205
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
294
+ − 5
* Version 1.0.5 (Ferrishyn)
205
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
* install.php - handles everything related to installation and initial configuration
+ − 8
*
+ − 9
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11
*
+ − 12
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14
*/
+ − 15
+ − 16
@include('config.php');
222
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 17
if( ( defined('ENANO_INSTALLED') || defined('MIDGET_INSTALLED') ) && ((isset($_GET['mode']) && ($_GET['mode']!='finish' && $_GET['mode']!='css') && $_GET['mode']!='showlicense') || !isset($_GET['mode'])))
205
+ − 18
{
+ − 19
$_GET['title'] = 'Enano:Installation_locked';
+ − 20
require('includes/common.php');
+ − 21
die_friendly('Installation locked', '<p>The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.</p><p>If you wish to upgrade an older Enano installation to this version, please use the <a href="upgrade.php">upgrade script</a>.</p>');
+ − 22
exit;
+ − 23
}
+ − 24
269
+ − 25
function microtime_float()
+ − 26
{
+ − 27
list($usec, $sec) = explode(" ", microtime());
+ − 28
return ((float)$usec + (float)$sec);
+ − 29
}
+ − 30
205
+ − 31
define('IN_ENANO_INSTALL', 'true');
+ − 32
294
+ − 33
define('ENANO_VERSION', '1.0.5');
310
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 34
define('ENANO_RELEASE_NAME', 'Ferrishyn');
205
+ − 35
// In beta versions, define ENANO_BETA_VERSION here
+ − 36
+ − 37
if(!defined('scriptPath')) {
+ − 38
$sp = dirname($_SERVER['REQUEST_URI']);
+ − 39
if($sp == '/' || $sp == '\\') $sp = '';
+ − 40
define('scriptPath', $sp);
+ − 41
}
+ − 42
+ − 43
if(!defined('contentPath')) {
+ − 44
$sp = dirname($_SERVER['REQUEST_URI']);
+ − 45
if($sp == '/' || $sp == '\\') $sp = '';
+ − 46
define('contentPath', $sp);
+ − 47
}
+ − 48
global $_starttime, $this_page, $sideinfo;
+ − 49
$_starttime = microtime(true);
+ − 50
261
+ − 51
global $db;
+ − 52
205
+ − 53
// Determine directory (special case for development servers)
+ − 54
if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
+ − 55
{
+ − 56
$filename = str_replace('/repo/', '/', __FILE__);
+ − 57
}
+ − 58
else
+ − 59
{
+ − 60
$filename = __FILE__;
+ − 61
}
+ − 62
+ − 63
define('ENANO_ROOT', dirname($filename));
+ − 64
+ − 65
function is_page($p)
+ − 66
{
+ − 67
return true;
+ − 68
}
+ − 69
+ − 70
require('includes/wikiformat.php');
+ − 71
require('includes/constants.php');
+ − 72
require('includes/rijndael.php');
+ − 73
require('includes/functions.php');
269
+ − 74
require('includes/dbal.php');
205
+ − 75
+ − 76
strip_magic_quotes_gpc();
+ − 77
$neutral_color = 'C';
+ − 78
+ − 79
//
+ − 80
// INSTALLER LIBRARY
+ − 81
//
+ − 82
+ − 83
function run_installer_stage($stage_id, $stage_name, $function, $failure_explanation, $allow_skip = true)
+ − 84
{
+ − 85
static $resumed = false;
+ − 86
static $resume_stack = array();
+ − 87
+ − 88
if ( empty($resume_stack) && isset($_POST['resume_stack']) && preg_match('/[a-z_]+((\|[a-z_]+)+)/', $_POST['resume_stack']) )
+ − 89
{
+ − 90
$resume_stack = explode('|', $_POST['resume_stack']);
+ − 91
}
+ − 92
+ − 93
$already_run = false;
+ − 94
if ( in_array($stage_id, $resume_stack) )
+ − 95
{
+ − 96
$already_run = true;
+ − 97
}
+ − 98
+ − 99
if ( !$resumed )
+ − 100
{
+ − 101
if ( !isset($_GET['stage']) )
+ − 102
$resumed = true;
+ − 103
if ( isset($_GET['stage']) && $_GET['stage'] == $stage_id )
+ − 104
{
+ − 105
$resumed = true;
+ − 106
}
+ − 107
}
+ − 108
if ( !$resumed && $allow_skip )
+ − 109
{
214
+ − 110
echo_stage_success($stage_id, $stage_name);
205
+ − 111
return false;
+ − 112
}
+ − 113
if ( !function_exists($function) )
+ − 114
die('libenanoinstall: CRITICAL: function "' . $function . '" for ' . $stage_id . ' doesn\'t exist');
+ − 115
$result = @call_user_func($function, false, $already_run);
+ − 116
if ( $result )
+ − 117
{
+ − 118
echo_stage_success($stage_id, $stage_name);
+ − 119
$resume_stack[] = $stage_id;
+ − 120
return true;
+ − 121
}
+ − 122
else
+ − 123
{
+ − 124
echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack);
+ − 125
return false;
+ − 126
}
+ − 127
}
+ − 128
+ − 129
function start_install_table()
+ − 130
{
+ − 131
echo '<table border="0" cellspacing="0" cellpadding="0">' . "\n";
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 132
ob_start();
205
+ − 133
}
+ − 134
+ − 135
function close_install_table()
+ − 136
{
+ − 137
echo '</table>' . "\n\n";
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 138
ob_end_flush();
205
+ − 139
}
+ − 140
+ − 141
function echo_stage_success($stage_id, $stage_name)
+ − 142
{
+ − 143
global $neutral_color;
+ − 144
$neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
+ − 145
echo '<tr><td style="width: 500px; background-color: #' . "{$neutral_color}{$neutral_color}FF{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Done" src="images/good.gif" /></td></tr>' . "\n";
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 146
ob_flush();
205
+ − 147
}
+ − 148
+ − 149
function echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack)
+ − 150
{
+ − 151
global $neutral_color;
+ − 152
+ − 153
$neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A';
+ − 154
echo '<tr><td style="width: 500px; background-color: #' . "FF{$neutral_color}{$neutral_color}{$neutral_color}{$neutral_color}" . '; padding: 0 5px;">' . htmlspecialchars($stage_name) . '</td><td style="padding: 0 5px;"><img alt="Failed" src="images/bad.gif" /></td></tr>' . "\n";
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 155
ob_flush();
205
+ − 156
close_install_table();
+ − 157
$post_data = '';
+ − 158
$mysql_error = mysql_error();
+ − 159
foreach ( $_POST as $key => $value )
+ − 160
{
216
+ − 161
// FIXME: These should really also be sanitized for double quotes
205
+ − 162
$value = htmlspecialchars($value);
+ − 163
$key = htmlspecialchars($key);
+ − 164
$post_data .= " <input type=\"hidden\" name=\"$key\" value=\"$value\" />\n";
+ − 165
}
+ − 166
echo '<form action="install.php?mode=install&stage=' . $stage_id . '" method="post">
+ − 167
' . $post_data . '
+ − 168
<input type="hidden" name="resume_stack" value="' . htmlspecialchars(implode('|', $resume_stack)) . '" />
+ − 169
<h3>Enano installation failed.</h3>
+ − 170
<p>' . $failure_explanation . '</p>
+ − 171
' . ( !empty($mysql_error) ? "<p>The error returned from MySQL was: $mysql_error</p>" : '' ) . '
+ − 172
<p>When you have corrected the error, click the button below to attempt to continue the installation.</p>
+ − 173
<p style="text-align: center;"><input type="submit" value="Retry installation" /></p>
+ − 174
</form>';
+ − 175
global $template, $template_bak;
+ − 176
if ( is_object($template_bak) )
+ − 177
$template_bak->footer();
+ − 178
else
+ − 179
$template->footer();
+ − 180
exit;
+ − 181
}
+ − 182
+ − 183
//
+ − 184
// INSTALLER STAGES
+ − 185
//
+ − 186
+ − 187
function stg_mysql_connect($act_get = false)
+ − 188
{
261
+ − 189
global $db;
+ − 190
$db = new mysql();
+ − 191
205
+ − 192
static $conn = false;
+ − 193
if ( $act_get )
+ − 194
return $conn;
+ − 195
207
+ − 196
$db_user =& $_POST['db_user'];
+ − 197
$db_pass =& $_POST['db_pass'];
+ − 198
$db_name =& $_POST['db_name'];
205
+ − 199
207
+ − 200
if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) )
+ − 201
{
+ − 202
$db_name = htmlspecialchars($db_name);
+ − 203
die("<p>SECURITY: malformed database name \"$db_name\"</p>");
+ − 204
}
205
+ − 205
+ − 206
// First, try to connect using the normal credentials
+ − 207
$conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+ − 208
if ( !$conn )
+ − 209
{
+ − 210
// Connection failed. Do we have the root username and password?
+ − 211
if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+ − 212
{
+ − 213
$conn_root = @mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
+ − 214
if ( !$conn_root )
+ − 215
{
+ − 216
// Couldn't connect using either set of credentials. Bail out.
+ − 217
return false;
+ − 218
}
207
+ − 219
unset($db_user, $db_pass);
+ − 220
$db_user = mysql_real_escape_string($_POST['db_user']);
+ − 221
$db_pass = mysql_real_escape_string($_POST['db_pass']);
205
+ − 222
// Create the user account
+ − 223
$q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root);
+ − 224
if ( !$q )
+ − 225
{
+ − 226
return false;
+ − 227
}
+ − 228
// Revoke privileges from test, we don't need them
+ − 229
$q = @mysql_query("REVOKE ALL PRIVILEGES ON test.* FROM '{$db_user}'@'localhost';", $conn_root);
+ − 230
if ( !$q )
+ − 231
{
+ − 232
return false;
+ − 233
}
+ − 234
if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' )
+ − 235
{
+ − 236
// If not connecting to a server running on localhost, allow from any host
+ − 237
// this is safer than trying to detect the hostname of the webserver, but less secure
+ − 238
$q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'%' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root);
+ − 239
if ( !$q )
+ − 240
{
+ − 241
return false;
+ − 242
}
+ − 243
// Revoke privileges from test, we don't need them
+ − 244
$q = @mysql_query("REVOKE ALL PRIVILEGES ON test.* FROM '{$db_user}'@'%';", $conn_root);
+ − 245
if ( !$q )
+ − 246
{
+ − 247
return false;
+ − 248
}
+ − 249
}
207
+ − 250
mysql_close($conn_root);
+ − 251
$conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+ − 252
if ( !$conn )
+ − 253
{
+ − 254
// This should honestly never happen.
+ − 255
return false;
+ − 256
}
205
+ − 257
}
+ − 258
}
207
+ − 259
$q = @mysql_query("USE `$db_name`;", $conn);
205
+ − 260
if ( !$q )
+ − 261
{
+ − 262
// access denied to the database; try the whole root schenanegan again
+ − 263
if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+ − 264
{
+ − 265
$conn_root = @mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']);
+ − 266
if ( !$conn_root )
+ − 267
{
+ − 268
// Couldn't connect as root; bail out
+ − 269
return false;
+ − 270
}
+ − 271
// create the database, if it doesn't exist
207
+ − 272
$q = @mysql_query("CREATE DATABASE IF NOT EXISTS `$db_name`;", $conn_root);
205
+ − 273
if ( !$q )
+ − 274
{
+ − 275
// this really should never fail, so don't give any tolerance to it
+ − 276
return false;
+ − 277
}
207
+ − 278
unset($db_user, $db_pass);
+ − 279
$db_user = mysql_real_escape_string($_POST['db_user']);
+ − 280
$db_pass = mysql_real_escape_string($_POST['db_pass']);
205
+ − 281
// we're in with root rights; grant access to the database
207
+ − 282
$q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'localhost';", $conn_root);
205
+ − 283
if ( !$q )
+ − 284
{
+ − 285
return false;
+ − 286
}
+ − 287
if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' )
+ − 288
{
207
+ − 289
$q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'%';", $conn_root);
205
+ − 290
if ( !$q )
+ − 291
{
+ − 292
return false;
+ − 293
}
+ − 294
}
207
+ − 295
mysql_close($conn_root);
+ − 296
// grant tables have hopefully been flushed, kill and reconnect our regular user connection
+ − 297
mysql_close($conn);
+ − 298
$conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']);
+ − 299
if ( !$conn )
+ − 300
{
+ − 301
return false;
+ − 302
}
205
+ − 303
}
+ − 304
else
+ − 305
{
+ − 306
return false;
+ − 307
}
+ − 308
// try again
207
+ − 309
$q = @mysql_query("USE `$db_name`;", $conn);
205
+ − 310
if ( !$q )
+ − 311
{
+ − 312
// really failed this time; bail out
+ − 313
return false;
+ − 314
}
+ − 315
}
261
+ − 316
// initialize DBAL
+ − 317
$db->connect(true, $_POST['db_host'], $db_user, $db_pass, $db_name);
+ − 318
// connected and database exists
+ − 319
return true;
+ − 320
}
+ − 321
+ − 322
function stg_pgsql_connect($act_get = false)
+ − 323
{
+ − 324
global $db;
+ − 325
$db = new postgresql();
+ − 326
+ − 327
static $conn = false;
+ − 328
if ( $act_get )
+ − 329
return $conn;
+ − 330
+ − 331
$db_user =& $_POST['db_user'];
+ − 332
$db_pass =& $_POST['db_pass'];
+ − 333
$db_name =& $_POST['db_name'];
+ − 334
+ − 335
if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) )
+ − 336
{
+ − 337
$db_name = htmlspecialchars($db_name);
+ − 338
die("<p>SECURITY: malformed database name \"$db_name\"</p>");
+ − 339
}
+ − 340
+ − 341
// First, try to connect using the normal credentials
+ − 342
$conn = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_user']} password={$_POST['db_pass']}");
+ − 343
if ( !$conn )
+ − 344
{
+ − 345
// Connection failed. Do we have the root username and password?
