author | Dan |
Mon, 06 Aug 2007 10:09:48 -0400 | |
changeset 83 | 80facec76d9f |
parent 74 | 68469a95658d |
child 88 | 9e303b7e95c2 |
permissions | -rwxr-xr-x |
0 | 1 |
<?php |
2 |
||
3 |
/* |
|
4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents:
33
diff
changeset
|
5 |
* Version 1.0.1 (Loch Ness) |
0 | 6 |
* upgrade.php - upgrade script |
7 |
* Copyright (C) 2006-2007 Dan Fuhry |
|
8 |
* |
|
9 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
10 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
11 |
* |
|
12 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
13 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
14 |
*/ |
|
15 |
||
16 |
define('IN_ENANO_INSTALL', 'true'); |
|
17 |
||
18 |
if(!defined('scriptPath')) { |
|
19 |
$sp = dirname($_SERVER['REQUEST_URI']); |
|
20 |
if($sp == '/' || $sp == '\\') $sp = ''; |
|
21 |
define('scriptPath', $sp); |
|
22 |
} |
|
23 |
||
24 |
if(!defined('contentPath')) { |
|
25 |
$sp = dirname($_SERVER['REQUEST_URI']); |
|
26 |
if($sp == '/' || $sp == '\\') $sp = ''; |
|
27 |
define('contentPath', $sp); |
|
28 |
} |
|
29 |
||
30 |
global $_starttime, $this_page, $sideinfo; |
|
31 |
$_starttime = microtime(true); |
|
32 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
33 |
// Determine directory (special case for development servers) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
34 |
if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
35 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
36 |
$filename = str_replace('/repo/', '/', __FILE__); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
37 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
38 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
39 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
40 |
$filename = __FILE__; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
41 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
42 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
43 |
define('ENANO_ROOT', dirname($filename)); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
44 |
|
0 | 45 |
require(ENANO_ROOT.'/includes/constants.php'); |
46 |
||
47 |
if(defined('ENANO_DEBUG')) |
|
48 |
{ |
|
49 |
require_once(ENANO_ROOT.'/includes/debugger/debugConsole.php'); |
|
50 |
} |
|
51 |
else |
|
52 |
{ |
|
53 |
function dc_here($m) { return false; } |
|
54 |
function dc_dump($a, $g) { return false; } |
|
55 |
function dc_watch($n) { return false; } |
|
56 |
function dc_start_timer($u) { return false; } |
|
57 |
function dc_stop_timer($m) { return false; } |
|
58 |
} |
|
59 |
||
60 |
// SCRIPT CONFIGURATION |
|
61 |
// Everything related to versions goes here! |
|
62 |
||
63 |
// Valid versions to upgrade from |
|
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents:
33
diff
changeset
|
64 |
$valid_versions = Array('1.0b1', '1.0b2', '1.0b3', '1.0b4', '1.0RC1', '1.0RC2', '1.0RC3', '1.0'); |
0 | 65 |
|
66 |
// Basically a list of dependencies, which should be resolved automatically |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
67 |
// If, for example, upgrading from 1.0b1 to 1.0RC1 requires one extra query that would not |
0 | 68 |
// normally be required (for whatever reason) then you would add a custom version number to the array under key '1.0b1'. |
69 |
$deps_list = Array( |
|
70 |
'1.0b1' => Array('1.0b2'), |
|
71 |
'1.0b2' => Array('1.0b3'), |
|
72 |
'1.0b3' => Array('1.0b4'), |
|
73 |
'1.0b4' => Array('1.0RC1'), |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
74 |
'1.0RC1' => Array('1.0RC2'), |
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents:
33
diff
changeset
|
75 |
'1.0RC2' => Array('1.0RC3'), |
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents:
