upgrade.php
changeset 348 87e08a6e4fec
parent 347 299a90e28abc
child 349 fdaf9070566c
equal deleted inserted replaced
347:299a90e28abc 348:87e08a6e4fec
     1 <?php
       
     2 
       
     3 /*
       
     4  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
       
     5  * Version 1.0.3 (Dyrad)
       
     6  * upgrade.php - upgrade script
       
     7  * Copyright (C) 2006-2007 Dan Fuhry
       
     8  *
       
     9  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
       
    10  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
       
    11  *
       
    12  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
       
    13  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
       
    14  */
       
    15 
       
    16 define('IN_ENANO_INSTALL', 'true');
       
    17 define('IN_ENANO_UPGRADE', 'true');
       
    18 
       
    19 if(!defined('scriptPath')) {
       
    20   $sp = dirname($_SERVER['REQUEST_URI']);
       
    21   if($sp == '/' || $sp == '\\') $sp = '';
       
    22   define('scriptPath', $sp);
       
    23 }
       
    24 
       
    25 if(!defined('contentPath')) {
       
    26   $sp = dirname($_SERVER['REQUEST_URI']);
       
    27   if($sp == '/' || $sp == '\\') $sp = '';
       
    28   define('contentPath', $sp);
       
    29 }
       
    30 
       
    31 global $this_page, $sideinfo;
       
    32 
       
    33 function microtime_float()
       
    34 {
       
    35   list($usec, $sec) = explode(" ", microtime());
       
    36   return ((float)$usec + (float)$sec);
       
    37 }
       
    38 
       
    39 global $_starttime;
       
    40 $_starttime = microtime_float();
       
    41 
       
    42 // Determine directory (special case for development servers)
       
    43 if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
       
    44 {
       
    45   $filename = str_replace('/repo/', '/', __FILE__);
       
    46 }
       
    47 else
       
    48 {
       
    49   $filename = __FILE__;
       
    50 }
       
    51 
       
    52 define('ENANO_ROOT', dirname($filename));
       
    53 
       
    54 require(ENANO_ROOT.'/includes/constants.php');
       
    55 
       
    56 if(defined('ENANO_DEBUG'))
       
    57 {
       
    58   require_once(ENANO_ROOT.'/includes/debugger/debugConsole.php');
       
    59 }
       
    60 else
       
    61 {
       
    62   function dc_here($m)     { return false; }
       
    63   function dc_dump($a, $g) { return false; }
       
    64   function dc_watch($n)    { return false; }
       
    65   function dc_start_timer($u) { return false; }
       
    66   function dc_stop_timer($m) { return false; }
       
    67 }
       
    68 
       
    69 // SCRIPT CONFIGURATION
       
    70 // Everything related to versions goes here!
       
    71 
       
    72 // Valid versions to upgrade from
       
    73 $valid_versions = Array('1.0b1', '1.0b2', '1.0b3', '1.0b4', '1.0RC1', '1.0RC2', '1.0RC3', '1.0', '1.0.1', '1.0.1.1', '1.0.2b1', '1.0.2', '1.0.3', 'Stable1.0ToUnstable1.1');
       
    74 
       
    75 // Basically a list of dependencies, which should be resolved automatically
       
    76 // If, for example, upgrading from 1.0b1 to 1.0RC1 requires one extra query that would not
       
    77 // normally be required (for whatever reason) then you would add a custom version number to the array under key '1.0b1'.
       
    78 $deps_list = Array(
       
    79     '1.0b1' => Array('1.0b2'),
       
    80     '1.0b2' => Array('1.0b3'),
       
    81     '1.0b3' => Array('1.0b4'),
       
    82     '1.0b4' => Array('1.0RC1'),
       
    83     '1.0RC1' => Array('1.0RC2'),
       
    84     '1.0RC2' => Array('1.0RC3'),
       
    85     '1.0RC3' => Array('1.0'),
       
    86     '1.0' => Array('1.0.1'),
       
    87     '1.0.1' => Array('1.0.1.1'),
       
    88     '1.0.1.1' => Array('1.0.2b1'),
       
    89     '1.0.2b1' => Array('1.0.2'),
       
    90     '1.0.2' => Array('Stable1.0ToUnstable1.1'),
       
    91     'Stable1.0ToUnstable1.1' => Array('1.1.1')
       
    92   );
       
    93 $this_version   = '1.1.1';
       
