256
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ − 5
* Version 1.0.2 (Coblynau)
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
* install.php - handles everything related to installation and initial configuration
+ − 8
*
+ − 9
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11
*
+ − 12
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14
*/
+ − 15
+ − 16
@include('config.php');
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 17
if( ( defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED') ) && ((isset($_GET['mode']) && ($_GET['mode']!='finish' && $_GET['mode']!='css') && $_GET['mode']!='showlicense') || !isset($_GET['mode'])))
256
+ − 18
{
+ − 19
$_GET['title'] = 'Enano:Installation_locked';
+ − 20
require('includes/common.php');
+ − 21
die_friendly('Installation locked', '<p>The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.</p><p>If you wish to upgrade an older Enano installation to this version, please use the <a href="upgrade.php">upgrade script</a>.</p>');
+ − 22
exit;
+ − 23
}
+ − 24
+ − 25
define('IN_ENANO_INSTALL', 'true');
+ − 26
+ − 27
define('ENANO_VERSION', '1.0.2');
+ − 28
// In beta versions, define ENANO_BETA_VERSION here
+ − 29
+ − 30
if(!defined('scriptPath')) {
+ − 31
$sp = dirname($_SERVER['REQUEST_URI']);
+ − 32
if($sp == '/' || $sp == '\\') $sp = '';
+ − 33
define('scriptPath', $sp);
+ − 34
}
+ − 35
+ − 36
if(!defined('contentPath')) {
+ − 37
$sp = dirname($_SERVER['REQUEST_URI']);
+ − 38
if($sp == '/' || $sp == '\\') $sp = '';
+ − 39
define('contentPath', $sp);
+ − 40
}
+ − 41
global $_starttime, $this_page, $sideinfo;
+ − 42
$_starttime = microtime(true);
+ − 43
+ − 44
// Determine directory (special case for development servers)
+ − 45
if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
+ − 46
{
+ − 47
$filename = str_replace('/repo/', '/', __FILE__);
+ − 48
}
+ − 49
else
+ − 50
{
+ − 51
$filename = __FILE__;
+ − 52
}
+ − 53
+ − 54
define('ENANO_ROOT', dirname($filename));
+ − 55
+ − 56
function is_page($p)
+ − 57
{
+ − 58
return true;
+ − 59
}
+ − 60
+ − 61
require('includes/wikiformat.php');
+ − 62
require('includes/constants.php');
+ − 63
require('includes/rijndael.php');
+ − 64
require('includes/functions.php');
+ − 65
+ − 66
strip_magic_quotes_gpc();
+ − 67
$neutral_color = 'C';
+ − 68
+ − 69
//
+ − 70
// INSTALLER LIBRARY
+ − 71
//
+ − 72
+ − 73
function run_installer_stage($stage_id, $stage_name, $function, $failure_explanation, $allow_skip = true)
+ − 74
{
+ − 75
static $resumed = false;
+ − 76
static $resume_stack = array();
+ − 77
+ − 78
if ( empty($resume_stack) && isset($_POST['resume_stack']) && preg_match('/[a-z_]+((\|[a-z_]+)+)/', $_POST['resume_stack']) )
+ − 79
{
+ − 80
$resume_stack = explode('|', $_POST['resume_stack']);
+ − 81
}
+ − 82
+ − 83
$already_run = false;
+ − 84
if ( in_array($stage_id, $resume_stack) )
+ − 85
{
+ − 86
$already_run = true;
+ − 87
}
+ − 88
+ − 89
if ( !$resumed )
+ − 90
{
+ − 91
if ( !isset($_GET['stage']) )
+ − 92
$resumed = true;
+ − 93
if ( isset($_GET['stage']) && $_GET['stage'] == $stage_id )
+ − 94
{
+ − 95
$resumed = true;
+ − 96
}
+ − 97
}
+ − 98
if ( !$resumed && $allow_skip )
+ − 99
{
267
+ − 100
echo_stage_success($stage_id, $stage_name);
256
+ − 101
return false;
+ − 102
}
+ − 103
if ( !function_exists($function) )
+ − 104
die('libenanoinstall: CRITICAL: function "' . $function . '" for ' . $stage_id . ' doesn\'t exist');
+ − 105
$result = @call_user_func($function, false, $already_run);
+ − 106
if ( $result )
+ − 107
{
+ − 108
echo_stage_success($stage_id, $stage_name);
+ − 109
$resume_stack[] = $stage_id;
+ − 110
return true;
+ − 111
}
+ − 112
else
+ − 113
{
+ − 114
echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack);
+ − 115
return false;
+ − 116
}
+ − 117
}
+ − 118
+ − 119
function start_install_table()
+ − 120
{
+ − 121
echo '<table border="0" cellspacing="0" cellpadding="0">' . "\n";
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 122
ob_start();
256
+ − 123
}
+ − 124
+ − 125
function close_install_table()
+ − 126
{
+ − 127
echo '</table>' . "\n\n";
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 128
ob_end_flush();
256
+ − 129
}
+ − 130
+ − 131
function echo_stage_success($stage_id, $stage_name)
+ − 132
{
+ − 133
global $neutral_color;
+ − 134
$neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
+ − 135
echo '<tr><td style="width: 500px; background-color: #' . "{$neutral_color}{$neutral_color}FF{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Done" src="images/good.gif" /></td></tr>' . "\n";
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 136
ob_flush();
256
+ − 137
}
+ − 138
+ − 139
function echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack)
+ − 140
{
+ − 141
global $neutral_color;
+ − 142
+ − 143
$neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
+ − 144
echo '<tr><td style="width: 500px; background-color: #' . "FF{$neutral_color}{$neutral_color}{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Failed" src="images/bad.gif" /></td></tr>' . "\n";
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 145
ob_flush();
256
+ − 146
close_install_table();
+ − 147
$post_data = '';
+ − 148
$mysql_error = mysql_error();
+ − 149
foreach ( $_POST as $key => $value )
+ − 150
{
269
+ − 151
// FIXME: These should really also be sanitized for double quotes
256
+ − 152
$value = htmlspecialchars($value);
+ − 153
$key = htmlspecialchars($key);
+ − 154
$post_data .= " <input type=\"hidden\" name=\"$key\" value=\"$value\" />\n";
+ − 155
}
+ − 156
echo '<form action="install.php?mode=install&stage=' . $stage_id . '" method="post">
+ − 157
' . $post_data . '
+ − 158
<input type="hidden" name="resume_stack" value="' . htmlspecialchars(implode('|', $resume_stack)) . '" />
+ − 159
<h3>Enano installation failed.</h3>
+ − 160
<p>' . $failure_explanation . '</p>
+ − 161
' . ( !empty($mysql_error) ? "<p>The error returned from MySQL was: $mysql_error</p>" : '' ) . '
+ − 162
<p>When you have corrected the error, click the button below to attempt to continue the installation.</p>
+ − 163
<p style="text-align: center;"><input type="submit" value="Retry installation" /></p>
+ − 164
</form>';
+ − 165
global $template, $template_bak;
+ − 166
if ( is_object($template_bak) )
+ − 167
$template_bak->footer();
+ − 168
else
+ − 169
$template->footer();
+ − 170
exit;
+ − 171
}
+ − 172
+ − 173
//
+ − 174
// INSTALLER STAGES
+ − 175
//
+ − 176
+ − 177
function stg_mysql_connect($act_get = false)
+ − 178
{
+ − 179
static $conn = false;
+ − 180
if ( $act_get )
+ − 181
return $conn;
+ − 182
258
+ − 183
$db_user =& $_POST['db_user'];
+ − 184
$db_pass =& $_POST['db_pass'];
+ − 185
$db_name =& $_POST['db_name'];
256
+ − 186
258
+ − 187
if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) )
+ − 188
{
+ − 189
$db_name = htmlspecialchars($db_name);
+ − 190
die("<p>SECURITY: malformed database name \"$db_name\"</p>");
+ − 191
}
256
+ − 192
+ − 193
// First, try to connect using the normal credentials
+ − 194
$conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+ − 195
if ( !$conn )
+ − 196
{
+ − 197
// Connection failed. Do we have the root username and password?
+ − 198
if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+ − 199
{
+ − 200
$conn_root = @mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
+ − 201
if ( !$conn_root )
+ − 202
{
+ − 203
// Couldn't connect using either set of credentials. Bail out.
+ − 204
return false;
+ − 205
}
258
+ − 206
unset($db_user, $db_pass);
+ − 207
$db_user = mysql_real_escape_string($_POST['db_user']);
+ − 208
$db_pass = mysql_real_escape_string($_POST['db_pass']);
256
+ − 209
// Create the user account
+ − 210
$q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root);
+ − 211
if ( !$q )
+ − 212
{
+ − 213
return false;
+ − 214
}
+ − 215
// Revoke privileges from test, we don't need them
+ − 216
$q = @mysql_query("REVOKE ALL PRIVILEGES ON test.* FROM '{$db_user}'@'localhost';", $conn_root);
+ − 217
if ( !$q )
+ − 218
{
+ − 219
return false;
+ − 220
}
+ − 221
if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' )
+ − 222
{
+ − 223
// If not connecting to a server running on localhost, allow from any host
+ − 224
// this is safer than trying to detect the hostname of the webserver, but less secure
+ − 225
$q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'%' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root);
+ − 226
if ( !$q )
+ − 227
{
+ − 228
return false;
+ − 229
}
+ − 230
// Revoke privileges from test, we don't need them
+ − 231
$q = @mysql_query("REVOKE ALL PRIVILEGES ON test.* FROM '{$db_user}'@'%';", $conn_root);
+ − 232
if ( !$q )
+ − 233
{
+ − 234
return false;
+ − 235
}
+ − 236
}
258
+ − 237
mysql_close($conn_root);
+ − 238
$conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+ − 239
if ( !$conn )
+ − 240
{
+ − 241
// This should honestly never happen.
