# HG changeset patch # User Dan # Date 1195358952 18000 # Node ID 58477ab3937f6713a43e82b3fca8532fdecbf6d2 # Parent 43add2be1371b1cef44716d6f00194a240877649 Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually diff -r 43add2be1371 -r 58477ab3937f includes/dbal.php --- a/includes/dbal.php Sat Nov 17 22:56:26 2007 -0500 +++ b/includes/dbal.php Sat Nov 17 23:09:12 2007 -0500 @@ -121,13 +121,25 @@ return $internal_text; } - function connect() { + function connect() + { $this->enable_errorhandler(); + dc_here('dbal: trying to connect....'); - @include(ENANO_ROOT.'/config.php'); - if(isset($crypto_key)) + + if ( defined('IN_ENANO_INSTALL') ) + { + @include(ENANO_ROOT.'/config.new.php'); + } + else + { + @include(ENANO_ROOT.'/config.php'); + } + + if ( isset($crypto_key) ) unset($crypto_key); // Get this sucker out of memory fast - if(!defined('ENANO_INSTALLED') && !defined('MIDGET_INSTALLED') && !defined('IN_ENANO_INSTALL') ) + + if ( !defined('ENANO_INSTALLED') && !defined('MIDGET_INSTALLED') && !defined('IN_ENANO_INSTALL') ) { dc_here('dbal: oops, looks like Enano isn\'t set up. Constants ENANO_INSTALLED, MIDGET_INSTALLED, and IN_ENANO_INSTALL are all undefined.'); header('Location: install.php'); @@ -136,46 +148,74 @@ $this->_conn = @mysql_connect($dbhost, $dbuser, $dbpasswd); unset($dbuser); unset($dbpasswd); // Security - if(!$this->_conn) { dc_here('dbal: uhoh!
'.mysql_error()); grinding_halt('Enano is having a problem', '

Error: couldn\'t connect to MySQL.
'.mysql_error().'

'); } + + if ( !$this->_conn ) + { + dc_here('dbal: uhoh!
'.mysql_error()); + grinding_halt('Enano is having a problem', '

Error: couldn\'t connect to MySQL.
'.mysql_error().'

'); + } + + // Reset some variables $this->query_backtrace = ''; $this->num_queries = 0; + dc_here('dbal: we\'re in, selecting database...'); $q = $this->sql_query('USE `'.$dbname.'`;'); - if(!$q) $this->_die('The database could not be selected.'); + + if ( !$q ) + $this->_die('The database could not be selected.'); + + // We're in! dc_here('dbal: connected to MySQL'); + $this->disable_errorhandler(); + return true; } - function sql_query($q) { + function sql_query($q) + { $this->enable_errorhandler(); $this->num_queries++; - $this->query_backtrace .= $q."\n"; + $this->query_backtrace .= $q . "\n"; $this->latest_query = $q; dc_here('dbal: making SQL query:
'.$q.''); - if(!$this->_conn) $this->_die('A database connection has not yet been established.'); - if(!$this->check_query($q)) + // First make sure we have a connection + if ( !$this->_conn ) + { + $this->_die('A database connection has not yet been established.'); + } + // Does this query look malicious? + if ( !$this->check_query($q) ) { $this->report_query($q); grinding_halt('SQL Injection attempt', '

Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.

Query was:

'.htmlspecialchars($q).'
'); } + $r = mysql_query($q, $this->_conn); $this->latest_result = $r; $this->disable_errorhandler(); return $r; } - function sql_unbuffered_query($q) { + function sql_unbuffered_query($q) + { $this->enable_errorhandler(); $this->num_queries++; $this->query_backtrace .= '(UNBUFFERED) ' . $q."\n"; $this->latest_query = $q; dc_here('dbal: making SQL query:
'.$q.''); - if(!$this->_conn) $this->_die('A database connection has not yet been established.'); - if(!$this->check_query($q)) + // First make sure we have a connection + if ( !$this->_conn ) + { + $this->_die('A database connection has not yet been established.'); + } + // Does this query look malicious? + if ( !$this->check_query($q) ) { $this->report_query($q); grinding_halt('SQL Injection attempt', '

Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.

Query was:

'.htmlspecialchars($q).'
'); } + $r = mysql_unbuffered_query($q, $this->_conn); $this->latest_result = $r; $this->disable_errorhandler(); diff -r 43add2be1371 -r 58477ab3937f includes/sessions.php --- a/includes/sessions.php Sat Nov 17 22:56:26 2007 -0500 +++ b/includes/sessions.php Sat Nov 17 23:09:12 2007 -0500 @@ -260,7 +260,16 @@ function __construct() { global $db, $session, $paths, $template, $plugins; // Common objects - include(ENANO_ROOT.'/config.php'); + + if ( defined('IN_ENANO_INSTALL') ) + { + @include(ENANO_ROOT.'/config.new.php'); + } + else + { + @include(ENANO_ROOT.'/config.php'); + } + unset($dbhost, $dbname, $dbuser, $dbpasswd); if(isset($crypto_key)) { diff -r 43add2be1371 -r 58477ab3937f install.php --- a/install.php Sat Nov 17 22:56:26 2007 -0500 +++ b/install.php Sat Nov 17 23:09:12 2007 -0500 @@ -1557,7 +1557,6 @@ run_installer_stage('parse', 'Prepare to execute schema file', 'stg_parse_schema', 'Enano encountered an internal error while parsing the SQL file that contains the database structure and initial data. Please contact the Enano team for support.', false); run_installer_stage('sql', 'Execute installer schema', 'stg_install', 'The installation failed because an SQL query wasn\'t quite correct. It is possible that you entered malformed data into a form field, or there may be a bug in Enano with your version of MySQL. Please contact the Enano team for support.', false); run_installer_stage('writeconfig', 'Write configuration files', 'stg_write_config', 'Enano was unable to write the configuration file with your site\'s database credentials. This is almost always because your configuration file does not have the correct permissions. On Windows servers, you may see this message even if the check on the System Requirements page passed. Temporarily running IIS as the Administrator user may help.'); - run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. On some UNIX systems, you need to CHMOD the directory with your Enano files to 777 in order for this stage to succeed.'); // Mainstream installation complete - Enano should be usable now // The stage of starting the API is special because it has to be called out of function context. @@ -1591,6 +1590,10 @@ While under most circumstances you can still finish the installation, you should be aware that some servers cannot properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose to finish the installation, please be aware that you may be unable to log into your site.'); + + // Final step is to rename the config file + run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. Please perform the following rename operations and then finish the installation.'); + close_install_table(); unset($template);