diff -r 299a90e28abc -r 87e08a6e4fec upgrade.php --- a/upgrade.php Thu Jan 03 18:39:19 2008 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,811 +0,0 @@ - Array('1.0b2'), - '1.0b2' => Array('1.0b3'), - '1.0b3' => Array('1.0b4'), - '1.0b4' => Array('1.0RC1'), - '1.0RC1' => Array('1.0RC2'), - '1.0RC2' => Array('1.0RC3'), - '1.0RC3' => Array('1.0'), - '1.0' => Array('1.0.1'), - '1.0.1' => Array('1.0.1.1'), - '1.0.1.1' => Array('1.0.2b1'), - '1.0.2b1' => Array('1.0.2'), - '1.0.2' => Array('Stable1.0ToUnstable1.1'), - 'Stable1.0ToUnstable1.1' => Array('1.1.1') - ); -$this_version = '1.1.1'; -$func_list = Array( - '1.0' => Array('u_1_0_1_update_del_votes'), - '1.0b4' => Array('u_1_0_RC1_update_user_ids', 'u_1_0_RC1_add_admins_to_group', 'u_1_0_RC1_alter_files_table', 'u_1_0_RC1_destroy_session_cookie', 'u_1_0_RC1_set_contact_email', 'u_1_0_RC1_update_page_text'), // , - // '1.0RC2' => Array('u_1_0_populate_userpage_comments') - '1.0RC3' => Array('u_1_0_RC3_make_users_extra'), - '1.0.2b1' => Array('u_1_0_2_nuke_template_cache', 'u_1_0_2_rebuild_search_index') - ); - -if(!isset($_GET['mode'])) -{ - $_GET['mode'] = 'login'; -} - -function err($t) -{ - global $template; - echo $t; - $template->footer(); - exit; -} - -require(ENANO_ROOT.'/includes/template.php'); - -// Initialize the session manager -require(ENANO_ROOT.'/includes/functions.php'); -require(ENANO_ROOT.'/includes/dbal.php'); -require(ENANO_ROOT.'/includes/paths.php'); -require(ENANO_ROOT.'/includes/sessions.php'); -require(ENANO_ROOT.'/includes/plugins.php'); -require(ENANO_ROOT.'/includes/rijndael.php'); -require(ENANO_ROOT.'/includes/render.php'); -require(ENANO_ROOT.'/includes/search.php'); -$db = new mysql(); -$db->connect(); - -$plugins = new pluginLoader(); - -if(!defined('ENANO_CONFIG_FETCHED')) -{ - // Select and fetch the site configuration - $e = $db->sql_query('SELECT config_name, config_value FROM '.table_prefix.'config;'); - if ( !$e ) - { - $db->_die('Some critical configuration information could not be selected.'); - } - else - { - define('ENANO_CONFIG_FETCHED', ''); // Used in die_semicritical to figure out whether to call getConfig() or not - } - - $enano_config = Array(); - while($r = $db->fetchrow()) - { - $enano_config[$r['config_name']] = $r['config_value']; - } - $db->free_result(); -} - -$v = enano_version(); -if(in_array($v, Array(false, '', '1.0b3', '1.0b4'))) -{ - $ul_admin = 2; - $ul_mod = 1; - $ul_member = 0; - $ul_guest = -1; -} -else -{ - $ul_admin = USER_LEVEL_ADMIN; - $ul_mod = USER_LEVEL_MOD; - $ul_member = USER_LEVEL_MEMBER; - $ul_guest = USER_LEVEL_GUEST; -} - -$_GET['title'] = 'unset'; - -$session = new sessionManager(); -$paths = new pathManager(); -$session->start(); - -$template = new template_nodb(); -$template->load_theme('oxygen', 'bleu', false); - -$modestrings = Array( - 'login' => 'Administrative login', - 'welcome' => 'Welcome', - 'setversion' => 'Select Enano version', - 'confirm' => 'Confirm upgrade', - 'upgrade' => 'Database installation', - 'finish' => 'Upgrade complete' - ); - -$sideinfo = ''; -$vars = $template->extract_vars('elements.tpl'); -$p = $template->makeParserText($vars['sidebar_button']); -foreach ( $modestrings as $id => $str ) -{ - if ( $_GET['mode'] == $id ) - { - $flags = 'style="font-weight: bold; text-decoration: underline;"'; - $this_page = $str; - } - else - { - $flags = ''; - } - $p->assign_vars(Array( - 'HREF' => '#', - 'FLAGS' => $flags . ' onclick="return false;"', - 'TEXT' => $str - )); - $sideinfo .