33
diff
changeset
|
76 |
'1.0RC3' => Array('1.0') |
0 | 77 |
); |
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents:
33
diff
changeset
|
78 |
$this_version = '1.0.1'; |
0 | 79 |
$func_list = Array( |
31
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
80 |
'1.0b4' => Array('u_1_0_RC1_update_user_ids', 'u_1_0_RC1_add_admins_to_group', 'u_1_0_RC1_alter_files_table', 'u_1_0_RC1_destroy_session_cookie', 'u_1_0_RC1_set_contact_email', 'u_1_0_RC1_update_page_text'), // , |
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
0
diff
changeset
|
81 |
// '1.0RC2' => Array('u_1_0_populate_userpage_comments') |
31
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
82 |
'1.0RC3' => Array('u_1_0_RC3_make_users_extra') |
0 | 83 |
); |
84 |
||
85 |
if(!isset($_GET['mode'])) |
|
86 |
{ |
|
87 |
$_GET['mode'] = 'login'; |
|
88 |
} |
|
89 |
||
90 |
function err($t) |
|
91 |
{ |
|
92 |
global $template; |
|
93 |
echo $t; |
|
94 |
$template->footer(); |
|
95 |
exit; |
|
96 |
} |
|
97 |
||
98 |
require(ENANO_ROOT.'/includes/template.php'); |
|
99 |
||
100 |
// Initialize the session manager |
|
101 |
require(ENANO_ROOT.'/includes/functions.php'); |
|
102 |
require(ENANO_ROOT.'/includes/dbal.php'); |
|
103 |
require(ENANO_ROOT.'/includes/paths.php'); |
|
104 |
require(ENANO_ROOT.'/includes/sessions.php'); |
|
105 |
require(ENANO_ROOT.'/includes/plugins.php'); |
|
106 |
require(ENANO_ROOT.'/includes/rijndael.php'); |
|
107 |
require(ENANO_ROOT.'/includes/render.php'); |
|
108 |
$db = new mysql(); |
|
109 |
$db->connect(); |
|
110 |
||
111 |
$plugins = new pluginLoader(); |
|
112 |
||
113 |
if(!defined('ENANO_CONFIG_FETCHED')) |
|
114 |
{ |
|
115 |
// Select and fetch the site configuration |
|
116 |
$e = $db->sql_query('SELECT config_name, config_value FROM '.table_prefix.'config;'); |
|
117 |
if ( !$e ) |
|
118 |
{ |
|
119 |
$db->_die('Some critical configuration information could not be selected.'); |
|
120 |
} |
|
121 |
else |
|
122 |
{ |
|
123 |
define('ENANO_CONFIG_FETCHED', ''); // Used in die_semicritical to figure out whether to call getConfig() or not |
|
124 |
} |
|
125 |
||
126 |
$enano_config = Array(); |
|
127 |
while($r = $db->fetchrow()) |
|
128 |
{ |
|
129 |
$enano_config[$r['config_name']] = $r['config_value']; |
|
130 |
} |
|
131 |
$db->free_result(); |
|
132 |
} |
|
133 |
||
134 |
$v = enano_version(); |
|
135 |
if(in_array($v, Array(false, '', '1.0b3', '1.0b4'))) |
|
136 |
{ |
|
137 |
$ul_admin = 2; |
|
138 |
$ul_mod = 1; |
|
139 |
$ul_member = 0; |
|
140 |
$ul_guest = -1; |
|
141 |
} |
|
142 |
else |
|
143 |
{ |
|
144 |
$ul_admin = USER_LEVEL_ADMIN; |
|
145 |
$ul_mod = USER_LEVEL_MOD; |
|
146 |
$ul_member = USER_LEVEL_MEMBER; |
|
147 |
$ul_guest = USER_LEVEL_GUEST; |
|
148 |
} |
|
149 |
||
150 |
$_GET['title'] = 'unset'; |
|
151 |
||
152 |
$session = new sessionManager(); |
|
153 |
$paths = new pathManager(); |
|
154 |
$session->start(); |
|
155 |
||
156 |
$template = new template_nodb(); |
|
157 |
$template->load_theme('oxygen', 'bleu', false); |
|
158 |
||
159 |
$modestrings = Array( |
|
160 |
'login' => 'Administrative login', |
|
161 |
'welcome' => 'Welcome', |
|
162 |
'setversion' => 'Select Enano version', |
|
163 |
'confirm' => 'Confirm upgrade', |
|
164 |
'upgrade' => 'Database installation', |
|
165 |
'finish' => 'Upgrade complete' |
|
166 |
); |
|
167 |
||
168 |
$sideinfo = ''; |
|
169 |
$vars = $template->extract_vars('elements.tpl'); |
|
170 |
$p = $template->makeParserText($vars['sidebar_button']); |
|
171 |
foreach ( $modestrings as $id => $str ) |
|
172 |
{ |
|
173 |
if ( $_GET['mode'] == $id ) |
|
174 |
{ |
|
175 |
