diff options
Diffstat (limited to 'install.php')
-rw-r--r-- | install.php | 509 |
1 files changed, 280 insertions, 229 deletions
diff --git a/install.php b/install.php index 4e358b775..467d9075f 100644 --- a/install.php +++ b/install.php @@ -25,292 +25,343 @@ // | USA. | // +-----------------------------------------------------------------------+ -//-------------------------------------------------------------------- includes -define( 'PREFIX_INCLUDE', '' ); -include( './include/vtemplate.class.php' ); -include( './include/functions.inc.php' ); +//----------------------------------------------------------- include +define('PHPWG_ROOT_PATH','./'); -$config_file = './config.php'; -//----------------------------------------------------- template initialization -$vtp = new VTemplate; -$handle = $vtp->Open( './template/default/install.vtp' ); -$vtp->setGlobalVar( $handle, 'release', '1.4' ); -//-------------------------------------------------------------------- language -if ( isset( $_GET['language'] ) ) +// Guess an initial language ... +function guess_lang() { - $isadmin = true; - $lang = array(); - include( './language/'.$_GET['language'].'.php' ); - $tpl = array( 'step1_err_copy', 'step1_err_copy_2', 'step1_err_copy_next', - 'errors_title', 'step1_title','step1_host','step1_host_info', - 'step1_user','step1_user_info','step1_pass','step1_pass_info', - 'step1_database','step1_database_info','step1_prefix', - 'step1_prefix_info','submit','infos_title','step2_title', - 'conf_general_webmaster','conf_general_webmaster_info', - 'step2_pwd','step2_pwd_info','step2_pwd_conf', - 'step2_pwd_conf_info','conf_general_mail', - 'conf_general_mail_info','install_end_title', - 'install_end_message','install_help'); - templatize_array( $tpl, 'lang', $handle ); - $vtp->setGlobalVar( $handle, 'language', $_GET['language'] ); + global $_SERVER; + $languages = array(); + $i = 0; + if ( $opendir = opendir ( PHPWG_ROOT_PATH.'language/' ) ) + { + while ( $file = readdir ( $opendir ) ) + { + if ( is_dir ( PHPWG_ROOT_PATH.'language/'.$file )&& !substr_count($file,'.')) + { + $languages[$i++] =$file; + } + } + } + + if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) + { + $accept_lang_ary = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); + for ($i = 0; $i < sizeof($accept_lang_ary); $i++) + { + for ($j=0; $j<sizeof($languages); $j++) + { + if (preg_match('#' . substr($languages[$j],0,2) . '#i', substr(trim($accept_lang_ary[$i]),0,2))) + { + if (file_exists(PHPWG_ROOT_PATH . 'language/' . $languages[$j].'/install.lang.php')) + { + return $languages[$j]; + } + } + } + } + } + return 'en_EN'; } -//---------------------- Step 1 : connection informations, write of config file -if ( isset($_GET['step']) && $_GET['step'] == 1 ) + +set_magic_quotes_runtime(0); // Disable magic_quotes_runtime +// +// addslashes to vars if magic_quotes_gpc is off this is a security +// precaution to prevent someone trying to break out of a SQL statement. +// +if( !get_magic_quotes_gpc() ) { - $errors = array(); - $infos = array(); - // creation of ./include/mysql.inc.php : file containing database - // connection informations - if ( isset( $_POST['cfgBase'] ) - and