install.php
changeset 256 62ee6685ad18
parent 196 54b3e14bf19d
parent 250 acb9d021b860
child 257 e7bbbb92385b
equal deleted inserted replaced
197:90b7a52bea45 256:62ee6685ad18
     1 <?php
     1 <?php
     2 
     2 
     3 /*
     3 /*
     4  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
     4  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
     5  * Version 1.1.1
     5  * Version 1.0.2 (Coblynau)
     6  * Copyright (C) 2006-2007 Dan Fuhry
     6  * Copyright (C) 2006-2007 Dan Fuhry
     7  * install.php - handles everything related to installation and initial configuration
     7  * install.php - handles everything related to installation and initial configuration
     8  *
     8  *
     9  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
     9  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
    10  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
    10  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
    12  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
    12  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
    13  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
    13  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
    14  */
    14  */
    15  
    15  
    16 @include('config.php');
    16 @include('config.php');
    17 if( ( defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED') ) && ((isset($_GET['mode']) && ($_GET['mode']!='finish' && $_GET['mode']!='css')) || !isset($_GET['mode']))) {
    17 if( ( defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED') ) && ((isset($_GET['mode']) && ($_GET['mode']!='finish' && $_GET['mode']!='css')) || !isset($_GET['mode'])))
       
    18 {
    18   $_GET['title'] = 'Enano:Installation_locked';
    19   $_GET['title'] = 'Enano:Installation_locked';
    19   require('includes/common.php');
    20   require('includes/common.php');
    20   die_friendly('Installation locked', '<p>The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.</p><p>If you wish to upgrade an older Enano installation to this version, please use the <a href="upgrade.php">upgrade script</a>.</p>');
    21   die_friendly('Installation locked', '<p>The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.</p><p>If you wish to upgrade an older Enano installation to this version, please use the <a href="upgrade.php">upgrade script</a>.</p>');
    21   exit;
    22   exit;
    22 }
    23 }
    23 
    24 
    24 define('IN_ENANO_INSTALL', 'true');
    25 define('IN_ENANO_INSTALL', 'true');
    25 
    26 
    26 define('ENANO_VERSION', '1.1.1');
    27 define('ENANO_VERSION', '1.0.2');
    27 // In beta versions, define ENANO_BETA_VERSION here
    28 // In beta versions, define ENANO_BETA_VERSION here
    28 
    29 
    29 if(!defined('scriptPath')) {
    30 if(!defined('scriptPath')) {
    30   $sp = dirname($_SERVER['REQUEST_URI']);
    31   $sp = dirname($_SERVER['REQUEST_URI']);
    31   if($sp == '/' || $sp == '\\') $sp = '';
    32   if($sp == '/' || $sp == '\\') $sp = '';
    61 require('includes/constants.php');
    62 require('includes/constants.php');
    62 require('includes/rijndael.php');
    63 require('includes/rijndael.php');
    63 require('includes/functions.php');
    64 require('includes/functions.php');
    64 
    65 
    65 strip_magic_quotes_gpc();
    66 strip_magic_quotes_gpc();
       
    67 $neutral_color = 'C';
       
    68 
       
    69 //
       
    70 // INSTALLER LIBRARY
       
    71 //
       
    72 
       
    73 function run_installer_stage($stage_id, $stage_name, $function, $failure_explanation, $allow_skip = true)
       
    74 {
       
    75   static $resumed = false;
       
    76   static $resume_stack = array();
       
    77   
       
    78   if ( empty($resume_stack) && isset($_POST['resume_stack']) && preg_match('/[a-z_]+((\|[a-z_]+)+)/', $_POST['resume_stack']) )
       
    79   {
       
    80     $resume_stack = explode('|', $_POST['resume_stack']);
       
    81   }
       
    82   
       
    83   $already_run = false;
       
    84   if ( in_array($stage_id, $resume_stack) )
       
    85   {
       
    86     $already_run = true;
       
    87   }
       
    88   
       
    89   if ( !$resumed )
       
    90   {
       
    91     if ( !isset($_GET['stage']) )
       
    92       $resumed = true;
       
    93     if ( isset($_GET['stage']) && $_GET['stage'] == $stage_id )
       
    94     {
       
    95       $resumed = true;
       
    96     }
       
    97   }
       
    98   if ( !$resumed && $allow_skip )
       
    99   {
       
   100     echo_stage_success($stage_id, "[dbg: skipped] $stage_name");
       
   101     return false;
       
   102   }
       
   103   if ( !function_exists($function) )
       
   104     die('libenanoinstall: CRITICAL: function "' . $function . '" for ' . $stage_id . ' doesn\'t exist');
       
   105   $result = @call_user_func($function, false, $already_run);
       
   106   if ( $result )
       
   107   {
       
   108     echo_stage_success($stage_id, $stage_name);
       
   109     $resume_stack[] = $stage_id;
       
   110     return true;
       
   111   }
       
   112   else
       
   113   {
       
   114     echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack);
       
   115     return false;
       
   116   }
       
   117 }
       
   118 
       
   119 function start_install_table()
       
   120 {
       
   121   echo '<table border="0" cellspacing="0" cellpadding="0">' . "\n";
       
   122 }
       
   123 
       
   124 function close_install_table()
       
   125 {
       
   126   echo '</table>' . "\n\n";
       
   127 }
       
   128 
       
   129 function echo_stage_success($stage_id, $stage_name)
       
   130 {
       
   131   global $neutral_color;
       
   132   $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
       
   133   ob_start();
       
   134   echo '<tr><td style="width: 500px; background-color: #' . "{$neutral_color}{$neutral_color}FF{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Done" src="images/good.gif" /></td></tr>' . "\n";
       
   135   ob_end_flush();
       
   136 }
       
   137 
       
   138 function echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack)
       
   139 {
       
   140   global $neutral_color;
       
   141   
       
   142   $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
       
   143   ob_start();
       
   144   echo '<tr><td style="width: 500px; background-color: #' . "FF{$neutral_color}{$neutral_color}{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Failed" src="images/bad.gif" /></td></tr>' . "\n";
       
   145   ob_end_flush();
       
   146   close_install_table();
       
   147   $post_data = '';
       
   148   $mysql_error = mysql_error();
       
   149   foreach ( $_POST as $key => $value )
       
   150   {
       
   151     $value = htmlspecialchars($value);
       
   152     $key = htmlspecialchars($key);
       
   153     $post_data .= "          <input type=\"hidden\" name=\"$key\" value=\"$value\" />\n";
       
   154   }
       
   155   echo '<form action="install.php?mode=install&amp;stage=' . $stage_id . '" method="post">
       
   156           ' . $post_data . '
       
   157           <input type="hidden" name="resume_stack" value="' . htmlspecialchars(implode('|', $resume_stack)) . '" />
       
   158           <h3>Enano installation failed.</h3>
       
   159            <p>' . $failure_explanation . '</p>
       
   160            ' . ( !empty($mysql_error) ? "<p>The error returned from MySQL was: $mysql_error</p>" : '' ) . '
       
   161            <p>When you have corrected the error, click the button below to attempt to continue the installation.</p>
       
   162            <p style="text-align: center;"><input type="submit" value="Retry installation" /></p>
       
   163         </form>';
       
   164   global $template, $template_bak;
       
   165   if ( is_object($template_bak) )
       
   166     $template_bak->footer();
       
   167   else
       
   168     $template->footer();
       
   169   exit;
       
   170 }
       
   171 
       
   172 //
       
   173 // INSTALLER STAGES
       
   174 //
       
   175 
       
   176 function stg_mysql_connect($act_get = false)
       
   177 {
       
   178   static $conn = false;
       
   179   if ( $act_get )
       
   180     return $conn;
       
   181   
       
   182   $db_user =& $_POST['db_user'];
       
   183   $db_pass =& $_POST['db_pass'];
       
   184   $db_name =& $_POST['db_name'];
       
   185   
       
   186   if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) )
       
   187   {
       
   188     $db_name = htmlspecialchars($db_name);
       
   189     die("<p>SECURITY: malformed database name \"$db_name\"</p>");
       
   190   }
       
   191   
       
   192   // First, try to connect using the normal credentials
       
   193   $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
       
   194   if ( !$conn )
       
   195   {
       
   196     // Connection failed. Do we have the root username and password?
       
   197     if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
       
   198     {
       
   199       $conn_root = @mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
       
   200       if ( !$conn_root )
       
   201       {
       
   202         // Couldn't connect using either set of credentials. Bail out.
       
