1 <?php |
|
2 |
|
3 /* |
|
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
5 * Version 1.0.3 (Dyrad) |
|
6 * upgrade.php - upgrade script |
|
7 * Copyright (C) 2006-2007 Dan Fuhry |
|
8 * |
|
9 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
10 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
11 * |
|
12 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
13 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
14 */ |
|
15 |
|
16 define('IN_ENANO_INSTALL', 'true'); |
|
17 define('IN_ENANO_UPGRADE', 'true'); |
|
18 |
|
19 if(!defined('scriptPath')) { |
|
20 $sp = dirname($_SERVER['REQUEST_URI']); |
|
21 if($sp == '/' || $sp == '\\') $sp = ''; |
|
22 define('scriptPath', $sp); |
|
23 } |
|
24 |
|
25 if(!defined('contentPath')) { |
|
26 $sp = dirname($_SERVER['REQUEST_URI']); |
|
27 if($sp == '/' || $sp == '\\') $sp = ''; |
|
28 define('contentPath', $sp); |
|
29 } |
|
30 |
|
31 global $this_page, $sideinfo; |
|
32 |
|
33 function microtime_float() |
|
34 { |
|
35 list($usec, $sec) = explode(" ", microtime()); |
|
36 return ((float)$usec + (float)$sec); |
|
37 } |
|
38 |
|
39 global $_starttime; |
|
40 $_starttime = microtime_float(); |
|
41 |
|
42 // Determine directory (special case for development servers) |
|
43 if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') ) |
|
44 { |
|
45 $filename = str_replace('/repo/', '/', __FILE__); |
|
46 } |
|
47 else |
|
48 { |
|
49 $filename = __FILE__; |
|
50 } |
|
51 |
|
52 define('ENANO_ROOT', dirname($filename)); |
|
53 |
|
54 require(ENANO_ROOT.'/includes/constants.php'); |
|
55 |
|
56 if(defined('ENANO_DEBUG')) |
|
57 { |
|
58 require_once(ENANO_ROOT.'/includes/debugger/debugConsole.php'); |
|
59 } |
|
60 else |
|
61 { |
|
62 function dc_here($m) { return false; } |
|
63 function dc_dump($a, $g) { return false; } |
|
64 function dc_watch($n) { return false; } |
|
65 function dc_start_timer($u) { return false; } |
|
66 function dc_stop_timer($m) { return false; } |
|
67 } |
|
68 |
|
69 // SCRIPT CONFIGURATION |
|
70 // Everything related to versions goes here! |
|
71 |
|
72 // Valid versions to upgrade from |
|
73 $valid_versions = Array('1.0b1', '1.0b2', '1.0b3', '1.0b4', '1.0RC1', '1.0RC2', '1.0RC3', '1.0', '1.0.1', '1.0.1.1', '1.0.2b1', '1.0.2', '1.0.3', 'Stable1.0ToUnstable1.1'); |
|
74 |
|
75 // Basically a list of dependencies, which should be resolved automatically |
|
76 // If, for example, upgrading from 1.0b1 to 1.0RC1 requires one extra query that would not |
|
77 // normally be required (for whatever reason) then you would add a custom version number to the array under key '1.0b1'. |
|
78 $deps_list = Array( |
|
79 '1.0b1' => Array('1.0b2'), |
|
80 '1.0b2' => Array('1.0b3'), |
|
81 '1.0b3' => Array('1.0b4'), |
|
82 '1.0b4' => Array('1.0RC1'), |
|
83 '1.0RC1' => Array('1.0RC2'), |
|
84 '1.0RC2' => Array('1.0RC3'), |
|
85 '1.0RC3' => Array('1.0'), |
|
86 '1.0' => Array('1.0.1'), |
|
87 '1.0.1' => Array('1.0.1.1'), |
|
88 '1.0.1.1' => Array('1.0.2b1'), |
|
89 '1.0.2b1' => Array('1.0.2'), |
|
90 '1.0.2' => Array('Stable1.0ToUnstable1.1'), |
|
91 'Stable1.0ToUnstable1.1' => Array('1.1.1') |
|
92 ); |
|
93 $this_version = '1.1.1'; |
|
94 $func_list = Array( |
|
95 '1.0' => Array('u_1_0_1_update_del_votes'), |
|
96 '1.0b4' => Array('u_1_0_RC1_update_user_ids', 'u_1_0_RC1_add_admins_to_group', 'u_1_0_RC1_alter_files_table', 'u_1_0_RC1_destroy_session_cookie', 'u_1_0_RC1_set_contact_email', 'u_1_0_RC1_update_page_text'), // , |
|
