − 520 $dbhost = \''.addslashes($_POST['db_host']).'\';
+ − 521 $dbname = \''.addslashes($_POST['db_name']).'\';
+ − 522 $dbuser = \''.addslashes($_POST['db_user']).'\';
+ − 523 $dbpasswd = \''.addslashes($_POST['db_pass']).'\';
+ − 524 if ( !defined(\'ENANO_CONSTANTS\') )
+ − 525 {
+ − 526 define(\'ENANO_CONSTANTS\', \'\');
+ − 527 define(\'table_prefix\', \''.addslashes($_POST['table_prefix']).'\');
+ − 528 define(\'scriptPath\', \''.scriptPath.'\');
+ − 529 define(\'contentPath\', \''.$cp.'\');
+ − 530 define(\'ENANO_INSTALLED\', \'true\');
+ − 531 }
+ − 532 $crypto_key = \''.$privkey.'\';
+ − 533 ?>';
+ − 534
+ − 535 $cf_handle = fopen(ENANO_ROOT.'/config.new.php', 'w');
+ − 536 if ( !$cf_handle )
+ − 537 return false;
+ − 538 fwrite($cf_handle, $config_file);
+ − 539
+ − 540 fclose($cf_handle);
+ − 541
+ − 542 return true;
+ − 543 }
+ − 544
+ − 545 function _stg_rename_config_revert()
+ − 546 {
+ − 547 if ( file_exists('./config.php') )
+ − 548 {
+ − 549 @rename('./config.php', './config.new.php');
+ − 550 }
+ − 551
+ − 552 $handle = @fopen('./config.php.new', 'w');
+ − 553 if ( !$handle )
+ − 554 return false;
+ − 555 $contents = '<?php $cryptkey = \'' . _INSTRESUME_AES_KEYBACKUP . '\'; ?>';
+ − 556 fwrite($handle, $contents);
+ − 557 fclose($handle);
+ − 558 return true;
+ − 559 }
+ − 560
+ − 561 function stg_rename_config()
+ − 562 {
+ − 563 if ( !@rename('./config.new.php', './config.php') )
+ − 564 {
+ − 565 echo '<p>Can\'t rename config.php</p>';
+ − 566 _stg_rename_config_revert();
+ − 567 return false;
+ − 568 }
+ − 569
+ − 570 if ( $_POST['urlscheme'] == 'tiny' && !file_exists('./.htaccess') )
+ − 571 {
+ − 572 if ( !@rename('./.htaccess.new', './.htaccess') )
+ − 573 {
+ − 574 echo '<p>Can\'t rename .htaccess</p>';
+ − 575 _stg_rename_config_revert();
+ − 576 return false;
+ − 577 }
+ − 578 }
+ − 579 return true;
+ − 580 }
+ − 581
+ − 582 function stg_start_api_success()
+ − 583 {
+ − 584 return true;
+ − 585 }
+ − 586
+ − 587 function stg_start_api_failure()
+ − 588 {
+ − 589 return false;
+ − 590 }
+ − 591
+ − 592 function stg_init_logs()
+ − 593 {
+ − 594 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 595
+ − 596 $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');');
+ − 597 if ( !$q )
+ − 598 {
+ − 599 echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
+ − 600 return false;
+ − 601 }
+ − 602
+ − 603 if ( !$session->get_permissions('clear_logs') )
+ − 604 {
+ − 605 echo '<p><tt>$session: denied clear_logs</tt></p>';
+ − 606 return false;
+ − 607 }
+ − 608
+ − 609 PageUtils::flushlogs('Main_Page', 'Article');
+ − 610
+ − 611 return true;
+ − 612 }
+ − 613
+ − 614 //die('Key size: ' . AES_BITS . '<br />Block size: ' . AES_BLOCKSIZE);
+ − 615
+ − 616 if(!function_exists('wikiFormat'))
+ − 617 {
+ − 618 function wikiFormat($message, $filter_links = true)
+ − 619 {
+ − 620 $wiki = & Text_Wiki::singleton('Mediawiki');
+ − 621 $wiki->setRenderConf('Xhtml', 'code', 'css_filename', 'codefilename');
+ − 622 $wiki->setRenderConf('Xhtml', 'wikilink', 'view_url', contentPath);
+ − 623 $result = $wiki->transform($message, 'Xhtml');
+ − 624
+ − 625 // HTML fixes
+ − 626 $result = preg_replace('#<tr>([\s]*?)<\/tr>#is', '', $result);
+ − 627 $result = preg_replace('#<p>([\s]*?)<\/p>#is', '', $result);
+ − 628 $result = preg_replace('#<br />([\s]*?)<table#is', '<table', $result);
+ − 629
+ − 630 return $result;
+ − 631 }
+ − 632 }
+ − 633
+ − 634 global $failed, $warned;
+ − 635
+ − 636 $failed = false;
+ − 637 $warned = false;
+ − 638
+ − 639 function not($var)
+ − 640 {
+ − 641 if($var)
+ − 642 {
+ − 643 return false;
+ − 644 }
+ − 645 else
+ − 646 {
+ − 647 return true;
+ − 648 }
+ − 649 }
+ − 650
+ − 651 function run_test($code, $desc, $extended_desc, $warn = false)
+ − 652 {
+ − 653 global $failed, $warned;
+ − 654 static $cv = true;
+ − 655 $cv = not($cv);
+ − 656 $val = eval($code);
+ − 657 if($val)
+ − 658 {
+ − 659 if($cv) $color='CCFFCC'; else $color='AAFFAA';
+ − 660 echo "<tr><td style='background-color: #$color; width: 500px;'>$desc</td><td style='padding-left: 10px;'><img alt='Test passed' src='images/good.gif' /></td></tr>";
+ − 661 } elseif(!$val && $warn) {
+ − 662 if($cv) $color='FFFFCC'; else $color='FFFFAA';
+ − 663 echo "<tr><td style='background-color: #$color; width: 500px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test passed with warning' src='images/unknown.gif' /></td></tr>";
+ − 664 $warned = true;
+ − 665 } else {
+ − 666 if($cv) $color='FFCCCC'; else $color='FFAAAA';
+ − 667 echo "<tr><td style='background-color: #$color; width: 500px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test failed' src='images/bad.gif' /></td></tr>";
+ − 668 $failed = true;
+ − 669 }
+ − 670 }
+ − 671 function is_apache() { $r = strstr($_SERVER['SERVER_SOFTWARE'], 'Apache') ? true : false; return $r; }
+ − 672
+ − 673 require_once('includes/template.php');
+ − 674
+ − 675 if(!isset($_GET['mode'])) $_GET['mode'] = 'welcome';
+ − 676 switch($_GET['mode'])
+ − 677 {
+ − 678 case 'mysql_test':
+ − 679 error_reporting(0);
+ − 680 $dbhost = rawurldecode($_POST['host']);
+ − 681 $dbname = rawurldecode($_POST['name']);
+ − 682 $dbuser = rawurldecode($_POST['user']);
+ − 683 $dbpass = rawurldecode($_POST['pass']);
+ − 684 $dbrootuser = rawurldecode($_POST['root_user']);
+ − 685 $dbrootpass = rawurldecode($_POST['root_pass']);
+ − 686 if($dbrootuser != '')
+ − 687 {
+ − 688 $conn = mysql_connect($dbhost, $dbrootuser, $dbrootpass);
+ − 689 if(!$conn)
+ − 690 {
+ − 691 $e = mysql_error();
+ − 692 if(strstr($e, "Lost connection"))
+ − 693 die('host'.$e);
+ − 694 else
+ − 695 die('root'.$e);
+ − 696 }
+ − 697 $rsp = 'good';
257
+ − 698 $q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
256
+ − 699 if(!$q)
+ − 700 {
+ − 701 $e = mysql_error();
+ − 702 if(strstr($e, 'Unknown database'))
+ − 703 {
+ − 704 $rsp .= '_creating_db';
+ − 705 }
+ − 706 }
+ − 707 mysql_close($conn);
+ − 708 $conn = mysql_connect($dbhost, $dbuser, $dbpass);
+ − 709 if(!$conn)
+ − 710 {
+ − 711 $e = mysql_error();
+ − 712 if(strstr($e, "Lost connection"))
+ − 713 die('host'.$e);
+ − 714 else
+ − 715 $rsp .= '_creating_user';
+ − 716 }
+ − 717 mysql_close($conn);
+ − 718 die($rsp);
+ − 719 }
+ − 720 else
+ − 721 {
+ − 722 $conn = mysql_connect($dbhost, $dbuser, $dbpass);
+ − 723 if(!$conn)
+ − 724 {
+ − 725 $e = mysql_error();
+ − 726 if(strstr($e, "Lost connection"))
+ − 727 die('host'.$e);
+ − 728 else
+ − 729 die('auth'.$e);
+ − 730 }
257
+ − 731 $q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
256
+ − 732 if(!$q)
+ − 733 {
+ − 734 $e = mysql_error();
+ − 735 if(strstr($e, 'Unknown database'))
+ − 736 {
+ − 737 die('name'.$e);
+ − 738 }
+ − 739 else
+ − 740 {
+ − 741 die('perm'.$e);
+ − 742 }
+ − 743 }
+ − 744 }
+ − 745 $v = mysql_get_server_info();
+ − 746 if(version_compare($v, '4.1.17', '<')) die('vers'.$v);
+ − 747 mysql_close($conn);
+ − 748 die('good');
+ − 749 break;
+ − 750 case 'pophelp':
