117 } |
117 } |
118 |
118 |
119 function start_install_table() |
119 function start_install_table() |
120 { |
120 { |
121 echo '<table border="0" cellspacing="0" cellpadding="0">' . "\n"; |
121 echo '<table border="0" cellspacing="0" cellpadding="0">' . "\n"; |
|
122 ob_start(); |
122 } |
123 } |
123 |
124 |
124 function close_install_table() |
125 function close_install_table() |
125 { |
126 { |
126 echo '</table>' . "\n\n"; |
127 echo '</table>' . "\n\n"; |
|
128 ob_end_flush(); |
127 } |
129 } |
128 |
130 |
129 function echo_stage_success($stage_id, $stage_name) |
131 function echo_stage_success($stage_id, $stage_name) |
130 { |
132 { |
131 global $neutral_color; |
133 global $neutral_color; |
132 $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A'; |
134 $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A'; |
133 ob_start(); |
|
134 echo '<tr><td style="width: 500px; background-color: #' . "{$neutral_color}{$neutral_color}FF{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Done" src="images/good.gif" /></td></tr>' . "\n"; |
135 echo '<tr><td style="width: 500px; background-color: #' . "{$neutral_color}{$neutral_color}FF{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Done" src="images/good.gif" /></td></tr>' . "\n"; |
135 ob_end_flush(); |
136 ob_flush(); |
136 } |
137 } |
137 |
138 |
138 function echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack) |
139 function echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack) |
139 { |
140 { |
140 global $neutral_color; |
141 global $neutral_color; |
141 |
142 |
142 $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A'; |
143 $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A'; |
143 ob_start(); |
|
144 echo '<tr><td style="width: 500px; background-color: #' . "FF{$neutral_color}{$neutral_color}{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Failed" src="images/bad.gif" /></td></tr>' . "\n"; |
144 echo '<tr><td style="width: 500px; background-color: #' . "FF{$neutral_color}{$neutral_color}{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Failed" src="images/bad.gif" /></td></tr>' . "\n"; |
145 ob_end_flush(); |
145 ob_flush(); |
146 close_install_table(); |
146 close_install_table(); |
147 $post_data = ''; |
147 $post_data = ''; |
148 $mysql_error = mysql_error(); |
148 $mysql_error = mysql_error(); |
149 foreach ( $_POST as $key => $value ) |
149 foreach ( $_POST as $key => $value ) |
150 { |
150 { |
376 $key = $aes->hextostring($key); |
376 $key = $aes->hextostring($key); |
377 $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX); |
377 $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX); |
378 |
378 |
379 $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0'; |
379 $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0'; |
380 |
380 |
|
381 $admin_user = $_POST['admin_user']; |
|
382 $admin_user = str_replace('_', ' ', $admin_user); |
|
383 $admin_user = mysql_real_escape_string($admin_user); |
|
384 |
381 $schema = file_get_contents('schema.sql'); |
385 $schema = file_get_contents('schema.sql'); |
382 $schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string($_POST['sitename'] ), $schema); |
386 $schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string($_POST['sitename'] ), $schema); |
383 $schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string($_POST['sitedesc'] ), $schema); |
387 $schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string($_POST['sitedesc'] ), $schema); |
384 $schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string($_POST['copyright'] ), $schema); |
388 $schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string($_POST['copyright'] ), $schema); |
385 $schema = str_replace('{{ADMIN_USER}}', mysql_real_escape_string($_POST['admin_user'] ), $schema); |
389 $schema = str_replace('{{ADMIN_USER}}', $admin_user , $schema); |
386 $schema = str_replace('{{ADMIN_PASS}}', mysql_real_escape_string($admin_pass ), $schema); |
390 $schema = str_replace('{{ADMIN_PASS}}', mysql_real_escape_string($admin_pass ), $schema); |
387 $schema = str_replace('{{ADMIN_EMAIL}}', mysql_real_escape_string($_POST['admin_email']), $schema); |
391 $schema = str_replace('{{ADMIN_EMAIL}}', mysql_real_escape_string($_POST['admin_email']), $schema); |
388 $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff ), $schema); |
392 $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff ), $schema); |
389 $schema = str_replace('{{REAL_NAME}}', '', $schema); |
393 $schema = str_replace('{{REAL_NAME}}', '', $schema); |
390 $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema); |
394 $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema); |
450 $key = stg_generate_aes_key(true); |
454 $key = stg_generate_aes_key(true); |
451 $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); |
455 $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); |
452 $key = $aes->hextostring($key); |
456 $key = $aes->hextostring($key); |
453 $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX); |
457 $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX); |
454 $admin_user = mysql_real_escape_string($_POST['admin_user']); |
458 $admin_user = mysql_real_escape_string($_POST['admin_user']); |
|
459 $admin_user = str_replace('_', ' ', $admin_user); |
455 |
460 |
456 $q = @mysql_query("UPDATE {$_POST['table_prefix']}users SET password='$admin_pass' WHERE username='$admin_user';"); |
461 $q = @mysql_query("UPDATE {$_POST['table_prefix']}users SET password='$admin_pass' WHERE username='$admin_user';"); |
