Enano CMS (1.1.x): comparison install.php

equal deleted inserted replaced

-:112debff64bd
+:5f1cd51bf1be
 define('contentPath', $sp);
 }
 global $_starttime, $this_page, $sideinfo;
 $_starttime = microtime(true);
+global $db;
 // Determine directory (special case for development servers)
 if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
 {
 $filename = str_replace('/repo/', '/', __FILE__);
 }
 // INSTALLER STAGES
 //
 function stg_mysql_connect($act_get = false)
 {
+global $db;
+$db = new mysql();
 static $conn = false;
 if ( $act_get )
 return $conn;
 $db_user =& $_POST['db_user'];
 {
 // really failed this time; bail out
 return false;
 }
 }
+// initialize DBAL
+$db->connect(true, $_POST['db_host'], $db_user, $db_pass, $db_name);
 // connected and database exists
 return true;
 }
+function stg_pgsql_connect($act_get = false)
+{
+global $db;
+$db = new postgresql();
+static $conn = false;
+if ( $act_get )
+return $conn;
+$db_user =& $_POST['db_user'];
+$db_pass =& $_POST['db_pass'];
+$db_name =& $_POST['db_name'];
+if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) )
+{
+$db_name = htmlspecialchars($db_name);
+die("<p>SECURITY: malformed database name \"$db_name\"</p>");
+}
+// First, try to connect using the normal credentials
+$conn = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_user']} password={$_POST['db_pass']}");
+if ( !$conn )
+{
+// Connection failed. Do we have the root username and password?
+if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+{
+$conn_root = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_root_user']} password={$_POST['db_root_pass']}");
+if ( !$conn_root )
+{
+// Couldn't connect using either set of credentials. Bail out.
+return false;
+}
+unset($db_user, $db_pass);
+$db_user = pg_escape_string($_POST['db_user']);
+$db_pass = pg_escape_string($_POST['db_pass']);
+// Create the user account
+$q = @pg_query("CREATE ROLE '$db_user' WITH NOSUPERUSER UNENCRYPTED PASSWORD '$db_pass';", $conn_root);
+if ( !$q )
+{
+return false;
+}
+pg_close($conn_root);
+$conn = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_user']} password={$_POST['db_pass']}");
+if ( !$conn )
+{
+// This should honestly never happen.
+return false;
+}
+}
+}
+if ( !$q )
+{
+// access denied to the database; try the whole root schenanegan again
+if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+{
+$conn_root = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_root_user']} password={$_POST['db_root_pass']}");
+if ( !$conn_root )
+{
+// Couldn't connect as root; bail out
+return false;
+}
+unset($db_user, $db_pass);
+$db_user = pg_escape_string($_POST['db_user']);
+$db_pass = pg_escape_string($_POST['db_pass']);
+// create the database, if it doesn't exist
+$q = @mysql_query("CREATE DATABASE $db_name WITH OWNER $db_user;", $conn_root);
+if ( !$q )
+{
+// this really should never fail, so don't give any tolerance to it
+return false;
+}
+// Setting the owner to $db_user should grant all the rights we need
+pg_close($conn_root);
+// grant tables have hopefully been flushed, kill and reconnect our regular user connection
+pg_close($conn);
+$conn = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_user']} password={$_POST['db_pass']}");
+if ( !$conn )
+{
+return false;
+}
+}
+else
+{
+return false;
+}
+// try again
+$q = @mysql_query("USE `$db_name`;", $conn);
+if ( !$q )
+{
+// really failed this time; bail out
+return false;
+}
+}
+// initialize DBAL
+$db->connect(true, $_POST['db_host'], $db_user, $db_pass, $db_name);
+// connected and database exists
+return true;
+}
 function stg_drop_tables()
 {
-$conn = stg_mysql_connect(true);
+global $db;
-if ( !$conn )
-return false;
 // Our list of tables included in Enano
 $tables = Array( 'categories', 'comments', 'config', 'logs', 'page_text', 'session_keys', 'pages', 'users', 'users_extra', 'themes', 'buddies', 'banlist', 'files', 'privmsgs', 'sidebar', 'hits', 'search_index', 'groups', 'group_members', 'acl', 'tags', 'page_groups', 'page_group_members' );
 // Drop each table individually; if it fails, it probably means we're trying to drop a
 // table that didn't exist in the Enano version we're deleting the database for.
 foreach ( $tables as $table )
 {
 // Remember that table_prefix is sanitized.