+ − 751 $topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid';
+ − 752 switch($topic)
+ − 753 {
+ − 754 case 'admin_embed_php':
+ − 755 $title = 'Allow administrators to embed PHP';
+ − 756 $content = '<p>This option allows you to control whether anything between the standard <?php and ?> tags will be treated as
+ − 757 PHP code by Enano. If this option is enabled, and members of the Administrators group use these tags, Enano will
+ − 758 execute that code when the page is loaded. There are obvious potential security implications here, which should
+ − 759 be carefully considered before enabling this option.</p>
+ − 760 <p>If you are the only administrator of this site, or if you have a high level of trust for those will be administering
+ − 761 the site with you, you should enable this to allow extreme customization of pages.</p>
+ − 762 <p>Leave this option off if you are at all concerned about security – if your account is compromised and PHP embedding
+ − 763 is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to
+ − 764 embed Javascript and arbitrary HTML and CSS.</p>
+ − 765 <p>If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time
+ − 766 using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection. <!-- , or by
+ − 767 using the "embedded PHP kill switch" in the administration panel. --></p>';
+ − 768 break;
+ − 769 default:
+ − 770 $title = 'Invalid topic';
+ − 771 $content = 'Invalid help topic.';
+ − 772 break;
+ − 773 }
+ − 774 echo <<<EOF
+ − 775 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+ − 776 <html>
+ − 777 <head>
+ − 778 <title>Enano installation quick help • {$title}</title>
+ − 779 <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
+ − 780 <style type="text/css">
+ − 781 body {
+ − 782 font-family: trebuchet ms, verdana, arial, helvetica, sans-serif;
+ − 783 font-size: 9pt;
+ − 784 }
+ − 785 h2 { border-bottom: 1px solid #90B0D0; margin-bottom: 0; }
+ − 786 h3 { font-size: 11pt; font-weight: bold; }
+ − 787 li { list-style: url(../images/bullet.gif); }
+ − 788 p { margin: 1.0em; }
+ − 789 blockquote { background-color: #F4F4F4; border: 1px dotted #406080; margin: 1em; padding: 10px; max-height: 250px; overflow: auto; }
+ − 790 a { color: #7090B0; }
+ − 791 a:hover { color: #90B0D0; }
+ − 792 </style>
+ − 793 </head>
+ − 794 <body>
+ − 795 <h2>{$title}</h2>
+ − 796 {$content}
+ − 797 <p style="text-align: right;">
+ − 798 <a href="#" onclick="window.close(); return false;">Close window</a>
+ − 799 </p>
+ − 800 </body>
+ − 801 </html>
+ − 802 EOF;
+ − 803 exit;
+ − 804 break;
+ − 805 default:
+ − 806 break;
+ − 807 }
+ − 808
+ − 809 $template = new template_nodb();
+ − 810 $template->load_theme('oxygen', 'bleu', false);
+ − 811
+ − 812 $modestrings = Array(
+ − 813 'welcome' => 'Welcome',
+ − 814 'license' => 'License Agreement',
+ − 815 'sysreqs' => 'Server requirements',
+ − 816 'database'=> 'Database information',
+ − 817 'website' => 'Website configuration',
+ − 818 'login' => 'Administration login',
+ − 819 'confirm' => 'Confirm installation',
+ − 820 'install' => 'Database installation',
+ − 821 'finish' => 'Installation complete'
+ − 822 );
+ − 823
+ − 824 $sideinfo = '';
+ − 825 $vars = $template->extract_vars('elements.tpl');
+ − 826 $p = $template->makeParserText($vars['sidebar_button']);
+ − 827 foreach ( $modestrings as $id => $str )
+ − 828 {
+ − 829 if ( $_GET['mode'] == $id )
+ − 830 {
+ − 831 $flags = 'style="font-weight: bold; text-decoration: underline;"';
+ − 832 $this_page = $str;
+ − 833 }
+ − 834 else
+ − 835 {
+ − 836 $flags = '';
+ − 837 }
+ − 838 $p->assign_vars(Array(
+ − 839 'HREF' => '#',
+ − 840 'FLAGS' => $flags . ' onclick="return false;"',
+ − 841 'TEXT' => $str
+ − 842 ));
+ − 843 $sideinfo .= $p->run();
+ − 844 }
+ − 845
+ − 846 $template->init_vars();
+ − 847
+ − 848 if(isset($_GET['mode']) && $_GET['mode'] == 'css')
+ − 849 {
+ − 850 header('Content-type: text/css');
+ − 851 echo $template->get_css();
+ − 852 exit;
+ − 853 }
+ − 854
+ − 855 $template->header();
+ − 856 if(!isset($_GET['mode'])) $_GET['mode'] = 'license';
+ − 857 switch($_GET['mode'])
+ − 858 {
+ − 859 default:
+ − 860 case 'welcome':
+ − 861 ?>
+ − 862 <div style="text-align: center; margin-top: 10px;">
+ − 863 <img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-blue.png" style="display: block; margin: 0 auto; padding-left: 100px;" />
+ − 864 <h2>Welcome to Enano</h2>
+ − 865 <h3>version 1.0.2 – stable<br />
+ − 866 <span style="font-weight: normal;">also affectionately known as "coblynau" <tt>:)</tt></span></h3>
+ − 867 <?php
+ − 868 if ( file_exists('./_nightly.php') )
+ − 869 {
+ − 870 echo '<div class="warning-box" style="text-align: left; margin: 10px 0;"><b>You are about to install a NIGHTLY BUILD of Enano.</b><br />Nightly builds are NOT upgradeable and may contain serious flaws, security problems, or extraneous debugging information. Installing this version of Enano on a production site is NOT recommended.</div>';
+ − 871 }
+ − 872 ?>
+ − 873 <form action="install.php?mode=license" method="post">
+ − 874 <input type="submit" value="Start installation" />
+ − 875 </form>
+ − 876 </div>
+ − 877 <?php
+ − 878 break;
+ − 879 case "license":
+ − 880 ?>
+ − 881 <h3>Welcome to the Enano installer.</h3>
+ − 882 <p>Thank you for choosing Enano as your CMS. You've selected the finest in design, the strongest in security, and the latest in Web 2.0 toys. Trust us, you'll like it.</p>
+ − 883 <p>To get started, please read and accept the following license agreement. You've probably seen it before.</p>
+ − 884 <div style="height: 500px; clip: rect(0px,auto,500px,auto); overflow: auto; padding: 10px; border: 1px dashed #456798; margin: 1em;">
+ − 885 <h2>GNU General Public License</h2>
+ − 886 <h3>Declaration of license usage</h3>
+ − 887 <p>Enano is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.</p>
+ − 888 <p>This program is distributed in the hope that it will be useful, but <u>without any warranty</u>; without even the implied warranty of <u>merchantability</u> or <u>fitness for a particular purpose</u>. See the GNU General Public License (below) for more details.</p>
+ − 889 <p><b>By clicking the button below or otherwise continuing the installation, you indicate your acceptance of this license agreement.</b></p>
+ − 890 <h3>Human-readable version</h3>
+ − 891 <p>Enano is distributed under certain licensing terms that we believe make it of the greatest possible use to the public. The license we distribute it under, the GNU General Public License, provides certain terms and conditions that, rather than limit your use of Enano, allow you to get the most out of it. If you would like to read the full text, it can be found below. Here is a human-readable version that we think is a little easier to understand.</p>
+ − 892 <ul>
+ − 893 <li>You may to run Enano for any purpose.</li>
+ − 894 <li>You may study how Enano works and adapt it to your needs.</li>
