Enano CMS (1.1.x): comparison install.php

equal deleted inserted replaced

-:90b7a52bea45
+:62ee6685ad18
 <?php
 /*
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
-* Version 1.1.1
+* Version 1.0.2 (Coblynau)
 * Copyright (C) 2006-2007 Dan Fuhry
 * install.php - handles everything related to installation and initial configuration
 *
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
 */
 @include('config.php');
-if( ( defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED') ) && ((isset($_GET['mode']) && ($_GET['mode']!='finish' && $_GET['mode']!='css')) || !isset($_GET['mode']))) {
+if( ( defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED') ) && ((isset($_GET['mode']) && ($_GET['mode']!='finish' && $_GET['mode']!='css')) || !isset($_GET['mode'])))
+{
 $_GET['title'] = 'Enano:Installation_locked';
 require('includes/common.php');
 die_friendly('Installation locked', '<p>The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.</p><p>If you wish to upgrade an older Enano installation to this version, please use the <a href="upgrade.php">upgrade script</a>.</p>');
 exit;
 }
 define('IN_ENANO_INSTALL', 'true');
-define('ENANO_VERSION', '1.1.1');
+define('ENANO_VERSION', '1.0.2');
 // In beta versions, define ENANO_BETA_VERSION here
 if(!defined('scriptPath')) {
 $sp = dirname($_SERVER['REQUEST_URI']);
 if($sp == '/' || $sp == '\\') $sp = '';
 require('includes/constants.php');
 require('includes/rijndael.php');
 require('includes/functions.php');
 strip_magic_quotes_gpc();
+$neutral_color = 'C';
+//
+// INSTALLER LIBRARY
+//
+function run_installer_stage($stage_id, $stage_name, $function, $failure_explanation, $allow_skip = true)
+{
+static $resumed = false;
+static $resume_stack = array();
+if ( empty($resume_stack) && isset($_POST['resume_stack']) && preg_match('/[a-z_]+((\|[a-z_]+)+)/', $_POST['resume_stack']) )
+{
+$resume_stack = explode('|', $_POST['resume_stack']);
+}
+$already_run = false;
+if ( in_array($stage_id, $resume_stack) )
+{
+$already_run = true;
+}
+if ( !$resumed )
+{
+if ( !isset($_GET['stage']) )
+$resumed = true;
+if ( isset($_GET['stage']) && $_GET['stage'] == $stage_id )
+{
+$resumed = true;
+}
+}
+if ( !$resumed && $allow_skip )
+{
+echo_stage_success($stage_id, "[dbg: skipped] $stage_name");
+return false;
+}
+if ( !function_exists($function) )
+die('libenanoinstall: CRITICAL: function "' . $function . '" for ' . $stage_id . ' doesn\'t exist');
+$result = @call_user_func($function, false, $already_run);
+if ( $result )
+{
+echo_stage_success($stage_id, $stage_name);
+$resume_stack[] = $stage_id;
+return true;
+}
+else
+{
+echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack);
+return false;
+}
+}
+function start_install_table()
+{
+echo '<table border="0" cellspacing="0" cellpadding="0">' . "\n";
+}
+function close_install_table()
+{
+echo '</table>' . "\n\n";
+}
+function echo_stage_success($stage_id, $stage_name)
+{
+global $neutral_color;
+$neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
+ob_start();
+echo '<tr><td style="width: 500px; background-color: #' . "{$neutral_color}{$neutral_color}FF{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Done" src="images/good.gif" /></td></tr>' . "\n";
+ob_end_flush();
+}
+function echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack)
+{
+global $neutral_color;
+$neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
+ob_start();
+echo '<tr><td style="width: 500px; background-color: #' . "FF{$neutral_color}{$neutral_color}{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Failed" src="images/bad.gif" /></td></tr>' . "\n";
+ob_end_flush();
+close_install_table();
+$post_data = '';
+$mysql_error = mysql_error();
+foreach ( $_POST as $key => $value )
+{
+$value = htmlspecialchars($value);
+$key = htmlspecialchars($key);
+$post_data .= "          <input type=\"hidden\" name=\"$key\" value=\"$value\" />\n";
+}
+echo '<form action="install.php?mode=install&amp;stage=' . $stage_id . '" method="post">
+' . $post_data . '
+<input type="hidden" name="resume_stack" value="' . htmlspecialchars(implode('|', $resume_stack)) . '" />
+<h3>Enano installation failed.</h3>
+<p>' . $failure_explanation . '</p>
+' . ( !empty($mysql_error) ? "<p>The error returned from MySQL was: $mysql_error</p>" : '' ) . '
+<p>When you have corrected the error, click the button below to attempt to continue the installation.</p>
+<p style="text-align: center;"><input type="submit" value="Retry installation" /></p>
+</form>';
+global $template, $template_bak;
+if ( is_object($template_bak) )
+$template_bak->footer();
+else
+$template->footer();
+exit;
+}
+//
+// INSTALLER STAGES
+//
+function stg_mysql_connect($act_get = false)
+{
+static $conn = false;
+if ( $act_get )
+return $conn;
+$db_user =& $_POST['db_user'];
+$db_pass =& $_POST['db_pass'];
+$db_name =& $_POST['db_name'];
+if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) )
+{
+$db_name = htmlspecialchars($db_name);
+die("<p>SECURITY: malformed database name \"$db_name\"</p>");
+}
+// First, try to connect using the normal credentials
+$conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+if ( !$conn )
+{
+// Connection failed. Do we have the root username and password?
+if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+{
+$conn_root = @mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
+if ( !$conn_root )
+{
+// Couldn't connect using either set of credentials. Bail out.
+return false;
+}
+unset($db_user, $db_pass);
+$db_user = mysql_real_escape_string($_POST['db_user']);
+$db_pass = mysql_real_escape_string($_POST['db_pass']);
+// Create the user account
+$q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root);
+if ( !$q )
+{
+return false;
+}
+// Revoke privileges from test, we don't need them
+$q = @mysql_query("REVOKE ALL PRIVILEGES ON test.* FROM '{$db_user}'@'localhost';", $conn_root);
+if ( !$q )
+{
+return false;
+}
+if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' )
+{
+// If not connecting to a server running on localhost, allow from any host
+// this is safer than trying to detect the hostname of the webserver, but less secure
+$q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'%' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root);
+if ( !$q )
+{
+return false;
+}
+// Revoke privileges from test, we don't need them
+$q = @mysql_query("REVOKE ALL PRIVILEGES ON test.* FROM '{$db_user}'@'%';", $conn_root);
+if ( !$q )
+{
+return false;
+}
+}
+mysql_close($conn_root);
+$conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+if ( !$conn )
+{
+// This should honestly never happen.