    94 $func_list = Array(
       
    95     '1.0' => Array('u_1_0_1_update_del_votes'),
       
    96     '1.0b4' => Array('u_1_0_RC1_update_user_ids', 'u_1_0_RC1_add_admins_to_group', 'u_1_0_RC1_alter_files_table', 'u_1_0_RC1_destroy_session_cookie', 'u_1_0_RC1_set_contact_email', 'u_1_0_RC1_update_page_text'), // ,
       
    97     // '1.0RC2' => Array('u_1_0_populate_userpage_comments')
       
    98     '1.0RC3' => Array('u_1_0_RC3_make_users_extra'),
       
    99     '1.0.2b1' => Array('u_1_0_2_nuke_template_cache', 'u_1_0_2_rebuild_search_index')
       
   100   );
       
   101 
       
   102 if(!isset($_GET['mode'])) 
       
   103 {
       
   104   $_GET['mode'] = 'login';
       
   105 }
       
   106 
       
   107 function err($t)
       
   108 {
       
   109   global $template;
       
   110   echo $t;
       
   111   $template->footer(); 
       
   112   exit;
       
   113 }
       
   114 
       
   115 require(ENANO_ROOT.'/includes/template.php');
       
   116 
       
   117 // Initialize the session manager
       
   118 require(ENANO_ROOT.'/includes/functions.php');
       
   119 require(ENANO_ROOT.'/includes/dbal.php');
       
   120 require(ENANO_ROOT.'/includes/paths.php');
       
   121 require(ENANO_ROOT.'/includes/sessions.php');
       
   122 require(ENANO_ROOT.'/includes/plugins.php');
       
   123 require(ENANO_ROOT.'/includes/rijndael.php');
       
   124 require(ENANO_ROOT.'/includes/render.php');
       
   125 require(ENANO_ROOT.'/includes/search.php');
       
   126 $db = new mysql();
       
   127 $db->connect();
       
   128 
       
   129 $plugins = new pluginLoader();
       
   130 
       
   131 if(!defined('ENANO_CONFIG_FETCHED'))
       
   132 {
       
   133   // Select and fetch the site configuration
       
   134   $e = $db->sql_query('SELECT config_name, config_value FROM '.table_prefix.'config;');
       
   135   if ( !$e )
       
   136   {
       
   137     $db->_die('Some critical configuration information could not be selected.');
       
   138   }
       
   139   else
       
   140   {
       
   141     define('ENANO_CONFIG_FETCHED', ''); // Used in die_semicritical to figure out whether to call getConfig() or not
       
   142   }
       
   143   
       
   144   $enano_config = Array();
       
   145   while($r = $db->fetchrow())
       
   146   {
       
   147     $enano_config[$r['config_name']] = $r['config_value'];
       
   148   }
       
   149   $db->free_result();
       
   150 }
       
   151 
       
   152 $v = enano_version();
       
   153 if(in_array($v, Array(false, '', '1.0b3', '1.0b4')))
       
   154 {
       
   155   $ul_admin  = 2;
       
   156   $ul_mod    = 1;
       
   157   $ul_member = 0;
       
   158   $ul_guest  = -1;
       
   159 }
       
   160 else
       
   161 {
       
   162   $ul_admin  = USER_LEVEL_ADMIN;
       
   163   $ul_mod    = USER_LEVEL_MOD;
       
   164   $ul_member = USER_LEVEL_MEMBER;
       
   165   $ul_guest  = USER_LEVEL_GUEST;
       
   166 }
       
   167 
       
   168 $_GET['title'] = 'unset';
       
   169 
       
   170 $session = new sessionManager();
       
   171 $paths = new pathManager();
       
   172 $session->start();
       
   173 
       
   174 $template = new template_nodb();
       
   175 $template->load_theme('oxygen', 'bleu', false);
       
   176 
       
   177 $modestrings = Array(
       
   178               'login'      => 'Administrative login',
       
   179               'welcome'    => 'Welcome',
       
   180               'setversion' => 'Select Enano version',
       
   181               'confirm'    => 'Confirm upgrade',
       
   182               'upgrade'    => 'Database installation',
       
   183               'finish'     => 'Upgrade complete'
       
   184             );
       
   185 
       
   186 $sideinfo = '';
       
   187 $vars = $template->extract_vars('elements.tpl');
       
   188 $p = $template->makeParserText($vars['sidebar_button']);
       
   189 foreach ( $modestrings as $id => $str )
       
   190 {
       
   191   if ( $_GET['mode'] == $id )
       