+ − 895 <li>You may redistribute copies so you can help your neighbor.</li>
+ − 896 <li>You may improve Enano and release your improvements to the public, so that the whole community benefits.</li>
+ − 897 </ul>
+ − 898 <p>You may exercise the freedoms specified here provided that you comply with the express conditions of this license. The principal conditions are:</p>
+ − 899 <ul>
+ − 900 <li>You must conspicuously and appropriately publish on each copy distributed an appropriate copyright notice and disclaimer of warranty and keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of Enano a copy of the GNU General Public License along with Enano. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.</li>
+ − 901 <li>If you modify your copy or copies of Enano or any portion of it, or develop a program based upon it, you may distribute the resulting work provided you do so under the GNU General Public License. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.</li>
+ − 902 <li>If you copy or distribute Enano, you must accompany it with the complete corresponding machine-readable source code or with a written offer, valid for at least three years, to furnish the complete corresponding machine-readable source code.</li>
+ − 903 </ul>
+ − 904 <p><b>Disclaimer</b>: The above text is not a license. It is simply a handy reference for understanding the Legal Code (the full license) – it is a human-readable expression of some of its key terms. Think of it as the user-friendly interface to the Legal Code beneath. The above text itself has no legal value, and its contents do not appear in the actual license.<br /><span style="color: #CCC">Text copied from the <a href="http://creativecommons.org/licenses/GPL/2.0/">Creative Commons GPL Deed page</a></span></p>
+ − 905 <?php
+ − 906 if ( defined('ENANO_BETA_VERSION') )
+ − 907 {
+ − 908 ?>
+ − 909 <h3>Notice for prerelease versions</h3>
+ − 910 <p>This version of Enano is designed only for testing and evaluation purposes. <b>It is not yet completely stable, and should not be used on production websites.</b> As with any Enano version, Dan Fuhry and the Enano team cannot be responsible for any damage, physical or otherwise, to any property as a result of the use of Enano. While security is a number one priority, sometimes things slip through.</p>
+ − 911 <?php
+ − 912 }
+ − 913 ?>
+ − 914 <h3>Lawyer-readable version</h3>
+ − 915 <?php echo wikiFormat(file_get_contents(ENANO_ROOT . '/GPL')); ?>
+ − 916 </div>
+ − 917 <div class="pagenav">
+ − 918 <form action="install.php?mode=sysreqs" method="post">
+ − 919 <table border="0">
+ − 920 <tr>
+ − 921 <td><input type="submit" value="I agree to the license terms" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Ensure that you agree with the terms of the license<br />• Have your database host, name, username, and password available</p></td>
+ − 922 </tr>
+ − 923 </table>
+ − 924 </form>
+ − 925 </div>
+ − 926 <?php
+ − 927 break;
+ − 928 case "sysreqs":
+ − 929 error_reporting(E_ALL);
+ − 930 ?>
+ − 931 <h3>Checking your server</h3>
+ − 932 <p>Enano has several requirements that must be met before it can be installed. If all is good then note any warnings and click Continue below.</p>
+ − 933 <table border="0" cellspacing="0" cellpadding="0">
+ − 934 <?php
+ − 935 run_test('return version_compare(\'4.3.0\', PHP_VERSION, \'<\');', 'PHP Version >=4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.');
+ − 936 run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.');
+ − 937 run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".');
+ − 938 run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true);
+ − 939 //run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true);
+ − 940 run_test('return is_writable(ENANO_ROOT.\'/config.new.php\');', 'Configuration file writable', 'It looks like the configuration file, config.new.php, is not writable. Enano needs to be able to write to this file in order to install.<br /><br /><b>If you are installing Enano on a SourceForge web site:</b><br />SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.');
+ − 941 run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the <img> tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.<br /><br />If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true);
+ − 942 run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true);
+ − 943 run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true);
+ − 944 echo '</table>';
+ − 945 if(!$failed)
+ − 946 {
+ − 947 ?>
+ − 948
+ − 949 <div class="pagenav">
+ − 950 <?php
+ − 951 if($warned) {
+ − 952 echo '<table border="0" cellspacing="0" cellpadding="0">';
257
+ − 953 run_test('return false;', 'Some scalebacks were made due to your server configuration.', 'Enano has detected that some of the features or configuration settings on your server are not optimal for the best behavior and/or performance for Enano. As a result, certain features or enhancements that are part of Enano have been disabled to prevent further errors. You have seen those "fatal error" notices that spew from PHP, haven\'t you?<br /><br />Fatal error:</b> call to undefined function wannahokaloogie() in file <b>'.__FILE__.'</b> on line <b>'.__LINE__.'', true);
256
+ − 954 echo '</table>';
+ − 955 } else {
+ − 956 echo '<table border="0" cellspacing="0" cellpadding="0">';
+ − 957 run_test('return true;', '<b>Your server meets all the requirements for running Enano.</b><br />Click the button below to continue the installation.', 'You should never see this text. Congratulations for being an Enano hacker!');
+ − 958 echo '</table>';
+ − 959 }
+ − 960 ?>
+ − 961 <form action="install.php?mode=database" method="post">
+ − 962 <table border="0">
+ − 963 <tr>
257
+ − 964 <td><input type="submit" value="Continue" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Ensure that you are satisfied with any scalebacks that may have been made to accomodate your server configuration<br />• Have your database host, name, username, and password available</p></td>
256
+ − 965 </tr>
+ − 966 </table>
+ − 967 </form>
+ − 968 </div>
+ − 969 <?php
+ − 970 } else {
+ − 971 if($failed) {
+ − 972 echo '<div class="pagenav"><table border="0" cellspacing="0" cellpadding="0">';
+ − 973 run_test('return false;', 'Your server does not meet the requirements for Enano to run.', 'As a precaution, Enano will not install until the above requirements have been met. Contact your server administrator or hosting company and convince them to upgrade. Good luck.');
+ − 974 echo '</table></div>';
+ − 975 }
+ − 976 }
+ − 977 ?>
+ − 978 <?php
+ − 979 break;
+ − 980 case "database":
+ − 981 ?>
+ − 982 <script type="text/javascript">
+ − 983 function ajaxGet(uri, f) {
+ − 984 if (window.XMLHttpRequest) {
+ − 985 ajax = new XMLHttpRequest();
+ − 986 } else {
+ − 987 if (window.ActiveXObject) {
+ − 988 ajax = new ActiveXObject("Microsoft.XMLHTTP");
+ − 989 } else {
