install.php
changeset 11 ccad6026a168
parent 10 2f530ad04f1b
child 12 c96a9b56f16c
equal deleted inserted replaced
10:2f530ad04f1b 11:ccad6026a168
    10  *
    10  *
    11  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
    11  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
    12  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
    12  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
    13  */
    13  */
    14  
    14  
    15 //@include('config.php');
    15 @include('config.php');
    16 if( ( defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED') ) && ((isset($_GET['mode']) && ($_GET['mode']!='finish' && $_GET['mode']!='css')) || !isset($_GET['mode']))) {
    16 if( ( defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED') ) && ((isset($_GET['mode']) && ($_GET['mode']!='finish' && $_GET['mode']!='css')) || !isset($_GET['mode']))) {
    17   $_GET['title'] = 'Enano:WhoCaresWhatThisIs';
    17   $_GET['title'] = 'Enano:WhoCaresWhatThisIs';
    18   require('includes/common.php');
    18   require('includes/common.php');
    19   die_friendly('Installation locked', '<p>The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.</p><p>If you wish to upgrade an older Enano installation to this version, please use the <a href="upgrade.php">upgrade script</a>.</p>');
    19   die_friendly('Installation locked', '<p>The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.</p><p>If you wish to upgrade an older Enano installation to this version, please use the <a href="upgrade.php">upgrade script</a>.</p>');
    20   exit;
    20   exit;
   165     }
   165     }
   166     $v = mysql_get_server_info();
   166     $v = mysql_get_server_info();
   167     if(version_compare($v, '4.1.17', '<')) die('vers'.$v);
   167     if(version_compare($v, '4.1.17', '<')) die('vers'.$v);
   168     mysql_close($conn);
   168     mysql_close($conn);
   169     die('good');
   169     die('good');
       
   170     break;
       
   171   case 'pophelp':
       
   172     $topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid';
       
   173     switch($topic)
       
   174     {
       
   175       case 'admin_embed_php':
       
   176         $title = 'Allow administrators to embed PHP';
       
   177         $content = '<p>This option allows you to control whether anything between the standard &lt;?php and ?&gt; tags will be treated as
       
   178                         PHP code by Enano. If this option is enabled, and members of the Administrators group use these tags, Enano will
       
   179                         execute that code when the page is loaded. There are obvious potential security implications here, which should
       
   180                         be carefully considered before enabling this option.</p>
       
   181                     <p>If you are the only administrator of this site, or if you have a high level of trust for those will be administering
       
   182                        the site with you, you should enable this to allow extreme customization of pages.</p>
       
   183                     <p>Leave this option off if you are at all concerned about security – if your account is compromised and PHP embedding
       
   184                        is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to
       
   185                        embed Javascript and arbitrary HTML and CSS.</p>
       
   186                     <p>If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time
       
   187                        using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection, or by
       
   188                        using the "embedded PHP kill switch" in the administration panel.</p>';
       
   189         break;
       
   190       default:
       
   191         $title = 'Invalid topic';
       
   192         $content = 'Invalid help topic.';
       
   193         break;
       
   194     }
       
   195     echo <<<EOF
       
   196 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
       
   197 <html>
       
   198   <head>
       
   199     <title>Enano installation quick help &bull; {$title}</title>
       
   200     <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
       
   201     <style type="text/css">
       
   202       body {
       
   203         font-family: trebuchet ms, verdana, arial, helvetica, sans-serif;
       
   204         font-size: 9pt;
       
   205       }
       
   206       h2          { border-bottom: 1px solid #90B0D0; margin-bottom: 0; }
       
   207       h3          { font-size: 11pt; font-weight: bold; }
       
   208       li          { list-style: url(../images/bullet.gif); }
       
   209       p           { margin: 1.0em; }
       
   210       blockquote  { background-color: #F4F4F4; border: 1px dotted #406080; margin: 1em; padding: 10px; max-height: 250px; overflow: auto; }
       