+ − 346
if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+ − 347
{
+ − 348
$conn_root = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_root_user']} password={$_POST['db_root_pass']}");
+ − 349
if ( !$conn_root )
+ − 350
{
+ − 351
// Couldn't connect using either set of credentials. Bail out.
+ − 352
return false;
+ − 353
}
+ − 354
unset($db_user, $db_pass);
+ − 355
$db_user = pg_escape_string($_POST['db_user']);
+ − 356
$db_pass = pg_escape_string($_POST['db_pass']);
+ − 357
// Create the user account
+ − 358
$q = @pg_query("CREATE ROLE '$db_user' WITH NOSUPERUSER UNENCRYPTED PASSWORD '$db_pass';", $conn_root);
+ − 359
if ( !$q )
+ − 360
{
+ − 361
return false;
+ − 362
}
+ − 363
pg_close($conn_root);
+ − 364
$conn = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_user']} password={$_POST['db_pass']}");
+ − 365
if ( !$conn )
+ − 366
{
+ − 367
// This should honestly never happen.
+ − 368
return false;
+ − 369
}
+ − 370
}
+ − 371
}
+ − 372
if ( !$q )
+ − 373
{
+ − 374
// access denied to the database; try the whole root schenanegan again
+ − 375
if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) )
+ − 376
{
+ − 377
$conn_root = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_root_user']} password={$_POST['db_root_pass']}");
+ − 378
if ( !$conn_root )
+ − 379
{
+ − 380
// Couldn't connect as root; bail out
+ − 381
return false;
+ − 382
}
+ − 383
unset($db_user, $db_pass);
+ − 384
$db_user = pg_escape_string($_POST['db_user']);
+ − 385
$db_pass = pg_escape_string($_POST['db_pass']);
+ − 386
// create the database, if it doesn't exist
+ − 387
$q = @mysql_query("CREATE DATABASE $db_name WITH OWNER $db_user;", $conn_root);
+ − 388
if ( !$q )
+ − 389
{
+ − 390
// this really should never fail, so don't give any tolerance to it
+ − 391
return false;
+ − 392
}
+ − 393
// Setting the owner to $db_user should grant all the rights we need
+ − 394
pg_close($conn_root);
+ − 395
// grant tables have hopefully been flushed, kill and reconnect our regular user connection
+ − 396
pg_close($conn);
+ − 397
$conn = @pg_connect("host={$_POST['db_host']} port=5432 user={$_POST['db_user']} password={$_POST['db_pass']}");
+ − 398
if ( !$conn )
+ − 399
{
+ − 400
return false;
+ − 401
}
+ − 402
}
+ − 403
else
+ − 404
{
+ − 405
return false;
+ − 406
}
+ − 407
// try again
+ − 408
$q = @mysql_query("USE `$db_name`;", $conn);
+ − 409
if ( !$q )
+ − 410
{
+ − 411
// really failed this time; bail out
+ − 412
return false;
+ − 413
}
+ − 414
}
+ − 415
// initialize DBAL
+ − 416
$db->connect(true, $_POST['db_host'], $db_user, $db_pass, $db_name);
205
+ − 417
// connected and database exists
+ − 418
return true;
+ − 419
}
+ − 420
+ − 421
function stg_drop_tables()
+ − 422
{
261
+ − 423
global $db;
205
+ − 424
// Our list of tables included in Enano
218
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 425
$tables = Array( 'categories', 'comments', 'config', 'logs', 'page_text', 'session_keys', 'pages', 'users', 'users_extra', 'themes', 'buddies', 'banlist', 'files', 'privmsgs', 'sidebar', 'hits', 'search_index', 'groups', 'group_members', 'acl', 'tags', 'page_groups', 'page_group_members' );
205
+ − 426
+ − 427
// Drop each table individually; if it fails, it probably means we're trying to drop a
+ − 428
// table that didn't exist in the Enano version we're deleting the database for.
+ − 429
foreach ( $tables as $table )
+ − 430
{
+ − 431
// Remember that table_prefix is sanitized.
+ − 432
$table = "{$_POST['table_prefix']}$table";
261
+ − 433
$db->sql_query("DROP TABLE $table;", $conn);
205
+ − 434
}
+ − 435
return true;
+ − 436
}
+ − 437
+ − 438
function stg_decrypt_admin_pass($act_get = false)
+ − 439
{
+ − 440
static $decrypted_pass = false;
+ − 441
if ( $act_get )
+ − 442
return $decrypted_pass;
+ − 443
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 444
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
205
+ − 445
+ − 446
if ( !empty($_POST['crypt_data']) )
+ − 447
{
+ − 448
require('config.new.php');
+ − 449
if ( !isset($cryptkey) )
+ − 450
{
+ − 451
return false;
+ − 452
}
+ − 453
define('_INSTRESUME_AES_KEYBACKUP', $key);
+ − 454
$key = hexdecode($cryptkey);
+ − 455
+ − 456
$decrypted_pass = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
+ − 457
+ − 458
}
+ − 459
else
+ − 460
{
+ − 461
$decrypted_pass = $_POST['admin_pass'];
+ − 462
}
+ − 463
if ( empty($decrypted_pass) )
+ − 464
return false;
+ − 465
return true;
+ − 466
}
+ − 467
+ − 468
function stg_generate_aes_key($act_get = false)
+ − 469
{
+ − 470
static $key = false;
+ − 471
if ( $act_get )
+ − 472
return $key;
+ − 473
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 474
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
205
+ − 475
$key = $aes->gen_readymade_key();
+ − 476
return true;
+ − 477
}
+ − 478
+ − 479
function stg_parse_schema($act_get = false)
+ − 480
{
+ − 481
static $schema;
+ − 482
if ( $act_get )
+ − 483
return $schema;
+ − 484
261
+ − 485
global $db;
+ − 486
205
+ − 487
$admin_pass = stg_decrypt_admin_pass(true);
+ − 488
$key = stg_generate_aes_key(true);
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 489
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
205
+ − 490
$key = $aes->hextostring($key);
+ − 491
$admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
+ − 492
+ − 493
$cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
+ − 494
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 495
$admin_user = $_POST['admin_user'];
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 496
$admin_user = str_replace('_', ' ', $admin_user);
261
+ − 497
$admin_user = $db->escape($admin_user);
+ − 498
272
27f5ac58992c
Removed all PostgreSQL support from the installer as per http://enanocms.org/News:1200114064; installer support for Postgres is available in the 1.1 branch now
Dan
diff
changeset
+ − 499
$schema = file_get_contents('schema.sql');
306
7a7173c0f62f
Fixed SQL parse errors caused by conversion to \r\n by some FTP/zip clients (hackish workaround that isn't Enano's fault)
Dan
diff
changeset
+ − 500
// convert \r\n in the schema to \n, in case some FTP client or zip utility ran unix2dos for us
7a7173c0f62f
Fixed SQL parse errors caused by conversion to \r\n by some FTP/zip clients (hackish workaround that isn't Enano's fault)
Dan
diff
changeset
+ − 501
// thanks to InvisGhost for reporting this error
7a7173c0f62f
Fixed SQL parse errors caused by conversion to \r\n by some FTP/zip clients (hackish workaround that isn't Enano's fault)
Dan
diff
changeset
+ − 502
$schema = str_replace("\r\n", "\n", $schema);
7a7173c0f62f
Fixed SQL parse errors caused by conversion to \r\n by some FTP/zip clients (hackish workaround that isn't Enano's fault)
Dan
diff
changeset
+ − 503
261
+ − 504
$schema = str_replace('{{SITE_NAME}}', $db->escape($_POST['sitename'] ), $schema);
+ − 505
$schema = str_replace('{{SITE_DESC}}', $db->escape($_POST['sitedesc'] ), $schema);
+ − 506
$schema = str_replace('{{COPYRIGHT}}', $db->escape($_POST['copyright'] ), $schema);
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 507
$schema = str_replace('{{ADMIN_USER}}', $admin_user , $schema);
261
+ − 508
$schema = str_replace('{{ADMIN_PASS}}', $db->escape($admin_pass ), $schema);
+ − 509
$schema = str_replace('{{ADMIN_EMAIL}}', $db->escape($_POST['admin_email']), $schema);
+ − 510
$schema = str_replace('{{ENABLE_CACHE}}', $db->escape($cacheonoff ), $schema);
205
+ − 511
$schema = str_replace('{{REAL_NAME}}', '', $schema);
+ − 512
$schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema);
+ − 513
$schema = str_replace('{{VERSION}}', ENANO_VERSION, $schema);
+ − 514
$schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'], $schema);
+ − 515
// Not anymore!! :-D
+ − 516
// $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION, $schema);
+ − 517
+ − 518
if(isset($_POST['wiki_mode']))
+ − 519
{
+ − 520
$schema = str_replace('{{WIKI_MODE}}', '1', $schema);
+ − 521
}
+ − 522
else
+ − 523
{
+ − 524
$schema = str_replace('{{WIKI_MODE}}', '0', $schema);
+ − 525
}
+ − 526
+ − 527
// Build an array of queries
+ − 528
$schema = explode("\n", $schema);
+ − 529
+ − 530
foreach ( $schema as $i => $sql )
+ − 531
{
+ − 532
$query =& $schema[$i];
+ − 533
$t = trim($query);
+ − 534
if ( empty($t) || preg_match('/^(\#|--)/i', $t) )
+ − 535
{
+ − 536
unset($schema[$i]);
+ − 537
unset($query);
+ − 538
}
+ − 539
}
+ − 540
+ − 541
$schema = array_values($schema);
+ − 542
$schema = implode("\n", $schema);
+ − 543
$schema = explode(";\n", $schema);
+ − 544
+ − 545
foreach ( $schema as $i => $sql )
+ − 546
{
+ − 547
$query =& $schema[$i];
+ − 548
if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' )
+ − 549
{
+ − 550
$query .= ';';
+ − 551
}
+ − 552
}
+ − 553
+ − 554
return true;
+ − 555
}
+ − 556
+ − 557
function stg_install($_unused, $already_run)
+ − 558
{
+ − 559
// This one's pretty easy.
+ − 560
$conn = stg_mysql_connect(true);
+ − 561
if ( !is_resource($conn) )
+ − 562
return false;
+ − 563
$schema = stg_parse_schema(true);
+ − 564
if ( !is_array($schema) )
+ − 565
return false;
+ − 566
+ − 567
// If we're resuming installation, the encryption key was regenerated.
+ − 568
// This means we'll have to update the encrypted password in the database.
+ − 569
if ( $already_run )
+ − 570
{
+ − 571
$admin_pass = stg_decrypt_admin_pass(true);
+ − 572
$key = stg_generate_aes_key(true);
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 573
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
205
+ − 574
$key = $aes->hextostring($key);
+ − 575
$admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX);
+ − 576
$admin_user = mysql_real_escape_string($_POST['admin_user']);
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 577
$admin_user = str_replace('_', ' ', $admin_user);
205
+ − 578
+ − 579
$q = @mysql_query("UPDATE {$_POST['table_prefix']}users SET password='$admin_pass' WHERE username='$admin_user';");
+ − 580
if ( !$q )
+ − 581
{
+ − 582
echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
+ − 583
return false;
+ − 584
}
+ − 585
+ − 586
return true;
+ − 587
}
+ − 588
+ − 589
// OK, do the loop, baby!!!