97 // '1.0RC2' => Array('u_1_0_populate_userpage_comments') |
|
98 '1.0RC3' => Array('u_1_0_RC3_make_users_extra'), |
|
99 '1.0.2b1' => Array('u_1_0_2_nuke_template_cache', 'u_1_0_2_rebuild_search_index') |
|
100 ); |
|
101 |
|
102 if(!isset($_GET['mode'])) |
|
103 { |
|
104 $_GET['mode'] = 'login'; |
|
105 } |
|
106 |
|
107 function err($t) |
|
108 { |
|
109 global $template; |
|
110 echo $t; |
|
111 $template->footer(); |
|
112 exit; |
|
113 } |
|
114 |
|
115 require(ENANO_ROOT.'/includes/template.php'); |
|
116 |
|
117 // Initialize the session manager |
|
118 require(ENANO_ROOT.'/includes/functions.php'); |
|
119 require(ENANO_ROOT.'/includes/dbal.php'); |
|
120 require(ENANO_ROOT.'/includes/paths.php'); |
|
121 require(ENANO_ROOT.'/includes/sessions.php'); |
|
122 require(ENANO_ROOT.'/includes/plugins.php'); |
|
123 require(ENANO_ROOT.'/includes/rijndael.php'); |
|
124 require(ENANO_ROOT.'/includes/render.php'); |
|
125 require(ENANO_ROOT.'/includes/search.php'); |
|
126 $db = new mysql(); |
|
127 $db->connect(); |
|
128 |
|
129 $plugins = new pluginLoader(); |
|
130 |
|
131 if(!defined('ENANO_CONFIG_FETCHED')) |
|
132 { |
|
133 // Select and fetch the site configuration |
|
134 $e = $db->sql_query('SELECT config_name, config_value FROM '.table_prefix.'config;'); |
|
135 if ( !$e ) |
|
136 { |
|
137 $db->_die('Some critical configuration information could not be selected.'); |
|
138 } |
|
139 else |
|
140 { |
|
141 define('ENANO_CONFIG_FETCHED', ''); // Used in die_semicritical to figure out whether to call getConfig() or not |
|
142 } |
|
143 |
|
144 $enano_config = Array(); |
|
145 while($r = $db->fetchrow()) |
|
146 { |
|
147 $enano_config[$r['config_name']] = $r['config_value']; |
|
148 } |
|
149 $db->free_result(); |
|
150 } |
|
151 |
|
152 $v = enano_version(); |
|
153 if(in_array($v, Array(false, '', '1.0b3', '1.0b4'))) |
|
154 { |
|
155 $ul_admin = 2; |
|
156 $ul_mod = 1; |
|
157 $ul_member = 0; |
|
158 $ul_guest = -1; |
|
159 } |
|
160 else |
|
161 { |
|
162 $ul_admin = USER_LEVEL_ADMIN; |
|
163 $ul_mod = USER_LEVEL_MOD; |
|
164 $ul_member = USER_LEVEL_MEMBER; |
|
165 $ul_guest = USER_LEVEL_GUEST; |
|
166 } |
|
167 |
|
168 $_GET['title'] = 'unset'; |
|
169 |
|
170 $session = new sessionManager(); |
|
171 $paths = new pathManager(); |
|
172 $session->start(); |
|
173 |
|
174 $template = new template_nodb(); |
|
175 $template->load_theme('oxygen', 'bleu', false); |
|
176 |
|
177 $modestrings = Array( |
|
178 'login' => 'Administrative login', |
|
179 'welcome' => 'Welcome', |
|
180 'setversion' => 'Select Enano version', |
|
181 'confirm' => 'Confirm upgrade', |
|
182 'upgrade' => 'Database installation', |
|
183 'finish' => 'Upgrade complete' |
|
184 ); |
|
185 |
|
186 $sideinfo = ''; |
|
187 $vars = $template->extract_vars('elements.tpl'); |
|
188 $p = $template->makeParserText($vars['sidebar_button']); |
|
189 foreach ( $modestrings as $id => $str ) |
|
190 { |
|
191 if ( $_GET['mode'] == $id ) |
|
192 { |
|
193 $flags = 'style="font-weight: bold; text-decoration: underline;"'; |
|
194 $this_page = $str; |
|
195 } |
|
196 else |
|
197 { |
|
198 $flags = ''; |
|
199 } |
|
200 $p->assign_vars(Array( |
|
201 'HREF' => '#', |
|
202 'FLAGS' => $flags . ' onclick="return false;"', |
|
203 'TEXT' => $str |
|
204 )); |
|
205 $sideinfo .= $p->run(); |
|
206 } |
|
207 |
|
208 $template->init_vars(); |
|
209 |
|
210 function upg_assign_vars($schema) |
|
211 { |
|
212 $schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string(getConfig('site_name')), $schema); |
