diff -r 474f8be55943 -r ab66d6d1f1f4 install.php
--- a/install.php	Fri Dec 07 18:47:37 2007 -0500
+++ b/install.php	Wed Dec 19 22:55:40 2007 -0500
@@ -45,6 +45,8 @@
 global $_starttime, $this_page, $sideinfo;
 $_starttime = microtime(true);
 
+global $db;
+
 // Determine directory (special case for development servers)
 if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
 {
@@ -185,6 +187,9 @@
 
 function stg_mysql_connect($act_get = false)
 {
+  global $db;
+  $db = new mysql();
+  
   static $conn = false;
   if ( $act_get )
     return $conn;
@@ -309,15 +314,114 @@
       return false;
     }
   }
+  // initialize DBAL
+  $db->connect(true, $_POST['db_host'], $db_user, $db_pass, $db_name);
+  // connected and database exists
+  return true;
+}
+
+function stg_pgsql_connect($act_get = false)
+{
+  global $db;
+  $db = new postgresql();
+  
+  static $conn = false;
+  if ( $act_get )
+    return $conn;
+  
+  $db_user =& $_POST['db_user'];
+  $db_pass =& $_POST['db_pass'];
+  $db_name =& $_POST['db_name'];
+  
+  if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) )
+  {
+    $db_name = htmlspecialchars($db_name);
+    die("<p>SECURITY: malformed database name \"$db_name\"</p>");
+  }
+  
+  // First, try to connect using the normal credentials
+  $conn = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_user']} password={$_POST['db_pass']}");
+  if ( !$conn )
+  {
+    // Connection failed. Do we have the root username and password?
+    if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+    {
+      $conn_root = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_root_user']} password={$_POST['db_root_pass']}");
+      if ( !$conn_root )
+      {
+        // Couldn't connect using either set of credentials. Bail out.
+        return false;
+      }
+      unset($db_user, $db_pass);
+      $db_user = pg_escape_string($_POST['db_user']);
+      $db_pass = pg_escape_string($_POST['db_pass']);
+      // Create the user account
+      $q = @pg_query("CREATE ROLE '$db_user' WITH NOSUPERUSER UNENCRYPTED PASSWORD '$db_pass';", $conn_root);
+      if ( !$q )
+      {
+        return false;
+      }
+      pg_close($conn_root);
+      $conn = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_user']} password={$_POST['db_pass']}");
+      if ( !$conn )
+      {
+        // This should honestly never happen.
+        return false;
+      }
+    }
+  }
+  if ( !$q )
+  {
+    // access denied to the database; try the whole root schenanegan again
+    if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+    {
+      $conn_root = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_root_user']} password={$_POST['db_root_pass']}");
+      if ( !$conn_root )
+      {
+        // Couldn't connect as root; bail out
+        return false;
+      }
+      unset($db_user, $db_pass);
+      $db_user = pg_escape_string($_POST['db_user']);
+      $db_pass = pg_escape_string($_POST['db_pass']);
+      // create the database, if it doesn't exist
+      $q = @mysql_query("CREATE DATABASE $db_name WITH OWNER $db_user;", $conn_root);
+      if ( !$q )
+      {
+        // this really should never fail, so don't give any tolerance to it
+        return false;
+      }
+      // Setting the owner to $db_user should grant all the rights we need
+      pg_close($conn_root);
+      // grant tables have hopefully been flushed, kill and reconnect our regular user connection
+      pg_close($conn);
+      $conn = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_user']} password={$_POST['db_pass']}");
+      if ( !$conn )
+      {
+        return false;
+      }
+    }
+    else
+    {
+      return false;
+    }
+    // try again
+    $q = @mysql_query("USE `$db_name`;", $conn);
+    if ( !$q )
+    {
+      // really failed this time; bail out
+      return false;
+    }
+  }
+  // initialize DBAL
+  $db->connect(true, $_POST['db_host'], $db_user, $db_pass, $db_name);
   // connected and database exists
   return true;
 }
 
 function stg_drop_tables()
 {
-  $conn = stg_mysql_connect(true);
-  if ( !$conn )
-    return false;
+  global $db;
   // Our list of tables included in Enano
   $tables = Array( 'categories', 'comments', 'config', 'logs', 'page_text', 'session_keys', 'pages', 'users', 'users_extra', 'themes', 'buddies', 'banlist', 'files', 'privmsgs', 'sidebar', 'hits', 'search_index', 'groups', 'group_members', 'acl', 'tags', 'page_groups', 'page_group_members' );
   
@@ -327,7 +431,7 @@
   {
     // Remember that table_prefix is sanitized.
