diff -r dd7cbc97f681 -r 2398420f48e7 includes/payload.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/includes/payload.php Thu Jan 17 23:31:35 2008 -0500 @@ -0,0 +1,312 @@ +sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name=\'install_aes_key\';'); + if ( !$q ) + $db->_die(); + if ( $db->numrows() < 1 ) + return false; + list($aes_key) = $db->fetchrow_num(); + $aes_key = $aes->hextostring($aes_key); + + $pass = $aes->decrypt($_POST['crypt_data'], $aes_key, ENC_HEX); + if ( !$pass ) + return false; + + return $pass; // Will be true if the password isn't crapped +} + +function stg_make_private_key() +{ + global $db; + static $site_key = false; + + if ( $site_key ) + return $site_key; + + // Is there already a key cached in the database? + $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name=\'site_aes_key\';'); + if ( !$q ) + $db->_die(); + + if ( $db->numrows() > 0 ) + { + list($site_key) = $db->fetchrow_num(); + $db->free_result(); + return $site_key; + } + + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); + // This will use /dev/urandom if possible + $site_key = $aes->gen_readymade_key(); + + // Stash it in the database, don't check for errors though because we can always regenerate it + $db->sql_query('INSERT INTO ' . table_prefix . 'config ( config_name, config_value ) VALUES ( \'site_aes_key\', \'' . $site_key . '\' );'); + + return $site_key; +} + +function stg_load_schema() +{ + global $db, $dbdriver, $installer_version; + static $sql_parser = false; + + if ( is_object($sql_parser) ) + return $sql_parser->parse(); + + $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); + + $site_key = stg_make_private_key(); + $site_key = $aes->hextostring($site_key); + $admin_pass_clean = stg_password_decode(); + $admin_pass = $aes->encrypt($admin_pass_clean, $site_key, ENC_HEX); + + unset($admin_pass_clean); // Security + + try + { + $sql_parser = new SQL_Parser( ENANO_ROOT . "/install/schemas/{$dbdriver}_stage2.sql" ); + } + catch ( Exception $e ) + { + echo "
$e"; + return false; + } + + $vars = array( + 'TABLE_PREFIX' => $_POST['table_prefix'], + 'SITE_NAME' => $db->escape($_POST['site_name']), + 'SITE_DESC' => $db->escape($_POST['site_desc']), + 'COPYRIGHT' => $db->escape($_POST['copyright']), + // FIXME: update form + 'WIKI_MODE' => ( isset($_POST['wiki_mode']) ? '1' : '0' ), + 'ENABLE_CACHE' => ( is_writable( ENANO_ROOT . '/cache/' ) ? '1' : '0' ), + 'VERSION' => $installer_version['version'], + 'ADMIN_USER' => $db->escape($_POST['username']), + 'ADMIN_PASS' => $admin_pass, + 'ADMIN_EMAIL' => $db->escape($_POST['email']), + 'REAL_NAME' => '', // This has always been stubbed. + 'ADMIN_EMBED_PHP' => strval(AUTH_DISALLOW), + 'UNIX_TIME' => strval(time()) + ); + + $sql_parser->assign_vars($vars); + return $sql_parser->parse(); +} + +function stg_deliver_payload() +{ + global $db; + $schema = stg_load_schema(); + foreach ( $schema as $sql ) + { + if ( !$db->sql_query($sql) ) + { + echo $db->get_error(); + return false; + } + } + return true; +} + +function stg_write_config() +{ + global $dbhost, $dbuser, $dbpasswd, $dbname, $dbdriver; + $db_data = array( + 'host' => str_replace("'", "\\'", $dbhost), + 'user' => str_replace("'", "\\'", $dbuser), + 'pass' => str_replace("'", "\\'", $dbpasswd), + 'name' => str_replace("'", "\\'", $dbname), + 'tp' => table_prefix, + 'drv' => $dbdriver + ); + + // Retrieves the existing key + $site_key = stg_make_private_key(); + + // Determine contentPath + switch ( @$_POST['url_scheme'] ) + { + case 'standard': + default: + $sp_append = 'index.php?title='; + break; + case 'shortened': + $sp_append = 'index.php/'; + break; + case 'rewrite': + $sp_append = '/'; + break; + } + + $scriptpath = scriptPath; + $contentpath = $scriptpath . $sp_append; + + $config_file = <<