|
213 $schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string(getConfig('site_desc')), $schema); |
|
214 $schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string(getConfig('copyright_notice')), $schema); |
|
215 $schema = str_replace('{{TABLE_PREFIX}}', table_prefix, $schema); |
|
216 if(getConfig('wiki_mode')=='1') $schema = str_replace('{{WIKI_MODE}}', '1', $schema); |
|
217 else $schema = str_replace('{{WIKI_MODE}}', '0', $schema); |
|
218 return $schema; |
|
219 } |
|
220 |
|
221 /* Version-specific functions */ |
|
222 |
|
223 function u_1_0_RC1_update_user_ids() |
|
224 { |
|
225 global $db; |
|
226 // First, make sure this hasn't already been done |
|
227 $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE user_id=1;'); |
|
228 if ( !$q ) |
|
229 $db->_die(); |
|
230 $row = $db->fetchrow(); |
|
231 if ( $row['username'] == 'Anonymous' ) |
|
232 return true; |
|
233 // Find the first unused user ID |
|
234 $used = Array(); |
|
235 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users;'); |
|
236 if ( !$q ) |
|
237 $db->_die(); |
|
238 $notfirst = false; |
|
239 while ( $row = $db->fetchrow() ) |
|
240 { |
|
241 $i = intval($row['user_id']); |
|
242 $used[$i] = true; |
|
243 if ( !isset($used[$i - 1]) && $notfirst ) |
|
244 { |
|
245 $id = $i - 1; |
|
246 break; |
|
247 } |
|
248 $notfirst = true; |
|
249 } |
|
250 if ( !isset($id) ) |
|
251 $id = $i + 1; |
|
252 if ( $id == 0 ) |
|
253 $id = 2; |
|
254 $db->free_result(); |
|
255 |
|
256 $q = $db->sql_query('UPDATE '.table_prefix.'users SET user_id=' . $id . ' WHERE user_id=1;'); |
|
257 if(!$q) |
|
258 $db->_die(); |
|
259 $q = $db->sql_query('UPDATE '.table_prefix.'users SET user_id=1 WHERE user_id=-1 AND username=\'Anonymous\';'); |
|
260 if(!$q) |
|
261 $db->_die(); |
|
262 |
|
263 } |
|
264 |
|
265 function u_1_0_RC1_add_admins_to_group() |
|
266 { |
|
267 global $db; |
|
268 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_level=' . USER_LEVEL_ADMIN . ';'); |
|
269 if ( !$q ) |
|
270 $db->_die(); |
|
271 $base = 'INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES'; |
|
272 $blocks = Array(); |
|
273 while ( $row = $db->fetchrow($q) ) |
|
274 { |
|
275 $blocks[] = '(2,' . $row['user_id'] . ')'; |
|
276 } |
|
277 $blocks = implode(',', $blocks); |
|
278 $sql = $base . $blocks . ';'; |
|
279 if(!$db->sql_query($sql)) |
|
280 $db->_die(); |
|
281 } |
|
282 |
|
283 function u_1_0_RC1_alter_files_table() |
|
284 { |
|
285 global $db; |
|
286 if(!is_dir(ENANO_ROOT.'/files')) |
|
287 @mkdir(ENANO_ROOT . '/files'); |
|
288 if(!is_dir(ENANO_ROOT.'/files')) |
|
289 die('ERROR: Couldn\'t create files directory'); |
|
290 $q = $db->sql_unbuffered_query('SELECT * FROM '.table_prefix.'files;', $db->_conn); |
|
291 if(!$q) $db->_die(); |
|
292 while ( $row = $db->fetchrow() ) |
|
293 { |
|
294 $file_data = base64_decode($row['data']); |
|
295 $path = ENANO_ROOT . '/files/' . md5( $row['filename'] . '_' . $file_data ) . '_' . $row['time_id'] . $row['file_extension']; |
|
296 @unlink($path); |
|
297 $handle = @fopen($path, 'w'); |
|
298 if(!$handle) |
|
299 die('fopen failed'); |
|
300 fwrite($handle, $file_data); |
|
301 fclose($handle); |
|
302 |
|
303 } |
|
304 |
|
305 $q = $db->sql_query('ALTER TABLE '.table_prefix.'files DROP PRIMARY KEY, ADD COLUMN file_id int(12) NOT NULL auto_increment FIRST, ADD PRIMARY KEY (file_id), ADD COLUMN file_key varchar(32) NOT NULL;'); |
|
306 if(!$q) $db->_die(); |
|
307 |
|
308 $list = Array(); |