+ − 590
foreach($schema as $q)
+ − 591
{
+ − 592
$r = mysql_query($q, $conn);
+ − 593
if ( !$r )
+ − 594
{
+ − 595
echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
+ − 596
return false;
+ − 597
}
+ − 598
}
+ − 599
+ − 600
return true;
+ − 601
}
+ − 602
+ − 603
function stg_write_config()
+ − 604
{
+ − 605
$privkey = stg_generate_aes_key(true);
+ − 606
+ − 607
switch($_POST['urlscheme'])
+ − 608
{
+ − 609
case "ugly":
+ − 610
default:
+ − 611
$cp = scriptPath.'/index.php?title=';
+ − 612
break;
+ − 613
case "short":
+ − 614
$cp = scriptPath.'/index.php/';
+ − 615
break;
+ − 616
case "tiny":
+ − 617
$cp = scriptPath.'/';
+ − 618
break;
+ − 619
}
+ − 620
+ − 621
if ( $_POST['urlscheme'] == 'tiny' )
+ − 622
{
+ − 623
$contents = '# Begin Enano rules
+ − 624
RewriteEngine on
+ − 625
RewriteCond %{REQUEST_FILENAME} !-d
+ − 626
RewriteCond %{REQUEST_FILENAME} !-f
+ − 627
RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA]
+ − 628
RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L]
+ − 629
# End Enano rules
+ − 630
';
+ − 631
if ( file_exists('./.htaccess') )
+ − 632
$ht = fopen(ENANO_ROOT.'/.htaccess', 'a+');
+ − 633
else
+ − 634
$ht = fopen(ENANO_ROOT.'/.htaccess.new', 'w');
+ − 635
if ( !$ht )
+ − 636
return false;
+ − 637
fwrite($ht, $contents);
+ − 638
fclose($ht);
+ − 639
}
+ − 640
+ − 641
$config_file = '<?php
+ − 642
/* Enano auto-generated configuration file - editing not recommended! */
+ − 643
$dbhost = \''.addslashes($_POST['db_host']).'\';
+ − 644
$dbname = \''.addslashes($_POST['db_name']).'\';
+ − 645
$dbuser = \''.addslashes($_POST['db_user']).'\';
+ − 646
$dbpasswd = \''.addslashes($_POST['db_pass']).'\';
+ − 647
if ( !defined(\'ENANO_CONSTANTS\') )
+ − 648
{
+ − 649
define(\'ENANO_CONSTANTS\', \'\');
+ − 650
define(\'table_prefix\', \''.addslashes($_POST['table_prefix']).'\');
+ − 651
define(\'scriptPath\', \''.scriptPath.'\');
+ − 652
define(\'contentPath\', \''.$cp.'\');
+ − 653
define(\'ENANO_INSTALLED\', \'true\');
+ − 654
}
+ − 655
$crypto_key = \''.$privkey.'\';
+ − 656
?>';
+ − 657
+ − 658
$cf_handle = fopen(ENANO_ROOT.'/config.new.php', 'w');
+ − 659
if ( !$cf_handle )
+ − 660
return false;
+ − 661
fwrite($cf_handle, $config_file);
+ − 662
+ − 663
fclose($cf_handle);
+ − 664
+ − 665
return true;
+ − 666
}
+ − 667
+ − 668
function _stg_rename_config_revert()
+ − 669
{
+ − 670
if ( file_exists('./config.php') )
+ − 671
{
+ − 672
@rename('./config.php', './config.new.php');
+ − 673
}
+ − 674
+ − 675
$handle = @fopen('./config.php.new', 'w');
+ − 676
if ( !$handle )
+ − 677
return false;
+ − 678
$contents = '<?php $cryptkey = \'' . _INSTRESUME_AES_KEYBACKUP . '\'; ?>';
+ − 679
fwrite($handle, $contents);
+ − 680
fclose($handle);
+ − 681
return true;
+ − 682
}
+ − 683
218
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 684
function stg_build_index()
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 685
{
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 686
global $db, $session, $paths, $template, $plugins; // Common objects;
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 687
if ( $paths->rebuild_search_index() )
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 688
return true;
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 689
return false;
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 690
}
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 691
205
+ − 692
function stg_rename_config()
+ − 693
{
+ − 694
if ( !@rename('./config.new.php', './config.php') )
+ − 695
{
+ − 696
echo '<p>Can\'t rename config.php</p>';
+ − 697
_stg_rename_config_revert();
+ − 698
return false;
+ − 699
}
+ − 700
+ − 701
if ( $_POST['urlscheme'] == 'tiny' && !file_exists('./.htaccess') )
+ − 702
{
+ − 703
if ( !@rename('./.htaccess.new', './.htaccess') )
+ − 704
{
+ − 705
echo '<p>Can\'t rename .htaccess</p>';
+ − 706
_stg_rename_config_revert();
+ − 707
return false;
+ − 708
}
+ − 709
}
+ − 710
return true;
+ − 711
}
+ − 712
+ − 713
function stg_start_api_success()
+ − 714
{
+ − 715
return true;
+ − 716
}
+ − 717
+ − 718
function stg_start_api_failure()
+ − 719
{
+ − 720
return false;
+ − 721
}
+ − 722
+ − 723
function stg_init_logs()
+ − 724
{
+ − 725
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 726
+ − 727
$q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');');
+ − 728
if ( !$q )
+ − 729
{
+ − 730
echo '<p><tt>MySQL return: ' . mysql_error() . '</tt></p>';
+ − 731
return false;
+ − 732
}
+ − 733
+ − 734
if ( !$session->get_permissions('clear_logs') )
+ − 735
{
+ − 736
echo '<p><tt>$session: denied clear_logs</tt></p>';
+ − 737
return false;
+ − 738
}
+ − 739
+ − 740
PageUtils::flushlogs('Main_Page', 'Article');
+ − 741
+ − 742
return true;
+ − 743
}
+ − 744
+ − 745
//die('Key size: ' . AES_BITS . '<br />Block size: ' . AES_BLOCKSIZE);
+ − 746
+ − 747
if(!function_exists('wikiFormat'))
+ − 748
{
+ − 749
function wikiFormat($message, $filter_links = true)
+ − 750
{
+ − 751
$wiki = & Text_Wiki::singleton('Mediawiki');
+ − 752
$wiki->setRenderConf('Xhtml', 'code', 'css_filename', 'codefilename');
+ − 753
$wiki->setRenderConf('Xhtml', 'wikilink', 'view_url', contentPath);
+ − 754
$result = $wiki->transform($message, 'Xhtml');
+ − 755
+ − 756
// HTML fixes
+ − 757
$result = preg_replace('#<tr>([\s]*?)<\/tr>#is', '', $result);
+ − 758
$result = preg_replace('#<p>([\s]*?)<\/p>#is', '', $result);
+ − 759
$result = preg_replace('#<br />([\s]*?)<table#is', '<table', $result);
+ − 760
+ − 761
return $result;
+ − 762
}
+ − 763
}
+ − 764
+ − 765
global $failed, $warned;
+ − 766
+ − 767
$failed = false;
+ − 768
$warned = false;
+ − 769
+ − 770
function not($var)
+ − 771
{
+ − 772
if($var)
+ − 773
{
+ − 774
return false;
+ − 775
}
+ − 776
else
+ − 777
{
+ − 778
return true;
+ − 779
}
+ − 780
}
+ − 781
+ − 782
function run_test($code, $desc, $extended_desc, $warn = false)
+ − 783
{
+ − 784
global $failed, $warned;
+ − 785
static $cv = true;
+ − 786
$cv = not($cv);
+ − 787
$val = eval($code);
+ − 788
if($val)
+ − 789
{
+ − 790
if($cv) $color='CCFFCC'; else $color='AAFFAA';
261
+ − 791
echo "<tr><td style='background-color: #$color; width: 500px; padding: 5px;'>$desc</td><td style='padding-left: 10px;'><img alt='Test passed' src='images/good.gif' /></td></tr>";
205
+ − 792
} elseif(!$val && $warn) {
+ − 793
if($cv) $color='FFFFCC'; else $color='FFFFAA';
261
+ − 794
echo "<tr><td style='background-color: #$color; width: 500px; padding: 5px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test passed with warning' src='images/unknown.gif' /></td></tr>";
205
+ − 795
$warned = true;
+ − 796
} else {
+ − 797
if($cv) $color='FFCCCC'; else $color='FFAAAA';
261
+ − 798
echo "<tr><td style='background-color: #$color; width: 500px; padding: 5px;'>$desc<br /><b>$extended_desc</b></td><td style='padding-left: 10px;'><img alt='Test failed' src='images/bad.gif' /></td></tr>";
205
+ − 799
$failed = true;
+ − 800
}
+ − 801
}
+ − 802
function is_apache() { $r = strstr($_SERVER['SERVER_SOFTWARE'], 'Apache') ? true : false; return $r; }
+ − 803
222
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 804
function show_license($fb = false)
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 805
{
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 806
?>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 807
<div style="height: 500px; clip: rect(0px,auto,500px,auto); overflow: auto; padding: 10px; border: 1px dashed #456798; margin: 1em;">
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 808
<h2>GNU General Public License</h2>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 809
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 810
<h3>Declaration of license usage</h3>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 811
<p>Enano is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.</p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 812
<p>This program is distributed in the hope that it will be useful, but <u>without any warranty</u>; without even the implied warranty of <u>merchantability</u> or <u>fitness for a particular purpose</u>. See the GNU General Public License (below) for more details.</p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 813
<p><b>By clicking the button below or otherwise continuing the installation, you indicate your acceptance of this license agreement.</b></p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 814
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 815
<h3>Human-readable version</h3>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 816
<p>Enano is distributed under certain licensing terms that we believe make it of the greatest possible use to the public. The license we distribute it under, the GNU General Public License, provides certain terms and conditions that, rather than limit your use of Enano, allow you to get the most out of it. If you would like to read the full text, it can be found below. Here is a human-readable version that we think is a little easier to understand.</p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 817
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 818
<ul>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 819
<li>You may to run Enano for any purpose.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 820
<li>You may study how Enano works and adapt it to your needs.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 821
<li>You may redistribute copies so you can help your neighbor.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 822
<li>You may improve Enano and release your improvements to the public, so that the whole community benefits.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 823
</ul>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 824
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 825
<p>You may exercise the freedoms specified here provided that you comply with the express conditions of this license. The principal conditions are:</p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 826
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 827
<ul>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 828
<li>You must conspicuously and appropriately publish on each copy distributed an appropriate copyright notice and disclaimer of warranty and keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of Enano a copy of the GNU General Public License along with Enano. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 829
<li>If you modify your copy or copies of Enano or any portion of it, or develop a program based upon it, you may distribute the resulting work provided you do so under the GNU General Public License. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 830
<li>If you copy or distribute Enano, you must accompany it with the complete corresponding machine-readable source code or with a written offer, valid for at least three years, to furnish the complete corresponding machine-readable source code.</li>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 831
</ul>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 832
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 833
<p><b>Disclaimer</b>: The above text is not a license. It is simply a handy reference for understanding the Legal Code (the full license) – it is a human-readable expression of some of its key terms. Think of it as the user-friendly interface to the Legal Code beneath. The above text itself has no legal value, and its contents do not appear in the actual license.<br /><span style="color: #CCC">Text copied from the <a href="http://creativecommons.org/licenses/GPL/2.0/">Creative Commons GPL Deed page</a></span></p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 834
<?php
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 835
if ( defined('ENANO_BETA_VERSION') )
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 836
{
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 837
?>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 838
<h3>Notice for prerelease versions</h3>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 839
<p>This version of Enano is designed only for testing and evaluation purposes. <b>It is not yet completely stable, and should not be used on production websites.</b> As with any Enano version, Dan Fuhry and the Enano team cannot be responsible for any damage, physical or otherwise, to any property as a result of the use of Enano. While security is a number one priority, sometimes things slip through.</p>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 840
<?php
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 841
}
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 842
?>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 843
<h3>Lawyer-readable version</h3>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 844
<?php echo wikiFormat(file_get_contents(ENANO_ROOT . '/GPL')); ?>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 845
<?php
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 846
global $template;