   203         return false;
       
   204       }
       
   205       unset($db_user, $db_pass);
       
   206       $db_user = mysql_real_escape_string($_POST['db_user']);
       
   207       $db_pass = mysql_real_escape_string($_POST['db_pass']);
       
   208       // Create the user account
       
   209       $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root);
       
   210       if ( !$q )
       
   211       {
       
   212         return false;
       
   213       }
       
   214       // Revoke privileges from test, we don't need them
       
   215       $q = @mysql_query("REVOKE ALL PRIVILEGES ON test.* FROM '{$db_user}'@'localhost';", $conn_root);
       
   216       if ( !$q )
       
   217       {
       
   218         return false;
       
   219       }
       
   220       if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' )
       
   221       {
       
   222         // If not connecting to a server running on localhost, allow from any host
       
   223         // this is safer than trying to detect the hostname of the webserver, but less secure
       
   224         $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'%' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root);
       
   225         if ( !$q )
       
   226         {
       
   227           return false;
       
   228         }
       
   229         // Revoke privileges from test, we don't need them
       
   230         $q = @mysql_query("REVOKE ALL PRIVILEGES ON test.* FROM '{$db_user}'@'%';", $conn_root);
       
   231         if ( !$q )
       
   232         {
       
   233           return false;
       
   234         }
       
   235       }
       
   236       mysql_close($conn_root);
       
   237       $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
       
   238       if ( !$conn )
       
   239       {
       
   240         // This should honestly never happen.
       
   241         return false;
       
   242       }
       
   243     }
       
   244   }
       
   245   $q = @mysql_query("USE `$db_name`;", $conn);
       
   246   if ( !$q )
       
   247   {
       
   248     // access denied to the database; try the whole root schenanegan again
       
   249     if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
       
   250     {
       
   251       $conn_root = @mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
       
   252       if ( !$conn_root )
       
   253       {
       
   254         // Couldn't connect as root; bail out
       
   255         return false;
       
   256       }
       
   257       // create the database, if it doesn't exist
       
   258       $q = @mysql_query("CREATE DATABASE IF NOT EXISTS `$db_name`;", $conn_root);
       
   259       if ( !$q )
       
   260       {
       
   261         // this really should never fail, so don't give any tolerance to it
       
   262         return false;
       
   263       }
       
   264       unset($db_user, $db_pass);
       
   265       $db_user = mysql_real_escape_string($_POST['db_user']);
       
   266       $db_pass = mysql_real_escape_string($_POST['db_pass']);
       
   267       // we're in with root rights; grant access to the database
       
   268       $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'localhost';", $conn_root);
       
   269       if ( !$q )
       
   270       {
       
   271         return false;
       
   272       }
       
   273       if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' )
       
   274       {
       
   275         $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'%';", $conn_root);
       
   276         if ( !$q )
       
   277         {
       
   278           return false;
       
   279         }
       
   280       }
       
   281       mysql_close($conn_root);
       
   282       // grant tables have hopefully been flushed, kill and reconnect our regular user connection
       
   283       mysql_close($conn);
       
   284       $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
       
   285       if ( !$conn )
       
   286       {
       
   287         return false;
       
   288       }
       
   289     }
       
   290     else
       
   291     {
       
   292       return false;
       
   293     }
       
   294     // try again
       
   295     $q = @mysql_query("USE `$db_name`;", $conn);
       
   296     if ( !$q )
       
   297     {
       
   298       // really failed this time; bail out
       
   299       return false;
       
   300     }
       
   301   }
       
   302   // connected and database exists
       
   303   return true;
       
   304 }
       
   305 
       
   306 function stg_drop_tables()
       
   307 {
       
   308   $conn = stg_mysql_connect(true);
       
   309   if ( !$conn )
       
   310     return false;
       
   311   // Our list of tables included in Enano
       
   312   $tables = Array( 'categories', 'comments', 'config', 'logs', 'page_text', 'session_keys', 'pages', 'users', 'users_extra', 'themes', 'buddies', 'banlist', 'files', 'privmsgs', 'sidebar', 'hits', 'search_index', 'groups', 'group_members', 'acl', 'search_cache', 'tags', 'page_groups', 'page_group_members' );
       
   313   
       
   314   // Drop each table individually; if it fails, it probably means we're trying to drop a
       
   315   // table that didn't exist in the Enano version we're deleting the database for.
       
   316   foreach ( $tables as $table )
       
   317   {
       
   318     // Remember that table_prefix is sanitized.
       
   319     $table = "{$_POST['table_prefix']}$table";
       
   320     @mysql_query("DROP TABLE $table;", $conn);
       
   321   }
       
   322   return true;
       
   323 }
       
   324 
       
   325 function stg_decrypt_admin_pass($act_get = false)
       
   326 {
       
   327   static $decrypted_pass = false;
       
   328   if ( $act_get )
       
   329     return $decrypted_pass;
       
   330   
       
   331   $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
       
   332   
       
   333   if ( !empty($_POST['crypt_data']) )
       
   334   {
       
   335     require('config.new.php');
       
   336     if ( !isset($cryptkey) )
       
   337     {
       
   338       return false;
       
   339     }
       
   340     define('_INSTRESUME_AES_KEYBACKUP', $key);
       
   341     $key = hexdecode($cryptkey);
       
   342     
       
   343     $decrypted_pass = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
       
   344     
       
   345   }
       
   346   else
       
   347   {
       
   348     $decrypted_pass = $_POST['admin_pass'];
       
   349   }
       
   350   if ( empty($decrypted_pass) )
       
   351     return false;
       
   352   return true;
       
   353 }
       
   354 
       
   355 function stg_generate_aes_key($act_get = false)
       
   356 {
       
   357   static $key = false;
       
   358   if ( $act_get )
       
   359     return $key;
       
   360   
       
   361   $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
       
   362   $key = $aes->gen_readymade_key();
       
   363   return true;
       
   364 }
       
   365 
       
   366 function stg_parse_schema($act_get = false)
       
   367 {
       
   368   static $schema;
       
   369   if ( $act_get )
       
   370     return $schema;
       
   371   
       
   372   $admin_pass = stg_decrypt_admin_pass(true);
       
   373   $key = stg_generate_aes_key(true);
       
   374   $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
       
   375   $key = $aes->hextostring($key);
       
   376   $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
       
   377   
       
   378   $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
       
   379   
       
   380   $schema = file_get_contents('schema.sql');
       
   381   $schema = str_replace('{{SITE_NAME}}',    mysql_real_escape_string($_POST['sitename']   ), $schema);
       
   382   $schema = str_replace('{{SITE_DESC}}',    mysql_real_escape_string($_POST['sitedesc']   ), $schema);
       
   383   $schema = str_replace('{{COPYRIGHT}}',    mysql_real_escape_string($_POST['copyright']  ), $schema);
       
   384   $schema = str_replace('{{ADMIN_USER}}',   mysql_real_escape_string($_POST['admin_user'] ), $schema);
       
   385   $schema = str_replace('{{ADMIN_PASS}}',   mysql_real_escape_string($admin_pass          ), $schema);
       
   386   $schema = str_replace('{{ADMIN_EMAIL}}',  mysql_real_escape_string($_POST['admin_email']), $schema);
       
   387   $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff          ), $schema);
       
   388   $schema = str_replace('{{REAL_NAME}}',    '',                                              $schema);
       
   389   $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'],                          $schema);
       
   390   $schema = str_replace('{{VERSION}}',      ENANO_VERSION,                                   $schema);
       
   391   $schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'],                    $schema);
       
   392   // Not anymore!! :-D
       
   393   // $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION,                              $schema);
       
   394   
       
   395   if(isset($_POST['wiki_mode']))
       
   396   {
       
   397     $schema = str_replace('{{WIKI_MODE}}', '1', $schema);
       
   398   }
       
   399   else
       
   400   {
       
   401     $schema = str_replace('{{WIKI_MODE}}', '0', $schema);
       
   402   }
       
   403   
       
   404   // Build an array of queries      
       
   405   $schema = explode("\n", $schema);
       
   406   
       
   407   foreach ( $schema as $i => $sql )
       
   408   {
       
   409     $query =& $schema[$i];
       
   410     $t = trim($query);
       
   411     if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
       
   412     {
       
   413       unset($schema[$i]);
       
   414       unset($query);
       
   415     }
       
   416   }
       
   417   
       
   418   $schema = array_values($schema);
       
   419   $schema = implode("\n", $schema);
       
   420   $schema = explode(";\n", $schema);
       
   421   
       
   422   foreach ( $schema as $i => $sql )
       
   423   {
       
   424     $query =& $schema[$i];
       
   425     if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' )
       
   426     {
       
   427       $query .= ';';
       
   428     }
       
   429   }
       
   430   
       
   431   return true;
       
   432 }
       
   433 
       
   434 function stg_install($_unused, $already_run)
       
   435 {
       
   436   // This one's pretty easy.
       
   437   $conn = stg_mysql_connect(true);
       
   438   if ( !is_resource($conn) )
       
   439     return false;
       
   440   $schema = stg_parse_schema(true);
       
   441   if ( !is_array($schema) )
       
   442     return false;
       
   443   
       
   444   // If we're resuming installation, the encryption key was regenerated.
       
   445   // This means we'll have to update the encrypted password in the database.
       
   446   if ( $already_run )
       
   447   {
       
   448     $admin_pass = stg_decrypt_admin_pass(true);
       
   449     $key = stg_generate_aes_key(true);
       
   450     $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
       
   451     $key = $aes->hextostring($key);
       
   452     $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
       
   453     $admin_user = mysql_real_escape_string($_POST['admin_user']);
       
   454     
       
   455     $q = @mysql_query("UPDATE {$_POST['table_prefix']}users SET password='$admin_pass' WHERE username='$admin_user';");
       
   456     if ( !$q )
       
   457     {
       
   458       echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
       
   459       return false;
       
   460     }
       
   461     
       
   462     return true;
       
   463   }
       
   464   
       
   465   // OK, do the loop, baby!!!
       
