Revision 4
Added by Manuela over 7 years ago
| save.php | ||
|---|---|---|
| 16 | 16 |
* |
| 17 | 17 |
*/ |
| 18 | 18 |
|
| 19 |
$debug = false; |
|
| 20 |
|
|
| 21 |
if (true === $debug) {
|
|
| 22 |
ini_set('display_errors', 1);
|
|
| 23 |
error_reporting(E_ALL); |
|
| 24 |
} |
|
| 25 |
// Start a session |
|
| 26 |
if (!defined('SESSION_STARTED')) {
|
|
| 27 |
session_name('wb-installer');
|
|
| 28 |
session_start(); |
|
| 29 |
define('SESSION_STARTED', true);
|
|
| 30 |
} |
|
| 31 |
// get random-part for session_name() |
|
| 32 |
list($usec,$sec) = explode(' ',microtime());
|
|
| 33 |
srand((float)$sec+((float)$usec*100000)); |
|
| 34 |
$session_rand = rand(1000,9999); |
|
| 35 |
|
|
| 36 | 19 |
// Function to set error |
| 37 |
function set_error($message, $field_name = '') {
|
|
| 38 |
// global $_POST; |
|
| 39 |
if (isset($message) AND $message != '') {
|
|
| 40 |
// Copy values entered into session so user doesn't have to re-enter everything |
|
| 41 |
if (isset($_POST['website_title'])) {
|
|
| 42 |
$_SESSION['wb_url'] = $_POST['wb_url']; |
|
| 43 |
$_SESSION['default_timezone'] = $_POST['default_timezone']; |
|
| 44 |
$_SESSION['default_language'] = $_POST['default_language']; |
|
| 45 |
if (!isset($_POST['operating_system'])) {
|
|
| 46 |
$_SESSION['operating_system'] = 'linux'; |
|
| 47 |
} else {
|
|
| 48 |
$_SESSION['operating_system'] = $_POST['operating_system']; |
|
| 20 |
function set_error($message, $field_name = '') {
|
|
| 21 |
// global $_POST; |
|
| 22 |
if (isset($message) AND $message != '') {
|
|
| 23 |
// first clean session before fill up with values to remember |
|
| 24 |
$_SESSION = []; |
|
| 25 |
// Copy values entered into session so user doesn't have to re-enter everything |
|
| 26 |
if (isset($_POST['website_title'])) {
|
|
| 27 |
$_SESSION['wb_url'] = $_POST['wb_url']; |
|
| 28 |
$_SESSION['default_timezone'] = $_POST['default_timezone']; |
|
| 29 |
$_SESSION['default_language'] = $_POST['default_language']; |
|
| 30 |
if (!isset($_POST['operating_system'])) {
|
|
| 31 |
$_SESSION['operating_system'] = 'linux'; |
|
| 32 |
} else {
|
|
| 33 |
$_SESSION['operating_system'] = $_POST['operating_system']; |
|
| 34 |
} |
|
| 35 |
$_SESSION['world_writeable'] = (bool) isset($_POST['world_writeable']) ? $_POST['world_writeable'] : false; |
|
| 36 |
$_SESSION['database_host'] = $_POST['database_host']; |
|
| 37 |
$_SESSION['database_username'] = $_POST['database_username']; |
|
| 38 |
$_SESSION['database_password'] = $_POST['database_password']; |
|
| 39 |
$_SESSION['database_name'] = $_POST['database_name']; |
|
| 40 |
$_SESSION['table_prefix'] = $_POST['table_prefix']; |
|
| 41 |
$_SESSION['install_tables'] = (bool) isset($_POST['install_tables']) ? $_POST['install_tables'] : false; |
|
| 42 |
$_SESSION['website_title'] = $_POST['website_title']; |
|
| 43 |
$_SESSION['admin_username'] = $_POST['admin_username']; |
|
| 44 |
$_SESSION['admin_email'] = $_POST['admin_email']; |
|
| 45 |
$_SESSION['admin_password'] = $_POST['admin_password']; |
|
| 46 |
$_SESSION['admin_repassword'] = $_POST['admin_repassword']; |
|
| 49 | 47 |
} |
| 50 |