|
309 $q = $db->sql_unbuffered_query('SELECT * FROM '.table_prefix.'files;', $db->_conn); |
|
310 if(!$q) $db->_die(); |
|
311 while ( $row = $db->fetchrow($q) ) |
|
312 { |
|
313 $file_data = base64_decode($row['data']); |
|
314 $key = md5( $row['filename'] . '_' . $file_data ); |
|
315 $list[] = 'UPDATE '.table_prefix.'files SET file_key=\'' . $key . '\' WHERE file_id=' . $row['file_id'] . ';'; |
|
316 } |
|
317 |
|
318 foreach ( $list as $sql ) |
|
319 { |
|
320 if(!$db->sql_query($sql)) $db->_die(); |
|
321 } |
|
322 |
|
323 if(!$db->sql_query('ALTER TABLE '.table_prefix.'files DROP data')) $db->_die(); |
|
324 |
|
325 } |
|
326 |
|
327 function u_1_0_RC1_destroy_session_cookie() |
|
328 { |
|
329 unset($_COOKIE['sid']); |
|
330 setcookie('sid', '', time()-3600*24, scriptPath); |
|
331 setcookie('sid', '', time()-3600*24, scriptPath.'/'); |
|
332 } |
|
333 |
|
334 function u_1_0_RC1_set_contact_email() |
|
335 { |
|
336 global $db; |
|
337 $q = $db->sql_query('SELECT email FROM '.table_prefix.'users WHERE user_level='.USER_LEVEL_ADMIN.' ORDER BY user_level ASC LIMIT 1;'); |
|
338 if(!$q) |
|
339 $db->_die(); |
|
340 $row = $db->fetchrow(); |
|
341 setConfig('contact_email', $row['email']); |
|
342 } |
|
343 |
|
344 function u_1_0_RC1_update_page_text() |
|
345 { |
|
346 global $db; |
|
347 $q = $db->sql_unbuffered_query('SELECT page_id,namespace,page_text,char_tag FROM '.table_prefix.'page_text'); |
|
348 if (!$q) |
|
349 $db->_die(); |
|
350 |
|
351 $qs = array(); |
|
352 |
|
353 while ( $row = $db->fetchrow($q) ) |
|
354 { |
|
355 $row['page_text'] = str_replace(Array( |
|
356 "{QUOT:{$row['char_tag']}}", |
|
357 "{APOS:{$row['char_tag']}}", |
|
358 "{SLASH:{$row['char_tag']}}" |
|
359 ), Array( |
|
360 '"', "'", '\\' |
|
361 ), $row['page_text']); |
|
362 $qs[] = 'UPDATE '.table_prefix.'page_text SET page_text=\'' . mysql_real_escape_string($row['page_text']) . '\' |
|
363 WHERE page_id=\'' . mysql_real_escape_string($row['page_id']) . '\' AND |
|
364 namespace=\'' . mysql_real_escape_string($row['namespace']) . '\';'; |
|
365 } |
|
366 |
|
367 foreach($qs as $query) |
|
368 { |
|
369 if(!$db->sql_query($query)) |
|
370 $db->_die(); |
|
371 } |
|
372 } |
|
373 |
|
374 function u_1_0_1_update_del_votes() |
|
375 { |
|
376 global $db; |
|
377 $q = $db->sql_query('SELECT urlname, namespace, delvote_ips FROM '.table_prefix.'pages;'); |
|
378 if ( !$q ) |
|
379 $db->_die(); |
|
380 |
|
381 while ( $row = $db->fetchrow($q) ) |
|
382 { |
|
383 $ips = strval($row['delvote_ips']); |
|
384 if ( is_array( @unserialize($ips) ) ) |
|
385 continue; |
|
386 $ips = explode('|', $ips); |
|
387 $new = array( |
|
388 'ip' => array(), |
|
389 'u' => array() |
|
390 ); |
|
391 $i = 0; |
|
392 $prev = ''; |
|
393 $prev_is_ip = false; |
|
394 foreach ( $ips as $ip ) |
|
395 { |
|
396 $i++; |
|
397 $current_is_ip = is_valid_ip($ip); |
|
398 if ( $current_is_ip && $prev_is_ip ) |
|
399 { |
|
400 $i++; |
|
401 $new['u'][] = $prev; |
|
402 } |
|
403 if ( $current_is_ip ) |
|
404 { |
|
405 $new['ip'][] = $ip; |
|
406 } |
|
407 else |
|
408 { |
|
409 $new['u'][] = $ip; |
|
410 } |
|
411 $prev = $ip; |
|
412 $prev_is_ip = $current_is_ip; |
|
413 } |
|
414 if ( $i % 2 == 1 && $prev_is_ip ) |
|
415 { |
|
416 $new['u'][] = $ip; |
|
417 } |
|
418 $new = serialize($new); |
|
419 $e = $db->sql_query('UPDATE '.table_prefix.'pages SET delvote_ips=\'' . $db->escape($new) . '\' WHERE urlname=\'' . $db->escape($row['urlname']) . '\' AND namespace=\'' . $db->escape($row['namespace']) . '\';'); |
