12 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
12 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
13 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
13 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
14 */ |
14 */ |
15 |
15 |
16 if ( !defined('IN_ENANO_INSTALL') ) |
16 if ( !defined('IN_ENANO_INSTALL') ) |
17 die(); |
17 die(); |
18 |
18 |
19 // AES functions required |
19 // AES functions required |
20 require_once( ENANO_ROOT . '/includes/rijndael.php' ); |
20 require_once( ENANO_ROOT . '/includes/rijndael.php' ); |
21 require_once( ENANO_ROOT . '/includes/constants.php' ); |
21 require_once( ENANO_ROOT . '/includes/constants.php' ); |
22 require_once( ENANO_ROOT . '/includes/dbal.php' ); |
22 require_once( ENANO_ROOT . '/includes/dbal.php' ); |
23 |
23 |
24 // Write our temporary password key to the database |
24 // Write our temporary password key to the database |
25 require( ENANO_ROOT . '/config.new.php' ); |
25 require( ENANO_ROOT . '/config.new.php' ); |
26 if ( !defined('ENANO_INSTALL_HAVE_CONFIG') ) |
26 if ( !defined('ENANO_INSTALL_HAVE_CONFIG') ) |
27 { |
27 { |
28 die('Config file is corrupt'); |
28 die('Config file is corrupt'); |
29 } |
29 } |
30 $db = new $dbdriver(); |
30 $db = new $dbdriver(); |
31 $result = $db->connect(); |
31 $result = $db->connect(); |
32 if ( !$result ) |
32 if ( !$result ) |
33 die('DB privileges were revoked'); |
33 die('DB privileges were revoked'); |
34 |
34 |
35 // Is the key in the database? |
35 // Is the key in the database? |
36 $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name = \'install_aes_key\';'); |
36 $q = $db->sql_query('SELECT config_value FROM ' . table_prefix . 'config WHERE config_name = \'install_aes_key\';'); |
37 if ( !$q ) |
37 if ( !$q ) |
38 $db->_die(); |
38 $db->_die(); |
39 if ( $db->numrows() > 0 ) |
39 if ( $db->numrows() > 0 ) |
40 { |
40 { |
41 list($install_aes_key) = $db->fetchrow_num(); |
41 list($install_aes_key) = $db->fetchrow_num(); |
42 } |
42 } |
43 else |
43 else |
44 { |
44 { |
45 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
45 $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE); |
46 $install_aes_key = $aes->gen_readymade_key(); |
46 $install_aes_key = $aes->gen_readymade_key(); |
47 |
47 |
48 if ( ! $db->sql_query('INSERT INTO ' . table_prefix . 'config ( config_name, config_value ) VALUES ( \'install_aes_key\', \'' . $install_aes_key .'\' ); ') ) |
48 if ( ! $db->sql_query('INSERT INTO ' . table_prefix . 'config ( config_name, config_value ) VALUES ( \'install_aes_key\', \'' . $install_aes_key .'\' ); ') ) |
49 $db->_die(); |
49 $db->_die(); |
50 } |
50 } |
51 $db->free_result($q); |
51 $db->free_result($q); |
52 |
52 |
53 $ui->add_header('<script type="text/javascript" src="includes/js/formutils.js"></script>'); |
53 $ui->add_header('<script type="text/javascript" src="includes/js/formutils.js"></script>'); |
54 $ui->show_header(); |
54 $ui->show_header(); |
58 <h3><?php echo $lang->get('login_welcome_title'); ?></h3> |
58 <h3><?php echo $lang->get('login_welcome_title'); ?></h3> |
59 <?php echo $lang->get('login_welcome_body'); ?> |
59 <?php echo $lang->get('login_welcome_body'); ?> |
60 |
60 |
61 <script type="text/javascript"> |
61 <script type="text/javascript"> |
62 |
62 |
63 // <![CDATA[ |
63 // <![CDATA[ |
64 |
64 |
65 function verify(target) |
65 function verify(target) |
66 { |
66 { |
67 var frm = document.forms [ 'install_login' ]; |
