diff -r 112debff64bd -r 5f1cd51bf1be install.php
--- a/install.php Sat Dec 15 18:10:14 2007 -0500
+++ b/install.php Tue Dec 18 23:44:55 2007 -0500
@@ -41,6 +41,8 @@
global $_starttime, $this_page, $sideinfo;
$_starttime = microtime(true);
+global $db;
+
// Determine directory (special case for development servers)
if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
{
@@ -176,6 +178,9 @@
function stg_mysql_connect($act_get = false)
{
+ global $db;
+ $db = new mysql();
+
static $conn = false;
if ( $act_get )
return $conn;
@@ -300,15 +305,114 @@
return false;
}
}
+ // initialize DBAL
+ $db->connect(true, $_POST['db_host'], $db_user, $db_pass, $db_name);
+ // connected and database exists
+ return true;
+}
+
+function stg_pgsql_connect($act_get = false)
+{
+ global $db;
+ $db = new postgresql();
+
+ static $conn = false;
+ if ( $act_get )
+ return $conn;
+
+ $db_user =& $_POST['db_user'];
+ $db_pass =& $_POST['db_pass'];
+ $db_name =& $_POST['db_name'];
+
+ if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) )
+ {
+ $db_name = htmlspecialchars($db_name);
+ die("SECURITY: malformed database name \"$db_name\"
");
+ }
+
+ // First, try to connect using the normal credentials
+ $conn = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_user']} password={$_POST['db_pass']}");
+ if ( !$conn )
+ {
+ // Connection failed. Do we have the root username and password?
+ if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+ {
+ $conn_root = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_root_user']} password={$_POST['db_root_pass']}");
+ if ( !$conn_root )
+ {
+ // Couldn't connect using either set of credentials. Bail out.
+ return false;
+ }
+ unset($db_user, $db_pass);
+ $db_user = pg_escape_string($_POST['db_user']);
+ $db_pass = pg_escape_string($_POST['db_pass']);
+ // Create the user account
+ $q = @pg_query("CREATE ROLE '$db_user' WITH NOSUPERUSER UNENCRYPTED PASSWORD '$db_pass';", $conn_root);
+ if ( !$q )
+ {
+ return false;
+ }
+ pg_close($conn_root);
+ $conn = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_user']} password={$_POST['db_pass']}");
+ if ( !$conn )
+ {
+ // This should honestly never happen.
+ return false;
+ }
+ }
+ }
+ if ( !$q )
+ {
+ // access denied to the database; try the whole root schenanegan again
+ if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+ {
+ $conn_root = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_root_user']} password={$_POST['db_root_pass']}");
+ if ( !$conn_root )
+ {
+ // Couldn't connect as root; bail out
+ return false;
+ }
+ unset($db_user, $db_pass);
+ $db_user = pg_escape_string($_POST['db_user']);
+ $db_pass = pg_escape_string($_POST['db_pass']);
+ // create the database, if it doesn't exist
+ $q = @mysql_query("CREATE DATABASE $db_name WITH OWNER $db_user;", $conn_root);
+ if ( !$q )
+ {
+ // this really should never fail, so don't give any tolerance to it
+ return false;
+ }
+ // Setting the owner to $db_user should grant all the rights we need
+ pg_close($conn_root);
+ // grant tables have hopefully been flushed, kill and reconnect our regular user connection
+ pg_close($conn);
+ $conn = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_user']} password={$_POST['db_pass']}");
+ if ( !$conn )
+ {
+ return false;
+ }
+ }
+ else
+ {
+ return false;
+ }
+ // try again
+ $q = @mysql_query("USE `$db_name`;", $conn);
+ if ( !$q )
+ {
+ // really failed this time; bail out
+ return false;
+ }
+ }
+ // initialize DBAL
+ $db->connect(true, $_POST['db_host'], $db_user, $db_pass, $db_name);
// connected and database exists
return true;
}
function stg_drop_tables()
{
- $conn = stg_mysql_connect(true);
- if ( !$conn )
- return false;
+ global $db;
// Our list of tables included in Enano
$tables = Array( 'categories', 'comments', 'config', 'logs', 'page_text', 'session_keys', 'pages', 'users', 'users_extra', 'themes', 'buddies', 'banlist', 'files', 'privmsgs', 'sidebar', 'hits', 'search_index', 'groups', 'group_members', 'acl', 'tags', 'page_groups', 'page_group_members' );
@@ -318,7 +422,7 @@
{
// Remember that table_prefix is sanitized.