 $table = "{$_POST['table_prefix']}$table";
-@mysql_query("DROP TABLE $table;", $conn);
+$db->sql_query("DROP TABLE $table;", $conn);
 }
 return true;
 }
 function stg_decrypt_admin_pass($act_get = false)
 {
 static $schema;
 if ( $act_get )
 return $schema;
+global $db;
 $admin_pass = stg_decrypt_admin_pass(true);
 $key = stg_generate_aes_key(true);
 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
 $key = $aes->hextostring($key);
 $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
 $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
 $admin_user = $_POST['admin_user'];
 $admin_user = str_replace('_', ' ', $admin_user);
-$admin_user = mysql_real_escape_string($admin_user);
+$admin_user = $db->escape($admin_user);
-$schema = file_get_contents('schema.sql');
+switch ( $_POST['db_driver'] )
-$schema = str_replace('{{SITE_NAME}}',    mysql_real_escape_string($_POST['sitename']   ), $schema);
+{
-$schema = str_replace('{{SITE_DESC}}',    mysql_real_escape_string($_POST['sitedesc']   ), $schema);
+case 'mysql':
-$schema = str_replace('{{COPYRIGHT}}',    mysql_real_escape_string($_POST['copyright']  ), $schema);
+$schema_file = 'schema.sql';
+break;
+case 'postgresql':
+$schema_file = 'schema-pg.sql';
+break;
+}
+if ( !isset($schema_file) )
+die('insanity');
+$schema = file_get_contents($schema_file);
+$schema = str_replace('{{SITE_NAME}}',    $db->escape($_POST['sitename']   ), $schema);
+$schema = str_replace('{{SITE_DESC}}',    $db->escape($_POST['sitedesc']   ), $schema);
+$schema = str_replace('{{COPYRIGHT}}',    $db->escape($_POST['copyright']  ), $schema);
 $schema = str_replace('{{ADMIN_USER}}',   $admin_user                                    , $schema);
-$schema = str_replace('{{ADMIN_PASS}}',   mysql_real_escape_string($admin_pass          ), $schema);
+$schema = str_replace('{{ADMIN_PASS}}',   $db->escape($admin_pass          ), $schema);
-$schema = str_replace('{{ADMIN_EMAIL}}',  mysql_real_escape_string($_POST['admin_email']), $schema);
+$schema = str_replace('{{ADMIN_EMAIL}}',  $db->escape($_POST['admin_email']), $schema);
-$schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff          ), $schema);
+$schema = str_replace('{{ENABLE_CACHE}}', $db->escape($cacheonoff          ), $schema);
 $schema = str_replace('{{REAL_NAME}}',    '',                                              $schema);
 $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'],                          $schema);
 $schema = str_replace('{{VERSION}}',      ENANO_VERSION,                                   $schema);
 $schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'],                    $schema);
 // Not anymore!! :-D
 $cv = not($cv);
 $val = eval($code);
 if($val)
 {
 if($cv) $color='CCFFCC'; else $color='AAFFAA';
-echo "<tr><td style='background-color: #$color; width: 500px;'>$desc</td><td style='padding-left: 10px;'><img alt='Test passed' src='images/good.gif' /></td></tr>";
+echo "<tr><td style='background-color: #$color; width: 500px; padding: 5px;'>$desc</td><td style='padding-left: 10px;'><img alt='Test passed' src='images/good.gif' /></td></tr>";
 } elseif(!$val && $warn) {
 if($cv) $color='FFFFCC'; else $color='FFFFAA';
-echo "<tr><td style='background-color: #$color; width: 500px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test passed with warning' src='images/unknown.gif' /></td></tr>";
+echo "<tr><td style='background-color: #$color; width: 500px; padding: 5px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test passed with warning' src='images/unknown.gif' /></td></tr>";
 $warned = true;
 } else {
 if($cv) $color='FFCCCC'; else $color='FFAAAA';
-echo "<tr><td style='background-color: #$color; width: 500px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test failed' src='images/bad.gif' /></td></tr>";
+echo "<tr><td style='background-color: #$color; width: 500px; padding: 5px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test failed' src='images/bad.gif' /></td></tr>";
