Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
install.php
changeset 40 723bb7acf914
parent 39 c83ff194977a
child 69 63638a42cee9
equal deleted inserted replaced
39:c83ff194977a 40:723bb7acf914 
    58 
    58 
    59 require('includes/wikiformat.php');
 
    59 require('includes/wikiformat.php');
 
    60 require('includes/constants.php');
 
    60 require('includes/constants.php');
 
    61 require('includes/rijndael.php');
 
    61 require('includes/rijndael.php');
 
    62 require('includes/functions.php');
 
    62 require('includes/functions.php');
 
       
    63 
       
    64 strip_magic_quotes_gpc();
 
    63 
    65 
    64 //die('Key size: ' . AES_BITS . '<br />Block size: ' . AES_BLOCKSIZE);
 
    66 //die('Key size: ' . AES_BITS . '<br />Block size: ' . AES_BLOCKSIZE);
 
    65 
    67 
    66 if(!function_exists('wikiFormat'))
 
    68 if(!function_exists('wikiFormat'))
 
    67 {
 
    69 {
 
   662     <script type="text/javascript">
 
   664     <script type="text/javascript">
 
   663       function verify()
 
   665       function verify()
 
   664       {
 
   666       {
 
   665         var frm = document.forms.siteinfo;
 
   667         var frm = document.forms.siteinfo;
 
   666         ret = true;
 
   668         ret = true;
 
   667         if(frm.sitename.value.match(/^([A-z0-9 ]+)$/g) && frm.sitename.value != 'Enano')
 
   669         if(frm.sitename.value.match(/^(.+)$/g) && frm.sitename.value != 'Enano')
 
   668         {
 
   670         {
 
   669           document.getElementById('s_name').src='images/good.gif';
 
   671           document.getElementById('s_name').src='images/good.gif';
 
   670         }
 
   672         }
 
   671         else
 
   673         else
 
   672         {
 
   674         {
 
   699     </script>
 
   701     </script>
 
   700     <form name="siteinfo" action="install.php?mode=login" method="post">
 
   702     <form name="siteinfo" action="install.php?mode=login" method="post">
 
   701       <?php
 
   703       <?php
 
   702         $k = array_keys($_POST);
 
   704         $k = array_keys($_POST);
 
   703         for($i=0;$i<sizeof($_POST);$i++) {
 
   705         for($i=0;$i<sizeof($_POST);$i++) {
 
   704           echo '<input type="hidden" name="'.$k[$i].'" value="'.$_POST[$k[$i]].'" />'."\n";
 
   706           echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
 
   705         }
 
   707         }
 
   706       ?>
 
   708       ?>
 
   707       <p>The next step is to enter some information about your website. You can always change this information later, using the administration panel.</p>
 
   709       <p>The next step is to enter some information about your website. You can always change this information later, using the administration panel.</p>
 
   708       <table border="0">
 
   710       <table border="0">
 
   709         <tr><td><b>Website name</b><br />The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".</td><td><input onkeyup="verify();" name="sitename" type="text" size="30" /></td><td><img id="s_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
 
   711         <tr><td><b>Website name</b><br />The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".</td><td><input onkeyup="verify();" name="sitename" type="text" size="30" /></td><td><img id="s_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
 
   794     </script>
 
   796     </script>
 
   795     <form name="login" action="install.php?mode=confirm" method="post" onsubmit="runEncryption();">
 
   797     <form name="login" action="install.php?mode=confirm" method="post" onsubmit="runEncryption();">
 
   796       <?php
 
   798       <?php
 
   797         $k = array_keys($_POST);
 
   799         $k = array_keys($_POST);
 
   798         for($i=0;$i<sizeof($_POST);$i++) {
 
   800         for($i=0;$i<sizeof($_POST);$i++) {
 
   799           echo '<input type="hidden" name="'.$k[$i].'" value="'.$_POST[$k[$i]].'" />'."\n";
 
   801           echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
 
   800         }
 
   802         }
 
   801       ?>
 
   803       ?>
 
   802       <p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
 
   804       <p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
 
   803       <table border="0">
 
   805       <table border="0">
 
   804         <tr><td><b>Administration username</b><br />The administration username you will use to log into your site.</td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
 
   806         <tr><td><b>Administration username</b><br />The administration username you will use to log into your site.</td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
 
   834      <input type="hidden" name="crypt_key" value="<?php echo $cryptkey; ?>" />
 