   466   foreach($schema as $q)
       
   467   {
       
   468     $r = mysql_query($q, $conn);
       
   469     if ( !$r )
       
   470     {
       
   471       echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
       
   472       return false;
       
   473     }
       
   474   }
       
   475   
       
   476   return true;
       
   477 }
       
   478 
       
   479 function stg_write_config()
       
   480 {
       
   481   $privkey = stg_generate_aes_key(true);
       
   482   
       
   483   switch($_POST['urlscheme'])
       
   484   {
       
   485     case "ugly":
       
   486     default:
       
   487       $cp = scriptPath.'/index.php?title=';
       
   488       break;
       
   489     case "short":
       
   490       $cp = scriptPath.'/index.php/';
       
   491       break;
       
   492     case "tiny":
       
   493       $cp = scriptPath.'/';
       
   494       break;
       
   495   }
       
   496   
       
   497   if ( $_POST['urlscheme'] == 'tiny' )
       
   498   {
       
   499     $contents = '# Begin Enano rules
       
   500 RewriteEngine on
       
   501 RewriteCond %{REQUEST_FILENAME} !-d
       
   502 RewriteCond %{REQUEST_FILENAME} !-f
       
   503 RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA]
       
   504 RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L]
       
   505 # End Enano rules
       
   506 ';
       
   507     if ( file_exists('./.htaccess') )
       
   508       $ht = fopen(ENANO_ROOT.'/.htaccess', 'a+');
       
   509     else
       
   510       $ht = fopen(ENANO_ROOT.'/.htaccess.new', 'w');
       
   511     if ( !$ht )
       
   512       return false;
       
   513     fwrite($ht, $contents);
       
   514     fclose($ht);
       
   515   }
       
   516 
       
   517   $config_file = '<?php
       
   518 /* Enano auto-generated configuration file - editing not recommended! */
       
   519 $dbhost   = \''.addslashes($_POST['db_host']).'\';
       
   520 $dbname   = \''.addslashes($_POST['db_name']).'\';
       
   521 $dbuser   = \''.addslashes($_POST['db_user']).'\';
       
   522 $dbpasswd = \''.addslashes($_POST['db_pass']).'\';
       
   523 if ( !defined(\'ENANO_CONSTANTS\') )
       
   524 {
       
   525 define(\'ENANO_CONSTANTS\', \'\');
       
   526 define(\'table_prefix\', \''.addslashes($_POST['table_prefix']).'\');
       
   527 define(\'scriptPath\', \''.scriptPath.'\');
       
   528 define(\'contentPath\', \''.$cp.'\');
       
   529 define(\'ENANO_INSTALLED\', \'true\');
       
   530 }
       
   531 $crypto_key = \''.$privkey.'\';
       
   532 ?>';
       
   533 
       
   534   $cf_handle = fopen(ENANO_ROOT.'/config.new.php', 'w');
       
   535   if ( !$cf_handle )
       
   536     return false;
       
   537   fwrite($cf_handle, $config_file);
       
   538   
       
   539   fclose($cf_handle);
       
   540   
       
   541   return true;
       
   542 }
       
   543 
       
   544 function _stg_rename_config_revert()
       
   545 {
       
   546   if ( file_exists('./config.php') )
       
   547   {
       
   548     @rename('./config.php', './config.new.php');
       
   549   }
       
   550   
       
   551   $handle = @fopen('./config.php.new', 'w');
       
   552   if ( !$handle )
       
   553     return false;
       
   554   $contents = '<?php $cryptkey = \'' . _INSTRESUME_AES_KEYBACKUP . '\'; ?>';
       
   555   fwrite($handle, $contents);
       
   556   fclose($handle);
       
   557   return true;
       
   558 }
       
   559 
       
   560 function stg_rename_config()
       
   561 {
       
   562   if ( !@rename('./config.new.php', './config.php') )
       
   563   {
       
   564     echo '<p>Can\'t rename config.php</p>';
       
   565     _stg_rename_config_revert();
       
   566     return false;
       
   567   }
       
   568   
       
   569   if ( $_POST['urlscheme'] == 'tiny' && !file_exists('./.htaccess') )
       
   570   {
       
   571     if ( !@rename('./.htaccess.new', './.htaccess') )
       
   572     {
       
   573       echo '<p>Can\'t rename .htaccess</p>';
       
   574       _stg_rename_config_revert();
       
   575       return false;
       
   576     }
       
   577   }
       
   578   return true;
       
   579 }
       
   580 
       
   581 function stg_start_api_success()
       
   582 {
       
   583   return true;
       
   584 }
       
   585 
       
   586 function stg_start_api_failure()
       
   587 {
       
   588   return false;
       
   589 }
       
   590 
       
   591 function stg_init_logs()
       
   592 {
       
   593   global $db, $session, $paths, $template, $plugins; // Common objects
       
   594   
       
   595   $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');');
       
   596   if ( !$q )
       
   597   {
       
   598     echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
       
   599     return false;
       
   600   }
       
   601   
       
   602   if ( !$session->get_permissions('clear_logs') )
       
   603   {
       
   604     echo '<p><tt>$session: denied clear_logs</tt></p>';
       
   605     return false;
       
   606   }
       
   607   
       
   608   PageUtils::flushlogs('Main_Page', 'Article');
       
   609   
       
   610   return true;
       
   611 }
    66 
   612 
    67 //die('Key size: ' . AES_BITS . '<br />Block size: ' . AES_BLOCKSIZE);
   613 //die('Key size: ' . AES_BITS . '<br />Block size: ' . AES_BLOCKSIZE);
    68 
   614 
    69 if(!function_exists('wikiFormat'))
   615 if(!function_exists('wikiFormat'))
    70 {
   616 {
   258   default:
   804   default:
   259     break;
   805     break;
   260 }
   806 }
   261 
   807 
   262 $template = new template_nodb();
   808 $template = new template_nodb();
   263 $template->load_theme('stpatty', 'shamrock', false);
   809 $template->load_theme('oxygen', 'bleu', false);
   264 
   810 
   265 $modestrings = Array(
   811 $modestrings = Array(
   266               'welcome' => 'Welcome',
   812               'welcome' => 'Welcome',
   267               'license' => 'License Agreement',
   813               'license' => 'License Agreement',
   268               'sysreqs' => 'Server requirements',
   814               'sysreqs' => 'Server requirements',
   311 { 
   857 { 
   312   default:
   858   default:
   313   case 'welcome':
   859   case 'welcome':
   314     ?>
   860     ?>
   315     <div style="text-align: center; margin-top: 10px;">
   861     <div style="text-align: center; margin-top: 10px;">
   316       <img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-green.png" style="display: block; margin: 0 auto; padding-left: 100px;" />
   862       <img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-blue.png" style="display: block; margin: 0 auto; padding-left: 100px;" />
   317       <h2>Welcome to Enano</h2>
   863       <h2>Welcome to Enano</h2>
   318       <h3>version 1.1.1 &ndash; unstable</h3>
   864       <h3>version 1.0.2 &ndash; stable<br />
       