+ − 242
return false;
+ − 243
}
256
+ − 244
}
+ − 245
}
258
+ − 246
$q = @mysql_query("USE `$db_name`;", $conn);
256
+ − 247
if ( !$q )
+ − 248
{
+ − 249
// access denied to the database; try the whole root schenanegan again
+ − 250
if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+ − 251
{
+ − 252
$conn_root = @mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
+ − 253
if ( !$conn_root )
+ − 254
{
+ − 255
// Couldn't connect as root; bail out
+ − 256
return false;
+ − 257
}
+ − 258
// create the database, if it doesn't exist
258
+ − 259
$q = @mysql_query("CREATE DATABASE IF NOT EXISTS `$db_name`;", $conn_root);
256
+ − 260
if ( !$q )
+ − 261
{
+ − 262
// this really should never fail, so don't give any tolerance to it
+ − 263
return false;
+ − 264
}
258
+ − 265
unset($db_user, $db_pass);
+ − 266
$db_user = mysql_real_escape_string($_POST['db_user']);
+ − 267
$db_pass = mysql_real_escape_string($_POST['db_pass']);
256
+ − 268
// we're in with root rights; grant access to the database
258
+ − 269
$q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'localhost';", $conn_root);
256
+ − 270
if ( !$q )
+ − 271
{
+ − 272
return false;
+ − 273
}
+ − 274
if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' )
+ − 275
{
258
+ − 276
$q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'%';", $conn_root);
256
+ − 277
if ( !$q )
+ − 278
{
+ − 279
return false;
+ − 280
}
+ − 281
}
258
+ − 282
mysql_close($conn_root);
+ − 283
// grant tables have hopefully been flushed, kill and reconnect our regular user connection
+ − 284
mysql_close($conn);
+ − 285
$conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+ − 286
if ( !$conn )
+ − 287
{
+ − 288
return false;
+ − 289
}
256
+ − 290
}
+ − 291
else
+ − 292
{
+ − 293
return false;
+ − 294
}
+ − 295
// try again
258
+ − 296
$q = @mysql_query("USE `$db_name`;", $conn);
256
+ − 297
if ( !$q )
+ − 298
{
+ − 299
// really failed this time; bail out
+ − 300
return false;
+ − 301
}
+ − 302
}
+ − 303
// connected and database exists
+ − 304
return true;
+ − 305
}
+ − 306
+ − 307
function stg_drop_tables()
+ − 308
{
+ − 309
$conn = stg_mysql_connect(true);
+ − 310
if ( !$conn )
+ − 311
return false;
+ − 312
// Our list of tables included in Enano
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 313
$tables = Array( 'categories', 'comments', 'config', 'logs', 'page_text', 'session_keys', 'pages', 'users', 'users_extra', 'themes', 'buddies', 'banlist', 'files', 'privmsgs', 'sidebar', 'hits', 'search_index', 'groups', 'group_members', 'acl', 'tags', 'page_groups', 'page_group_members' );
256
+ − 314
+ − 315
// Drop each table individually; if it fails, it probably means we're trying to drop a
+ − 316
// table that didn't exist in the Enano version we're deleting the database for.
+ − 317
foreach ( $tables as $table )
+ − 318
{
+ − 319
// Remember that table_prefix is sanitized.
+ − 320
$table = "{$_POST['table_prefix']}$table";
+ − 321
@mysql_query("DROP TABLE $table;", $conn);
+ − 322
}
+ − 323
return true;
+ − 324
}
+ − 325
+ − 326
function stg_decrypt_admin_pass($act_get = false)
+ − 327
{
+ − 328
static $decrypted_pass = false;
+ − 329
if ( $act_get )
+ − 330
return $decrypted_pass;
+ − 331
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 332
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
256
+ − 333
+ − 334
if ( !empty($_POST['crypt_data']) )
+ − 335
{
+ − 336
require('config.new.php');
+ − 337
if ( !isset($cryptkey) )
+ − 338
{
+ − 339
return false;
+ − 340
}
+ − 341
define('_INSTRESUME_AES_KEYBACKUP', $key);
+ − 342
$key = hexdecode($cryptkey);
+ − 343
+ − 344
$decrypted_pass = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
+ − 345
+ − 346
}
+ − 347
else
+ − 348
{
+ − 349
$decrypted_pass = $_POST['admin_pass'];
+ − 350
}
+ − 351
if ( empty($decrypted_pass) )
+ − 352
return false;
+ − 353
return true;
+ − 354
}
+ − 355
+ − 356
function stg_generate_aes_key($act_get = false)
+ − 357
{
+ − 358
static $key = false;
+ − 359
if ( $act_get )
+ − 360
return $key;
+ − 361
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 362
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
256
+ − 363
$key = $aes->gen_readymade_key();
+ − 364
return true;
+ − 365
}
+ − 366
+ − 367
function stg_parse_schema($act_get = false)
+ − 368
{
+ − 369
static $schema;
+ − 370
if ( $act_get )
+ − 371
return $schema;
+ − 372
+ − 373
$admin_pass = stg_decrypt_admin_pass(true);
+ − 374
$key = stg_generate_aes_key(true);
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 375
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
256
+ − 376
$key = $aes->hextostring($key);
+ − 377
$admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
+ − 378
+ − 379
$cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
+ − 380
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 381
$admin_user = $_POST['admin_user'];
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 382
$admin_user = str_replace('_', ' ', $admin_user);
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 383
$admin_user = mysql_real_escape_string($admin_user);
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 384
256
+ − 385
$schema = file_get_contents('schema.sql');
+ − 386
$schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string($_POST['sitename'] ), $schema);
+ − 387
$schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string($_POST['sitedesc'] ), $schema);
+ − 388
$schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string($_POST['copyright'] ), $schema);
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 389
$schema = str_replace('{{ADMIN_USER}}', $admin_user , $schema);
256
+ − 390
$schema = str_replace('{{ADMIN_PASS}}', mysql_real_escape_string($admin_pass ), $schema);
+ − 391
$schema = str_replace('{{ADMIN_EMAIL}}', mysql_real_escape_string($_POST['admin_email']), $schema);
+ − 392
$schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff ), $schema);
+ − 393
$schema = str_replace('{{REAL_NAME}}', '', $schema);
+ − 394
$schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema);
+ − 395
$schema = str_replace('{{VERSION}}', ENANO_VERSION, $schema);
+ − 396
$schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'], $schema);
+ − 397
// Not anymore!! :-D
+ − 398
// $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION, $schema);
+ − 399
+ − 400
if(isset($_POST['wiki_mode']))
+ − 401
{
+ − 402
$schema = str_replace('{{WIKI_MODE}}', '1', $schema);
+ − 403
}
+ − 404
else
+ − 405
{
+ − 406
$schema = str_replace('{{WIKI_MODE}}', '0', $schema);
+ − 407
}
+ − 408
+ − 409
// Build an array of queries
+ − 410
$schema = explode("\n", $schema);
+ − 411
+ − 412
foreach ( $schema as $i => $sql )
+ − 413
{
+ − 414
$query =& $schema[$i];
+ − 415
$t = trim($query);
+ − 416
if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
+ − 417
{
+ − 418
unset($schema[$i]);
+ − 419
unset($query);
+ − 420
}
+ − 421
}
+ − 422
+ − 423
$schema = array_values($schema);
+ − 424
$schema = implode("\n", $schema);
+ − 425
$schema = explode(";\n", $schema);
+ − 426
+ − 427
foreach ( $schema as $i => $sql )
+ − 428
{
+ − 429
$query =& $schema[$i];
+ − 430
if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' )
+ − 431
{
+ − 432
$query .= ';';
+ − 433
}
+ − 434
}
+ − 435
+ − 436
return true;
+ − 437
}
+ − 438
+ − 439
function stg_install($_unused, $already_run)
+ − 440
{
+ − 441
// This one's pretty easy.
+ − 442
$conn = stg_mysql_connect(true);
+ − 443
if ( !is_resource($conn) )
+ − 444
return false;
+ − 445
$schema = stg_parse_schema(true);
+ − 446
if ( !is_array($schema) )
+ − 447
return false;
+ − 448
+ − 449
// If we're resuming installation, the encryption key was regenerated.
+ − 450
// This means we'll have to update the encrypted password in the database.
+ − 451
if ( $already_run )
+ − 452
{
+ − 453
$admin_pass = stg_decrypt_admin_pass(true);
+ − 454
$key = stg_generate_aes_key(true);
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 455
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
256
+ − 456
$key = $aes->hextostring($key);
+ − 457
$admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
+ − 458
$admin_user = mysql_real_escape_string($_POST['admin_user']);
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 459
$admin_user = str_replace('_', ' ', $admin_user);
256
+ − 460
+ − 461
$q = @mysql_query("UPDATE {$_POST['table_prefix']}users SET password='$admin_pass' WHERE username='$admin_user';");
+ − 462
if ( !$q )
+ − 463
{
+ − 464
echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
+ − 465
return false;
+ − 466
}
+ − 467
+ − 468
return true;
+ − 469
}
+ − 470
+ − 471
// OK, do the loop, baby!!!
