|
1 <?php |
|
2 |
|
3 /* |
|
4 * Nuggie |
|
5 * Version 0.1 |
|
6 * Copyright (C) 2007 Dan Fuhry |
|
7 * |
|
8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 * |
|
11 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 */ |
|
14 |
|
15 function page_Special_NuggieInstall() |
|
16 { |
|
17 global $db, $session, $paths, $template, $plugins; // Common objects |
|
18 |
|
19 if ( getConfig('nuggie_installed') == '1' ) |
|
20 { |
|
21 die_friendly('Nuggie already installed', '<p>Nuggie is already installed - you can\'t reinstall it from here. To upgrade a Nuggie installation, use the upgrade tool.</p>'); |
|
22 } |
|
23 |
|
24 if ( $session->auth_level < USER_LEVEL_ADMIN ) |
|
25 { |
|
26 redirect(makeUrlNS('Special', 'Login/' . $paths->page, 'level=' . USER_LEVEL_ADMIN), 'Login required', 'You need to be an administrator with elevated auth to install Nuggie. You will now be transferred to the login page.'); |
|
27 exit; |
|
28 } |
|
29 |
|
30 $mode = ( $x = $paths->getParam(0) ) ? $x : 'welcome'; |
|
31 switch ( $mode ) |
|
32 { |
|
33 default: |
|
34 die_friendly('Invalid action', '<p>Invalid installer action</p>'); |
|
35 break; |
|
36 case 'welcome': |
|
37 $template->header(); |
|
38 $q = $db->sql_query('SELECT group_id, group_name FROM ' . table_prefix . 'groups ORDER BY group_name ASC;'); |
|
39 if ( !$q ) |
|
40 $db->_die('plugins/nuggie/install.php selecting group information'); |
|
41 $groups = array(); |
|
42 while ( (list($group_id, $group_name) = $db->fetchrow_num()) ) |
|
43 { |
|
44 $groups[$group_id] = $group_name; |
|
45 } |
|
46 ?> |
|
47 <script type="text/javascript"> |
|
48 function nuggie_click(value) |
|
49 { |
|
50 var theform = document.forms['nuggieinstall']; |
|
51 if ( !theform ) |
|
52 return false; |
|
53 switch(value) |
|
54 { |
|
55 case 'everyone': |
|
56 case 'noone': |
|
57 $('nuggieinstall_use_group').object.style.display = 'none'; |
|
58 $('nuggieinstall_create_group').object.style.display = 'none'; |
|
59 break; |
|
60 case 'use_group': |
|
61 $('nuggieinstall_use_group').object.style.display = 'block'; |
|
62 $('nuggieinstall_create_group').object.style.display = 'none'; |
|
63 break; |
|
64 case 'create_group': |
|
65 $('nuggieinstall_use_group').object.style.display = 'none'; |
|
66 $('nuggieinstall_create_group').object.style.display = 'block'; |
|
67 break; |
|
68 } |
|
69 } |
|
70 </script> |
|
71 <?php |
|
72 echo '<form action="' . makeUrlNS('Special', 'NuggieInstall/install_base') . '" method="post" name="nuggieinstall">'; |
|
73 echo '<h3>Welcome to Nuggie - the only blogging engine you\'ll ever need.</h3>'; |
|
74 echo '<p>Before you can start blogging, we\'ll need to perform a couple of short steps to set up Nuggie on your server. Since |
|
75 you\'re running Nuggie on top of Enano, you won\'t need to re-enter database information – we just need to create a |
|
76 few extra tables in your database.</p>'; |
|
77 echo '<p>To get started, who would you like to give posting abilities to?</p>'; |
|