   865       <span style="font-weight: normal;">also affectionately known as "coblynau" <tt>:)</tt></span></h3>
   319       <?php
   866       <?php
   320       if ( file_exists('./_nightly.php') )
   867       if ( file_exists('./_nightly.php') )
   321       {
   868       {
   322         echo '<div class="warning-box" style="text-align: left; margin: 10px 0;"><b>You are about to install a NIGHTLY BUILD of Enano.</b><br />Nightly builds are NOT upgradeable and may contain serious flaws, security problems, or extraneous debugging information. Installing this version of Enano on a production site is NOT recommended.</div>';
   869         echo '<div class="warning-box" style="text-align: left; margin: 10px 0;"><b>You are about to install a NIGHTLY BUILD of Enano.</b><br />Nightly builds are NOT upgradeable and may contain serious flaws, security problems, or extraneous debugging information. Installing this version of Enano on a production site is NOT recommended.</div>';
   323       }
   870       }
   387     run_test('return version_compare(\'4.3.0\', PHP_VERSION, \'<\');', 'PHP Version >=4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.');
   934     run_test('return version_compare(\'4.3.0\', PHP_VERSION, \'<\');', 'PHP Version >=4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.');
   388     run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.');
   935     run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.');
   389     run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".');
   936     run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".');
   390     run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true);
   937     run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true);
   391     //run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true);
   938     //run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true);
   392     run_test('return is_writable(ENANO_ROOT.\'/config.php\');', 'Configuration file writable', 'It looks like the configuration file, config.php, is not writable. Enano needs to be able to write to this file in order to install.<br /><br /><b>If you are installing Enano on a SourceForge web site:</b><br />SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.');
   939     run_test('return is_writable(ENANO_ROOT.\'/config.new.php\');', 'Configuration file writable', 'It looks like the configuration file, config.new.php, is not writable. Enano needs to be able to write to this file in order to install.<br /><br /><b>If you are installing Enano on a SourceForge web site:</b><br />SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.');
   393     run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the &lt;img&gt; tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.<br /><br />If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true);
   940     run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the &lt;img&gt; tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.<br /><br />If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true);
   394     run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true);
   941     run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true);
   395     run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true);
   942     run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true);
   396     echo '</table>';
   943     echo '</table>';
   397     if(!$failed)
   944     if(!$failed)
   400       
   947       
   401       <div class="pagenav">
   948       <div class="pagenav">
   402       <?php
   949       <?php
   403       if($warned) {
   950       if($warned) {
   404         echo '<table border="0" cellspacing="0" cellpadding="0">';
   951         echo '<table border="0" cellspacing="0" cellpadding="0">';
   405         run_test('return false;', 'Some scalebacks were made due to your server configuration.', 'Enano has detected that some of the features or configuration settings on your server are not optimal for the best behavior and/or performance for Enano. As a result, certain features or enhancements that are part of Enano have been disabled to prevent further errors. You have seen those "fatal error" notices that spew from PHP, haven\'t you?<br /><br />Fatal error:</b> call to undefined function wannahokaloogie() in file <b>'.__FILE__.'</b> on line <b>'.__LINE__.'', true);
   952         run_test('return false;', 'Some of the features of Enano have been turned off to accommodate your server.', 'Enano has detected that some of the features or configuration settings on your server are not optimal for the best behavior and/or performance for Enano. As a result, certain features or enhancements that are part of Enano have been disabled to prevent further errors. You have seen those "fatal error" notices that spew from PHP, haven\'t you?<br /><br />&nbsp;&nbsp;&nbsp;<tt>Fatal error:</tt></b><tt> call to undefined function wannahockaloogie() in file <b>'.__FILE__.'</b> on line </tt><b><tt>'.__LINE__.'</tt>', true);
   406         echo '</table>';
   953         echo '</table>';
   407       } else {
   954       } else {
   408         echo '<table border="0" cellspacing="0" cellpadding="0">';
   955         echo '<table border="0" cellspacing="0" cellpadding="0">';
   409         run_test('return true;', '<b>Your server meets all the requirements for running Enano.</b><br />Click the button below to continue the installation.', 'You should never see this text. Congratulations for being an Enano hacker!');
   956         run_test('return true;', '<b>Your server meets all the requirements for running Enano.</b><br />Click the button below to continue the installation.', 'You should never see this text. Congratulations for being an Enano hacker!');
   410         echo '</table>';
   957         echo '</table>';
   411       }
   958       }
   412       ?>
   959       ?>
   413        <form action="install.php?mode=database" method="post">
   960        <form action="install.php?mode=database" method="post">
   414          <table border="0">
   961          <table border="0">
   415          <tr>
   962          <tr>
   416          <td><input type="submit" value="Continue" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Ensure that you are satisfied with any scalebacks that may have been made to accomodate your server configuration<br />&bull; Have your database host, name, username, and password available</p></td>
   963          <td><input type="submit" value="Continue" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Review the list above to ensure that you are satisfied with any of Enano's workarounds for your server. If you need a particular feature and that feature is listed as disabled above, you should take the opportunity now to correct the problem.<br />&bull; Have your database host, name, username, and password available</p></td>
   417          </tr>
   964          </tr>
   418          </table>
   965          </table>
   419        </form>
   966        </form>
   420      </div>
   967      </div>
   421      <?php
   968      <?php
   576         else
  1123         else
   577         {
  1124         {
   578           document.getElementById('s_db_host').src='images/bad.gif';
  1125           document.getElementById('s_db_host').src='images/bad.gif';
   579           ret = false;
  1126           ret = false;
   580         }
  1127         }
   581         if(frm.db_name.value.match(/^([a-z0-9_]+)$/g))
  1128         if(frm.db_name.value.match(/^([a-z0-9_-]+)$/g))
   582         {
  1129         {
   583           document.getElementById('s_db_name').src='images/unknown.gif';
  1130           document.getElementById('s_db_name').src='images/unknown.gif';
   584         }
  1131         }
   585         else
  1132         else
   586         {
  1133         {
   636       echo '<p><b>MySQL login information for this virtual appliance:</b><br /><br />Database hostname: localhost<br />Database login: username "enano", password: "clurichaun" (without quotes)<br />Database name: enano_www1</p>';
  1183       echo '<p><b>MySQL login information for this virtual appliance:</b><br /><br />Database hostname: localhost<br />Database login: username "enano", password: "clurichaun" (without quotes)<br />Database name: enano_www1</p>';
   637     }
  1184     }
   638     ?>
  1185     ?>
   639     <form name="dbinfo" action="install.php?mode=website" method="post">
  1186     <form name="dbinfo" action="install.php?mode=website" method="post">
   640       <table border="0">
  1187       <table border="0">
   641         <tr><td colspan="3" style="text-align: center"><h3>Database information</h3></td></tr>
  1188         <tr>
   642         <tr><td><b>Database hostname</b><br />This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".<br /><span style="color: #993300" id="e_db_host"></span></td><td><input onkeyup="verify();" name="db_host" size="30" type="text" /></td><td><img id="s_db_host" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
  1189           <td colspan="3" style="text-align: center">
   643         <tr><td><b>Database name</b><br />The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a MySQL user with administrative rights.<br /><span style="color: #993300" id="e_db_name"></span></td><td><input onkeyup="verify();" name="db_name" size="30" type="text" /></td><td><img id="s_db_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
  1190             <h3>Database information</h3>
   644         <tr><td rowspan="2"><b>Database login</b><br />These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace" privileges for your database.<br /><span style="color: #993300" id="e_db_auth"></span></td><td><input onkeyup="verify();" name="db_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_auth" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
  1191           </td>
   645         <tr><td><input name="db_pass" size="30" type="password" /></td></tr>
  1192         </tr>
   646         <tr><td colspan="3" style="text-align: center"><h3>Optional information</h3></td></tr>
  1193         <tr>
   647         <tr><td><b>Table prefix</b><br />The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), numbers (0-9), and underscores (_).</td><td><input onkeyup="verify();" name="table_prefix" size="30" type="text" /></td><td><img id="s_table_prefix" alt="Good/bad icon" src="images/good.gif" /></td></tr>
  1194           <td>
   648         <tr><td rowspan="2"><b>Database administrative login</b><br />If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the login information for an administrative user (such as root). Leave these fields blank unless you need to use them.<br /><span style="color: #993300" id="e_db_root"></span></td><td><input onkeyup="verify();" name="db_root_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_root" alt="Good/bad icon" src="images/good.gif" /></td></tr>
  1195             <b>Database hostname</b>
   649         <tr><td><input onkeyup="verify();" name="db_root_pass" size="30" type="password" /></td></tr>
  1196             <br />This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".
   650         <tr><td><b>MySQL version</b></td><td id="e_mysql_version">MySQL version information will be checked when you click "Test Connection".</td><td><img id="s_mysql_version" alt="Good/bad icon" src="images/unknown.gif" /></td></tr>
  1197             <br /><span style="color: #993300" id="e_db_host"></span>
   651         <tr><td><b>Delete existing tables?</b><br />If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do NOT use this option unless specifically instructed to.</td><td><input type="checkbox" name="drop_tables" id="dtcheck" />  <label for="dtcheck">Drop existing tables</label></td></tr>
  1198           </td>
   652         <tr><td colspan="3" style="text-align: center"><input type="button" value="Test connection" onclick="ajaxTestConnection();" /></td></tr>
  1199           <td>
       
  1200             <input onkeyup="verify();" name="db_host" size="30" type="text" />
       
  1201           </td>
       
  1202           <td>
       
  1203             <img id="s_db_host" alt="Good/bad icon" src="images/bad.gif" />
       
  1204           </td>
       
  1205         </tr>
       
  1206         <tr>
       
  1207           <td>
       
  1208             <b>Database name</b><br />
       
  1209             The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password
       
  1210             of a MySQL user with administrative rights.<br />
       
  1211             <span style="color: #993300" id="e_db_name"></span>
       
  1212           </td>
       
  1213           <td>
       
  1214             <input onkeyup="verify();" name="db_name" size="30" type="text" />
       
  1215           </td>
       
  1216           <td>
       
  1217             <img id="s_db_name" alt="Good/bad icon" src="images/bad.gif" />
       
  1218           </td>
       
  1219         </tr>
       
  1220         <tr>
       
  1221           <td rowspan="2">
       
  1222             <b>Database login</b><br />
       
  1223             These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace"
       
  1224             privileges for your database.<br />
       
  1225             <span style="color: #993300" id="e_db_auth"></span>
       
  1226           </td>
       
  1227           <td>
       
  1228             <input onkeyup="verify();" name="db_user" size="30" type="text" />
       
  1229           </td>
       
  1230           <td rowspan="2">
       
  1231             <img id="s_db_auth" alt="Good/bad icon" src="images/bad.gif" />
       
  1232           </td>
       
  1233         </tr>
       
  1234         <tr>
       
  1235           <td>
       
  1236             <input name="db_pass" size="30" type="password" />
       
  1237           </td>
       
  1238         </tr>
       
  1239         <tr>
       
  1240           <td colspan="3" style="text-align: center">
       
  1241             <h3>Optional information</h3>
       
  1242           </td>
       
  1243         </tr>
       
  1244         <tr>
       
  1245           <td>
       
  1246             <b>Table prefix</b><br />
       
  1247             The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z),
       
  1248             numbers (0-9), and underscores (_).
       