+ − 472
foreach($schema as $q)
+ − 473
{
+ − 474
$r = mysql_query($q, $conn);
+ − 475
if ( !$r )
+ − 476
{
+ − 477
echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
+ − 478
return false;
+ − 479
}
+ − 480
}
+ − 481
+ − 482
return true;
+ − 483
}
+ − 484
+ − 485
function stg_write_config()
+ − 486
{
+ − 487
$privkey = stg_generate_aes_key(true);
+ − 488
+ − 489
switch($_POST['urlscheme'])
+ − 490
{
+ − 491
case "ugly":
+ − 492
default:
+ − 493
$cp = scriptPath.'/index.php?title=';
+ − 494
break;
+ − 495
case "short":
+ − 496
$cp = scriptPath.'/index.php/';
+ − 497
break;
+ − 498
case "tiny":
+ − 499
$cp = scriptPath.'/';
+ − 500
break;
+ − 501
}
+ − 502
+ − 503
if ( $_POST['urlscheme'] == 'tiny' )
+ − 504
{
+ − 505
$contents = '# Begin Enano rules
+ − 506
RewriteEngine on
+ − 507
RewriteCond %{REQUEST_FILENAME} !-d
+ − 508
RewriteCond %{REQUEST_FILENAME} !-f
+ − 509
RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA]
+ − 510
RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L]
+ − 511
# End Enano rules
+ − 512
';
+ − 513
if ( file_exists('./.htaccess') )
+ − 514
$ht = fopen(ENANO_ROOT.'/.htaccess', 'a+');
+ − 515
else
+ − 516
$ht = fopen(ENANO_ROOT.'/.htaccess.new', 'w');
+ − 517
if ( !$ht )
+ − 518
return false;
+ − 519
fwrite($ht, $contents);
+ − 520
fclose($ht);
+ − 521
}
+ − 522
+ − 523
$config_file = '<?php
+ − 524
/* Enano auto-generated configuration file - editing not recommended! */
+ − 525
$dbhost = \''.addslashes($_POST['db_host']).'\';
+ − 526
$dbname = \''.addslashes($_POST['db_name']).'\';
+ − 527
$dbuser = \''.addslashes($_POST['db_user']).'\';
+ − 528
$dbpasswd = \''.addslashes($_POST['db_pass']).'\';
+ − 529
if ( !defined(\'ENANO_CONSTANTS\') )
+ − 530
{
+ − 531
define(\'ENANO_CONSTANTS\', \'\');
+ − 532
define(\'table_prefix\', \''.addslashes($_POST['table_prefix']).'\');
+ − 533
define(\'scriptPath\', \''.scriptPath.'\');
+ − 534
define(\'contentPath\', \''.$cp.'\');
+ − 535
define(\'ENANO_INSTALLED\', \'true\');
+ − 536
}
+ − 537
$crypto_key = \''.$privkey.'\';
+ − 538
?>';
+ − 539
+ − 540
$cf_handle = fopen(ENANO_ROOT.'/config.new.php', 'w');
+ − 541
if ( !$cf_handle )
+ − 542
return false;
+ − 543
fwrite($cf_handle, $config_file);
+ − 544
+ − 545
fclose($cf_handle);
+ − 546
+ − 547
return true;
+ − 548
}
+ − 549
+ − 550
function _stg_rename_config_revert()
+ − 551
{
+ − 552
if ( file_exists('./config.php') )
+ − 553
{
+ − 554
@rename('./config.php', './config.new.php');
+ − 555
}
+ − 556
+ − 557
$handle = @fopen('./config.php.new', 'w');
+ − 558
if ( !$handle )
+ − 559
return false;
+ − 560
$contents = '<?php $cryptkey = \'' . _INSTRESUME_AES_KEYBACKUP . '\'; ?>';
+ − 561
fwrite($handle, $contents);
+ − 562
fclose($handle);
+ − 563
return true;
+ − 564
}
+ − 565
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 566
function stg_build_index()
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 567
{
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 568
global $db, $session, $paths, $template, $plugins; // Common objects;
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 569
if ( $paths->rebuild_search_index() )
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 570
return true;
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 571
return false;
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 572
}
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 573
256
+ − 574
function stg_rename_config()
+ − 575
{
+ − 576
if ( !@rename('./config.new.php', './config.php') )
+ − 577
{
+ − 578
echo '<p>Can\'t rename config.php</p>';
+ − 579
_stg_rename_config_revert();
+ − 580
return false;
+ − 581
}
+ − 582
+ − 583
if ( $_POST['urlscheme'] == 'tiny' && !file_exists('./.htaccess') )
+ − 584
{
+ − 585
if ( !@rename('./.htaccess.new', './.htaccess') )
+ − 586
{
+ − 587
echo '<p>Can\'t rename .htaccess</p>';
+ − 588
_stg_rename_config_revert();
+ − 589
return false;
+ − 590
}
+ − 591
}
+ − 592
return true;
+ − 593
}
+ − 594
+ − 595
function stg_start_api_success()
+ − 596
{
+ − 597
return true;
+ − 598
}
+ − 599
+ − 600
function stg_start_api_failure()
+ − 601
{
+ − 602
return false;
+ − 603
}
+ − 604
+ − 605
function stg_init_logs()
+ − 606
{
+ − 607
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 608
+ − 609
$q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');');
+ − 610
if ( !$q )
+ − 611
{
+ − 612
echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
+ − 613
return false;
+ − 614
}
+ − 615
+ − 616
if ( !$session->get_permissions('clear_logs') )
+ − 617
{
+ − 618
echo '<p><tt>$session: denied clear_logs</tt></p>';
+ − 619
return false;
+ − 620
}
+ − 621
+ − 622
PageUtils::flushlogs('Main_Page', 'Article');
+ − 623
+ − 624
return true;
+ − 625
}
+ − 626
+ − 627
//die('Key size: ' . AES_BITS . '<br />Block size: ' . AES_BLOCKSIZE);
+ − 628
+ − 629
if(!function_exists('wikiFormat'))
+ − 630
{
+ − 631
function wikiFormat($message, $filter_links = true)
+ − 632
{
+ − 633
$wiki = & Text_Wiki::singleton('Mediawiki');
+ − 634
$wiki->setRenderConf('Xhtml', 'code', 'css_filename', 'codefilename');
+ − 635
$wiki->setRenderConf('Xhtml', 'wikilink', 'view_url', contentPath);
+ − 636
$result = $wiki->transform($message, 'Xhtml');
+ − 637
+ − 638
// HTML fixes
+ − 639
$result = preg_replace('#<tr>([\s]*?)<\/tr>#is', '', $result);
+ − 640
$result = preg_replace('#<p>([\s]*?)<\/p>#is', '', $result);
+ − 641
$result = preg_replace('#<br />([\s]*?)<table#is', '<table', $result);
+ − 642
+ − 643
return $result;
+ − 644
}
+ − 645
}
+ − 646
+ − 647
global $failed, $warned;
+ − 648
+ − 649
$failed = false;
+ − 650
$warned = false;
+ − 651
+ − 652
function not($var)
+ − 653
{
+ − 654
if($var)
+ − 655
{
+ − 656
return false;
+ − 657
}
+ − 658
else
+ − 659
{
+ − 660
return true;
+ − 661
}
+ − 662
}
+ − 663
+ − 664
function run_test($code, $desc, $extended_desc, $warn = false)
+ − 665
{
+ − 666
global $failed, $warned;
+ − 667
static $cv = true;
+ − 668
$cv = not($cv);
+ − 669
$val = eval($code);
+ − 670
if($val)
+ − 671
{
+ − 672
if($cv) $color='CCFFCC'; else $color='AAFFAA';
+ − 673
echo "<tr><td style='background-color: #$color; width: 500px;'>$desc</td><td style='padding-left: 10px;'><img alt='Test passed' src='images/good.gif' /></td></tr>";
+ − 674
} elseif(!$val && $warn) {
+ − 675
if($cv) $color='FFFFCC'; else $color='FFFFAA';
+ − 676
echo "<tr><td style='background-color: #$color; width: 500px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test passed with warning' src='images/unknown.gif' /></td></tr>";
+ − 677
$warned = true;
+ − 678
} else {
+ − 679
if($cv) $color='FFCCCC'; else $color='FFAAAA';
+ − 680
echo "<tr><td style='background-color: #$color; width: 500px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test failed' src='images/bad.gif' /></td></tr>";
+ − 681
$failed = true;
+ − 682
}
+ − 683
}
+ − 684
function is_apache() { $r = strstr($_SERVER['SERVER_SOFTWARE'], 'Apache') ? true : false; return $r; }
+ − 685
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 686
function show_license($fb = false)
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 687
{
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 688
?>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 689
<div style="height: 500px; clip: rect(0px,auto,500px,auto); overflow: auto; padding: 10px; border: 1px dashed #456798; margin: 1em;">
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 690
<h2>GNU General Public License</h2>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 691
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 692
<h3>Declaration of license usage</h3>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 693
<p>Enano is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.</p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 694
<p>This program is distributed in the hope that it will be useful, but <u>without any warranty</u>; without even the implied warranty of <u>merchantability</u> or <u>fitness for a particular purpose</u>. See the GNU General Public License (below) for more details.</p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 695
<p><b>By clicking the button below or otherwise continuing the installation, you indicate your acceptance of this license agreement.</b></p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 696
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 697
<h3>Human-readable version</h3>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 698
<p>Enano is distributed under certain licensing terms that we believe make it of the greatest possible use to the public. The license we distribute it under, the GNU General Public License, provides certain terms and conditions that, rather than limit your use of Enano, allow you to get the most out of it. If you would like to read the full text, it can be found below. Here is a human-readable version that we think is a little easier to understand.</p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 699
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 700
<ul>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 701
<li>You may to run Enano for any purpose.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 702
<li>You may study how Enano works and adapt it to your needs.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 703
<li>You may redistribute copies so you can help your neighbor.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 704
<li>You may improve Enano and release your improvements to the public, so that the whole community benefits.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 705
</ul>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 706
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 707
<p>You may exercise the freedoms specified here provided that you comply with the express conditions of this license. The principal conditions are:</p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 708
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 709
<ul>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 710
<li>You must conspicuously and appropriately publish on each copy distributed an appropriate copyright notice and disclaimer of warranty and keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of Enano a copy of the GNU General Public License along with Enano. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 711
<li>If you modify your copy or copies of Enano or any portion of it, or develop a program based upon it, you may distribute the resulting work provided you do so under the GNU General Public License. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 712
<li>If you copy or distribute Enano, you must accompany it with the complete corresponding machine-readable source code or with a written offer, valid for at least three years, to furnish the complete corresponding machine-readable source code.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 713
</ul>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 714
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 715
<p><b>Disclaimer</b>: The above text is not a license. It is simply a handy reference for understanding the Legal Code (the full license) – it is a human-readable expression of some of its key terms. Think of it as the user-friendly interface to the Legal Code beneath. The above text itself has no legal value, and its contents do not appear in the actual license.<br /><span style="color: #CCC">Text copied from the <a href="http://creativecommons.org/licenses/GPL/2.0/">Creative Commons GPL Deed page</a></span></p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 716