 $failed = true;
 }
 }
 function is_apache() { $r = strstr($_SERVER['SERVER_SOFTWARE'], 'Apache') ? true : false; return $r; }
 $v = mysql_get_server_info();
 if(version_compare($v, '4.1.17', '<')) die('vers'.$v);
 mysql_close($conn);
 die('good');
 break;
+case 'pgsql_test':
+error_reporting(0);
+$dbhost     = rawurldecode($_POST['host']);
+$dbname     = rawurldecode($_POST['name']);
+$dbuser     = rawurldecode($_POST['user']);
+$dbpass     = rawurldecode($_POST['pass']);
+$dbrootuser = rawurldecode($_POST['root_user']);
+$dbrootpass = rawurldecode($_POST['root_pass']);
+if($dbrootuser != '')
+{
+$conn = @pg_connect("host=$dbhost port=5432 user=$dbuser password=$dbpass dbname=$dbname");
+if(!$conn)
+{
+$e = pg_last_error();
+if(strstr($e, "Lost connection"))
+die('host'.$e);
+else
+die('root'.$e);
+}
+$rsp = 'good';
+$q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
+if(!$q)
+{
+$e = mysql_error();
+if(strstr($e, 'Unknown database'))
+{
+$rsp .= '_creating_db';
+}
+}
+mysql_close($conn);
+$conn = mysql_connect($dbhost, $dbuser, $dbpass);
+if(!$conn)
+{
+$e = mysql_error();
+if(strstr($e, "Lost connection"))
+die('host'.$e);
+else
+$rsp .= '_creating_user';
+}
+mysql_close($conn);
+die($rsp);
+}
+else
+{
+$conn = mysql_connect($dbhost, $dbuser, $dbpass);
+if(!$conn)
+{
+$e = mysql_error();
+if(strstr($e, "Lost connection"))
+die('host'.$e);
+else
+die('auth'.$e);
+}
+$q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
+if(!$q)
+{
+$e = mysql_error();
+if(strstr($e, 'Unknown database'))
+{
+die('name'.$e);
+}
+else
+{
+die('perm'.$e);
+}
+}
+}
+$v = mysql_get_server_info();
+if(version_compare($v, '4.1.17', '<')) die('vers'.$v);
+mysql_close($conn);
+die('good');
+break;
 case 'pophelp':
 $topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid';
 switch($topic)
 {
 case 'admin_embed_php':
 $modestrings = Array(
 'welcome' => 'Welcome',
 'license' => 'License Agreement',
 'sysreqs' => 'Server requirements',
-'database'=> 'Database information',
+'database' => 'Select database driver',
+'database_mysql'=> 'Database information',
+'database_pgsql'=> 'Database information',
 'website' => 'Website configuration',
 'login'   => 'Administration login',
 'confirm' => 'Confirm installation',
 'install' => 'Database installation',
 'finish'  => 'Installation complete',
 <p>Enano has several requirements that must be met before it can be installed. If all is good then note any warnings and click Continue below.</p>
 <table border="0" cellspacing="0" cellpadding="0">
 <?php
 run_test('return version_compare(\'4.3.0\', PHP_VERSION, \'<\');', 'PHP Version >=4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.');
 run_test('return version_compare(\'5.2.0\', PHP_VERSION, \'<\');', 'PHP 5.2.0 or later', 'Your server does not have support for PHP 5.2.0. While you may continue installing Enano, please be warned that as of December 31, 2007, all support for Enano on PHP 4 servers is discontinued. If you have at least PHP 5.0.0, support will still be available, but there are many security problems in PHP versions under 5.2.0 that Enano cannot effectively prevent.', true);
-run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.');
+run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. The MySQL database driver will be unavailable. In many cases this is OK if you have another supported database type available. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.', true);
+run_test('return function_exists(\'pg_connect\');', 'PostgreSQL extension for PHP', 'It seems that your PHP installation does not have the PostgreSQL extension enabled. Because of this, you won\'t be able to use the PostgreSQL database driver. This is OK in the majority of cases. If you want to use PostgreSQL support, you\'ll need to either compile the PHP extension for Postgres or install the extension with your distribution\'s package manager. Windows administrators will need enable php_pgsql.dll in their php.ini.', true);