+return false;
+}
+}
+}
+$q = @mysql_query("USE `$db_name`;", $conn);
+if ( !$q )
+{
+// access denied to the database; try the whole root schenanegan again
+if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+{
+$conn_root = @mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
+if ( !$conn_root )
+{
+// Couldn't connect as root; bail out
+return false;
+}
+// create the database, if it doesn't exist
+$q = @mysql_query("CREATE DATABASE IF NOT EXISTS `$db_name`;", $conn_root);
+if ( !$q )
+{
+// this really should never fail, so don't give any tolerance to it
+return false;
+}
+unset($db_user, $db_pass);
+$db_user = mysql_real_escape_string($_POST['db_user']);
+$db_pass = mysql_real_escape_string($_POST['db_pass']);
+// we're in with root rights; grant access to the database
+$q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'localhost';", $conn_root);
+if ( !$q )
+{
+return false;
+}
+if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' )
+{
+$q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'%';", $conn_root);
+if ( !$q )
+{
+return false;
+}
+}
+mysql_close($conn_root);
+// grant tables have hopefully been flushed, kill and reconnect our regular user connection
+mysql_close($conn);
+$conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+if ( !$conn )
+{
+return false;
+}
+}
+else
+{
+return false;
+}
+// try again
+$q = @mysql_query("USE `$db_name`;", $conn);
+if ( !$q )
+{
+// really failed this time; bail out
+return false;
+}
+}
+// connected and database exists
+return true;
+}
+function stg_drop_tables()
+{
+$conn = stg_mysql_connect(true);
+if ( !$conn )
+return false;
+// Our list of tables included in Enano
+$tables = Array( 'categories', 'comments', 'config', 'logs', 'page_text', 'session_keys', 'pages', 'users', 'users_extra', 'themes', 'buddies', 'banlist', 'files', 'privmsgs', 'sidebar', 'hits', 'search_index', 'groups', 'group_members', 'acl', 'search_cache', 'tags', 'page_groups', 'page_group_members' );
+// Drop each table individually; if it fails, it probably means we're trying to drop a
+// table that didn't exist in the Enano version we're deleting the database for.
+foreach ( $tables as $table )
+{
+// Remember that table_prefix is sanitized.
+$table = "{$_POST['table_prefix']}$table";
+@mysql_query("DROP TABLE $table;", $conn);
+}
+return true;
+}
+function stg_decrypt_admin_pass($act_get = false)
+{
+static $decrypted_pass = false;
+if ( $act_get )
+return $decrypted_pass;
+$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+if ( !empty($_POST['crypt_data']) )
+{
+require('config.new.php');
+if ( !isset($cryptkey) )
+{
+return false;
+}
+define('_INSTRESUME_AES_KEYBACKUP', $key);
+$key = hexdecode($cryptkey);
+$decrypted_pass = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
+}
+else
+{
+$decrypted_pass = $_POST['admin_pass'];
+}
+if ( empty($decrypted_pass) )
+return false;
+return true;
+}
+function stg_generate_aes_key($act_get = false)
+{
+static $key = false;
+if ( $act_get )
+return $key;
+$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+$key = $aes->gen_readymade_key();
+return true;
+}
+function stg_parse_schema($act_get = false)
+{
+static $schema;
+if ( $act_get )
+return $schema;
+$admin_pass = stg_decrypt_admin_pass(true);
+$key = stg_generate_aes_key(true);
+$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+$key = $aes->hextostring($key);
+$admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
+$cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
+$schema = file_get_contents('schema.sql');
+$schema = str_replace('{{SITE_NAME}}',    mysql_real_escape_string($_POST['sitename']   ), $schema);
+$schema = str_replace('{{SITE_DESC}}',    mysql_real_escape_string($_POST['sitedesc']   ), $schema);
+$schema = str_replace('{{COPYRIGHT}}',    mysql_real_escape_string($_POST['copyright']  ), $schema);
+$schema = str_replace('{{ADMIN_USER}}',   mysql_real_escape_string($_POST['admin_user'] ), $schema);
+$schema = str_replace('{{ADMIN_PASS}}',   mysql_real_escape_string($admin_pass          ), $schema);
+$schema = str_replace('{{ADMIN_EMAIL}}',  mysql_real_escape_string($_POST['admin_email']), $schema);
+$schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff          ), $schema);
+$schema = str_replace('{{REAL_NAME}}',    '',                                              $schema);
+$schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'],                          $schema);
+$schema = str_replace('{{VERSION}}',      ENANO_VERSION,                                   $schema);
+$schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'],                    $schema);
+// Not anymore!! :-D
+// $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION,                              $schema);
+if(isset($_POST['wiki_mode']))
+{
+$schema = str_replace('{{WIKI_MODE}}', '1', $schema);
+}
+else
+{
+$schema = str_replace('{{WIKI_MODE}}', '0', $schema);
+}
+// Build an array of queries
+$schema = explode("\n", $schema);
+foreach ( $schema as $i => $sql )
+{
+$query =& $schema[$i];
+$t = trim($query);
+if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
+{
+unset($schema[$i]);
+unset($query);
+}
+}
+$schema = array_values($schema);
+$schema = implode("\n", $schema);
+$schema = explode(";\n", $schema);
+foreach ( $schema as $i => $sql )
+{
+$query =& $schema[$i];
+if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' )
+{
+$query .= ';';
+}
+}
+return true;
+}
+function stg_install($_unused, $already_run)
+{
+// This one's pretty easy.
+$conn = stg_mysql_connect(true);
+if ( !is_resource($conn) )
+return false;
+$schema = stg_parse_schema(true);
+if ( !is_array($schema) )
+return false;
+// If we're resuming installation, the encryption key was regenerated.
+// This means we'll have to update the encrypted password in the database.
+if ( $already_run )
+{
+$admin_pass = stg_decrypt_admin_pass(true);
+$key = stg_generate_aes_key(true);
+$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+$key = $aes->hextostring($key);
+$admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
+$admin_user = mysql_real_escape_string($_POST['admin_user']);
+$q = @mysql_query("UPDATE {$_POST['table_prefix']}users SET password='$admin_pass' WHERE username='$admin_user';");
+if ( !$q )
+{
+echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
+return false;
+}
+return true;
+}
+// OK, do the loop, baby!!!