67 var frm = document.forms [ 'install_login' ]; |
68 var undefined; |
68 var undefined; |
69 var passed = true; |
69 var passed = true; |
70 |
70 |
71 var data = { |
71 var data = { |
72 username: frm.username.value, |
72 username: frm.username.value, |
73 password: frm.password.value, |
73 password: frm.password.value, |
74 password_confirm: frm.password_confirm.value, |
74 password_confirm: frm.password_confirm.value, |
75 email: frm.email.value |
75 email: frm.email.value |
76 }; |
76 }; |
77 |
77 |
78 if ( !target ) |
78 if ( !target ) |
79 target = { name: undefined }; |
79 target = { name: undefined }; |
80 |
80 |
81 if ( target.name == undefined || target.name == 'username' ) |
81 if ( target.name == undefined || target.name == 'username' ) |
82 { |
82 { |
83 var matches = validateUsername(data.username); |
83 var matches = validateUsername(data.username); |
84 document.getElementById('s_username').src = ( matches ) ? img_good : img_bad; |
84 document.getElementById('s_username').src = ( matches ) ? img_good : img_bad; |
85 if ( !matches ) |
85 if ( !matches ) |
86 passed = false; |
86 passed = false; |
87 } |
87 } |
88 |
88 |
89 if ( target.name == undefined || target.name == 'password' || target.name == 'password_confirm' ) |
89 if ( target.name == undefined || target.name == 'password' || target.name == 'password_confirm' ) |
90 { |
90 { |
91 var matches = ( data.password.length >= 6 && data.password == data.password_confirm ) ; |
91 var matches = ( data.password.length >= 6 && data.password == data.password_confirm ) ; |
92 document.getElementById('s_password').src = ( matches ) ? img_good : img_bad; |
92 document.getElementById('s_password').src = ( matches ) ? img_good : img_bad; |
93 if ( !matches ) |
93 if ( !matches ) |
94 passed = false; |
94 passed = false; |
95 } |
95 } |
96 |
96 |
97 if ( target.name == undefined || target.name == 'email' ) |
97 if ( target.name == undefined || target.name == 'email' ) |
98 { |
98 { |
99 var matches = validateEmail(data.email); |
99 var matches = validateEmail(data.email); |
100 document.getElementById('s_email').src = ( matches ) ? img_good : img_bad; |
100 document.getElementById('s_email').src = ( matches ) ? img_good : img_bad; |
101 if ( !matches ) |
101 if ( !matches ) |
102 passed = false; |
102 passed = false; |
103 } |
103 } |
104 |
104 |
105 return passed; |
105 return passed; |
106 } |
106 } |
107 |
107 |
108 function verify_submit() |
108 function verify_submit() |
109 { |
109 { |
110 if ( verify() ) |
110 if ( verify() ) |
111 return true; |
111 return true; |
112 alert($lang.get('login_err_verify_failure')); |
112 alert($lang.get('login_err_verify_failure')); |
113 return false; |
113 return false; |
114 } |
114 } |
115 |
115 |
116 function submit_encrypt() |
116 function submit_encrypt() |
117 { |
117 { |
118 var frm = document.forms [ 'install_login' ]; |
118 var frm = document.forms [ 'install_login' ]; |
119 var password = frm.password.value; |
119 var password = frm.password.value; |
120 var pass_conf = frm.password_confirm.value; |
120 var pass_conf = frm.password_confirm.value; |
121 var crypt_key = frm.crypt_key.value; |
121 var crypt_key = frm.crypt_key.value; |
122 |
122 |
123 if ( password != pass_conf ) |
123 if ( password != pass_conf ) |
124 return false; |
124 return false; |
125 |
125 |
126 if ( !aes_self_test() ) |
126 if ( !aes_self_test() ) |