|
420 if ( !$e ) |
|
421 $db->_die(); |
|
422 } |
|
423 $db->free_result($q); |
|
424 } |
|
425 |
|
426 function u_1_0_RC3_make_users_extra() |
|
427 { |
|
428 global $db; |
|
429 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_id > 0;'); |
|
430 if ( !$q ) |
|
431 $db->_die(); |
|
432 |
|
433 $ids = array(); |
|
434 while ( $row = $db->fetchrow() ) |
|
435 { |
|
436 $ids[] = intval($row['user_id']); |
|
437 } |
|
438 |
|
439 $ids = '(' . implode('),(', $ids) . ')'; |
|
440 if ( $ids == '' ) |
|
441 return false; |
|
442 $sql = "INSERT INTO " . table_prefix . "users_extra(user_id) VALUES$ids;"; |
|
443 |
|
444 if ( !$db->sql_query($sql) ) |
|
445 $db->_die(); |
|
446 } |
|
447 |
|
448 function u_1_0_2_nuke_template_cache() |
|
449 { |
|
450 $dir = @opendir(ENANO_ROOT . '/cache'); |
|
451 if ( !$dir ) |
|
452 { |
|
453 return false; |
|
454 } |
|
455 while ( ($fname = @readdir($dir)) ) |
|
456 { |
|
457 if ( preg_match('/\.tpl\.php$/', $fname) ) |
|
458 { |
|
459 unlink( ENANO_ROOT . '/cache/' . $fname ); |
|
460 } |
|
461 } |
|
462 } |
|
463 |
|
464 function u_1_0_2_rebuild_search_index() |
|
465 { |
|
466 global $paths; |
|
467 @set_time_limit(0); |
|
468 $paths->rebuild_search_index(); |
|
469 } |
|
470 |
|
471 switch($_GET['mode']) |
|
472 { |
|
473 case "login": |
|
474 if ( $session->user_logged_in && $session->user_level < $ul_admin ) |
|
475 { |
|
476 $template->header(); |
|
477 echo '<p>Your user account does not have permission to perform an upgrade of Enano. Return to the <a href="index.php">index page</a>.</p>'; |
|
478 $template->footer(); |
|
479 exit; |
|
480 } |
|
481 if($session->user_logged_in && $session->user_level >= $ul_admin) |
|
482 { |
|
483 if(isset($_POST['login'])) |
|
484 { |
|
485 $result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_admin); |
|
486 if($session->sid_super) |
|
487 { |
|
488 header('Location: upgrade.php?mode=welcome&auth='.$session->sid_super); |
|
489 exit; |
|
490 } |
|
491 } |
|
492 $template->header(); |
|
493 ?> |
|
494 <form action="upgrade.php?mode=login" method="post"> |
|
495 <table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4"> |
|
496 <tr> |
|
497 <th colspan="2">You must re-authenticate to perform this upgrade.</th> |
|
498 </tr> |
|
499 <?php |
|
500 if(isset($_POST['login'])) |
|
501 { |
|
502 echo '<tr><td colspan="2"><p style="color: red;">Login failed: '. $result['error'] . '</p></td></tr>'; |
|
503 } |
|
504 ?> |
|
505 <tr> |
|
506 <td>Username:</td><td><input type="text" name="username" size="30" /></td> |
|
507 </tr> |
|
508 <tr> |
|
509 <td>Password:</td><td><input type="password" name="password" size="30" /></td> |
|
510 </tr> |
|
511 <tr> |
|
512 <td colspan="2" style="text-align: center;"><input type="submit" name="login" value="Log in" /> |
|
513 </tr> |
|
514 </table> |
|
515 </form> |
|
516 <?php |
|
517 } |
|
518 else |
|
519 { |
|
520 if(isset($_POST['login'])) |
|
521 { |
|
522 $result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_member); |
|
523 if($result == 'success') |
|
524 { |
|
525 header('Location: upgrade.php'); |
|
526 exit; |
|
527 } |
|
528 } |
|
529 $template->header(); |
|
530 ?> |
|
531 <form action="upgrade.php?mode=login" method="post"> |
|
532 <table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4"> |
|
533 <tr> |
|
534 <th colspan="2">Please log in to continue with this upgrade.</th> |
|
535 </tr> |
|
536 <?php |
|
537 if(isset($_POST['login'])) |
|