   192   {
       
   193     $flags = 'style="font-weight: bold; text-decoration: underline;"';
       
   194     $this_page = $str;
       
   195   }
       
   196   else
       
   197   {
       
   198     $flags = '';
       
   199   }
       
   200   $p->assign_vars(Array(
       
   201       'HREF' => '#',
       
   202       'FLAGS' => $flags . ' onclick="return false;"',
       
   203       'TEXT' => $str
       
   204     ));
       
   205   $sideinfo .= $p->run();
       
   206 }
       
   207 
       
   208 $template->init_vars();
       
   209 
       
   210 function upg_assign_vars($schema)
       
   211 {
       
   212   $schema = str_replace('{{SITE_NAME}}',   mysql_real_escape_string(getConfig('site_name')), $schema);
       
   213   $schema = str_replace('{{SITE_DESC}}',   mysql_real_escape_string(getConfig('site_desc')), $schema);
       
   214   $schema = str_replace('{{COPYRIGHT}}',   mysql_real_escape_string(getConfig('copyright_notice')), $schema);
       
   215   $schema = str_replace('{{TABLE_PREFIX}}', table_prefix, $schema);
       
   216   if(getConfig('wiki_mode')=='1') $schema = str_replace('{{WIKI_MODE}}', '1', $schema);
       
   217   else $schema = str_replace('{{WIKI_MODE}}', '0', $schema);
       
   218   return $schema;
       
   219 }
       
   220 
       
   221 /* Version-specific functions */
       
   222 
       
   223 function u_1_0_RC1_update_user_ids()
       
   224 {
       
   225   global $db;
       
   226   // First, make sure this hasn't already been done
       
   227   $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE user_id=1;');
       
   228   if ( !$q )
       
   229     $db->_die();
       
   230   $row = $db->fetchrow();
       
   231   if ( $row['username'] == 'Anonymous' )
       
   232     return true;
       
   233   // Find the first unused user ID
       
   234   $used = Array();
       
   235   $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users;');
       
   236   if ( !$q )
       
   237     $db->_die();
       
   238   $notfirst = false;
       
   239   while ( $row = $db->fetchrow() )
       
   240   {
       
   241     $i = intval($row['user_id']);
       
   242     $used[$i] = true;
       
   243     if ( !isset($used[$i - 1]) && $notfirst )
       
   244     {
       
   245       $id = $i - 1;
       
   246       break;
       
   247     }
       
   248     $notfirst = true;
       
   249   }
       
   250   if ( !isset($id) )
       
   251     $id = $i + 1;
       
   252   if ( $id == 0 )
       
   253     $id = 2;
       
   254   $db->free_result();
       
   255   
       
   256   $q = $db->sql_query('UPDATE '.table_prefix.'users SET user_id=' . $id . ' WHERE user_id=1;');
       
   257   if(!$q)
       
   258     $db->_die();
       
   259   $q = $db->sql_query('UPDATE '.table_prefix.'users SET user_id=1 WHERE user_id=-1 AND username=\'Anonymous\';');
       
   260   if(!$q)
       
   261     $db->_die();
       
   262   
       
   263 }
       
   264 
       
   265 function u_1_0_RC1_add_admins_to_group()
       
   266 {
       
   267   global $db;
       
   268   $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_level=' . USER_LEVEL_ADMIN . ';');
       
   269   if ( !$q )
       
   270     $db->_die();
       
   271   $base = 'INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES';
       
   272   $blocks = Array();
       
   273   while ( $row = $db->fetchrow($q) )
       
   274   {
       
   275     $blocks[] = '(2,' . $row['user_id'] . ')';
       
   276   }
       
   277   $blocks = implode(',', $blocks);
       
   278   $sql = $base . $blocks . ';';
       
   279   if(!$db->sql_query($sql))
       
   280     $db->_die();
       
   281 }
       
   282 
       
   283 function u_1_0_RC1_alter_files_table()
       
   284 {
       
   285   global $db;
       
   286   if(!is_dir(ENANO_ROOT.'/files'))
       
   287     @mkdir(ENANO_ROOT . '/files');
       
   288   if(!is_dir(ENANO_ROOT.'/files'))
       
   289     die('ERROR: Couldn\'t create files directory');
       
   290   $q = $db->sql_unbuffered_query('SELECT * FROM '.table_prefix.'files;', $db->_conn);
       
   291   if(!$q) $db->_die();
       
   292   while ( $row = $db->fetchrow() )
       