$flags = 'style="font-weight: bold; text-decoration: underline;"'; |
|
176 |
$this_page = $str; |
|
177 |
} |
|
178 |
else |
|
179 |
{ |
|
180 |
$flags = ''; |
|
181 |
} |
|
182 |
$p->assign_vars(Array( |
|
183 |
'HREF' => '#', |
|
184 |
'FLAGS' => $flags . ' onclick="return false;"', |
|
185 |
'TEXT' => $str |
|
186 |
)); |
|
187 |
$sideinfo .= $p->run(); |
|
188 |
} |
|
189 |
||
190 |
$template->init_vars(); |
|
191 |
||
192 |
function upg_assign_vars($schema) |
|
193 |
{ |
|
194 |
$schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string(getConfig('site_name')), $schema); |
|
195 |
$schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string(getConfig('site_desc')), $schema); |
|
196 |
$schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string(getConfig('copyright_notice')), $schema); |
|
197 |
$schema = str_replace('{{TABLE_PREFIX}}', table_prefix, $schema); |
|
198 |
if(getConfig('wiki_mode')=='1') $schema = str_replace('{{WIKI_MODE}}', '1', $schema); |
|
199 |
else $schema = str_replace('{{WIKI_MODE}}', '0', $schema); |
|
200 |
return $schema; |
|
201 |
} |
|
202 |
||
203 |
/* Version-specific functions */ |
|
204 |
||
205 |
function u_1_0_RC1_update_user_ids() |
|
206 |
{ |
|
207 |
global $db; |
|
208 |
// First, make sure this hasn't already been done |
|
209 |
$q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE user_id=1;'); |
|
210 |
if ( !$q ) |
|
211 |
$db->_die(); |
|
212 |
$row = $db->fetchrow(); |
|
213 |
if ( $row['username'] == 'Anonymous' ) |
|
214 |
return true; |
|
215 |
// Find the first unused user ID |
|
216 |
$used = Array(); |
|
217 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users'); |
|
218 |
if ( !$q ) |
|
219 |
$db->_die(); |
|
220 |
$c = false; |
|
221 |
while ( $row = $db->fetchrow() ) |
|
222 |
{ |
|
223 |
$i = intval($row['user_id']); |
|
224 |
$used[$i] = true; |
|
225 |
if ( !isset($used[$i - 1]) && $c ) |
|
226 |
{ |
|
227 |
$id = $i - 1; |
|
228 |
break; |
|
229 |
} |
|
230 |
$c = true; |
|
231 |
} |
|
232 |
if ( !isset($id) ) |
|
233 |
$id = $i + 1; |
|
234 |
$db->free_result(); |
|
235 |
||
236 |
$q = $db->sql_query('UPDATE '.table_prefix.'users SET user_id=' . $id . ' WHERE user_id=1;'); |
|
237 |
if(!$q) |
|
238 |
$db->_die(); |
|
239 |
$q = $db->sql_query('UPDATE '.table_prefix.'users SET user_id=1 WHERE user_id=-1 AND username=\'Anonymous\';'); |
|
240 |
if(!$q) |
|
241 |
$db->_die(); |
|
242 |
||
243 |
} |
|
244 |
||
245 |
function u_1_0_RC1_add_admins_to_group() |
|
246 |
{ |
|
247 |
global $db; |
|
248 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_level=' . USER_LEVEL_ADMIN . ';'); |
|
249 |
if ( !$q ) |
|
250 |
$db->_die(); |
|
251 |
$base = 'INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES'; |
|
252 |
$blocks = Array(); |
|
253 |
while ( $row = $db->fetchrow($q) ) |
|
254 |
{ |
|
255 |
$blocks[] = '(2,' . $row['user_id'] . ')'; |
|
256 |
} |
|
257 |
$blocks = implode(',', $blocks); |
|
258 |
$sql = $base . $blocks . ';'; |
|
259 |
if(!$db->sql_query($sql)) |
|
260 |
$db->_die(); |
|
261 |
} |
|
262 |
||
263 |
function u_1_0_RC1_alter_files_table() |
|
264 |
{ |
|
265 |
global $db; |
|
266 |
if(!is_dir(ENANO_ROOT.'/files')) |
|
267 |
@mkdir(ENANO_ROOT . '/files'); |
|
268 |
if(!is_dir(ENANO_ROOT.'/files')) |
|
269 |
die('ERROR: Couldn\'t create files directory'); |
|
270 |
$q = $db->sql_unbuffered_query('SELECT * FROM '.table_prefix.'files;', $db->_conn); |
|
271 |
if(!$q) $db->_die(); |
|
272 |
while ( $row = $db->fetchrow() ) |
|
273 |
{ |
|
274 |
$file_data = base64_decode($row['data']); |
|
275 |
$path = ENANO_ROOT . '/files/' . md5( $row['filename'] . '_' . $file_data ) . '_' . $row['time_id'] . $row['file_extension']; |
|
276 |