     $table = "{$_POST['table_prefix']}$table";
-    @mysql_query("DROP TABLE $table;", $conn);
+    $db->sql_query("DROP TABLE $table;", $conn);
   }
   return true;
 }
@@ -379,6 +483,8 @@
   if ( $act_get )
     return $schema;
   
+  global $db;
+  
   $admin_pass = stg_decrypt_admin_pass(true);
   $key = stg_generate_aes_key(true);
   $aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
@@ -389,16 +495,29 @@
   
   $admin_user = $_POST['admin_user'];
   $admin_user = str_replace('_', ' ', $admin_user);
-  $admin_user = mysql_real_escape_string($admin_user);
+  $admin_user = $db->escape($admin_user);
+  
+  switch ( $_POST['db_driver'] )
+  {
+    case 'mysql':
+      $schema_file = 'schema.sql';
+      break;
+    case 'postgresql':
+      $schema_file = 'schema-pg.sql';
+      break;
+  }
   
-  $schema = file_get_contents('schema.sql');
-  $schema = str_replace('{{SITE_NAME}}',    mysql_real_escape_string($_POST['sitename']   ), $schema);
-  $schema = str_replace('{{SITE_DESC}}',    mysql_real_escape_string($_POST['sitedesc']   ), $schema);
-  $schema = str_replace('{{COPYRIGHT}}',    mysql_real_escape_string($_POST['copyright']  ), $schema);
+  if ( !isset($schema_file) )
+    die('insanity');
+  
+  $schema = file_get_contents($schema_file);
+  $schema = str_replace('{{SITE_NAME}}',    $db->escape($_POST['sitename']   ), $schema);
+  $schema = str_replace('{{SITE_DESC}}',    $db->escape($_POST['sitedesc']   ), $schema);
+  $schema = str_replace('{{COPYRIGHT}}',    $db->escape($_POST['copyright']  ), $schema);
   $schema = str_replace('{{ADMIN_USER}}',   $admin_user                                    , $schema);
-  $schema = str_replace('{{ADMIN_PASS}}',   mysql_real_escape_string($admin_pass          ), $schema);
-  $schema = str_replace('{{ADMIN_EMAIL}}',  mysql_real_escape_string($_POST['admin_email']), $schema);
-  $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff          ), $schema);
+  $schema = str_replace('{{ADMIN_PASS}}',   $db->escape($admin_pass          ), $schema);
+  $schema = str_replace('{{ADMIN_EMAIL}}',  $db->escape($_POST['admin_email']), $schema);
+  $schema = str_replace('{{ENABLE_CACHE}}', $db->escape($cacheonoff          ), $schema);
   $schema = str_replace('{{REAL_NAME}}',    '',                                              $schema);
   $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'],                          $schema);
   $schema = str_replace('{{VERSION}}',      ENANO_VERSION,                                   $schema);
@@ -818,6 +937,78 @@
     mysql_close($conn);
     die('good');
     break;
+  case 'pgsql_test':
+    error_reporting(0);
+    $dbhost     = rawurldecode($_POST['host']);
+    $dbname     = rawurldecode($_POST['name']);
+    $dbuser     = rawurldecode($_POST['user']);
+    $dbpass     = rawurldecode($_POST['pass']);
+    $dbrootuser = rawurldecode($_POST['root_user']);
+    $dbrootpass = rawurldecode($_POST['root_pass']);
+    if($dbrootuser != '')
+    {
+      $conn = @pg_connect("host=$dbhost port=5432 user=$dbuser password=$dbpass dbname=$dbname");
+      if(!$conn)
+      {
+        $e = pg_last_error();
+        if(strstr($e, "Lost connection"))
+          die('host'.$e);
+        else
+          die('root'.$e);
+      }
+      $rsp = 'good';
+      $q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
+      if(!$q)
+      {
+        $e = mysql_error();
+        if(strstr($e, 'Unknown database'))
+        {
+          $rsp .= '_creating_db';
+        }
+      }