   293   {
       
   294     $file_data = base64_decode($row['data']);
       
   295     $path = ENANO_ROOT . '/files/' . md5( $row['filename'] . '_' . $file_data ) . '_' . $row['time_id'] . $row['file_extension'];
       
   296     @unlink($path);
       
   297     $handle = @fopen($path, 'w');
       
   298     if(!$handle)
       
   299       die('fopen failed');
       
   300     fwrite($handle, $file_data);
       
   301     fclose($handle);
       
   302     
       
   303   }
       
   304   
       
   305   $q = $db->sql_query('ALTER TABLE '.table_prefix.'files DROP PRIMARY KEY, ADD COLUMN file_id int(12) NOT NULL auto_increment FIRST, ADD PRIMARY KEY (file_id), ADD COLUMN file_key varchar(32) NOT NULL;');
       
   306   if(!$q) $db->_die();
       
   307   
       
   308   $list = Array();
       
   309   $q = $db->sql_unbuffered_query('SELECT * FROM '.table_prefix.'files;', $db->_conn);
       
   310   if(!$q) $db->_die();
       
   311   while ( $row = $db->fetchrow($q) )
       
   312   {
       
   313     $file_data = base64_decode($row['data']);
       
   314     $key = md5( $row['filename'] . '_' . $file_data );
       
   315     $list[] = 'UPDATE '.table_prefix.'files SET file_key=\'' . $key . '\' WHERE file_id=' . $row['file_id'] . ';';
       
   316   }
       
   317   
       
   318   foreach ( $list as $sql )
       
   319   {
       
   320     if(!$db->sql_query($sql)) $db->_die();
       
   321   }
       
   322   
       
   323   if(!$db->sql_query('ALTER TABLE '.table_prefix.'files DROP data')) $db->_die();
       
   324   
       
   325 }
       
   326 
       
   327 function u_1_0_RC1_destroy_session_cookie()
       
   328 {
       
   329   unset($_COOKIE['sid']);
       
   330   setcookie('sid', '', time()-3600*24, scriptPath);
       
   331   setcookie('sid', '', time()-3600*24, scriptPath.'/');
       
   332 }
       
   333 
       
   334 function u_1_0_RC1_set_contact_email()
       
   335 {
       
   336   global $db;
       
   337   $q = $db->sql_query('SELECT email FROM '.table_prefix.'users WHERE user_level='.USER_LEVEL_ADMIN.' ORDER BY user_level ASC LIMIT 1;');
       
   338   if(!$q)
       
   339     $db->_die();
       
   340   $row = $db->fetchrow();
       
   341   setConfig('contact_email', $row['email']);
       
   342 }
       
   343 
       
   344 function u_1_0_RC1_update_page_text()
       
   345 {
       
   346   global $db;
       
   347   $q = $db->sql_unbuffered_query('SELECT page_id,namespace,page_text,char_tag FROM '.table_prefix.'page_text');
       
   348   if (!$q)
       
   349     $db->_die();
       
   350   
       
   351   $qs = array();
       
   352   
       
   353   while ( $row = $db->fetchrow($q) )
       
   354   {
       
   355     $row['page_text'] = str_replace(Array(
       
   356       "{QUOT:{$row['char_tag']}}",
       
   357       "{APOS:{$row['char_tag']}}",
       
   358       "{SLASH:{$row['char_tag']}}"
       
   359       ), Array(
       
   360       '"', "'", '\\'
       
   361       ), $row['page_text']);
       
   362     $qs[] = 'UPDATE '.table_prefix.'page_text SET page_text=\'' . mysql_real_escape_string($row['page_text']) . '\'
       
   363       WHERE page_id=\'' . mysql_real_escape_string($row['page_id']) . '\' AND
       
   364             namespace=\'' . mysql_real_escape_string($row['namespace']) . '\';';
       
   365   }
       
   366   
       
   367   foreach($qs as $query)
       
   368   {
       
   369     if(!$db->sql_query($query))
       
   370       $db->_die();
       
   371   }
       
   372 }
       
   373 
       
   374 function u_1_0_1_update_del_votes()
       
   375 {
       
   376   global $db;
       
   377   $q = $db->sql_query('SELECT urlname, namespace, delvote_ips FROM '.table_prefix.'pages;');
       
   378   if ( !$q )
       
   379     $db->_die();
       
   380   
       
   381   while ( $row = $db->fetchrow($q) )
       
   382   {
       
   383     $ips = strval($row['delvote_ips']);
       