@unlink($path); |
|
277 |
$handle = @fopen($path, 'w'); |
|
278 |
if(!$handle) |
|
279 |
die('fopen failed'); |
|
280 |
fwrite($handle, $file_data); |
|
281 |
fclose($handle); |
|
282 |
||
283 |
} |
|
284 |
||
285 |
$q = $db->sql_query('ALTER TABLE '.table_prefix.'files DROP PRIMARY KEY, ADD COLUMN file_id int(12) NOT NULL auto_increment FIRST, ADD PRIMARY KEY (file_id), ADD COLUMN file_key varchar(32) NOT NULL;'); |
|
286 |
if(!$q) $db->_die(); |
|
287 |
||
288 |
$list = Array(); |
|
289 |
$q = $db->sql_unbuffered_query('SELECT * FROM '.table_prefix.'files;', $db->_conn); |
|
290 |
if(!$q) $db->_die(); |
|
291 |
while ( $row = $db->fetchrow($q) ) |
|
292 |
{ |
|
293 |
$file_data = base64_decode($row['data']); |
|
294 |
$key = md5( $row['filename'] . '_' . $file_data ); |
|
295 |
$list[] = 'UPDATE '.table_prefix.'files SET file_key=\'' . $key . '\' WHERE file_id=' . $row['file_id'] . ';'; |
|
296 |
} |
|
297 |
||
298 |
foreach ( $list as $sql ) |
|
299 |
{ |
|
300 |
if(!$db->sql_query($sql)) $db->_die(); |
|
301 |
} |
|
302 |
||
303 |
if(!$db->sql_query('ALTER TABLE '.table_prefix.'files DROP data')) $db->_die(); |
|
304 |
||
305 |
} |
|
306 |
||
307 |
function u_1_0_RC1_destroy_session_cookie() |
|
308 |
{ |
|
309 |
unset($_COOKIE['sid']); |
|
310 |
setcookie('sid', '', time()-3600*24, scriptPath); |
|
311 |
setcookie('sid', '', time()-3600*24, scriptPath.'/'); |
|
312 |
} |
|
313 |
||
314 |
function u_1_0_RC1_set_contact_email() |
|
315 |
{ |
|
316 |
global $db; |
|
317 |
$q = $db->sql_query('SELECT email FROM '.table_prefix.'users WHERE user_level='.USER_LEVEL_ADMIN.' ORDER BY user_level ASC LIMIT 1;'); |
|
318 |
if(!$q) |
|
319 |
$db->_die(); |
|
320 |
$row = $db->fetchrow(); |
|
321 |
setConfig('contact_email', $row['email']); |
|
322 |
} |
|
323 |
||
324 |
function u_1_0_RC1_update_page_text() |
|
325 |
{ |
|
326 |
global $db; |
|
327 |
$q = $db->sql_unbuffered_query('SELECT page_id,namespace,page_text,char_tag FROM '.table_prefix.'page_text'); |
|
328 |
if (!$q) |
|
329 |
$db->_die(); |
|
330 |
||
331 |
$qs = array(); |
|
332 |
||
333 |
while ( $row = $db->fetchrow($q) ) |
|
334 |
{ |
|
335 |
$row['page_text'] = str_replace(Array( |
|
336 |
"{QUOT:{$row['char_tag']}}", |
|
337 |
"{APOS:{$row['char_tag']}}", |
|
338 |
"{SLASH:{$row['char_tag']}}" |
|
339 |
), Array( |
|
340 |
'"', "'", '\\' |
|
341 |
), $row['page_text']); |
|
342 |
$qs[] = 'UPDATE '.table_prefix.'page_text SET page_text=\'' . mysql_real_escape_string($row['page_text']) . '\' |
|
343 |
WHERE page_id=\'' . mysql_real_escape_string($row['page_id']) . '\' AND |
|
344 |
namespace=\'' . mysql_real_escape_string($row['namespace']) . '\';'; |
|
345 |
} |
|
346 |
||
347 |
foreach($qs as $query) |
|
348 |
{ |
|
349 |
if(!$db->sql_query($query)) |
|
350 |
$db->_die(); |
|
351 |
} |
|
352 |
} |
|
353 |
||
354 |
function u_1_0_populate_userpage_comments() |
|
355 |
{ |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
356 |
// |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
357 |
// UNFINISHED... |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
358 |
// |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
359 |
|
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
0
diff
changeset
|
360 |
/* |
0 | 361 |
global $db; |
362 |
$q = $db->sql_query('SELECT COUNT(c.comment_id) AS num_comments...'); |
|
363 |
if ( !$q ) |
|
364 |
$db->_die(); |
|
365 |
||
366 |
while ( $row = $db->fetchrow() ) |
|
367 |
{ |
|
368 |
||
369 |
} |
|
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
0
diff
changeset
|
370 |
*/ |
0 | 371 |
} |
372 |
||
31
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
373 |