+      mysql_close($conn);
+      $conn = mysql_connect($dbhost, $dbuser, $dbpass);
+      if(!$conn)
+      {
+        $e = mysql_error();
+        if(strstr($e, "Lost connection"))
+          die('host'.$e);
+        else
+          $rsp .= '_creating_user';
+      }
+      mysql_close($conn);
+      die($rsp);
+    }
+    else
+    {
+      $conn = mysql_connect($dbhost, $dbuser, $dbpass);
+      if(!$conn)
+      {
+        $e = mysql_error();
+        if(strstr($e, "Lost connection"))
+          die('host'.$e);
+        else
+          die('auth'.$e);
+      }
+      $q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
+      if(!$q)
+      {
+        $e = mysql_error();
+        if(strstr($e, 'Unknown database'))
+        {
+          die('name'.$e);
+        }
+        else
+        {
+          die('perm'.$e);
+        }
+      }
+    }
+    $v = mysql_get_server_info();
+    if(version_compare($v, '4.1.17', '<')) die('vers'.$v);
+    mysql_close($conn);
+    die('good');
+    break;  
   case 'pophelp':
     $topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid';
     switch($topic)
@@ -892,8 +1083,10 @@
               'welcome' => $lang->get('welcome_modetitle'),
               'license' => $lang->get('license_modetitle'),
               'sysreqs' => $lang->get('sysreqs_modetitle'),
-              'database'=> $lang->get('database_modetitle'),
-              'website' => $lang->get('website_modetitle'),
+              'database' => $lang->get('database_modetitle'),
+              'database_mysql'=> $lang->get('database_mysql_modetitle'),
+              'database_pgsql'=> $lang->get('database_pgsql_modetitle'),
+              'website' => $lang->get('website_modetitle'), 
               'login'   => $lang->get('login_modetitle'),
               'confirm' => $lang->get('confirm_modetitle'),
               'install' => $lang->get('install_modetitle'),
@@ -1027,12 +1220,17 @@
     run_test('return version_compare(\'4.3.0\', PHP_VERSION, \'<\');', $lang->get('sysreqs_req_php'), $lang->get('sysreqs_req_desc_php') );
     run_test('return version_compare(\'5.2.0\', PHP_VERSION, \'<\');', $lang->get('sysreqs_req_php5'), $lang->get('sysreqs_req_desc_php5'), true);
     run_test('return function_exists(\'mysql_connect\');', $lang->get('sysreqs_req_mysql'), $lang->get('sysreqs_req_desc_mysql') );
+    run_test('return function_exists(\'pg_connect\');', 'PostgreSQL extension for PHP', 'It seems that your PHP installation does not have the PostgreSQL extension enabled. Because of this, you won\'t be able to use the PostgreSQL database driver. This is OK in the majority of cases. If you want to use PostgreSQL support, you\'ll need to either compile the PHP extension for Postgres or install the extension with your distribution\'s package manager. Windows administrators will need enable php_pgsql.dll in their php.ini.', true);
     run_test('return @ini_get(\'file_uploads\');', $lang->get('sysreqs_req_uploads'), $lang->get('sysreqs_req_desc_uploads') );
     run_test('return is_apache();', $lang->get('sysreqs_req_apache'), $lang->get('sysreqs_req_desc_apache'), true);
     run_test('return is_writable(ENANO_ROOT.\'/config.new.php\');', $lang->get('sysreqs_req_config'), $lang->get('sysreqs_req_desc_config') );
     run_test('return file_exists(\'/usr/bin/convert\');', $lang->get('sysreqs_req_magick'), $lang->get('sysreqs_req_desc_magick'), true);
     run_test('return is_writable(ENANO_ROOT.\'/cache/\');', $lang->get('sysreqs_req_cachewriteable'), $lang->get('sysreqs_req_desc_cachewriteable'), true);
