Revision 1884
Added by Dietmar over 11 years ago
save.php | ||
---|---|---|
1 | 1 |
<?php |
2 | 2 |
/** |
3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
|
3 | 4 |
* |
4 |
* @category backend |
|
5 |
* @package install |
|
6 |
* @author Ryan Djurovich, WebsiteBaker Project |
|
7 |
* @copyright 2009-2012, WebsiteBaker Org. e.V. |
|
8 |
* @link http://www.websitebaker2.org/ |
|
9 |
* @license http://www.gnu.org/licenses/gpl.html |
|
10 |
* @platform WebsiteBaker 2.8.x |
|
11 |
* @requirements PHP 5.2.2 and higher |
|
12 |
* @version $Id$ |
|
13 |
* @filesource $HeadURL: $ |
|
14 |
* @lastmodified $Date: $ |
|
5 |
* This program is free software: you can redistribute it and/or modify |
|
6 |
* it under the terms of the GNU General Public License as published by |
|
7 |
* the Free Software Foundation, either version 3 of the License, or |
|
8 |
* (at your option) any later version. |
|
15 | 9 |
* |
10 |
* This program is distributed in the hope that it will be useful, |
|
11 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
12 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
13 |
* GNU General Public License for more details. |
|
14 |
* |
|
15 |
* You should have received a copy of the GNU General Public License |
|
16 |
* along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
16 | 17 |
*/ |
17 | 18 |
|
19 |
/** |
|
20 |
* save.php |
|
21 |
* |
|
22 |
* @category Core |
|
23 |
* @package Core_Environment |
|
24 |
* @subpackage Installer |
|
25 |
* @author Dietmar Wöllbrink <dietmar.woellbrink@websitebaker.org> |
|
26 |
* @copyright Werner v.d.Decken <wkl@isteam.de> |
|
27 |
* @license http://www.gnu.org/licenses/gpl.html GPL License |
|
28 |
* @version 0.0.2 |
|
29 |
* @revision $Revision$ |
|
30 |
* @link $HeadURL$ |
|
31 |
* @lastmodified $Date$ |
|
32 |
* @since File available since 2012-04-01 |
|
33 |
* @description xyz |
|
34 |
*/ |
|
35 |
|
|
18 | 36 |
$debug = true; |
19 | 37 |
|
20 | 38 |
include(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php'); |
21 | 39 |
include(dirname(dirname(__FILE__)).'/framework/WbAutoloader.php'); |
22 | 40 |
WbAutoloader::doRegister(array('admin'=>'a', 'modules'=>'m')); |
23 | 41 |
|
42 |
/** |
|
43 |
* Set constants for system/install values |
|
44 |
* @throws RuntimeException |
|
45 |
*/ |
|
46 |
function _SetInstallPathConstants() { |
|
47 |
if(!defined('DEBUG')){ define('DEBUG', false); } // normaly set in config file |
|
48 |
if(!defined('ADMIN_DIRECTORY')){ define('ADMIN_DIRECTORY', 'admin'); } |
|
49 |
if(!preg_match('/xx[a-z0-9_][a-z0-9_\-\.]+/i', 'xx'.ADMIN_DIRECTORY)) { |
|
50 |
throw new RuntimeException('Invalid admin-directory: ' . ADMIN_DIRECTORY); |
|
51 |
} |
|
52 |
if(!defined('WB_PATH')){ define('WB_PATH', dirname(dirname(__FILE__))); } |
|
53 |
if(!defined('ADMIN_URL')){ define('ADMIN_URL', WB_URL.'/'.ADMIN_DIRECTORY); } |
|
54 |
if(!defined('ADMIN_PATH')){ define('ADMIN_PATH', WB_PATH.'/'.ADMIN_DIRECTORY); } |
|
55 |
if(!defined('WB_REL')){ |
|
56 |
$x1 = parse_url(WB_URL); |
|
57 |
define('WB_REL', (isset($x1['path']) ? $x1['path'] : '')); |
|
58 |
} |
|
59 |
define('ADMIN_REL', WB_REL.'/'.ADMIN_DIRECTORY); |
|
60 |
if(!defined('DOCUMENT_ROOT')) { |
|
61 |
|
|
62 |
define('DOCUMENT_ROOT', preg_replace('/'.preg_quote(WB_REL, '/').'$/', '', WB_PATH)); |
|
63 |
} |
|
64 |
define('TMP_PATH', WB_PATH.'/temp'); |
|
65 |
} |
|
66 |
|
|
67 |
/** |
|
68 |
* Read DB settings from configuration file |
|
69 |
* @return string |
|
70 |
* @throws RuntimeException |
|
71 |
* |
|
72 |
*/ |
|
73 |