function u_1_0_RC3_make_users_extra() |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
374 |
{ |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
375 |
global $db; |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
376 |
$q = $db->sql_query('SELECT user_id FROM users WHERE user_id > 1;'); |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
377 |
if ( !$q ) |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
378 |
$db->_die(); |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
379 |
|
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
380 |
$ids = array(); |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
381 |
while ( $row = $db->fetchrow() ) |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
382 |
{ |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
383 |
$ids[] = intval($row['user_id']); |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
384 |
} |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
385 |
|
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
386 |
$ids = '(' . implode('),(', $ids) . ')'; |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
387 |
$sql = "INSERT INTO " . table_prefix . "users_extra(user_id) VALUES$ids;"; |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
388 |
|
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
389 |
if ( !$db->sql_query($sql) ) |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
390 |
$db->_die(); |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
391 |
} |
dc8741857bde
Finished Special:Preferences/Profile page! Only the wikitext parser cleanup left, yay!
Dan
parents:
21
diff
changeset
|
392 |
|
0 | 393 |
switch($_GET['mode']) |
394 |
{ |
|
395 |
case "login": |
|
396 |
if($session->user_logged_in && $session->user_level >= $ul_admin) |
|
397 |
{ |
|
398 |
if(isset($_POST['login'])) |
|
399 |
{ |
|
400 |
$session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_admin); |
|
401 |
if($session->sid_super) |
|
402 |
{ |
|
403 |
header('Location: upgrade.php?mode=welcome&auth='.$session->sid_super); |
|
404 |
exit; |
|
405 |
} |
|
406 |
} |
|
407 |
$template->header(); |
|
408 |
?> |
|
409 |
<form action="upgrade.php?mode=login" method="post"> |
|
410 |
<table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4"> |
|
411 |
<tr> |
|
412 |
<th colspan="2">You must re-authenticate to perform this upgrade.</th> |
|
413 |
</tr> |
|
414 |
<?php |
|
415 |
if(isset($_POST['login'])) |
|
416 |
{ |
|
417 |
echo '<tr><td colspan="2"><p style="color: red;">Login failed. Bad password?</p></td></tr>'; |
|
418 |
} |
|
419 |
?> |
|
420 |
<tr> |
|
421 |
<td>Username:</td><td><input type="text" name="username" size="30" /></td> |
|
422 |
</tr> |
|
423 |
<tr> |
|
424 |
<td>Password:</td><td><input type="password" name="password" size="30" /></td> |
|
425 |
</tr> |
|
426 |
<tr> |
|
427 |
<td colspan="2" style="text-align: center;"><input type="submit" name="login" value="Log in" /> |
|
428 |
</tr> |
|
429 |
</table> |
|
430 |
</form> |
|
431 |
<?php |
|
432 |
} |
|
433 |
else |
|
434 |
{ |
|
435 |
if(isset($_POST['login'])) |
|
436 |
{ |
|
437 |
$result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_member); |
|
438 |
if($result == 'success') |
|
439 |
{ |
|
440 |
header('Location: upgrade.php'); |
|
441 |
exit; |
|
442 |
} |
|
443 |
} |
|
444 |
$template->header(); |
|
445 |
?> |
|
446 |
<form action="upgrade.php?mode=login" method="post"> |
|
447 |
<table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4"> |
|
448 |
<tr> |
|
449 |
<th colspan="2">Please log in to continue with this upgrade.</th> |
|
450 |
</tr> |
|
451 |
<?php |
|
452 |
if(isset($_POST['login'])) |
|
453 |
{ |
|
454 |
echo '<tr><td colspan="2"><p style="color: red;">Login failed. Bad password?</p></td></tr>'; |