     run_test('return is_writable(ENANO_ROOT.\'/files/\');', $lang->get('sysreqs_req_fileswriteable'), $lang->get('sysreqs_req_desc_fileswriteable'), true);
+    if ( !function_exists('mysql_connect') && !function_exists('pg_connect') )
+    {
+      run_test('return false;', 'No database drivers are available.', 'You need to have at least one database driver working to install Enano. See the warnings on MySQL and PostgreSQL above for more information on installing these database drivers.', false);
+    }
     echo '</table>';
     if(!$failed)
     {
@@ -1082,6 +1280,76 @@
     <?php
     break;
   case "database":
+    echo '<h3>Choose a database driver</h3>';
+    echo '<p>The next step is to choose the database driver that Enano will use. In most cases this is MySQL, but there are certain
+             advantages to PostgreSQL, which is made available only experimentally.</p>';
+    if ( @file_exists('/etc/enano-is-virt-appliance') )
+    {
+      echo '<p><b>You\'re using the Enano virtual appliance.</b><br />Unless you configured the appliance manually, PostgreSQL support is not available. In 99% of cases you\'ll want to click MySQL below.</p>';
+    }
+    
+    $mysql_disable_reason = '';
+    $pgsql_disable_reason = '';
+    $mysql_disable = '';
+    $pgsql_disable = '';
+    if ( !function_exists('mysql_connect') )
+    {
+      $mysql_disable = ' disabled="disabled"';
+      $mysql_disable_reason = 'You don\'t have the MySQL PHP extension installed.';
+    }
+    if ( !function_exists('pg_connect') )
+    {
+      $pgsql_disable = ' disabled="disabled"';
+      $pgsql_disable_reason = 'You don\'t have the PostgreSQL PHP extensnion installed.';
+    }
+    if ( function_exists('pg_connect') && version_compare(PHP_VERSION, '5.0.0', '<') )
+    {
+      $pgsql_disable = ' disabled="disabled"';
+      $pgsql_disable_reason = 'You need to have at least PHP 5 to use the PostgreSQL database driver.';
+    }
+    
+    echo '<form action="install.php" method="get">';
+    ?>
+    <table border="0" cellspacing="5">
+      <tr>
+        <td>
+          <input type="image" name="mode" value="database_mysql" src="images/about-powered-mysql.png"<?php echo $mysql_disable; ?>/>
+        </td>
+        <td<?php if ( $mysql_disable ) echo ' style="opacity: 0.5; filter: alpha(opacity=50);"'; ?>>
+          <b>MySQL</b><br />
+          Click this button to use MySQL as the database backend for your site. Most web hosts support MySQL, and if you have
+          administrative access to your MySQL server, you can create a new database and user during this installation process if you
+          haven't done so already.
+          <?php
+          if ( $mysql_disable )
+          {
+            echo "<br /><br /><b>$mysql_disable_reason</b>";
+          }
+          ?>
+        </td>
+      </tr>
+      <tr>
+        <td>
+          <input type="image" name="mode" value="database_pgsql" src="images/about-powered-pgsql.png"<?php echo $pgsql_disable; ?> />
+        </td>
+        <td<?php if ( $pgsql_disable ) echo ' style="opacity: 0.5; filter: alpha(opacity=50);"'; ?>>
+          <b>PostgreSQL</b><br />
+          Click this button to use PostgreSQL as the database backend for your site. While not as widely supported, PostgreSQL has more
+          liberal licensing conditions and when properly configured is faster than MySQL. Some plugins may not work with the PostgreSQL
+          driver.