+ − 990 alert('Enano client-side runtime error: No AJAX support, unable to continue');
+ − 991 return;
+ − 992 }
+ − 993 }
+ − 994 ajax.onreadystatechange = f;
+ − 995 ajax.open('GET', uri, true);
+ − 996 ajax.send(null);
+ − 997 }
+ − 998
+ − 999 function ajaxPost(uri, parms, f) {
+ − 1000 if (window.XMLHttpRequest) {
+ − 1001 ajax = new XMLHttpRequest();
+ − 1002 } else {
+ − 1003 if (window.ActiveXObject) {
+ − 1004 ajax = new ActiveXObject("Microsoft.XMLHTTP");
+ − 1005 } else {
+ − 1006 alert('Enano client-side runtime error: No AJAX support, unable to continue');
+ − 1007 return;
+ − 1008 }
+ − 1009 }
+ − 1010 ajax.onreadystatechange = f;
+ − 1011 ajax.open('POST', uri, true);
+ − 1012 ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ − 1013 ajax.setRequestHeader("Content-length", parms.length);
+ − 1014 ajax.setRequestHeader("Connection", "close");
+ − 1015 ajax.send(parms);
+ − 1016 }
+ − 1017 function ajaxTestConnection()
+ − 1018 {
+ − 1019 v = verify();
+ − 1020 if(!v)
+ − 1021 {
+ − 1022 alert('One or more of the form fields is incorrect. Please correct any information in the form that has an "X" next to it.');
+ − 1023 return false;
+ − 1024 }
+ − 1025 var frm = document.forms.dbinfo;
+ − 1026 db_host = escape(frm.db_host.value.replace('+', '%2B'));
+ − 1027 db_name = escape(frm.db_name.value.replace('+', '%2B'));
+ − 1028 db_user = escape(frm.db_user.value.replace('+', '%2B'));
+ − 1029 db_pass = escape(frm.db_pass.value.replace('+', '%2B'));
+ − 1030 db_root_user = escape(frm.db_root_user.value.replace('+', '%2B'));
+ − 1031 db_root_pass = escape(frm.db_root_pass.value.replace('+', '%2B'));
+ − 1032
+ − 1033 parms = 'host='+db_host+'&name='+db_name+'&user='+db_user+'&pass='+db_pass+'&root_user='+db_root_user+'&root_pass='+db_root_pass;
+ − 1034 ajaxPost('<?php echo scriptPath; ?>/install.php?mode=mysql_test', parms, function() {
+ − 1035 if(ajax.readyState==4)
+ − 1036 {
+ − 1037 s = ajax.responseText.substr(0, 4);
+ − 1038 t = ajax.responseText.substr(4, ajax.responseText.length);
+ − 1039 if(s.substr(0, 4)=='good')
+ − 1040 {
+ − 1041 document.getElementById('s_db_host').src='images/good.gif';
+ − 1042 document.getElementById('s_db_name').src='images/good.gif';
+ − 1043 document.getElementById('s_db_auth').src='images/good.gif';
+ − 1044 document.getElementById('s_db_root').src='images/good.gif';
+ − 1045 if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
+ − 1046 if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
+ − 1047 document.getElementById('s_mysql_version').src='images/good.gif';
+ − 1048 document.getElementById('e_mysql_version').innerHTML = 'Your version of MySQL meets Enano requirements.';
+ − 1049 }
+ − 1050 else
+ − 1051 {
+ − 1052 switch(s)
+ − 1053 {
+ − 1054 case 'host':
+ − 1055 document.getElementById('s_db_host').src='images/bad.gif';
+ − 1056 document.getElementById('s_db_name').src='images/unknown.gif';
+ − 1057 document.getElementById('s_db_auth').src='images/unknown.gif';
+ − 1058 document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1059 document.getElementById('e_db_host').innerHTML = '<b>Error:<\/b> The database server "'+document.forms.dbinfo.db_host.value+'" couldn\'t be contacted.<br \/>'+t;
+ − 1060 document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1061 break;
+ − 1062 case 'auth':
+ − 1063 document.getElementById('s_db_host').src='images/good.gif';
+ − 1064 document.getElementById('s_db_name').src='images/unknown.gif';
+ − 1065 document.getElementById('s_db_auth').src='images/bad.gif';
+ − 1066 document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1067 document.getElementById('e_db_auth').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
+ − 1068 document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1069 break;
+ − 1070 case 'perm':
+ − 1071 document.getElementById('s_db_host').src='images/good.gif';
+ − 1072 document.getElementById('s_db_name').src='images/bad.gif';
+ − 1073 document.getElementById('s_db_auth').src='images/good.gif';
+ − 1074 document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1075 document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> Access to the specified database using those login credentials was denied.<br \/>'+t;
+ − 1076 document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1077 break;
+ − 1078 case 'name':
+ − 1079 document.getElementById('s_db_host').src='images/good.gif';
+ − 1080 document.getElementById('s_db_name').src='images/bad.gif';
+ − 1081 document.getElementById('s_db_auth').src='images/good.gif';
+ − 1082 document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1083 document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> The specified database does not exist<br \/>'+t;
+ − 1084 document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1085 break;
+ − 1086 case 'root':
+ − 1087 document.getElementById('s_db_host').src='images/good.gif';
+ − 1088 document.getElementById('s_db_name').src='images/unknown.gif';
+ − 1089 document.getElementById('s_db_auth').src='images/unknown.gif';
+ − 1090 document.getElementById('s_db_root').src='images/bad.gif';
+ − 1091 document.getElementById('e_db_root').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
+ − 1092 document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1093 break;
+ − 1094 case 'vers':
+ − 1095 document.getElementById('s_db_host').src='images/good.gif';
+ − 1096 document.getElementById('s_db_name').src='images/good.gif';
+ − 1097 document.getElementById('s_db_auth').src='images/good.gif';
+ − 1098 document.getElementById('s_db_root').src='images/good.gif';
+ − 1099 if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
+ − 1100 if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
+ − 1101
+ − 1102 document.getElementById('e_mysql_version').innerHTML = '<b>Error:<\/b> Your version of MySQL ('+t+') is older than 4.1.17. Enano will still work, but there is a known bug with the comment system and MySQL 4.1.11 that involves some comments not being displayed, due to an issue with the PHP function mysql_fetch_row().';
+ − 1103 document.getElementById('s_mysql_version').src='images/bad.gif';
+ − 1104 default:
+ − 1105 alert(t);
+ − 1106 break;
+ − 1107 }
+ − 1108 }
+ − 1109 }
+ − 1110 });
+ − 1111 }
+ − 1112 function verify()
+ − 1113 {
+ − 1114 document.getElementById('e_db_host').innerHTML = '';
+ − 1115 document.getElementById('e_db_auth').innerHTML = '';
+ − 1116 document.getElementById('e_db_name').innerHTML = '';
+ − 1117 document.getElementById('e_db_root').innerHTML = '';
+ − 1118 var frm = document.forms.dbinfo;
+ − 1119 ret = true;
+ − 1120 if(frm.db_host.value != '')
+ − 1121 {
+ − 1122 document.getElementById('s_db_host').src='images/unknown.gif';
+ − 1123 }
+ − 1124 else
+ − 1125 {
+ − 1126 document.getElementById('s_db_host').src='images/bad.gif';
+ − 1127 ret = false;
+ − 1128 }
262
+ − 1129 if(frm.db_name.value.match(/^([a-z0-9_-]+)$/g))
256
+ − 1130 {
+ − 1131 document.getElementById('s_db_name').src='images/unknown.gif';