   384     if ( is_array( @unserialize($ips) ) )
       
   385       continue;
       
   386     $ips = explode('|', $ips);
       
   387     $new = array(
       
   388       'ip' => array(),
       
   389       'u' => array()
       
   390       );
       
   391     $i = 0;
       
   392     $prev = '';
       
   393     $prev_is_ip = false;
       
   394     foreach ( $ips as $ip )
       
   395     {
       
   396       $i++;
       
   397       $current_is_ip = is_valid_ip($ip);
       
   398       if ( $current_is_ip && $prev_is_ip )
       
   399       {
       
   400         $i++;
       
   401         $new['u'][] = $prev;
       
   402       }
       
   403       if ( $current_is_ip )
       
   404       {
       
   405         $new['ip'][] = $ip;
       
   406       }
       
   407       else
       
   408       {
       
   409         $new['u'][] = $ip;
       
   410       }
       
   411       $prev = $ip;
       
   412       $prev_is_ip = $current_is_ip;
       
   413     }
       
   414     if ( $i % 2 == 1 && $prev_is_ip )
       
   415     {
       
   416       $new['u'][] = $ip;
       
   417     }
       
   418     $new = serialize($new);
       
   419     $e = $db->sql_query('UPDATE '.table_prefix.'pages SET delvote_ips=\'' . $db->escape($new) . '\' WHERE urlname=\'' . $db->escape($row['urlname']) . '\' AND namespace=\'' . $db->escape($row['namespace']) . '\';');
       
   420     if ( !$e )
       
   421       $db->_die();
       
   422   }
       
   423   $db->free_result($q);
       
   424 }
       
   425 
       
   426 function u_1_0_RC3_make_users_extra()
       
   427 {
       
   428   global $db;
       
   429   $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_id > 0;');
       
   430   if ( !$q )
       
   431     $db->_die();
       
   432   
       
   433   $ids = array();
       
   434   while ( $row = $db->fetchrow() )
       
   435   {
       
   436     $ids[] = intval($row['user_id']);
       
   437   }
       
   438   
       
   439   $ids = '(' . implode('),(', $ids) . ')';
       
   440   if ( $ids == '' )
       
   441     return false;
       
   442   $sql = "INSERT INTO " . table_prefix . "users_extra(user_id) VALUES$ids;";
       
   443   
       
   444   if ( !$db->sql_query($sql) )
       
   445     $db->_die();
       
   446 }
       
   447 
       
   448 function u_1_0_2_nuke_template_cache()
       
   449 {
       
   450   $dir = @opendir(ENANO_ROOT . '/cache');
       
   451   if ( !$dir )
       
   452   {
       
   453     return false;
       
   454   }
       
   455   while ( ($fname = @readdir($dir)) )
       
   456   {
       
   457     if ( preg_match('/\.tpl\.php$/', $fname) )
       
   458     {
       
   459       unlink( ENANO_ROOT . '/cache/' . $fname );
       
   460     }
       
   461   }
       
   462 }
       
   463 
       
   464 function u_1_0_2_rebuild_search_index()
       
   465 {
       
   466   global $paths;
       
   467   @set_time_limit(0);
       
   468   $paths->rebuild_search_index();
       
   469 }
       
   470 
       
   471 switch($_GET['mode'])
       
   472 {
       
   473   case "login":
       
   474     if ( $session->user_logged_in && $session->user_level < $ul_admin )
       
   475     {
       
   476       $template->header();
       
   477       echo '<p>Your user account does not have permission to perform an upgrade of Enano. Return to the <a href="index.php">index page</a>.</p>';
       
   478       $template->footer();
       
   479       exit;
       
   480     }
       
   481     if($session->user_logged_in && $session->user_level >= $ul_admin)
       
   482     {
       
   483       if(isset($_POST['login']))
       
   484       {
       
   485         $result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_admin);
       
   486         if($session->sid_super)
       
   487         {
       
   488           header('Location: upgrade.php?mode=welcome&auth='.$session->sid_super);
       
   489           exit;
       
   490         }
       
   491       }
       
   492       $template->header();
       
   493       ?>
       
   494       <form action="upgrade.php?mode=login" method="post">
       
   495       <table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4">
       
   496         <tr>
       
   497           <th colspan="2">You must re-authenticate to perform this upgrade.</th>
       
   498         </tr>
       
   499         <?php
       
   500         if(isset($_POST['login']))
       
