|
1 <?php |
|
2 |
|
3 /* |
|
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
5 * Version 1.1.1 |
|
6 * Copyright (C) 2006-2007 Dan Fuhry |
|
7 * Installation package |
|
8 * payloads/common.php - Installer payload, common stages |
|
9 * |
|
10 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
11 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
12 * |
|
13 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
14 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
15 */ |
|
16 |
|
17 if ( !defined('IN_ENANO_INSTALL') ) |
|
18 die(); |
|
19 |
|
20 return true; |
|
21 |
|
22 function stg_sim_good() |
|
23 { |
|
24 return true; |
|
25 } |
|
26 |
|
27 function stg_sim_bad() |
|
28 { |
|
29 return true; |
|
30 } |
|
31 |
|
32 function stg_password_decode() |
|
33 { |
|
34 global $db; |
|
35 static $pass = false; |
|
36 |
|
37 if ( $pass ) |
|
38 return $pass; |
|
39 |
|
40 if ( !isset($_POST['crypt_data']) && !empty($_POST['password']) && $_POST['password'] === $_POST['password_confirm'] ) |
|
41 $pass = $_POST['password']; |
|
42 |
|
43 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
|
44 // retrieve encryption key |
|
45 $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name=\'install_aes_key\';'); |
|
46 if ( !$q ) |
|
47 $db->_die(); |
|
48 if ( $db->numrows() < 1 ) |
|
49 return false; |
|
50 list($aes_key) = $db->fetchrow_num(); |
|
51 $aes_key = $aes->hextostring($aes_key); |
|
52 |
|
53 $pass = $aes->decrypt($_POST['crypt_data'], $aes_key, ENC_HEX); |
|
54 if ( !$pass ) |
|
55 return false; |
|
56 |
|
57 return $pass; // Will be true if the password isn't crapped |
|
58 } |
|
59 |
|
60 function stg_make_private_key() |
|
61 { |
|
62 global $db; |
|
63 static $site_key = false; |
|
64 |
|
65 if ( $site_key ) |
|
66 return $site_key; |
|
67 |
|
68 // Is there already a key cached in the database? |
|
69 $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name=\'site_aes_key\';'); |
|
70 if ( !$q ) |
|
71 $db->_die(); |
|
72 |
|
73 if ( $db->numrows() > 0 ) |
|
74 { |
|
75 list($site_key) = $db->fetchrow_num(); |
|
76 $db->free_result(); |
|
77 return $site_key; |
|
78 } |
|
79 |
|
80 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
|
81 // This will use /dev/urandom if possible |
|
82 $site_key = $aes->gen_readymade_key(); |
|
83 |
|
84 // Stash it in the database, don't check for errors though because we can always regenerate it |
|
85 $db->sql_query('INSERT INTO ' . table_prefix . 'config ( config_name, config_value ) VALUES ( \'site_aes_key\', \'' . $site_key . '\' );'); |
|
86 |
|
87 return $site_key; |
|
88 } |
|
89 |
|
90 function stg_load_schema() |
|
91 { |
|
92 global $db, $dbdriver, $installer_version; |
|
93 static $sql_parser = false; |
|
94 |
|
95 if ( is_object($sql_parser) ) |
|
96 return $sql_parser->parse(); |
|
97 |
|
98 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
|
99 |
|
100 $site_key = stg_make_private_key(); |
|
101 $site_key = $aes->hextostring($site_key); |
|
102 $admin_pass_clean = stg_password_decode(); |
|
103 $admin_pass = $aes->encrypt($admin_pass_clean, $site_key, ENC_HEX); |
|
104 |
|
105 unset($admin_pass_clean); // Security |
|
106 |
|
107 try |
|
108 { |
|
109 $sql_parser = new SQL_Parser( ENANO_ROOT . "/install/schemas/{$dbdriver}_stage2.sql" ); |
|
110 } |
|
111 catch ( Exception $e ) |
|
112 { |
|
113 echo "<pre>$e</pre>"; |
|
114 return false; |
|
115 } |
|
116 |
|
117 $vars = array( |
|
118 'TABLE_PREFIX' => $_POST['table_prefix'], |
|
119 'SITE_NAME' => $db->escape($_POST['site_name']), |
|
120 'SITE_DESC' => $db->escape($_POST['site_desc']), |
|
121 'COPYRIGHT' => $db->escape($_POST['copyright']), |
|
122 // FIXME: update form |
|
123 'WIKI_MODE' => ( isset($_POST['wiki_mode']) ? '1' : '0' ), |
|
124 'ENABLE_CACHE' => ( is_writable( ENANO_ROOT . '/cache/' ) ? '1' : '0' ), |
|
125 'VERSION' => $installer_version['version'], |
|
126 'ADMIN_USER' => $db->escape($_POST['username']), |
|
127 'ADMIN_PASS' => $admin_pass, |
|
128 'ADMIN_EMAIL' => $db->escape($_POST['email']), |
|
129 'REAL_NAME' => '', // This has always been stubbed. |
|
130 'ADMIN_EMBED_PHP' => strval(AUTH_DISALLOW), |
|
131 'UNIX_TIME' => strval(time()) |
|
132 ); |
|
133 |
|
134 $sql_parser->assign_vars($vars); |
|
135 return $sql_parser->parse(); |
|
136 } |
|
137 |
|
138 function stg_deliver_payload() |
|
139 { |
|
140 global $db; |
|
141 $schema = stg_load_schema(); |
|
142 foreach ( $schema as $sql ) |
|
143 { |
|
144 if ( !$db->sql_query($sql) ) |
|
145 { |
|
146 echo $db->get_error(); |
|
147 return false; |
|
148 } |
|
149 } |
|
150 return true; |
|
151 } |
|
152 |