<?php
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 717
if ( defined('ENANO_BETA_VERSION') )
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 718
{
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 719
?>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 720
<h3>Notice for prerelease versions</h3>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 721
<p>This version of Enano is designed only for testing and evaluation purposes. <b>It is not yet completely stable, and should not be used on production websites.</b> As with any Enano version, Dan Fuhry and the Enano team cannot be responsible for any damage, physical or otherwise, to any property as a result of the use of Enano. While security is a number one priority, sometimes things slip through.</p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 722
<?php
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 723
}
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 724
?>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 725
<h3>Lawyer-readable version</h3>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 726
<?php echo wikiFormat(file_get_contents(ENANO_ROOT . '/GPL')); ?>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 727
<?php
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 728
global $template;
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 729
if ( $fb )
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 730
{
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 731
echo '<p style="text-align: center;">Because I could never find the Create a Page button in PHP-Nuke.</p>';
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 732
echo '<p>' . str_replace('http://enanocms.org/', 'http://www.2robots.com/2003/10/15/web-portals-suck/', $template->fading_button) . '</p>';
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 733
echo '<p style="text-align: center;">It\'s not a portal, my friends.</p>';
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 734
}
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 735
?>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 736
</div>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 737
<?php
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 738
}
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 739
256
+ − 740
require_once('includes/template.php');
+ − 741
+ − 742
if(!isset($_GET['mode'])) $_GET['mode'] = 'welcome';
+ − 743
switch($_GET['mode'])
+ − 744
{
+ − 745
case 'mysql_test':
+ − 746
error_reporting(0);
+ − 747
$dbhost = rawurldecode($_POST['host']);
+ − 748
$dbname = rawurldecode($_POST['name']);
+ − 749
$dbuser = rawurldecode($_POST['user']);
+ − 750
$dbpass = rawurldecode($_POST['pass']);
+ − 751
$dbrootuser = rawurldecode($_POST['root_user']);
+ − 752
$dbrootpass = rawurldecode($_POST['root_pass']);
+ − 753
if($dbrootuser != '')
+ − 754
{
+ − 755
$conn = mysql_connect($dbhost, $dbrootuser, $dbrootpass);
+ − 756
if(!$conn)
+ − 757
{
+ − 758
$e = mysql_error();
+ − 759
if(strstr($e, "Lost connection"))
+ − 760
die('host'.$e);
+ − 761
else
+ − 762
die('root'.$e);
+ − 763
}
+ − 764
$rsp = 'good';
257
+ − 765
$q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
256
+ − 766
if(!$q)
+ − 767
{
+ − 768
$e = mysql_error();
+ − 769
if(strstr($e, 'Unknown database'))
+ − 770
{
+ − 771
$rsp .= '_creating_db';
+ − 772
}
+ − 773
}
+ − 774
mysql_close($conn);
+ − 775
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
+ − 776
if(!$conn)
+ − 777
{
+ − 778
$e = mysql_error();
+ − 779
if(strstr($e, "Lost connection"))
+ − 780
die('host'.$e);
+ − 781
else
+ − 782
$rsp .= '_creating_user';
+ − 783
}
+ − 784
mysql_close($conn);
+ − 785
die($rsp);
+ − 786
}
+ − 787
else
+ − 788
{
+ − 789
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
+ − 790
if(!$conn)
+ − 791
{
+ − 792
$e = mysql_error();
+ − 793
if(strstr($e, "Lost connection"))
+ − 794
die('host'.$e);
+ − 795
else
+ − 796
die('auth'.$e);
+ − 797
}
257
+ − 798
$q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
256
+ − 799
if(!$q)
+ − 800
{
+ − 801
$e = mysql_error();
+ − 802
if(strstr($e, 'Unknown database'))
+ − 803
{
+ − 804
die('name'.$e);
+ − 805
}
+ − 806
else
+ − 807
{
+ − 808
die('perm'.$e);
+ − 809
}
+ − 810
}
+ − 811
}
+ − 812
$v = mysql_get_server_info();
+ − 813
if(version_compare($v, '4.1.17', '<')) die('vers'.$v);
+ − 814
mysql_close($conn);
+ − 815
die('good');
+ − 816
break;
+ − 817
case 'pophelp':
+ − 818
$topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid';
+ − 819
switch($topic)
+ − 820
{
+ − 821
case 'admin_embed_php':
+ − 822
$title = 'Allow administrators to embed PHP';
+ − 823
$content = '<p>This option allows you to control whether anything between the standard <?php and ?> tags will be treated as
+ − 824
PHP code by Enano. If this option is enabled, and members of the Administrators group use these tags, Enano will
+ − 825
execute that code when the page is loaded. There are obvious potential security implications here, which should
+ − 826
be carefully considered before enabling this option.</p>
+ − 827
<p>If you are the only administrator of this site, or if you have a high level of trust for those will be administering
+ − 828
the site with you, you should enable this to allow extreme customization of pages.</p>
+ − 829
<p>Leave this option off if you are at all concerned about security – if your account is compromised and PHP embedding
+ − 830
is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to
+ − 831
embed Javascript and arbitrary HTML and CSS.</p>
+ − 832
<p>If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time
+ − 833
using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection. <!-- , or by
+ − 834
using the "embedded PHP kill switch" in the administration panel. --></p>';
+ − 835
break;
+ − 836
default:
+ − 837
$title = 'Invalid topic';
+ − 838
$content = 'Invalid help topic.';
+ − 839
break;
+ − 840
}
+ − 841
echo <<<EOF
+ − 842
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+ − 843
<html>
+ − 844
<head>
+ − 845
<title>Enano installation quick help • {$title}</title>
+ − 846
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
+ − 847
<style type="text/css">
+ − 848
body {
+ − 849
font-family: trebuchet ms, verdana, arial, helvetica, sans-serif;
+ − 850
font-size: 9pt;
+ − 851
}
+ − 852
h2 { border-bottom: 1px solid #90B0D0; margin-bottom: 0; }
+ − 853
h3 { font-size: 11pt; font-weight: bold; }
+ − 854
li { list-style: url(../images/bullet.gif); }
+ − 855
p { margin: 1.0em; }
+ − 856
blockquote { background-color: #F4F4F4; border: 1px dotted #406080; margin: 1em; padding: 10px; max-height: 250px; overflow: auto; }
+ − 857
a { color: #7090B0; }
+ − 858
a:hover { color: #90B0D0; }
+ − 859
</style>
+ − 860
</head>
+ − 861
<body>
+ − 862
<h2>{$title}</h2>
+ − 863
{$content}
+ − 864
<p style="text-align: right;">
+ − 865
<a href="#" onclick="window.close(); return false;">Close window</a>
+ − 866
</p>
+ − 867
</body>
+ − 868
</html>
+ − 869
EOF;
+ − 870
exit;
+ − 871
break;
+ − 872
default:
+ − 873
break;
+ − 874
}
+ − 875
+ − 876
$template = new template_nodb();
+ − 877
$template->load_theme('oxygen', 'bleu', false);
+ − 878
+ − 879
$modestrings = Array(
+ − 880
'welcome' => 'Welcome',
+ − 881
'license' => 'License Agreement',
+ − 882
'sysreqs' => 'Server requirements',
+ − 883
'database'=> 'Database information',
+ − 884
'website' => 'Website configuration',
+ − 885
'login' => 'Administration login',
+ − 886
'confirm' => 'Confirm installation',
+ − 887
'install' => 'Database installation',
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 888
'finish' => 'Installation complete',
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 889
'_hiddenstages' => '...', // all stages below this line are hidden
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 890
'showlicense' => 'License Agreement'
256
+ − 891
);
+ − 892
+ − 893
$sideinfo = '';
+ − 894
$vars = $template->extract_vars('elements.tpl');
+ − 895
$p = $template->makeParserText($vars['sidebar_button']);
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 896
$hidden = false;
256
+ − 897
foreach ( $modestrings as $id => $str )
+ − 898
{
+ − 899
if ( $_GET['mode'] == $id )
+ − 900
{
+ − 901
$flags = 'style="font-weight: bold; text-decoration: underline;"';
+ − 902
$this_page = $str;
+ − 903
}
+ − 904
else
+ − 905
{
+ − 906
$flags = '';
+ − 907
}
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 908
if ( $id == '_hiddenstages' )
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 909
$hidden = true;
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 910
if ( !$hidden )
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 911
{
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 912
$p->assign_vars(Array(
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 913
'HREF' => '#',
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 914
'FLAGS' => $flags . ' onclick="return false;"',
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 915
'TEXT' => $str
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 916
));
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 917
$sideinfo .= $p->run();
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 918
}
256
+ − 919
}
+ − 920
+ − 921
$template->init_vars();
+ − 922
+ − 923
if(isset($_GET['mode']) && $_GET['mode'] == 'css')
+ − 924
{
+ − 925
header('Content-type: text/css');
+ − 926
echo $template->get_css();
+ − 927
exit;
+ − 928
}
+ − 929
+ − 930
$template->header();
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 931
if ( !isset($_GET['mode']) )
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 932
{
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 933
$_GET['mode'] = 'welcome';
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 934
}
256
+ − 935
switch($_GET['mode'])
+ − 936
{
+ − 937
default:
+ − 938
case 'welcome':
+ − 939
?>
+ − 940
<div style="text-align: center; margin-top: 10px;">
+ − 941
<img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-blue.png" style="display: block; margin: 0 auto; padding-left: 100px;" />
+ − 942
<h2>Welcome to Enano</h2>
+ − 943
<h3>version 1.0.2 – stable<br />
+ − 944
<span style="font-weight: normal;">also affectionately known as "coblynau" <tt>:)</tt></span></h3>
+ − 945
<?php
+ − 946
if ( file_exists('./_nightly.php') )
+ − 947
{
+ − 948
echo '<div class="warning-box" style="text-align: left; margin: 10px 0;"><b>You are about to install a NIGHTLY BUILD of Enano.</b><br />Nightly builds are NOT upgradeable and may contain serious flaws, security problems, or extraneous debugging information. Installing this version of Enano on a production site is NOT recommended.</div>';
+ − 949
}
+ − 950
?>
+ − 951
<form action="install.php?mode=license" method="post">
+ − 952
<input type="submit" value="Start installation" />
+ − 953
</form>
+ − 954
</div>
+ − 955
<?php
+ − 956
break;
+ − 957
case "license":
+ − 958
?>
+ − 959
<h3>Welcome to the Enano installer.</h3>
+ − 960
<p>Thank you for choosing Enano as your CMS. You've selected the finest in design, the strongest in security, and the latest in Web 2.0 toys. Trust us, you'll like it.</p>
+ − 961
<p>To get started, please read and accept the following license agreement. You've probably seen it before.</p>
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 962