|
455 |
} |
|
456 |
?> |
|
457 |
<tr> |
|
458 |
<td>Username:</td><td><input type="text" name="username" size="30" /></td> |
|
459 |
</tr> |
|
460 |
<tr> |
|
461 |
<td>Password:</td><td><input type="password" name="password" size="30" /></td> |
|
462 |
</tr> |
|
463 |
<tr> |
|
464 |
<td colspan="2" style="text-align: center;"><input type="submit" name="login" value="Log in" /> |
|
465 |
</tr> |
|
466 |
</table> |
|
467 |
</form> |
|
468 |
<?php |
|
469 |
} |
|
470 |
break; |
|
471 |
case "welcome": |
|
472 |
if(!$session->sid_super) { $template->header(); echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; } |
|
473 |
||
474 |
// Just show a simple welcome page to display version information |
|
475 |
$template->header(); |
|
476 |
require('config.php'); |
|
477 |
||
478 |
?> |
|
479 |
||
480 |
<div style="text-align: center; margin-top: 10px;"> |
|
481 |
<img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-blue.png" style="display: block; margin: 0 auto; padding-left: 134px;" /> |
|
482 |
<h2>Welcome to the Enano upgrade wizard</h2> |
|
483 |
<?php |
|
484 |
if ( file_exists('./_nightly.php') ) |
|
485 |
{ |
|
486 |
echo '<div class="warning-box" style="text-align: left; margin: 10px auto; display: table; width: 60%;"><b>You are about to upgrade to a NIGHTLY BUILD of Enano.</b><br />Nightly builds CANNOT be re-upgraded to the final release. They may also contain serious flaws, security problems, or extraneous debugging information. Continuing this process on a production site is NOT recommended.</div>'; |
|
487 |
} |
|
488 |
?> |
|
489 |
</div> |
|
490 |
<div style="display: table; margin: 0 auto;"> |
|
491 |
<p>You are about to upgrade Enano to version <b><?php echo $this_version; ?></b>. Before you continue, please ensure that:</p> |
|
492 |
<ul> |
|
493 |
<li>You have completely backed up your database (<b><?php echo "$dbhost:$dbname"; ?></b>)</li> |
|
494 |
<li>You have backed up the entire Enano directory (<b><?php echo ENANO_ROOT; ?></b>)</li> |
|
495 |
<li>You have reviewed the release notes for this version, and you<br />are comfortable with any known bugs or issues</li> |
|
496 |
</ul> |
|
497 |
</div> |
|
498 |
<div style="text-align: center; margin-top: 10px;"> |
|
499 |
<form action="upgrade.php?mode=setversion&auth=<?php echo $session->sid_super; ?>" method="post"> |
|
500 |
<input type="submit" value="Continue with upgrade" /> |
|
501 |
</form> |
|
502 |
</div> |
|
503 |
||
504 |
<?php |
|
505 |
||
506 |
break; |
|
507 |
case "setversion": |
|
508 |
if(!$session->sid_super) { $template->header(); echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; } |
|
509 |
$v = ( function_exists('enano_version') ) ? enano_version() : ''; |
|
510 |
if(!in_array($v, $valid_versions) && $v != '') |
|
511 |
{ |
|
512 |
$template->header(); |
|
513 |
?> |
|
514 |
<p>Your version of Enano (<?php echo $v; ?>) can't be upgraded to this version (<?php echo $this_version; ?>).</p> |
|
515 |
<?php |
|
516 |
break; |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
517 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
518 |
else if($v == '') |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
519 |
{ |
0 | 520 |
// OK, we don't know which version he's running. So we'll cheat ;-) |
521 |
$template->header(); |
|
522 |
echo "<form action='upgrade.php?mode=confirm&auth={$session->sid_super}' method='post'>"; |
|
523 |
?> |
|
524 |
<p>Sorry, we couldn't detect which version of Enano you're running on your server. Please select which version of Enano you have below, and make absolutely sure that you're correct.</p> |
|
525 |
<p><select name="version"><?php |