function _readConfiguration($sRetvalType = 'url') { |
|
74 |
// check for valid file request. Becomes more stronger in next version |
|
75 |
$x = debug_backtrace(); |
|
76 |
$bValidRequest = false; |
|
77 |
if(sizeof($x) != 0) { |
|
78 |
foreach($x as $aStep) { |
|
79 |
// define the scripts which can read the configuration |
|
80 |
if(preg_match('/(save.php|index.php|config.php|upgrade-script.php)$/si', $aStep['file'])) { |
|
81 |
$bValidRequest = true; |
|
82 |
break; |
|
83 |
} |
|
84 |
} |
|
85 |
}else { |
|
86 |
$bValidRequest = true; |
|
87 |
} |
|
88 |
if(!$bValidRequest) { |
|
89 |
throw new RuntimeException('illegal function request!'); |
|
90 |
} |
|
91 |
$aRetval = array(); |
|
92 |
$sSetupFile = dirname(dirname(__FILE__)).'/setup.ini.php'; |
|
93 |
if(is_readable($sSetupFile)) { |
|
94 |
$aCfg = parse_ini_file($sSetupFile, true); |
|
95 |
foreach($aCfg['Constants'] as $key=>$value) { |
|
96 |
if($key == 'debug') { $value = filter_var($value, FILTER_VALIDATE_BOOLEAN); } |
|
97 |
if(!defined(strtoupper($key))) { define(strtoupper($key), $value); } |
|
98 |
} |
|
99 |
$db = $aCfg['DataBase']; |
|
100 |
$db['type'] = isset($db['type']) ? $db['type'] : 'mysql'; |
|
101 |
$db['user'] = isset($db['user']) ? $db['user'] : 'foo'; |
|
102 |
$db['pass'] = isset($db['pass']) ? $db['pass'] : 'bar'; |
|
103 |
$db['host'] = isset($db['host']) ? $db['host'] : 'localhost'; |
|
104 |
$db['port'] = isset($db['port']) ? $db['port'] : '3306'; |
|
105 |
$db['port'] = ($db['port'] != '3306') ? $db['port'] : ''; |
|
106 |
$db['name'] = isset($db['name']) ? $db['name'] : 'dummy'; |
|
107 |
$db['charset'] = isset($db['charset']) ? $db['charset'] : 'utf8'; |
|
108 |
$db['table_prefix'] = (isset($db['table_prefix']) ? $db['table_prefix'] : ''); |
|
109 |
define('TABLE_PREFIX', $db['table_prefix']); |
|
110 |
if($sRetvalType == 'dsn') { |
|
111 |
$aRetval[0] = $db['type'].':dbname='.$db['name'].';host='.$db['host'].';' |
|
112 |
. ($db['port'] != '' ? 'port='.(int)$db['port'].';' : ''); |
|
113 |
$aRetval[1] = array('CHARSET' => $db['charset'], 'TABLE_PREFIX' => $db['table_prefix']); |
|
114 |
$aRetval[2] = array( 'user' => $db['user'], 'pass' => $db['pass']); |
|
115 |
}else { // $sRetvalType == 'url' |
|
116 |
$aRetval[0] = $db['type'].'://'.$db['user'].':'.$db['pass'].'@' |
|
117 |
. $db['host'].($db['port'] != '' ? ':'.$db['port'] : '').'/'.$db['name']; |
|
118 |
} |
|
119 |
unset($db, $aCfg); |
|
120 |
return $aRetval; |
|
121 |
} |
|
122 |
throw new RuntimeException('unable to read setup.ini.php'); |
|
123 |
} |
|
124 |
|
|
24 | 125 |
if (true === $debug) { |
25 | 126 |
ini_set('display_errors', 1); |
26 | 127 |
error_reporting(E_ALL); |
... | ... | |
142 | 243 |
$wb_url = $_POST['wb_url']; |
143 | 244 |
} |
144 | 245 |
// Remove any slashes at the end of the URL |
145 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "/") { |
|
146 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1); |
|
147 |
} |
|
148 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "\\") { |
|
149 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1); |
|
150 |
} |
|
151 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "/") { |
|
152 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1); |
|
153 |
} |
|
154 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "\\") { |
|
155 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1); |
|
156 |
} |
|
246 |
$wb_url = rtrim($wb_url,'/\\'); |
|
157 | 247 |
// Get the default time zone |
158 | 248 |
if(!isset($_POST['default_timezone']) OR !is_numeric($_POST['default_timezone'])) { |
