Revision 4
Added by Manuela over 7 years ago
| index.php | ||
|---|---|---|
| 15 | 15 |
* |
| 16 | 16 |
*/ |
| 17 | 17 |
|
| 18 |
// $aNumber = str_split(strrev('ZZZZ'));
|
|
| 19 |
// $aToBase = str_split('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');
|
|
| 20 |
// $iResult = 0; |
|
| 21 |
// for ($i = 0; $i < sizeof($aNumber); $i++) {
|
|
| 22 |
// $iResult += array_search($aNumber[$i], $aToBase) * (sizeof($aToBase) ** $i); |
|
| 23 |
// } |
|
| 24 |
|
|
| 25 |
/** |
|
| 26 |
* create a new 4-digit secure token |
|
| 27 |
* @return string |
|
| 28 |
*/ |
|
| 29 |
function getNewToken() |
|
| 30 |
{
|
|
| 31 |
$aToBase = str_split('0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ');
|
|
| 32 |
$iToBaseLen = sizeof($aToBase); |
|
| 33 |
shuffle($aToBase); |
|
| 34 |
$iNumber = rand(238328, 14776335); |
|
| 35 |
$sRetval = ''; |
|
| 36 |
while ($iNumber != 0) {
|
|
| 37 |
$sRetval = $aToBase[($iNumber % $iToBaseLen)].$sRetval; |
|
| 38 |
$iNumber = intval($iNumber / $iToBaseLen); |
|
| 39 |
} |
|
| 40 |
return $sRetval; |
|
| 41 |
} |
|
| 42 |
|
|
| 43 |
/** |
|
| 44 |
* highlight input fields which contain wrong/missing data |
|
| 45 |
* @param string $field_name |
|
| 46 |
* @return string |
|
| 47 |
*/ |
|
| 48 |
function field_error($field_name='') {
|
|
| 49 |
if(!defined('SESSION_STARTED') || $field_name == '') return;
|
|
| 50 |
if(isset($_SESSION['ERROR_FIELD']) && $_SESSION['ERROR_FIELD'] == $field_name) {
|
|
| 51 |
return ' class="wrong"'; |
|
| 52 |
} |
|
| 53 |
} |
|
| 54 |
|
|
| 18 | 55 |
// Start a session |
| 19 | 56 |
if (version_compare(PHP_VERSION, '5.6', '<')) { die('Sorry, at last PHP-5.6 required !!'); }
|
| 20 | 57 |
if(!defined('SESSION_STARTED')) {
|
| ... | ... | |
| 37 | 74 |
$sScriptPath = str_replace('\\', '/', ($_SERVER['SCRIPT_FILENAME']));
|
| 38 | 75 |
$sScriptUrl = $sUrl.str_replace($wb_path, '', $sScriptPath); |
| 39 | 76 |
|
| 40 |
// Function to highlight input fields which contain wrong/missing data |
|
| 41 |
function field_error($field_name='') {
|
|
| 42 |
if(!defined('SESSION_STARTED') || $field_name == '') return;
|
|
| 43 |
if(isset($_SESSION['ERROR_FIELD']) && $_SESSION['ERROR_FIELD'] == $field_name) {
|
|
| 44 |
return ' class="wrong"'; |
|
| 45 |
} |
|
| 46 |
} |
|
| 47 | 77 |
|
| 48 | 78 |
$installFlag = true; |
| 49 | 79 |
// Check if the page has been reloaded |
| ... | ... | |
| 62 | 92 |
$session_support = '<span class="bad">Disabled</span>'; |
| 63 | 93 |
} |
| 64 | 94 |
} |
| 95 |
// create security tokens |
|
| 96 |
$aToken = [getNewToken(), getNewToken()]; |
|
| 97 |
$_SESSION['token'] = ['name' => $aToken[0], 'value' => $aToken[1]]; |
|
| 65 | 98 |
// Check if AddDefaultCharset is set |
| 66 | 99 |
$e_adc=false; |
| 67 | 100 |
$sapi=php_sapi_name(); |
| ... | ... | |
| 84 | 117 |
<title>WebsiteBaker Installation Wizard</title> |
| 85 | 118 |
<link href="stylesheet.css" rel="stylesheet" type="text/css" /> |
| 86 | 119 |
<script> |
| 87 |
|
|
| 88 |
function confirm_link(message, url) {
|
|
| 89 |
if(confirm(message)) location.href = url; |
|
| 90 |
} |
|
| 91 |
function change_os(type) {
|
|
| 92 |
if(type == 'linux') {
|
|
| 93 |
document.getElementById('operating_system_linux').checked = true;
|
|
| 94 |
document.getElementById('operating_system_windows').checked = false;
|
|
| 95 |
document.getElementById('file_perms_box').style.display = 'none';
|
|
| 96 |
} else if(type == 'windows') {
|
|
| 97 |
document.getElementById('operating_system_linux').checked = false;
|
|
| 98 |
document.getElementById('operating_system_windows').checked = true;
|
|
| 99 |
document.getElementById('file_perms_box').style.display = 'none';
|
|
| 120 |
function confirm_link(message, url) {
|
|
| 121 |
if(confirm(message)) location.href = url; |
|
| 100 | 122 |
} |
| 101 |
} |
|
| 123 |
function change_os(type) {
|
|
| 124 |
if(type == 'linux') {
|
|
| 125 |
document.getElementById('operating_system_linux').checked = true;
|
|
| 126 |
document.getElementById('operating_system_windows').checked = false;
|
|
| 127 |
document.getElementById('file_perms_box').style.display = 'none';
|
|
| 128 |
} else if(type == 'windows') {
|
|
| 129 |
document.getElementById('operating_system_linux').checked = false;
|
|
| 130 |
document.getElementById('operating_system_windows').checked = true;
|
|
| 131 |
document.getElementById('file_perms_box').style.display = 'none';
|
|
| 132 |
} |
|
| 133 |
} |
|
| 102 | 134 |
</script> |
| 103 | 135 |
</head> |
| 104 | 136 |
<body> |
| ... | ... | |
| 121 | 153 |
<input type="hidden" name="username_fieldname" value="admin_username" /> |
| 122 | 154 |
<input type="hidden" name="password_fieldname" value="admin_password" /> |
| 123 | 155 |
<input type="hidden" name="remember" id="remember" value="true" /> |
| 124 |
|
|
| 156 |
<input type="hidden" name="<?php echo $aToken[0]; ?>" value="<?php echo $aToken[1]; ?>" /> |
|
| 125 | 157 |
<div class="welcome"> |
| 126 | 158 |
Welcome to the WebsiteBaker Installation Wizard. |
| 127 | 159 |
</div> |
Also available in: Unified diff
install:: security issue fixed. Now save.php only can be called from form inside index.php