<?php show_license(); ?>
256
+ − 963
<div class="pagenav">
+ − 964
<form action="install.php?mode=sysreqs" method="post">
+ − 965
<table border="0">
+ − 966
<tr>
+ − 967
<td><input type="submit" value="I agree to the license terms" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Ensure that you agree with the terms of the license<br />• Have your database host, name, username, and password available</p></td>
+ − 968
</tr>
+ − 969
</table>
+ − 970
</form>
+ − 971
</div>
+ − 972
<?php
+ − 973
break;
+ − 974
case "sysreqs":
+ − 975
error_reporting(E_ALL);
+ − 976
?>
+ − 977
<h3>Checking your server</h3>
+ − 978
<p>Enano has several requirements that must be met before it can be installed. If all is good then note any warnings and click Continue below.</p>
+ − 979
<table border="0" cellspacing="0" cellpadding="0">
+ − 980
<?php
+ − 981
run_test('return version_compare(\'4.3.0\', PHP_VERSION, \'<\');', 'PHP Version >=4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.');
295
f948557af068
Add warning in installer for PHP < 5.2.0; hopefully fix validation of e-mail addresses with dashes
Dan
diff
changeset
+ − 982
run_test('return version_compare(\'5.2.0\', PHP_VERSION, \'<\');', 'PHP 5.2.0 or later', 'Your server does not have support for PHP 5.2.0. While you may continue installing Enano, please be warned that as of December 31, 2007, all support for Enano on PHP 4 servers is discontinued. If you have at least PHP 5.0.0, support will still be available, but there are many security problems in PHP versions under 5.2.0 that Enano cannot effectively prevent.', true);
256
+ − 983
run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.');
+ − 984
run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".');
+ − 985
run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true);
+ − 986
//run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true);
+ − 987
run_test('return is_writable(ENANO_ROOT.\'/config.new.php\');', 'Configuration file writable', 'It looks like the configuration file, config.new.php, is not writable. Enano needs to be able to write to this file in order to install.<br /><br /><b>If you are installing Enano on a SourceForge web site:</b><br />SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.');
+ − 988
run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the <img> tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.<br /><br />If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true);
+ − 989
run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true);
+ − 990
run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true);
+ − 991
echo '</table>';
+ − 992
if(!$failed)
+ − 993
{
+ − 994
?>
+ − 995
+ − 996
<div class="pagenav">
+ − 997
<?php
+ − 998
if($warned) {
+ − 999
echo '<table border="0" cellspacing="0" cellpadding="0">';
295
f948557af068
Add warning in installer for PHP < 5.2.0; hopefully fix validation of e-mail addresses with dashes
Dan
diff
changeset
+ − 1000
run_test('return false;', 'Some of the features of Enano have been turned off to accommodate your server.', 'Enano has detected that some of the features or configuration settings on your server are not optimal for the best behavior and/or performance for Enano. As a result, Enano has disabled these features as a precaution to prevent errors and potential security issues.', true);
256
+ − 1001
echo '</table>';
+ − 1002
} else {
+ − 1003
echo '<table border="0" cellspacing="0" cellpadding="0">';
+ − 1004
run_test('return true;', '<b>Your server meets all the requirements for running Enano.</b><br />Click the button below to continue the installation.', 'You should never see this text. Congratulations for being an Enano hacker!');
+ − 1005
echo '</table>';
+ − 1006
}
+ − 1007
?>
+ − 1008
<form action="install.php?mode=database" method="post">
+ − 1009
<table border="0">
+ − 1010
<tr>
257
+ − 1011
<td><input type="submit" value="Continue" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Ensure that you are satisfied with any scalebacks that may have been made to accomodate your server configuration<br />• Have your database host, name, username, and password available</p></td>
256
+ − 1012
</tr>
+ − 1013
</table>
+ − 1014
</form>
+ − 1015
</div>
+ − 1016
<?php
+ − 1017
} else {
+ − 1018
if($failed) {
+ − 1019
echo '<div class="pagenav"><table border="0" cellspacing="0" cellpadding="0">';
+ − 1020
run_test('return false;', 'Your server does not meet the requirements for Enano to run.', 'As a precaution, Enano will not install until the above requirements have been met. Contact your server administrator or hosting company and convince them to upgrade. Good luck.');
+ − 1021
echo '</table></div>';
+ − 1022
}
+ − 1023
}
+ − 1024
?>
+ − 1025
<?php
+ − 1026
break;
+ − 1027
case "database":
+ − 1028
?>
+ − 1029
<script type="text/javascript">
+ − 1030
function ajaxGet(uri, f) {
+ − 1031
if (window.XMLHttpRequest) {
+ − 1032
ajax = new XMLHttpRequest();
+ − 1033
} else {
+ − 1034
if (window.ActiveXObject) {
+ − 1035
ajax = new ActiveXObject("Microsoft.XMLHTTP");
+ − 1036
} else {
+ − 1037
alert('Enano client-side runtime error: No AJAX support, unable to continue');
+ − 1038
return;
+ − 1039
}
+ − 1040
}
+ − 1041
ajax.onreadystatechange = f;
+ − 1042
ajax.open('GET', uri, true);
+ − 1043
ajax.send(null);
+ − 1044
}
+ − 1045
+ − 1046
function ajaxPost(uri, parms, f) {
+ − 1047
if (window.XMLHttpRequest) {
+ − 1048
ajax = new XMLHttpRequest();
+ − 1049
} else {
+ − 1050
if (window.ActiveXObject) {
+ − 1051
ajax = new ActiveXObject("Microsoft.XMLHTTP");
+ − 1052
} else {
+ − 1053
alert('Enano client-side runtime error: No AJAX support, unable to continue');
+ − 1054
return;
+ − 1055
}
+ − 1056
}
+ − 1057
ajax.onreadystatechange = f;
+ − 1058
ajax.open('POST', uri, true);
+ − 1059
ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ − 1060
ajax.setRequestHeader("Content-length", parms.length);
+ − 1061
ajax.setRequestHeader("Connection", "close");
+ − 1062
ajax.send(parms);
+ − 1063
}
+ − 1064
function ajaxTestConnection()
+ − 1065
{
+ − 1066
v = verify();
+ − 1067
if(!v)
+ − 1068
{
+ − 1069
alert('One or more of the form fields is incorrect. Please correct any information in the form that has an "X" next to it.');
+ − 1070
return false;
+ − 1071
}
+ − 1072
var frm = document.forms.dbinfo;
+ − 1073
db_host = escape(frm.db_host.value.replace('+', '%2B'));
+ − 1074
db_name = escape(frm.db_name.value.replace('+', '%2B'));
+ − 1075
db_user = escape(frm.db_user.value.replace('+', '%2B'));
+ − 1076
db_pass = escape(frm.db_pass.value.replace('+', '%2B'));
+ − 1077
db_root_user = escape(frm.db_root_user.value.replace('+', '%2B'));
+ − 1078
db_root_pass = escape(frm.db_root_pass.value.replace('+', '%2B'));
+ − 1079
+ − 1080
parms = 'host='+db_host+'&name='+db_name+'&user='+db_user+'&pass='+db_pass+'&root_user='+db_root_user+'&root_pass='+db_root_pass;
+ − 1081
ajaxPost('<?php echo scriptPath; ?>/install.php?mode=mysql_test', parms, function() {
+ − 1082
if(ajax.readyState==4)
+ − 1083
{
+ − 1084
s = ajax.responseText.substr(0, 4);
+ − 1085
t = ajax.responseText.substr(4, ajax.responseText.length);
+ − 1086
if(s.substr(0, 4)=='good')
+ − 1087
{
+ − 1088
document.getElementById('s_db_host').src='images/good.gif';
+ − 1089
document.getElementById('s_db_name').src='images/good.gif';
+ − 1090
document.getElementById('s_db_auth').src='images/good.gif';
+ − 1091
document.getElementById('s_db_root').src='images/good.gif';
+ − 1092
if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
+ − 1093
if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
+ − 1094
document.getElementById('s_mysql_version').src='images/good.gif';
+ − 1095
document.getElementById('e_mysql_version').innerHTML = 'Your version of MySQL meets Enano requirements.';
+ − 1096
}
+ − 1097
else
+ − 1098
{
+ − 1099
switch(s)
+ − 1100
{
+ − 1101
case 'host':
+ − 1102
document.getElementById('s_db_host').src='images/bad.gif';
+ − 1103
document.getElementById('s_db_name').src='images/unknown.gif';
+ − 1104
document.getElementById('s_db_auth').src='images/unknown.gif';
+ − 1105
document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1106
document.getElementById('e_db_host').innerHTML = '<b>Error:<\/b> The database server "'+document.forms.dbinfo.db_host.value+'" couldn\'t be contacted.<br \/>'+t;
+ − 1107
document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1108
break;
+ − 1109
case 'auth':
+ − 1110
document.getElementById('s_db_host').src='images/good.gif';
+ − 1111
document.getElementById('s_db_name').src='images/unknown.gif';
+ − 1112
document.getElementById('s_db_auth').src='images/bad.gif';
+ − 1113
document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1114
document.getElementById('e_db_auth').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
+ − 1115
document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1116
break;
+ − 1117
case 'perm':
+ − 1118
document.getElementById('s_db_host').src='images/good.gif';
+ − 1119
document.getElementById('s_db_name').src='images/bad.gif';
+ − 1120
document.getElementById('s_db_auth').src='images/good.gif';
+ − 1121
document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1122
document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> Access to the specified database using those login credentials was denied.<br \/>'+t;
+ − 1123
document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1124
break;
+ − 1125
case 'name':
+ − 1126
document.getElementById('s_db_host').src='images/good.gif';
+ − 1127
document.getElementById('s_db_name').src='images/bad.gif';
+ − 1128
document.getElementById('s_db_auth').src='images/good.gif';
+ − 1129
document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1130
document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> The specified database does not exist<br \/>'+t;
+ − 1131
document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1132
break;
+ − 1133
case 'root':
+ − 1134
document.getElementById('s_db_host').src='images/good.gif';
+ − 1135
document.getElementById('s_db_name').src='images/unknown.gif';
+ − 1136
document.getElementById('s_db_auth').src='images/unknown.gif';
+ − 1137
document.getElementById('s_db_root').src='images/bad.gif';
+ − 1138
document.getElementById('e_db_root').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
+ − 1139
document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1140
break;
+ − 1141
case 'vers':
+ − 1142
document.getElementById('s_db_host').src='images/good.gif';
+ − 1143
document.getElementById('s_db_name').src='images/good.gif';
+ − 1144
document.getElementById('s_db_auth').src='images/good.gif';
+ − 1145
document.getElementById('s_db_root').src='images/good.gif';
+ − 1146
if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
+ − 1147
if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
+ − 1148
+ − 1149
document.getElementById('e_mysql_version').innerHTML = '<b>Error:<\/b> Your version of MySQL ('+t+') is older than 4.1.17. Enano will still work, but there is a known bug with the comment system and MySQL 4.1.11 that involves some comments not being displayed, due to an issue with the PHP function mysql_fetch_row().';
+ − 1150
document.getElementById('s_mysql_version').src='images/bad.gif';
+ − 1151
default:
+ − 1152
alert(t);
+ − 1153
break;
+ − 1154
}
+ − 1155
}
+ − 1156
}
+ − 1157
});
+ − 1158
}
+ − 1159
function verify()
+ − 1160
{
+ − 1161
document.getElementById('e_db_host').innerHTML = '';
+ − 1162