159 | 249 |
set_error('Please select a valid default timezone', 'default_timezone'); |
... | ... | |
228 | 318 |
$database_username = $_POST['database_username']; |
229 | 319 |
} |
230 | 320 |
// Check if user has entered a database password |
231 |
if(!isset($_POST['database_password'])) { |
|
321 |
if(!isset($_POST['database_password'])&& ($_POST['database_password']==='') ) {
|
|
232 | 322 |
set_error('Please enter a database password', 'database_password'); |
233 | 323 |
} else { |
234 | 324 |
$database_password = $_POST['database_password']; |
... | ... | |
281 | 371 |
// End admin user details code |
282 | 372 |
|
283 | 373 |
// Try and write settings to config file |
284 |
$config_content = "" . |
|
285 |
"<?php\n". |
|
286 |
"\n". |
|
287 |
"define('DEBUG', false);\n". |
|
288 |
"define('DB_TYPE', 'mysql');\n". |
|
289 |
"define('DB_HOST', '$database_host');\n". |
|
290 |
"define('DB_NAME', '$database_name');\n". |
|
291 |
"define('DB_USERNAME', '$database_username');\n". |
|
292 |
"define('DB_PASSWORD', '$database_password');\n". |
|
293 |
"define('TABLE_PREFIX', '$table_prefix');\n". |
|
294 |
"\n". |
|
295 |
"define('WB_URL', '$wb_url');\n". |
|
296 |
"define('ADMIN_DIRECTORY', 'admin'); // no leading/trailing slash or backslash!! A simple directory only!!\n". |
|
297 |
"\n". |
|
298 |
"require_once(dirname(__FILE__).'/framework/initialize.php');\n"; |
|
299 |
|
|
300 |
$config_filename = '../config.php'; |
|
374 |
$sConfigContent = |
|
375 |
";<?php die('sorry, illegal file access'); ?>#####\n" |
|
376 |
.";################################################\n" |
|
377 |
."; WebsiteBaker configuration file\n" |
|
378 |
."; auto generated ".date('Y-m-d h:i:s A e ')."\n" |
|
379 |
.";################################################\n" |
|
380 |
."[Constants]\n" |
|
381 |
."debug = false\n" |
|
382 |
."wb_url = ".$wb_url."\n" |
|
383 |
."admin_directory = admin\n" |
|
384 |
.";##########\n" |
|
385 |
."[DataBase]\n" |
|
386 |
."type = \"mysql\"\n" |
|
387 |
."user = \"".$database_username."\"\n" |
|
388 |
."pass = \"".$database_password."\"\n" |
|
389 |
."host = \"".$database_host."\"\n" |
|
390 |
."port = \"3306\"\n" |
|
391 |
."name = \"".$database_name."\"\n" |
|
392 |
."charset = \"utf8\"\n" |
|
393 |
."table_prefix = \"".$table_prefix."\"\n" |
|
394 |
.";\n" |
|
395 |
.";################################################\n"; |
|
396 |
$sConfigFile = realpath('../setup.ini.php'); |
|
397 |
$sConfigName = basename($sConfigFile); |
|
301 | 398 |
// Check if the file exists and is writable first. |
302 |
if(file_exists($config_filename) AND is_writable($config_filename)) {
|
|
303 |
if(!$handle = fopen($config_filename, 'w')) {
|
|
304 |
set_error("Cannot open the configuration file ($config_filename)");
|
|
399 |
if(file_exists($sConfigFile) && is_writable($sConfigFile)) {
|
|
400 |
if(!$handle = fopen($sConfigFile, 'w')) {
|
|
401 |
set_error("Cannot open the configuration file ($sConfigName)");
|
|
305 | 402 |
} else { |
306 |
if (fwrite($handle, $config_content) === FALSE) {
|
|
307 |
set_error("Cannot write to the configuration file ($config_filename)");
|
|
403 |
if (fwrite($handle, $sConfigContent) === FALSE) {
|
|
404 |
set_error("Cannot write to the configuration file ($sConfigName)");
|
|
308 | 405 |
} |
309 | 406 |
// Close file |
310 | 407 |
fclose($handle); |
311 | 408 |
} |
312 | 409 |
} else { |
313 |
set_error("The configuration file $config_filename is not writable. Change its permissions so it is, then re-run step 4.");
|
|
410 |