= $p->run(); -} - -$template->init_vars(); - -function upg_assign_vars($schema) -{ - $schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string(getConfig('site_name')), $schema); - $schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string(getConfig('site_desc')), $schema); - $schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string(getConfig('copyright_notice')), $schema); - $schema = str_replace('{{TABLE_PREFIX}}', table_prefix, $schema); - if(getConfig('wiki_mode')=='1') $schema = str_replace('{{WIKI_MODE}}', '1', $schema); - else $schema = str_replace('{{WIKI_MODE}}', '0', $schema); - return $schema; -} - -/* Version-specific functions */ - -function u_1_0_RC1_update_user_ids() -{ - global $db; - // First, make sure this hasn't already been done - $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE user_id=1;'); - if ( !$q ) - $db->_die(); - $row = $db->fetchrow(); - if ( $row['username'] == 'Anonymous' ) - return true; - // Find the first unused user ID - $used = Array(); - $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users;'); - if ( !$q ) - $db->_die(); - $notfirst = false; - while ( $row = $db->fetchrow() ) - { - $i = intval($row['user_id']); - $used[$i] = true; - if ( !isset($used[$i - 1]) && $notfirst ) - { - $id = $i - 1; - break; - } - $notfirst = true; - } - if ( !isset($id) ) - $id = $i + 1; - if ( $id == 0 ) - $id = 2; - $db->free_result(); - - $q = $db->sql_query('UPDATE '.table_prefix.'users SET user_id=' . $id . ' WHERE user_id=1;'); - if(!$q) - $db->_die(); - $q = $db->sql_query('UPDATE '.table_prefix.'users SET user_id=1 WHERE user_id=-1 AND username=\'Anonymous\';'); - if(!$q) - $db->_die(); - -} - -function u_1_0_RC1_add_admins_to_group() -{ - global $db; - $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_level=' . USER_LEVEL_ADMIN . ';'); - if ( !$q ) - $db->_die(); - $base = 'INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES'; - $blocks = Array(); - while ( $row = $db->fetchrow($q) ) - { - $blocks[] = '(2,' . $row['user_id'] . ')'; - } - $blocks = implode(',', $blocks); - $sql = $base . $blocks . ';'; - if(!$db->sql_query($sql)) - $db->_die(); -} - -function u_1_0_RC1_alter_files_table() -{ - global $db; - if(!is_dir(ENANO_ROOT.'/files')) - @mkdir(ENANO_ROOT . '/files'); - if(!is_dir(ENANO_ROOT.'/files')) - die('ERROR: Couldn\'t create files directory'); - $q = $db->sql_unbuffered_query('SELECT * FROM '.table_prefix.'files;', $db->_conn); - if(!$q) $db->_die(); - while ( $row = $db->fetchrow() ) - { - $file_data = base64_decode($row['data']); - $path = ENANO_ROOT . '/files/' . md5( $row['filename'] . '_' . $file_data ) . '_' . $row['time_id'] . $row['file_extension']; - @unlink($path); - $handle = @fopen($path, 'w'); - if(!$handle) - die('fopen failed'); - fwrite($handle, $file_data); - fclose($handle); - - } - - $q = $db->sql_query('ALTER TABLE '.table_prefix.'files DROP PRIMARY KEY, ADD COLUMN file_id int(12) NOT NULL auto_increment FIRST, ADD PRIMARY KEY (file_id), ADD COLUMN file_key varchar(32) NOT NULL;'); - if(!$q) $db->_die(); - - $list = Array(); - $q = $db->sql_unbuffered_query('SELECT * FROM '.table_prefix.'files;', $db->_conn); - if(!$q) $db->_die(); - while ( $row = $db->fetchrow($q) ) - { - $file_data = base64_decode($row['data']); - $key = md5( $row['filename'] . '_' . $file_data ); - $list[] = 'UPDATE '.table_prefix.'files SET file_key=\'' . $key . '\' WHERE file_id=' . $row['file_id'] . ';'; - } - - foreach ( $list as $sql ) - { - if(!