install.php
changeset 217 5bcdee999015
parent 216 06db76725891
child 218 e0ec986c0af3
equal deleted inserted replaced
216:06db76725891 217:5bcdee999015
   117 }
   117 }
   118 
   118 
   119 function start_install_table()
   119 function start_install_table()
   120 {
   120 {
   121   echo '<table border="0" cellspacing="0" cellpadding="0">' . "\n";
   121   echo '<table border="0" cellspacing="0" cellpadding="0">' . "\n";
       
   122   ob_start();
   122 }
   123 }
   123 
   124 
   124 function close_install_table()
   125 function close_install_table()
   125 {
   126 {
   126   echo '</table>' . "\n\n";
   127   echo '</table>' . "\n\n";
       
   128   ob_end_flush();
   127 }
   129 }
   128 
   130 
   129 function echo_stage_success($stage_id, $stage_name)
   131 function echo_stage_success($stage_id, $stage_name)
   130 {
   132 {
   131   global $neutral_color;
   133   global $neutral_color;
   132   $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
   134   $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
   133   ob_start();
       
   134   echo '<tr><td style="width: 500px; background-color: #' . "{$neutral_color}{$neutral_color}FF{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Done" src="images/good.gif" /></td></tr>' . "\n";
   135   echo '<tr><td style="width: 500px; background-color: #' . "{$neutral_color}{$neutral_color}FF{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Done" src="images/good.gif" /></td></tr>' . "\n";
   135   ob_end_flush();
   136   ob_flush();
   136 }
   137 }
   137 
   138 
   138 function echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack)
   139 function echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack)
   139 {
   140 {
   140   global $neutral_color;
   141   global $neutral_color;
   141   
   142   
   142   $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
   143   $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
   143   ob_start();
       
   144   echo '<tr><td style="width: 500px; background-color: #' . "FF{$neutral_color}{$neutral_color}{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Failed" src="images/bad.gif" /></td></tr>' . "\n";
   144   echo '<tr><td style="width: 500px; background-color: #' . "FF{$neutral_color}{$neutral_color}{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Failed" src="images/bad.gif" /></td></tr>' . "\n";
   145   ob_end_flush();
   145   ob_flush();
   146   close_install_table();
   146   close_install_table();
   147   $post_data = '';
   147   $post_data = '';
   148   $mysql_error = mysql_error();
   148   $mysql_error = mysql_error();
   149   foreach ( $_POST as $key => $value )
   149   foreach ( $_POST as $key => $value )
   150   {
   150   {
   376   $key = $aes->hextostring($key);
   376   $key = $aes->hextostring($key);
   377   $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
   377   $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
   378   
   378   
   379   $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
   379   $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
   380   
   380   
       
   381   $admin_user = $_POST['admin_user'];
       
   382   $admin_user = str_replace('_', ' ', $admin_user);
       
   383   $admin_user = mysql_real_escape_string($admin_user);
       
   384   
   381   $schema = file_get_contents('schema.sql');
   385   $schema = file_get_contents('schema.sql');
   382   $schema = str_replace('{{SITE_NAME}}',    mysql_real_escape_string($_POST['sitename']   ), $schema);
   386   $schema = str_replace('{{SITE_NAME}}',    mysql_real_escape_string($_POST['sitename']   ), $schema);
   383   $schema = str_replace('{{SITE_DESC}}',    mysql_real_escape_string($_POST['sitedesc']   ), $schema);
   387   $schema = str_replace('{{SITE_DESC}}',    mysql_real_escape_string($_POST['sitedesc']   ), $schema);
   384   $schema = str_replace('{{COPYRIGHT}}',    mysql_real_escape_string($_POST['copyright']  ), $schema);
   388   $schema = str_replace('{{COPYRIGHT}}',    mysql_real_escape_string($_POST['copyright']  ), $schema);
   385   $schema = str_replace('{{ADMIN_USER}}',   mysql_real_escape_string($_POST['admin_user'] ), $schema);
   389   $schema = str_replace('{{ADMIN_USER}}',   $admin_user                                    , $schema);
   386   $schema = str_replace('{{ADMIN_PASS}}',   mysql_real_escape_string($admin_pass          ), $schema);
   390   $schema = str_replace('{{ADMIN_PASS}}',   mysql_real_escape_string($admin_pass          ), $schema);
   387   $schema = str_replace('{{ADMIN_EMAIL}}',  mysql_real_escape_string($_POST['admin_email']), $schema);
   391   $schema = str_replace('{{ADMIN_EMAIL}}',  mysql_real_escape_string($_POST['admin_email']), $schema);
   388   $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff          ), $schema);
   392   $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff          ), $schema);
   389   $schema = str_replace('{{REAL_NAME}}',    '',                                              $schema);
   393   $schema = str_replace('{{REAL_NAME}}',    '',                                              $schema);
   390   $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'],                          $schema);
   394   $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'],                          $schema);
   450     $key = stg_generate_aes_key(true);
   454     $key = stg_generate_aes_key(true);
   451     $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
   455     $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
   452     $key = $aes->hextostring($key);
   456     $key = $aes->hextostring($key);
   453     $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
   457     $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
   454     $admin_user = mysql_real_escape_string($_POST['admin_user']);
   458     $admin_user = mysql_real_escape_string($_POST['admin_user']);
       