127 // Return true to prevent form from failing |
127 // Return true to prevent form from failing |
128 return true; |
128 return true; |
129 |
129 |
130 if ( frm.crypt_key.KeyBak ) |
130 if ( frm.crypt_key.KeyBak ) |
131 { |
131 { |
132 crypt_key = frm.crypt_key.KeyBak; |
132 crypt_key = frm.crypt_key.KeyBak; |
133 } |
133 } |
134 frm.crypt_key.KeyBak = crypt_key; |
134 frm.crypt_key.KeyBak = crypt_key; |
135 |
135 |
136 password = stringToByteArray(password); |
136 password = stringToByteArray(password); |
137 crypt_key = hexToByteArray(crypt_key); |
137 crypt_key = hexToByteArray(crypt_key); |
138 |
138 |
139 var crypt_data = rijndaelEncrypt(password, crypt_key, 'ECB'); |
139 var crypt_data = rijndaelEncrypt(password, crypt_key, 'ECB'); |
140 |
140 |
141 if ( !crypt_data ) |
141 if ( !crypt_data ) |
142 { |
142 { |
143 alert($lang.get('login_err_rijndael_failed')); |
143 alert($lang.get('login_err_rijndael_failed')); |
144 return false; |
144 return false; |
145 } |
145 } |
146 |
146 |
147 crypt_data = byteArrayToHex(crypt_data); |
147 crypt_data = byteArrayToHex(crypt_data); |
148 |
148 |
149 frm.password.value = ''; |
149 frm.password.value = ''; |
150 frm.password_confirm.value = ''; |
150 frm.password_confirm.value = ''; |
151 frm.crypt_key.value = ''; |
151 frm.crypt_key.value = ''; |
152 frm.crypt_data.value = crypt_data; |
152 frm.crypt_data.value = crypt_data; |
153 |
153 |
154 return true; |
154 return true; |
155 } |
155 } |
156 |
156 |
157 addOnloadHook(function() |
157 addOnloadHook(function() |
158 { |
158 { |
159 load_component('crypto'); |
159 load_component('crypto'); |
160 load_component('l10n'); |
160 load_component('l10n'); |
161 }); |
161 }); |
162 |
162 |
163 // ]]> |
163 // ]]> |
164 |
164 |
165 </script> |
165 </script> |
166 |
166 |
167 <form action="install.php?stage=confirm" method="post" name="install_login" onsubmit="return ( verify_submit() && submit_encrypt() );"><?php |
167 <form action="install.php?stage=confirm" method="post" name="install_login" onsubmit="return ( verify_submit() && submit_encrypt() );"><?php |
168 foreach ( $_POST as $key => &$value ) |
168 foreach ( $_POST as $key => &$value ) |
169 { |
169 { |
170 if ( !preg_match('/^[a-z0-9_]+$/', $key) ) |
170 if ( !preg_match('/^[a-z0-9_]+$/', $key) ) |
171 die('You idiot hacker...'); |
171 die('You idiot hacker...'); |
172 if ( $key == '_cont' ) |
172 if ( $key == '_cont' ) |
173 continue; |
173 continue; |
174 $value_clean = str_replace(array('\\', '"', '<', '>'), array('\\\\', '\\"', '<', '>'), $value); |
174 $value_clean = str_replace(array('\\', '"', '<', '>'), array('\\\\', '\\"', '<', '>'), $value); |
175 echo "\n <input type=\"hidden\" name=\"$key\" value=\"$value_clean\" />"; |
175 echo "\n <input type=\"hidden\" name=\"$key\" value=\"$value_clean\" />"; |
176 } |
176 } |
177 |
177 |
178 $https = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ); |
178 $https = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' ); |
179 $scriptpath_full = 'http' . ( $https ? 's' : '' ) . '://' . $_SERVER['HTTP_HOST'] . scriptPath . '/'; |
179 $scriptpath_full = 'http' . ( $https ? 's' : '' ) . '://' . $_SERVER['HTTP_HOST'] . scriptPath . '/'; |
180 ?> |
180 ?> |
181 |
181 |
182 <input type="hidden" name="crypt_key" value="<?php echo $install_aes_key; ?>" /> |
182 <input type="hidden" name="crypt_key" value="<?php echo $install_aes_key; ?>" /> |
183 <input type="hidden" name="crypt_data" value="" /> |