$db->sql_query($sql)) $db->_die(); - } - - if(!$db->sql_query('ALTER TABLE '.table_prefix.'files DROP data')) $db->_die(); - -} - -function u_1_0_RC1_destroy_session_cookie() -{ - unset($_COOKIE['sid']); - setcookie('sid', '', time()-3600*24, scriptPath); - setcookie('sid', '', time()-3600*24, scriptPath.'/'); -} - -function u_1_0_RC1_set_contact_email() -{ - global $db; - $q = $db->sql_query('SELECT email FROM '.table_prefix.'users WHERE user_level='.USER_LEVEL_ADMIN.' ORDER BY user_level ASC LIMIT 1;'); - if(!$q) - $db->_die(); - $row = $db->fetchrow(); - setConfig('contact_email', $row['email']); -} - -function u_1_0_RC1_update_page_text() -{ - global $db; - $q = $db->sql_unbuffered_query('SELECT page_id,namespace,page_text,char_tag FROM '.table_prefix.'page_text'); - if (!$q) - $db->_die(); - - $qs = array(); - - while ( $row = $db->fetchrow($q) ) - { - $row['page_text'] = str_replace(Array( - "{QUOT:{$row['char_tag']}}", - "{APOS:{$row['char_tag']}}", - "{SLASH:{$row['char_tag']}}" - ), Array( - '"', "'", '\\' - ), $row['page_text']); - $qs[] = 'UPDATE '.table_prefix.'page_text SET page_text=\'' . mysql_real_escape_string($row['page_text']) . '\' - WHERE page_id=\'' . mysql_real_escape_string($row['page_id']) . '\' AND - namespace=\'' . mysql_real_escape_string($row['namespace']) . '\';'; - } - - foreach($qs as $query) - { - if(!$db->sql_query($query)) - $db->_die(); - } -} - -function u_1_0_1_update_del_votes() -{ - global $db; - $q = $db->sql_query('SELECT urlname, namespace, delvote_ips FROM '.table_prefix.'pages;'); - if ( !$q ) - $db->_die(); - - while ( $row = $db->fetchrow($q) ) - { - $ips = strval($row['delvote_ips']); - if ( is_array( @unserialize($ips) ) ) - continue; - $ips = explode('|', $ips); - $new = array( - 'ip' => array(), - 'u' => array() - ); - $i = 0; - $prev = ''; - $prev_is_ip = false; - foreach ( $ips as $ip ) - { - $i++; - $current_is_ip = is_valid_ip($ip); - if ( $current_is_ip && $prev_is_ip ) - { - $i++; - $new['u'][] = $prev; - } - if ( $current_is_ip ) - { - $new['ip'][] = $ip; - } - else - { - $new['u'][] = $ip; - } - $prev = $ip; - $prev_is_ip = $current_is_ip; - } - if ( $i % 2 == 1 && $prev_is_ip ) - { - $new['u'][] = $ip; - } - $new = serialize($new); - $e = $db->sql_query('UPDATE '.table_prefix.'pages SET delvote_ips=\'' . $db->escape($new) . '\' WHERE urlname=\'' . $db->escape($row['urlname']) . '\' AND namespace=\'' . $db->escape($row['namespace']) . '\';'); - if ( !$e ) - $db->_die(); - } - $db->free_result($q); -} - -function u_1_0_RC3_make_users_extra() -{ - global $db; - $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_id > 0;'); - if ( !$q ) - $db->_die(); - - $ids = array(); - while ( $row = $db->fetchrow() ) - { - $ids[] = intval($row['user_id']); - } - - $ids = '(' . implode('),(', $ids) . ')'; - if ( $ids == '' ) - return false; - $sql = "INSERT INTO " . table_prefix . "users_extra(user_id) VALUES$ids;"; - - if ( !$db->sql_query($sql) ) - $db->_die(); -} - -function u_1_0_2_nuke_template_cache() -{ - $dir = @opendir(ENANO_ROOT . '/cache'); - if ( !$dir ) - { - return false; - } - while ( ($fname = @readdir($dir)) ) - { - if ( preg_match('/\.tpl\.php$/', $fname) ) - { - unlink( ENANO_ROOT . '/cache/' . $fname ); - } - } -} - -function u_1_0_2_rebuild_search_index() -{ - global $paths; - @set_time_limit(0); - $paths->rebuild_search_index(); -} - -switch($_GET['mode']) -{ - case "login": - if ( $session->user_logged_in && $session->user_level < $ul_admin ) - { - $template->header(); - echo '