+foreach($schema as $q)
+{
+$r = mysql_query($q, $conn);
+if ( !$r )
+{
+echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
+return false;
+}
+}
+return true;
+}
+function stg_write_config()
+{
+$privkey = stg_generate_aes_key(true);
+switch($_POST['urlscheme'])
+{
+case "ugly":
+default:
+$cp = scriptPath.'/index.php?title=';
+break;
+case "short":
+$cp = scriptPath.'/index.php/';
+break;
+case "tiny":
+$cp = scriptPath.'/';
+break;
+}
+if ( $_POST['urlscheme'] == 'tiny' )
+{
+$contents = '# Begin Enano rules
+RewriteEngine on
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA]
+RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L]
+# End Enano rules
+';
+if ( file_exists('./.htaccess') )
+$ht = fopen(ENANO_ROOT.'/.htaccess', 'a+');
+else
+$ht = fopen(ENANO_ROOT.'/.htaccess.new', 'w');
+if ( !$ht )
+return false;
+fwrite($ht, $contents);
+fclose($ht);
+}
+$config_file = '<?php
+/* Enano auto-generated configuration file - editing not recommended! */
+$dbhost   = \''.addslashes($_POST['db_host']).'\';
+$dbname   = \''.addslashes($_POST['db_name']).'\';
+$dbuser   = \''.addslashes($_POST['db_user']).'\';
+$dbpasswd = \''.addslashes($_POST['db_pass']).'\';
+if ( !defined(\'ENANO_CONSTANTS\') )
+{
+define(\'ENANO_CONSTANTS\', \'\');
+define(\'table_prefix\', \''.addslashes($_POST['table_prefix']).'\');
+define(\'scriptPath\', \''.scriptPath.'\');
+define(\'contentPath\', \''.$cp.'\');
+define(\'ENANO_INSTALLED\', \'true\');
+}
+$crypto_key = \''.$privkey.'\';
+?>';
+$cf_handle = fopen(ENANO_ROOT.'/config.new.php', 'w');
+if ( !$cf_handle )
+return false;
+fwrite($cf_handle, $config_file);
+fclose($cf_handle);
+return true;
+}
+function _stg_rename_config_revert()
+{
+if ( file_exists('./config.php') )
+{
+@rename('./config.php', './config.new.php');
+}
+$handle = @fopen('./config.php.new', 'w');
+if ( !$handle )
+return false;
+$contents = '<?php $cryptkey = \'' . _INSTRESUME_AES_KEYBACKUP . '\'; ?>';
+fwrite($handle, $contents);
+fclose($handle);
+return true;
+}
+function stg_rename_config()
+{
+if ( !@rename('./config.new.php', './config.php') )
+{
+echo '<p>Can\'t rename config.php</p>';
+_stg_rename_config_revert();
+return false;
+}
+if ( $_POST['urlscheme'] == 'tiny' && !file_exists('./.htaccess') )
+{
+if ( !@rename('./.htaccess.new', './.htaccess') )
+{
+echo '<p>Can\'t rename .htaccess</p>';
+_stg_rename_config_revert();
+return false;
+}
+}
+return true;
+}
+function stg_start_api_success()
+{
+return true;
+}
+function stg_start_api_failure()
+{
+return false;
+}
+function stg_init_logs()
+{
+global $db, $session, $paths, $template, $plugins; // Common objects
+$q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');');
+if ( !$q )
+{
+echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
+return false;
+}
+if ( !$session->get_permissions('clear_logs') )
+{
+echo '<p><tt>$session: denied clear_logs</tt></p>';
+return false;
+}
+PageUtils::flushlogs('Main_Page', 'Article');
+return true;
+}
 //die('Key size: ' . AES_BITS . '<br />Block size: ' . AES_BLOCKSIZE);
 if(!function_exists('wikiFormat'))
 {
 default:
 break;
 }
 $template = new template_nodb();
-$template->load_theme('stpatty', 'shamrock', false);
+$template->load_theme('oxygen', 'bleu', false);
 $modestrings = Array(
 'welcome' => 'Welcome',
 'license' => 'License Agreement',
 'sysreqs' => 'Server requirements',
 {
 default:
 case 'welcome':
 ?>
 <div style="text-align: center; margin-top: 10px;">
-<img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-green.png" style="display: block; margin: 0 auto; padding-left: 100px;" />
+<img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-blue.png" style="display: block; margin: 0 auto; padding-left: 100px;" />
 <h2>Welcome to Enano</h2>
-<h3>version 1.1.1 &ndash; unstable</h3>
+<h3>version 1.0.2 &ndash; stable<br />
+<span style="font-weight: normal;">also affectionately known as "coblynau" <tt>:)</tt></span></h3>
 <?php
 if ( file_exists('./_nightly.php') )
 {
 echo '<div class="warning-box" style="text-align: left; margin: 10px 0;"><b>You are about to install a NIGHTLY BUILD of Enano.</b><br />Nightly builds are NOT upgradeable and may contain serious flaws, security problems, or extraneous debugging information. Installing this version of Enano on a production site is NOT recommended.</div>';
 }
 run_test('return version_compare(\'4.3.0\', PHP_VERSION, \'<\');', 'PHP Version >=4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.');
 run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.');
 run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".');
 run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true);
 //run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true);
-run_test('return is_writable(ENANO_ROOT.\'/config.php\');', 'Configuration file writable', 'It looks like the configuration file, config.php, is not writable. Enano needs to be able to write to this file in order to install.<br /><br /><b>If you are installing Enano on a SourceForge web site:</b><br />SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.');
+run_test('return is_writable(ENANO_ROOT.\'/config.new.php\');', 'Configuration file writable', 'It looks like the configuration file, config.new.php, is not writable. Enano needs to be able to write to this file in order to install.<br /><br /><b>If you are installing Enano on a SourceForge web site:</b><br />SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.');
 run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the &lt;img&gt; tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.<br /><br />If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true);
 run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true);
 run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true);
 echo '</table>';
 if(!$failed)
 <div class="pagenav">
 <?php
 if($warned) {
 echo '<table border="0" cellspacing="0" cellpadding="0">';
-run_test('return false;', 'Some scalebacks were made due to your server configuration.', 'Enano has detected that some of the features or configuration settings on your server are not optimal for the best behavior and/or performance for Enano. As a result, certain features or enhancements that are part of Enano have been disabled to prevent further errors. You have seen those "fatal error" notices that spew from PHP, haven\'t you?<br /><br />Fatal error:</b> call to undefined function wannahokaloogie() in file <b>'.__FILE__.'</b> on line <b>'.__LINE__.'', true);