457 if ( !$q ) |
462 if ( !$q ) |
458 { |
463 { |
459 echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>'; |
464 echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>'; |
1545 err('Hacking attempt was detected in table_prefix.'); |
1550 err('Hacking attempt was detected in table_prefix.'); |
1546 |
1551 |
1547 start_install_table(); |
1552 start_install_table(); |
1548 |
1553 |
1549 // Are we just trying to auto-rename the config files? If so, skip everything else |
1554 // Are we just trying to auto-rename the config files? If so, skip everything else |
1550 if ( $_GET['stage'] != 'renameconfig' ) |
1555 if ( !isset($_GET['stage']) || ( isset($_GET['stage']) && $_GET['stage'] != 'renameconfig' ) ) |
1551 { |
1556 { |
1552 |
1557 |
1553 // The stages connect, decrypt, genkey, and parse are preprocessing and don't do any actual data modification. |
1558 // The stages connect, decrypt, genkey, and parse are preprocessing and don't do any actual data modification. |
1554 // Thus, they need to be run on each retry, e.g. never skipped. |
1559 // Thus, they need to be run on each retry, e.g. never skipped. |
1555 run_installer_stage('connect', 'Connect to MySQL', 'stg_mysql_connect', 'MySQL denied our attempt to connect to the database. This is most likely because your login information was incorrect. You will most likely need to <a href="install.php?mode=license">restart the installation</a>.', false); |
1560 run_installer_stage('connect', 'Connect to MySQL', 'stg_mysql_connect', 'MySQL denied our attempt to connect to the database. This is most likely because your login information was incorrect. You will most likely need to <a href="install.php?mode=license">restart the installation</a>.', false); |
1591 // Now that login cookies are set, initialize the session manager and ACLs |
1596 // Now that login cookies are set, initialize the session manager and ACLs |
1592 $session->start(); |
1597 $session->start(); |
1593 $paths->init(); |
1598 $paths->init(); |
1594 |
1599 |
1595 run_installer_stage('initlogs', 'Initialize logs', 'stg_init_logs', '<b>The session manager denied the request to flush logs for the main page.</b><br /> |
1600 run_installer_stage('initlogs', 'Initialize logs', 'stg_init_logs', '<b>The session manager denied the request to flush logs for the main page.</b><br /> |
1596 While under most circumstances you can still <a href="install.php?mode=finish">finish the installation</a>, you should be aware that some servers cannot |
1601 While under most circumstances you can still <a href="install.php?mode=finish">finish the installation</a> after renaming your configuration files, you should be aware that some servers cannot |
1597 properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose |
1602 properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose |
1598 to finish the installation, please be aware that you may be unable to log into your site.'); |
1603 to finish the installation, please be aware that you may be unable to log into your site.'); |
1599 |
1604 |
|
1605 /* |
|
1606 * HACKERS: |
|
1607 * If you're making a custom distribution of Enano, put all your custom plugin-related code here. |
|
1608 * You have access to the full Enano API as well as being logged in with complete admin rights. |
|
1609 * Don't do anything horrendously fancy here, unless you add a new stage (or more than one) and |
|
1610 * have the progress printed out properly. |
|
1611 */ |
|
1612 |
1600 } // check for stage == renameconfig |
1613 } // check for stage == renameconfig |
1601 else |
1614 else |
1602 { |
1615 { |
1603 // If we did skip that step, set $template_bak to $template to imitate the loading of the Enano API |
1616 // If we did skip the main installer routine, set $template_bak to make the reversal later work properly |
1604 $template_bak = $template; |
1617 $template_bak = $template; |
1605 } |
1618 } |
1606 |
1619 |
1607 // Final step is to rename the config file |
1620 // Final step is to rename the config file |
|
1621 // In early revisions of 1.0.2, this step was performed prior to the initialization of the Enano API. It was decided to move |
|
1622 // this stage to the end because it will fail more often than any other stage, thus making alternate routes imperative. If this |
|
1623 // stage fails, then no big deal, we'll just have the user rename the files manually and then let them see the pretty success message. |
1608 run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. Please CHMOD the folder where your Enano files are to 777 and click the retry button below, <b><u>or</u></b> perform the following rename operations and then <a href="install.php?mode=finish">finish the installation</a>.<ul><li>Rename config.new.php to config.php</li><li>Rename .htaccess.new to .htaccess (only if you selected Tiny URLs)</li></ul>'); |
1624 run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. Please CHMOD the folder where your Enano files are to 777 and click the retry button below, <b><u>or</u></b> perform the following rename operations and then <a href="install.php?mode=finish">finish the installation</a>.<ul><li>Rename config.new.php to config.php</li><li>Rename .htaccess.new to .htaccess (only if you selected Tiny URLs)</li></ul>'); |
1609 |
1625 |
1610 close_install_table(); |
1626 close_install_table(); |
1611 |
1627 |
1612 unset($template); |
1628 unset($template); |