|
526 |
foreach($valid_versions as $c) |
|
527 |
{ |
|
528 |
echo "<option value='{$c}'>{$c}</option>"; |
|
529 |
} |
|
530 |
?></select></p> |
|
531 |
<p> |
|
532 |
<input type="submit" value="Continue" /> |
|
533 |
</p> |
|
534 |
<?php |
|
535 |
echo `</form>`; |
|
536 |
break; |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
537 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
538 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
539 |
{ |
0 | 540 |
header('Location: upgrade.php?mode=confirm&auth='.$session->sid_super); |
541 |
} |
|
542 |
break; |
|
543 |
case "confirm": |
|
544 |
$enano_version = ( isset($_POST['version']) ) ? $_POST['version'] : enano_version(); |
|
545 |
||
546 |
$template->header(); |
|
547 |
if(!$session->sid_super) { echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; } |
|
548 |
?> |
|
549 |
<form action="upgrade.php?mode=upgrade&auth=<?php echo $session->sid_super; ?>" method="post"> |
|
550 |
<table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4"> |
|
551 |
<tr> |
|
552 |
<td colspan="2"><p><b>Are you sure you want to perform this upgrade?</b></p><p>You can still cancel the upgrade process now. If<br />the upgrade fails, you will need to roll back<br />any actions made using manual SQL queries.</p><p><b>Please clear your browser cache or<br />shift-reload after the upgrade.</b><br />If you fail to do so, some page elements may<br />be broken.</td> |
|
553 |
</tr> |
|
554 |
<tr> |
|
555 |
<td colspan="2" style="text-align: center;"> |
|
556 |
<input type="hidden" name="enano_version" value="<?php echo $enano_version; ?>" /> |
|
557 |
<input type="submit" name="doit" value="Upgrade Enano!" /> |
|
558 |
</td> |
|
559 |
</tr> |
|
560 |
</table> |
|
561 |
</form> |
|
562 |
<?php |
|
563 |
break; |
|
564 |
case "upgrade": |
|
565 |
$template->header(); |
|
566 |
if(!$session->sid_super) { echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; } |
|
567 |
if(!isset($_POST['enano_version'])) { echo '<p>Can\'t find the version information on the POST query, are you trying to do this upgrade directly? Please <a href="upgrade.php">restart the upgrade</a>.</p>'; break; } |
|
568 |
$enano_version = $_POST['enano_version']; |
|
569 |
echo '<p>Preparing for schema execution...'; |
|
570 |
// Build an array of queries |
|
571 |
$schema = file_get_contents('upgrade.sql'); |
|
572 |
||
573 |
// Strip out and process version blocks |
|
574 |
preg_match_all('#---BEGIN ([0-9A-z\.\-]*?)---'."\n".'(.*?)'."\n".'---END \\1---#is', $schema, $matches); |
|
575 |
||
576 |
$from_list =& $matches[1]; |
|
577 |
$query_list =& $matches[2]; |
|
578 |
||
579 |
foreach($matches[0] as $m) |
|
580 |
{ |
|
581 |
$schema = str_replace($m, '', $schema); |
|
582 |
} |
|
583 |
$schema = explode("\n", $schema); |
|
584 |
foreach($schema as $k => $q) |
|
585 |
{ |
|
586 |
if(substr($q, 0, 2) == '--' || $q == '') |
|
587 |
{ |
|
588 |
unset($schema[$k]); |
|
589 |
//die('<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>'); |
|
590 |
} |
|
591 |
else |
|
592 |
{ |
|
593 |
$schema[$k] = upg_assign_vars($schema[$k]); |
|
594 |
} |
|
595 |
} |
|
596 |
||
597 |
foreach($query_list as $k => $q) |
|
598 |
{ |
|
599 |
$query_list[$k] = explode("\n", $query_list[$k]); |
|
600 |
foreach($query_list[$k] as $i => $s) |
|
601 |
{ |
|
602 |
$tq =& $query_list[$k][$i]; |
|
603 |
if(substr($s, 0, 2) == '--' || $s == '') |
|
604 |
{ |
|
605 |
unset($query_list[$k][$i]); |
|
606 |
//die('<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>'); |
|
607 |
} |
|
608 |
else |
|
609 |
{ |
|
610 |
$query_list[$k][$i] = upg_assign_vars($query_list[$k][$i]); |
|
611 |
} |
|
612 |
} |
|
613 |