 run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".');
 run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true);
 //run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true);
 run_test('return is_writable(ENANO_ROOT.\'/config.new.php\');', 'Configuration file writable', 'It looks like the configuration file, config.new.php, is not writable. Enano needs to be able to write to this file in order to install.<br /><br /><b>If you are installing Enano on a SourceForge web site:</b><br />SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.');
 run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the &lt;img&gt; tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.<br /><br />If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true);
 run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true);
 run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true);
+if ( !function_exists('mysql_connect') && !function_exists('pg_connect') )
+{
+run_test('return false;', 'No database drivers are available.', 'You need to have at least one database driver working to install Enano. See the warnings on MySQL and PostgreSQL above for more information on installing these database drivers.', false);
+}
 echo '</table>';
 if(!$failed)
 {
 ?>
 }
 ?>
 <?php
 break;
 case "database":
+echo '<h3>Choose a database driver</h3>';
+echo '<p>The next step is to choose the database driver that Enano will use. In most cases this is MySQL, but there are certain
+advantages to PostgreSQL, which is made available only experimentally.</p>';
+if ( @file_exists('/etc/enano-is-virt-appliance') )
+{
+echo '<p><b>You\'re using the Enano virtual appliance.</b><br />Unless you configured the appliance manually, PostgreSQL support is not available. In 99% of cases you\'ll want to click MySQL below.</p>';
+}
+$mysql_disable_reason = '';
+$pgsql_disable_reason = '';
+$mysql_disable = '';
+$pgsql_disable = '';
+if ( !function_exists('mysql_connect') )
+{
+$mysql_disable = ' disabled="disabled"';
+$mysql_disable_reason = 'You don\'t have the MySQL PHP extension installed.';
+}
+if ( !function_exists('pg_connect') )
+{
+$pgsql_disable = ' disabled="disabled"';
+$pgsql_disable_reason = 'You don\'t have the PostgreSQL PHP extensnion installed.';
+}
+if ( function_exists('pg_connect') && version_compare(PHP_VERSION, '5.0.0', '<') )
+{
+$pgsql_disable = ' disabled="disabled"';
+$pgsql_disable_reason = 'You need to have at least PHP 5 to use the PostgreSQL database driver.';
+}
+echo '<form action="install.php" method="get">';
+?>
+<table border="0" cellspacing="5">
+<tr>
+<td>
+<input type="image" name="mode" value="database_mysql" src="images/about-powered-mysql.png"<?php echo $mysql_disable; ?>/>
+</td>
+<td<?php if ( $mysql_disable ) echo ' style="opacity: 0.5; filter: alpha(opacity=50);"'; ?>>
+<b>MySQL</b><br />
+Click this button to use MySQL as the database backend for your site. Most web hosts support MySQL, and if you have
+administrative access to your MySQL server, you can create a new database and user during this installation process if you
+haven't done so already.
+<?php
+if ( $mysql_disable )
+{
+echo "<br /><br /><b>$mysql_disable_reason</b>";
+}
+?>
+</td>
+</tr>
+<tr>
+<td>
+<input type="image" name="mode" value="database_pgsql" src="images/about-powered-pgsql.png"<?php echo $pgsql_disable; ?> />
+</td>
+<td<?php if ( $pgsql_disable ) echo ' style="opacity: 0.5; filter: alpha(opacity=50);"'; ?>>
+<b>PostgreSQL</b><br />
+Click this button to use PostgreSQL as the database backend for your site. While not as widely supported, PostgreSQL has more
+liberal licensing conditions and when properly configured is faster than MySQL. Some plugins may not work with the PostgreSQL
+driver.