183 <input type="hidden" name="crypt_data" value="" /> |
184 |
184 |
185 <table border="0" cellspacing="0" cellpadding="10" style="width: 100%;"> |
185 <table border="0" cellspacing="0" cellpadding="10" style="width: 100%;"> |
186 |
186 |
187 <tr> |
187 <tr> |
188 <td style="width: 50%;"> |
188 <td style="width: 50%;"> |
189 <b><?php echo $lang->get('login_field_username'); ?></b> |
189 <b><?php echo $lang->get('login_field_username'); ?></b> |
190 </td> |
190 </td> |
191 <td style="width: 50%;"> |
191 <td style="width: 50%;"> |
192 <input type="text" tabindex="1" name="username" size="15" onkeyup="verify(this);" /> |
192 <input type="text" tabindex="1" name="username" size="15" onkeyup="verify(this);" /> |
193 </td> |
193 </td> |
194 <td> |
194 <td> |
195 <img id="s_username" alt="Good/bad icon" src="../images/checkbad.png" /> |
195 <img id="s_username" alt="Good/bad icon" src="../images/checkbad.png" /> |
196 </td> |
196 </td> |
197 </tr> |
197 </tr> |
198 |
198 |
199 <tr> |
199 <tr> |
200 <td> |
200 <td> |
201 <b><?php echo $lang->get('login_field_password'); ?></b><br /> |
201 <b><?php echo $lang->get('login_field_password'); ?></b><br /> |
202 <?php echo $lang->get('login_aes_blurb'); ?> |
202 <?php echo $lang->get('login_aes_blurb'); ?> |
203 </td> |
203 </td> |
204 <td> |
204 <td> |
205 <input type="password" tabindex="2" name="password" size="15" onkeyup="password_score_field(this); verify(this);" /><br /> |
205 <input type="password" tabindex="2" name="password" size="15" onkeyup="password_score_field(this); verify(this);" /><br /> |
206 <br /> |
206 <br /> |
207 <div id="pwmeter"></div> |
207 <div id="pwmeter"></div> |
208 <br /> |
208 <br /> |
209 <input type="password" tabindex="3" name="password_confirm" size="15" onkeyup="verify(this);" /> <small><?php echo $lang->get('login_field_password_confirm'); ?></small> |
209 <input type="password" tabindex="3" name="password_confirm" size="15" onkeyup="verify(this);" /> <small><?php echo $lang->get('login_field_password_confirm'); ?></small> |
210 </td> |
210 </td> |
211 <td> |
211 <td> |
212 <img id="s_password" alt="Good/bad icon" src="../images/checkbad.png" /> |
212 <img id="s_password" alt="Good/bad icon" src="../images/checkbad.png" /> |
213 </td> |
213 </td> |
214 </tr> |
214 </tr> |
215 |
215 |
216 <tr> |
216 <tr> |
217 <td style="width: 50%;"> |
217 <td style="width: 50%;"> |
218 <b><?php echo $lang->get('login_field_email'); ?></b> |
218 <b><?php echo $lang->get('login_field_email'); ?></b> |
219 </td> |
219 </td> |
220 <td style="width: 50%;"> |
220 <td style="width: 50%;"> |
221 <input type="text" tabindex="4" name="email" size="30" onkeyup="verify(this);" /> |
221 <input type="text" tabindex="4" name="email" size="30" onkeyup="verify(this);" /> |
222 </td> |
222 </td> |
223 <td> |
223 <td> |
224 <img id="s_email" alt="Good/bad icon" src="../images/checkbad.png" /> |
224 <img id="s_email" alt="Good/bad icon" src="../images/checkbad.png" /> |
225 </td> |
225 </td> |
226 </tr> |
226 </tr> |
227 |
227 |
228 </table> |
228 </table> |
229 |
229 |
230 <div style="text-align: center;"> |
230 <div style="text-align: center;"> |
231 <input type="submit" name="_cont" value="<?php echo $lang->get('meta_btn_continue'); ?>" /> |
231 <input type="submit" name="_cont" value="<?php echo $lang->get('meta_btn_continue'); ?>" /> |
232 </div> |
232 </div> |
233 </form> |
233 </form> |