|
1 <?php |
|
2 |
|
3 /* |
|
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
5 * Version 1.1.1 |
|
6 * Copyright (C) 2006-2007 Dan Fuhry |
|
7 * Installation package |
|
8 * login.php - Installer login information stage |
|
9 * |
|
10 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
11 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
12 * |
|
13 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
14 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
15 */ |
|
16 |
|
17 if ( !defined('IN_ENANO_INSTALL') ) |
|
18 die(); |
|
19 |
|
20 // AES functions required |
|
21 require_once( ENANO_ROOT . '/includes/rijndael.php' ); |
|
22 require_once( ENANO_ROOT . '/includes/constants.php' ); |
|
23 require_once( ENANO_ROOT . '/includes/dbal.php' ); |
|
24 |
|
25 // Write our temporary password key to the database |
|
26 require( ENANO_ROOT . '/config.new.php' ); |
|
27 if ( !defined('ENANO_INSTALL_HAVE_CONFIG') ) |
|
28 { |
|
29 die('Config file is corrupt'); |
|
30 } |
|
31 $db = new $dbdriver(); |
|
32 $result = $db->connect(true, $dbhost, $dbuser, $dbpasswd, $dbname); |
|
33 if ( !$result ) |
|
34 die('DB privileges were revoked'); |
|
35 |
|
36 // Is the key in the database? |
|
37 $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name = \'install_aes_key\';'); |
|
38 if ( !$q ) |
|
39 $db->_die(); |
|
40 if ( $db->numrows() > 0 ) |
|
41 { |
|
42 list($install_aes_key) = $db->fetchrow_num(); |
|
43 } |
|
44 else |
|
45 { |
|
46 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
|
47 $install_aes_key = $aes->gen_readymade_key(); |
|
48 |
|
49 if ( ! $db->sql_query('INSERT INTO ' . table_prefix . 'config ( config_name, config_value ) VALUES ( \'install_aes_key\', \'' . $install_aes_key .'\' ); ') ) |
|
50 $db->_die(); |
|
51 } |
|
52 $db->free_result($q); |
|
53 |
|
54 $ui->add_header('<script type="text/javascript" src="includes/js/formutils.js"></script>'); |
|
55 $ui->show_header(); |
|
56 |
|
57 // FIXME: l10n |
|
58 ?> |
|
59 <h3>Administration account</h3> |
|
60 <p>Now it's time to create the account you'll use to administer your site. The e-mail address you enter here will also be used for the global contact address; you can change this after installation is finished if need be.</p> |
|
61 <p>Do not forget the information you enter here. Otherwise you will be unable to administer your site.</p> |
|
62 |
|
63 <script type="text/javascript"> |
|
64 |
|
65 // <![CDATA[ |
|
66 |
|
67 function verify(target) |
|
68 { |
|
69 var frm = document.forms [ 'install_login' ]; |
|
70 var undefined; |
|
71 var passed = true; |
|
72 |
|
73 var data = { |
|
74 username: frm.username.value, |
|
75 password: frm.password.value, |
|
76 password_confirm: frm.password_confirm.value, |
|
77 email: frm.email.value |
|
78 }; |
|
79 |
|
80 if ( !target ) |
|
81 target = { name: undefined }; |
|
82 |
|
83 if ( target.name == undefined || target.name == 'username' ) |
|
84 { |
|
85 var matches = validateUsername(data.username); |
|
86 document.getElementById('s_username').src = ( matches ) ? img_good : img_bad; |
|
87 if ( !matches ) |
|
88 passed = false; |
|
89 } |
|
90 |
|
91 if ( target.name == undefined || target.name == 'password' || target.name == 'password_confirm' ) |
|
92 { |
|
93 var matches = ( data.password.length >= 6 && data.password == data.password_confirm ) ; |
|
94 document.getElementById('s_password').src = ( matches ) ? img_good : img_bad; |
|
95 if ( !matches ) |
|
96 passed = false; |
|
97 } |
|
98 |
|
99 if ( target.name == undefined || target.name == 'email' ) |
|
100 { |
|
101 var matches = validateEmail(data.email); |
|
102 document.getElementById('s_email').src = ( matches ) ? img_good : img_bad; |
|
103 if ( !matches ) |
|
104 passed = false; |
|
105 } |
|
106 |
|
107 return passed; |
|
108 } |
|
109 |
|
110 function verify_submit() |
|
111 { |
|
112 if ( verify() ) |
|
113 return true; |
|