+<?php
+if ( $pgsql_disable )
+{
+echo "<br /><br /><b>$pgsql_disable_reason</b>";
+}
+?>
+</td>
+</tr>
+</table>
+<?php
+echo '</form>';
+break;
+case "database_mysql":
 ?>
 <script type="text/javascript">
 function ajaxGet(uri, f) {
 if (window.XMLHttpRequest) {
 ajax = new XMLHttpRequest();
 {
 echo '<p><b>MySQL login information for this virtual appliance:</b><br /><br />Database hostname: localhost<br />Database login: username "enano", password: "clurichaun" (without quotes)<br />Database name: enano_www1</p>';
 }
 ?>
 <form name="dbinfo" action="install.php?mode=website" method="post">
+<input type="hidden" name="db_driver" value="mysql" />
 <table border="0">
 <tr><td colspan="3" style="text-align: center"><h3>Database information</h3></td></tr>
 <tr><td><b>Database hostname</b><br />This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".<br /><span style="color: #993300" id="e_db_host"></span></td><td><input onkeyup="verify();" name="db_host" size="30" type="text" /></td><td><img id="s_db_host" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
 <tr><td><b>Database name</b><br />The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a MySQL user with administrative rights.<br /><span style="color: #993300" id="e_db_name"></span></td><td><input onkeyup="verify();" name="db_name" size="30" type="text" /></td><td><img id="s_db_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
 <tr><td rowspan="2"><b>Database login</b><br />These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace" privileges for your database.<br /><span style="color: #993300" id="e_db_auth"></span></td><td><input onkeyup="verify();" name="db_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_auth" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
 </table>
 <div class="pagenav">
 <table border="0">
 <tr>
 <td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Check your MySQL connection using the "Test Connection" button.<br />&bull; Be aware that your database information will be transmitted unencrypted several times.</p></td>
+</tr>
+</table>
+</div>
+</form>
+<?php
+break;
+case "database_pgsql":
+?>
+<script type="text/javascript">
+function ajaxGet(uri, f) {
+if (window.XMLHttpRequest) {
+ajax = new XMLHttpRequest();
+} else {
+if (window.ActiveXObject) {
+ajax = new ActiveXObject("Microsoft.XMLHTTP");
+} else {
+alert('Enano client-side runtime error: No AJAX support, unable to continue');
+return;
+}
+}
+ajax.onreadystatechange = f;
+ajax.open('GET', uri, true);
+ajax.send(null);
+}
+function ajaxPost(uri, parms, f) {
+if (window.XMLHttpRequest) {
+ajax = new XMLHttpRequest();
+} else {
+if (window.ActiveXObject) {
+ajax = new ActiveXObject("Microsoft.XMLHTTP");
+} else {
+alert('Enano client-side runtime error: No AJAX support, unable to continue');
+return;
+}
+}
+ajax.onreadystatechange = f;
+ajax.open('POST', uri, true);
+ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ajax.setRequestHeader("Content-length", parms.length);
+ajax.setRequestHeader("Connection", "close");
+ajax.send(parms);
+}
+function ajaxTestConnection()
+{
+v = verify();
+if(!v)
+{
+alert('One or more of the form fields is incorrect. Please correct any information in the form that has an "X" next to it.');
+return false;
+}
+var frm = document.forms.dbinfo;
+db_host      = escape(frm.db_host.value.replace('+', '%2B'));
+db_name      = escape(frm.db_name.value.replace('+', '%2B'));
+db_user      = escape(frm.db_user.value.replace('+', '%2B'));
+db_pass      = escape(frm.db_pass.value.replace('+', '%2B'));
+db_root_user = escape(frm.db_root_user.value.replace('+', '%2B'));
+db_root_pass = escape(frm.db_root_pass.value.replace('+', '%2B'));
+parms = 'host='+db_host+'&name='+db_name+'&user='+db_user+'&pass='+db_pass+'&root_user='+db_root_user+'&root_pass='+db_root_pass;
+ajaxPost('<?php echo scriptPath; ?>/install.php?mode=pgsql_test', parms, function() {
+if(ajax.readyState==4)
+{
+s = ajax.responseText.substr(0, 4);
+t = ajax.responseText.substr(4, ajax.responseText.length);
+if(s.substr(0, 4)=='good')
+{
+document.getElementById('s_db_host').src='images/good.gif';
+document.getElementById('s_db_name').src='images/good.gif';
+document.getElementById('s_db_auth').src='images/good.gif';
+document.getElementById('s_db_root').src='images/good.gif';
+if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
+if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
+document.getElementById('s_mysql_version').src='images/good.gif';
+document.getElementById('e_mysql_version').innerHTML = 'Your version of PostgreSQL meets Enano requirements.';
+}
+else
+{
+switch(s)
+{
+case 'host':
+document.getElementById('s_db_host').src='images/bad.gif';