78 echo '<p><label><input onclick="nuggie_click(this.value);" type="radio" name="blog_perms" value="everyone" checked="checked" /> Let everybody with an account create their own blog</label></p>'; |
|
79 echo '<p><label><input onclick="nuggie_click(this.value);" type="radio" name="blog_perms" value="use_group" /> Only people in the following group can have blogs:</label></p>'; |
|
80 echo '<p id="nuggieinstall_use_group" style="display: none; margin-left: 46px;"><select name="use_group_id">'; |
|
81 foreach ( $groups as $group_id => $group_name ) |
|
82 { |
|
83 echo "<option value=\"$group_id\">" . htmlspecialchars($group_name) . "</option>"; |
|
84 } |
|
85 echo '</select></p>'; |
|
86 echo '<p><label><input onclick="nuggie_click(this.value);" type="radio" name="blog_perms" value="create_group" /> Create a new group and only allow people in that group to have a blog:</label></p>'; |
|
87 echo '<p id="nuggieinstall_create_group" style="display: none; margin-left: 46px;">Group name: <input type="text" name="create_group_name" size="30" /><br /> |
|
88 <small>You\'ll be added to this group automatically.</small> |
|
89 </p>'; |
|
90 echo '<p><label><input onclick="nuggie_click(this.value);" type="radio" name="blog_perms" value="noone" /> Don\'t allow anyone to have a blog yet - I\'ll set up permissions myself. <small>(advanced)</small></label></p>'; |
|
91 echo '<p style="text-align: center;"><button><big>Next »</big></button></p>'; |
|
92 echo '</form>'; |
|
93 $template->footer(); |
|
94 break; |
|
95 case 'install_base': |
|
96 if ( !file_exists( ENANO_ROOT . '/plugins/nuggie/schema.sql' ) ) |
|
97 { |
|
98 die_friendly('Can\'t load schema file', '<p>Can\'t find the schema.sql file that should be in /plugins/nuggie. Check your Nuggie setup.</p>'); |
|
99 } |
|
100 $schema = @file_get_contents( ENANO_ROOT . '/plugins/nuggie/schema.sql' ); |
|
101 if ( empty($schema) ) |
|
102 { |
|
103 die_friendly('Can\'t load schema file', '<p>Can\'t read the schema.sql file that should be in /plugins/nuggie. Check your file permissions.</p>'); |
|
104 } |
|
105 |
|
106 if ( !isset($_POST['blog_perms']) ) |
|
107 die('Missing essential form field'); |
|
108 |
|
109 if ( !in_array($_POST['blog_perms'], array('everyone', 'use_group', 'create_group', 'noone')) ) |
|
110 die('You tried to hack the form'); |
|
111 |
|
112 if ( $_POST['blog_perms'] == 'use_group' && strval(intval($_POST['use_group_id'])) !== $_POST['use_group_id'] ) |
|
113 die('You tried to hack the form'); |
|
114 |
|
115 if ( $_POST['blog_perms'] == 'create_group' && !isset($_POST['create_group_name']) ) |
|
116 die('You tried to hack the form'); |
|
117 |
|
118 // |
|
119 // PARSE SCHEMA |
|
120 // |
|
121 |
|
122 // Step 1: remove comments and blank lines |
|
123 $schema = str_replace("\r", '', $schema); |
|
124 $schema = explode("\n", $schema); |
|
125 foreach ( $schema as $i => $_ ) |
|
126 { |
|
127 $line =& $schema[$i]; |
|
128 $line = preg_replace('/--(.*)$/', '', $line); |
|
129 $line = trim($line); |
|
130 if ( empty($line) ) |
|
131 unset($schema[$i]); |
|
132 } |
|
133 $schema = array_values($schema); |
|
134 |
|
135 // Step 2: Split into separate queries |