   836      <input type="hidden" name="crypt_key" value="<?php echo $cryptkey; ?>" />
 
   835      <input type="hidden" name="crypt_data" value="" />
 
   837      <input type="hidden" name="crypt_data" value="" />
 
   836     </form>
 
   838     </form>
 
   837     <script type="text/javascript">
 
   839     <script type="text/javascript">
 
   838     // <![CDATA[
 
   840     // <![CDATA[
 
   839       disableJSONExts();
 
       
   840       str = '';
 
       
   841       for(i=0;i<keySizeInBits/4;i++) str+='0';
 
       
   842       var key = hexToByteArray(str);
 
       
   843       var pt = hexToByteArray(str);
 
       
   844       var ct = rijndaelEncrypt(pt, key, "ECB");
 
       
   845       var ect = byteArrayToHex(ct);
 
       
   846       switch(keySizeInBits)
 
       
   847       {
 
       
   848         case 128:
 
       
   849           v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
 
       
   850           break;
 
       
   851         case 192:
 
       
   852           v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
 
       
   853           break;
 
       
   854         case 256:
 
       
   855           v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
 
       
   856           break;
 
       
   857       }
 
       
   858       var testpassed = ( ect == v && md5_vm_test() );
 
       
   859       var frm = document.forms.login;
 
       
   860       if(testpassed)
 
       
   861       {
 
       
   862         frm.use_crypt.value = 'yes';
 
       
   863         var cryptkey = frm.crypt_key.value;
 
       
   864         frm.crypt_key.value = '';
 
       
   865         if(cryptkey != byteArrayToHex(hexToByteArray(cryptkey)))
 
       
   866         {
 
       
   867           alert('Byte array conversion SUCKS');
 
       
   868           testpassed = false;
 
       
   869         }
 
       
   870         cryptkey = hexToByteArray(cryptkey);
 
       
   871         if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
 
       
   872         {
 
       
   873           frm._cont.disabled = true;
 
       
   874           len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
 
       
   875           alert('The key is messed up\nType: '+typeof(cryptkey)+len);
 
       
   876         }
 
       
   877       }
 
       
   878       frm.admin_user.focus();
 
   841       frm.admin_user.focus();
 
   879       function runEncryption()
 
   842       function runEncryption()
 
   880       {
 
   843       {
 
       
   844         str = '';
 
       
   845         for(i=0;i<keySizeInBits/4;i++) str+='0';
 
       
   846         var key = hexToByteArray(str);
 
       
   847         var pt = hexToByteArray(str);
 
       
   848         var ct = rijndaelEncrypt(pt, key, "ECB");
 
       
   849         var ect = byteArrayToHex(ct);
 
       
   850         switch(keySizeInBits)
 
       
   851         {
 
       
   852           case 128:
 
       
   853             v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
 
       
   854             break;
 
       
   855           case 192:
 
       
   856             v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
 
       
   857             break;
 
       
   858           case 256:
 
       
   859             v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
 
       
   860             break;
 
       
   861         }
 
       
   862         var testpassed = ( ect == v && md5_vm_test() );
 
       
   863         var frm = document.forms.login;
 
       
   864         if(testpassed)
 
       
   865         {
 
       
   866           // alert('encryption self-test passed');
 
       
   867           frm.use_crypt.value = 'yes';
 
       
   868           var cryptkey = frm.crypt_key.value;
 
       
   869           frm.crypt_key.value = '';
 
       
   870           if(cryptkey != byteArrayToHex(hexToByteArray(cryptkey)))
 
       
   871           {
 
       
   872             alert('Byte array conversion SUCKS');
 
       
   873             testpassed = false;
 
       
   874           }
 
       
   875           cryptkey = hexToByteArray(cryptkey);
 
       
   876           if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
 
       
   877           {
 
       
   878             frm._cont.disabled = true;
 
       
   879             len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
 
       
   880             alert('The key is messed up\nType: '+typeof(cryptkey)+len);
 
       
   881           }
 
       
   882         }
 
       
   883         else
 
       
   884         {
 
       
   885           // alert('encryption self-test FAILED');
 
       
   886         }
 
   881         if(testpassed)
 
   887         if(testpassed)
 
   882         {
 
   888         {
 
   883           pass = frm.admin_pass.value;
 
   889           pass = frm.admin_pass.value;
 
   884           pass = stringToByteArray(pass);
 
   890           pass = stringToByteArray(pass);
 