538 { |
|
539 echo '<tr><td colspan="2"><p style="color: red;">Login failed. Bad password?</p></td></tr>'; |
|
540 } |
|
541 ?> |
|
542 <tr> |
|
543 <td>Username:</td><td><input type="text" name="username" size="30" /></td> |
|
544 </tr> |
|
545 <tr> |
|
546 <td>Password:</td><td><input type="password" name="password" size="30" /></td> |
|
547 </tr> |
|
548 <tr> |
|
549 <td colspan="2" style="text-align: center;"><input type="submit" name="login" value="Log in" /> |
|
550 </tr> |
|
551 </table> |
|
552 </form> |
|
553 <?php |
|
554 } |
|
555 break; |
|
556 case "welcome": |
|
557 if(!$session->sid_super) { $template->header(); echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; } |
|
558 |
|
559 // Just show a simple welcome page to display version information |
|
560 $template->header(); |
|
561 require('config.php'); |
|
562 |
|
563 ?> |
|
564 |
|
565 <div style="text-align: center; margin-top: 10px;"> |
|
566 <img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-blue.png" style="display: block; margin: 0 auto; padding-left: 134px;" /> |
|
567 <h2>Welcome to the Enano upgrade wizard</h2> |
|
568 <?php |
|
569 if ( file_exists('./_nightly.php') ) |
|
570 { |
|
571 echo '<div class="warning-box" style="text-align: left; margin: 10px auto; display: table; width: 60%;"><b>You are about to upgrade to a NIGHTLY BUILD of Enano.</b><br />Nightly builds CANNOT be re-upgraded to the final release. They may also contain serious flaws, security problems, or extraneous debugging information. Continuing this process on a production site is NOT recommended.</div>'; |
|
572 } |
|
573 ?> |
|
574 </div> |
|
575 <div style="display: table; margin: 0 auto;"> |
|
576 <p>You are about to upgrade Enano to version <b><?php echo $this_version; ?></b>. Before you continue, please ensure that:</p> |
|
577 <ul> |
|
578 <li>You have completely backed up your database (<b><?php echo "$dbhost:$dbname"; ?></b>)</li> |
|
579 <li>You have backed up the entire Enano directory (<b><?php echo ENANO_ROOT; ?></b>)</li> |
|
580 <li>You have reviewed the release notes for this version, and you<br />are comfortable with any known bugs or issues</li> |
|
581 <li>If you've configured Enano to work using a MySQL user with restricted<br />privileges, you need to enable ALTER, CREATE TABLE, and CREATE INDEX privileges<br />for this upgrade to work.</li> |
|
582 </ul> |
|
583 </div> |
|
584 <div style="text-align: center; margin-top: 10px;"> |
|
585 <form action="upgrade.php?mode=setversion&auth=<?php echo $session->sid_super; ?>" method="post"> |
|
586 <input type="submit" value="Continue with upgrade" /> |
|
587 </form> |
|
588 </div> |
|
589 |
|
590 <?php |
|
591 |
|
592 break; |
|
593 case "setversion": |
|
594 if(!$session->sid_super) { $template->header(); echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; } |
|
595 $v = ( function_exists('enano_version') ) ? enano_version() : ''; |
|
596 if(!in_array($v, $valid_versions) && $v != '') |
|
597 { |
|
598 $template->header(); |
|
599 ?> |
|
600 <p>Your version of Enano (<?php echo $v; ?>) can't be upgraded to this version (<?php echo $this_version; ?>).</p> |
|
601 <?php |
|
602 break; |
|
603 } |
|
604 else if($v == '') |
|
605 { |
|
606 // OK, we don't know which version he's running. So we'll cheat ;-) |
|
607 $template->header(); |
|
608 echo "<form action='upgrade.php?mode=confirm&auth={$session->sid_super}' method='post'>"; |
|
609 ?> |
|