|
136 |
|
137 $queries = array(''); |
|
138 $query =& $queries[0]; |
|
139 foreach ( $schema as $line ) |
|
140 { |
|
141 if ( preg_match('/;$/', $line) ) |
|
142 { |
|
143 $query .= "\n $line"; |
|
144 $queries[] = ''; |
|
145 unset($query); |
|
146 $query =& $queries[count($queries) - 1]; |
|
147 } |
|
148 else |
|
149 { |
|
150 $query .= "\n $line"; |
|
151 } |
|
152 } |
|
153 unset($query); |
|
154 foreach ( $queries as $i => $query ) |
|
155 { |
|
156 $query = trim($query); |
|
157 if ( empty($query) ) |
|
158 unset($queries[$i]); |
|
159 else |
|
160 $queries[$i] = $query; |
|
161 } |
|
162 $schema = array_values($queries); |
|
163 unset($queries, $query, $i); |
|
164 |
|
165 // Step 3: Assign variables |
|
166 |
|
167 foreach ( $schema as $i => $_ ) |
|
168 { |
|
169 $sql =& $schema[$i]; |
|
170 $sql = str_replace('{{TABLE_PREFIX}}', table_prefix, $sql); |
|
171 unset($sql); |
|
172 } |
|
173 unset($sql); |
|
174 |
|
175 // Step 4: Check queries |
|
176 foreach ( $schema as $sql ) |
|
177 { |
|
178 if ( !$db->check_query($sql) ) |
|
179 { |
|
180 die_friendly('Error during installation', '<p>DBAL rejected query citing syntax errors. This is probably a bug.</p>'); |
|
181 } |
|
182 } |
|
183 |
|
184 // echo '<pre>' . htmlspecialchars(print_r($schema, true)) . '</pre>'; |
|
185 |
|
186 // Step 5: Install |
|
187 foreach ( $schema as $sql ) |
|
188 { |
|
189 if ( !$db->sql_query($sql) ) |
|
190 { |
|
191 $db->_die('Nuggie during mainstream installation'); |
|
192 } |
|
193 } |
|
194 |
|
195 $template->header(true); |
|
196 echo '<h3>Base install complete</h3>'; |
|
197 echo '<p>The base install has completed. Please click Next to continue with the setup of ACL rules.</p>'; |
|
198 echo '<form action="' . makeUrlNS('Special', 'NuggieInstall/install_acl') . '" method="post">'; |
|
199 $group_name = htmlspecialchars($_POST['create_group_name']); |
|
200 $group_name = str_replace('"', '"', $group_name); |
|
201 // This is SAFE! It's verified against a whitelist |
|
202 echo '<input type="hidden" name="blog_perms" value="' . $_POST['blog_perms'] . '" />'; |
|
203 echo "<input type=\"hidden\" name=\"use_group_id\" value=\"{$_POST['use_group_id']}\" />"; |
|
204 echo "<input type=\"hidden\" name=\"create_group_name\" value=\"{$group_name}\" />"; |
|
205 echo '<p style="text-align: center;"><button><big>Next »</big></button></p>'; |
|
206 echo '</form>'; |
|
207 $template->footer(true); |
|
208 |
|
209 break; |
|
210 case 'install_acl': |
|
211 |
|
212 if ( !isset($_POST['blog_perms']) ) |
|
213 die('Missing essential form field'); |
|
214 |
|
215 if ( !in_array($_POST['blog_perms'], array('everyone', 'use_group', 'create_group', 'noone')) ) |
|
216 die('You tried to hack the form'); |
|
217 |
|
218 if ( $_POST['blog_perms'] == 'use_group' && strval(intval($_POST['use_group_id'])) !== $_POST['use_group_id'] ) |
|
219 die('You tried to hack the form'); |
|
220 |
|
221 if ( $_POST['blog_perms'] == 'create_group' && !isset($_POST['create_group_name']) ) |
|
222 die('You tried to hack the form'); |
|
223 |
|
224 switch ( $_POST['blog_perms'] ) |