+run_test('return false;', 'Some of the features of Enano have been turned off to accommodate your server.', 'Enano has detected that some of the features or configuration settings on your server are not optimal for the best behavior and/or performance for Enano. As a result, certain features or enhancements that are part of Enano have been disabled to prevent further errors. You have seen those "fatal error" notices that spew from PHP, haven\'t you?<br /><br />&nbsp;&nbsp;&nbsp;<tt>Fatal error:</tt></b><tt> call to undefined function wannahockaloogie() in file <b>'.__FILE__.'</b> on line </tt><b><tt>'.__LINE__.'</tt>', true);
 echo '</table>';
 } else {
 echo '<table border="0" cellspacing="0" cellpadding="0">';
 run_test('return true;', '<b>Your server meets all the requirements for running Enano.</b><br />Click the button below to continue the installation.', 'You should never see this text. Congratulations for being an Enano hacker!');
 echo '</table>';
 }
 ?>
 <form action="install.php?mode=database" method="post">
 <table border="0">
 <tr>
-<td><input type="submit" value="Continue" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Ensure that you are satisfied with any scalebacks that may have been made to accomodate your server configuration<br />&bull; Have your database host, name, username, and password available</p></td>
+<td><input type="submit" value="Continue" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Review the list above to ensure that you are satisfied with any of Enano's workarounds for your server. If you need a particular feature and that feature is listed as disabled above, you should take the opportunity now to correct the problem.<br />&bull; Have your database host, name, username, and password available</p></td>
 </tr>
 </table>
 </form>
 </div>
 <?php
 else
 {
 document.getElementById('s_db_host').src='images/bad.gif';
 ret = false;
 }
-if(frm.db_name.value.match(/^([a-z0-9_]+)$/g))
+if(frm.db_name.value.match(/^([a-z0-9_-]+)$/g))
 {
 document.getElementById('s_db_name').src='images/unknown.gif';
 }
 else
 {
 echo '<p><b>MySQL login information for this virtual appliance:</b><br /><br />Database hostname: localhost<br />Database login: username "enano", password: "clurichaun" (without quotes)<br />Database name: enano_www1</p>';
 }
 ?>
 <form name="dbinfo" action="install.php?mode=website" method="post">
 <table border="0">
-<tr><td colspan="3" style="text-align: center"><h3>Database information</h3></td></tr>
+<tr>
-<tr><td><b>Database hostname</b><br />This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".<br /><span style="color: #993300" id="e_db_host"></span></td><td><input onkeyup="verify();" name="db_host" size="30" type="text" /></td><td><img id="s_db_host" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+<td colspan="3" style="text-align: center">
-<tr><td><b>Database name</b><br />The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a MySQL user with administrative rights.<br /><span style="color: #993300" id="e_db_name"></span></td><td><input onkeyup="verify();" name="db_name" size="30" type="text" /></td><td><img id="s_db_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+<h3>Database information</h3>
-<tr><td rowspan="2"><b>Database login</b><br />These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace" privileges for your database.<br /><span style="color: #993300" id="e_db_auth"></span></td><td><input onkeyup="verify();" name="db_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_auth" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+</td>
-<tr><td><input name="db_pass" size="30" type="password" /></td></tr>
+</tr>
-<tr><td colspan="3" style="text-align: center"><h3>Optional information</h3></td></tr>
+<tr>
-<tr><td><b>Table prefix</b><br />The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), numbers (0-9), and underscores (_).</td><td><input onkeyup="verify();" name="table_prefix" size="30" type="text" /></td><td><img id="s_table_prefix" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+<td>
-<tr><td rowspan="2"><b>Database administrative login</b><br />If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the login information for an administrative user (such as root). Leave these fields blank unless you need to use them.<br /><span style="color: #993300" id="e_db_root"></span></td><td><input onkeyup="verify();" name="db_root_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_root" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+<b>Database hostname</b>
-<tr><td><input onkeyup="verify();" name="db_root_pass" size="30" type="password" /></td></tr>
+<br />This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".
-<tr><td><b>MySQL version</b></td><td id="e_mysql_version">MySQL version information will be checked when you click "Test Connection".</td><td><img id="s_mysql_version" alt="Good/bad icon" src="images/unknown.gif" /></td></tr>
+<br /><span style="color: #993300" id="e_db_host"></span>
-<tr><td><b>Delete existing tables?</b><br />If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do NOT use this option unless specifically instructed to.</td><td><input type="checkbox" name="drop_tables" id="dtcheck" />  <label for="dtcheck">Drop existing tables</label></td></tr>
+</td>
-<tr><td colspan="3" style="text-align: center"><input type="button" value="Test connection" onclick="ajaxTestConnection();" /></td></tr>
+<td>
+<input onkeyup="verify();" name="db_host" size="30" type="text" />
+</td>
+<td>
+<img id="s_db_host" alt="Good/bad icon" src="images/bad.gif" />
+</td>
+</tr>
+<tr>
+<td>
+<b>Database name</b><br />
+The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password
+of a MySQL user with administrative rights.<br />
+<span style="color: #993300" id="e_db_name"></span>
+</td>
+<td>
+<input onkeyup="verify();" name="db_name" size="30" type="text" />
+</td>
+<td>
+<img id="s_db_name" alt="Good/bad icon" src="images/bad.gif" />
+</td>
+</tr>
+<tr>
+<td rowspan="2">
+<b>Database login</b><br />
+These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace"
+privileges for your database.<br />
+<span style="color: #993300" id="e_db_auth"></span>
+</td>
+<td>
+<input onkeyup="verify();" name="db_user" size="30" type="text" />
+</td>
+<td rowspan="2">
+<img id="s_db_auth" alt="Good/bad icon" src="images/bad.gif" />
+</td>
+</tr>
+<tr>
+<td>
+<input name="db_pass" size="30" type="password" />
+</td>
+</tr>
+<tr>
+<td colspan="3" style="text-align: center">
+<h3>Optional information</h3>
+</td>
+</tr>
+<tr>
+<td>
+<b>Table prefix</b><br />
+The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z),
+numbers (0-9), and underscores (_).