isset( $_POST['cfgUser'] ) - and isset( $_POST['cfgPassword'] ) - and isset( $_POST['cfgHote'] ) ) + if( is_array($_POST) ) { - if ( @mysql_connect( $_POST['cfgHote'], - $_POST['cfgUser'], - $_POST['cfgPassword'] ) ) + while( list($k, $v) = each($_POST) ) { - if ( @mysql_select_db($_POST['cfgBase'] ) ) + if( is_array($_POST[$k]) ) { - array_push( $infos, $lang['step1_confirmation'] ); + while( list($k2, $v2) = each($_POST[$k]) ) + { + $_POST[$k][$k2] = addslashes($v2); + } + @reset($_POST[$k]); } else { - array_push( $errors, $lang['step1_err_db'] ); + $_POST[$k] = addslashes($v); } } - else - { - array_push( $errors, $lang['step1_err_server'] ); - } - - if ( count( $errors ) == 0 ) + @reset($_POST); + } + + if( is_array($_COOKIE) ) + { + while( list($k, $v) = each($_COOKIE) ) { - $file_content = "<?php"; - $file_content.= "\n\$cfgBase = '". $_POST['cfgBase']."';"; - $file_content.= "\n\$cfgUser = '". $_POST['cfgUser']."';"; - $file_content.= "\n\$cfgPassword = '". $_POST['cfgPassword']."';"; - $file_content.= "\n\$cfgHote = '". $_POST['cfgHote']."';"; - $file_content.= "\n"; - $file_content.= "\n\$table_prefix = '".$_POST['prefixeTable']."';"; - $file_content.= "\n"; - $file_content.= "\ndefine('PHPWG_INSTALLED', true);"; - $file_content.= "\n?>"; - // writting the configuration file - if ( $fp = @fopen( $config_file, 'a+' ) ) + if( is_array($_COOKIE[$k]) ) { - ftruncate($fp, 0); - fwrite( $fp, $file_content ); - fclose( $fp ); - } - $cfgHote = ''; - $cfgUser = ''; - $cfgPassword = ''; - $cfgBase = ''; - if ( is_file( $config_file ) ) include( $config_file ); - $file_OK = false; - if ( @mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) ) - { - if ( @mysql_select_db( $cfgBase ) ) $file_OK = true; - } - if ( !$file_OK ) - { - $vtp->addSession( $handle, 'error_copy' ); - $html_content = htmlentities( $file_content, ENT_QUOTES ); - $html_content = nl2br( $html_content ); - $vtp->setVar( $handle, 'error_copy.file_content', $html_content ); - $vtp->closeSession( $handle, 'error_copy' ); + while( list($k2, $v2) = each($_COOKIE[$k]) ) + { + $_COOKIE[$k][$k2] = addslashes($v2); + } + @reset($_COOKIE[$k]); } else { - $url = 'install.php?step=2&language='.$_GET['language']; - header( 'Request-URI: '.$url ); - header( 'Content-Location: '.$url); - header( 'Location: '.$url ); - exit(); + $_COOKIE[$k] = addslashes($v); } } + @reset($_COOKIE); } - // errors display - if ( sizeof( $errors ) != 0 ) - { - $vtp->addSession( $handle, 'errors' ); - foreach ( $errors as $error ) { - $vtp->addSession( $handle, 'error' ); - $vtp->setVar( $handle, 'error.content', $error ); - $vtp->closeSession( $handle, 'error' ); - } - $vtp->closeSession( $handle, 'errors' ); - } - // infos display - if ( sizeof( $infos ) != 0 ) - { - $vtp->addSession( $handle, 'infos' ); - foreach ( $infos as $info ) { - $vtp->addSession( $handle, 'info' ); - $vtp->setVar( $handle, 'info.content', $info ); - $vtp->closeSession( $handle, 'info' ); - } - $vtp->closeSession( $handle, 'infos' ); - } - // form display (if necessary) - if ( !isset( $_POST['submit'] ) or sizeof( $errors ) > 0 ) - { - $vtp->addSession( $handle, 'step1' ); +} - // host - if ( !isset( $_POST['cfgHote'] ) ) - $vtp->setVar( $handle, 'step1.f_host', 'localhost' ); - else - $vtp->setVar( $handle, 'step1.f_host', $_POST['cfgHote'] ); - // user - if ( isset( $_POST['cfgUser'] ) ) - $vtp->setVar( $handle, 'step1.f_user', $_POST['cfgUser'] ); - // base - if ( isset( $_POST['cfgBase'] ) ) - $vtp->setVar( $handle, 'step1.f_base', $_POST['cfgBase'] ); - // prefixeTable - if ( !isset( $_POST['prefixeTable'] ) ) - $vtp->setVar( $handle, 'step1.f_prefixeTable', 'phpwebgallery_' ); - else - $vtp->setVar( $handle, 'step1.f_prefixeTable', $_POST['prefixeTable'] ); +//----------------------------------------------------- variable initialization +$install_style = 'default'; +$release_version = '1.4'; +if ( isset( $_POST['language'] )) +{ + $language = strip_tags($_POST['language']); +} +else +{ + $language = guess_lang(); +} - $vtp->closeSession( $handle, 'step1' ); - } +if ( !file_exists(@realpath(PHPWG_ROOT_PATH . 'language/' . $language . '/install.lang.php')) ) +{ + $language = 'en_EN'; } -//------------------------------------- Step 2 : creation of tables in database -else if ( isset($_GET['step']) && $_GET['step'] == 2 ) +include( './language/'.$language.'/install.lang.php' ); +include( './language/'.$language.'/admin.lang.php' ); +$mapping_lang = $language; +if ( !file_exists(@realpath(PHPWG_ROOT_PATH . 'language/' . $language . '/lang.lang.php')) ) { - $errors = array(); - $infos = array(); + $mapping_lang = 'en_EN'; +} +include_once(PHPWG_ROOT_PATH . 'language/' . $mapping_lang . '/lang.lang.php'); - include( $config_file ); - mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) - or die ( "Can't connect to database host" ); - mysql_select_db( $cfgBase ) - or die ( "Connection to host succeeded, but database selection failed" ); - - if ( !isset( $_POST['submit'] ) ) - { - // tables creation, based on phpwebgallery_structure.sql - $sql_lines = file( './admin/phpwebgallery_structure.sql' ); - $query = ''; - foreach ( $sql_lines as $sql_line ) { - $sql_line = trim( $sql_line ); - if ( preg_match( '/(^--|^$)/', $sql_line ) ) continue; - $query.= ' '.$sql_line; - // if we reached the end of query, we execute it and reinitialize the - // variable "query" - if ( preg_match( '/;$/', $sql_line ) ) +// Obtain various vars +$dbhost = (!empty($_POST['dbhost'])) ? $_POST['dbhost'] : 'localhost'; +$dbuser = (!empty($_POST['dbuser'])) ? $_POST['dbuser'] : ''; +$dbpasswd = (!empty($_POST['dbpasswd'])) ? $_POST['dbpasswd'] : ''; +$dbname = (!empty($_POST['dbname'])) ? $_POST['dbname'] : ''; + +$table_prefix = (!empty($_POST['prefix'])) ? $_POST['prefix'] : 'phpwg_'; + +$admin_name = (!empty($_POST['admin_name'])) ? $_POST['admin_name'] : ''; +$admin_pass1 = (!empty($_POST['admin_pass1'])) ? $_POST['admin_pass1'] : ''; +$admin_pass2 = (!empty($_POST['admin_pass2'])) ? $_POST['admin_pass2'] : ''; +$admin_mail = (!empty($_POST['admin_mail'])) ? $_POST['admin_mail'] : ''; + +$lang_options = $lang['lang']; +@asort($lang_options); +@reset($lang_options); + +$infos = array(); +$errors = array(); + +// Open config.php ... if it exists +$config_file = PHPWG_ROOT_PATH.'include/mysql.inc.php'; +if (@file_exists($config_file)) +{ + include($config_file); +} + +// Is phpBB already installed? Yes? Redirect to the index +if (defined("PHPWG_INSTALLED")) +{ + header( 'Location: index.php' ); + exit; +} + +include(PHPWG_ROOT_PATH . 