$table = "{$_POST['table_prefix']}$table";
- @mysql_query("DROP TABLE $table;", $conn);
+ $db->sql_query("DROP TABLE $table;", $conn);
}
return true;
}
@@ -370,6 +474,8 @@
if ( $act_get )
return $schema;
+ global $db;
+
$admin_pass = stg_decrypt_admin_pass(true);
$key = stg_generate_aes_key(true);
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
@@ -380,16 +486,29 @@
$admin_user = $_POST['admin_user'];
$admin_user = str_replace('_', ' ', $admin_user);
- $admin_user = mysql_real_escape_string($admin_user);
+ $admin_user = $db->escape($admin_user);
+
+ switch ( $_POST['db_driver'] )
+ {
+ case 'mysql':
+ $schema_file = 'schema.sql';
+ break;
+ case 'postgresql':
+ $schema_file = 'schema-pg.sql';
+ break;
+ }
- $schema = file_get_contents('schema.sql');
- $schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string($_POST['sitename'] ), $schema);
- $schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string($_POST['sitedesc'] ), $schema);
- $schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string($_POST['copyright'] ), $schema);
+ if ( !isset($schema_file) )
+ die('insanity');
+
+ $schema = file_get_contents($schema_file);
+ $schema = str_replace('{{SITE_NAME}}', $db->escape($_POST['sitename'] ), $schema);
+ $schema = str_replace('{{SITE_DESC}}', $db->escape($_POST['sitedesc'] ), $schema);
+ $schema = str_replace('{{COPYRIGHT}}', $db->escape($_POST['copyright'] ), $schema);
$schema = str_replace('{{ADMIN_USER}}', $admin_user , $schema);
- $schema = str_replace('{{ADMIN_PASS}}', mysql_real_escape_string($admin_pass ), $schema);
- $schema = str_replace('{{ADMIN_EMAIL}}', mysql_real_escape_string($_POST['admin_email']), $schema);
- $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff ), $schema);
+ $schema = str_replace('{{ADMIN_PASS}}', $db->escape($admin_pass ), $schema);
+ $schema = str_replace('{{ADMIN_EMAIL}}', $db->escape($_POST['admin_email']), $schema);
+ $schema = str_replace('{{ENABLE_CACHE}}', $db->escape($cacheonoff ), $schema);
$schema = str_replace('{{REAL_NAME}}', '', $schema);
$schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema);
$schema = str_replace('{{VERSION}}', ENANO_VERSION, $schema);
@@ -670,14 +789,14 @@
if($val)
{
if($cv) $color='CCFFCC'; else $color='AAFFAA';
- echo "| $desc |  |
";
+ echo "| $desc | |
";
} elseif(!$val && $warn) {
if($cv) $color='FFFFCC'; else $color='FFFFAA';
- echo "$desc
$extended_desc |  |
";
+ echo "$desc
$extended_desc | |
";
$warned = true;
} else {
if($cv) $color='FFCCCC'; else $color='FFAAAA';
- echo "$desc
$extended_desc |  |
";
+ echo "$desc
$extended_desc | |
";
$failed = true;
}
}
@@ -814,6 +933,78 @@
mysql_close($conn);
die('good');
break;
+ case 'pgsql_test':
+ error_reporting(0);
+ $dbhost = rawurldecode($_POST['host']);
+ $dbname = rawurldecode($_POST['name']);
+ $dbuser = rawurldecode($_POST['user']);
+ $dbpass = rawurldecode($_POST['pass']);
+ $dbrootuser = rawurldecode($_POST['root_user']);
+ $dbrootpass = rawurldecode($_POST['root_pass']);
+ if($dbrootuser != '')
+ {
+ $conn = @pg_connect("host=$dbhost port=5432 user=$dbuser password=$dbpass dbname=$dbname");
+ if(!$conn)
+ {
+ $e = pg_last_error();
+ if(strstr($e, "Lost connection"))
+ die('host'.$e);
+ else
+ die('root'.$e);
+ }
+ $rsp = 'good';
+ $q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
+ if(!$q)
+ {
+ $e = mysql_error();
+ if(strstr($e, 'Unknown database'))
+ {
+ $rsp .= '_creating_db';
+ }
+ }
+ mysql_close($conn);
+ $conn = mysql_connect($dbhost, $dbuser, $dbpass);
+ if(!$conn)
+ {
+ $e = mysql_error();
+ if(strstr($e, "Lost connection"))
+ die('host'.$e);
+ else
+ $rsp .= '_creating_user';
+ }
+ mysql_close($conn);
+ die($rsp);
+ }
+ else
+ {
+ $conn = mysql_connect($dbhost, $dbuser, $dbpass);
+ if(!$conn)
+ {
+ $e = mysql_error();
+ if(strstr($e, "Lost connection"))
+ die('host'.$e);
+ else
+ die('auth'.$e);
+ }
+ $q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
+ if(!$q)
+ {
+ $e = mysql_error();
+ if(strstr($e, 'Unknown database'))
+ {
+ die('name'.$e);
+ }
+ else
+ {
+ die('perm'.$e);
+ }
+ }
+ }
+ $v = mysql_get_server_info();
+ if(version_compare($v, '4.1.17', '<')) die('vers'.$v);
+ mysql_close($conn);
+ die('good');
+ break;
case 'pophelp':
$topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid';
switch($topic)
@@ -899,7 +1090,9 @@
'welcome' => 'Welcome',