  1249           </td>
       
  1250           <td>
       
  1251             <input onkeyup="verify();" name="table_prefix" size="30" type="text" />
       
  1252           </td>
       
  1253           <td>
       
  1254             <img id="s_table_prefix" alt="Good/bad icon" src="images/good.gif" />
       
  1255           </td>
       
  1256         </tr>
       
  1257         <tr>
       
  1258           <td rowspan="2">
       
  1259             <b>Database administrative login</b><br />
       
  1260             If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the
       
  1261             login information for an administrative user (such as root). Leave these fields blank unless you need to use them.<br />
       
  1262             <span style="color: #993300" id="e_db_root"></span>
       
  1263           </td>
       
  1264           <td>
       
  1265             <input onkeyup="verify();" name="db_root_user" size="30" type="text" />
       
  1266           </td>
       
  1267           <td rowspan="2">
       
  1268             <img id="s_db_root" alt="Good/bad icon" src="images/good.gif" />
       
  1269           </td>
       
  1270         </tr>
       
  1271         <tr>
       
  1272           <td>
       
  1273             <input onkeyup="verify();" name="db_root_pass" size="30" type="password" />
       
  1274           </td>
       
  1275         </tr>
       
  1276         <tr>
       
  1277           <td>
       
  1278             <b>MySQL version</b>
       
  1279           </td>
       
  1280           <td id="e_mysql_version">
       
  1281             MySQL version information will be checked when you click "Test Connection".
       
  1282           </td>
       
  1283           <td>
       
  1284             <img id="s_mysql_version" alt="Good/bad icon" src="images/unknown.gif" />
       
  1285           </td>
       
  1286         </tr>
       
  1287         <tr>
       
  1288           <td>
       
  1289             <b>Delete existing tables?</b><br />
       
  1290             If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do
       
  1291             NOT use this option unless specifically instructed to.
       
  1292           </td>
       
  1293           <td>
       
  1294             <input type="checkbox" name="drop_tables" id="dtcheck" />  <label for="dtcheck">Drop existing tables</label>
       
  1295           </td>
       
  1296         </tr>
       
  1297         <tr>
       
  1298           <td colspan="3" style="text-align: center">
       
  1299             <input type="button" value="Test connection" onclick="ajaxTestConnection();" />
       
  1300           </td>
       
  1301         </tr>
   653       </table>
  1302       </table>
   654       <div class="pagenav">
  1303       <div class="pagenav">
   655        <table border="0">
  1304         <table border="0">
   656        <tr>
  1305         <tr>
   657        <td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Check your MySQL connection using the "Test Connection" button.<br />&bull; Be aware that your database information will be transmitted unencrypted several times.</p></td>
  1306           <td>
   658        </tr>
  1307             <input type="submit" value="Continue" onclick="return verify();" name="_cont" />
   659        </table>
  1308           </td>
   660      </div>
  1309           <td>
       
  1310             <p>
       
  1311               <span style="font-weight: bold;">Before continuing:</span><br />
       
  1312               &bull; Check your MySQL connection using the "Test Connection" button.<br />
       
  1313               &bull; Be aware that your database information will be transmitted unencrypted several times.
       
  1314             </p>
       
  1315           </td>
       
  1316         </tr>
       
  1317         </table>
       
  1318       </div>
   661     </form>
  1319     </form>
   662     <?php
  1320     <?php
   663     break;
  1321     break;
   664   case "website":
  1322   case "website":
   665     if(!isset($_POST['_cont'])) {
  1323     if(!isset($_POST['_cont'])) {
   666       echo 'No POST data signature found. Please <a href="install.php?mode=license">restart the installation</a>.';
  1324       echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
   667       $template->footer();
  1325       $template->footer();
   668       exit;
  1326       exit;
   669     }
  1327     }
   670     unset($_POST['_cont']);
  1328     unset($_POST['_cont']);
   671     ?>
  1329     ?>
   714           echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
  1372           echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
   715         }
  1373         }
   716       ?>
  1374       ?>
   717       <p>The next step is to enter some information about your website. You can always change this information later, using the administration panel.</p>
  1375       <p>The next step is to enter some information about your website. You can always change this information later, using the administration panel.</p>
   718       <table border="0">
  1376       <table border="0">
   719         <tr><td><b>Website name</b><br />The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".</td><td><input onkeyup="verify();" name="sitename" type="text" size="30" /></td><td><img id="s_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
  1377         <tr>
   720         <tr><td><b>Website description</b><br />This text will be shown below the name of your website.</td><td><input onkeyup="verify();" name="sitedesc" type="text" size="30" /></td><td><img id="s_desc" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
  1378           <td>
   721         <tr><td><b>Copyright info</b><br />This should be a one-line legal notice that will appear at the bottom of all your pages.</td><td><input onkeyup="verify();" name="copyright" type="text" size="30" /></td><td><img id="s_copyright" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
  1379             <b>Website name</b><br />
   722         <tr><td><b>Wiki mode</b><br />This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can protect pages to prevent editing.</td><td><input name="wiki_mode" type="checkbox" id="wmcheck" />  <label for="wmcheck">Yes, make my website a wiki.</label></td><td></td></tr>
  1380             The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not
   723         <tr><td><b>URL scheme</b><br />Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you don't know, select the first option, and you can always change it later.</td><td colspan="2"><input type="radio" <?php if(!is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="ugly" id="ugly">  <label for="ugly">Standard URLs - compatible with any web server (www.example.com/index.php?title=Page_name)</label><br /><input type="radio" <?php if(is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="short" id="short">  <label for="short">Short URLs - requires Apache with a PHP module (www.example.com/index.php/Page_name)</label><br /><input type="radio" name="urlscheme" value="tiny" id="petite">  <label for="petite">Tiny URLs - requires Apache on Linux/Unix/BSD with PHP module and mod_rewrite enabled (www.example.com/Page_name)</label></td></tr>
  1381             be blank or "Enano".
       
  1382           </td>
       
  1383           <td>
       
  1384             <input onkeyup="verify();" name="sitename" type="text" size="30" />
       
  1385           </td>
       
  1386           <td>
       
  1387             <img id="s_name" alt="Good/bad icon" src="images/bad.gif" />
       
  1388           </td>
       
  1389         </tr>
       
  1390         <tr>
       
  1391           <td>
       
  1392             <b>Website description</b><br />
       
  1393             This text will be shown below the name of your website.
       
  1394           </td>
       
  1395           <td>
       
  1396             <input onkeyup="verify();" name="sitedesc" type="text" size="30" />
       
  1397           </td>
       
  1398           <td>
       
  1399             <img id="s_desc" alt="Good/bad icon" src="images/bad.gif" />
       
  1400           </td>
       
  1401         </tr>
       
  1402         <tr>
       
  1403           <td>
       
  1404             <b>Copyright info</b><br />
       
  1405             This should be a one-line legal notice that will appear at the bottom of all your pages.
       
  1406           </td>
       
  1407           <td>
       
  1408             <input onkeyup="verify();" name="copyright" type="text" size="30" />
       
  1409           </td>
       
  1410           <td>
       
  1411             <img id="s_copyright" alt="Good/bad icon" src="images/bad.gif" />
       
  1412           </td>
       
  1413         </tr>
       
  1414         <tr>
       
  1415           <td>
       
  1416             <b>Wiki mode</b><br />
       
  1417             This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can
       
  1418             protect pages to prevent editing.
       
  1419           </td>
       
  1420           <td>
       
  1421             <input name="wiki_mode" type="checkbox" id="wmcheck" />  <label for="wmcheck">Yes, make my website a wiki.</label>
       
  1422           </td>
       
  1423           <td>
       
  1424             &nbsp;
       
  1425           </td>
       
  1426         </tr>
       
  1427         <tr>
       
  1428           <td>
       
  1429             <b>URL scheme</b><br />
       
  1430             Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you
       
  1431             don't know, select the first option, and you can always change it later.
       
  1432           </td>
       
  1433           <td colspan="2">
       
  1434             <input type="radio" <?php if(!is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="ugly" id="ugly"  />  <label for="ugly">Standard URLs - compatible with any web server (www.example.com/index.php?title=Page_name)</label><br />
       
  1435             <input type="radio" <?php if(is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="short" id="short" />  <label for="short">Short URLs - requires Apache with a PHP module (www.example.com/index.php/Page_name)</label><br />
       
  1436             <input type="radio" name="urlscheme" value="tiny" id="petite">  <label for="petite">Tiny URLs - requires Apache on Linux/Unix/BSD with PHP module and mod_rewrite enabled (www.example.com/Page_name)</label>
       
  1437           </td>
       
  1438         </tr>
   724       </table>
  1439       </table>
   725       <div class="pagenav">
  1440       <div class="pagenav">
   726        <table border="0">
  1441        <table border="0">
   727        <tr>
  1442          <tr>
   728        <td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Verify that your site information is correct. Again, all of the above settings can be changed from the administration panel.</p></td>
  1443            <td>
   729        </tr>
  1444              <input type="submit" value="Continue" onclick="return verify();" name="_cont" />
       
  1445            </td>
       
  1446            <td>
       
  1447              <p>
       
  1448                <span style="font-weight: bold;">Before clicking continue:</span><br />
       
  1449                &bull; Verify that your site information is correct. Again, all of the above settings can be changed from the administration
       
  1450                       panel.
       