'include/constants.php'); +include(PHPWG_ROOT_PATH . 'include/functions.inc.php'); +include(PHPWG_ROOT_PATH . 'include/template.php'); +//----------------------------------------------------- template initialization +$template=setup_style($install_style); +$template->set_filenames( array('install'=>'install.tpl') ); +$step = 1; +//----------------------------------------------------- form analyze +if ( isset( $_POST['install'] )) +{ + if ( @mysql_connect( $_POST['dbhost'], + $_POST['dbuser'], + $_POST['dbpasswd'] ) ) + { + if ( @mysql_select_db($_POST['dbname'] ) ) { - $query = trim( $query ); - $query = str_replace( 'phpwebgallery_', $table_prefix, $query ); - // we don't execute "DROP TABLE" queries - if ( !preg_match( '/^DROP TABLE/i', $query ) ) - mysql_query( $query ); - $query = ''; + array_push( $infos, $lang['step1_confirmation'] ); + } + else + { + array_push( $errors, $lang['step1_err_db'] ); } } - } - - if ( isset( $_POST['submit'] ) ) - { - // webmaster login must be - // 1. non empty - // 2. without characters ' or " - $webmaster = preg_replace( '/\s{2,}/', ' ', $_POST['webmaster'] ); - $webmaster = trim( $webmaster ); - if ( $webmaster == '' ) + else + { + array_push( $errors, $lang['step1_err_server'] ); + } + + $webmaster = trim(preg_replace( '/\s{2,}/', ' ', $admin_name )); + if ( empty($webmaster)) array_push( $errors, $lang['step2_err_login1'] ); - if ( preg_match( '/[\'"]/', $webmaster ) ) + else if ( preg_match( '/[\'"]/', $webmaster ) ) array_push( $errors, $lang['step2_err_login3'] ); - // the webmaster string must be the same as its confirmation - if ( $_POST['pwdWebmaster'] != $_POST['pwdWebmasterConf'] ) - array_push( $errors, $lang['step2_err_pass'] ); - // mail address must have this format : name@server.com - $error_mail_address = validate_mail_address( $_POST['mail_webmaster'] ); - if ( $error_mail_address != '' ) - array_push( $errors, $error_mail_address ); - if ( $_POST['mail_webmaster'] == '' ) - array_push( $errors, $lang['reg_err_mail_address'] ); - - // if no error found till here : insertion of data in tables - if ( count( $errors ) == 0 ) + if ( $admin_pass1 != $admin_pass2 || empty($admin_pass1) ) + array_push( $errors, $lang['step2_err_pass'] ); + if ( empty($admin_mail)) + array_push( $errors, $lang['reg_err_mail_address'] ); + else + { + $error_mail_address = validate_mail_address($admin_mail); + if (!empty($error_mail_address)) array_push( $errors, $error_mail_address ); + } + + if ( count( $errors ) == 0 ) { - $query = 'DELETE FROM '.$table_prefix.'config'; + $step = 2; + $file_content = "<?php"; + $file_content.= "\n\$dbname = '". $dbname."';"; + $file_content.= "\n\$dbuser = '". $dbuser."';"; + $file_content.= "\n\$dbpasswd = '". $dbpasswd."';"; + $file_content.= "\n\$dbhost = '". $dbhost."';"; + $file_content.= "\n"; + $file_content.= "\n\$table_prefix = '".$table_prefix."';"; + $file_content.= "\n"; + $file_content.= "\ndefine('PHPWG_INSTALLED', true);"; + $file_content.