document.getElementById('e_db_auth').innerHTML = '';
+ − 1163
document.getElementById('e_db_name').innerHTML = '';
+ − 1164
document.getElementById('e_db_root').innerHTML = '';
+ − 1165
var frm = document.forms.dbinfo;
+ − 1166
ret = true;
+ − 1167
if(frm.db_host.value != '')
+ − 1168
{
+ − 1169
document.getElementById('s_db_host').src='images/unknown.gif';
+ − 1170
}
+ − 1171
else
+ − 1172
{
+ − 1173
document.getElementById('s_db_host').src='images/bad.gif';
+ − 1174
ret = false;
+ − 1175
}
262
+ − 1176
if(frm.db_name.value.match(/^([a-z0-9_-]+)$/g))
256
+ − 1177
{
+ − 1178
document.getElementById('s_db_name').src='images/unknown.gif';
+ − 1179
}
+ − 1180
else
+ − 1181
{
+ − 1182
document.getElementById('s_db_name').src='images/bad.gif';
+ − 1183
ret = false;
+ − 1184
}
+ − 1185
if(frm.db_user.value != '')
+ − 1186
{
+ − 1187
document.getElementById('s_db_auth').src='images/unknown.gif';
+ − 1188
}
+ − 1189
else
+ − 1190
{
+ − 1191
document.getElementById('s_db_auth').src='images/bad.gif';
+ − 1192
ret = false;
+ − 1193
}
+ − 1194
if(frm.table_prefix.value.match(/^([a-z0-9_]*)$/g))
+ − 1195
{
+ − 1196
document.getElementById('s_table_prefix').src='images/good.gif';
+ − 1197
}
+ − 1198
else
+ − 1199
{
+ − 1200
document.getElementById('s_table_prefix').src='images/bad.gif';
+ − 1201
ret = false;
+ − 1202
}
+ − 1203
if(frm.db_root_user.value == '')
+ − 1204
{
+ − 1205
document.getElementById('s_db_root').src='images/good.gif';
+ − 1206
}
+ − 1207
else if(frm.db_root_user.value != '' && frm.db_root_pass.value == '')
+ − 1208
{
+ − 1209
document.getElementById('s_db_root').src='images/bad.gif';
+ − 1210
ret = false;
+ − 1211
}
+ − 1212
else
+ − 1213
{
+ − 1214
document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1215
}
+ − 1216
if(ret) frm._cont.disabled = false;
+ − 1217
else frm._cont.disabled = true;
+ − 1218
return ret;
+ − 1219
}
+ − 1220
window.onload = verify;
+ − 1221
</script>
+ − 1222
<p>Now we need some information that will allow Enano to contact your database server. Enano uses MySQL as a data storage backend,
+ − 1223
and we need to have access to a MySQL server in order to continue.</p>
+ − 1224
<p>If you do not have access to a MySQL server, and you are using your own server, you can download MySQL for free from
+ − 1225
<a href="http://www.mysql.com/">MySQL.com</a>. <b>Please note that, like Enano, MySQL is licensed under the GNU GPL.</b>
+ − 1226
If you need to modify MySQL and then distribute your modifications, you must either distribute them under the terms of the GPL
+ − 1227
or purchase a proprietary license.</p>
+ − 1228
<?php
257
+ − 1229
if ( @file_exists('/etc/enano-is-virt-appliance') )
256
+ − 1230
{
+ − 1231
echo '<p><b>MySQL login information for this virtual appliance:</b><br /><br />Database hostname: localhost<br />Database login: username "enano", password: "clurichaun" (without quotes)<br />Database name: enano_www1</p>';
+ − 1232
}
+ − 1233
?>
+ − 1234
<form name="dbinfo" action="install.php?mode=website" method="post">
+ − 1235
<table border="0">
257
+ − 1236
<tr><td colspan="3" style="text-align: center"><h3>Database information</h3></td></tr>
+ − 1237
<tr><td><b>Database hostname</b><br />This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".<br /><span style="color: #993300" id="e_db_host"></span></td><td><input onkeyup="verify();" name="db_host" size="30" type="text" /></td><td><img id="s_db_host" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1238
<tr><td><b>Database name</b><br />The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a MySQL user with administrative rights.<br /><span style="color: #993300" id="e_db_name"></span></td><td><input onkeyup="verify();" name="db_name" size="30" type="text" /></td><td><img id="s_db_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1239
<tr><td rowspan="2"><b>Database login</b><br />These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace" privileges for your database.<br /><span style="color: #993300" id="e_db_auth"></span></td><td><input onkeyup="verify();" name="db_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_auth" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1240
<tr><td><input name="db_pass" size="30" type="password" /></td></tr>
+ − 1241
<tr><td colspan="3" style="text-align: center"><h3>Optional information</h3></td></tr>
+ − 1242
<tr><td><b>Table prefix</b><br />The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), numbers (0-9), and underscores (_).</td><td><input onkeyup="verify();" name="table_prefix" size="30" type="text" /></td><td><img id="s_table_prefix" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+ − 1243
<tr><td rowspan="2"><b>Database administrative login</b><br />If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the login information for an administrative user (such as root). Leave these fields blank unless you need to use them.<br /><span style="color: #993300" id="e_db_root"></span></td><td><input onkeyup="verify();" name="db_root_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_root" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+ − 1244
<tr><td><input onkeyup="verify();" name="db_root_pass" size="30" type="password" /></td></tr>
+ − 1245
<tr><td><b>MySQL version</b></td><td id="e_mysql_version">MySQL version information will be checked when you click "Test Connection".</td><td><img id="s_mysql_version" alt="Good/bad icon" src="images/unknown.gif" /></td></tr>
+ − 1246
<tr><td><b>Delete existing tables?</b><br />If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do NOT use this option unless specifically instructed to.</td><td><input type="checkbox" name="drop_tables" id="dtcheck" /> <label for="dtcheck">Drop existing tables</label></td></tr>
+ − 1247
<tr><td colspan="3" style="text-align: center"><input type="button" value="Test connection" onclick="ajaxTestConnection();" /></td></tr>
256
+ − 1248
</table>
+ − 1249
<div class="pagenav">
257
+ − 1250
<table border="0">
+ − 1251
<tr>
+ − 1252
<td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Check your MySQL connection using the "Test Connection" button.<br />• Be aware that your database information will be transmitted unencrypted several times.</p></td>
+ − 1253
</tr>
+ − 1254
</table>
+ − 1255
</div>
256
+ − 1256
</form>
+ − 1257
<?php
+ − 1258
break;
+ − 1259
case "website":
+ − 1260
if(!isset($_POST['_cont'])) {
+ − 1261
echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+ − 1262
$template->footer();
+ − 1263
exit;
+ − 1264
}
+ − 1265
unset($_POST['_cont']);
+ − 1266
?>
+ − 1267
<script type="text/javascript">
+ − 1268
function verify()
+ − 1269
{
+ − 1270
var frm = document.forms.siteinfo;
+ − 1271
ret = true;
+ − 1272
if(frm.sitename.value.match(/^(.+)$/g) && frm.sitename.value != 'Enano')
+ − 1273
{
+ − 1274
document.getElementById('s_name').src='images/good.gif';
+ − 1275
}
+ − 1276
else
+ − 1277
{
+ − 1278
document.getElementById('s_name').src='images/bad.gif';
+ − 1279
ret = false;
+ − 1280
}
+ − 1281
if(frm.sitedesc.value.match(/^(.+)$/g))
+ − 1282
{
+ − 1283
document.getElementById('s_desc').src='images/good.gif';
+ − 1284
}
+ − 1285
else
+ − 1286
{
+ − 1287
document.getElementById('s_desc').src='images/bad.gif';
+ − 1288
ret = false;
+ − 1289
}
+ − 1290
if(frm.copyright.value.match(/^(.+)$/g))
+ − 1291
{
+ − 1292
document.getElementById('s_copyright').src='images/good.gif';
+ − 1293
}
+ − 1294
else
+ − 1295
{
+ − 1296
document.getElementById('s_copyright').src='images/bad.gif';
+ − 1297
ret = false;
+ − 1298
}
+ − 1299
if(ret) frm._cont.disabled = false;
+ − 1300
else frm._cont.disabled = true;
+ − 1301
return ret;
+ − 1302
}
+ − 1303
window.onload = verify;
+ − 1304
</script>
+ − 1305
<form name="siteinfo" action="install.php?mode=login" method="post">
+ − 1306
<?php
+ − 1307
$k = array_keys($_POST);
+ − 1308
for($i=0;$i<sizeof($_POST);$i++) {
+ − 1309
echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
+ − 1310
}
+ − 1311
?>
+ − 1312
<p>The next step is to enter some information about your website. You can always change this information later, using the administration panel.</p>
+ − 1313
<table border="0">
257
+ − 1314
<tr><td><b>Website name</b><br />The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".</td><td><input onkeyup="verify();" name="sitename" type="text" size="30" /></td><td><img id="s_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1315
<tr><td><b>Website description</b><br />This text will be shown below the name of your website.</td><td><input onkeyup="verify();" name="sitedesc" type="text" size="30" /></td><td><img id="s_desc" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1316
<tr><td><b>Copyright info</b><br />This should be a one-line legal notice that will appear at the bottom of all your pages.</td><td><input onkeyup="verify();" name="copyright" type="text" size="30" /></td><td><img id="s_copyright" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1317
<tr><td><b>Wiki mode</b><br />This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can protect pages to prevent editing.</td><td><input name="wiki_mode" type="checkbox" id="wmcheck" /> <label for="wmcheck">Yes, make my website a wiki.</label></td><td></td></tr>
+ − 1318
<tr><td><b>URL scheme</b><br />Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you don't know, select the first option, and you can always change it later.</td><td colspan="2"><input type="radio" <?php if(!is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="ugly" id="ugly"> <label for="ugly">Standard URLs - compatible with any web server (www.example.com/index.php?title=Page_name)</label><br /><input type="radio" <?php if(is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="short" id="short"> <label for="short">Short URLs - requires Apache with a PHP module (www.example.com/index.php/Page_name)</label><br /><input type="radio" name="urlscheme" value="tiny" id="petite"> <label for="petite">Tiny URLs - requires Apache on Linux/Unix/BSD with PHP module and mod_rewrite enabled (www.example.com/Page_name)</label></td></tr>
256
+ − 1319
</table>
+ − 1320
<div class="pagenav">
+ − 1321
<table border="0">
257
+ − 1322
<tr>
+ − 1323
<td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Verify that your site information is correct. Again, all of the above settings can be changed from the administration panel.</p></td>
+ − 1324
</tr>
256
+ − 1325
</table>
+ − 1326
</div>
+ − 1327
</form>
+ − 1328
<?php
+ − 1329
break;
+ − 1330
case "login":
+ − 1331
if(!isset($_POST['_cont'])) {
+ − 1332
echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+ − 1333
$template->footer();
+ − 1334
exit;
+ − 1335
}
+ − 1336
unset($_POST['_cont']);
+ − 1337
require('config.new.php');
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1338
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
256
+ − 1339
if ( isset($crypto_key) )
+ − 1340
{
+ − 1341
$cryptkey = $crypto_key;
+ − 1342
}
+ − 1343
if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) )
+ − 1344
{
+ − 1345
$cryptkey = $aes->gen_readymade_key();
+ − 1346
$handle = @fopen(ENANO_ROOT.'/config.new.php', 'w');
+ − 1347
if(!$handle)
+ − 1348
{
+ − 1349
echo '<p>ERROR: Cannot open config.php for writing - exiting!</p>';
+ − 1350
$template->footer();
+ − 1351
exit;
+ − 1352
}
+ − 1353
fwrite($handle, '<?php $cryptkey = \''.$cryptkey.'\'; ?>');
+ − 1354
fclose($handle);
+ − 1355
}
+ − 1356
// Sorry for the ugly hack, but this f***s up jEdit badly.