+ − 1132 }
+ − 1133 else
+ − 1134 {
+ − 1135 document.getElementById('s_db_name').src='images/bad.gif';
+ − 1136 ret = false;
+ − 1137 }
+ − 1138 if(frm.db_user.value != '')
+ − 1139 {
+ − 1140 document.getElementById('s_db_auth').src='images/unknown.gif';
+ − 1141 }
+ − 1142 else
+ − 1143 {
+ − 1144 document.getElementById('s_db_auth').src='images/bad.gif';
+ − 1145 ret = false;
+ − 1146 }
+ − 1147 if(frm.table_prefix.value.match(/^([a-z0-9_]*)$/g))
+ − 1148 {
+ − 1149 document.getElementById('s_table_prefix').src='images/good.gif';
+ − 1150 }
+ − 1151 else
+ − 1152 {
+ − 1153 document.getElementById('s_table_prefix').src='images/bad.gif';
+ − 1154 ret = false;
+ − 1155 }
+ − 1156 if(frm.db_root_user.value == '')
+ − 1157 {
+ − 1158 document.getElementById('s_db_root').src='images/good.gif';
+ − 1159 }
+ − 1160 else if(frm.db_root_user.value != '' && frm.db_root_pass.value == '')
+ − 1161 {
+ − 1162 document.getElementById('s_db_root').src='images/bad.gif';
+ − 1163 ret = false;
+ − 1164 }
+ − 1165 else
+ − 1166 {
+ − 1167 document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1168 }
+ − 1169 if(ret) frm._cont.disabled = false;
+ − 1170 else frm._cont.disabled = true;
+ − 1171 return ret;
+ − 1172 }
+ − 1173 window.onload = verify;
+ − 1174 </script>
+ − 1175 <p>Now we need some information that will allow Enano to contact your database server. Enano uses MySQL as a data storage backend,
+ − 1176 and we need to have access to a MySQL server in order to continue.</p>
+ − 1177 <p>If you do not have access to a MySQL server, and you are using your own server, you can download MySQL for free from
+ − 1178 <a href="http://www.mysql.com/">MySQL.com</a>. <b>Please note that, like Enano, MySQL is licensed under the GNU GPL.</b>
+ − 1179 If you need to modify MySQL and then distribute your modifications, you must either distribute them under the terms of the GPL
+ − 1180 or purchase a proprietary license.</p>
+ − 1181 <?php
257
+ − 1182 if ( @file_exists('/etc/enano-is-virt-appliance') )
256
+ − 1183 {
+ − 1184 echo '<p><b>MySQL login information for this virtual appliance:</b><br /><br />Database hostname: localhost<br />Database login: username "enano", password: "clurichaun" (without quotes)<br />Database name: enano_www1</p>';
+ − 1185 }
+ − 1186 ?>
+ − 1187 <form name="dbinfo" action="install.php?mode=website" method="post">
+ − 1188 <table border="0">
257
+ − 1189 <tr><td colspan="3" style="text-align: center"><h3>Database information</h3></td></tr>
+ − 1190 <tr><td><b>Database hostname</b><br />This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".<br /><span style="color: #993300" id="e_db_host"></span></td><td><input onkeyup="verify();" name="db_host" size="30" type="text" /></td><td><img id="s_db_host" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1191 <tr><td><b>Database name</b><br />The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a MySQL user with administrative rights.<br /><span style="color: #993300" id="e_db_name"></span></td><td><input onkeyup="verify();" name="db_name" size="30" type="text" /></td><td><img id="s_db_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1192 <tr><td rowspan="2"><b>Database login</b><br />These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace" privileges for your database.<br /><span style="color: #993300" id="e_db_auth"></span></td><td><input onkeyup="verify();" name="db_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_auth" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1193 <tr><td><input name="db_pass" size="30" type="password" /></td></tr>
+ − 1194 <tr><td colspan="3" style="text-align: center"><h3>Optional information</h3></td></tr>
+ − 1195 <tr><td><b>Table prefix</b><br />The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), numbers (0-9), and underscores (_).</td><td><input onkeyup="verify();" name="table_prefix" size="30" type="text" /></td><td><img id="s_table_prefix" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+ − 1196 <tr><td rowspan="2"><b>Database administrative login</b><br />If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the login information for an administrative user (such as root). Leave these fields blank unless you need to use them.<br /><span style="color: #993300" id="e_db_root"></span></td><td><input onkeyup="verify();" name="db_root_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_root" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+ − 1197 <tr><td><input onkeyup="verify();" name="db_root_pass" size="30" type="password" /></td></tr>
+ − 1198 <tr><td><b>MySQL version</b></td><td id="e_mysql_version">MySQL version information will be checked when you click "Test Connection".</td><td><img id="s_mysql_version" alt="Good/bad icon" src="images/unknown.gif" /></td></tr>
+ − 1199 <tr><td><b>Delete existing tables?</b><br />If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do NOT use this option unless specifically instructed to.</td><td><input type="checkbox" name="drop_tables" id="dtcheck" /> <label for="dtcheck">Drop existing tables</label></td></tr>
+ − 1200 <tr><td colspan="3" style="text-align: center"><input type="button" value="Test connection" onclick="ajaxTestConnection();" /></td></tr>
256
+ − 1201 </table>
+ − 1202 <div class="pagenav">
257
+ − 1203 <table border="0">
+ − 1204 <tr>
+ − 1205 <td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Check your MySQL connection using the "Test Connection" button.<br />• Be aware that your database information will be transmitted unencrypted several times.</p></td>
+ − 1206 </tr>
+ − 1207 </table>
+ − 1208 </div>
256
+ − 1209 </form>
+ − 1210 <?php
+ − 1211 break;
+ − 1212 case "website":
+ − 1213 if(!isset($_POST['_cont'])) {
+ − 1214 echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+ − 1215 $template->footer();
+ − 1216 exit;
+ − 1217 }
+ − 1218 unset($_POST['_cont']);
+ − 1219 ?>
+ − 1220 <script type="text/javascript">
+ − 1221 function verify()
+ − 1222 {
+ − 1223 var frm = document.forms.siteinfo;
+ − 1224 ret = true;
+ − 1225 if(frm.sitename.value.match(/^(.+)$/g) && frm.sitename.value != 'Enano')
+ − 1226 {
+ − 1227 document.getElementById('s_name').src='images/good.gif';
+ − 1228 }
+ − 1229 else
+ − 1230 {
+ − 1231 document.getElementById('s_name').src='images/bad.gif';
+ − 1232 ret = false;
+ − 1233 }
+ − 1234 if(frm.sitedesc.value.match(/^(.+)$/g))
+ − 1235 {
+ − 1236 document.getElementById('s_desc').src='images/good.gif';
+ − 1237 }
+ − 1238 else
+ − 1239 {
+ − 1240 document.getElementById('s_desc').src='images/bad.gif';
+ − 1241 ret = false;
+ − 1242 }
+ − 1243 if(frm.copyright.value.match(/^(.+)$/g))
+ − 1244 {
+ − 1245 document.getElementById('s_copyright').src='images/good.gif';
+ − 1246 }
+ − 1247 else
+ − 1248 {
+ − 1249 document.getElementById('s_copyright').src='images/bad.gif';
+ − 1250 ret = false;
+ − 1251 }
+ − 1252 if(ret) frm._cont.disabled = false;
+ − 1253 else frm._cont.disabled = true;