610 <p>Sorry, we couldn't detect which version of Enano you're running on your server. Please select which version of Enano you have below, and make absolutely sure that you're correct.</p> |
|
611 <p><select name="version"><?php |
|
612 foreach($valid_versions as $c) |
|
613 { |
|
614 echo "<option value='{$c}'>{$c}</option>"; |
|
615 } |
|
616 ?></select></p> |
|
617 <p> |
|
618 <input type="submit" value="Continue" /> |
|
619 </p> |
|
620 <?php |
|
621 echo `</form>`; |
|
622 break; |
|
623 } |
|
624 else |
|
625 { |
|
626 header('Location: upgrade.php?mode=confirm&auth='.$session->sid_super); |
|
627 } |
|
628 break; |
|
629 case "confirm": |
|
630 $enano_version = ( isset($_POST['version']) ) ? $_POST['version'] : enano_version(); |
|
631 |
|
632 $template->header(); |
|
633 if(!$session->sid_super) { echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; } |
|
634 ?> |
|
635 <form action="upgrade.php?mode=upgrade&auth=<?php echo $session->sid_super; ?>" method="post"> |
|
636 <table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4"> |
|
637 <tr> |
|
638 <td colspan="2"><p><b>Are you sure you want to perform this upgrade?</b></p><p>You can still cancel the upgrade process now. If<br />the upgrade fails, you will need to roll back<br />any actions made using manual SQL queries.</p><p><b>Please clear your browser cache or<br />shift-reload after the upgrade.</b><br />If you fail to do so, some page elements may<br />be broken.</td> |
|
639 </tr> |
|
640 <tr> |
|
641 <td colspan="2" style="text-align: center;"> |
|
642 <input type="hidden" name="enano_version" value="<?php echo $enano_version; ?>" /> |
|
643 <input type="submit" name="doit" value="Upgrade Enano!" /> |
|
644 </td> |
|
645 </tr> |
|
646 </table> |
|
647 </form> |
|
648 <?php |
|
649 break; |
|
650 case "upgrade": |
|
651 $template->header(); |
|
652 if(!$session->sid_super) { echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; } |
|
653 if(!isset($_POST['enano_version'])) { echo '<p>Can\'t find the version information on the POST query, are you trying to do this upgrade directly? Please <a href="upgrade.php">restart the upgrade</a>.</p>'; break; } |
|
654 $enano_version = $_POST['enano_version']; |
|
655 echo '<p>Preparing for schema execution...'; |
|
656 // Build an array of queries |
|
657 $schema = file_get_contents('upgrade.sql'); |
|
658 |
|
659 // Strip out and process version blocks |
|
660 preg_match_all('#---BEGIN ([0-9A-z\.\-]*?)---'."\n".'((.*?)'."\n)?".'---END \\1---#is', $schema, $matches); |
|
661 |
|
662 $from_list =& $matches[1]; |
|
663 $query_list =& $matches[3]; |
|
664 |
|
665 foreach($matches[0] as $m) |
|
666 { |
|
667 $schema = str_replace($m, '', $schema); |
|
668 } |
|
669 $schema = explode("\n", $schema); |
|
670 foreach($schema as $k => $q) |
|
671 { |
|
672 if(substr($q, 0, 2) == '--' || $q == '') |
|
673 { |
|
674 unset($schema[$k]); |
|
675 //die('<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>'); |
|
676 } |
|
677 else |
|
678 { |
|
679 $schema[$k] = upg_assign_vars($schema[$k]); |
|
680 } |
|
681 } |
|
682 |
|
683 foreach($query_list as $k => $q) |
|
684 { |
|
685 $query_list[$k] = explode("\n", $query_list[$k]); |
|
686 foreach($query_list[$k] as $i => $s) |
|
687 { |
|
688 $tq =& $query_list[$k][$i]; |
|
689 if(substr($s, 0, 2) == '--' || $s == '') |
|
690 { |
|
691 unset($query_list[$k][$i]); |
|
692 //die('<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>'); |
|
693 } |
|
694 else |
|
695 { |
|
696 $query_list[$k][$i] = upg_assign_vars($query_list[$k][$i]); |