  1451              </p>
       
  1452            </td>
       
  1453          </tr>
   730        </table>
  1454        </table>
   731      </div>
  1455      </div>
   732     </form>
  1456     </form>
   733     <?php
  1457     <?php
   734     break;
  1458     break;
   735   case "login":
  1459   case "login":
   736     if(!isset($_POST['_cont'])) {
  1460     if(!isset($_POST['_cont'])) {
   737       echo 'No POST data signature found. Please <a href="install.php?mode=license">restart the installation</a>.';
  1461       echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
   738       $template->footer();
  1462       $template->footer();
   739       exit;
  1463       exit;
   740     }
  1464     }
   741     unset($_POST['_cont']);
  1465     unset($_POST['_cont']);
   742     require('config.php');
  1466     require('config.new.php');
   743     $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
  1467     $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
   744     if ( isset($crypto_key) )
  1468     if ( isset($crypto_key) )
   745     {
  1469     {
   746       $cryptkey = $crypto_key;
  1470       $cryptkey = $crypto_key;
   747     }
  1471     }
   748     if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) )
  1472     if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) )
   749     {
  1473     {
   750       $cryptkey = $aes->gen_readymade_key();
  1474       $cryptkey = $aes->gen_readymade_key();
   751       $handle = @fopen(ENANO_ROOT.'/config.php', 'w');
  1475       $handle = @fopen(ENANO_ROOT.'/config.new.php', 'w');
   752       if(!$handle)
  1476       if(!$handle)
   753       {
  1477       {
   754         echo '<p>ERROR: Cannot open config.php for writing - exiting!</p>';
  1478         echo '<p>ERROR: Cannot open config.php for writing - exiting!</p>';
   755         $template->footer();
  1479         $template->footer();
   756         exit;
  1480         exit;
   757       }
  1481       }
   758       fwrite($handle, '<?php $cryptkey = \''.$cryptkey.'\'; ?>');
  1482       fwrite($handle, '<?php $cryptkey = \''.$cryptkey.'\'; ?>');
   759       fclose($handle);
  1483       fclose($handle);
   760     }
  1484     }
   761     ?>
  1485     // Sorry for the ugly hack, but this f***s up jEdit badly.
       
  1486     echo '
   762     <script type="text/javascript">
  1487     <script type="text/javascript">
   763       function verify()
  1488       function verify()
   764       {
  1489       {
   765         var frm = document.forms.login;
  1490         var frm = document.forms.login;
   766         ret = true;
  1491         ret = true;
   767         if ( frm.admin_user.value.match(/^([A-z0-9 \-\.]+)$/g) && !frm.admin_user.value.match(/^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$/) && frm.admin_user.value.toLowerCase() != 'anonymous' )
  1492         if ( frm.admin_user.value.match(/^([A-z0-9 \\-\\.]+)$/) && !frm.admin_user.value.match(/^(?:(?:\\d{1,2}|1\\d\\d|2[0-4]\\d|25[0-5])\\.){3}(?:\\d{1,2}|1\\d\\d|2[0-4]\\d|25[0-5])$/) && frm.admin_user.value.toLowerCase() != \'anonymous\' )
   768         {
  1493         {
   769           document.getElementById('s_user').src = 'images/good.gif';
  1494           document.getElementById(\'s_user\').src = \'images/good.gif\';
   770         }
  1495         }
   771         else
  1496         else
   772         {
  1497         {
   773           document.getElementById('s_user').src = 'images/bad.gif';
  1498           document.getElementById(\'s_user\').src = \'images/bad.gif\';
   774           ret = false;
  1499           ret = false;
   775         }
  1500         }
   776         if(frm.admin_pass.value.length >= 6 && frm.admin_pass.value == frm.admin_pass_confirm.value)
  1501         if(frm.admin_pass.value.length >= 6 && frm.admin_pass.value == frm.admin_pass_confirm.value)
   777         {
  1502         {
   778           document.getElementById('s_password').src = 'images/good.gif';
  1503           document.getElementById(\'s_password\').src = \'images/good.gif\';
   779         }
  1504         }
   780         else
  1505         else
   781         {
  1506         {
   782           document.getElementById('s_password').src = 'images/bad.gif';
  1507           document.getElementById(\'s_password\').src = \'images/bad.gif\';
   783           ret = false;
  1508           ret = false;
   784         }
  1509         }
   785         if(frm.admin_email.value.match(/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/))
  1510         if(frm.admin_email.value.match(/^(?:[\\w\\d]+\\.?)+@(?:(?:[\\w\\d]\\-?)+\\.)+\\w{2,4}$/))
   786         {
  1511         {
   787           document.getElementById('s_email').src = 'images/good.gif';
  1512           document.getElementById(\'s_email\').src = \'images/good.gif\';
   788         }
  1513         }
   789         else
  1514         else
   790         {
  1515         {
   791           document.getElementById('s_email').src = 'images/bad.gif';
  1516           document.getElementById(\'s_email\').src = \'images/bad.gif\';
   792           ret = false;
  1517           ret = false;
   793         }
  1518         }
   794         if(ret) frm._cont.disabled = false;
  1519         if(ret) frm._cont.disabled = false;
   795         else    frm._cont.disabled = true;
  1520         else    frm._cont.disabled = true;
   796         return ret;
  1521         return ret;
   800       function cryptdata() 
  1525       function cryptdata() 
   801       {
  1526       {
   802         if(!verify()) return false;
  1527         if(!verify()) return false;
   803       }
  1528       }
   804     </script>
  1529     </script>
       
  1530     ';
       
  1531     ?>
   805     <form name="login" action="install.php?mode=confirm" method="post" onsubmit="runEncryption();">
  1532     <form name="login" action="install.php?mode=confirm" method="post" onsubmit="runEncryption();">
   806       <?php
  1533       <?php
   807         $k = array_keys($_POST);
  1534         $k = array_keys($_POST);
   808         for($i=0;$i<sizeof($_POST);$i++) {
  1535         for($i=0;$i<sizeof($_POST);$i++) {
   809           echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
  1536           echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
   810         }
  1537         }
   811       ?>
  1538       ?>
   812       <p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
  1539       <p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
   813       <table border="0">
  1540       <table border="0">
   814         <tr><td><b>Administration username</b><br /><small>The administration username you will use to log into your site.<br />This cannot be "anonymous" or in the form of an IP address.</small></td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
  1541         <tr>
   815         <tr><td>Administration password:</td><td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td><td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
  1542           <td><b>Administration username</b><br /><small>The administration username you will use to log into your site.<br />This cannot be "anonymous" or in the form of an IP address.</small></td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td>
   816         <tr><td>Enter it again to confirm:</td><td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td></tr>
  1543         </tr>
   817         <tr><td>Your e-mail address:</td><td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td><td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
  1544         <tr>
       
  1545           <td>Administration password:</td>
       
  1546           <td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td>
       
  1547           <td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td>
       
  1548         </tr>
       
  1549         <tr>
       
  1550           <td>Enter it again to confirm:</td>
       
  1551           <td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td>
       
  1552         </tr>
       
  1553         <tr>
       
  1554           <td>Your e-mail address:</td>
       
  1555           <td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td>
       
  1556           <td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td>
       
  1557         </tr>
   818         <tr>
  1558         <tr>
   819           <td>
  1559           <td>
   820             Allow administrators to embed PHP code into pages:<br />
  1560             Allow administrators to embed PHP code into pages:<br />
   821             <small><span style="color: #D84308">Do not under any circumstances enable this option without reading these
  1561             <small><span style="color: #D84308">Do not under any circumstances enable this option without reading these
   822                    <a href="install.php?mode=pophelp&amp;topic=admin_embed_php"
  1562                    <a href="install.php?mode=pophelp&amp;topic=admin_embed_php"
   832         </tr>
  1572         </tr>
   833         <tr><td colspan="3">If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.</td></tr>
  1573         <tr><td colspan="3">If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.</td></tr>
   834       </table>
  1574       </table>
   835       <div class="pagenav">
  1575       <div class="pagenav">
   836        <table border="0">
  1576        <table border="0">
   837        <tr>
  1577          <tr>
   838        <td><input type="submit" value="Continue" onclick="return cryptdata();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Remember the username and password you enter here! You will not be able to administer your site without the information you enter on this page.</p></td>
  1578            <td>
   839        </tr>
  1579              <input type="submit" value="Continue" onclick="return cryptdata();" name="_cont" />
       
  1580            </td>
       
  1581            <td>
       
  1582              <p>
       
  1583                <span style="font-weight: bold;">Before clicking continue:</span><br />
       
  1584                &bull; Remember the username and password you enter here! You will not be able to administer your site without the
       
  1585                information you enter on this page.
       