+ − 1254 return ret;
+ − 1255 }
+ − 1256 window.onload = verify;
+ − 1257 </script>
+ − 1258 <form name="siteinfo" action="install.php?mode=login" method="post">
+ − 1259 <?php
+ − 1260 $k = array_keys($_POST);
+ − 1261 for($i=0;$i<sizeof($_POST);$i++) {
+ − 1262 echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
+ − 1263 }
+ − 1264 ?>
+ − 1265 <p>The next step is to enter some information about your website. You can always change this information later, using the administration panel.</p>
+ − 1266 <table border="0">
257
+ − 1267 <tr><td><b>Website name</b><br />The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".</td><td><input onkeyup="verify();" name="sitename" type="text" size="30" /></td><td><img id="s_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1268 <tr><td><b>Website description</b><br />This text will be shown below the name of your website.</td><td><input onkeyup="verify();" name="sitedesc" type="text" size="30" /></td><td><img id="s_desc" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1269 <tr><td><b>Copyright info</b><br />This should be a one-line legal notice that will appear at the bottom of all your pages.</td><td><input onkeyup="verify();" name="copyright" type="text" size="30" /></td><td><img id="s_copyright" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1270 <tr><td><b>Wiki mode</b><br />This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can protect pages to prevent editing.</td><td><input name="wiki_mode" type="checkbox" id="wmcheck" /> <label for="wmcheck">Yes, make my website a wiki.</label></td><td></td></tr>
+ − 1271 <tr><td><b>URL scheme</b><br />Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you don't know, select the first option, and you can always change it later.</td><td colspan="2"><input type="radio" <?php if(!is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="ugly" id="ugly"> <label for="ugly">Standard URLs - compatible with any web server (www.example.com/index.php?title=Page_name)</label><br /><input type="radio" <?php if(is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="short" id="short"> <label for="short">Short URLs - requires Apache with a PHP module (www.example.com/index.php/Page_name)</label><br /><input type="radio" name="urlscheme" value="tiny" id="petite"> <label for="petite">Tiny URLs - requires Apache on Linux/Unix/BSD with PHP module and mod_rewrite enabled (www.example.com/Page_name)</label></td></tr>
256
+ − 1272 </table>
+ − 1273 <div class="pagenav">
+ − 1274 <table border="0">
257
+ − 1275 <tr>
+ − 1276 <td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Verify that your site information is correct. Again, all of the above settings can be changed from the administration panel.</p></td>
+ − 1277 </tr>
256
+ − 1278 </table>
+ − 1279 </div>
+ − 1280 </form>
+ − 1281 <?php
+ − 1282 break;
+ − 1283 case "login":
+ − 1284 if(!isset($_POST['_cont'])) {
+ − 1285 echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+ − 1286 $template->footer();
+ − 1287 exit;
+ − 1288 }
+ − 1289 unset($_POST['_cont']);
+ − 1290 require('config.new.php');
+ − 1291 $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ − 1292 if ( isset($crypto_key) )
+ − 1293 {
+ − 1294 $cryptkey = $crypto_key;
+ − 1295 }
+ − 1296 if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) )
+ − 1297 {
+ − 1298 $cryptkey = $aes->gen_readymade_key();
+ − 1299 $handle = @fopen(ENANO_ROOT.'/config.new.php', 'w');
+ − 1300 if(!$handle)
+ − 1301 {
+ − 1302 echo '<p>ERROR: Cannot open config.php for writing - exiting!</p>';
+ − 1303 $template->footer();
+ − 1304 exit;
+ − 1305 }
+ − 1306 fwrite($handle, '<?php $cryptkey = \''.$cryptkey.'\'; ?>');
+ − 1307 fclose($handle);
+ − 1308 }
+ − 1309 // Sorry for the ugly hack, but this f***s up jEdit badly.
+ − 1310 echo '
+ − 1311 <script type="text/javascript">
+ − 1312 function verify()
+ − 1313 {
+ − 1314 var frm = document.forms.login;
+ − 1315 ret = true;
+ − 1316 if ( frm.admin_user.value.match(/^([A-z0-9 \\-\\.]+)$/) && !frm.admin_user.value.match(/^(?:(?:\\d{1,2}|1\\d\\d|2[0-4]\\d|25[0-5])\\.){3}(?:\\d{1,2}|1\\d\\d|2[0-4]\\d|25[0-5])$/) && frm.admin_user.value.toLowerCase() != \'anonymous\' )
+ − 1317 {
+ − 1318 document.getElementById(\'s_user\').src = \'images/good.gif\';
+ − 1319 }
+ − 1320 else
+ − 1321 {
+ − 1322 document.getElementById(\'s_user\').src = \'images/bad.gif\';
+ − 1323 ret = false;
+ − 1324 }
+ − 1325 if(frm.admin_pass.value.length >= 6 && frm.admin_pass.value == frm.admin_pass_confirm.value)
+ − 1326 {
+ − 1327 document.getElementById(\'s_password\').src = \'images/good.gif\';
+ − 1328 }
+ − 1329 else
+ − 1330 {
+ − 1331 document.getElementById(\'s_password\').src = \'images/bad.gif\';
+ − 1332 ret = false;
+ − 1333 }
+ − 1334 if(frm.admin_email.value.match(/^(?:[\\w\\d]+\\.?)+@(?:(?:[\\w\\d]\\-?)+\\.)+\\w{2,4}$/))
+ − 1335 {
+ − 1336 document.getElementById(\'s_email\').src = \'images/good.gif\';
+ − 1337 }
+ − 1338 else
+ − 1339 {
+ − 1340 document.getElementById(\'s_email\').src = \'images/bad.gif\';
+ − 1341 ret = false;
+ − 1342 }
+ − 1343 if(ret) frm._cont.disabled = false;
+ − 1344 else frm._cont.disabled = true;
+ − 1345 return ret;
+ − 1346 }
+ − 1347 window.onload = verify;
+ − 1348
+ − 1349 function cryptdata()
+ − 1350 {
+ − 1351 if(!verify()) return false;
+ − 1352 }
+ − 1353 </script>
+ − 1354 ';
+ − 1355 ?>
+ − 1356 <form name="login" action="install.php?mode=confirm" method="post" onsubmit="runEncryption();">
+ − 1357 <?php
+ − 1358 $k = array_keys($_POST);
+ − 1359 for($i=0;$i<sizeof($_POST);$i++) {
+ − 1360 echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
+ − 1361 }
+ − 1362 ?>
+ − 1363 <p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
+ − 1364 <table border="0">
257
+ − 1365 <tr><td><b>Administration username</b><br /><small>The administration username you will use to log into your site.<br />This cannot be "anonymous" or in the form of an IP address.</small></td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1366 <tr><td>Administration password:</td><td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td><td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1367 <tr><td>Enter it again to confirm:</td><td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td></tr>
+ − 1368 <tr><td>Your e-mail address:</td><td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td><td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
256
+ − 1369 <tr>
+ − 1370 <td>
+ − 1371 Allow administrators to embed PHP code into pages:<br />
+ − 1372 <small><span style="color: #D84308">Do not under any circumstances enable this option without reading these
+ − 1373 <a href="install.php?mode=pophelp&topic=admin_embed_php"
+ − 1374 onclick="window.open(this.href, 'pophelpwin', 'width=550,height=400,status=no,toolbars=no,toolbar=no,address=no,scroll=yes'); return false;"
+ − 1375 style="color: #D84308; text-decoration: underline;">important security implications</a>.