Your user account does not have permission to perform an upgrade of Enano. Return to the index page.

'; - $template->footer(); - exit; - } - if($session->user_logged_in && $session->user_level >= $ul_admin) - { - if(isset($_POST['login'])) - { - $result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_admin); - if($session->sid_super) - { - header('Location: upgrade.php?mode=welcome&auth='.$session->sid_super); - exit; - } - } - $template->header(); - ?> -
- - - - - '; - } - ?> - - - - - - - - -
You must re-authenticate to perform this upgrade.

Login failed: '. $result['error'] . '

Username:
Password:
-
-
- login_without_crypto($_POST['username'], $_POST['password'], false, $ul_member); - if($result == 'success') - { - header('Location: upgrade.php'); - exit; - } - } - $template->header(); - ?> -
- - - - - '; - } - ?> - - - - - - - - -
Please log in to continue with this upgrade.

Login failed. Bad password?

Username:
Password:
-
-
- sid_super) { $template->header(); echo '

No admin session found! Please restart the upgrade.

'; $template->footer(); exit; } - - // Just show a simple welcome page to display version information - $template->header(); - require('config.php'); - - ?> - -
- [ Enano CMS Project logo ] -

Welcome to the Enano upgrade wizard

- You are about to upgrade to a NIGHTLY BUILD of Enano.
Nightly builds CANNOT be re-upgraded to the final release. They may also contain serious flaws, security problems, or extraneous debugging information. Continuing this process on a production site is NOT recommended.
'; - } - ?> - -
-

You are about to upgrade Enano to version . Before you continue, please ensure that:

- -
-
-
- -
-
- - sid_super) { $template->header(); echo '

No admin session found! Please restart the upgrade.

'; $template->footer(); exit; } - $v = ( function_exists('enano_version') ) ? enano_version() : ''; - if(!in_array($v, $valid_versions) && $v != '') - { - $template->header(); - ?> -

Your version of Enano () can't be upgraded to this version ().

- header(); - echo "
"; - ?> -

Sorry, we couldn't detect which version of Enano you're running on your server. Please select which version of Enano you have below, and make absolutely sure that you're correct.

-

-

- -

- `; - break; - } - else - { - header('Location: upgrade.php?mode=confirm&auth='.$session->sid_super); - } - break; - case "confirm": - $enano_version = ( isset($_POST['version']) ) ? $_POST['version'] : enano_version(); - - $template->header(); - if(!$session->sid_super) { echo '

No admin session found! Please restart the upgrade.

'; $template->footer(); exit; } - ?> - - - - - - - - -

Are you sure you want to perform this upgrade?

You can still cancel the upgrade process now. If
the upgrade fails, you will need to roll back
any actions made using manual SQL queries.

Please clear your browser cache or
shift-reload after the upgrade.
If you fail to do so, some page elements may
be broken.

- - -
-
- header(); - if(!$session->sid_super) { echo '

No admin session found! Please restart the upgrade.

'; $template->footer(); exit; } - if(!isset($_POST['enano_version'])) { echo '

Can\'t find the version information on the POST query, are you trying to do this upgrade directly? Please restart the upgrade.