+document.getElementById('s_db_name').src='images/unknown.gif';
+document.getElementById('s_db_auth').src='images/unknown.gif';
+document.getElementById('s_db_root').src='images/unknown.gif';
+document.getElementById('e_db_host').innerHTML = '<b>Error:<\/b> The database server "'+document.forms.dbinfo.db_host.value+'" couldn\'t be contacted.<br \/>'+t;
+document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+break;
+case 'auth':
+document.getElementById('s_db_host').src='images/good.gif';
+document.getElementById('s_db_name').src='images/unknown.gif';
+document.getElementById('s_db_auth').src='images/bad.gif';
+document.getElementById('s_db_root').src='images/unknown.gif';
+document.getElementById('e_db_auth').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
+document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+break;
+case 'perm':
+document.getElementById('s_db_host').src='images/good.gif';
+document.getElementById('s_db_name').src='images/bad.gif';
+document.getElementById('s_db_auth').src='images/good.gif';
+document.getElementById('s_db_root').src='images/unknown.gif';
+document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> Access to the specified database using those login credentials was denied.<br \/>'+t;
+document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+break;
+case 'name':
+document.getElementById('s_db_host').src='images/good.gif';
+document.getElementById('s_db_name').src='images/bad.gif';
+document.getElementById('s_db_auth').src='images/good.gif';
+document.getElementById('s_db_root').src='images/unknown.gif';
+document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> The specified database does not exist<br \/>'+t;
+document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+break;
+case 'root':
+document.getElementById('s_db_host').src='images/good.gif';
+document.getElementById('s_db_name').src='images/unknown.gif';
+document.getElementById('s_db_auth').src='images/unknown.gif';
+document.getElementById('s_db_root').src='images/bad.gif';
+document.getElementById('e_db_root').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
+document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+break;
+case 'vers':
+document.getElementById('s_db_host').src='images/good.gif';
+document.getElementById('s_db_name').src='images/good.gif';
+document.getElementById('s_db_auth').src='images/good.gif';
+document.getElementById('s_db_root').src='images/good.gif';
+if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
+if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
+document.getElementById('e_mysql_version').innerHTML = '<b>Error:<\/b> Your version of MySQL ('+t+') is older than 4.1.17. Enano will still work, but there is a known bug with the comment system and MySQL 4.1.11 that involves some comments not being displayed, due to an issue with the PHP function mysql_fetch_row().';
+document.getElementById('s_mysql_version').src='images/bad.gif';
+default:
+alert(t);
+break;
+}
+}
+}
+});
+}
+function verify()
+{
+document.getElementById('e_db_host').innerHTML = '';
+document.getElementById('e_db_auth').innerHTML = '';
+document.getElementById('e_db_name').innerHTML = '';
+document.getElementById('e_db_root').innerHTML = '';
+var frm = document.forms.dbinfo;
+ret = true;
+if(frm.db_host.value != '')
+{
+document.getElementById('s_db_host').src='images/unknown.gif';
+}
+else
+{
+document.getElementById('s_db_host').src='images/bad.gif';
+ret = false;
+}
+if(frm.db_name.value.match(/^([a-z0-9_-]+)$/g))
+{
+document.getElementById('s_db_name').src='images/unknown.gif';
+}
+else
+{
+document.getElementById('s_db_name').src='images/bad.gif';
+ret = false;
+}
+if(frm.db_user.value != '')
+{
+document.getElementById('s_db_auth').src='images/unknown.gif';
+}
+else
+{
+document.getElementById('s_db_auth').src='images/bad.gif';
+ret = false;
+}
+if(frm.table_prefix.value.match(/^([a-z0-9_]*)$/g))
+{
+document.getElementById('s_table_prefix').src='images/good.gif';
+}
+else
+{
+document.getElementById('s_table_prefix').src='images/bad.gif';
+ret = false;
+}
+if(frm.db_root_user.value == '')
+{
+document.getElementById('s_db_root').src='images/good.gif';
+}
+else if(frm.db_root_user.value != '' && frm.db_root_pass.value == '')
+{
+document.getElementById('s_db_root').src='images/bad.gif';
+ret = false;
+}
+else
+{
+document.getElementById('s_db_root').src='images/unknown.gif';
+}
+if(ret) frm._cont.disabled = false;
+else    frm._cont.disabled = true;
+return ret;
+}
+window.onload = verify;
+</script>
+<p>Now we need some information that will allow Enano to contact your database server. Enano uses PostgreSQL as a data storage backend,