   501         {
       
   502           echo '<tr><td colspan="2"><p style="color: red;">Login failed: '. $result['error'] . '</p></td></tr>';
       
   503         }
       
   504         ?>
       
   505         <tr>
       
   506           <td>Username:</td><td><input type="text" name="username" size="30" /></td>
       
   507         </tr>
       
   508         <tr>
       
   509           <td>Password:</td><td><input type="password" name="password" size="30" /></td>
       
   510         </tr>
       
   511         <tr>
       
   512           <td colspan="2" style="text-align: center;"><input type="submit" name="login" value="Log in" />
       
   513         </tr>
       
   514       </table>
       
   515       </form>
       
   516       <?php
       
   517     }
       
   518     else
       
   519     {
       
   520       if(isset($_POST['login']))
       
   521       {
       
   522         $result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_member);
       
   523         if($result == 'success')
       
   524         {
       
   525           header('Location: upgrade.php');
       
   526           exit;
       
   527         }
       
   528       }
       
   529       $template->header();
       
   530       ?>
       
   531       <form action="upgrade.php?mode=login" method="post">
       
   532       <table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4">
       
   533         <tr>
       
   534           <th colspan="2">Please log in to continue with this upgrade.</th>
       
   535         </tr>
       
   536         <?php
       
   537         if(isset($_POST['login']))
       
   538         {
       
   539           echo '<tr><td colspan="2"><p style="color: red;">Login failed. Bad password?</p></td></tr>';
       
   540         }
       
   541         ?>
       
   542         <tr>
       
   543           <td>Username:</td><td><input type="text" name="username" size="30" /></td>
       
   544         </tr>
       
   545         <tr>
       
   546           <td>Password:</td><td><input type="password" name="password" size="30" /></td>
       
   547         </tr>
       
   548         <tr>
       
   549           <td colspan="2" style="text-align: center;"><input type="submit" name="login" value="Log in" />
       
   550         </tr>
       
   551       </table>
       
   552       </form>
       
   553       <?php
       
   554     }
       
   555     break;
       
   556   case "welcome":
       
   557     if(!$session->sid_super) { $template->header(); echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; }
       
   558     
       
   559     // Just show a simple welcome page to display version information
       
   560     $template->header();
       
   561     require('config.php');
       
   562     
       
   563     ?>
       
   564     
       
   565     <div style="text-align: center; margin-top: 10px;">
       
   566       <img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-blue.png" style="display: block; margin: 0 auto; padding-left: 134px;" />
       
   567       <h2>Welcome to the Enano upgrade wizard</h2>
       
   568       <?php
       
   569       if ( file_exists('./_nightly.php') )
       
   570       {
       
   571         echo '<div class="warning-box" style="text-align: left; margin: 10px auto; display: table; width: 60%;"><b>You are about to upgrade to a NIGHTLY BUILD of Enano.</b><br />Nightly builds CANNOT be re-upgraded to the final release. They may also contain serious flaws, security problems, or extraneous debugging information. Continuing this process on a production site is NOT recommended.</div>';
       
   572       }
       
   573       ?>
       
   574     </div>
       
   575     <div style="display: table; margin: 0 auto;">
       
   576       <p>You are about to upgrade Enano to version <b><?php echo $this_version; ?></b>. Before you continue, please ensure that:</p>
       
   577       <ul>
       
   578         <li>You have completely backed up your database (<b><?php echo "$dbhost:$dbname"; ?></b>)</li>
       
   579         <li>You have backed up the entire Enano directory (<b><?php echo ENANO_ROOT; ?></b>)</li>
       
   580         <li>You have reviewed the release notes for this version, and you<br />are comfortable with any known bugs or issues</li>
       
   581         <li>If you've configured Enano to work using a MySQL user with restricted<br />privileges, you need to enable ALTER, CREATE TABLE, and CREATE INDEX privileges<br />for this upgrade to work.</li>
       
   582       </ul>
       
   583     </div>
       
   584     <div style="text-align: center; margin-top: 10px;">
       
   585       <form action="upgrade.php?mode=setversion&amp;auth=<?php echo $session->sid_super; ?>" method="post">
       
   586         <input type="submit" value="Continue with upgrade" />
       
   587       </form>
       
   588     </div>
       
   589     
       
   590     <?php
       
   591     
       
   592     break;
       
   593   case "setversion":
       
   594     if(!$session->sid_super) { $template->header(); echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; }
       
   595     $v = ( function_exists('enano_version') ) ? enano_version() : '';
       