+          <?php
+          if ( $pgsql_disable )
+          {
+            echo "<br /><br /><b>$pgsql_disable_reason</b>";
+          }
+          ?>
+        </td>
+      </tr>
+    </table>
+    <?php
+    echo '</form>';
+    break;
+  case "database_mysql":
     ?>
     <script type="text/javascript">
       function ajaxGet(uri, f) {
@@ -1287,6 +1555,7 @@
     }
     ?>
     <form name="dbinfo" action="install.php?mode=website" method="post">
+      <input type="hidden" name="db_driver" value="mysql" />
       <table border="0">
         <tr>
           <td colspan="3" style="text-align: center">
@@ -1414,6 +1683,222 @@
           </tr>
         </table>
       </div>
+        } else {
+          if (window.ActiveXObject) {           
+            ajax = new ActiveXObject("Microsoft.XMLHTTP");
+          } else {
+            alert('Enano client-side runtime error: No AJAX support, unable to continue');
+            return;
+          }
+        }
+        ajax.onreadystatechange = f;
+        ajax.open('GET', uri, true);
+        ajax.send(null);
+      }
+      
+      function ajaxPost(uri, parms, f) {
+        if (window.XMLHttpRequest) {
+          ajax = new XMLHttpRequest();
+        } else {
+          if (window.ActiveXObject) {           
+            ajax = new ActiveXObject("Microsoft.XMLHTTP");
+          } else {
+            alert('Enano client-side runtime error: No AJAX support, unable to continue');
+            return;
+          }
+        }
+        ajax.onreadystatechange = f;
+        ajax.open('POST', uri, true);
+        ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+        ajax.setRequestHeader("Content-length", parms.length);
+        ajax.setRequestHeader("Connection", "close");
+        ajax.send(parms);
+      }
+      function ajaxTestConnection()
+      {
+        v = verify();
+        if(!v)
+        {
+          alert('One or more of the form fields is incorrect. Please correct any information in the form that has an "X" next to it.');
+          return false;
+        }
+        var frm = document.forms.dbinfo;
+        db_host      = escape(frm.db_host.value.replace('+', '%2B'));
+        db_name      = escape(frm.db_name.value.replace('+', '%2B'));
+        db_user      = escape(frm.db_user.value.replace('+', '%2B'));
+        db_pass      = escape(frm.db_pass.value.replace('+', '%2B'));
+        db_root_user = escape(frm.db_root_user.value.replace('+', '%2B'));
+        db_root_pass = escape(frm.db_root_pass.value.replace('+', '%2B'));
+        
+        parms = 'host='+db_host+'&name='+db_name+'&user='+db_user+'&pass='+db_pass+'&root_user='+db_root_user+'&root_pass='+db_root_pass;
+        ajaxPost('<?php echo scriptPath; ?>/install.php?mode=pgsql_test', parms, function() {
+            if(ajax.readyState==4)
+            {
+              s = ajax.responseText.substr(0, 4);
+              t = ajax.responseText.substr(4, ajax.responseText.length);
+              if(s.substr(0, 4)=='good')
+              {
+                document.getElementById('s_db_host').src='images/good.gif';
+                document.getElementById('s_db_name').src='images/good.gif';
+                document.getElementById('s_db_auth').src='images/good.gif';
+                document.getElementById('s_db_root').src='images/good.gif';
+                if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
+                if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
+                document.getElementById('s_mysql_version').src='images/good.gif';
+                document.getElementById('e_mysql_version').innerHTML = 'Your version of PostgreSQL meets Enano requirements.';
+              }
+              else
+              {
+                switch(s)
+                {
+                case 'host':
+                  document.getElementById('s_db_host').src='images/bad.gif';
+                  document.getElementById('s_db_name').src='images/unknown.gif';
+                  document.getElementById('s_db_auth').src='images/unknown.gif';
+                  document.getElementById('s_db_root').src='images/unknown.gif';
+                  document.getElementById('e_db_host').innerHTML = '<b>Error:<\/b> The database server "'+document.forms.dbinfo.db_host.value+'" couldn\'t be contacted.<br \/>'+t;
+                  document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+                  break;
+                case 'auth':
+                  document.getElementById('s_db_host').src='images/good.gif';
+                  document.getElementById('s_db_name').src='images/unknown.gif';
+                  document.getElementById('s_db_auth').src='images/bad.gif';
+                  document.getElementById('s_db_root').src='images/unknown.gif';
+                  document.getElementById('e_db_auth').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
