1 <?php

     2 

     3 /*

     4  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between

     5  * Version 1.1.1

     6  * Copyright (C) 2006-2007 Dan Fuhry

     7  * Installation package

     8  * payloads/common.php - Installer payload, common stages

     9  *

    10  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License

    11  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

    12  *

    13  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied

    14  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.

    15  */

    16 

    17 if ( !defined('IN_ENANO_INSTALL') )

    18   die();

    19 

    20 return true;

    21 

    22 function stg_sim_good()

    23 {

    24   return true;

    25 }

    26 

    27 function stg_sim_bad()

    28 {

    29   return true;

    30 }

    31 

    32 function stg_password_decode()

    33 {

    34   global $db;

    35   static $pass = false;

    36   

    37   if ( $pass )

    38     return $pass;

    39   

    40   if ( !isset($_POST['crypt_data']) && !empty($_POST['password']) && $_POST['password'] === $_POST['password_confirm'] )

    41     $pass = $_POST['password'];

    42   

    43   $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);

    44   // retrieve encryption key

    45   $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name=\'install_aes_key\';');

    46   if ( !$q )

    47     $db->_die();

    48   if ( $db->numrows() < 1 )

    49     return false;

    50   list($aes_key) = $db->fetchrow_num();

    51   $aes_key = $aes->hextostring($aes_key);

    52   

    53   $pass = $aes->decrypt($_POST['crypt_data'], $aes_key, ENC_HEX);

    54   if ( !$pass )

    55     return false;

    56   

    57   return $pass; // Will be true if the password isn't crapped

    58 }

    59 

    60 function stg_make_private_key()

    61 {

    62   global $db;

    63   static $site_key = false;

    64   

    65   if ( $site_key )

    66     return $site_key;

    67   

    68   // Is there already a key cached in the database?

    69   $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name=\'site_aes_key\';');

    70   if ( !$q )

    71     $db->_die();

    72   

    73   if ( $db->numrows() > 0 )

    74   {

    75     list($site_key) = $db->fetchrow_num();

    76     $db->free_result();

    77     return $site_key;

    78   }

    79   

    80   $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);

    81   // This will use /dev/urandom if possible

    82   $site_key = $aes->gen_readymade_key();

    83   

    84   // Stash it in the database, don't check for errors though because we can always regenerate it

    85   $db->sql_query('INSERT INTO ' . table_prefix . 'config ( config_name, config_value ) VALUES ( \'site_aes_key\', \'' . $site_key . '\' );');

    86   

    87   return $site_key;

    88 }

    89 

    90 function stg_load_schema()

    91 {

    92   global $db, $dbdriver, $installer_version;

    93   static $sql_parser = false;

    94   

    95   if ( is_object($sql_parser) )

    96     return $sql_parser->parse();

    97   

    98   $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);

    99   

   100   $site_key = stg_make_private_key();

   101   $site_key = $aes->hextostring($site_key);

   102   $admin_pass_clean = stg_password_decode();

   103   $admin_pass = $aes->encrypt($admin_pass_clean, $site_key, ENC_HEX);

   104   

   105   unset($admin_pass_clean); // Security

   106   

   107   try

   108   {

   109     $sql_parser = new SQL_Parser( ENANO_ROOT . "/install/schemas/{$dbdriver}_stage2.sql" );

   110   }

   111   catch ( Exception $e )

   112   {

   113     echo "<pre>$e</pre>";

   114     return false;

   115   }

   116   

   117   $vars = array(

   118       'TABLE_PREFIX'         => $_POST['table_prefix'],

   119       'SITE_NAME'            => $db->escape($_POST['site_name']),

   120       'SITE_DESC'            => $db->escape($_POST['site_desc']),

   121       'COPYRIGHT'            => $db->escape($_POST['copyright']),

   122       // FIXME: update form

   123       'WIKI_MODE'            => ( isset($_POST['wiki_mode']) ? '1' : '0' ),

   124       'ENABLE_CACHE'         => ( is_writable( ENANO_ROOT . '/cache/' ) ? '1' : '0' ),

   125       'VERSION'              => $installer_version['version'],

   126       'ADMIN_USER'           => $db->escape($_POST['username']),

   127       'ADMIN_PASS'           => $admin_pass,

   128       'ADMIN_EMAIL'          => $db->escape($_POST['email']),

   129       'REAL_NAME'            => '', // This has always been stubbed.

   130       'ADMIN_EMBED_PHP'      => strval(AUTH_DISALLOW),

   131       'UNIX_TIME'            => strval(time())

   132     );

   133   

   134   $sql_parser->assign_vars($vars);

   135   return $sql_parser->parse();

   136 }

   137 

   138 function stg_deliver_payload()

   139 {

   140   global $db;

   141   $schema = stg_load_schema();

   142   foreach ( $schema as $sql )

   143   {

   144     if ( !$db->sql_query($sql) )

   145     {

   146       echo $db->get_error();

   147       return false;

   148     }

   149   }

   150   return true;

   151 }

   152