if (!isset($_POST['world_writeable'])) {
|
|
| 51 |
$_SESSION['world_writeable'] = false; |
|
| 52 |
} else {
|
|
| 53 |
$_SESSION['world_writeable'] = true; |
|
| 48 |
// Set the message |
|
| 49 |
$_SESSION['message'] = $message; |
|
| 50 |
// Set the element(s) to highlight |
|
| 51 |
if ($field_name != '') {
|
|
| 52 |
$_SESSION['ERROR_FIELD'] = $field_name; |
|
| 54 | 53 |
} |
| 55 |
$_SESSION['database_host'] = $_POST['database_host']; |
|
| 56 |
$_SESSION['database_username'] = $_POST['database_username']; |
|
| 57 |
$_SESSION['database_password'] = $_POST['database_password']; |
|
| 58 |
$_SESSION['database_name'] = $_POST['database_name']; |
|
| 59 |
$_SESSION['table_prefix'] = $_POST['table_prefix']; |
|
| 60 |
if (!isset($_POST['install_tables'])) {
|
|
| 61 |
$_SESSION['install_tables'] = false; |
|
| 62 |
} else {
|
|
| 63 |
$_SESSION['install_tables'] = true; |
|
| 64 |
} |
|
| 65 |
$_SESSION['website_title'] = $_POST['website_title']; |
|
| 66 |
$_SESSION['admin_username'] = $_POST['admin_username']; |
|
| 67 |
$_SESSION['admin_email'] = $_POST['admin_email']; |
|
| 68 |
$_SESSION['admin_password'] = $_POST['admin_password']; |
|
| 69 |
$_SESSION['admin_repassword'] = $_POST['admin_repassword']; |
|
| 54 |
// Specify that session support is enabled |
|
| 55 |
$_SESSION['session_support'] = '<font class="good">Enabled</font>'; |
|
| 56 |
// Redirect to first page again and exit |
|
| 57 |
header('Location: index.php?sessions_checked=true');
|
|
| 58 |
exit(); |
|
| 70 | 59 |
} |
| 71 |
// Set the message |
|
| 72 |
$_SESSION['message'] = $message; |
|
| 73 |
// Set the element(s) to highlight |
|
| 74 |
if ($field_name != '') {
|
|
| 75 |
$_SESSION['ERROR_FIELD'] = $field_name; |
|
| 76 |
} |
|
| 77 |
// Specify that session support is enabled |
|
| 78 |
$_SESSION['session_support'] = '<font class="good">Enabled</font>'; |
|
| 79 |
// Redirect to first page again and exit |
|
| 80 |
header('Location: index.php?sessions_checked=true');
|
|
| 81 |
exit(); |
|
| 82 | 60 |
} |
| 83 |
} |
|
| 84 | 61 |
/* */ |
| 85 | 62 |
|
| 86 | 63 |
// Function to workout what the default permissions are for files created by the webserver |
| 87 |
function default_file_mode($temp_dir) {
|
|
| 88 |
if (version_compare(PHP_VERSION, '5.3.6', '>=') && is_writable($temp_dir)) {
|
|
| 89 |
$filename = $temp_dir.'/test_permissions.txt'; |
|
| 90 |
$handle = fopen($filename, 'w'); |
|
| 91 |
fwrite($handle, 'This file is to get the default file permissions'); |
|
| 92 |
fclose($handle); |
|
| 93 |
$default_file_mode = '0'.substr(sprintf('%o', fileperms($filename)), -3);
|
|
| 94 |
unlink($filename); |
|
| 95 |
} else {
|
|
| 96 |
$default_file_mode = '0777'; |
|
| 64 |
function default_file_mode($temp_dir) {
|
|
| 65 |
if (version_compare(PHP_VERSION, '5.3.6', '>=') && is_writable($temp_dir)) {
|
|
| 66 |
$filename = $temp_dir.'/test_permissions.txt'; |
|
| 67 |
$handle = fopen($filename, 'w'); |
|
| 68 |
fwrite($handle, 'This file is to get the default file permissions'); |
|
| 69 |
fclose($handle); |
|
| 70 |
$default_file_mode = '0'.substr(sprintf('%o', fileperms($filename)), -3);
|
|
| 71 |
unlink($filename); |
