install/includes/payloads/common.php
changeset 348 87e08a6e4fec
equal deleted inserted replaced
347:299a90e28abc 348:87e08a6e4fec
       
     1 <?php
       
     2 
       
     3 /*
       
     4  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
       
     5  * Version 1.1.1
       
     6  * Copyright (C) 2006-2007 Dan Fuhry
       
     7  * Installation package
       
     8  * payloads/common.php - Installer payload, common stages
       
     9  *
       
    10  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
       
    11  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
       
    12  *
       
    13  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
       
    14  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
       
    15  */
       
    16 
       
    17 if ( !defined('IN_ENANO_INSTALL') )
       
    18   die();
       
    19 
       
    20 return true;
       
    21 
       
    22 function stg_sim_good()
       
    23 {
       
    24   return true;
       
    25 }
       
    26 
       
    27 function stg_sim_bad()
       
    28 {
       
    29   return true;
       
    30 }
       
    31 
       
    32 function stg_password_decode()
       
    33 {
       
    34   global $db;
       
    35   static $pass = false;
       
    36   
       
    37   if ( $pass )
       
    38     return $pass;
       
    39   
       
    40   if ( !isset($_POST['crypt_data']) && !empty($_POST['password']) && $_POST['password'] === $_POST['password_confirm'] )
       
    41     $pass = $_POST['password'];
       
    42   
       
    43   $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
       
    44   // retrieve encryption key
       
    45   $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name=\'install_aes_key\';');
       
    46   if ( !$q )
       
    47     $db->_die();
       
    48   if ( $db->numrows() < 1 )
       
    49     return false;
       
    50   list($aes_key) = $db->fetchrow_num();
       
    51   $aes_key = $aes->hextostring($aes_key);
       
    52   
       
    53   $pass = $aes->decrypt($_POST['crypt_data'], $aes_key, ENC_HEX);
       
    54   if ( !$pass )
       
    55     return false;
       
    56   
       
    57   return $pass; // Will be true if the password isn't crapped
       
    58 }
       
    59 
       
    60 function stg_make_private_key()
       
    61 {
       
    62   global $db;
       
    63   static $site_key = false;
       
    64   
       
    65   if ( $site_key )
       
    66     return $site_key;
       
    67   
       
    68   // Is there already a key cached in the database?
       
    69   $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name=\'site_aes_key\';');
       
    70   if ( !$q )
       
    71     $db->_die();
       
    72   
       
    73   if ( $db->numrows() > 0 )
       
    74   {
       
    75     list($site_key) = $db->fetchrow_num();
       
    76     $db->free_result();
       
    77     return $site_key;
       
    78   }
       
    79   
       
    80   $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
       
    81   // This will use /dev/urandom if possible
       
    82   $site_key = $aes->gen_readymade_key();
       
    83   
       
    84   // Stash it in the database, don't check for errors though because we can always regenerate it
       
    85   $db->sql_query('INSERT INTO ' . table_prefix . 'config ( config_name, config_value ) VALUES ( \'site_aes_key\', \'' . $site_key . '\' );');
       
    86   
       
    87   return $site_key;
       
    88 }
       
    89 
       
    90 function stg_load_schema()
       
    91 {
       
    92   global $db, $dbdriver, $installer_version;
       
    93   static $sql_parser = false;
       
    94   
       
    95   if ( is_object($sql_parser) )
       
    96     return $sql_parser->parse();
       
    97   
       
    98   $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
       
    99   
       
   100   $site_key = stg_make_private_key();
       
   101   $site_key = $aes->hextostring($site_key);
       
   102   $admin_pass_clean = stg_password_decode();
       
   103   $admin_pass = $aes->encrypt($admin_pass_clean, $site_key, ENC_HEX);
       
   104   
       
   105   unset($admin_pass_clean); // Security
       
   106   
       
   107   try
       
   108   {
       
   109     $sql_parser = new SQL_Parser( ENANO_ROOT . "/install/schemas/{$dbdriver}_stage2.sql" );
       
   110   }
       
   111   catch ( Exception $e )
       
   112   {
       
   113     echo "<pre>$e</pre>";
       
   114     return false;
       
   115   }
       
   116   
       
   117   $vars = array(
       
   118       'TABLE_PREFIX'         => $_POST['table_prefix'],
       
   119       'SITE_NAME'            => $db->escape($_POST['site_name']),
       
   120       'SITE_DESC'            => $db->escape($_POST['site_desc']),
       
   121       'COPYRIGHT'            => $db->escape($_POST['copyright']),
       
   122       // FIXME: update form
       
   123       'WIKI_MODE'            => ( isset($_POST['wiki_mode']) ? '1' : '0' ),
       
   124       'ENABLE_CACHE'         => ( is_writable( ENANO_ROOT . '/cache/' ) ? '1' : '0' ),
       
   125       'VERSION'              => $installer_version['version'],
       
   126       'ADMIN_USER'           => $db->escape($_POST['username']),
       
   127       'ADMIN_PASS'           => $admin_pass,
       
   128       'ADMIN_EMAIL'          => $db->escape($_POST['email']),
       
   129       'REAL_NAME'            => '', // This has always been stubbed.
       
   130       'ADMIN_EMBED_PHP'      => strval(AUTH_DISALLOW),
       
   131       'UNIX_TIME'            => strval(time())
       
   132     );
       
   133   
       
   134   $sql_parser->assign_vars($vars);
       
   135   return $sql_parser->parse();
       
   136 }
       
   137 
       
   138 function stg_deliver_payload()
       
   139 {
       
   140   global $db;
       
   141   $schema = stg_load_schema();
       
   142   foreach ( $schema as $sql )
       
   143   {
       
   144     if ( !$db->sql_query($sql) )
       
   145     {
       
   146       echo $db->get_error();
       
   147       return false;
       
   148     }
       
   149   }
       
   150   return true;
       
   151 }
       
   152