  1586              </p>
       
  1587            </td>
       
  1588          </tr>
   840        </table>
  1589        </table>
   841       </div>
  1590       </div>
   842       <div id="cryptdebug"></div>
  1591       <div id="cryptdebug"></div>
   843      <input type="hidden" name="use_crypt" value="no" />
  1592       <input type="hidden" name="use_crypt" value="no" />
   844      <input type="hidden" name="crypt_key" value="<?php echo $cryptkey; ?>" />
  1593       <input type="hidden" name="crypt_key" value="<?php echo $cryptkey; ?>" />
   845      <input type="hidden" name="crypt_data" value="" />
  1594       <input type="hidden" name="crypt_data" value="" />
   846     </form>
  1595     </form>
   847     <script type="text/javascript">
  1596     <script type="text/javascript">
   848     // <![CDATA[
  1597     // <![CDATA[
       
  1598       var frm = document.forms.login;
   849       frm.admin_user.focus();
  1599       frm.admin_user.focus();
   850       function runEncryption()
  1600       function runEncryption()
   851       {
  1601       {
   852         str = '';
  1602         str = '';
   853         for(i=0;i<keySizeInBits/4;i++) str+='0';
  1603         for(i=0;i<keySizeInBits/4;i++) str+='0';
   916     </script>
  1666     </script>
   917     <?php
  1667     <?php
   918     break;
  1668     break;
   919   case "confirm":
  1669   case "confirm":
   920     if(!isset($_POST['_cont'])) {
  1670     if(!isset($_POST['_cont'])) {
   921       echo 'No POST data signature found. Please <a href="install.php?mode=license">restart the installation</a>.';
  1671       echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
   922       $template->footer();
  1672       $template->footer();
   923       exit;
  1673       exit;
   924     }
  1674     }
   925     unset($_POST['_cont']);
  1675     unset($_POST['_cont']);
   926     ?>
  1676     ?>
   966        !isset($_POST['admin_pass']) ||
  1716        !isset($_POST['admin_pass']) ||
   967        !isset($_POST['admin_embed_php']) || ( isset($_POST['admin_embed_php']) && !in_array($_POST['admin_embed_php'], array('2', '4')) ) ||
  1717        !isset($_POST['admin_embed_php']) || ( isset($_POST['admin_embed_php']) && !in_array($_POST['admin_embed_php'], array('2', '4')) ) ||
   968        !isset($_POST['urlscheme'])
  1718        !isset($_POST['urlscheme'])
   969        )
  1719        )
   970     {
  1720     {
   971       echo 'The installer has detected that one or more required form values is not set. Please <a href="install.php?mode=license">restart the installation</a>.';
  1721       echo 'The installer has detected that one or more required form values is not set. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
   972       $template->footer();
  1722       $template->footer();
   973       exit;
  1723       exit;
   974     }
  1724     }
   975     switch($_POST['urlscheme'])
  1725     switch($_POST['urlscheme'])
   976     {
  1726     {
   985         $cp = scriptPath.'/';
  1735         $cp = scriptPath.'/';
   986         break;
  1736         break;
   987     }
  1737     }
   988     function err($t) { global $template; echo $t; $template->footer(); exit; }
  1738     function err($t) { global $template; echo $t; $template->footer(); exit; }
   989     
  1739     
   990       echo 'Connecting to MySQL...';
  1740     // $stages = array('connect', 'decrypt', 'genkey', 'parse', 'sql', 'writeconfig', 'renameconfig', 'startapi', 'initlogs');
   991       if($_POST['db_root_user'] != '')
  1741     
   992       {
  1742     if ( !preg_match('/^[a-z0-9_]*$/', $_POST['table_prefix']) )
   993         $conn = mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
  1743       err('Hacking attempt was detected in table_prefix.');
   994         if(!$conn) err('Error connecting to MySQL: '.mysql_error());
  1744     
   995         $q = mysql_query('USE '.$_POST['db_name']);
  1745       start_install_table();
   996         if(!$q)
  1746       // The stages connect, decrypt, genkey, and parse are preprocessing and don't do any actual data modification.
   997         {
  1747       // Thus, they need to be run on each retry, e.g. never skipped.
   998           $q = mysql_query('CREATE DATABASE '.$_POST['db_name']);
  1748       run_installer_stage('connect', 'Connect to MySQL', 'stg_mysql_connect', 'MySQL denied our attempt to connect to the database. This is most likely because your login information was incorrect. You will most likely need to <a href="install.php?mode=license">restart the installation</a>.', false);
   999           if(!$q) err('Error initializing database: '.mysql_error());
  1749       if ( isset($_POST['drop_tables']) )
  1000         }
  1750       {
  1001         $q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'localhost\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;');
  1751         // Are we supposed to drop any existing tables? If so, do it now
  1002         if(!$q) err('Could not create the user account');
  1752         run_installer_stage('drop', 'Drop existing Enano tables', 'stg_drop_tables', 'This step never returns failure');
  1003         $q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'%\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;');
  1753       }
  1004         if(!$q) err('Could not create the user account');
  1754       run_installer_stage('decrypt', 'Decrypt administration password', 'stg_decrypt_admin_pass', 'The administration password you entered couldn\'t be decrypted. It is possible that your server did not properly store the encryption key in the configuration file. Please check the file permissions on config.new.php. You may have to return to the login stage of the installation, clear your browser cache, and then rerun this installation.', false);
  1005         mysql_close($conn);
  1755       run_installer_stage('genkey', 'Generate ' . AES_BITS . '-bit AES private key', 'stg_generate_aes_key', 'Enano encountered an internal error while generating the site encryption key. Please contact the Enano team for support.', false);
  1006       }
  1756       run_installer_stage('parse', 'Prepare to execute schema file', 'stg_parse_schema', 'Enano encountered an internal error while parsing the SQL file that contains the database structure and initial data. Please contact the Enano team for support.', false);
  1007       $conn = mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
  1757       run_installer_stage('sql', 'Execute installer schema', 'stg_install', 'The installation failed because an SQL query wasn\'t quite correct. It is possible that you entered malformed data into a form field, or there may be a bug in Enano with your version of MySQL. Please contact the Enano team for support.', false);
  1008       if(!$conn) err('Error connecting to MySQL: '.mysql_error());
  1758       run_installer_stage('writeconfig', 'Write configuration files', 'stg_write_config', 'Enano was unable to write the configuration file with your site\'s database credentials. This is almost always because your configuration file does not have the correct permissions. On Windows servers, you may see this message even if the check on the System Requirements page passed. Temporarily running IIS as the Administrator user may help.');
  1009       $q = mysql_query('USE '.$_POST['db_name']);
  1759       run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. On some UNIX systems, you need to CHMOD the directory with your Enano files to 777 in order for this stage to succeed.');
  1010       if(!$q) err('Error selecting database: '.mysql_error());
       
  1011       echo 'done!<br />';
       
  1012       
  1760       
  1013       // Are we supposed to drop any existing tables? If so, do it now
  1761       // Mainstream installation complete - Enano should be usable now
  1014       if(isset($_POST['drop_tables']))
  1762       // The stage of starting the API is special because it has to be called out of function context.
  1015       {
  1763       // To alleviate this, we have two functions, one that returns success and one that returns failure
  1016         echo 'Dropping existing Enano tables...';
  1764       // If the Enano API load is successful, the success function is called to report the action to the user
  1017         // Our list of tables included in Enano
  1765       // If unsuccessful, the failure report is sent
  1018         $tables = Array( 'mdg_categories', 'mdg_comments', 'mdg_config', 'mdg_logs', 'mdg_page_text', 'mdg_session_keys', 'mdg_pages', 'mdg_users', 'mdg_users_extra', 'mdg_themes', 'mdg_buddies', 'mdg_banlist', 'mdg_files', 'mdg_privmsgs', 'mdg_sidebar', 'mdg_hits', 'mdg_search_index', 'mdg_groups', 'mdg_group_members', 'mdg_acl', 'mdg_search_cache', 'mdg_tags', 'mdg_page_groups', 'mdg_page_group_members' );
       
  1019         $tables = implode(', ', $tables);
       
  1020         $tables = str_replace('mdg_', $_POST['table_prefix'], $tables);
       
  1021         $query_of_death = 'DROP TABLE '.$tables.';';
       
  1022         mysql_query($query_of_death); // We won't check for errors here because if this operation fails it probably means the tables didn't exist
       
  1023         echo 'done!<br />';
       
  1024       }
       
  1025       
       
  1026       $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
       
  1027       
       
  1028       echo 'Decrypting administration password...';
       
  1029       
       
  1030       $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
       
  1031       
       
  1032       if ( !empty($_POST['crypt_data']) )
       
  1033       {
       
  1034         require('config.php');
       
  1035         if ( !isset($cryptkey) )
       
  1036         {
       
  1037           echo 'failed!<br />Cannot get the key from config.php';
       
  1038           break;
       
  1039         }
       
  1040         $key = hexdecode($cryptkey);
       
  1041         
       
  1042         $dec = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
       
  1043         
       
  1044       }
       
  1045       else
       
  1046       {
       
  1047         $dec = $_POST['admin_pass'];
       