+ − 1357
echo '
+ − 1358
<script type="text/javascript">
+ − 1359
function verify()
+ − 1360
{
+ − 1361
var frm = document.forms.login;
+ − 1362
ret = true;
284
0f039028f7a5
Made the username validation regexp in install less picky since it was blacklisting two of the letters in my name. >.<
Dan
diff
changeset
+ − 1363
if ( frm.admin_user.value.match(/^([^<>&\?\'"%\/]+)$/) && !frm.admin_user.value.match(/^(?:(?:\\d{1,2}|1\\d\\d|2[0-4]\\d|25[0-5])\\.){3}(?:\\d{1,2}|1\\d\\d|2[0-4]\\d|25[0-5])$/) && frm.admin_user.value.toLowerCase() != \'anonymous\' )
256
+ − 1364
{
+ − 1365
document.getElementById(\'s_user\').src = \'images/good.gif\';
+ − 1366
}
+ − 1367
else
+ − 1368
{
+ − 1369
document.getElementById(\'s_user\').src = \'images/bad.gif\';
+ − 1370
ret = false;
+ − 1371
}
+ − 1372
if(frm.admin_pass.value.length >= 6 && frm.admin_pass.value == frm.admin_pass_confirm.value)
+ − 1373
{
+ − 1374
document.getElementById(\'s_password\').src = \'images/good.gif\';
+ − 1375
}
+ − 1376
else
+ − 1377
{
+ − 1378
document.getElementById(\'s_password\').src = \'images/bad.gif\';
+ − 1379
ret = false;
+ − 1380
}
295
f948557af068
Add warning in installer for PHP < 5.2.0; hopefully fix validation of e-mail addresses with dashes
Dan
diff
changeset
+ − 1381
if(frm.admin_email.value.match(/^(?:[\\w\\d_-]+\\.?)+@(?:(?:[\\w\\d-]\\-?)+\\.)+\\w{2,4}$/))
256
+ − 1382
{
+ − 1383
document.getElementById(\'s_email\').src = \'images/good.gif\';
+ − 1384
}
+ − 1385
else
+ − 1386
{
+ − 1387
document.getElementById(\'s_email\').src = \'images/bad.gif\';
+ − 1388
ret = false;
+ − 1389
}
+ − 1390
if(ret) frm._cont.disabled = false;
+ − 1391
else frm._cont.disabled = true;
+ − 1392
return ret;
+ − 1393
}
+ − 1394
window.onload = verify;
+ − 1395
+ − 1396
function cryptdata()
+ − 1397
{
+ − 1398
if(!verify()) return false;
+ − 1399
}
+ − 1400
</script>
+ − 1401
';
+ − 1402
?>
+ − 1403
<form name="login" action="install.php?mode=confirm" method="post" onsubmit="runEncryption();">
+ − 1404
<?php
+ − 1405
$k = array_keys($_POST);
+ − 1406
for($i=0;$i<sizeof($_POST);$i++) {
+ − 1407
echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
+ − 1408
}
+ − 1409
?>
+ − 1410
<p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
+ − 1411
<table border="0">
257
+ − 1412
<tr><td><b>Administration username</b><br /><small>The administration username you will use to log into your site.<br />This cannot be "anonymous" or in the form of an IP address.</small></td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1413
<tr><td>Administration password:</td><td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td><td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1414
<tr><td>Enter it again to confirm:</td><td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td></tr>
+ − 1415
<tr><td>Your e-mail address:</td><td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td><td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
256
+ − 1416
<tr>
+ − 1417
<td>
+ − 1418
Allow administrators to embed PHP code into pages:<br />
+ − 1419
<small><span style="color: #D84308">Do not under any circumstances enable this option without reading these
+ − 1420
<a href="install.php?mode=pophelp&topic=admin_embed_php"
+ − 1421
onclick="window.open(this.href, 'pophelpwin', 'width=550,height=400,status=no,toolbars=no,toolbar=no,address=no,scroll=yes'); return false;"
+ − 1422
style="color: #D84308; text-decoration: underline;">important security implications</a>.
+ − 1423
</span></small>
+ − 1424
</td>
+ − 1425
<td>
+ − 1426
<label><input type="radio" name="admin_embed_php" value="2" checked="checked" /> Disabled</label>
+ − 1427
<label><input type="radio" name="admin_embed_php" value="4" /> Enabled</label>
+ − 1428
</td>
+ − 1429
<td></td>
+ − 1430
</tr>
+ − 1431
<tr><td colspan="3">If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.</td></tr>
+ − 1432
</table>
+ − 1433
<div class="pagenav">
+ − 1434
<table border="0">
257
+ − 1435
<tr>
+ − 1436
<td><input type="submit" value="Continue" onclick="return cryptdata();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Remember the username and password you enter here! You will not be able to administer your site without the information you enter on this page.</p></td>
+ − 1437
</tr>
256
+ − 1438
</table>
+ − 1439
</div>
+ − 1440
<div id="cryptdebug"></div>
257
+ − 1441
<input type="hidden" name="use_crypt" value="no" />
+ − 1442
<input type="hidden" name="crypt_key" value="<?php echo $cryptkey; ?>" />
+ − 1443
<input type="hidden" name="crypt_data" value="" />
256
+ − 1444
</form>
+ − 1445
<script type="text/javascript">
+ − 1446
// <![CDATA[
+ − 1447
var frm = document.forms.login;
+ − 1448
frm.admin_user.focus();
+ − 1449
function runEncryption()
+ − 1450
{
+ − 1451
str = '';
+ − 1452
for(i=0;i<keySizeInBits/4;i++) str+='0';
+ − 1453
var key = hexToByteArray(str);
+ − 1454
var pt = hexToByteArray(str);
+ − 1455
var ct = rijndaelEncrypt(pt, key, "ECB");
+ − 1456
var ect = byteArrayToHex(ct);
+ − 1457
switch(keySizeInBits)
+ − 1458
{
+ − 1459
case 128:
+ − 1460
v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ − 1461
break;
+ − 1462
case 192:
+ − 1463
v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ − 1464
break;
+ − 1465
case 256:
+ − 1466
v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ − 1467
break;
+ − 1468
}
+ − 1469
var testpassed = ( ect == v && md5_vm_test() );
+ − 1470
var frm = document.forms.login;
+ − 1471
if(testpassed)
+ − 1472
{
+ − 1473
// alert('encryption self-test passed');
+ − 1474
frm.use_crypt.value = 'yes';
+ − 1475
var cryptkey = frm.crypt_key.value;
+ − 1476
frm.crypt_key.value = '';
+ − 1477
if(cryptkey != byteArrayToHex(hexToByteArray(cryptkey)))
+ − 1478
{
+ − 1479
alert('Byte array conversion SUCKS');
+ − 1480
testpassed = false;
+ − 1481
}
+ − 1482
cryptkey = hexToByteArray(cryptkey);
+ − 1483
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ − 1484
{
+ − 1485
frm._cont.disabled = true;
+ − 1486
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ − 1487
alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ − 1488
}
+ − 1489
}
+ − 1490
else
+ − 1491
{
+ − 1492
// alert('encryption self-test FAILED');
+ − 1493
}
+ − 1494
if(testpassed)
+ − 1495
{
+ − 1496
pass = frm.admin_pass.value;
+ − 1497
pass = stringToByteArray(pass);
+ − 1498
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
+ − 1499
//decrypted = rijndaelDecrypt(cryptstring, cryptkey, 'ECB');
+ − 1500
//decrypted = byteArrayToString(decrypted);
+ − 1501
//return false;
+ − 1502
if(!cryptstring)
+ − 1503
{
+ − 1504
return false;
+ − 1505
}
+ − 1506
cryptstring = byteArrayToHex(cryptstring);
+ − 1507
// document.getElementById('cryptdebug').innerHTML = '<pre>Data: '+cryptstring+'<br />Key: '+byteArrayToHex(cryptkey)+'</pre>';
+ − 1508
frm.crypt_data.value = cryptstring;
+ − 1509
frm.admin_pass.value = '';
+ − 1510
frm.admin_pass_confirm.value = '';
+ − 1511
}
+ − 1512
return false;
+ − 1513
}
+ − 1514
// ]]>
+ − 1515
</script>
+ − 1516
<?php
+ − 1517
break;
+ − 1518
case "confirm":
+ − 1519
if(!isset($_POST['_cont'])) {
+ − 1520
echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+ − 1521
$template->footer();
+ − 1522
exit;
+ − 1523
}
+ − 1524
unset($_POST['_cont']);
+ − 1525
?>
+ − 1526
<form name="confirm" action="install.php?mode=install" method="post">
+ − 1527
<?php
+ − 1528
$k = array_keys($_POST);
+ − 1529
for($i=0;$i<sizeof($_POST);$i++) {
+ − 1530
echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
+ − 1531
}
+ − 1532
?>
+ − 1533
<h3>Enano is ready to install.</h3>
+ − 1534
<p>The wizard has finished collecting information and is ready to install the database schema. Please review the information below,
+ − 1535
and then click the button below to install the database.</p>
+ − 1536
<ul>
+ − 1537
<li>Database hostname: <?php echo $_POST['db_host']; ?></li>
+ − 1538
<li>Database name: <?php echo $_POST['db_name']; ?></li>
+ − 1539
<li>Database user: <?php echo $_POST['db_user']; ?></li>
+ − 1540
<li>Database password: <hidden></li>
+ − 1541
<li>Site name: <?php echo $_POST['sitename']; ?></li>
+ − 1542
<li>Site description: <?php echo $_POST['sitedesc']; ?></li>
+ − 1543
<li>Administration username: <?php echo $_POST['admin_user']; ?></li>
+ − 1544
<li>Cipher strength: <?php echo (string)AES_BITS; ?>-bit AES<br /><small>Cipher strength is defined in the file constants.php; if you desire to change the cipher strength, you may do so and then restart installation. Unless your site is mission-critical, changing the cipher strength is not necessary.</small></li>
+ − 1545
</ul>
+ − 1546
<div class="pagenav">
+ − 1547
<table border="0">
+ − 1548
<tr>
+ − 1549
<td><input type="submit" value="Install Enano!" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Pray.</p></td>
+ − 1550
</tr>
+ − 1551
</table>
+ − 1552
</div>
+ − 1553
</form>
+ − 1554
<?php
+ − 1555
break;
+ − 1556
case "install":
+ − 1557
if(!isset($_POST['db_host']) ||
+ − 1558
!isset($_POST['db_name']) ||
+ − 1559
!isset($_POST['db_user']) ||
+ − 1560
!isset($_POST['db_pass']) ||
+ − 1561
!isset($_POST['sitename']) ||
+ − 1562
!isset($_POST['sitedesc']) ||
+ − 1563
!isset($_POST['copyright']) ||
+ − 1564
!isset($_POST['admin_user']) ||
+ − 1565
!isset($_POST['admin_pass']) ||
+ − 1566
!isset($_POST['admin_embed_php']) || ( isset($_POST['admin_embed_php']) && !in_array($_POST['admin_embed_php'], array('2', '4')) ) ||
+ − 1567
!isset($_POST['urlscheme'])
+ − 1568
)
+ − 1569
{
+ − 1570
echo 'The installer has detected that one or more required form values is not set. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+ − 1571
$template->footer();
+ − 1572
exit;
+ − 1573
}
+ − 1574
switch($_POST['urlscheme'])
+ − 1575
{
+ − 1576
case "ugly":
+ − 1577
default:
+ − 1578
$cp = scriptPath.'/index.php?title=';
+ − 1579
break;
+ − 1580
case "short":
+ − 1581
$cp = scriptPath.'/index.php/';
+ − 1582
break;
+ − 1583
case "tiny":
+ − 1584
$cp = scriptPath.'/';
+ − 1585
break;
+ − 1586
}
+ − 1587
function err($t) { global $template; echo $t; $template->footer(); exit; }
+ − 1588
+ − 1589
// $stages = array('connect', 'decrypt', 'genkey', 'parse', 'sql', 'writeconfig', 'renameconfig', 'startapi', 'initlogs');
+ − 1590
+ − 1591
if ( !preg_match('/^[a-z0-9_]*$/', $_POST['table_prefix']) )
+ − 1592
err('Hacking attempt was detected in table_prefix.');
+ − 1593
+ − 1594
start_install_table();
269
+ − 1595
+ − 1596
// Are we just trying to auto-rename the config files? If so, skip everything else
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1597
if ( !isset($_GET['stage']) || ( isset($_GET['stage']) && $_GET['stage'] != 'renameconfig' ) )
256
+ − 1598
{
+ − 1599
269
+ − 1600
// The stages connect, decrypt, genkey, and parse are preprocessing and don't do any actual data modification.