+</td>
+<td>
+<input onkeyup="verify();" name="table_prefix" size="30" type="text" />
+</td>
+<td>
+<img id="s_table_prefix" alt="Good/bad icon" src="images/good.gif" />
+</td>
+</tr>
+<tr>
+<td rowspan="2">
+<b>Database administrative login</b><br />
+If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the
+login information for an administrative user (such as root). Leave these fields blank unless you need to use them.<br />
+<span style="color: #993300" id="e_db_root"></span>
+</td>
+<td>
+<input onkeyup="verify();" name="db_root_user" size="30" type="text" />
+</td>
+<td rowspan="2">
+<img id="s_db_root" alt="Good/bad icon" src="images/good.gif" />
+</td>
+</tr>
+<tr>
+<td>
+<input onkeyup="verify();" name="db_root_pass" size="30" type="password" />
+</td>
+</tr>
+<tr>
+<td>
+<b>MySQL version</b>
+</td>
+<td id="e_mysql_version">
+MySQL version information will be checked when you click "Test Connection".
+</td>
+<td>
+<img id="s_mysql_version" alt="Good/bad icon" src="images/unknown.gif" />
+</td>
+</tr>
+<tr>
+<td>
+<b>Delete existing tables?</b><br />
+If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do
+NOT use this option unless specifically instructed to.
+</td>
+<td>
+<input type="checkbox" name="drop_tables" id="dtcheck" />  <label for="dtcheck">Drop existing tables</label>
+</td>
+</tr>
+<tr>
+<td colspan="3" style="text-align: center">
+<input type="button" value="Test connection" onclick="ajaxTestConnection();" />
+</td>
+</tr>
 </table>
 <div class="pagenav">
 <table border="0">
 <tr>
-<td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Check your MySQL connection using the "Test Connection" button.<br />&bull; Be aware that your database information will be transmitted unencrypted several times.</p></td>
+<td>
-</tr>
+<input type="submit" value="Continue" onclick="return verify();" name="_cont" />
-</table>
+</td>
-</div>
+<td>
+<p>
+<span style="font-weight: bold;">Before continuing:</span><br />
+&bull; Check your MySQL connection using the "Test Connection" button.<br />
+&bull; Be aware that your database information will be transmitted unencrypted several times.
+</p>
+</td>
+</tr>
+</table>
+</div>
 </form>
 <?php
 break;
 case "website":
 if(!isset($_POST['_cont'])) {
-echo 'No POST data signature found. Please <a href="install.php?mode=license">restart the installation</a>.';
+echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
 $template->footer();
 exit;
 }
 unset($_POST['_cont']);
 ?>
 echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
 }
 ?>
 <p>The next step is to enter some information about your website. You can always change this information later, using the administration panel.</p>
 <table border="0">
-<tr><td><b>Website name</b><br />The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".</td><td><input onkeyup="verify();" name="sitename" type="text" size="30" /></td><td><img id="s_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+<tr>
-<tr><td><b>Website description</b><br />This text will be shown below the name of your website.</td><td><input onkeyup="verify();" name="sitedesc" type="text" size="30" /></td><td><img id="s_desc" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+<td>
-<tr><td><b>Copyright info</b><br />This should be a one-line legal notice that will appear at the bottom of all your pages.</td><td><input onkeyup="verify();" name="copyright" type="text" size="30" /></td><td><img id="s_copyright" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+<b>Website name</b><br />
-<tr><td><b>Wiki mode</b><br />This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can protect pages to prevent editing.</td><td><input name="wiki_mode" type="checkbox" id="wmcheck" />  <label for="wmcheck">Yes, make my website a wiki.</label></td><td></td></tr>
+The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not
-<tr><td><b>URL scheme</b><br />Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you don't know, select the first option, and you can always change it later.</td><td colspan="2"><input type="radio" <?php if(!is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="ugly" id="ugly">  <label for="ugly">Standard URLs - compatible with any web server (www.example.com/index.php?title=Page_name)</label><br /><input type="radio" <?php if(is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="short" id="short">  <label for="short">Short URLs - requires Apache with a PHP module (www.example.com/index.php/Page_name)</label><br /><input type="radio" name="urlscheme" value="tiny" id="petite">  <label for="petite">Tiny URLs - requires Apache on Linux/Unix/BSD with PHP module and mod_rewrite enabled (www.example.com/Page_name)</label></td></tr>
+be blank or "Enano".
+</td>
+<td>
+<input onkeyup="verify();" name="sitename" type="text" size="30" />
+</td>
+<td>
+<img id="s_name" alt="Good/bad icon" src="images/bad.gif" />
+</td>
+</tr>
+<tr>
+<td>
+<b>Website description</b><br />
+This text will be shown below the name of your website.
+</td>
+<td>
+<input onkeyup="verify();" name="sitedesc" type="text" size="30" />
+</td>
+<td>
+<img id="s_desc" alt="Good/bad icon" src="images/bad.gif" />
+</td>
+</tr>
+<tr>
+<td>
+<b>Copyright info</b><br />
+This should be a one-line legal notice that will appear at the bottom of all your pages.
+</td>
+<td>
+<input onkeyup="verify();" name="copyright" type="text" size="30" />
+</td>
+<td>
+<img id="s_copyright" alt="Good/bad icon" src="images/bad.gif" />
+</td>
+</tr>
+<tr>
+<td>
+<b>Wiki mode</b><br />
+This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can
+protect pages to prevent editing.
+</td>
+<td>
+<input name="wiki_mode" type="checkbox" id="wmcheck" />  <label for="wmcheck">Yes, make my website a wiki.</label>
+</td>
+<td>
+&nbsp;
+</td>
+</tr>
+<tr>
+<td>
+<b>URL scheme</b><br />
+Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you
+don't know, select the first option, and you can always change it later.
+</td>
+<td colspan="2">
+<input type="radio" <?php if(!is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="ugly" id="ugly"  />  <label for="ugly">Standard URLs - compatible with any web server (www.example.com/index.php?title=Page_name)</label><br />
+<input type="radio" <?php if(is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="short" id="short" />  <label for="short">Short URLs - requires Apache with a PHP module (www.example.com/index.php/Page_name)</label><br />
+<input type="radio" name="urlscheme" value="tiny" id="petite">  <label for="petite">Tiny URLs - requires Apache on Linux/Unix/BSD with PHP module and mod_rewrite enabled (www.example.com/Page_name)</label>
+</td>
+</tr>
 </table>
 <div class="pagenav">
 <table border="0">
 <tr>
-<td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Verify that your site information is correct. Again, all of the above settings can be changed from the administration panel.</p></td>
+<td>
-</tr>
+<input type="submit" value="Continue" onclick="return verify();" name="_cont" />
+</td>
+<td>
+<p>
+<span style="font-weight: bold;">Before clicking continue:</span><br />
+&bull; Verify that your site information is correct. Again, all of the above settings can be changed from the administration
+panel.