   596     if(!in_array($v, $valid_versions) && $v != '')
       
   597     {
       
   598       $template->header();
       
   599       ?>
       
   600       <p>Your version of Enano (<?php echo $v; ?>) can't be upgraded to this version (<?php echo $this_version; ?>).</p>
       
   601       <?php
       
   602       break;
       
   603     } 
       
   604     else if($v == '')
       
   605     {
       
   606       // OK, we don't know which version he's running. So we'll cheat ;-)
       
   607       $template->header();
       
   608       echo "<form action='upgrade.php?mode=confirm&amp;auth={$session->sid_super}' method='post'>";
       
   609       ?>
       
   610       <p>Sorry, we couldn't detect which version of Enano you're running on your server. Please select which version of Enano you have below, and make absolutely sure that you're correct.</p>
       
   611       <p><select name="version"><?php
       
   612         foreach($valid_versions as $c)
       
   613         {
       
   614           echo "<option value='{$c}'>{$c}</option>";
       
   615         }
       
   616       ?></select></p>
       
   617       <p>
       
   618         <input type="submit" value="Continue" />
       
   619       </p>
       
   620       <?php
       
   621       echo `</form>`;
       
   622       break;
       
   623     }
       
   624     else
       
   625     {
       
   626       header('Location: upgrade.php?mode=confirm&auth='.$session->sid_super);
       
   627     }
       
   628     break;
       
   629   case "confirm":
       
   630     $enano_version = ( isset($_POST['version']) ) ? $_POST['version'] : enano_version();
       
   631     
       
   632     $template->header();
       
   633     if(!$session->sid_super) { echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; }
       
   634     ?>
       
   635       <form action="upgrade.php?mode=upgrade&amp;auth=<?php echo $session->sid_super; ?>" method="post">
       
   636         <table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4">
       
   637           <tr>
       
   638             <td colspan="2"><p><b>Are you sure you want to perform this upgrade?</b></p><p>You can still cancel the upgrade process now. If<br />the upgrade fails, you will need to roll back<br />any actions made using manual SQL queries.</p><p><b>Please clear your browser cache or<br />shift-reload after the upgrade.</b><br />If you fail to do so, some page elements may<br />be broken.</td>
       
   639           </tr>
       
   640           <tr>
       
   641             <td colspan="2" style="text-align: center;">
       
   642               <input type="hidden" name="enano_version" value="<?php echo $enano_version; ?>" />
       
   643               <input type="submit" name="doit" value="Upgrade Enano!" />
       
   644             </td>
       
   645           </tr>
       
   646         </table>
       
   647       </form>
       
   648     <?php
       
   649     break;
       
   650   case "upgrade":
       
   651     $template->header();
       
   652     if(!$session->sid_super) { echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; }
       
   653     if(!isset($_POST['enano_version'])) { echo '<p>Can\'t find the version information on the POST query, are you trying to do this upgrade directly? Please <a href="upgrade.php">restart the upgrade</a>.</p>'; break; }
       
   654     $enano_version = $_POST['enano_version'];
       
   655     echo '<p>Preparing for schema execution...';
       
   656       // Build an array of queries
       
   657       $schema = file_get_contents('upgrade.sql');
       
   658       
       
   659       // Strip out and process version blocks
       
   660       preg_match_all('#---BEGIN ([0-9A-z\.\-]*?)---'."\n".'((.*?)'."\n)?".'---END \\1---#is', $schema, $matches);
       
   661       
       
   662       $from_list  =& $matches[1];
       
   663       $query_list =& $matches[3];
       
   664       
       
   665       foreach($matches[0] as $m)
       
   666       {
       
   667         $schema = str_replace($m, '', $schema);
       
   668       }
       
   669       $schema = explode("\n", $schema);
       
   670       foreach($schema as $k => $q)
       
   671       {
       
   672         if(substr($q, 0, 2) == '--' || $q == '')
       
   673         {
       
   674           unset($schema[$k]);
       
   675           //die('<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>');
       
   676         }
       
   677         else
       
   678         {
       
   679           $schema[$k] = upg_assign_vars($schema[$k]);
       
   680         }
       
   681       }
       
   682       
       
   683       foreach($query_list as $k => $q)
       
   684       {
       
   685         $query_list[$k] = explode("\n", $query_list[$k]);
       
   686         foreach($query_list[$k] as $i => $s)
       
   687         {
       
   688           $tq =& $query_list[$k][$i];
       
   689           if(substr($s, 0, 2) == '--' || $s == '')
       