+                  document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+                  break;
+                case 'perm':
+                  document.getElementById('s_db_host').src='images/good.gif';
+                  document.getElementById('s_db_name').src='images/bad.gif';
+                  document.getElementById('s_db_auth').src='images/good.gif';
+                  document.getElementById('s_db_root').src='images/unknown.gif';
+                  document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> Access to the specified database using those login credentials was denied.<br \/>'+t;
+                  document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+                  break;
+                case 'name':
+                  document.getElementById('s_db_host').src='images/good.gif';
+                  document.getElementById('s_db_name').src='images/bad.gif';
+                  document.getElementById('s_db_auth').src='images/good.gif';
+                  document.getElementById('s_db_root').src='images/unknown.gif';
+                  document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> The specified database does not exist<br \/>'+t;
+                  document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+                  break;
+                case 'root':
+                  document.getElementById('s_db_host').src='images/good.gif';
+                  document.getElementById('s_db_name').src='images/unknown.gif';
+                  document.getElementById('s_db_auth').src='images/unknown.gif';
+                  document.getElementById('s_db_root').src='images/bad.gif';
+                  document.getElementById('e_db_root').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
+                  document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+                  break;
+                case 'vers':
+                  document.getElementById('s_db_host').src='images/good.gif';
+                  document.getElementById('s_db_name').src='images/good.gif';
+                  document.getElementById('s_db_auth').src='images/good.gif';
+                  document.getElementById('s_db_root').src='images/good.gif';
+                  if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
+                  if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
+                  
+                  document.getElementById('e_mysql_version').innerHTML = '<b>Error:<\/b> Your version of MySQL ('+t+') is older than 4.1.17. Enano will still work, but there is a known bug with the comment system and MySQL 4.1.11 that involves some comments not being displayed, due to an issue with the PHP function mysql_fetch_row().';
+                  document.getElementById('s_mysql_version').src='images/bad.gif';
+                default:
+                  alert(t);
+                  break;
+                }
+              }
+            }
+          });
+      }
+      function verify()
+      {
+        document.getElementById('e_db_host').innerHTML = '';
+        document.getElementById('e_db_auth').innerHTML = '';
+        document.getElementById('e_db_name').innerHTML = '';
+        document.getElementById('e_db_root').innerHTML = '';
+        var frm = document.forms.dbinfo;
+        ret = true;
+        if(frm.db_host.value != '')
+        {
+          document.getElementById('s_db_host').src='images/unknown.gif';
+        }
+        else
+        {
+          document.getElementById('s_db_host').src='images/bad.gif';
+          ret = false;
+        }
+        if(frm.db_name.value.match(/^([a-z0-9_-]+)$/g))
+        {
+          document.getElementById('s_db_name').src='images/unknown.gif';
+        }
+        else
+        {
+          document.getElementById('s_db_name').src='images/bad.gif';
+          ret = false;
+        }
+        if(frm.db_user.value != '')
+        {
+          document.getElementById('s_db_auth').src='images/unknown.gif';
+        }
+        else
+        {
+          document.getElementById('s_db_auth').src='images/bad.gif';
+          ret = false;
+        }
+        if(frm.table_prefix.value.match(/^([a-z0-9_]*)$/g))
+        {
+          document.getElementById('s_table_prefix').src='images/good.gif';
+        }
+        else
+        {
+          document.getElementById('s_table_prefix').src='images/bad.gif';
+          ret = false;
+        }
+        if(frm.db_root_user.value == '')
+        {
+          document.getElementById('s_db_root').src='images/good.gif';
+        }
+        else if(frm.db_root_user.value != '' && frm.db_root_pass.value == '')
+        {
+          document.getElementById('s_db_root').src='images/bad.gif';
+          ret = false;
+        }
+        else
+        {
+          document.getElementById('s_db_root').src='images/unknown.gif';
+        }