+</p>
+</td>
+</tr>
 </table>
 </div>
 </form>
 <?php
 break;
 case "login":
 if(!isset($_POST['_cont'])) {
-echo 'No POST data signature found. Please <a href="install.php?mode=license">restart the installation</a>.';
+echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
 $template->footer();
 exit;
 }
 unset($_POST['_cont']);
-require('config.php');
+require('config.new.php');
 $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
 if ( isset($crypto_key) )
 {
 $cryptkey = $crypto_key;
 }
 if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) )
 {
 $cryptkey = $aes->gen_readymade_key();
-$handle = @fopen(ENANO_ROOT.'/config.php', 'w');
+$handle = @fopen(ENANO_ROOT.'/config.new.php', 'w');
 if(!$handle)
 {
 echo '<p>ERROR: Cannot open config.php for writing - exiting!</p>';
 $template->footer();
 exit;
 }
 fwrite($handle, '<?php $cryptkey = \''.$cryptkey.'\'; ?>');
 fclose($handle);
 }
-?>
+// Sorry for the ugly hack, but this f***s up jEdit badly.
+echo '
 <script type="text/javascript">
 function verify()
 {
 var frm = document.forms.login;
 ret = true;
-if ( frm.admin_user.value.match(/^([A-z0-9 \-\.]+)$/g) && !frm.admin_user.value.match(/^(?:(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])\.){3}(?:\d{1,2}|1\d\d|2[0-4]\d|25[0-5])$/) && frm.admin_user.value.toLowerCase() != 'anonymous' )
+if ( frm.admin_user.value.match(/^([A-z0-9 \\-\\.]+)$/) && !frm.admin_user.value.match(/^(?:(?:\\d{1,2}|1\\d\\d|2[0-4]\\d|25[0-5])\\.){3}(?:\\d{1,2}|1\\d\\d|2[0-4]\\d|25[0-5])$/) && frm.admin_user.value.toLowerCase() != \'anonymous\' )
 {
-document.getElementById('s_user').src = 'images/good.gif';
+document.getElementById(\'s_user\').src = \'images/good.gif\';
 }
 else
 {
-document.getElementById('s_user').src = 'images/bad.gif';
+document.getElementById(\'s_user\').src = \'images/bad.gif\';
 ret = false;
 }
 if(frm.admin_pass.value.length >= 6 && frm.admin_pass.value == frm.admin_pass_confirm.value)
 {
-document.getElementById('s_password').src = 'images/good.gif';
+document.getElementById(\'s_password\').src = \'images/good.gif\';
 }
 else
 {
-document.getElementById('s_password').src = 'images/bad.gif';
+document.getElementById(\'s_password\').src = \'images/bad.gif\';
 ret = false;
 }
-if(frm.admin_email.value.match(/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/))
+if(frm.admin_email.value.match(/^(?:[\\w\\d]+\\.?)+@(?:(?:[\\w\\d]\\-?)+\\.)+\\w{2,4}$/))
 {
-document.getElementById('s_email').src = 'images/good.gif';
+document.getElementById(\'s_email\').src = \'images/good.gif\';
 }
 else
 {
-document.getElementById('s_email').src = 'images/bad.gif';
+document.getElementById(\'s_email\').src = \'images/bad.gif\';
 ret = false;
 }
 if(ret) frm._cont.disabled = false;
 else    frm._cont.disabled = true;
 return ret;
 function cryptdata()
 {
 if(!verify()) return false;
 }
 </script>
+';
+?>
 <form name="login" action="install.php?mode=confirm" method="post" onsubmit="runEncryption();">
 <?php
 $k = array_keys($_POST);
 for($i=0;$i<sizeof($_POST);$i++) {
 echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
 }
 ?>
 <p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
 <table border="0">
-<tr><td><b>Administration username</b><br /><small>The administration username you will use to log into your site.<br />This cannot be "anonymous" or in the form of an IP address.</small></td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+<tr>
-<tr><td>Administration password:</td><td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td><td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+<td><b>Administration username</b><br /><small>The administration username you will use to log into your site.<br />This cannot be "anonymous" or in the form of an IP address.</small></td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td>
-<tr><td>Enter it again to confirm:</td><td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td></tr>
+</tr>
-<tr><td>Your e-mail address:</td><td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td><td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+<tr>
+<td>Administration password:</td>
+<td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td>
+<td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td>
+</tr>
+<tr>
+<td>Enter it again to confirm:</td>
+<td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td>
+</tr>
+<tr>
+<td>Your e-mail address:</td>
+<td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td>
+<td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td>
+</tr>
 <tr>
 <td>
 Allow administrators to embed PHP code into pages:<br />
 <small><span style="color: #D84308">Do not under any circumstances enable this option without reading these
 <a href="install.php?mode=pophelp&amp;topic=admin_embed_php"
 </tr>
 <tr><td colspan="3">If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.</td></tr>
 </table>
 <div class="pagenav">
 <table border="0">
 <tr>
-<td><input type="submit" value="Continue" onclick="return cryptdata();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Remember the username and password you enter here! You will not be able to administer your site without the information you enter on this page.</p></td>
+<td>
-</tr>
+<input type="submit" value="Continue" onclick="return cryptdata();" name="_cont" />
+</td>
+<td>
+<p>
+<span style="font-weight: bold;">Before clicking continue:</span><br />
+&bull; Remember the username and password you enter here! You will not be able to administer your site without the
+information you enter on this page.