   459     $admin_user = str_replace('_', ' ', $admin_user);
   455     
   460     
   456     $q = @mysql_query("UPDATE {$_POST['table_prefix']}users SET password='$admin_pass' WHERE username='$admin_user';");
   461     $q = @mysql_query("UPDATE {$_POST['table_prefix']}users SET password='$admin_pass' WHERE username='$admin_user';");
   457     if ( !$q )
   462     if ( !$q )
   458     {
   463     {
   459       echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
   464       echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
  1545       err('Hacking attempt was detected in table_prefix.');
  1550       err('Hacking attempt was detected in table_prefix.');
  1546     
  1551     
  1547       start_install_table();
  1552       start_install_table();
  1548       
  1553       
  1549       // Are we just trying to auto-rename the config files? If so, skip everything else
  1554       // Are we just trying to auto-rename the config files? If so, skip everything else
  1550       if ( $_GET['stage'] != 'renameconfig' )
  1555       if ( !isset($_GET['stage']) || ( isset($_GET['stage']) && $_GET['stage'] != 'renameconfig' ) )
  1551       {
  1556       {
  1552       
  1557       
  1553         // The stages connect, decrypt, genkey, and parse are preprocessing and don't do any actual data modification.
  1558         // The stages connect, decrypt, genkey, and parse are preprocessing and don't do any actual data modification.
  1554         // Thus, they need to be run on each retry, e.g. never skipped.
  1559         // Thus, they need to be run on each retry, e.g. never skipped.
  1555         run_installer_stage('connect', 'Connect to MySQL', 'stg_mysql_connect', 'MySQL denied our attempt to connect to the database. This is most likely because your login information was incorrect. You will most likely need to <a href="install.php?mode=license">restart the installation</a>.', false);
  1560         run_installer_stage('connect', 'Connect to MySQL', 'stg_mysql_connect', 'MySQL denied our attempt to connect to the database. This is most likely because your login information was incorrect. You will most likely need to <a href="install.php?mode=license">restart the installation</a>.', false);
  1591         // Now that login cookies are set, initialize the session manager and ACLs
  1596         // Now that login cookies are set, initialize the session manager and ACLs
  1592         $session->start();
  1597         $session->start();
  1593         $paths->init();
  1598         $paths->init();
  1594         
  1599         
  1595         run_installer_stage('initlogs', 'Initialize logs', 'stg_init_logs', '<b>The session manager denied the request to flush logs for the main page.</b><br />
  1600         run_installer_stage('initlogs', 'Initialize logs', 'stg_init_logs', '<b>The session manager denied the request to flush logs for the main page.</b><br />
  1596                              While under most circumstances you can still <a href="install.php?mode=finish">finish the installation</a>, you should be aware that some servers cannot
  1601                              While under most circumstances you can still <a href="install.php?mode=finish">finish the installation</a> after renaming your configuration files, you should be aware that some servers cannot
  1597                              properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose
  1602                              properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose
  1598                              to finish the installation, please be aware that you may be unable to log into your site.');
  1603                              to finish the installation, please be aware that you may be unable to log into your site.');
  1599         
  1604         
       
  1605         /*
       
  1606          * HACKERS:
       
  1607          * If you're making a custom distribution of Enano, put all your custom plugin-related code here.
       
  1608          * You have access to the full Enano API as well as being logged in with complete admin rights.
       
  1609          * Don't do anything horrendously fancy here, unless you add a new stage (or more than one) and
       
  1610          * have the progress printed out properly.
       
  1611          */
       
  1612         
  1600       } // check for stage == renameconfig
  1613       } // check for stage == renameconfig
  1601       else
  1614       else
  1602       {
  1615       {
  1603         // If we did skip that step, set $template_bak to $template to imitate the loading of the Enano API
  1616         // If we did skip the main installer routine, set $template_bak to make the reversal later work properly
  1604         $template_bak = $template;
  1617         $template_bak = $template;
  1605       }
  1618       }
  1606 
  1619 
  1607       // Final step is to rename the config file      
  1620       // Final step is to rename the config file
       
  1621       // In early revisions of 1.0.2, this step was performed prior to the initialization of the Enano API. It was decided to move
       
  1622       // this stage to the end because it will fail more often than any other stage, thus making alternate routes imperative. If this
       
  1623       // stage fails, then no big deal, we'll just have the user rename the files manually and then let them see the pretty success message.
  1608       run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. Please CHMOD the folder where your Enano files are to 777 and click the retry button below, <b><u>or</u></b> perform the following rename operations and then <a href="install.php?mode=finish">finish the installation</a>.<ul><li>Rename config.new.php to config.php</li><li>Rename .htaccess.new to .htaccess (only if you selected Tiny URLs)</li></ul>');
  1624       run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. Please CHMOD the folder where your Enano files are to 777 and click the retry button below, <b><u>or</u></b> perform the following rename operations and then <a href="install.php?mode=finish">finish the installation</a>.<ul><li>Rename config.new.php to config.php</li><li>Rename .htaccess.new to .htaccess (only if you selected Tiny URLs)</li></ul>');
  1609       
  1625       
  1610       close_install_table();
  1626       close_install_table();
  1611       
  1627       
  1612       unset($template);
  1628       unset($template);