'license' => 'License Agreement',
'sysreqs' => 'Server requirements',
- 'database'=> 'Database information',
+ 'database' => 'Select database driver',
+ 'database_mysql'=> 'Database information',
+ 'database_pgsql'=> 'Database information',
'website' => 'Website configuration',
'login' => 'Administration login',
'confirm' => 'Confirm installation',
@@ -999,7 +1192,8 @@
=4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.');
run_test('return version_compare(\'5.2.0\', PHP_VERSION, \'<\');', 'PHP 5.2.0 or later', 'Your server does not have support for PHP 5.2.0. While you may continue installing Enano, please be warned that as of December 31, 2007, all support for Enano on PHP 4 servers is discontinued. If you have at least PHP 5.0.0, support will still be available, but there are many security problems in PHP versions under 5.2.0 that Enano cannot effectively prevent.', true);
- run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.');
+ run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. The MySQL database driver will be unavailable. In many cases this is OK if you have another supported database type available. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.', true);
+ run_test('return function_exists(\'pg_connect\');', 'PostgreSQL extension for PHP', 'It seems that your PHP installation does not have the PostgreSQL extension enabled. Because of this, you won\'t be able to use the PostgreSQL database driver. This is OK in the majority of cases. If you want to use PostgreSQL support, you\'ll need to either compile the PHP extension for Postgres or install the extension with your distribution\'s package manager. Windows administrators will need enable php_pgsql.dll in their php.ini.', true);
run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".');
run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true);
//run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true);
@@ -1007,6 +1201,10 @@
run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the <img> tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.
If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true);
run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true);
run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true);
+ if ( !function_exists('mysql_connect') && !function_exists('pg_connect') )
+ {
+ run_test('return false;', 'No database drivers are available.', 'You need to have at least one database driver working to install Enano. See the warnings on MySQL and PostgreSQL above for more information on installing these database drivers.', false);
+ }
echo '';
if(!$failed)
{
@@ -1044,6 +1242,76 @@
Choose a database driver';
+ echo 'The next step is to choose the database driver that Enano will use. In most cases this is MySQL, but there are certain
+ advantages to PostgreSQL, which is made available only experimentally.
';
+ if ( @file_exists('/etc/enano-is-virt-appliance') )
+ {
+ echo 'You\'re using the Enano virtual appliance.
Unless you configured the appliance manually, PostgreSQL support is not available. In 99% of cases you\'ll want to click MySQL below.
';
+ }
+
+ $mysql_disable_reason = '';
+ $pgsql_disable_reason = '';
+ $mysql_disable = '';
+ $pgsql_disable = '';
+ if ( !function_exists('mysql_connect') )
+ {
+ $mysql_disable = ' disabled="disabled"';
+ $mysql_disable_reason = 'You don\'t have the MySQL PHP extension installed.';
+ }
+ if ( !function_exists('pg_connect') )
+ {
+ $pgsql_disable = ' disabled="disabled"';
+ $pgsql_disable_reason = 'You don\'t have the PostgreSQL PHP extensnion installed.';
+ }
+ if ( function_exists('pg_connect') && version_compare(PHP_VERSION, '5.0.0', '<') )
+ {
+ $pgsql_disable = ' disabled="disabled"';
+ $pgsql_disable_reason = 'You need to have at least PHP 5 to use the PostgreSQL database driver.';
+ }
+
+ echo '
+ restart the installation.';
@@ -1577,6 +2071,7 @@
!isset($_POST['db_name']) ||
!isset($_POST['db_user']) ||
!isset($_POST['db_pass']) ||
+ !isset($_POST['db_driver']) ||
!isset($_POST['sitename']) ||
!isset($_POST['sitedesc']) ||
!isset($_POST['copyright']) ||
@@ -1590,6 +2085,12 @@
$template->footer();
exit;
}
+ if ( !in_array($_POST['db_driver'], array('mysql', 'postgresql')) )
+ {
+ echo 'Invalid database driver.';
+ $template->footer();
+ exit;
+ }
switch($_POST['urlscheme'])
{
case "ugly":