= "\n?".">"; + + @umask(0111); + // writing the configuration file + if ( !($fp = @fopen( $config_file, 'w' ))) + { + $html_content = htmlentities( $file_content, ENT_QUOTES ); + $html_content = nl2br( $html_content ); + $template->assign_block_vars('error_copy',array('FILE_CONTENT'=>$html_content)); + } + @fputs($fp, $file_content, strlen($file_content)); + @fclose($fp); + + // tables creation, based on phpwebgallery_structure.sql + $sql_lines = file( './admin/phpwebgallery_structure.sql' ); + $query = ''; + foreach ( $sql_lines as $sql_line ) + { + $sql_line = trim( $sql_line ); + if ( preg_match( '/(^--|^$)/', $sql_line ) ) continue; + $query.= ' '.$sql_line; + // if we reached the end of query, we execute it and reinitialize the + // variable "query" + if ( preg_match( '/;$/', $sql_line ) ) + { + $query = trim( $query ); + $query = str_replace( 'phpwebgallery_', $table_prefix, $query ); + // we don't execute "DROP TABLE" queries + if ( !preg_match( '/^DROP TABLE/i', $query ) ) mysql_query( $query ); + $query = ''; + } + } + + // We fill the tables with basic informations + $query = 'DELETE FROM '.CONFIG_TABLE; mysql_query( $query ); - $query = 'INSERT INTO '.$table_prefix.'config'; + $query = 'INSERT INTO '.CONFIG_TABLE; $query.= ' (webmaster,mail_webmaster) VALUES '; - $query.= " ('".$webmaster."','".$_POST['mail_webmaster']."')"; - $query.= ';'; + $query.= " ('".$admin_name."','".$admin_mail."');"; mysql_query( $query ); - $query = 'INSERT INTO '.$table_prefix.'sites'; - $query.= " (id,galleries_url) VALUES (1, './galleries/')"; - $query.= ';'; + $query = 'INSERT INTO '.SITES_TABLE; + $query.= " (id,galleries_url) VALUES (1, './galleries/');"; mysql_query( $query ); // webmaster admin user - $query = 'INSERT INTO '.$table_prefix.'users'; + $query = 'INSERT INTO '.USERS_TABLE; $query.= ' (id,username,password,status,language,mail_address) VALUES '; - $query.= "(1,'".$webmaster."','".md5( $_POST['pwdWebmaster'] )."'"; - $query.= ",'admin','".$_GET['language']."'"; - $query.= ",'".$_POST['mail_webmaster']."')"; - $query.= ';'; + $query.= "(1,'".$admin_name."','".md5( $admin_pass1 )."'"; + $query.= ",'admin','".$language."'"; + $query.= ",'".$admin_mail."');"; mysql_query($query); // guest user - $query = 'INSERT INTO '.$table_prefix.'users'; + $query = 'INSERT INTO '.USERS_TABLE; $query.= '(id,username,password,status,language) VALUES '; - $query.= "(2,'guest','','guest','".$_GET['language']."')"; + $query.= "(2,'guest','','guest','".$language."')"; $query.= ';'; mysql_query( $query ); } - } +} - // errors display - if ( sizeof( $errors ) != 0 ) +$template->assign_vars(array( + 'RELEASE'=>$release_version, + + 'L_BASE_TITLE'=>$lang['Initial_config'], + 'L_LANG_TITLE'=>$lang['Default_lang'], + 'L_DB_TITLE'=>$lang['step1_title'], + 'L_DB_HOST'=>$lang['step1_host'], + 'L_DB_HOST_INFO'=>$lang['step1_host_info'], + 'L_DB_USER'=>$lang['step1_user'], + 'L_DB_USER_INFO'=>$lang['step1_user_info'], + 'L_DB_PASS'=>$lang['step1_pass'], + 'L_DB_PASS_INFO'=>$lang['step1_pass_info'], + 'L_DB_NAME'=>$lang['step1_database'], + 'L_DB_NAME_INFO'=>$lang['step1_database_info'], + 'L_DB_PREFIX'=>$lang['step1_prefix'], + 