|
| 72 |
} else {
|
|
| 73 |
$default_file_mode = '0777'; |
|
| 74 |
} |
|
| 75 |
return $default_file_mode; |
|
| 97 | 76 |
} |
| 98 |
return $default_file_mode; |
|
| 99 |
} |
|
| 100 | 77 |
|
| 101 | 78 |
// Function to workout what the default permissions are for directories created by the webserver |
| 102 |
function default_dir_mode($temp_dir) {
|
|
| 103 |
if (version_compare(PHP_VERSION, '5.3.6', '>=') && is_writable($temp_dir)) {
|
|
| 104 |
$dirname = $temp_dir.'/test_permissions/'; |
|
| 105 |
mkdir($dirname); |
|
| 106 |
$default_dir_mode = '0'.substr(sprintf('%o', fileperms($dirname)), -3);
|
|
| 107 |
rmdir($dirname); |
|
| 108 |
} else {
|
|
| 109 |
$default_dir_mode = '0777'; |
|
| 79 |
function default_dir_mode($temp_dir) {
|
|
| 80 |
if (version_compare(PHP_VERSION, '5.3.6', '>=') && is_writable($temp_dir)) {
|
|
| 81 |
$dirname = $temp_dir.'/test_permissions/'; |
|
| 82 |
mkdir($dirname); |
|
| 83 |
$default_dir_mode = '0'.substr(sprintf('%o', fileperms($dirname)), -3);
|
|
| 84 |
rmdir($dirname); |
|
| 85 |
} else {
|
|
| 86 |
$default_dir_mode = '0777'; |
|
| 87 |
} |
|
| 88 |
return $default_dir_mode; |
|
| 110 | 89 |
} |
| 111 |
return $default_dir_mode; |
|
| 112 |
} |
|
| 113 | 90 |
|
| 114 |
function add_slashes($input) {
|
|
| 115 |
if (get_magic_quotes_gpc() || ( !is_string($input) )) {
|
|
| 116 |
return $input; |
|
| 91 |
function add_slashes($sInput) {
|
|
| 92 |
// if (get_magic_quotes_gpc() || ( !is_string($input) )) {
|
|
| 93 |
// return $input; |
|
| 94 |
// } |
|
| 95 |
// $output = addslashes($input); |
|
| 96 |
// return $output; |
|
| 97 |
return $sInput; |
|
| 117 | 98 |
} |
| 118 |
$output = addslashes($input); |
|
| 119 |
return $output; |
|
| 99 |
// |
|
| 100 |
// ************************************************************************************ // |
|
| 101 |
// |
|
| 102 |
|
|
| 103 |
$debug = false; |
|
| 104 |
|
|
| 105 |
if (true === $debug) {
|
|
| 106 |
ini_set('display_errors', 1);
|
|
| 107 |
error_reporting(E_ALL); |
|
| 120 | 108 |
} |
| 109 |
// Start a session |
|
| 110 |
if (!defined('SESSION_STARTED')) {
|
|
| 111 |
session_name('wb-installer');
|
|
| 112 |
session_start(); |
|
| 113 |
define('SESSION_STARTED', true);
|
|
| 114 |
} |
|
| 115 |
$bTokenOk = false; |
|
| 116 |
if (isset($_SESSION['token']) && isset($_POST[$_SESSION['token']['name']])) {
|
|
| 117 |
$bTokenOk = (bool) ($_POST[$_SESSION['token']['name']] == $_SESSION['token']['value']); |
|
| 118 |
} |
|
| 119 |
if (!$bTokenOk) { throw new RuntimeException('Illegal file access detected!!'); }
|
|
| 120 |
unset($_SESSION['token']); |
|
| 121 | 121 |
|
| 122 | 122 |
// Begin check to see if form was even submitted |
| 123 | 123 |
// Set error if no post vars found |
| ... | ... | |
| 153 | 153 |
$default_language = $_POST['default_language']; |
| 154 | 154 |
// make sure the selected language file exists in the language folder |
| 155 | 155 |
if (!file_exists('../languages/' .$default_language .'.php')) {
|
| 156 |
set_error('The language file: \'' .$default_language .'.php\' is missing. Upload file to language folder or choose another language','default_language');