$query_list[$k] = array_values($query_list[$k]); |
|
614 |
} |
|
615 |
||
616 |
$assoc_list = Array(); |
|
617 |
||
618 |
foreach($from_list as $i => $v) |
|
619 |
{ |
|
620 |
$assoc_list[$v] = $query_list[$i]; |
|
621 |
} |
|
622 |
||
623 |
$schema = array_values($schema); |
|
624 |
||
625 |
$deps_resolved = false; |
|
626 |
$installing_versions = Array($enano_version); |
|
627 |
||
628 |
while(true) |
|
629 |
{ |
|
630 |
$v = array_keys($deps_list); |
|
631 |
foreach($v as $i => $ver) |
|
632 |
{ |
|
633 |
if(in_array($ver, $installing_versions)) |
|
634 |
{ |
|
635 |
// $ver is on the list of versions to be installed. Add its dependencies to the list of versions to install. |
|
636 |
foreach($deps_list[$ver] as $dep) |
|
637 |
{ |
|
638 |
if(!in_array($dep, $installing_versions)) |
|
639 |
{ |
|
640 |
$installing_versions[] = $dep; |
|
641 |
} |
|
642 |
} |
|
643 |
} |
|
644 |
if($i == count($deps_list) - 1) |
|
645 |
{ |
|
646 |
break 2; |
|
647 |
} |
|
648 |
} |
|
649 |
} |
|
650 |
||
651 |
foreach($installing_versions as $this_ver) |
|
652 |
{ |
|
653 |
$schema = array_merge($schema, $assoc_list[$this_ver]); |
|
654 |
} |
|
655 |
||
656 |
// Time for some proper SQL syntax! |
|
657 |
// Also check queries for so-called injection attempts to make |
|
658 |
// sure that it doesn't fail during the upgrade process and |
|
659 |
// leave the user with a half-upgraded database |
|
660 |
foreach($schema as $s => $q) |
|
661 |
{ |
|
662 |
if(substr($q, strlen($q)-1, 1) != ';') |
|
663 |
{ |
|
664 |
$schema[$s] .= ';'; |
|
665 |
} |
|
666 |
if ( !$db->check_query($schema[$s]) ) |
|
667 |
{ |
|
668 |
// Uh-oh, the check failed, bail out |
|
669 |
// The DBAL runs sanity checks on all queries for safety, |
|
670 |
// so if the check fails in mid-upgrade we are in deep |
|
671 |
// dodo doo-doo. |
|
672 |
echo 'Query failed sanity check, this should never happen and is a bug.</p><p>Query was:</p><pre>'.$schema[$s].'</pre>'; |
|
673 |
break 2; |
|
674 |
} |
|
675 |
} |
|
676 |
||
677 |
$schema = array_values($schema); |
|
678 |
||
679 |
// Used extensively for debugging |
|
680 |
// echo '<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>'; |
|
681 |
// break; |
|
682 |
||
683 |
echo 'done!<br />Executing upgrade schema...'; |
|
684 |
||
685 |
// OK, do the loop, baby!!! |
|
686 |
foreach($schema as $q) |
|
687 |
{ |
|
688 |
$r = $db->sql_query($q); |
|
689 |
if(!$r) |
|
690 |
{ |
|
691 |
echo $db->get_error(); |
|
692 |
break 2; |
|
693 |
} |
|
694 |
} |
|
695 |
||
696 |
// Call any custom functions |
|
697 |
foreach ( $installing_versions as $ver ) |
|
698 |
{ |
|
699 |
if ( isset($func_list[$ver]) ) |
|
700 |
{ |
|
701 |
foreach($func_list[$ver] as $function) |
|
702 |
{ |
|
703 |
@call_user_func($function); |
|
704 |
} |
|
705 |
} |
|
706 |
} |
|
707 |
||
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
parents:
73
diff
changeset
|
708 |
// Log the upgrade |
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
parents:
73
diff
changeset
|
709 |
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'upgrade_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($session->username) . '\', \'' . mysql_real_escape_string($this_version) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');'); |
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
parents:
73
diff
changeset
|
710 |
|
0 | 711 |
echo 'done!</p>'; |
712 |
echo '<p>You will be redirected shortly. If you aren\'t redirected, <a href="index.php">click here</a>.</p> |
|
713 |
<script type="text/javascript">setTimeout("window.location=\'index.php\'", 2000)</script>'; |
|
714 |
break; |
|
715 |
} |
|
716 |
$template->footer(); |
|
717 |
||
718 |
?> |