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 847
if ( $fb )
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 848
{
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 849
echo '<p style="text-align: center;">Because I could never find the Create a Page button in PHP-Nuke.</p>';
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 850
echo '<p>' . str_replace('http://enanocms.org/', 'http://www.2robots.com/2003/10/15/web-portals-suck/', $template->fading_button) . '</p>';
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 851
echo '<p style="text-align: center;">It\'s not a portal, my friends.</p>';
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 852
}
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 853
?>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 854
</div>
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 855
<?php
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 856
}
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 857
205
+ − 858
require_once('includes/template.php');
+ − 859
+ − 860
if(!isset($_GET['mode'])) $_GET['mode'] = 'welcome';
+ − 861
switch($_GET['mode'])
+ − 862
{
+ − 863
case 'mysql_test':
+ − 864
error_reporting(0);
+ − 865
$dbhost = rawurldecode($_POST['host']);
+ − 866
$dbname = rawurldecode($_POST['name']);
+ − 867
$dbuser = rawurldecode($_POST['user']);
+ − 868
$dbpass = rawurldecode($_POST['pass']);
+ − 869
$dbrootuser = rawurldecode($_POST['root_user']);
+ − 870
$dbrootpass = rawurldecode($_POST['root_pass']);
+ − 871
if($dbrootuser != '')
+ − 872
{
+ − 873
$conn = mysql_connect($dbhost, $dbrootuser, $dbrootpass);
+ − 874
if(!$conn)
+ − 875
{
+ − 876
$e = mysql_error();
+ − 877
if(strstr($e, "Lost connection"))
+ − 878
die('host'.$e);
+ − 879
else
+ − 880
die('root'.$e);
+ − 881
}
+ − 882
$rsp = 'good';
206
+ − 883
$q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
205
+ − 884
if(!$q)
+ − 885
{
+ − 886
$e = mysql_error();
+ − 887
if(strstr($e, 'Unknown database'))
+ − 888
{
+ − 889
$rsp .= '_creating_db';
+ − 890
}
+ − 891
}
+ − 892
mysql_close($conn);
+ − 893
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
+ − 894
if(!$conn)
+ − 895
{
+ − 896
$e = mysql_error();
+ − 897
if(strstr($e, "Lost connection"))
+ − 898
die('host'.$e);
+ − 899
else
+ − 900
$rsp .= '_creating_user';
+ − 901
}
+ − 902
mysql_close($conn);
+ − 903
die($rsp);
+ − 904
}
+ − 905
else
+ − 906
{
+ − 907
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
+ − 908
if(!$conn)
+ − 909
{
+ − 910
$e = mysql_error();
+ − 911
if(strstr($e, "Lost connection"))
+ − 912
die('host'.$e);
+ − 913
else
+ − 914
die('auth'.$e);
+ − 915
}
206
+ − 916
$q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
205
+ − 917
if(!$q)
+ − 918
{
+ − 919
$e = mysql_error();
+ − 920
if(strstr($e, 'Unknown database'))
+ − 921
{
+ − 922
die('name'.$e);
+ − 923
}
+ − 924
else
+ − 925
{
+ − 926
die('perm'.$e);
+ − 927
}
+ − 928
}
+ − 929
}
+ − 930
$v = mysql_get_server_info();
+ − 931
if(version_compare($v, '4.1.17', '<')) die('vers'.$v);
+ − 932
mysql_close($conn);
+ − 933
die('good');
+ − 934
break;
261
+ − 935
case 'pgsql_test':
+ − 936
error_reporting(0);
+ − 937
$dbhost = rawurldecode($_POST['host']);
+ − 938
$dbname = rawurldecode($_POST['name']);
+ − 939
$dbuser = rawurldecode($_POST['user']);
+ − 940
$dbpass = rawurldecode($_POST['pass']);
+ − 941
$dbrootuser = rawurldecode($_POST['root_user']);
+ − 942
$dbrootpass = rawurldecode($_POST['root_pass']);
+ − 943
if($dbrootuser != '')
+ − 944
{
+ − 945
$conn = @pg_connect("host=$dbhost port=5432 user=$dbuser password=$dbpass dbname=$dbname");
+ − 946
if(!$conn)
+ − 947
{
+ − 948
$e = pg_last_error();
+ − 949
if(strstr($e, "Lost connection"))
+ − 950
die('host'.$e);
+ − 951
else
+ − 952
die('root'.$e);
+ − 953
}
+ − 954
$rsp = 'good';
+ − 955
$q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
+ − 956
if(!$q)
+ − 957
{
+ − 958
$e = mysql_error();
+ − 959
if(strstr($e, 'Unknown database'))
+ − 960
{
+ − 961
$rsp .= '_creating_db';
+ − 962
}
+ − 963
}
+ − 964
mysql_close($conn);
+ − 965
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
+ − 966
if(!$conn)
+ − 967
{
+ − 968
$e = mysql_error();
+ − 969
if(strstr($e, "Lost connection"))
+ − 970
die('host'.$e);
+ − 971
else
+ − 972
$rsp .= '_creating_user';
+ − 973
}
+ − 974
mysql_close($conn);
+ − 975
die($rsp);
+ − 976
}
+ − 977
else
+ − 978
{
+ − 979
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
+ − 980
if(!$conn)
+ − 981
{
+ − 982
$e = mysql_error();
+ − 983
if(strstr($e, "Lost connection"))
+ − 984
die('host'.$e);
+ − 985
else
+ − 986
die('auth'.$e);
+ − 987
}
+ − 988
$q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn);
+ − 989
if(!$q)
+ − 990
{
+ − 991
$e = mysql_error();
+ − 992
if(strstr($e, 'Unknown database'))
+ − 993
{
+ − 994
die('name'.$e);
+ − 995
}
+ − 996
else
+ − 997
{
+ − 998
die('perm'.$e);
+ − 999
}
+ − 1000
}
+ − 1001
}
+ − 1002
$v = mysql_get_server_info();
+ − 1003
if(version_compare($v, '4.1.17', '<')) die('vers'.$v);
+ − 1004
mysql_close($conn);
+ − 1005
die('good');
+ − 1006
break;
205
+ − 1007
case 'pophelp':
+ − 1008
$topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid';
+ − 1009
switch($topic)
+ − 1010
{
+ − 1011
case 'admin_embed_php':
+ − 1012
$title = 'Allow administrators to embed PHP';
+ − 1013
$content = '<p>This option allows you to control whether anything between the standard <?php and ?> tags will be treated as
+ − 1014
PHP code by Enano. If this option is enabled, and members of the Administrators group use these tags, Enano will
+ − 1015
execute that code when the page is loaded. There are obvious potential security implications here, which should
+ − 1016
be carefully considered before enabling this option.</p>
+ − 1017
<p>If you are the only administrator of this site, or if you have a high level of trust for those will be administering
+ − 1018
the site with you, you should enable this to allow extreme customization of pages.</p>
+ − 1019
<p>Leave this option off if you are at all concerned about security – if your account is compromised and PHP embedding
+ − 1020
is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to
+ − 1021
embed Javascript and arbitrary HTML and CSS.</p>
+ − 1022
<p>If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time
+ − 1023
using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection. <!-- , or by
+ − 1024
using the "embedded PHP kill switch" in the administration panel. --></p>';
+ − 1025
break;
243
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1026
case 'url_schemes':
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1027
$title = 'URL schemes';
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1028
$content = '<p>The URL scheme allows you to decide how the URLs to your Enano pages will look.</p>
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1029
<p>The first option (Standard URLs) works on any web server. You should select it if your server doesn\'t run Apache, or
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1030
if you are at all unsure of your server\'s configuration. With this scheme, URLs at your site will look like <tt>
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1031
http://yoursite.com/path-to-enano/index.php/Main_Page</tt>.</p>
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1032
<p>The second option, Small URLs, will be selected by default if Enano detects Apache. Small URLs are more friendly towards
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1033
search engines, but they don\'t work on very many non-Apache servers, or if PHP is set up through CGI on your server. Many
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1034
free and low-cost web hosts will configure PHP through CGI in order to keep your user account as the owner of any files that
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1035
Enano generates. With this scheme, URLs at your site will look like <tt>http://yoursite.com/path-to-enano/index.php/Main_Page</tt>.
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1036
</p>
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1037
<p>The last option, Tiny URLs, is the most friendly URL scheme for search engines, because your URLs won\'t have any special characters
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1038
at all in them. However, this only works if your webhost has configured Apache with support for mod_rewrite. Most of the time if your
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1039
host supports this you will see a listing for it in their feature matrix. None of the popular Linux distributions (such as Ubuntu,
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1040
Debian, Red Hat Enterprise Linux™, Fedora, openSUSE™, or CentOS) come with mod_rewrite enabled, so if you run a
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1041
home-brew server, you should consult your distribution\'s documentation for enabling mod_rewrite before selecting this option.
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1042
With this scheme, URLs at your site will look like <tt>http://yoursite.com/path-to-enano/Main_Page</tt>.</p>
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1043
</p>';
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1044
break;
205
+ − 1045
default:
+ − 1046
$title = 'Invalid topic';
+ − 1047
$content = 'Invalid help topic.';
+ − 1048
break;
+ − 1049
}
+ − 1050
echo <<<EOF
+ − 1051
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+ − 1052
<html>
+ − 1053
<head>
+ − 1054
<title>Enano installation quick help • {$title}</title>
+ − 1055
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
+ − 1056
<style type="text/css">
+ − 1057
body {
+ − 1058
font-family: trebuchet ms, verdana, arial, helvetica, sans-serif;
+ − 1059
font-size: 9pt;
+ − 1060
}
+ − 1061
h2 { border-bottom: 1px solid #90B0D0; margin-bottom: 0; }
+ − 1062
h3 { font-size: 11pt; font-weight: bold; }
+ − 1063
li { list-style: url(../images/bullet.gif); }
+ − 1064
p { margin: 1.0em; }
+ − 1065
blockquote { background-color: #F4F4F4; border: 1px dotted #406080; margin: 1em; padding: 10px; max-height: 250px; overflow: auto; }
+ − 1066
a { color: #7090B0; }
+ − 1067
a:hover { color: #90B0D0; }
+ − 1068
</style>
+ − 1069
</head>
+ − 1070
<body>
+ − 1071
<h2>{$title}</h2>
+ − 1072
{$content}
+ − 1073
<p style="text-align: right;">
+ − 1074
<a href="#" onclick="window.close(); return false;">Close window</a>
+ − 1075
</p>
+ − 1076
</body>
+ − 1077
</html>
+ − 1078
EOF;
+ − 1079
exit;
+ − 1080
break;
+ − 1081
default:
+ − 1082
break;
+ − 1083
}
+ − 1084
+ − 1085
$template = new template_nodb();
+ − 1086
$template->load_theme('oxygen', 'bleu', false);
+ − 1087
+ − 1088
$modestrings = Array(
+ − 1089
'welcome' => 'Welcome',
+ − 1090
'license' => 'License Agreement',
+ − 1091
'sysreqs' => 'Server requirements',
261
+ − 1092
'database' => 'Select database driver',
+ − 1093
'database_mysql'=> 'Database information',
+ − 1094
'database_pgsql'=> 'Database information',
205
+ − 1095
'website' => 'Website configuration',
+ − 1096
'login' => 'Administration login',
+ − 1097
'confirm' => 'Confirm installation',
+ − 1098
'install' => 'Database installation',
222
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1099
'finish' => 'Installation complete',
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1100
'_hiddenstages' => '...', // all stages below this line are hidden
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1101
'showlicense' => 'License Agreement'
205
+ − 1102
);
+ − 1103
+ − 1104
$sideinfo = '';
+ − 1105
$vars = $template->extract_vars('elements.tpl');
+ − 1106
$p = $template->makeParserText($vars['sidebar_button']);
222
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1107
$hidden = false;
205
+ − 1108
foreach ( $modestrings as $id => $str )
+ − 1109
{
+ − 1110
if ( $_GET['mode'] == $id )
+ − 1111
{
+ − 1112
$flags = 'style="font-weight: bold; text-decoration: underline;"';
+ − 1113
$this_page = $str;
+ − 1114
}
+ − 1115
else
+ − 1116
{
+ − 1117
$flags = '';
+ − 1118
}
222
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1119
if ( $id == '_hiddenstages' )
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1120
$hidden = true;
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1121
if ( !$hidden )
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1122
{
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1123
$p->assign_vars(Array(
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1124
'HREF' => '#',
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1125
'FLAGS' => $flags . ' onclick="return false;"',
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1126
'TEXT' => $str
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1127
));
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1128
$sideinfo .= $p->run();
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1129
}
205
+ − 1130
}
+ − 1131
+ − 1132
$template->init_vars();
+ − 1133
+ − 1134
if(isset($_GET['mode']) && $_GET['mode'] == 'css')