'; break; } - $enano_version = $_POST['enano_version']; - echo '

Preparing for schema execution...'; - // Build an array of queries - $schema = file_get_contents('upgrade.sql'); - - // Strip out and process version blocks - preg_match_all('#---BEGIN ([0-9A-z\.\-]*?)---'."\n".'((.*?)'."\n)?".'---END \\1---#is', $schema, $matches); - - $from_list =& $matches[1]; - $query_list =& $matches[3]; - - foreach($matches[0] as $m) - { - $schema = str_replace($m, '', $schema); - } - $schema = explode("\n", $schema); - foreach($schema as $k => $q) - { - if(substr($q, 0, 2) == '--' || $q == '') - { - unset($schema[$k]); - //die('

'.htmlspecialchars(print_r($schema, true)).'
'); - } - else - { - $schema[$k] = upg_assign_vars($schema[$k]); - } - } - - foreach($query_list as $k => $q) - { - $query_list[$k] = explode("\n", $query_list[$k]); - foreach($query_list[$k] as $i => $s) - { - $tq =& $query_list[$k][$i]; - if(substr($s, 0, 2) == '--' || $s == '') - { - unset($query_list[$k][$i]); - //die('
'.htmlspecialchars(print_r($schema, true)).'
'); - } - else - { - $query_list[$k][$i] = upg_assign_vars($query_list[$k][$i]); - } - } - $query_list[$k] = array_values($query_list[$k]); - } - - $assoc_list = Array(); - - foreach($from_list as $i => $v) - { - $assoc_list[$v] = $query_list[$i]; - } - - $schema = array_values($schema); - - $deps_resolved = false; - $installing_versions = Array($enano_version); - - while(true) - { - $v = array_keys($deps_list); - foreach($v as $i => $ver) - { - if(in_array($ver, $installing_versions)) - { - // $ver is on the list of versions to be installed. Add its dependencies to the list of versions to install. - foreach($deps_list[$ver] as $dep) - { - if(!in_array($dep, $installing_versions)) - { - $installing_versions[] = $dep; - } - } - } - if($i == count($deps_list) - 1) - { - break 2; - } - } - } - - foreach($installing_versions as $this_ver) - { - $schema = array_merge($schema, $assoc_list[$this_ver]); - } - - // Time for some proper SQL syntax! - // Also check queries for so-called injection attempts to make - // sure that it doesn't fail during the upgrade process and - // leave the user with a half-upgraded database - foreach($schema as $s => $q) - { - if(substr($q, strlen($q)-1, 1) != ';') - { - $schema[$s] .= ';'; - } - if ( !$db->check_query($schema[$s]) ) - { - // Uh-oh, the check failed, bail out - // The DBAL runs sanity checks on all queries for safety, - // so if the check fails in mid-upgrade we are in deep - // dodo doo-doo. - echo 'Query failed sanity check, this should never happen and is a bug.

Query was:

'.$schema[$s].'
'; - break 2; - } - } - - $schema = array_values($schema); - - // Used extensively for debugging - // echo '
'.htmlspecialchars(print_r($schema, true)).'
'; - // break; - - echo 'done!
Executing upgrade schema...'; - - // OK, do the loop, baby!!! - foreach($schema as $q) - { - if ( substr($q, 0, 1) == '@' ) - { - // if the first character is @, don't fail on error - $db->sql_query(substr($q, 1)); - } - else - { - if ( !$db->sql_query($q) ) - { - echo $db->get_error(); - break 2; - } - } - } - - // Call any custom functions - foreach ( $installing_versions as $ver ) - { - if ( isset($func_list[$ver]) ) - { - foreach($func_list[$ver] as $function) - { - @call_user_func($function); - } - } - } - - // Log the upgrade - $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'upgrade_enano\', ' . time() . ', \'' . enano_date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($session->username) . '\', \'' . mysql_real_escape_string($this_version) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');'); - - echo 'done!

'; - echo '

You will be redirected shortly. If you aren\'t redirected, click here.

- '; - break; -} -$template->footer(); - -?>