'L_DB_PREFIX_INFO'=>$lang['step1_prefix_info'], + 'L_ADMIN_TITLE'=>$lang['step2_title'], + 'L_ADMIN'=>$lang['conf_general_webmaster'], + 'L_ADMIN_INFO'=>$lang['conf_general_webmaster_info'], + 'L_ADMIN_PASSWORD'=>$lang['step2_pwd'], + 'L_ADMIN_PASSWORD_INFO'=>$lang['step2_pwd_info'], + 'L_ADMIN_CONFIRM_PASSWORD'=>$lang['step2_pwd_conf'], + 'L_ADMIN_CONFIRM_PASSWORD_INFO'=>$lang['step2_pwd_conf_info'], + 'L_ADMIN_EMAIL'=>$lang['conf_general_mail'], + 'L_ADMIN_EMAIL_INFO'=>$lang['conf_general_mail_info'], + 'L_SUBMIT'=>$lang['Start_Install'], + 'L_HELP'=>$lang['install_help'], + 'L_ERR_COPY'=>$lang['step1_err_copy'], + 'L_END_TITLE'=>$lang['install_end_title'], + 'L_END_MESSAGE'=>$lang['install_end_message'], + + 'F_ACTION'=>add_session_id( 'install.php' ), + 'F_DB_HOST'=>$dbhost, + 'F_DB_USER'=>$dbuser, + 'F_DB_NAME'=>$dbname, + 'F_DB_PREFIX'=>$table_prefix, + 'F_ADMIN'=>$admin_name, + 'F_ADMIN_EMAIL'=>$admin_mail, + 'F_LANG_SELECT'=>make_jumpbox($lang_options, $language, true), + + 'T_CONTENT_ENCODING' => $lang['charset'], + 'T_STYLE' => './template/'.$install_style.'/'.$install_style.'-admin.css') + ); + +//-------------------------------------------------------- errors & infos display +if ( sizeof( $errors ) != 0 ) +{ + $template->assign_block_vars('errors',array()); + for ( $i = 0; $i < sizeof( $errors ); $i++ ) { - $vtp->addSession( $handle, 'errors' ); - foreach ( $errors as $error ) { - $vtp->addSession( $handle, 'error' ); - $vtp->setVar( $handle, 'error.content', $error ); - $vtp->closeSession( $handle, 'error' ); - } - $vtp->closeSession( $handle, 'errors' ); + $template->assign_block_vars('errors.error',array('ERROR'=>$errors[$i])); } +} - if ( !isset( $_POST['submit'] ) or sizeof( $errors ) > 0 ) +if ( sizeof( $infos ) != 0 ) +{ + $template->assign_block_vars('infos',array()); + for ( $i = 0; $i < sizeof( $infos ); $i++ ) { - $vtp->addSession( $handle, 'step2' ); - if ( isset( $_POST['webmaster'] )) - $vtp->setVar( $handle, 'step2.f_webmaster', $_POST['webmaster'] ); - if ( isset( $_POST['mail_webmaster'] )) - $vtp->setVar( $handle, 'step2.f_mail_webmaster', $_POST['mail_webmaster']); - $vtp->closeSession( $handle, 'step2' ); + $template->assign_block_vars('infos.info',array('INFO'=>$infos[$i])); } +} - // end of installation message - if ( isset( $_POST['submit'] ) and count( $errors ) == 0 ) - { - $vtp->addSession( $handle, 'install_end' ); - $vtp->closeSession( $handle, 'install_end' ); - } +if ($step ==1) +{ + $template->assign_block_vars('install',array()); } -//---------------------------------------------------- Step 0 : language choice else { - $vtp->addSession( $handle, 'step0' ); - $languages = get_languages( './language/' ); - foreach ( $languages as $language ) { - $vtp->addSession( $handle, 'language' ); - $vtp->setVar( $handle, 'language.name', $language ); - $vtp->closeSession( $handle, 'language' ); - } - $vtp->closeSession( $handle, 'step0' ); + $template->assign_block_vars('install_end',array()); } + //----------------------------------------------------------- html code display -$code = $vtp->Display( $handle, 0 ); -echo $code; +$template->pparse('install'); ?> |