+        if(ret) frm._cont.disabled = false;
+        else    frm._cont.disabled = true;
+        return ret;
+      }
+      window.onload = verify;
+    </script>
+    <p>Now we need some information that will allow Enano to contact your database server. Enano uses PostgreSQL as a data storage backend,
+       and we need to have access to a PostgreSQL server in order to continue.</p>
+    <p>If you do not have access to a PostgreSQL server, and you are using your own server, you can download PostgreSQL for free from
+       <a href="http://www.postgresql.org/">PostgreSQL.org</a>.</p>
+    <form name="dbinfo" action="install.php?mode=website" method="post">
+      <input type="hidden" name="db_driver" value="postgresql" />
+      <table border="0">
+        <tr><td colspan="3" style="text-align: center"><h3>Database information</h3></td></tr>
+        <tr><td><b>Database hostname</b><br />This is the hostname (or sometimes the IP address) of your Postgres server. In many cases, this is "localhost".<br /><span style="color: #993300" id="e_db_host"></span></td><td><input onkeyup="verify();" name="db_host" size="30" type="text" /></td><td><img id="s_db_host" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+        <tr><td><b>Database name</b><br />The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a PostgreSQL superuser.<br /><span style="color: #993300" id="e_db_name"></span></td><td><input onkeyup="verify();" name="db_name" size="30" type="text" /></td><td><img id="s_db_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+        <tr><td rowspan="2"><b>Database login</b><br />These fields should be the username and password for a role that has permission to create and alter tables, select data, insert data, update data, and delete data. You may or may not choose to allow dropping tables.<br /><span style="color: #993300" id="e_db_auth"></span></td><td><input onkeyup="verify();" name="db_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_auth" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+        <tr><td><input name="db_pass" size="30" type="password" /></td></tr>
+        <tr><td colspan="3" style="text-align: center"><h3>Optional information</h3></td></tr>
+        <tr><td><b>Table prefix</b><br />The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), numbers (0-9), and underscores (_).</td><td><input onkeyup="verify();" name="table_prefix" size="30" type="text" /></td><td><img id="s_table_prefix" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+        <tr><td rowspan="2"><b>Database administrative login</b><br />If the Postgres database or role that you entered above does not exist yet, you can create them here, assuming that you have the login information for a PostgreSQL superuser. Leave these fields blank unless you need to use them.<br /><span style="color: #993300" id="e_db_root"></span></td><td><input onkeyup="verify();" name="db_root_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_root" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+        <tr><td><input onkeyup="verify();" name="db_root_pass" size="30" type="password" /></td></tr>
+        <tr><td><b>PostgreSQL version</b></td><td id="e_mysql_version">PostgreSQL version information will<br />be checked when you click "Test<br />Connection". You need to have at<br />least PostgreSQL 8.2.0 to install Enano.</td><td><img id="s_mysql_version" alt="Good/bad icon" src="images/unknown.gif" /></td></tr>
+        <tr><td><b>Delete existing tables?</b><br />If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do NOT use this option unless specifically instructed to.</td><td><input type="checkbox" name="drop_tables" id="dtcheck" />  <label for="dtcheck">Drop existing tables</label></td></tr>
+        <tr><td colspan="3" style="text-align: center"><input type="button" value="Test connection" onclick="ajaxTestConnection();" /></td></tr>
+      </table>
+      <div class="pagenav">
+       <table border="0">
+       <tr>
+       <td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />&bull; Check your PostgreSQL connection using the "Test Connection" button.<br />&bull; Be aware that your database information will be transmitted unencrypted several times.</p></td>
+       </tr>
+       </table>
+     </div>
     </form>
     <?php
     break;
@@ -1820,6 +2305,7 @@
        !isset($_POST['db_name']) ||
        !isset($_POST['db_user']) ||
        !isset($_POST['db_pass']) ||
+       !isset($_POST['db_driver']) ||
        !isset($_POST['sitename']) ||
        !isset($_POST['sitedesc']) ||
        !isset($_POST['copyright']) ||
@@ -1833,6 +2319,12 @@
       $template->footer();
       exit;
     }
+    if ( !in_array($_POST['db_driver'], array('mysql', 'postgresql')) )
+    {
+      echo 'Invalid database driver.';
+      $template->footer();
+      exit;
+    }
     switch($_POST['urlscheme'])
     {
       case "ugly":