+ − 1376 </span></small>
+ − 1377 </td>
+ − 1378 <td>
+ − 1379 <label><input type="radio" name="admin_embed_php" value="2" checked="checked" /> Disabled</label>
+ − 1380 <label><input type="radio" name="admin_embed_php" value="4" /> Enabled</label>
+ − 1381 </td>
+ − 1382 <td></td>
+ − 1383 </tr>
+ − 1384 <tr><td colspan="3">If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.</td></tr>
+ − 1385 </table>
+ − 1386 <div class="pagenav">
+ − 1387 <table border="0">
257
+ − 1388 <tr>
+ − 1389 <td><input type="submit" value="Continue" onclick="return cryptdata();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Remember the username and password you enter here! You will not be able to administer your site without the information you enter on this page.</p></td>
+ − 1390 </tr>
256
+ − 1391 </table>
+ − 1392 </div>
+ − 1393 <div id="cryptdebug"></div>
257
+ − 1394 <input type="hidden" name="use_crypt" value="no" />
+ − 1395 <input type="hidden" name="crypt_key" value="<?php echo $cryptkey; ?>" />
+ − 1396 <input type="hidden" name="crypt_data" value="" />
256
+ − 1397 </form>
+ − 1398 <script type="text/javascript">
+ − 1399 // <![CDATA[
+ − 1400 var frm = document.forms.login;
+ − 1401 frm.admin_user.focus();
+ − 1402 function runEncryption()
+ − 1403 {
+ − 1404 str = '';
+ − 1405 for(i=0;i<keySizeInBits/4;i++) str+='0';
+ − 1406 var key = hexToByteArray(str);
+ − 1407 var pt = hexToByteArray(str);
+ − 1408 var ct = rijndaelEncrypt(pt, key, "ECB");
+ − 1409 var ect = byteArrayToHex(ct);
+ − 1410 switch(keySizeInBits)
+ − 1411 {
+ − 1412 case 128:
+ − 1413 v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ − 1414 break;
+ − 1415 case 192:
+ − 1416 v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ − 1417 break;
+ − 1418 case 256:
+ − 1419 v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ − 1420 break;
+ − 1421 }
+ − 1422 var testpassed = ( ect == v && md5_vm_test() );
+ − 1423 var frm = document.forms.login;
+ − 1424 if(testpassed)
+ − 1425 {
+ − 1426 // alert('encryption self-test passed');
+ − 1427 frm.use_crypt.value = 'yes';
+ − 1428 var cryptkey = frm.crypt_key.value;
+ − 1429 frm.crypt_key.value = '';
+ − 1430 if(cryptkey != byteArrayToHex(hexToByteArray(cryptkey)))
+ − 1431 {
+ − 1432 alert('Byte array conversion SUCKS');
+ − 1433 testpassed = false;
+ − 1434 }
+ − 1435 cryptkey = hexToByteArray(cryptkey);
+ − 1436 if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ − 1437 {
+ − 1438 frm._cont.disabled = true;
+ − 1439 len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ − 1440 alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ − 1441 }
+ − 1442 }
+ − 1443 else
+ − 1444 {
+ − 1445 // alert('encryption self-test FAILED');
+ − 1446 }
+ − 1447 if(testpassed)
+ − 1448 {
+ − 1449 pass = frm.admin_pass.value;
+ − 1450 pass = stringToByteArray(pass);
+ − 1451 cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
+ − 1452 //decrypted = rijndaelDecrypt(cryptstring, cryptkey, 'ECB');
+ − 1453 //decrypted = byteArrayToString(decrypted);
+ − 1454 //return false;
+ − 1455 if(!cryptstring)
+ − 1456 {
+ − 1457 return false;
+ − 1458 }
+ − 1459 cryptstring = byteArrayToHex(cryptstring);
+ − 1460 // document.getElementById('cryptdebug').innerHTML = '<pre>Data: '+cryptstring+'<br />Key: '+byteArrayToHex(cryptkey)+'</pre>';
+ − 1461 frm.crypt_data.value = cryptstring;
+ − 1462 frm.admin_pass.value = '';
+ − 1463 frm.admin_pass_confirm.value = '';
+ − 1464 }
+ − 1465 return false;
+ − 1466 }
+ − 1467 // ]]>
+ − 1468 </script>
+ − 1469 <?php
+ − 1470 break;
+ − 1471 case "confirm":
+ − 1472 if(!isset($_POST['_cont'])) {
+ − 1473 echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+ − 1474 $template->footer();
+ − 1475 exit;
+ − 1476 }
+ − 1477 unset($_POST['_cont']);
+ − 1478 ?>
+ − 1479 <form name="confirm" action="install.php?mode=install" method="post">
+ − 1480 <?php
+ − 1481 $k = array_keys($_POST);
+ − 1482 for($i=0;$i<sizeof($_POST);$i++) {
+ − 1483 echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
+ − 1484 }
+ − 1485 ?>
+ − 1486 <h3>Enano is ready to install.</h3>
+ − 1487 <p>The wizard has finished collecting information and is ready to install the database schema. Please review the information below,
+ − 1488 and then click the button below to install the database.</p>
+ − 1489 <ul>
+ − 1490 <li>Database hostname: <?php echo $_POST['db_host']; ?></li>
+ − 1491 <li>Database name: <?php echo $_POST['db_name']; ?></li>
+ − 1492 <li>Database user: <?php echo $_POST['db_user']; ?></li>
+ − 1493 <li>Database password: <hidden></li>
+ − 1494 <li>Site name: <?php echo $_POST['sitename']; ?></li>
+ − 1495 <li>Site description: <?php echo $_POST['sitedesc']; ?></li>
+ − 1496 <li>Administration username: <?php echo $_POST['admin_user']; ?></li>
+ − 1497 <li>Cipher strength: <?php echo (string)AES_BITS; ?>-bit AES<br /><small>Cipher strength is defined in the file constants.php; if you desire to change the cipher strength, you may do so and then restart installation. Unless your site is mission-critical, changing the cipher strength is not necessary.</small></li>
+ − 1498 </ul>
+ − 1499 <div class="pagenav">
+ − 1500 <table border="0">
+ − 1501 <tr>
+ − 1502 <td><input type="submit" value="Install Enano!" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Pray.</p></td>
+ − 1503 </tr>
+ − 1504 </table>
+ − 1505 </div>
+ − 1506 </form>
+ − 1507 <?php
+ − 1508 break;
+ − 1509 case "install":
+ − 1510 if(!isset($_POST['db_host']) ||
+ − 1511 !isset($_POST['db_name']) ||
+ − 1512 !isset($_POST['db_user']) ||
+ − 1513 !isset($_POST['db_pass']) ||
+ − 1514 !isset($_POST['sitename']) ||
+ − 1515 !isset($_POST['sitedesc']) ||
+ − 1516 !isset($_POST['copyright']) ||
+ − 1517 !isset($_POST['admin_user']) ||
+ − 1518 !isset($_POST['admin_pass']) ||
+ − 1519 !isset($_POST['admin_embed_php']) || ( isset($_POST['admin_embed_php']) && !in_array($_POST['admin_embed_php'], array('2', '4')) ) ||
+ − 1520 !isset($_POST['urlscheme'])
+ − 1521 )
+ − 1522 {
+ − 1523 echo 'The installer has detected that one or more required form values is not set. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+ − 1524 $template->footer();
+ − 1525 exit;
+ − 1526 }
+ − 1527 switch($_POST['urlscheme'])
+ − 1528 {
+ − 1529 case "ugly":
+ − 1530 default:
+ − 1531 $cp = scriptPath.'/index.php?title=';
+ − 1532 break;
+ − 1533 case "short":
+ − 1534 $cp = scriptPath.'/index.php/';
+ − 1535 break;
+ − 1536 case "tiny":
+ − 1537 $cp = scriptPath.'/';
+ − 1538 break;
+ − 1539 }
+ − 1540 function err($t) { global $template; echo $t; $template->footer(); exit; }
+ − 1541
+ − 1542 // $stages = array('connect', 'decrypt', 'genkey', 'parse', 'sql', 'writeconfig', 'renameconfig', 'startapi', 'initlogs');
+ − 1543
+ − 1544 if ( !preg_match('/^[a-z0-9_]*$/', $_POST['table_prefix']) )
+ − 1545 err('Hacking attempt was detected in table_prefix.');
+ − 1546
+ − 1547 start_install_table();
269
+ − 1548
+ − 1549 // Are we just trying to auto-rename the config files? If so, skip everything else
+ − 1550 if ( $_GET['stage'] != 'renameconfig' )
256
+ − 1551 {
+ − 1552
269
+ − 1553 // The stages connect, decrypt, genkey, and parse are preprocessing and don't do any actual data modification.