   690           {
       
   691             unset($query_list[$k][$i]);
       
   692             //die('<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>');
       
   693           }
       
   694           else
       
   695           {
       
   696             $query_list[$k][$i] = upg_assign_vars($query_list[$k][$i]);
       
   697           }
       
   698         }
       
   699         $query_list[$k] = array_values($query_list[$k]);
       
   700       }
       
   701       
       
   702       $assoc_list = Array();
       
   703       
       
   704       foreach($from_list as $i => $v)
       
   705       {
       
   706         $assoc_list[$v] = $query_list[$i];
       
   707       }
       
   708       
       
   709       $schema = array_values($schema);
       
   710       
       
   711       $deps_resolved = false;
       
   712       $installing_versions = Array($enano_version);
       
   713       
       
   714       while(true)
       
   715       {
       
   716         $v = array_keys($deps_list);
       
   717         foreach($v as $i => $ver)
       
   718         {
       
   719           if(in_array($ver, $installing_versions))
       
   720           {
       
   721             // $ver is on the list of versions to be installed. Add its dependencies to the list of versions to install.
       
   722             foreach($deps_list[$ver] as $dep)
       
   723             {
       
   724               if(!in_array($dep, $installing_versions))
       
   725               {
       
   726                 $installing_versions[] = $dep;
       
   727               }
       
   728             }
       
   729           }
       
   730           if($i == count($deps_list) - 1)
       
   731           {
       
   732             break 2;
       
   733           }
       
   734         }
       
   735       }
       
   736       
       
   737       foreach($installing_versions as $this_ver)
       
   738       {
       
   739         $schema = array_merge($schema, $assoc_list[$this_ver]);
       
   740       }
       
   741       
       
   742       // Time for some proper SQL syntax!
       
   743       // Also check queries for so-called injection attempts to make
       
   744       // sure that it doesn't fail during the upgrade process and
       
   745       // leave the user with a half-upgraded database
       
   746       foreach($schema as $s => $q)
       
   747       {
       
   748         if(substr($q, strlen($q)-1, 1) != ';') 
       
   749         {
       
   750           $schema[$s] .= ';';
       
   751         }
       
   752         if ( !$db->check_query($schema[$s]) )
       
   753         {
       
   754           // Uh-oh, the check failed, bail out
       
   755           // The DBAL runs sanity checks on all queries for safety,
       
   756           // so if the check fails in mid-upgrade we are in deep
       
   757           // dodo doo-doo.
       
   758           echo 'Query failed sanity check, this should never happen and is a bug.</p><p>Query was:</p><pre>'.$schema[$s].'</pre>';
       
   759           break 2;
       
   760         }
       
   761       }
       
   762       
       
   763       $schema = array_values($schema);
       
   764       
       
   765       // Used extensively for debugging
       
   766       // echo '<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>';
       
   767       // break;
       
   768       
       
   769       echo 'done!<br />Executing upgrade schema...';
       
   770       
       
   771       // OK, do the loop, baby!!!
       
   772       foreach($schema as $q)
       
   773       {
       
   774         if ( substr($q, 0, 1) == '@' )
       
   775         {
       
   776           // if the first character is @, don't fail on error
       
   777           $db->sql_query(substr($q, 1));
       
   778         }
       
   779         else
       
   780         {
       
   781           if ( !$db->sql_query($q) )
       
   782           {
       
   783             echo $db->get_error();
       
   784             break 2;
       
   785           }
       
   786         }
       
   787       }
       
   788       
       
   789       // Call any custom functions
       
   790       foreach ( $installing_versions as $ver )
       
   791       {
       
   792         if ( isset($func_list[$ver]) )
       
   793         {
       
   794           foreach($func_list[$ver] as $function)
       
   795           {
       
   796             @call_user_func($function);
       
   797           }
       
   798         }
       
   799       }
       
   800       
       
   801       // Log the upgrade
       
   802       $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'upgrade_enano\', ' . time() . ', \'' . enano_date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($session->username) . '\', \'' . mysql_real_escape_string($this_version) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');');
       
   803       
       
   804       echo 'done!</p>';
       
   805       echo '<p>You will be redirected shortly. If you aren\'t redirected, <a href="index.php">click here</a>.</p>
       
   806             <script type="text/javascript">setTimeout("window.location=\'index.php\'", 2000)</script>';
       
   807     break;
       
   808 }
       
   809 $template->footer();
       
   810 
       
   811 ?>