+ − 1601
// Thus, they need to be run on each retry, e.g. never skipped.
+ − 1602
run_installer_stage('connect', 'Connect to MySQL', 'stg_mysql_connect', 'MySQL denied our attempt to connect to the database. This is most likely because your login information was incorrect. You will most likely need to <a href="install.php?mode=license">restart the installation</a>.', false);
+ − 1603
if ( isset($_POST['drop_tables']) )
+ − 1604
{
+ − 1605
// Are we supposed to drop any existing tables? If so, do it now
+ − 1606
run_installer_stage('drop', 'Drop existing Enano tables', 'stg_drop_tables', 'This step never returns failure');
+ − 1607
}
+ − 1608
run_installer_stage('decrypt', 'Decrypt administration password', 'stg_decrypt_admin_pass', 'The administration password you entered couldn\'t be decrypted. It is possible that your server did not properly store the encryption key in the configuration file. Please check the file permissions on config.new.php. You may have to return to the login stage of the installation, clear your browser cache, and then rerun this installation.', false);
+ − 1609
run_installer_stage('genkey', 'Generate ' . AES_BITS . '-bit AES private key', 'stg_generate_aes_key', 'Enano encountered an internal error while generating the site encryption key. Please contact the Enano team for support.', false);
+ − 1610
run_installer_stage('parse', 'Prepare to execute schema file', 'stg_parse_schema', 'Enano encountered an internal error while parsing the SQL file that contains the database structure and initial data. Please contact the Enano team for support.', false);
+ − 1611
run_installer_stage('sql', 'Execute installer schema', 'stg_install', 'The installation failed because an SQL query wasn\'t quite correct. It is possible that you entered malformed data into a form field, or there may be a bug in Enano with your version of MySQL. Please contact the Enano team for support.', false);
+ − 1612
run_installer_stage('writeconfig', 'Write configuration files', 'stg_write_config', 'Enano was unable to write the configuration file with your site\'s database credentials. This is almost always because your configuration file does not have the correct permissions. On Windows servers, you may see this message even if the check on the System Requirements page passed. Temporarily running IIS as the Administrator user may help.');
+ − 1613
+ − 1614
// Mainstream installation complete - Enano should be usable now
+ − 1615
// The stage of starting the API is special because it has to be called out of function context.
+ − 1616
// To alleviate this, we have two functions, one that returns success and one that returns failure
+ − 1617
// If the Enano API load is successful, the success function is called to report the action to the user
+ − 1618
// If unsuccessful, the failure report is sent
+ − 1619
+ − 1620
$template_bak = $template;
+ − 1621
+ − 1622
$_GET['title'] = 'Main_Page';
+ − 1623
require('includes/common.php');
+ − 1624
+ − 1625
if ( is_object($db) && is_object($session) )
+ − 1626
{
+ − 1627
run_installer_stage('startapi', 'Start the Enano API', 'stg_start_api_success', '...', false);
+ − 1628
}
+ − 1629
else
+ − 1630
{
+ − 1631
run_installer_stage('startapi', 'Start the Enano API', 'stg_start_api_failure', 'The Enano API could not be started. This is an error that should never occur; please contact the Enano team for support.', false);
+ − 1632
}
+ − 1633
+ − 1634
// We need to be logged in (with admin rights) before logs can be flushed
+ − 1635
$admin_password = stg_decrypt_admin_pass(true);
+ − 1636
$session->login_without_crypto($_POST['admin_user'], $admin_password, false);
+ − 1637
+ − 1638
// Now that login cookies are set, initialize the session manager and ACLs
+ − 1639
$session->start();
+ − 1640
$paths->init();
+ − 1641
+ − 1642
run_installer_stage('initlogs', 'Initialize logs', 'stg_init_logs', '<b>The session manager denied the request to flush logs for the main page.</b><br />
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1643
While under most circumstances you can still <a href="install.php?mode=finish">finish the installation</a> after renaming your configuration files, you should be aware that some servers cannot
269
+ − 1644
properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose
+ − 1645
to finish the installation, please be aware that you may be unable to log into your site.');
+ − 1646
272
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1647
run_installer_stage('buildindex', 'Initialize search index', 'stg_build_index', 'Something went wrong while the page manager was attempting to build a search index.');
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1648
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1649
/*
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1650
* HACKERS:
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1651
* If you're making a custom distribution of Enano, put all your custom plugin-related code here.
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1652
* You have access to the full Enano API as well as being logged in with complete admin rights.
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1653
* Don't do anything horrendously fancy here, unless you add a new stage (or more than one) and
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1654
* have the progress printed out properly.
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1655
*/
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1656
269
+ − 1657
} // check for stage == renameconfig
256
+ − 1658
else
+ − 1659
{
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1660
// If we did skip the main installer routine, set $template_bak to make the reversal later work properly
269
+ − 1661
$template_bak = $template;
256
+ − 1662
}
268
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 1663
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1664
// Final step is to rename the config file
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1665
// In early revisions of 1.0.2, this step was performed prior to the initialization of the Enano API. It was decided to move
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1666
// this stage to the end because it will fail more often than any other stage, thus making alternate routes imperative. If this
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1667
// stage fails, then no big deal, we'll just have the user rename the files manually and then let them see the pretty success message.
269
+ − 1668
run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. Please CHMOD the folder where your Enano files are to 777 and click the retry button below, <b><u>or</u></b> perform the following rename operations and then <a href="install.php?mode=finish">finish the installation</a>.<ul><li>Rename config.new.php to config.php</li><li>Rename .htaccess.new to .htaccess (only if you selected Tiny URLs)</li></ul>');
268
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 1669
256
+ − 1670
close_install_table();
+ − 1671
+ − 1672
unset($template);
+ − 1673
$template =& $template_bak;
+ − 1674
+ − 1675
echo '<h3>Installation of Enano is complete.</h3><p>Review any warnings above, and then <a href="install.php?mode=finish">click here to finish the installation</a>.';
+ − 1676
+ − 1677
// echo '<script type="text/javascript">window.location="'.scriptPath.'/install.php?mode=finish";</script>';
+ − 1678
+ − 1679
break;
+ − 1680
case "finish":
+ − 1681
echo '<h3>Congratulations!</h3>
+ − 1682
<p>You have finished installing Enano on this server.</p>
+ − 1683
<h3>Now what?</h3>
+ − 1684
<p>Click the link below to see the main page for your website. Where to go from here:</p>
+ − 1685
<ul>
+ − 1686
<li>The first thing you should do is log into your site using the Log in link on the sidebar.</li>
+ − 1687
<li>Go into the Administration panel, expand General, and click General Configuration. There you will be able to configure some basic information about your site.</li>
+ − 1688
<li>Visit the <a href="http://enanocms.org/Category:Plugins" onclick="window.open(this.href); return false;">Enano Plugin Gallery</a> to download and use plugins on your site.</li>
+ − 1689
<li>Periodically create a backup of your database and filesystem, in case something goes wrong. This should be done at least once a week – more for wiki-based sites.</li>
+ − 1690
<li>Hire some moderators, to help you keep rowdy users tame.</li>
+ − 1691
<li>Tell the <a href="http://enanocms.org/Contact_us">Enano team</a> what you think.</li>
+ − 1692
<li><b>Spread the word about Enano by adding a link to the Enano homepage on your sidebar!</b> You can enable this option in the General Configuration section of the administration panel.</li>
+ − 1693
</ul>
+ − 1694
<p><a href="index.php">Go to your website...</a></p>';
+ − 1695
break;
276
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1696
// this stage is never shown during the installation, but is provided for legal purposes
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1697
case "showlicense":
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1698
show_license(true);
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1699
break;
256
+ − 1700
}
+ − 1701
$template->footer();
+ − 1702
+ − 1703
?>