+ − 1554 // Thus, they need to be run on each retry, e.g. never skipped.
+ − 1555 run_installer_stage('connect', 'Connect to MySQL', 'stg_mysql_connect', 'MySQL denied our attempt to connect to the database. This is most likely because your login information was incorrect. You will most likely need to <a href="install.php?mode=license">restart the installation</a>.', false);
+ − 1556 if ( isset($_POST['drop_tables']) )
+ − 1557 {
+ − 1558 // Are we supposed to drop any existing tables? If so, do it now
+ − 1559 run_installer_stage('drop', 'Drop existing Enano tables', 'stg_drop_tables', 'This step never returns failure');
+ − 1560 }
+ − 1561 run_installer_stage('decrypt', 'Decrypt administration password', 'stg_decrypt_admin_pass', 'The administration password you entered couldn\'t be decrypted. It is possible that your server did not properly store the encryption key in the configuration file. Please check the file permissions on config.new.php. You may have to return to the login stage of the installation, clear your browser cache, and then rerun this installation.', false);
+ − 1562 run_installer_stage('genkey', 'Generate ' . AES_BITS . '-bit AES private key', 'stg_generate_aes_key', 'Enano encountered an internal error while generating the site encryption key. Please contact the Enano team for support.', false);
+ − 1563 run_installer_stage('parse', 'Prepare to execute schema file', 'stg_parse_schema', 'Enano encountered an internal error while parsing the SQL file that contains the database structure and initial data. Please contact the Enano team for support.', false);
+ − 1564 run_installer_stage('sql', 'Execute installer schema', 'stg_install', 'The installation failed because an SQL query wasn\'t quite correct. It is possible that you entered malformed data into a form field, or there may be a bug in Enano with your version of MySQL. Please contact the Enano team for support.', false);
+ − 1565 run_installer_stage('writeconfig', 'Write configuration files', 'stg_write_config', 'Enano was unable to write the configuration file with your site\'s database credentials. This is almost always because your configuration file does not have the correct permissions. On Windows servers, you may see this message even if the check on the System Requirements page passed. Temporarily running IIS as the Administrator user may help.');
+ − 1566
+ − 1567 // Mainstream installation complete - Enano should be usable now
+ − 1568 // The stage of starting the API is special because it has to be called out of function context.
+ − 1569 // To alleviate this, we have two functions, one that returns success and one that returns failure
+ − 1570 // If the Enano API load is successful, the success function is called to report the action to the user
+ − 1571 // If unsuccessful, the failure report is sent
+ − 1572
+ − 1573 $template_bak = $template;
+ − 1574
+ − 1575 $_GET['title'] = 'Main_Page';
+ − 1576 require('includes/common.php');
+ − 1577
+ − 1578 if ( is_object($db) && is_object($session) )
+ − 1579 {
+ − 1580 run_installer_stage('startapi', 'Start the Enano API', 'stg_start_api_success', '...', false);
+ − 1581 }
+ − 1582 else
+ − 1583 {
+ − 1584 run_installer_stage('startapi', 'Start the Enano API', 'stg_start_api_failure', 'The Enano API could not be started. This is an error that should never occur; please contact the Enano team for support.', false);
+ − 1585 }
+ − 1586
+ − 1587 // We need to be logged in (with admin rights) before logs can be flushed
+ − 1588 $admin_password = stg_decrypt_admin_pass(true);
+ − 1589 $session->login_without_crypto($_POST['admin_user'], $admin_password, false);
+ − 1590
+ − 1591 // Now that login cookies are set, initialize the session manager and ACLs
+ − 1592 $session->start();
+ − 1593 $paths->init();
+ − 1594
+ − 1595 run_installer_stage('initlogs', 'Initialize logs', 'stg_init_logs', '<b>The session manager denied the request to flush logs for the main page.</b><br />
+ − 1596 While under most circumstances you can still <a href="install.php?mode=finish">finish the installation</a>, you should be aware that some servers cannot
+ − 1597 properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose
+ − 1598 to finish the installation, please be aware that you may be unable to log into your site.');
+ − 1599
+ − 1600 } // check for stage == renameconfig
256
+ − 1601 else
+ − 1602 {
269
+ − 1603 // If we did skip that step, set $template_bak to $template to imitate the loading of the Enano API
+ − 1604 $template_bak = $template;
256
+ − 1605 }
268
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 1606
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 1607 // Final step is to rename the config file
269
+ − 1608 run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. Please CHMOD the folder where your Enano files are to 777 and click the retry button below, <b><u>or</u></b> perform the following rename operations and then <a href="install.php?mode=finish">finish the installation</a>.<ul><li>Rename config.new.php to config.php</li><li>Rename .htaccess.new to .htaccess (only if you selected Tiny URLs)</li></ul>');
268
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 1609
256
+ − 1610 close_install_table();
+ − 1611
+ − 1612 unset($template);
+ − 1613 $template =& $template_bak;
+ − 1614
+ − 1615 echo '<h3>Installation of Enano is complete.</h3><p>Review any warnings above, and then <a href="install.php?mode=finish">click here to finish the installation</a>.';
+ − 1616
+ − 1617 // echo '<script type="text/javascript">window.location="'.scriptPath.'/install.php?mode=finish";</script>';
+ − 1618
+ − 1619 break;
+ − 1620 case "finish":
+ − 1621 echo '<h3>Congratulations!</h3>
+ − 1622 <p>You have finished installing Enano on this server.</p>
+ − 1623 <h3>Now what?</h3>
+ − 1624 <p>Click the link below to see the main page for your website. Where to go from here:</p>
+ − 1625 <ul>
+ − 1626 <li>The first thing you should do is log into your site using the Log in link on the sidebar.</li>
+ − 1627 <li>Go into the Administration panel, expand General, and click General Configuration. There you will be able to configure some basic information about your site.</li>
+ − 1628 <li>Visit the <a href="http://enanocms.org/Category:Plugins" onclick="window.open(this.href); return false;">Enano Plugin Gallery</a> to download and use plugins on your site.</li>
+ − 1629 <li>Periodically create a backup of your database and filesystem, in case something goes wrong. This should be done at least once a week – more for wiki-based sites.</li>
+ − 1630 <li>Hire some moderators, to help you keep rowdy users tame.</li>
+ − 1631 <li>Tell the <a href="http://enanocms.org/Contact_us">Enano team</a> what you think.</li>
+ − 1632 <li><b>Spread the word about Enano by adding a link to the Enano homepage on your sidebar!</b> You can enable this option in the General Configuration section of the administration panel.</li>
+ − 1633 </ul>
+ − 1634 <p><a href="index.php">Go to your website...</a></p>';
+ − 1635 break;
+ − 1636 }
+ − 1637 $template->footer();
+ − 1638
+ − 1639 ?>