|
225 { |
|
226 case 'everyone': |
|
227 $q = $db->sql_query('SELECT rules,rule_id FROM ' . table_prefix . 'acl WHERE target_type = ' . ACL_TYPE_GROUP . ' AND target_id = 1 AND page_id IS NULL AND namespace IS NULL;'); |
|
228 if ( !$q ) |
|
229 $db->_die('Nuggie installer selecting existing ACL rules'); |
|
230 if ( $db->numrows() < 1 ) |
|
231 { |
|
232 // The rule doesn't exist, create it |
|
233 $rule = $session->perm_to_string(array( |
|
234 'nuggie_post' => AUTH_ALLOW, |
|
235 'nuggie_edit_own' => AUTH_ALLOW, |
|
236 'nuggie_edit_other' => AUTH_DISALLOW, |
|
237 'nuggie_create_planet' => AUTH_ALLOW, |
|
238 'nuggie_publicize_planet' => AUTH_WIKIMODE, |
|
239 'nuggie_protect_planet' => AUTH_DISALLOW, |
|
240 'nuggie_edit_planet_own' => AUTH_ALLOW, |
|
241 'nuggie_edit_planet_other' => AUTH_DISALLOW, |
|
242 'nuggie_even_when_protected' => AUTH_DISALLOW, |
|
243 'nuggie_see_non_public' => AUTH_DISALLOW |
|
244 )); |
|
245 $q = $db->sql_query('INSERT INTO ' . table_prefix . 'acl(rules, target_type, target_id, page_id, namespace)' . |
|
246 "\n VALUES( '$rule', " . ACL_TYPE_GROUP . ", 1, NULL, NULL );"); |
|
247 if ( !$q ) |
|
248 $db->_die('Nuggie installer setting up permissions'); |
|
249 } |
|
250 else |
|
251 { |
|
252 list($rule, $rule_id) = $db->fetchrow_num(); |
|
253 $rule = $session->string_to_perm($rule); |
|
254 $rule = $session->acl_merge_complete($rule, array( |
|
255 'nuggie_post' => AUTH_ALLOW, |
|
256 'nuggie_edit_own' => AUTH_ALLOW, |
|
257 'nuggie_edit_other' => AUTH_DISALLOW, |
|
258 'nuggie_create_planet' => AUTH_ALLOW, |
|
259 'nuggie_publicize_planet' => AUTH_WIKIMODE, |
|
260 'nuggie_protect_planet' => AUTH_DISALLOW, |
|
261 'nuggie_edit_planet_own' => AUTH_ALLOW, |
|
262 'nuggie_edit_planet_other' => AUTH_DISALLOW, |
|
263 'nuggie_even_when_protected' => AUTH_DISALLOW, |
|
264 'nuggie_see_non_public' => AUTH_DISALLOW |
|
265 )); |
|
266 $rule = $session->perm_to_string($rule); |
|
267 $q = $db->sql_query('UPDATE ' . table_prefix . 'acl' . |
|
268 "\n SET rules='$rule'\n" |
|
269 . " WHERE rule_id = $rule_id;"); |
|
270 if ( !$q ) |
|
271 $db->_die('Nuggie installer setting up permissions'); |
|
272 } |
|
273 break; |
|
274 case "create_group": |
|
275 $group_name = $db->escape($_POST['create_group_name']); |
|
276 |
|
277 $q = $db->sql_query('INSERT INTO ' . table_prefix . "groups ( group_name ) VALUES ( '$group_name' );"); |
|
278 if ( !$q ) |
|
279 $db->_die('Nuggie installer creating group'); |
|
280 |
|
281 $group_id = $db->insert_id(); |
|
282 $q = $db->sql_query('INSERT INTO ' . table_prefix . "group_members( group_id, user_id ) VALUES ( $group_id, {$session->user_id} );"); |
|
283 if ( !$q ) |
|
284 $db->_die('Nuggie installer adding user to new group'); |
|
285 |
|
286 case "use_group": |
|
287 if ( !isset($group_id) ) |
|
288 { |
|
289 $group_id = intval($_POST['use_group_id']); |
|
290 $q = $db->sql_query('SELECT group_name, group_id FROM ' . table_prefix . "groups WHERE group_id = $group_id;"); |
|
291 if ( !$q ) |
|
292 $db->_die('Nuggie installer determining group information'); |