+ − 1135
{
+ − 1136
header('Content-type: text/css');
+ − 1137
echo $template->get_css();
+ − 1138
exit;
+ − 1139
}
+ − 1140
+ − 1141
$template->header();
222
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1142
if ( !isset($_GET['mode']) )
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1143
{
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1144
$_GET['mode'] = 'welcome';
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1145
}
205
+ − 1146
switch($_GET['mode'])
+ − 1147
{
+ − 1148
default:
+ − 1149
case 'welcome':
+ − 1150
?>
+ − 1151
<div style="text-align: center; margin-top: 10px;">
+ − 1152
<img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-blue.png" style="display: block; margin: 0 auto; padding-left: 100px;" />
+ − 1153
<h2>Welcome to Enano</h2>
310
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1154
<h3>Version <?php echo ENANO_VERSION; ?> – stable<br />
311
+ − 1155
<span style="font-weight: normal;">also affectionately known as "<?php echo strtolower(ENANO_RELEASE_NAME); ?>" <tt>:)</tt></span></h3>
205
+ − 1156
<?php
+ − 1157
if ( file_exists('./_nightly.php') )
+ − 1158
{
+ − 1159
echo '<div class="warning-box" style="text-align: left; margin: 10px 0;"><b>You are about to install a NIGHTLY BUILD of Enano.</b><br />Nightly builds are NOT upgradeable and may contain serious flaws, security problems, or extraneous debugging information. Installing this version of Enano on a production site is NOT recommended.</div>';
+ − 1160
}
+ − 1161
?>
+ − 1162
<form action="install.php?mode=license" method="post">
+ − 1163
<input type="submit" value="Start installation" />
+ − 1164
</form>
+ − 1165
</div>
+ − 1166
<?php
+ − 1167
break;
+ − 1168
case "license":
+ − 1169
?>
+ − 1170
<h3>Welcome to the Enano installer.</h3>
+ − 1171
<p>Thank you for choosing Enano as your CMS. You've selected the finest in design, the strongest in security, and the latest in Web 2.0 toys. Trust us, you'll like it.</p>
+ − 1172
<p>To get started, please read and accept the following license agreement. You've probably seen it before.</p>
222
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1173
<?php show_license(); ?>
205
+ − 1174
<div class="pagenav">
+ − 1175
<form action="install.php?mode=sysreqs" method="post">
+ − 1176
<table border="0">
+ − 1177
<tr>
+ − 1178
<td><input type="submit" value="I agree to the license terms" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Ensure that you agree with the terms of the license<br />• Have your database host, name, username, and password available</p></td>
+ − 1179
</tr>
+ − 1180
</table>
+ − 1181
</form>
+ − 1182
</div>
+ − 1183
<?php
+ − 1184
break;
+ − 1185
case "sysreqs":
+ − 1186
error_reporting(E_ALL);
+ − 1187
?>
+ − 1188
<h3>Checking your server</h3>
+ − 1189
<p>Enano has several requirements that must be met before it can be installed. If all is good then note any warnings and click Continue below.</p>
+ − 1190
<table border="0" cellspacing="0" cellpadding="0">
+ − 1191
<?php
291
+ − 1192
$allow_warn_php4 = ( isset($_GET['i_know_its_php4']) );
205
+ − 1193
run_test('return version_compare(\'4.3.0\', PHP_VERSION, \'<\');', 'PHP Version >=4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.');
291
+ − 1194
run_test('return version_compare(\'5.0.0\', PHP_VERSION, \'<\');', 'PHP 5.x', 'You are running a version of PHP that is not officially supported by the Enano Project. This means that you cannot obtain support on the Enano support forums. All servers running PHP 4.x will display this warning. You may continue installing Enano, but after doing so you should contact your webhost and see if they offer an option to switch to PHP 5. Some large commercial web hosts use PHP4 by default and offer PHP5 as a free option. The Enano Team will not provide any support unless you are able to upgrade to PHP 5.<br /><br /><a href="install.php?mode=sysreqs&i_know_its_php4=yes">Click here</a> to acknowledge this warning.', $allow_warn_php4);
238
f948557af068
Add warning in installer for PHP < 5.2.0; hopefully fix validation of e-mail addresses with dashes
Dan
diff
changeset
+ − 1195
run_test('return version_compare(\'5.2.0\', PHP_VERSION, \'<\');', 'PHP 5.2.0 or later', 'Your server does not have support for PHP 5.2.0. While you may continue installing Enano, please be warned that as of December 31, 2007, all support for Enano on PHP 4 servers is discontinued. If you have at least PHP 5.0.0, support will still be available, but there are many security problems in PHP versions under 5.2.0 that Enano cannot effectively prevent.', true);
261
+ − 1196
run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. The MySQL database driver will be unavailable. In many cases this is OK if you have another supported database type available. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.', true);
+ − 1197
run_test('return function_exists(\'pg_connect\');', 'PostgreSQL extension for PHP', 'It seems that your PHP installation does not have the PostgreSQL extension enabled. Because of this, you won\'t be able to use the PostgreSQL database driver. This is OK in the majority of cases. If you want to use PostgreSQL support, you\'ll need to either compile the PHP extension for Postgres or install the extension with your distribution\'s package manager. Windows administrators will need enable php_pgsql.dll in their php.ini.', true);
205
+ − 1198
run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".');
+ − 1199
run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true);
+ − 1200
//run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true);
+ − 1201
run_test('return is_writable(ENANO_ROOT.\'/config.new.php\');', 'Configuration file writable', 'It looks like the configuration file, config.new.php, is not writable. Enano needs to be able to write to this file in order to install.<br /><br /><b>If you are installing Enano on a SourceForge web site:</b><br />SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.');
+ − 1202
run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the <img> tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.<br /><br />If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true);
+ − 1203
run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true);
+ − 1204
run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true);
261
+ − 1205
if ( !function_exists('mysql_connect') && !function_exists('pg_connect') )
+ − 1206
{
+ − 1207
run_test('return false;', 'No database drivers are available.', 'You need to have at least one database driver working to install Enano. See the warnings on MySQL and PostgreSQL above for more information on installing these database drivers.', false);
+ − 1208
}
205
+ − 1209
echo '</table>';
+ − 1210
if(!$failed)
+ − 1211
{
+ − 1212
?>
+ − 1213
+ − 1214
<div class="pagenav">
+ − 1215
<?php
+ − 1216
if($warned) {
+ − 1217
echo '<table border="0" cellspacing="0" cellpadding="0">';
238
f948557af068
Add warning in installer for PHP < 5.2.0; hopefully fix validation of e-mail addresses with dashes
Dan
diff
changeset
+ − 1218
run_test('return false;', 'Some of the features of Enano have been turned off to accommodate your server.', 'Enano has detected that some of the features or configuration settings on your server are not optimal for the best behavior and/or performance for Enano. As a result, Enano has disabled these features as a precaution to prevent errors and potential security issues.', true);
205
+ − 1219
echo '</table>';
+ − 1220
} else {
+ − 1221
echo '<table border="0" cellspacing="0" cellpadding="0">';
+ − 1222
run_test('return true;', '<b>Your server meets all the requirements for running Enano.</b><br />Click the button below to continue the installation.', 'You should never see this text. Congratulations for being an Enano hacker!');
+ − 1223
echo '</table>';
+ − 1224
}
+ − 1225
?>
+ − 1226
<form action="install.php?mode=database" method="post">
+ − 1227
<table border="0">
+ − 1228
<tr>
206
+ − 1229
<td><input type="submit" value="Continue" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Ensure that you are satisfied with any scalebacks that may have been made to accomodate your server configuration<br />• Have your database host, name, username, and password available</p></td>
205
+ − 1230
</tr>
+ − 1231
</table>
+ − 1232
</form>
+ − 1233
</div>
+ − 1234
<?php
+ − 1235
} else {
+ − 1236
if($failed) {
+ − 1237
echo '<div class="pagenav"><table border="0" cellspacing="0" cellpadding="0">';
+ − 1238
run_test('return false;', 'Your server does not meet the requirements for Enano to run.', 'As a precaution, Enano will not install until the above requirements have been met. Contact your server administrator or hosting company and convince them to upgrade. Good luck.');
+ − 1239
echo '</table></div>';
+ − 1240
}
+ − 1241
}
+ − 1242
?>
+ − 1243
<?php
+ − 1244
break;
+ − 1245
case "database":
+ − 1246
?>
+ − 1247
<script type="text/javascript">
+ − 1248
function ajaxGet(uri, f) {
+ − 1249
if (window.XMLHttpRequest) {
+ − 1250
ajax = new XMLHttpRequest();
+ − 1251
} else {
+ − 1252
if (window.ActiveXObject) {
+ − 1253
ajax = new ActiveXObject("Microsoft.XMLHTTP");
+ − 1254
} else {
+ − 1255
alert('Enano client-side runtime error: No AJAX support, unable to continue');
+ − 1256
return;
+ − 1257
}
+ − 1258
}
+ − 1259
ajax.onreadystatechange = f;
+ − 1260
ajax.open('GET', uri, true);
+ − 1261
ajax.send(null);
+ − 1262
}
+ − 1263
+ − 1264
function ajaxPost(uri, parms, f) {
+ − 1265
if (window.XMLHttpRequest) {
+ − 1266
ajax = new XMLHttpRequest();
+ − 1267
} else {
+ − 1268
if (window.ActiveXObject) {
+ − 1269
ajax = new ActiveXObject("Microsoft.XMLHTTP");
+ − 1270
} else {
+ − 1271
alert('Enano client-side runtime error: No AJAX support, unable to continue');
+ − 1272
return;
+ − 1273
}
+ − 1274
}
+ − 1275
ajax.onreadystatechange = f;
+ − 1276
ajax.open('POST', uri, true);
+ − 1277
ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ − 1278
ajax.setRequestHeader("Content-length", parms.length);
+ − 1279
ajax.setRequestHeader("Connection", "close");
+ − 1280
ajax.send(parms);
+ − 1281
}
+ − 1282
function ajaxTestConnection()
+ − 1283
{
+ − 1284
v = verify();
+ − 1285
if(!v)
+ − 1286
{
+ − 1287
alert('One or more of the form fields is incorrect. Please correct any information in the form that has an "X" next to it.');
+ − 1288
return false;
+ − 1289
}
+ − 1290
var frm = document.forms.dbinfo;
+ − 1291
db_host = escape(frm.db_host.value.replace('+', '%2B'));
+ − 1292
db_name = escape(frm.db_name.value.replace('+', '%2B'));
+ − 1293
db_user = escape(frm.db_user.value.replace('+', '%2B'));
+ − 1294
db_pass = escape(frm.db_pass.value.replace('+', '%2B'));
+ − 1295
db_root_user = escape(frm.db_root_user.value.replace('+', '%2B'));
+ − 1296
db_root_pass = escape(frm.db_root_pass.value.replace('+', '%2B'));
+ − 1297
+ − 1298
parms = 'host='+db_host+'&name='+db_name+'&user='+db_user+'&pass='+db_pass+'&root_user='+db_root_user+'&root_pass='+db_root_pass;
+ − 1299
ajaxPost('<?php echo scriptPath; ?>/install.php?mode=mysql_test', parms, function() {
+ − 1300
if(ajax.readyState==4)
+ − 1301
{
+ − 1302
s = ajax.responseText.substr(0, 4);
+ − 1303
t = ajax.responseText.substr(4, ajax.responseText.length);
+ − 1304
if(s.substr(0, 4)=='good')
+ − 1305
{
+ − 1306
document.getElementById('s_db_host').src='images/good.gif';
+ − 1307
document.getElementById('s_db_name').src='images/good.gif';
+ − 1308
document.getElementById('s_db_auth').src='images/good.gif';
+ − 1309
document.getElementById('s_db_root').src='images/good.gif';
+ − 1310
if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
+ − 1311
if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
+ − 1312
document.getElementById('s_mysql_version').src='images/good.gif';
+ − 1313
document.getElementById('e_mysql_version').innerHTML = 'Your version of MySQL meets Enano requirements.';
+ − 1314
}
+ − 1315
else
+ − 1316
{
+ − 1317
switch(s)
+ − 1318
{
+ − 1319
case 'host':
+ − 1320
document.getElementById('s_db_host').src='images/bad.gif';
+ − 1321
document.getElementById('s_db_name').src='images/unknown.gif';
+ − 1322
document.getElementById('s_db_auth').src='images/unknown.gif';
+ − 1323
document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1324
document.getElementById('e_db_host').innerHTML = '<b>Error:<\/b> The database server "'+document.forms.dbinfo.db_host.value+'" couldn\'t be contacted.<br \/>'+t;
+ − 1325
document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1326
break;
+ − 1327
case 'auth':
+ − 1328
document.getElementById('s_db_host').src='images/good.gif';
+ − 1329
document.getElementById('s_db_name').src='images/unknown.gif';
+ − 1330
document.getElementById('s_db_auth').src='images/bad.gif';
+ − 1331
document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1332
document.getElementById('e_db_auth').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
+ − 1333
document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1334
break;
+ − 1335
case 'perm':
+ − 1336