|
697 } |
|
698 } |
|
699 $query_list[$k] = array_values($query_list[$k]); |
|
700 } |
|
701 |
|
702 $assoc_list = Array(); |
|
703 |
|
704 foreach($from_list as $i => $v) |
|
705 { |
|
706 $assoc_list[$v] = $query_list[$i]; |
|
707 } |
|
708 |
|
709 $schema = array_values($schema); |
|
710 |
|
711 $deps_resolved = false; |
|
712 $installing_versions = Array($enano_version); |
|
713 |
|
714 while(true) |
|
715 { |
|
716 $v = array_keys($deps_list); |
|
717 foreach($v as $i => $ver) |
|
718 { |
|
719 if(in_array($ver, $installing_versions)) |
|
720 { |
|
721 // $ver is on the list of versions to be installed. Add its dependencies to the list of versions to install. |
|
722 foreach($deps_list[$ver] as $dep) |
|
723 { |
|
724 if(!in_array($dep, $installing_versions)) |
|
725 { |
|
726 $installing_versions[] = $dep; |
|
727 } |
|
728 } |
|
729 } |
|
730 if($i == count($deps_list) - 1) |
|
731 { |
|
732 break 2; |
|
733 } |
|
734 } |
|
735 } |
|
736 |
|
737 foreach($installing_versions as $this_ver) |
|
738 { |
|
739 $schema = array_merge($schema, $assoc_list[$this_ver]); |
|
740 } |
|
741 |
|
742 // Time for some proper SQL syntax! |
|
743 // Also check queries for so-called injection attempts to make |
|
744 // sure that it doesn't fail during the upgrade process and |
|
745 // leave the user with a half-upgraded database |
|
746 foreach($schema as $s => $q) |
|
747 { |
|
748 if(substr($q, strlen($q)-1, 1) != ';') |
|
749 { |
|
750 $schema[$s] .= ';'; |
|
751 } |
|
752 if ( !$db->check_query($schema[$s]) ) |
|
753 { |
|
754 // Uh-oh, the check failed, bail out |
|
755 // The DBAL runs sanity checks on all queries for safety, |
|
756 // so if the check fails in mid-upgrade we are in deep |
|
757 // dodo doo-doo. |
|
758 echo 'Query failed sanity check, this should never happen and is a bug.</p><p>Query was:</p><pre>'.$schema[$s].'</pre>'; |
|
759 break 2; |
|
760 } |
|
761 } |
|
762 |
|
763 $schema = array_values($schema); |
|
764 |
|
765 // Used extensively for debugging |
|
766 // echo '<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>'; |
|
767 // break; |
|
768 |
|
769 echo 'done!<br />Executing upgrade schema...'; |
|
770 |
|
771 // OK, do the loop, baby!!! |
|
772 foreach($schema as $q) |
|
773 { |
|
774 if ( substr($q, 0, 1) == '@' ) |
|
775 { |
|
776 // if the first character is @, don't fail on error |
|
777 $db->sql_query(substr($q, 1)); |
|
778 } |
|
779 else |
|
780 { |
|
781 if ( !$db->sql_query($q) ) |
|
782 { |
|
783 echo $db->get_error(); |
|
784 break 2; |
|
785 } |
|
786 } |
|
787 } |
|
788 |
|
789 // Call any custom functions |
|
790 foreach ( $installing_versions as $ver ) |
|
791 { |
|
792 if ( isset($func_list[$ver]) ) |
|
793 { |
|
794 foreach($func_list[$ver] as $function) |
|
795 { |
|
796 @call_user_func($function); |
|
797 } |
|
798 } |
|
799 } |
|
800 |
|
801 // Log the upgrade |
|
802 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'upgrade_enano\', ' . time() . ', \'' . enano_date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($session->username) . '\', \'' . mysql_real_escape_string($this_version) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');'); |
|
803 |
|
804 echo 'done!</p>'; |
|
805 echo '<p>You will be redirected shortly. If you aren\'t redirected, <a href="index.php">click here</a>.</p> |
|
806 <script type="text/javascript">setTimeout("window.location=\'index.php\'", 2000)</script>'; |
|
807 break; |
|
808 } |
|
809 $template->footer(); |
|
810 |
|
811 ?> |
|