|
|
| 156 |
set_error( |
|
| 157 |
'The language file: \'' .$default_language .'.php\' is missing. '. |
|
| 158 |
'Upload file to language folder or choose another language', |
|
| 159 |
'default_language' |
|
| 160 |
); |
|
| 157 | 161 |
} |
| 158 | 162 |
} |
| 159 | 163 |
// End default language details code |
| ... | ... | |
| 376 | 380 |
.'(\'wb_sp\', \''.SP.'\'),' |
| 377 | 381 |
.'(\'website_title\', \''.$website_title.'\'),' |
| 378 | 382 |
.'(\'default_language\', \''.$default_language.'\'),' |
| 379 |
.'(\'app_name\', \'wb-'.$session_rand.'\'),'
|
|
| 383 |
.'(\'app_name\', \'wb-'.(string) rand(1000, 9999).'\'),'
|
|
| 380 | 384 |
.'(\'default_timezone\', \''.$default_timezone.'\'),' |
| 381 | 385 |
.'(\'operating_system\', \''.$operating_system.'\'),' |
| 382 | 386 |
.'(\'string_dir_mode\', \''.$dir_mode.'\'),' |
| ... | ... | |
| 427 | 431 |
class admin_dummy extends admin |
| 428 | 432 |
{
|
| 429 | 433 |
public $error=''; |
| 434 |
// overwrite method from parent |
|
| 430 | 435 |
public function print_error($message, $link = 'index.php', $auto_footer = true) |
| 431 | 436 |
{
|
| 432 | 437 |
$this->error=$message; |
| ... | ... | |
| 443 | 448 |
$admin = new admin_dummy('Start','',false,false);
|
| 444 | 449 |
|
| 445 | 450 |
// Load addons into DB |
| 446 |
$dirs['modules'] = WB_PATH.'/modules/'; |
|
| 447 |
$dirs['templates'] = WB_PATH.'/templates/'; |
|
| 448 |
$dirs['languages'] = WB_PATH.'/languages/'; |
|
| 449 | 451 |
|
| 450 |
foreach ($dirs as $type => $dir) {
|
|
| 451 |
if ($handle = opendir($dir)) {
|
|
| 452 |
while (false !== ($file = readdir($handle))) {
|
|
| 453 |
if ($file != '' AND substr($file, 0, 1) != '.' AND $file != 'admin.php' AND $file != 'index.php') {
|
|
| 454 |
// Get addon type |
|
| 455 |
if ($type == 'modules') {
|
|
| 456 |
load_module($dir.'/'.$file, true); |
|
| 457 |
// Pretty ugly hack to let modules run $admin->set_error |
|
| 458 |
// See dummy class definition admin_dummy above |
|
| 459 |
if ($admin->error!='') {
|
|
| 460 |
set_error($admin->error); |
|
| 461 |
} |
|
| 462 |
} elseif ($type == 'templates') {
|
|
| 463 |
load_template($dir.'/'.$file); |
|
| 464 |
} elseif ($type == 'languages') {
|
|
| 465 |
load_language($dir.'/'.$file); |
|
| 466 |
} |
|
| 467 |
} |
|
| 452 |
$sOldWorkingDir = getcwd(); |
|
| 453 |
foreach (glob(WB_PATH.'/modules/*', GLOB_ONLYDIR) as $sModule) {
|
|
| 454 |
load_module($sModule, true); |
|
| 455 |
if ($admin->error!='') {
|
|
| 456 |
set_error($admin->error); |
|
| 468 | 457 |
} |
| 469 |
closedir($handle); |
|
| 470 | 458 |
} |
| 471 |
} |
|
| 459 |
foreach (glob(WB_PATH.'/templates/*', GLOB_ONLYDIR) as $sTemplate) {
|
|
| 460 |
load_template($sTemplate); |
|
| 461 |
} |
|
| 462 |
foreach (glob(WB_PATH.'/languages/??.php') as $sLanguage) {
|
|
| 463 |
load_language($sLanguage); |
|
| 464 |
} |
|
| 465 |
|
|
| 472 | 466 |
// Check if there was a database error |
| 473 | 467 |
if ($database->is_error()) {
|
| 474 | 468 |
set_error($database->get_error()); |
Also available in: Unified diff
install:: security issue fixed. Now save.php only can be called from form inside index.php