document.getElementById('s_db_host').src='images/good.gif';
+ − 1337
document.getElementById('s_db_name').src='images/bad.gif';
+ − 1338
document.getElementById('s_db_auth').src='images/good.gif';
+ − 1339
document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1340
document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> Access to the specified database using those login credentials was denied.<br \/>'+t;
+ − 1341
document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1342
break;
+ − 1343
case 'name':
+ − 1344
document.getElementById('s_db_host').src='images/good.gif';
+ − 1345
document.getElementById('s_db_name').src='images/bad.gif';
+ − 1346
document.getElementById('s_db_auth').src='images/good.gif';
+ − 1347
document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1348
document.getElementById('e_db_name').innerHTML = '<b>Error:<\/b> The specified database does not exist<br \/>'+t;
+ − 1349
document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1350
break;
+ − 1351
case 'root':
+ − 1352
document.getElementById('s_db_host').src='images/good.gif';
+ − 1353
document.getElementById('s_db_name').src='images/unknown.gif';
+ − 1354
document.getElementById('s_db_auth').src='images/unknown.gif';
+ − 1355
document.getElementById('s_db_root').src='images/bad.gif';
+ − 1356
document.getElementById('e_db_root').innerHTML = '<b>Error:<\/b> Access to MySQL under the specified credentials was denied.<br \/>'+t;
+ − 1357
document.getElementById('e_mysql_version').innerHTML = 'The MySQL version that your server is running could not be determined.';
+ − 1358
break;
+ − 1359
case 'vers':
+ − 1360
document.getElementById('s_db_host').src='images/good.gif';
+ − 1361
document.getElementById('s_db_name').src='images/good.gif';
+ − 1362
document.getElementById('s_db_auth').src='images/good.gif';
+ − 1363
document.getElementById('s_db_root').src='images/good.gif';
+ − 1364
if(t.match(/_creating_db/)) document.getElementById('e_db_name').innerHTML = '<b>Warning:<\/b> The database you specified does not exist. It will be created during installation.';
+ − 1365
if(t.match(/_creating_user/)) document.getElementById('e_db_auth').innerHTML = '<b>Warning:<\/b> The specified regular user does not exist or the password is incorrect. The user will be created during installation. If the user already exists, the password will be reset.';
+ − 1366
+ − 1367
document.getElementById('e_mysql_version').innerHTML = '<b>Error:<\/b> Your version of MySQL ('+t+') is older than 4.1.17. Enano will still work, but there is a known bug with the comment system and MySQL 4.1.11 that involves some comments not being displayed, due to an issue with the PHP function mysql_fetch_row().';
+ − 1368
document.getElementById('s_mysql_version').src='images/bad.gif';
+ − 1369
default:
+ − 1370
alert(t);
+ − 1371
break;
+ − 1372
}
+ − 1373
}
+ − 1374
}
+ − 1375
});
+ − 1376
}
+ − 1377
function verify()
+ − 1378
{
+ − 1379
document.getElementById('e_db_host').innerHTML = '';
+ − 1380
document.getElementById('e_db_auth').innerHTML = '';
+ − 1381
document.getElementById('e_db_name').innerHTML = '';
+ − 1382
document.getElementById('e_db_root').innerHTML = '';
+ − 1383
var frm = document.forms.dbinfo;
+ − 1384
ret = true;
+ − 1385
if(frm.db_host.value != '')
+ − 1386
{
+ − 1387
document.getElementById('s_db_host').src='images/unknown.gif';
+ − 1388
}
+ − 1389
else
+ − 1390
{
+ − 1391
document.getElementById('s_db_host').src='images/bad.gif';
+ − 1392
ret = false;
+ − 1393
}
288
+ − 1394
if(frm.db_name.value.match(/^([A-z0-9_-]+)$/g))
205
+ − 1395
{
+ − 1396
document.getElementById('s_db_name').src='images/unknown.gif';
+ − 1397
}
+ − 1398
else
+ − 1399
{
+ − 1400
document.getElementById('s_db_name').src='images/bad.gif';
+ − 1401
ret = false;
+ − 1402
}
+ − 1403
if(frm.db_user.value != '')
+ − 1404
{
+ − 1405
document.getElementById('s_db_auth').src='images/unknown.gif';
+ − 1406
}
+ − 1407
else
+ − 1408
{
+ − 1409
document.getElementById('s_db_auth').src='images/bad.gif';
+ − 1410
ret = false;
+ − 1411
}
+ − 1412
if(frm.table_prefix.value.match(/^([a-z0-9_]*)$/g))
+ − 1413
{
+ − 1414
document.getElementById('s_table_prefix').src='images/good.gif';
+ − 1415
}
+ − 1416
else
+ − 1417
{
+ − 1418
document.getElementById('s_table_prefix').src='images/bad.gif';
+ − 1419
ret = false;
+ − 1420
}
+ − 1421
if(frm.db_root_user.value == '')
+ − 1422
{
+ − 1423
document.getElementById('s_db_root').src='images/good.gif';
+ − 1424
}
+ − 1425
else if(frm.db_root_user.value != '' && frm.db_root_pass.value == '')
+ − 1426
{
+ − 1427
document.getElementById('s_db_root').src='images/bad.gif';
+ − 1428
ret = false;
+ − 1429
}
+ − 1430
else
+ − 1431
{
+ − 1432
document.getElementById('s_db_root').src='images/unknown.gif';
+ − 1433
}
+ − 1434
if(ret) frm._cont.disabled = false;
+ − 1435
else frm._cont.disabled = true;
+ − 1436
return ret;
+ − 1437
}
+ − 1438
window.onload = verify;
+ − 1439
</script>
+ − 1440
<p>Now we need some information that will allow Enano to contact your database server. Enano uses MySQL as a data storage backend,
+ − 1441
and we need to have access to a MySQL server in order to continue.</p>
+ − 1442
<p>If you do not have access to a MySQL server, and you are using your own server, you can download MySQL for free from
+ − 1443
<a href="http://www.mysql.com/">MySQL.com</a>. <b>Please note that, like Enano, MySQL is licensed under the GNU GPL.</b>
+ − 1444
If you need to modify MySQL and then distribute your modifications, you must either distribute them under the terms of the GPL
+ − 1445
or purchase a proprietary license.</p>
+ − 1446
<?php
206
+ − 1447
if ( @file_exists('/etc/enano-is-virt-appliance') )
205
+ − 1448
{
+ − 1449
echo '<p><b>MySQL login information for this virtual appliance:</b><br /><br />Database hostname: localhost<br />Database login: username "enano", password: "clurichaun" (without quotes)<br />Database name: enano_www1</p>';
+ − 1450
}
+ − 1451
?>
+ − 1452
<form name="dbinfo" action="install.php?mode=website" method="post">
+ − 1453
<table border="0">
206
+ − 1454
<tr><td colspan="3" style="text-align: center"><h3>Database information</h3></td></tr>
+ − 1455
<tr><td><b>Database hostname</b><br />This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".<br /><span style="color: #993300" id="e_db_host"></span></td><td><input onkeyup="verify();" name="db_host" size="30" type="text" /></td><td><img id="s_db_host" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1456
<tr><td><b>Database name</b><br />The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a MySQL user with administrative rights.<br /><span style="color: #993300" id="e_db_name"></span></td><td><input onkeyup="verify();" name="db_name" size="30" type="text" /></td><td><img id="s_db_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1457
<tr><td rowspan="2"><b>Database login</b><br />These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace" privileges for your database.<br /><span style="color: #993300" id="e_db_auth"></span></td><td><input onkeyup="verify();" name="db_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_auth" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1458
<tr><td><input name="db_pass" size="30" type="password" /></td></tr>
+ − 1459
<tr><td colspan="3" style="text-align: center"><h3>Optional information</h3></td></tr>
+ − 1460
<tr><td><b>Table prefix</b><br />The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), numbers (0-9), and underscores (_).</td><td><input onkeyup="verify();" name="table_prefix" size="30" type="text" /></td><td><img id="s_table_prefix" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+ − 1461
<tr><td rowspan="2"><b>Database administrative login</b><br />If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the login information for an administrative user (such as root). Leave these fields blank unless you need to use them.<br /><span style="color: #993300" id="e_db_root"></span></td><td><input onkeyup="verify();" name="db_root_user" size="30" type="text" /></td><td rowspan="2"><img id="s_db_root" alt="Good/bad icon" src="images/good.gif" /></td></tr>
+ − 1462
<tr><td><input onkeyup="verify();" name="db_root_pass" size="30" type="password" /></td></tr>
+ − 1463
<tr><td><b>MySQL version</b></td><td id="e_mysql_version">MySQL version information will be checked when you click "Test Connection".</td><td><img id="s_mysql_version" alt="Good/bad icon" src="images/unknown.gif" /></td></tr>
+ − 1464
<tr><td><b>Delete existing tables?</b><br />If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do NOT use this option unless specifically instructed to.</td><td><input type="checkbox" name="drop_tables" id="dtcheck" /> <label for="dtcheck">Drop existing tables</label></td></tr>
+ − 1465
<tr><td colspan="3" style="text-align: center"><input type="button" value="Test connection" onclick="ajaxTestConnection();" /></td></tr>
205
+ − 1466
</table>
+ − 1467
<div class="pagenav">
206
+ − 1468
<table border="0">
+ − 1469
<tr>
+ − 1470
<td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Check your MySQL connection using the "Test Connection" button.<br />• Be aware that your database information will be transmitted unencrypted several times.</p></td>
+ − 1471
</tr>
+ − 1472
</table>
+ − 1473
</div>
205
+ − 1474
</form>
+ − 1475
<?php
+ − 1476
break;
+ − 1477
case "website":
+ − 1478
if(!isset($_POST['_cont'])) {
+ − 1479
echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+ − 1480
$template->footer();
+ − 1481
exit;
+ − 1482
}
+ − 1483
unset($_POST['_cont']);
+ − 1484
?>
+ − 1485
<script type="text/javascript">
+ − 1486
function verify()
+ − 1487
{
+ − 1488
var frm = document.forms.siteinfo;
+ − 1489
ret = true;
+ − 1490
if(frm.sitename.value.match(/^(.+)$/g) && frm.sitename.value != 'Enano')
+ − 1491
{
+ − 1492
document.getElementById('s_name').src='images/good.gif';
+ − 1493
}
+ − 1494
else
+ − 1495
{
+ − 1496
document.getElementById('s_name').src='images/bad.gif';
+ − 1497
ret = false;
+ − 1498
}
+ − 1499
if(frm.sitedesc.value.match(/^(.+)$/g))
+ − 1500
{
+ − 1501
document.getElementById('s_desc').src='images/good.gif';
+ − 1502
}
+ − 1503
else
+ − 1504
{
+ − 1505
document.getElementById('s_desc').src='images/bad.gif';
+ − 1506
ret = false;
+ − 1507
}
+ − 1508
if(frm.copyright.value.match(/^(.+)$/g))
+ − 1509
{
+ − 1510
document.getElementById('s_copyright').src='images/good.gif';
+ − 1511
}
+ − 1512
else
+ − 1513
{
+ − 1514
document.getElementById('s_copyright').src='images/bad.gif';
+ − 1515
ret = false;
+ − 1516
}
+ − 1517
if(ret) frm._cont.disabled = false;
+ − 1518
else frm._cont.disabled = true;
+ − 1519
return ret;
+ − 1520
}
+ − 1521
window.onload = verify;
+ − 1522
</script>
+ − 1523
<form name="siteinfo" action="install.php?mode=login" method="post">
+ − 1524
<?php
+ − 1525
$k = array_keys($_POST);
+ − 1526
for($i=0;$i<sizeof($_POST);$i++) {
+ − 1527
echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
+ − 1528
}
+ − 1529
?>
+ − 1530
<p>The next step is to enter some information about your website. You can always change this information later, using the administration panel.</p>
310
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1531
<?php
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1532
if ( defined('WINDOWS_MOD_REWRITE_WORKAROUNDS') )
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1533
{
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1534
$patch_necessary = ( strtolower(PHP_OS) == 'win32' && substr(@$_SERVER['SERVER_SOFTWARE'], 'Apache/2.2') );
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1535
?>
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1536
<div class="usermessage">
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1537
<b>Your copy of Enano has the Windows mod_rewrite workaround patch enabled.</b><br />
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1538
<?php if ( $patch_necessary ): ?>
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1539
If you don't plan to use the Tiny URLs option below, you should go back and re-download Enano without this workaround enabled.
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1540
The mod_rewrite issues Enano faces under Windows are caused by a security change in Apache 2.2 that is not present in Apache 2.0.
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1541
<a href="http://enanocms.org/windows-patch">Learn more</a>
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1542
<?php else: ?>
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1543
The Enano installer has detected that you're probably not running Apache 2.2 under Windows. You don't need this workaround
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1544
unless you're using this specific software stack. Unless you're sure that you are running Apache 2.2 under Windows on your server,
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1545
it is recommended that you disable the <tt>WINDOWS_MOD_REWRITE_WORKAROUNDS</tt> constant in includes/constants.php.