+</p>
+</td>
+</tr>
 </table>
 </div>
 <div id="cryptdebug"></div>
 <input type="hidden" name="use_crypt" value="no" />
 <input type="hidden" name="crypt_key" value="<?php echo $cryptkey; ?>" />
 <input type="hidden" name="crypt_data" value="" />
 </form>
 <script type="text/javascript">
 // <![CDATA[
+var frm = document.forms.login;
 frm.admin_user.focus();
 function runEncryption()
 {
 str = '';
 for(i=0;i<keySizeInBits/4;i++) str+='0';
 </script>
 <?php
 break;
 case "confirm":
 if(!isset($_POST['_cont'])) {
-echo 'No POST data signature found. Please <a href="install.php?mode=license">restart the installation</a>.';
+echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
 $template->footer();
 exit;
 }
 unset($_POST['_cont']);
 ?>
 !isset($_POST['admin_pass']) ||
 !isset($_POST['admin_embed_php']) || ( isset($_POST['admin_embed_php']) && !in_array($_POST['admin_embed_php'], array('2', '4')) ) ||
 !isset($_POST['urlscheme'])
 )
 {
-echo 'The installer has detected that one or more required form values is not set. Please <a href="install.php?mode=license">restart the installation</a>.';
+echo 'The installer has detected that one or more required form values is not set. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
 $template->footer();
 exit;
 }
 switch($_POST['urlscheme'])
 {
 $cp = scriptPath.'/';
 break;
 }
 function err($t) { global $template; echo $t; $template->footer(); exit; }
-echo 'Connecting to MySQL...';
+// $stages = array('connect', 'decrypt', 'genkey', 'parse', 'sql', 'writeconfig', 'renameconfig', 'startapi', 'initlogs');
-if($_POST['db_root_user'] != '')
-{
+if ( !preg_match('/^[a-z0-9_]*$/', $_POST['table_prefix']) )
-$conn = mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
+err('Hacking attempt was detected in table_prefix.');
-if(!$conn) err('Error connecting to MySQL: '.mysql_error());
-$q = mysql_query('USE '.$_POST['db_name']);
+start_install_table();
-if(!$q)
+// The stages connect, decrypt, genkey, and parse are preprocessing and don't do any actual data modification.
-{
+// Thus, they need to be run on each retry, e.g. never skipped.
-$q = mysql_query('CREATE DATABASE '.$_POST['db_name']);
+run_installer_stage('connect', 'Connect to MySQL', 'stg_mysql_connect', 'MySQL denied our attempt to connect to the database. This is most likely because your login information was incorrect. You will most likely need to <a href="install.php?mode=license">restart the installation</a>.', false);
-if(!$q) err('Error initializing database: '.mysql_error());
+if ( isset($_POST['drop_tables']) )
-}
+{
-$q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'localhost\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;');
+// Are we supposed to drop any existing tables? If so, do it now
-if(!$q) err('Could not create the user account');
+run_installer_stage('drop', 'Drop existing Enano tables', 'stg_drop_tables', 'This step never returns failure');
-$q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'%\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;');
+}
-if(!$q) err('Could not create the user account');
+run_installer_stage('decrypt', 'Decrypt administration password', 'stg_decrypt_admin_pass', 'The administration password you entered couldn\'t be decrypted. It is possible that your server did not properly store the encryption key in the configuration file. Please check the file permissions on config.new.php. You may have to return to the login stage of the installation, clear your browser cache, and then rerun this installation.', false);
-mysql_close($conn);
+run_installer_stage('genkey', 'Generate ' . AES_BITS . '-bit AES private key', 'stg_generate_aes_key', 'Enano encountered an internal error while generating the site encryption key. Please contact the Enano team for support.', false);
-}
+run_installer_stage('parse', 'Prepare to execute schema file', 'stg_parse_schema', 'Enano encountered an internal error while parsing the SQL file that contains the database structure and initial data. Please contact the Enano team for support.', false);
-$conn = mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+run_installer_stage('sql', 'Execute installer schema', 'stg_install', 'The installation failed because an SQL query wasn\'t quite correct. It is possible that you entered malformed data into a form field, or there may be a bug in Enano with your version of MySQL. Please contact the Enano team for support.', false);
-if(!$conn) err('Error connecting to MySQL: '.mysql_error());
+run_installer_stage('writeconfig', 'Write configuration files', 'stg_write_config', 'Enano was unable to write the configuration file with your site\'s database credentials. This is almost always because your configuration file does not have the correct permissions. On Windows servers, you may see this message even if the check on the System Requirements page passed. Temporarily running IIS as the Administrator user may help.');
-$q = mysql_query('USE '.$_POST['db_name']);
+run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. On some UNIX systems, you need to CHMOD the directory with your Enano files to 777 in order for this stage to succeed.');
-if(!$q) err('Error selecting database: '.mysql_error());
-echo 'done!<br />';
-// Are we supposed to drop any existing tables? If so, do it now
+// Mainstream installation complete - Enano should be usable now
-if(isset($_POST['drop_tables']))
+// The stage of starting the API is special because it has to be called out of function context.