|
293 if ( $db->numrows() < 1 ) |
|
294 die('Hacking attempt'); |
|
295 list($group_name, $group_id) = $db->fetchrow_num(); |
|
296 } |
|
297 |
|
298 $q = $db->sql_query('SELECT rules,rule_id FROM ' . table_prefix . 'acl WHERE target_type = ' . ACL_TYPE_GROUP . " AND target_id = $group_id AND page_id IS NULL AND namespace IS NULL;"); |
|
299 if ( !$q ) |
|
300 $db->_die('Nuggie installer selecting existing ACL rules'); |
|
301 if ( $db->numrows() < 1 ) |
|
302 { |
|
303 // The rule doesn't exist, create it |
|
304 $rule = $session->perm_to_string(array( |
|
305 'nuggie_post' => AUTH_ALLOW, |
|
306 'nuggie_edit_own' => AUTH_ALLOW, |
|
307 'nuggie_edit_other' => AUTH_DISALLOW, |
|
308 'nuggie_create_planet' => AUTH_ALLOW, |
|
309 'nuggie_publicize_planet' => AUTH_WIKIMODE, |
|
310 'nuggie_protect_planet' => AUTH_DISALLOW, |
|
311 'nuggie_edit_planet_own' => AUTH_ALLOW, |
|
312 'nuggie_edit_planet_other' => AUTH_DISALLOW, |
|
313 'nuggie_even_when_protected' => AUTH_DISALLOW, |
|
314 'nuggie_see_non_public' => AUTH_DISALLOW |
|
315 )); |
|
316 $q = $db->sql_query('INSERT INTO ' . table_prefix . 'acl(rules, target_type, target_id, page_id, namespace)' . |
|
317 "\n VALUES( '$rule', " . ACL_TYPE_GROUP . ", $group_id, NULL, NULL );"); |
|
318 if ( !$q ) |
|
319 $db->_die('Nuggie installer setting up permissions'); |
|
320 } |
|
321 else |
|
322 { |
|
323 list($rule, $rule_id) = $db->fetchrow_num(); |
|
324 $rule = $session->string_to_perm($rule); |
|
325 $rule = $session->acl_merge_complete($rule, array( |
|
326 'nuggie_post' => AUTH_ALLOW, |
|
327 'nuggie_edit_own' => AUTH_ALLOW, |
|
328 'nuggie_edit_other' => AUTH_DISALLOW, |
|
329 'nuggie_create_planet' => AUTH_ALLOW, |
|
330 'nuggie_publicize_planet' => AUTH_WIKIMODE, |
|
331 'nuggie_protect_planet' => AUTH_DISALLOW, |
|
332 'nuggie_edit_planet_own' => AUTH_ALLOW, |
|
333 'nuggie_edit_planet_other' => AUTH_DISALLOW, |
|
334 'nuggie_even_when_protected' => AUTH_DISALLOW, |
|
335 'nuggie_see_non_public' => AUTH_DISALLOW |
|
336 )); |
|
337 $rule = $session->perm_to_string($rule); |
|
338 $q = $db->sql_query('UPDATE ' . table_prefix . 'acl' . |
|
339 "\n SET rules='$rule'\n" |
|
340 . " WHERE rule_id = $rule_id;"); |
|
341 if ( !$q ) |
|
342 $db->_die('Nuggie installer setting up permissions'); |
|
343 } |
|
344 |
|
345 break; |
|
346 case "noone": |
|
347 // Don't touch permissions, let the webmaster handle it |
|
348 break; |
|
349 default: |
|
350 die('PHP = douche bag'); |
|
351 break; |
|
352 } |
|
353 |
|
354 // Mark it as installed to prevent installer module from loading |
|
355 setConfig('nuggie_installed', '1'); |
|
356 |
|
357 $template->header(true); |
|
358 echo '<h3>Nuggie has been installed.</h3>'; |
|
359 echo '<p>You\'ve successfully installed Nuggie. Congratulations!</p>'; |
|
360 echo '<form action="' . makeUrlNS('Special', 'Preferences/Blog') . '" method="post">'; |
|
361 echo '<p style="text-align: center;"><big><button>Start blogging »</button></big>'; |
|
362 echo '</form>'; |
|
363 $template->footer(true); |
|
364 |
|
365 break; |
|
366 } |
|
367 } |
|
368 |