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1546
<a href="http://enanocms.org/windows-patch" onclick="window.open(this.href); return false;">Learn more</a>
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1547
<?php endif; ?>
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1548
</div>
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1549
<?php
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1550
}
78cb09a23e69
Made UX for Windows patch more pleasant including external documentation. Breaking change to dynamic download script.
Dan
diff
changeset
+ − 1551
?>
205
+ − 1552
<table border="0">
206
+ − 1553
<tr><td><b>Website name</b><br />The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".</td><td><input onkeyup="verify();" name="sitename" type="text" size="30" /></td><td><img id="s_name" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1554
<tr><td><b>Website description</b><br />This text will be shown below the name of your website.</td><td><input onkeyup="verify();" name="sitedesc" type="text" size="30" /></td><td><img id="s_desc" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1555
<tr><td><b>Copyright info</b><br />This should be a one-line legal notice that will appear at the bottom of all your pages.</td><td><input onkeyup="verify();" name="copyright" type="text" size="30" /></td><td><img id="s_copyright" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1556
<tr><td><b>Wiki mode</b><br />This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can protect pages to prevent editing.</td><td><input name="wiki_mode" type="checkbox" id="wmcheck" /> <label for="wmcheck">Yes, make my website a wiki.</label></td><td></td></tr>
243
c9e192a059c1
Add installer pop-help topic for URL scheme, in response to http://forum.enanocms.org/viewtopic.php?f=5&t=19
Dan
diff
changeset
+ − 1557
<tr><td><b>URL scheme</b><br />Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you don't know, select the first option, and you can always change it later.</td><td colspan="2"><input type="radio" <?php if(!is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="ugly" id="ugly"> <label for="ugly">Standard URLs - compatible with any web server (www.example.com/index.php?title=Page_name)</label><br /><input type="radio" <?php if(is_apache()) echo 'checked="checked" '; ?>name="urlscheme" value="short" id="short"> <label for="short">Short URLs - requires Apache with a PHP module (www.example.com/index.php/Page_name)</label><br /><input type="radio" name="urlscheme" value="tiny" id="petite"> <label for="petite">Tiny URLs - requires Apache on Linux/Unix/BSD with PHP module and mod_rewrite enabled (www.example.com/Page_name)</label><br /><small><a href="install.php?mode=pophelp&topic=url_schemes" onclick="window.open(this.href, 'pophelpwin', 'width=550,height=400,status=no,toolbars=no,toolbar=no,address=no,scroll=yes'); return false;">Which URL scheme should I choose?</a></small></td></tr>
205
+ − 1558
</table>
+ − 1559
<div class="pagenav">
+ − 1560
<table border="0">
206
+ − 1561
<tr>
+ − 1562
<td><input type="submit" value="Continue" onclick="return verify();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Verify that your site information is correct. Again, all of the above settings can be changed from the administration panel.</p></td>
+ − 1563
</tr>
205
+ − 1564
</table>
+ − 1565
</div>
+ − 1566
</form>
+ − 1567
<?php
+ − 1568
break;
+ − 1569
case "login":
+ − 1570
if(!isset($_POST['_cont'])) {
+ − 1571
echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+ − 1572
$template->footer();
+ − 1573
exit;
+ − 1574
}
+ − 1575
unset($_POST['_cont']);
+ − 1576
require('config.new.php');
229
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 1577
$aes = AESCrypt::singleton(AES_BITS, AES_BLOCKSIZE);
205
+ − 1578
if ( isset($crypto_key) )
+ − 1579
{
+ − 1580
$cryptkey = $crypto_key;
+ − 1581
}
+ − 1582
if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) )
+ − 1583
{
+ − 1584
$cryptkey = $aes->gen_readymade_key();
+ − 1585
$handle = @fopen(ENANO_ROOT.'/config.new.php', 'w');
+ − 1586
if(!$handle)
+ − 1587
{
+ − 1588
echo '<p>ERROR: Cannot open config.php for writing - exiting!</p>';
+ − 1589
$template->footer();
+ − 1590
exit;
+ − 1591
}
+ − 1592
fwrite($handle, '<?php $cryptkey = \''.$cryptkey.'\'; ?>');
+ − 1593
fclose($handle);
+ − 1594
}
+ − 1595
// Sorry for the ugly hack, but this f***s up jEdit badly.
+ − 1596
echo '
+ − 1597
<script type="text/javascript">
+ − 1598
function verify()
+ − 1599
{
+ − 1600
var frm = document.forms.login;
+ − 1601
ret = true;
227
0f039028f7a5
Made the username validation regexp in install less picky since it was blacklisting two of the letters in my name. >.<
Dan
diff
changeset
+ − 1602
if ( frm.admin_user.value.match(/^([^<>&\?\'"%\/]+)$/) && !frm.admin_user.value.match(/^(?:(?:\\d{1,2}|1\\d\\d|2[0-4]\\d|25[0-5])\\.){3}(?:\\d{1,2}|1\\d\\d|2[0-4]\\d|25[0-5])$/) && frm.admin_user.value.toLowerCase() != \'anonymous\' )
205
+ − 1603
{
+ − 1604
document.getElementById(\'s_user\').src = \'images/good.gif\';
+ − 1605
}
+ − 1606
else
+ − 1607
{
+ − 1608
document.getElementById(\'s_user\').src = \'images/bad.gif\';
+ − 1609
ret = false;
+ − 1610
}
+ − 1611
if(frm.admin_pass.value.length >= 6 && frm.admin_pass.value == frm.admin_pass_confirm.value)
+ − 1612
{
+ − 1613
document.getElementById(\'s_password\').src = \'images/good.gif\';
+ − 1614
}
+ − 1615
else
+ − 1616
{
+ − 1617
document.getElementById(\'s_password\').src = \'images/bad.gif\';
+ − 1618
ret = false;
+ − 1619
}
238
f948557af068
Add warning in installer for PHP < 5.2.0; hopefully fix validation of e-mail addresses with dashes
Dan
diff
changeset
+ − 1620
if(frm.admin_email.value.match(/^(?:[\\w\\d_-]+\\.?)+@(?:(?:[\\w\\d-]\\-?)+\\.)+\\w{2,4}$/))
205
+ − 1621
{
+ − 1622
document.getElementById(\'s_email\').src = \'images/good.gif\';
+ − 1623
}
+ − 1624
else
+ − 1625
{
+ − 1626
document.getElementById(\'s_email\').src = \'images/bad.gif\';
+ − 1627
ret = false;
+ − 1628
}
+ − 1629
if(ret) frm._cont.disabled = false;
+ − 1630
else frm._cont.disabled = true;
+ − 1631
return ret;
+ − 1632
}
+ − 1633
window.onload = verify;
+ − 1634
+ − 1635
function cryptdata()
+ − 1636
{
+ − 1637
if(!verify()) return false;
+ − 1638
}
+ − 1639
</script>
+ − 1640
';
+ − 1641
?>
+ − 1642
<form name="login" action="install.php?mode=confirm" method="post" onsubmit="runEncryption();">
+ − 1643
<?php
+ − 1644
$k = array_keys($_POST);
+ − 1645
for($i=0;$i<sizeof($_POST);$i++) {
+ − 1646
echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
+ − 1647
}
+ − 1648
?>
+ − 1649
<p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
+ − 1650
<table border="0">
206
+ − 1651
<tr><td><b>Administration username</b><br /><small>The administration username you will use to log into your site.<br />This cannot be "anonymous" or in the form of an IP address.</small></td><td><input onkeyup="verify();" name="admin_user" type="text" size="30" /></td><td><img id="s_user" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1652
<tr><td>Administration password:</td><td><input onkeyup="verify();" name="admin_pass" type="password" size="30" /></td><td rowspan="2"><img id="s_password" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
+ − 1653
<tr><td>Enter it again to confirm:</td><td><input onkeyup="verify();" name="admin_pass_confirm" type="password" size="30" /></td></tr>
+ − 1654
<tr><td>Your e-mail address:</td><td><input onkeyup="verify();" name="admin_email" type="text" size="30" /></td><td><img id="s_email" alt="Good/bad icon" src="images/bad.gif" /></td></tr>
205
+ − 1655
<tr>
+ − 1656
<td>
+ − 1657
Allow administrators to embed PHP code into pages:<br />
+ − 1658
<small><span style="color: #D84308">Do not under any circumstances enable this option without reading these
+ − 1659
<a href="install.php?mode=pophelp&topic=admin_embed_php"
+ − 1660
onclick="window.open(this.href, 'pophelpwin', 'width=550,height=400,status=no,toolbars=no,toolbar=no,address=no,scroll=yes'); return false;"
+ − 1661
style="color: #D84308; text-decoration: underline;">important security implications</a>.
+ − 1662
</span></small>
+ − 1663
</td>
+ − 1664
<td>
+ − 1665
<label><input type="radio" name="admin_embed_php" value="2" checked="checked" /> Disabled</label>
+ − 1666
<label><input type="radio" name="admin_embed_php" value="4" /> Enabled</label>
+ − 1667
</td>
+ − 1668
<td></td>
+ − 1669
</tr>
+ − 1670
<tr><td colspan="3">If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.</td></tr>
+ − 1671
</table>
+ − 1672
<div class="pagenav">
+ − 1673
<table border="0">
206
+ − 1674
<tr>
+ − 1675
<td><input type="submit" value="Continue" onclick="return cryptdata();" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Remember the username and password you enter here! You will not be able to administer your site without the information you enter on this page.</p></td>
+ − 1676
</tr>
205
+ − 1677
</table>
+ − 1678
</div>
+ − 1679
<div id="cryptdebug"></div>
206
+ − 1680
<input type="hidden" name="use_crypt" value="no" />
+ − 1681
<input type="hidden" name="crypt_key" value="<?php echo $cryptkey; ?>" />
+ − 1682
<input type="hidden" name="crypt_data" value="" />
205
+ − 1683
</form>
+ − 1684
<script type="text/javascript">
+ − 1685
// <![CDATA[
+ − 1686
var frm = document.forms.login;
+ − 1687
frm.admin_user.focus();
+ − 1688
function runEncryption()
+ − 1689
{
+ − 1690
str = '';
+ − 1691
for(i=0;i<keySizeInBits/4;i++) str+='0';
+ − 1692
var key = hexToByteArray(str);
+ − 1693
var pt = hexToByteArray(str);
+ − 1694
var ct = rijndaelEncrypt(pt, key, "ECB");
+ − 1695
var ect = byteArrayToHex(ct);
+ − 1696
switch(keySizeInBits)
+ − 1697
{
+ − 1698
case 128:
+ − 1699
v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ − 1700
break;
+ − 1701
case 192:
+ − 1702
v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ − 1703
break;
+ − 1704
case 256:
+ − 1705
v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ − 1706
break;
+ − 1707
}
+ − 1708
var testpassed = ( ect == v && md5_vm_test() );
+ − 1709
var frm = document.forms.login;
+ − 1710
if(testpassed)
+ − 1711
{
+ − 1712
// alert('encryption self-test passed');
+ − 1713
frm.use_crypt.value = 'yes';
+ − 1714
var cryptkey = frm.crypt_key.value;
+ − 1715
frm.crypt_key.value = '';
+ − 1716
if(cryptkey != byteArrayToHex(hexToByteArray(cryptkey)))
+ − 1717
{
+ − 1718
alert('Byte array conversion SUCKS');
+ − 1719
testpassed = false;
+ − 1720
}
+ − 1721
cryptkey = hexToByteArray(cryptkey);
+ − 1722
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ − 1723
{
+ − 1724
frm._cont.disabled = true;
+ − 1725
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ − 1726
alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ − 1727
}
+ − 1728
}
+ − 1729
else
+ − 1730
{
+ − 1731
// alert('encryption self-test FAILED');
+ − 1732
}
+ − 1733
if(testpassed)
+ − 1734
{
+ − 1735
pass = frm.admin_pass.value;
+ − 1736
pass = stringToByteArray(pass);
+ − 1737
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
+ − 1738
//decrypted = rijndaelDecrypt(cryptstring, cryptkey, 'ECB');
+ − 1739
//decrypted = byteArrayToString(decrypted);
+ − 1740
//return false;
+ − 1741
if(!cryptstring)
+ − 1742
{
+ − 1743
return false;
+ − 1744
}
+ − 1745
cryptstring = byteArrayToHex(cryptstring);
+ − 1746
// document.getElementById('cryptdebug').innerHTML = '<pre>Data: '+cryptstring+'<br />Key: '+byteArrayToHex(cryptkey)+'</pre>';
+ − 1747
frm.crypt_data.value = cryptstring;
+ − 1748
frm.admin_pass.value = '';
+ − 1749
frm.admin_pass_confirm.value = '';
+ − 1750
}
+ − 1751
return false;
+ − 1752
}
+ − 1753
// ]]>
+ − 1754
</script>
+ − 1755
<?php
+ − 1756
break;
+ − 1757
case "confirm":
+ − 1758
if(!isset($_POST['_cont'])) {
+ − 1759
echo 'No POST data signature found. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+ − 1760
$template->footer();
+ − 1761
exit;
+ − 1762
}
+ − 1763
unset($_POST['_cont']);
+ − 1764
?>
+ − 1765
<form name="confirm" action="install.php?mode=install" method="post">
+ − 1766
<?php
+ − 1767
$k = array_keys($_POST);
+ − 1768
for($i=0;$i<sizeof($_POST);$i++) {
+ − 1769
echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
+ − 1770
}
+ − 1771
?>
+ − 1772
<h3>Enano is ready to install.</h3>
+ − 1773
<p>The wizard has finished collecting information and is ready to install the database schema. Please review the information below,
+ − 1774
and then click the button below to install the database.</p>
+ − 1775
<ul>
+ − 1776