114 alert("One or more of the form fields contains an incorrect value. Please correct any fields that have an X next to them."); |
|
115 } |
|
116 |
|
117 function submit_encrypt() |
|
118 { |
|
119 var frm = document.forms [ 'install_login' ]; |
|
120 var password = frm.password.value; |
|
121 var pass_conf = frm.password_confirm.value; |
|
122 var crypt_key = frm.crypt_key.value; |
|
123 |
|
124 if ( password != pass_conf ) |
|
125 return false; |
|
126 |
|
127 if ( !aes_self_test() ) |
|
128 // Return true to prevent form from failing |
|
129 return true; |
|
130 |
|
131 if ( frm.crypt_key.KeyBak ) |
|
132 { |
|
133 crypt_key = frm.crypt_key.KeyBak; |
|
134 } |
|
135 frm.crypt_key.KeyBak = crypt_key; |
|
136 |
|
137 password = stringToByteArray(password); |
|
138 crypt_key = hexToByteArray(crypt_key); |
|
139 |
|
140 var crypt_data = rijndaelEncrypt(password, crypt_key, 'ECB'); |
|
141 |
|
142 if ( !crypt_data ) |
|
143 { |
|
144 alert('Received a bad response from rijndaelEncrypt(). Shift-click "reload" or "refresh" (depending on your browser) and try again.'); |
|
145 return false; |
|
146 } |
|
147 |
|
148 crypt_data = byteArrayToHex(crypt_data); |
|
149 |
|
150 frm.password.value = ''; |
|
151 frm.password_confirm.value = ''; |
|
152 frm.crypt_key.value = ''; |
|
153 frm.crypt_data.value = crypt_data; |
|
154 |
|
155 return true; |
|
156 } |
|
157 |
|
158 // ]]> |
|
159 |
|
160 </script> |
|
161 |
|
162 <form action="install.php?stage=confirm" method="post" name="install_login" onsubmit="return ( verify_submit() && submit_encrypt() );"><?php |
|
163 foreach ( $_POST as $key => &$value ) |
|
164 { |
|
165 if ( !preg_match('/^[a-z0-9_]+$/', $key) ) |
|
166 die('You idiot hacker...'); |
|
167 if ( $key == '_cont' ) |
|
168 continue; |
|
169 $value_clean = str_replace(array('\\', '"', '<', '>'), array('\\\\', '\\"', '<', '>'), $value); |
|
170 echo "\n <input type=\"hidden\" name=\"$key\" value=\"$value_clean\" />"; |
|
171 } |
|
172 |
|
173 $https = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ); |
|
174 $scriptpath_full = 'http' . ( $https ? 's' : '' ) . '://' . $_SERVER['HTTP_HOST'] . scriptPath . '/'; |
|
175 ?> |
|
176 |
|
177 <input type="hidden" name="crypt_key" value="<?php echo $install_aes_key; ?>" /> |
|
178 <input type="hidden" name="crypt_data" value="" /> |
|
179 |
|
180 <table border="0" cellspacing="0" cellpadding="10" style="width: 100%;"> |
|
181 |
|
182 <tr> |
|
183 <td style="width: 50%;"> |
|
184 <b>Username</b> |
|
185 </td> |
|
186 <td style="width: 50%;"> |
|
187 <input type="text" tabindex="1" name="username" size="15" onkeyup="verify(this);" /> |
|
188 </td> |
|
189 <td> |
|
190 <img id="s_username" alt="Good/bad icon" src="../images/bad.gif" /> |
|
191 </td> |
|
192 </tr> |
|
193 |
|
194 <tr> |
|
195 <td> |
|
196 <b>Password</b><br /> |
|
197 This will be encrypted with AES before it's sent to the server. |
|
198 </td> |
|
199 <td> |
|
200 <input type="password" tabindex="2" name="password" size="15" onkeyup="password_score_field(this); verify(this);" /><br /> |
|
201 <br /> |
|
202 <div id="pwmeter"></div> |
|
203 <br /> |
|
204 <input type="password" tabindex="3" name="password_confirm" size="15" onkeyup="verify(this);" /> <small>(confirm)</small> |
|
205 </td> |
|
206 <td> |
|
207 <img id="s_password" alt="Good/bad icon" src="../images/bad.gif" /> |
|
208 </td> |
|
209 </tr> |
|
210 |
|
211 <tr> |
|
212 <td style="width: 50%;"> |
|
213 <b>E-mail</b> |
|
214 </td> |
|
215 <td style="width: 50%;"> |
|
216 <input type="text" tabindex="4" name="email" size="30" onkeyup="verify(this);" /> |
|
217 </td> |
|
218 <td> |
|
219 <img id="s_email" alt="Good/bad icon" src="../images/bad.gif" /> |
|
220 </td> |
|
221 </tr> |
|
222 |
|
223 </table> |
|
224 |
|
225 <div style="text-align: center;"> |
|
226 <input type="submit" name="_cont" value="<?= $lang->get('meta_btn_continue'); ?>" /> |
|
227 </div> |
|
228 </form> |