  1048       }
       
  1049       echo 'done!<br />Generating '.AES_BITS.'-bit AES private key...';
       
  1050       $privkey = $aes->gen_readymade_key();
       
  1051       $pkba = hexdecode($privkey);
       
  1052       $encpass = $aes->encrypt($dec, $pkba, ENC_HEX);
       
  1053       
       
  1054       echo 'done!<br />Preparing for schema execution...';
       
  1055       $schema = file_get_contents('schema.sql');
       
  1056       $schema = str_replace('{{SITE_NAME}}',    mysql_real_escape_string($_POST['sitename']   ), $schema);
       
  1057       $schema = str_replace('{{SITE_DESC}}',    mysql_real_escape_string($_POST['sitedesc']   ), $schema);
       
  1058       $schema = str_replace('{{COPYRIGHT}}',    mysql_real_escape_string($_POST['copyright']  ), $schema);
       
  1059       $schema = str_replace('{{ADMIN_USER}}',   mysql_real_escape_string($_POST['admin_user'] ), $schema);
       
  1060       $schema = str_replace('{{ADMIN_PASS}}',   mysql_real_escape_string($encpass             ), $schema);
       
  1061       $schema = str_replace('{{ADMIN_EMAIL}}',  mysql_real_escape_string($_POST['admin_email']), $schema);
       
  1062       $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff          ), $schema);
       
  1063       $schema = str_replace('{{REAL_NAME}}',    '',                                              $schema);
       
  1064       $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'],                          $schema);
       
  1065       $schema = str_replace('{{VERSION}}',      ENANO_VERSION,                                   $schema);
       
  1066       $schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'],                    $schema);
       
  1067       // Not anymore!! :-D
       
  1068       // $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION,                              $schema);
       
  1069       
       
  1070       if(isset($_POST['wiki_mode']))
       
  1071       {
       
  1072         $schema = str_replace('{{WIKI_MODE}}', '1', $schema);
       
  1073       }
       
  1074       else
       
  1075       {
       
  1076         $schema = str_replace('{{WIKI_MODE}}', '0', $schema);
       
  1077       }
       
  1078       
       
  1079       // Build an array of queries      
       
  1080       $schema = explode("\n", $schema);
       
  1081       
       
  1082       foreach ( $schema as $i => $sql )
       
  1083       {
       
  1084         $query =& $schema[$i];
       
  1085         $t = trim($query);
       
  1086         if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
       
  1087         {
       
  1088           unset($schema[$i]);
       
  1089           unset($query);
       
  1090         }
       
  1091       }
       
  1092       
       
  1093       $schema = array_values($schema);
       
  1094       $schema = implode("\n", $schema);
       
  1095       $schema = explode(";\n", $schema);
       
  1096       
       
  1097       foreach ( $schema as $i => $sql )
       
  1098       {
       
  1099         $query =& $schema[$i];
       
  1100         if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' )
       
  1101         {
       
  1102           $query .= ';';
       
  1103         }
       
  1104       }
       
  1105       
       
  1106       // echo '<pre>' . htmlspecialchars(print_r($schema, true)) . '</pre>';
       
  1107       // break;
       
  1108       
       
  1109       echo 'done!<br />Executing schema.sql...';
       
  1110       
       
  1111       // OK, do the loop, baby!!!
       
  1112       foreach($schema as $q)
       
  1113       {
       
  1114         $r = mysql_query($q, $conn);
       
  1115         if(!$r) err('Error during mainstream installation: '.mysql_error());
       
  1116       }
       
  1117       
       
  1118       echo 'done!<br />Writing configuration files...';
       
  1119       if($_POST['urlscheme']=='tiny')
       
  1120       {
       
  1121         $ht = fopen(ENANO_ROOT.'/.htaccess', 'a+');
       
  1122         if(!$ht) err('Error opening file .htaccess for writing');
       
  1123         fwrite($ht, '
       
  1124 RewriteEngine on
       
  1125 RewriteCond %{REQUEST_FILENAME} !-d
       
  1126 RewriteCond %{REQUEST_FILENAME} !-f
       
  1127 RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA]
       
  1128 RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L]
       
  1129 ');
       
  1130         fclose($ht);
       
  1131       }
       
  1132   
       
  1133       $config_file = '<?php
       
  1134 /* Enano auto-generated configuration file - editing not recommended! */
       
  1135 $dbhost   = \''.addslashes($_POST['db_host']).'\';
       
  1136 $dbname   = \''.addslashes($_POST['db_name']).'\';
       
  1137 $dbuser   = \''.addslashes($_POST['db_user']).'\';
       
  1138 $dbpasswd = \''.addslashes($_POST['db_pass']).'\';
       
  1139 if(!defined(\'ENANO_CONSTANTS\')) {
       
  1140 define(\'ENANO_CONSTANTS\', \'\');
       
  1141 define(\'table_prefix\', \''.$_POST['table_prefix'].'\');
       
  1142 define(\'scriptPath\', \''.scriptPath.'\');
       
  1143 define(\'contentPath\', \''.$cp.'\');
       
  1144 define(\'ENANO_INSTALLED\', \'true\');
       
  1145 }
       
  1146 $crypto_key = \''.$privkey.'\';
       
  1147 ?>';
       
  1148 
       
  1149       $cf_handle = fopen(ENANO_ROOT.'/config.php', 'w');
       
  1150       if(!$cf_handle) err('Couldn\'t open file config.php for writing');
       
  1151       fwrite($cf_handle, $config_file);
       
  1152       fclose($cf_handle);
       
  1153       
       
  1154       echo 'done!<br />Starting the Enano API...';
       
  1155       
  1766       
  1156       $template_bak = $template;
  1767       $template_bak = $template;
  1157       
  1768       
  1158       // Get Enano loaded
       
  1159       $_GET['title'] = 'Main_Page';
  1769       $_GET['title'] = 'Main_Page';
  1160       require('includes/common.php');
  1770       require('includes/common.php');
  1161       
  1771       
       
  1772       if ( is_object($db) && is_object($session) )
       
  1773       {
       
  1774         run_installer_stage('startapi', 'Start the Enano API', 'stg_start_api_success', '...', false);
       
  1775       }
       
  1776       else
       
  1777       {
       
  1778         run_installer_stage('startapi', 'Start the Enano API', 'stg_start_api_failure', 'The Enano API could not be started. This is an error that should never occur; please contact the Enano team for support.', false);
       
  1779       }
       
  1780       
  1162       // We need to be logged in (with admin rights) before logs can be flushed
  1781       // We need to be logged in (with admin rights) before logs can be flushed
  1163       $session->login_without_crypto($_POST['admin_user'], $dec, false);
  1782       $admin_password = stg_decrypt_admin_pass(true);
       
  1783       $session->login_without_crypto($_POST['admin_user'], $admin_password, false);
  1164       
  1784       
  1165       // Now that login cookies are set, initialize the session manager and ACLs
  1785       // Now that login cookies are set, initialize the session manager and ACLs
  1166       $session->start();
  1786       $session->start();
  1167       $paths->init();
  1787       $paths->init();
  1168       
  1788       
       
  1789       run_installer_stage('initlogs', 'Initialize logs', 'stg_init_logs', '<b>The session manager denied the request to flush logs for the main page.</b><br />
       
  1790                            While under most circumstances you can still <a href="install.php?mode=finish">finish the installation</a>, you should be aware that some servers cannot
       
  1791                            properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose
       
  1792                            to finish the installation, please be aware that you may be unable to log into your site.');
       
  1793       close_install_table();
       
  1794       
  1169       unset($template);
  1795       unset($template);
  1170       $template =& $template_bak;
  1796       $template =& $template_bak;
  1171       
  1797     
  1172       echo 'done!<br />Initializing logs...';
  1798       echo '<h3>Installation of Enano is complete.</h3><p>Review any warnings above, and then <a href="install.php?mode=finish">click here to finish the installation</a>.';
  1173       
       
  1174       $q = $db->sql_query('INSERT INTO ' . $_POST['table_prefix'] . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');', $conn);
       
  1175       if ( !$q )
       
  1176         err('Error setting up logs: '.$db->get_error());
       
  1177       
       
  1178       if ( !$session->get_permissions('clear_logs') )
       
  1179       {
       
  1180         echo '<br />Error: session manager won\'t permit flushing logs, these is a bug.';
       
  1181         break;
       
  1182       }
       
  1183       
       
  1184       // unset($session);
       
  1185       // $session = new sessionManager();
       
  1186       // $session->start();
       
  1187       
       
  1188       PageUtils::flushlogs('Main_Page', 'Article');
       
  1189       
       
  1190       echo 'done!<h3>Installation of Enano is complete.</h3><p>Review any warnings above, and then <a href="install.php?mode=finish">click here to finish the installation</a>.';
       
  1191       
  1799       
  1192       // echo '<script type="text/javascript">window.location="'.scriptPath.'/install.php?mode=finish";</script>';
  1800       // echo '<script type="text/javascript">window.location="'.scriptPath.'/install.php?mode=finish";</script>';
  1193       
  1801       
  1194     break;
  1802     break;
  1195   case "finish":
  1803   case "finish":