set_error("The configuration file $sConfigName is not writable. Change its permissions so it is, then re-run step 4.");
|
|
314 | 411 |
} |
315 | 412 |
|
316 |
// Define configuration vars |
|
317 |
define('DEBUG', false); |
|
318 |
define('DB_TYPE', 'mysql'); |
|
319 |
define('DB_HOST', $database_host); |
|
320 |
define('DB_NAME', $database_name); |
|
321 |
define('DB_USERNAME', $database_username); |
|
322 |
define('DB_PASSWORD', $database_password); |
|
323 |
define('TABLE_PREFIX', $table_prefix); |
|
324 |
define('WB_PATH', dirname(dirname(__FILE__))); |
|
325 |
define('WB_URL', $wb_url); |
|
326 |
define('ADMIN_DIRECTORY', 'admin'); |
|
327 |
define('ADMIN_PATH', WB_PATH.'/'.ADMIN_DIRECTORY); |
|
328 |
define('ADMIN_URL', $wb_url.'/'.ADMIN_DIRECTORY); |
|
413 |
// load db configuration --- |
|
414 |
$sDbConnectType = 'url'; // depending from class WbDatabase it can be 'url' or 'dsn' |
|
415 |
$aSqlData = _readConfiguration($sDbConnectType); |
|
329 | 416 |
|
330 |
// Check if the user has entered a correct path |
|
331 |
if(!file_exists(WB_PATH.'/framework/class.admin.php')) { |
|
332 |
set_error('It appears the Absolute path that you entered is incorrect'); |
|
417 |
_SetInstallPathConstants(); |
|
418 |
|
|
419 |
if(!file_exists(WB_PATH.'/framework/class.admin.php')) { |
|
420 |
set_error('It appears the Absolute path that you entered is incorrect'); |
|
421 |
} |
|
422 |
|
|
423 |
$database = WbDatabase::getInstance(); |
|
424 |
try{ |
|
425 |
if($sDbConnectType == 'dsn') { |
|
426 |
$bTmp = @$database->doConnect($aSqlData[0], $aSqlData[1]['user'], $aSqlData[1]['pass'], $aSqlData[2]); |
|
427 |
}else { |
|
428 |
$bTmp = @$database->doConnect($aSqlData[0], TABLE_PREFIX); |
|
333 | 429 |
} |
334 |
$sSqlUrl = DB_TYPE.'://'.DB_USERNAME.':'.DB_PASSWORD.'@'.DB_HOST.'/'.DB_NAME; |
|
335 |
$database = WbDatabase::getInstance(); |
|
336 |
$database->doConnect($sSqlUrl); |
|
430 |
} catch (RuntimeException $e) { |
|
431 |
if(!file_put_contents($sConfigFile,"<?php\n")) { |
|
432 |
set_error("Cannot write to the configuration file ($sSetupFile)"); |
|
433 |
} |
|
434 |
set_error($e->getMessage()); |
|
435 |
} |
|
337 | 436 |
|
338 |
$sSecMod = (defined('SECURE_FORM_MODULE') && SECURE_FORM_MODULE != '') ? '.'.SECURE_FORM_MODULE : ''; |
|
339 |
$sSecMod = WB_PATH.'/framework/SecureForm'.$sSecMod.'.php'; |
|
340 |
require_once($sSecMod); |
|
341 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
437 |
unset($aSqlData); |
|
438 |
// write the config.php |
|
439 |
$sConfigContent = "<?php\n" |
|
440 |
."/* this file is for backward compatibility only */\n" |
|
441 |
."include_once(dirname(__FILE__).'/framework/initialize.php');\n"; |
|
442 |
$sSetupFile = WB_PATH.'/config.php'; |
|
443 |
if(!file_put_contents($sSetupFile,$sConfigContent)) { |
|
444 |
set_error("Cannot write to the configuration file ($sSetupFile)"); |
|
445 |
} |
|
446 |
$sSecMod = (defined('SECURE_FORM_MODULE') && SECURE_FORM_MODULE != '') ? '.'.SECURE_FORM_MODULE : ''; |
|
447 |
$sSecMod = WB_PATH.'/framework/SecureForm'.$sSecMod.'.php'; |
|
448 |
require_once($sSecMod); |
|
449 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
342 | 450 |
|
343 | 451 |
// Dummy class to allow modules' install scripts to call $admin->print_error |
344 | 452 |
class admin_dummy extends admin |
345 | 453 |
Also available in: Unified diff
! from security reasons the new installation has changed
from the old config.php into new setup.ini.php without
using global constants for critical values like username & password and so on.