   885           cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
 
   891           cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
 
   889           if(!cryptstring)
 
   895           if(!cryptstring)
 
   890           {
 
   896           {
 
   891             return false;
 
   897             return false;
 
   892           }
 
   898           }
 
   893           cryptstring = byteArrayToHex(cryptstring);
 
   899           cryptstring = byteArrayToHex(cryptstring);
 
   894           document.getElementById('cryptdebug').innerHTML = '<pre>Data: '+cryptstring+'<br />Key:  '+byteArrayToHex(cryptkey)+'</pre>';
 
   900           // document.getElementById('cryptdebug').innerHTML = '<pre>Data: '+cryptstring+'<br />Key:  '+byteArrayToHex(cryptkey)+'</pre>';
 
   895           frm.crypt_data.value = cryptstring;
 
   901           frm.crypt_data.value = cryptstring;
 
   896           frm.admin_pass.value = '';
 
   902           frm.admin_pass.value = '';
 
   897           frm.admin_pass_confirm.value = '';
 
   903           frm.admin_pass_confirm.value = '';
 
   898         }
 
   904         }
 
   899         return false;
 
   905         return false;
 
   912     ?>
 
   918     ?>
 
   913     <form name="confirm" action="install.php?mode=install" method="post">
 
   919     <form name="confirm" action="install.php?mode=install" method="post">
 
   914       <?php
 
   920       <?php
 
   915         $k = array_keys($_POST);
 
   921         $k = array_keys($_POST);
 
   916         for($i=0;$i<sizeof($_POST);$i++) {
 
   922         for($i=0;$i<sizeof($_POST);$i++) {
 
   917           echo '<input type="hidden" name="'.$k[$i].'" value="'.$_POST[$k[$i]].'" />'."\n";
 
   923           echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
 
   918         }
 
   924         }
 
   919       ?>
 
   925       ?>
 
   920       <h3>Enano is ready to install.</h3>
 
   926       <h3>Enano is ready to install.</h3>
 
   921        <p>The wizard has finished collecting information and is ready to install the database schema. Please review the information below,
 
   927        <p>The wizard has finished collecting information and is ready to install the database schema. Please review the information below,
 
   922           and then click the button below to install the database.</p>
 
   928           and then click the button below to install the database.</p>
 
  1010       }
 
  1016       }
 
  1011       
  1017       
  1012       $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
 
  1018       $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
 
  1013       
  1019       
  1014       echo 'Decrypting administration password...';
 
  1020       echo 'Decrypting administration password...';
 
  1015       require('config.php');
 
  1021       
  1016       if ( !isset($cryptkey) )
 
       
  1017       {
 
       
  1018         echo 'failed!<br />Cannot get the key from config.php';
 
       
  1019         break;
 
       
  1020       }
 
       
  1021       $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
 
  1022       $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
 
  1022       $key = $aes->hexToByteArray($cryptkey);
 
  1023       
  1023       $enc = $aes->hexToByteArray($_POST['crypt_data']);
 
  1024       if ( !empty($_POST['crypt_data']) )
 
  1024       $dec = $aes->rijndaelDecrypt($enc, $key, 'ECB');
 
  1025       {
 
  1025       $dec = $aes->byteArrayToString($dec);
 
  1026         require('config.php');
 
       
  1027         if ( !isset($cryptkey) )
 
       
  1028         {
 
       
  1029           echo 'failed!<br />Cannot get the key from config.php';
 
       
  1030           break;
 
       
  1031         }
 
       
  1032         $key = hexdecode($cryptkey);
 
       
  1033         
       
  1034         $dec = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
 
       
  1035         
       
  1036       }
 
       
  1037       else
 
       
  1038       {
 
       
  1039         $dec = $_POST['admin_pass'];
 
       
  1040       }
 
  1026       echo 'done!<br />Generating '.AES_BITS.'-bit AES private key...';
 
  1041       echo 'done!<br />Generating '.AES_BITS.'-bit AES private key...';
 
  1027       $privkey = $aes->gen_readymade_key();
 
  1042       $privkey = $aes->gen_readymade_key();
 
  1028       $pkba = hexdecode($privkey);
 
  1043       $pkba = hexdecode($privkey);
 
  1029       $encpass = $aes->encrypt($dec, $pkba, ENC_HEX);
 
  1044       $encpass = $aes->encrypt($dec, $pkba, ENC_HEX);
 
  1030       
  1045
Enano CMS (1.1.x)