   211       a           { color: #7090B0; }
       
   212       a:hover     { color: #90B0D0; }
       
   213     </style>
       
   214   </head>
       
   215   <body>
       
   216     <h2>{$title}</h2>
       
   217     {$content}
       
   218     <p style="text-align: right;">
       
   219       <a href="#" onclick="window.close(); return false;">Close window</a>
       
   220     </p>
       
   221   </body>
       
   222 </html>
       
   223 EOF;
       
   224     exit;
   170     break;
   225     break;
   171   default:
   226   default:
   172     break;
   227     break;
   173 }
   228 }
   174 
   229 
   715       <table border="0">
   770       <table border="0">
   716         <tr><td><b>Administration username</b><br />The administration username you will use to log into your site.</td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
   771         <tr><td><b>Administration username</b><br />The administration username you will use to log into your site.</td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
   717         <tr><td>Administration password:</td><td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td><td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
   772         <tr><td>Administration password:</td><td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td><td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
   718         <tr><td>Enter it again to confirm:</td><td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td></tr>
   773         <tr><td>Enter it again to confirm:</td><td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td></tr>
   719         <tr><td>Your e-mail address:</td><td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td><td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
   774         <tr><td>Your e-mail address:</td><td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td><td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
       
   775         <tr>
       
   776           <td>
       
   777             Allow administrative embedding of PHP:<br />
       
   778             <small><span style="color: #D84308">Do not under any circumstances enable this option without reading these
       
   779                    <a href="install.php?mode=pophelp&amp;topic=admin_embed_php"
       
   780                       onclick="window.open(this.href, 'pophelpwin', 'width=550,height=400,status=no,toolbars=no,toolbar=no,address=no,scroll=yes'); return false;"
       
   781                       style="color: #D84308; text-decoration: underline;">important security implications</a>.
       
   782             </span></small>
       
   783           </td>
       
   784           <td>
       
   785             <label><input type="radio" name="admin_embed_php" value="2" checked="checked" /> Disabled</label>&nbsp;&nbsp;
       
   786             <label><input type="radio" name="admin_embed_php" value="4" /> Enabled</label>
       
   787           </td>
       
   788           <td></td>
       
   789         </tr>
   720         <tr><td colspan="3">If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.</td></tr>
   790         <tr><td colspan="3">If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.</td></tr>
   721       </table>
   791       </table>
   722       <div class="pagenav">
   792       <div class="pagenav">
   723        <table border="0">
   793        <table border="0">
   724        <tr>
   794        <tr>
   845        !isset($_POST['sitename']) ||
   915        !isset($_POST['sitename']) ||
   846        !isset($_POST['sitedesc']) ||
   916        !isset($_POST['sitedesc']) ||
   847        !isset($_POST['copyright']) ||
   917        !isset($_POST['copyright']) ||
   848        !isset($_POST['admin_user']) ||
   918        !isset($_POST['admin_user']) ||
   849        !isset($_POST['admin_pass']) ||
   919        !isset($_POST['admin_pass']) ||
       
   920        !isset($_POST['admin_embed_php']) || ( isset($_POST['admin_embed_php']) && !in_array($_POST['admin_embed_php'], array('2', '4')) ) ||
   850        !isset($_POST['urlscheme'])
   921        !isset($_POST['urlscheme'])
   851        )
   922        )
   852     {
   923     {
   853       echo 'The installer has detected that one or more required form values is not set. Please <a href="install.php?mode=license">restart the installation</a>.';
   924       echo 'The installer has detected that one or more required form values is not set. Please <a href="install.php?mode=license">restart the installation</a>.';
   854       $template->footer();
   925       $template->footer();
   929       $schema = str_replace('{{ADMIN_EMAIL}}',  mysql_real_escape_string($_POST['admin_email']), $schema);
  1000       $schema = str_replace('{{ADMIN_EMAIL}}',  mysql_real_escape_string($_POST['admin_email']), $schema);
   930       $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff          ), $schema);
  1001       $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff          ), $schema);
   931       $schema = str_replace('{{REAL_NAME}}',    '',                                              $schema);
  1002       $schema = str_replace('{{REAL_NAME}}',    '',                                              $schema);
   932       $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'],                          $schema);
  1003       $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'],                          $schema);
   933       $schema = str_replace('{{VERSION}}',      ENANO_VERSION,                                   $schema);
  1004       $schema = str_replace('{{VERSION}}',      ENANO_VERSION,                                   $schema);
       
  1005       $schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'],                    $schema);
   934       // Not anymore! :-D
  1006       // Not anymore! :-D
   935       // $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION,                              $schema);
  1007       // $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION,                              $schema);
   936       
  1008       
   937       if(isset($_POST['wiki_mode'])) $schema = str_replace('{{WIKI_MODE}}', '1', $schema);
  1009       if(isset($_POST['wiki_mode'])) $schema = str_replace('{{WIKI_MODE}}', '1', $schema);
   938       else $schema = str_replace('{{WIKI_MODE}}', '0', $schema);
  1010       else $schema = str_replace('{{WIKI_MODE}}', '0', $schema);