+and we need to have access to a PostgreSQL server in order to continue.</p>
+<p>If you do not have access to a PostgreSQL server, and you are using your own server, you can download PostgreSQL for free from
+<a href="http://www.postgresql.org/">PostgreSQL.org</a>.</p>
+<form name="dbinfo" action="install.php?mode=website" method="post">
+<input type="hidden" name="db_driver" value="postgresql" />
+<table border="0">
+<tr><td colspan="3" style="text-align: center"><h3>Database information</h3></td></tr>
+<tr><td><b>Database hostname</b><br />This is the hostname (or sometimes the IP address) of your Postgres server. In many cases, this is "localhost".<br /><span style="color: #993300" id="e_db_host"></span></td><td><input onkeyup="verify();" name="db_host" size="30" type="text" /></td><td><img id="s_db_host" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+<tr><td><b>Database name</b><br />The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a PostgreSQL superuser.<br /><span style="color: #993300" id="e_db_name"></span></td><td><input onkeyup="verify();" name="db_name" size="30" type="text" /></td><td><img id="s_db_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+<tr><td rowspan="2"><b>Database login</b><br />These fields should be the username and password for a role that has permission to create and alter tables, select data, insert data, update data, and delete data. You may or may not choose to allow dropping tables.<br /><span style="color: #993300" id="e_db_auth"></span></td><td><input onkeyup="verify();" name="db_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_auth" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+<tr><td><input name="db_pass" size="30" type="password" /></td></tr>
+<tr><td colspan="3" style="text-align: center"><h3>Optional information</h3></td></tr>
+<tr><td><b>Table prefix</b><br />The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), numbers (0-9), and underscores (_).</td><td><input onkeyup="verify();" name="table_prefix" size="30" type="text" /></td><td><img id="s_table_prefix" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+<tr><td rowspan="2"><b>Database administrative login</b><br />If the Postgres database or role that you entered above does not exist yet, you can create them here, assuming that you have the login information for a PostgreSQL superuser. Leave these fields blank unless you need to use them.<br /><span style="color: #993300" id="e_db_root"></span></td><td><input onkeyup="verify();" name="db_root_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_root" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+<tr><td><input onkeyup="verify();" name="db_root_pass" size="30" type="password" /></td></tr>
+<tr><td><b>PostgreSQL version</b></td><td id="e_mysql_version">PostgreSQL version information will<br />be checked when you click "Test<br />Connection". You need to have at<br />least PostgreSQL 8.2.0 to install Enano.</td><td><img id="s_mysql_version" alt="Good/bad icon" src="images/unknown.gif" /></td></tr>
+<tr><td><b>Delete existing tables?</b><br />If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do NOT use this option unless specifically instructed to.</td><td><input type="checkbox" name="drop_tables" id="dtcheck" />  <label for="dtcheck">Drop existing tables</label></td></tr>
+<tr><td colspan="3" style="text-align: center"><input type="button" value="Test connection" onclick="ajaxTestConnection();" /></td></tr>
+</table>
+<div class="pagenav">
+<table border="0">
+<tr>
+<td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Check your PostgreSQL connection using the "Test Connection" button.<br />&bull; Be aware that your database information will be transmitted unencrypted several times.</p></td>
 </tr>
 </table>
 </div>
 </form>
 <?php
 case "install":
 if(!isset($_POST['db_host']) ||
 !isset($_POST['db_name']) ||
 !isset($_POST['db_user']) ||
 !isset($_POST['db_pass']) ||
+!isset($_POST['db_driver']) ||
 !isset($_POST['sitename']) ||
 !isset($_POST['sitedesc']) ||
 !isset($_POST['copyright']) ||
 !isset($_POST['admin_user']) ||
 !isset($_POST['admin_pass']) ||
 !isset($_POST['admin_embed_php']) || ( isset($_POST['admin_embed_php']) && !in_array($_POST['admin_embed_php'], array('2', '4')) ) ||
 !isset($_POST['urlscheme'])
 )
 {
 echo 'The installer has detected that one or more required form values is not set. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+$template->footer();
+exit;
+}
+if ( !in_array($_POST['db_driver'], array('mysql', 'postgresql')) )
+{
+echo 'Invalid database driver.';
 $template->footer();
 exit;
 }
 switch($_POST['urlscheme'])
 {

changeset 322	5f1cd51bf1be
parent 317	f8356d9c3481
child 326	ab66d6d1f1f4
child 442	4da2dfc28728