-{
+// To alleviate this, we have two functions, one that returns success and one that returns failure
-echo 'Dropping existing Enano tables...';
+// If the Enano API load is successful, the success function is called to report the action to the user
-// Our list of tables included in Enano
+// If unsuccessful, the failure report is sent
-$tables = Array( 'mdg_categories', 'mdg_comments', 'mdg_config', 'mdg_logs', 'mdg_page_text', 'mdg_session_keys', 'mdg_pages', 'mdg_users', 'mdg_users_extra', 'mdg_themes', 'mdg_buddies', 'mdg_banlist', 'mdg_files', 'mdg_privmsgs', 'mdg_sidebar', 'mdg_hits', 'mdg_search_index', 'mdg_groups', 'mdg_group_members', 'mdg_acl', 'mdg_search_cache', 'mdg_tags', 'mdg_page_groups', 'mdg_page_group_members' );
-$tables = implode(', ', $tables);
-$tables = str_replace('mdg_', $_POST['table_prefix'], $tables);
-$query_of_death = 'DROP TABLE '.$tables.';';
-mysql_query($query_of_death); // We won't check for errors here because if this operation fails it probably means the tables didn't exist
-echo 'done!<br />';
-}
-$cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
-echo 'Decrypting administration password...';
-$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
-if ( !empty($_POST['crypt_data']) )
-{
-require('config.php');
-if ( !isset($cryptkey) )
-{
-echo 'failed!<br />Cannot get the key from config.php';
-break;
-}
-$key = hexdecode($cryptkey);
-$dec = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
-}
-else
-{
-$dec = $_POST['admin_pass'];
-}
-echo 'done!<br />Generating '.AES_BITS.'-bit AES private key...';
-$privkey = $aes->gen_readymade_key();
-$pkba = hexdecode($privkey);
-$encpass = $aes->encrypt($dec, $pkba, ENC_HEX);
-echo 'done!<br />Preparing for schema execution...';
-$schema = file_get_contents('schema.sql');
-$schema = str_replace('{{SITE_NAME}}',    mysql_real_escape_string($_POST['sitename']   ), $schema);
-$schema = str_replace('{{SITE_DESC}}',    mysql_real_escape_string($_POST['sitedesc']   ), $schema);
-$schema = str_replace('{{COPYRIGHT}}',    mysql_real_escape_string($_POST['copyright']  ), $schema);
-$schema = str_replace('{{ADMIN_USER}}',   mysql_real_escape_string($_POST['admin_user'] ), $schema);
-$schema = str_replace('{{ADMIN_PASS}}',   mysql_real_escape_string($encpass             ), $schema);
-$schema = str_replace('{{ADMIN_EMAIL}}',  mysql_real_escape_string($_POST['admin_email']), $schema);
-$schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff          ), $schema);
-$schema = str_replace('{{REAL_NAME}}',    '',                                              $schema);
-$schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'],                          $schema);
-$schema = str_replace('{{VERSION}}',      ENANO_VERSION,                                   $schema);
-$schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'],                    $schema);
-// Not anymore!! :-D
-// $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION,                              $schema);
-if(isset($_POST['wiki_mode']))
-{
-$schema = str_replace('{{WIKI_MODE}}', '1', $schema);
-}
-else
-{
-$schema = str_replace('{{WIKI_MODE}}', '0', $schema);
-}
-// Build an array of queries
-$schema = explode("\n", $schema);
-foreach ( $schema as $i => $sql )
-{
-$query =& $schema[$i];
-$t = trim($query);
-if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
-{
-unset($schema[$i]);
-unset($query);
-}
-}
-$schema = array_values($schema);
-$schema = implode("\n", $schema);
-$schema = explode(";\n", $schema);
-foreach ( $schema as $i => $sql )
-{
-$query =& $schema[$i];
-if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' )
-{
-$query .= ';';
-}
-}
-// echo '<pre>' . htmlspecialchars(print_r($schema, true)) . '</pre>';
-// break;
-echo 'done!<br />Executing schema.sql...';
-// OK, do the loop, baby!!!
-foreach($schema as $q)
-{
-$r = mysql_query($q, $conn);
-if(!$r) err('Error during mainstream installation: '.mysql_error());
-}
-echo 'done!<br />Writing configuration files...';
-if($_POST['urlscheme']=='tiny')
-{
-$ht = fopen(ENANO_ROOT.'/.htaccess', 'a+');
-if(!$ht) err('Error opening file .htaccess for writing');
-fwrite($ht, '
-RewriteEngine on
-RewriteCond %{REQUEST_FILENAME} !-d
-RewriteCond %{REQUEST_FILENAME} !-f
-RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA]
-RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L]
-');
-fclose($ht);
-}
-$config_file = '<?php
-/* Enano auto-generated configuration file - editing not recommended! */
-$dbhost   = \''.addslashes($_POST['db_host']).'\';
-$dbname   = \''.addslashes($_POST['db_name']).'\';
-$dbuser   = \''.addslashes($_POST['db_user']).'\';
-$dbpasswd = \''.addslashes($_POST['db_pass']).'\';
-if(!defined(\'ENANO_CONSTANTS\')) {
-define(\'ENANO_CONSTANTS\', \'\');
-define(\'table_prefix\', \''.$_POST['table_prefix'].'\');
-define(\'scriptPath\', \''.scriptPath.'\');
-define(\'contentPath\', \''.$cp.'\');
-define(\'ENANO_INSTALLED\', \'true\');
-}
-$crypto_key = \''.$privkey.'\';
-?>';
-$cf_handle = fopen(ENANO_ROOT.'/config.php', 'w');
-if(!$cf_handle) err('Couldn\'t open file config.php for writing');
-fwrite($cf_handle, $config_file);
-fclose($cf_handle);
-echo 'done!<br />Starting the Enano API...';
 $template_bak = $template;
-// Get Enano loaded
 $_GET['title'] = 'Main_Page';
 require('includes/common.php');
+if ( is_object($db) && is_object($session) )
+{
+run_installer_stage('startapi', 'Start the Enano API', 'stg_start_api_success', '...', false);
+}
+else
+{
+run_installer_stage('startapi', 'Start the Enano API', 'stg_start_api_failure', 'The Enano API could not be started. This is an error that should never occur; please contact the Enano team for support.', false);
+}
 // We need to be logged in (with admin rights) before logs can be flushed
-$session->login_without_crypto($_POST['admin_user'], $dec, false);
+$admin_password = stg_decrypt_admin_pass(true);
+$session->login_without_crypto($_POST['admin_user'], $admin_password, false);
 // Now that login cookies are set, initialize the session manager and ACLs
 $session->start();
 $paths->init();
+run_installer_stage('initlogs', 'Initialize logs', 'stg_init_logs', '<b>The session manager denied the request to flush logs for the main page.</b><br />
+While under most circumstances you can still <a href="install.php?mode=finish">finish the installation</a>, you should be aware that some servers cannot
+properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose
+to finish the installation, please be aware that you may be unable to log into your site.');
+close_install_table();
 unset($template);
 $template =& $template_bak;
-echo 'done!<br />Initializing logs...';
+echo '<h3>Installation of Enano is complete.</h3><p>Review any warnings above, and then <a href="install.php?mode=finish">click here to finish the installation</a>.';
-$q = $db->sql_query('INSERT INTO ' . $_POST['table_prefix'] . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');', $conn);
-if ( !$q )
-err('Error setting up logs: '.$db->get_error());
-if ( !$session->get_permissions('clear_logs') )
-{
-echo '<br />Error: session manager won\'t permit flushing logs, these is a bug.';
-break;
-}
-// unset($session);
-// $session = new sessionManager();
-// $session->start();
-PageUtils::flushlogs('Main_Page', 'Article');
-echo 'done!<h3>Installation of Enano is complete.</h3><p>Review any warnings above, and then <a href="install.php?mode=finish">click here to finish the installation</a>.';
 // echo '<script type="text/javascript">window.location="'.scriptPath.'/install.php?mode=finish";</script>';
 break;
 case "finish":

changeset 256	62ee6685ad18
parent 196	54b3e14bf19d
parent 250	acb9d021b860
child 257	e7bbbb92385b