<li>Database hostname: <?php echo $_POST['db_host']; ?></li>
+ − 1777
<li>Database name: <?php echo $_POST['db_name']; ?></li>
+ − 1778
<li>Database user: <?php echo $_POST['db_user']; ?></li>
+ − 1779
<li>Database password: <hidden></li>
+ − 1780
<li>Site name: <?php echo $_POST['sitename']; ?></li>
+ − 1781
<li>Site description: <?php echo $_POST['sitedesc']; ?></li>
+ − 1782
<li>Administration username: <?php echo $_POST['admin_user']; ?></li>
+ − 1783
<li>Cipher strength: <?php echo (string)AES_BITS; ?>-bit AES<br /><small>Cipher strength is defined in the file constants.php; if you desire to change the cipher strength, you may do so and then restart installation. Unless your site is mission-critical, changing the cipher strength is not necessary.</small></li>
+ − 1784
</ul>
+ − 1785
<div class="pagenav">
+ − 1786
<table border="0">
+ − 1787
<tr>
+ − 1788
<td><input type="submit" value="Install Enano!" name="_cont" /></td><td><p><span style="font-weight: bold;">Before clicking continue:</span><br />• Pray.</p></td>
+ − 1789
</tr>
+ − 1790
</table>
+ − 1791
</div>
+ − 1792
</form>
+ − 1793
<?php
+ − 1794
break;
+ − 1795
case "install":
+ − 1796
if(!isset($_POST['db_host']) ||
+ − 1797
!isset($_POST['db_name']) ||
+ − 1798
!isset($_POST['db_user']) ||
+ − 1799
!isset($_POST['db_pass']) ||
+ − 1800
!isset($_POST['sitename']) ||
+ − 1801
!isset($_POST['sitedesc']) ||
+ − 1802
!isset($_POST['copyright']) ||
+ − 1803
!isset($_POST['admin_user']) ||
+ − 1804
!isset($_POST['admin_pass']) ||
+ − 1805
!isset($_POST['admin_embed_php']) || ( isset($_POST['admin_embed_php']) && !in_array($_POST['admin_embed_php'], array('2', '4')) ) ||
+ − 1806
!isset($_POST['urlscheme'])
+ − 1807
)
+ − 1808
{
+ − 1809
echo 'The installer has detected that one or more required form values is not set. Please <a href="install.php?mode=sysreqs">restart the installation</a>.';
+ − 1810
$template->footer();
+ − 1811
exit;
+ − 1812
}
+ − 1813
switch($_POST['urlscheme'])
+ − 1814
{
+ − 1815
case "ugly":
+ − 1816
default:
+ − 1817
$cp = scriptPath.'/index.php?title=';
+ − 1818
break;
+ − 1819
case "short":
+ − 1820
$cp = scriptPath.'/index.php/';
+ − 1821
break;
+ − 1822
case "tiny":
+ − 1823
$cp = scriptPath.'/';
+ − 1824
break;
+ − 1825
}
+ − 1826
function err($t) { global $template; echo $t; $template->footer(); exit; }
+ − 1827
+ − 1828
// $stages = array('connect', 'decrypt', 'genkey', 'parse', 'sql', 'writeconfig', 'renameconfig', 'startapi', 'initlogs');
+ − 1829
+ − 1830
if ( !preg_match('/^[a-z0-9_]*$/', $_POST['table_prefix']) )
+ − 1831
err('Hacking attempt was detected in table_prefix.');
+ − 1832
+ − 1833
start_install_table();
216
+ − 1834
+ − 1835
// Are we just trying to auto-rename the config files? If so, skip everything else
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1836
if ( !isset($_GET['stage']) || ( isset($_GET['stage']) && $_GET['stage'] != 'renameconfig' ) )
205
+ − 1837
{
+ − 1838
216
+ − 1839
// The stages connect, decrypt, genkey, and parse are preprocessing and don't do any actual data modification.
+ − 1840
// Thus, they need to be run on each retry, e.g. never skipped.
+ − 1841
run_installer_stage('connect', 'Connect to MySQL', 'stg_mysql_connect', 'MySQL denied our attempt to connect to the database. This is most likely because your login information was incorrect. You will most likely need to <a href="install.php?mode=license">restart the installation</a>.', false);
+ − 1842
if ( isset($_POST['drop_tables']) )
+ − 1843
{
+ − 1844
// Are we supposed to drop any existing tables? If so, do it now
+ − 1845
run_installer_stage('drop', 'Drop existing Enano tables', 'stg_drop_tables', 'This step never returns failure');
+ − 1846
}
+ − 1847
run_installer_stage('decrypt', 'Decrypt administration password', 'stg_decrypt_admin_pass', 'The administration password you entered couldn\'t be decrypted. It is possible that your server did not properly store the encryption key in the configuration file. Please check the file permissions on config.new.php. You may have to return to the login stage of the installation, clear your browser cache, and then rerun this installation.', false);
+ − 1848
run_installer_stage('genkey', 'Generate ' . AES_BITS . '-bit AES private key', 'stg_generate_aes_key', 'Enano encountered an internal error while generating the site encryption key. Please contact the Enano team for support.', false);
+ − 1849
run_installer_stage('parse', 'Prepare to execute schema file', 'stg_parse_schema', 'Enano encountered an internal error while parsing the SQL file that contains the database structure and initial data. Please contact the Enano team for support.', false);
+ − 1850
run_installer_stage('sql', 'Execute installer schema', 'stg_install', 'The installation failed because an SQL query wasn\'t quite correct. It is possible that you entered malformed data into a form field, or there may be a bug in Enano with your version of MySQL. Please contact the Enano team for support.', false);
+ − 1851
run_installer_stage('writeconfig', 'Write configuration files', 'stg_write_config', 'Enano was unable to write the configuration file with your site\'s database credentials. This is almost always because your configuration file does not have the correct permissions. On Windows servers, you may see this message even if the check on the System Requirements page passed. Temporarily running IIS as the Administrator user may help.');
+ − 1852
+ − 1853
// Mainstream installation complete - Enano should be usable now
+ − 1854
// The stage of starting the API is special because it has to be called out of function context.
+ − 1855
// To alleviate this, we have two functions, one that returns success and one that returns failure
+ − 1856
// If the Enano API load is successful, the success function is called to report the action to the user
+ − 1857
// If unsuccessful, the failure report is sent
+ − 1858
+ − 1859
$template_bak = $template;
+ − 1860
+ − 1861
$_GET['title'] = 'Main_Page';
+ − 1862
require('includes/common.php');
+ − 1863
+ − 1864
if ( is_object($db) && is_object($session) )
+ − 1865
{
+ − 1866
run_installer_stage('startapi', 'Start the Enano API', 'stg_start_api_success', '...', false);
+ − 1867
}
+ − 1868
else
+ − 1869
{
+ − 1870
run_installer_stage('startapi', 'Start the Enano API', 'stg_start_api_failure', 'The Enano API could not be started. This is an error that should never occur; please contact the Enano team for support.', false);
+ − 1871
}
+ − 1872
+ − 1873
// We need to be logged in (with admin rights) before logs can be flushed
+ − 1874
$admin_password = stg_decrypt_admin_pass(true);
+ − 1875
$session->login_without_crypto($_POST['admin_user'], $admin_password, false);
+ − 1876
+ − 1877
// Now that login cookies are set, initialize the session manager and ACLs
+ − 1878
$session->start();
+ − 1879
$paths->init();
+ − 1880
+ − 1881
run_installer_stage('initlogs', 'Initialize logs', 'stg_init_logs', '<b>The session manager denied the request to flush logs for the main page.</b><br />
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1882
While under most circumstances you can still <a href="install.php?mode=finish">finish the installation</a> after renaming your configuration files, you should be aware that some servers cannot
216
+ − 1883
properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose
+ − 1884
to finish the installation, please be aware that you may be unable to log into your site.');
+ − 1885
218
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1886
run_installer_stage('buildindex', 'Initialize search index', 'stg_build_index', 'Something went wrong while the page manager was attempting to build a search index.');
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 1887
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1888
/*
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1889
* HACKERS:
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1890
* If you're making a custom distribution of Enano, put all your custom plugin-related code here.
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1891
* You have access to the full Enano API as well as being logged in with complete admin rights.
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1892
* Don't do anything horrendously fancy here, unless you add a new stage (or more than one) and
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1893
* have the progress printed out properly.
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1894
*/
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1895
216
+ − 1896
} // check for stage == renameconfig
205
+ − 1897
else
+ − 1898
{
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1899
// If we did skip the main installer routine, set $template_bak to make the reversal later work properly
216
+ − 1900
$template_bak = $template;
205
+ − 1901
}
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 1902
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1903
// Final step is to rename the config file
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1904
// In early revisions of 1.0.2, this step was performed prior to the initialization of the Enano API. It was decided to move
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1905
// this stage to the end because it will fail more often than any other stage, thus making alternate routes imperative. If this
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 1906
// stage fails, then no big deal, we'll just have the user rename the files manually and then let them see the pretty success message.
216
+ − 1907
run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. Please CHMOD the folder where your Enano files are to 777 and click the retry button below, <b><u>or</u></b> perform the following rename operations and then <a href="install.php?mode=finish">finish the installation</a>.<ul><li>Rename config.new.php to config.php</li><li>Rename .htaccess.new to .htaccess (only if you selected Tiny URLs)</li></ul>');
215
58477ab3937f
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
Dan
diff
changeset
+ − 1908
205
+ − 1909
close_install_table();
+ − 1910
+ − 1911
unset($template);
+ − 1912
$template =& $template_bak;
+ − 1913
+ − 1914
echo '<h3>Installation of Enano is complete.</h3><p>Review any warnings above, and then <a href="install.php?mode=finish">click here to finish the installation</a>.';
+ − 1915
+ − 1916
// echo '<script type="text/javascript">window.location="'.scriptPath.'/install.php?mode=finish";</script>';
+ − 1917
+ − 1918
break;
+ − 1919
case "finish":
+ − 1920
echo '<h3>Congratulations!</h3>
+ − 1921
<p>You have finished installing Enano on this server.</p>
+ − 1922
<h3>Now what?</h3>
+ − 1923
<p>Click the link below to see the main page for your website. Where to go from here:</p>
+ − 1924
<ul>
+ − 1925
<li>The first thing you should do is log into your site using the Log in link on the sidebar.</li>
+ − 1926
<li>Go into the Administration panel, expand General, and click General Configuration. There you will be able to configure some basic information about your site.</li>
+ − 1927
<li>Visit the <a href="http://enanocms.org/Category:Plugins" onclick="window.open(this.href); return false;">Enano Plugin Gallery</a> to download and use plugins on your site.</li>
+ − 1928
<li>Periodically create a backup of your database and filesystem, in case something goes wrong. This should be done at least once a week – more for wiki-based sites.</li>
+ − 1929
<li>Hire some moderators, to help you keep rowdy users tame.</li>
+ − 1930
<li>Tell the <a href="http://enanocms.org/Contact_us">Enano team</a> what you think.</li>
+ − 1931
<li><b>Spread the word about Enano by adding a link to the Enano homepage on your sidebar!</b> You can enable this option in the General Configuration section of the administration panel.</li>
+ − 1932
</ul>
+ − 1933
<p><a href="index.php">Go to your website...</a></p>';
+ − 1934
break;
222
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1935
// this stage is never shown during the installation, but is provided for legal purposes
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1936
case "showlicense":
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1937
show_license(true);
acfdccf7a2bf
Re-sync Oxygen and Mint and Oxygen simple with Oxygen main; a couple improvements to the redirect-on-no-config code
Dan
diff
changeset
+ − 1938
break;
205
+ − 1939
}
+ − 1940
$template->footer();
+ − 1941
+ − 1942
?>