Revision 1884
Added by Dietmar over 11 years ago
| save.php | ||
|---|---|---|
| 1 | 1 |
<?php |
| 2 | 2 |
/** |
| 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. |
|
| 3 | 4 |
* |
| 4 |
* @category backend |
|
| 5 |
* @package install |
|
| 6 |
* @author Ryan Djurovich, WebsiteBaker Project |
|
| 7 |
* @copyright 2009-2012, WebsiteBaker Org. e.V. |
|
| 8 |
* @link http://www.websitebaker2.org/ |
|
| 9 |
* @license http://www.gnu.org/licenses/gpl.html |
|
| 10 |
* @platform WebsiteBaker 2.8.x |
|
| 11 |
* @requirements PHP 5.2.2 and higher |
|
| 12 |
* @version $Id$ |
|
| 13 |
* @filesource $HeadURL: $ |
|
| 14 |
* @lastmodified $Date: $ |
|
| 5 |
* This program is free software: you can redistribute it and/or modify |
|
| 6 |
* it under the terms of the GNU General Public License as published by |
|
| 7 |
* the Free Software Foundation, either version 3 of the License, or |
|
| 8 |
* (at your option) any later version. |
|
| 15 | 9 |
* |
| 10 |
* This program is distributed in the hope that it will be useful, |
|
| 11 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
| 12 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
| 13 |
* GNU General Public License for more details. |
|
| 14 |
* |
|
| 15 |
* You should have received a copy of the GNU General Public License |
|
| 16 |
* along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
| 16 | 17 |
*/ |
| 17 | 18 |
|
| 19 |
/** |
|
| 20 |
* save.php |
|
| 21 |
* |
|
| 22 |
* @category Core |
|
| 23 |
* @package Core_Environment |
|
| 24 |
* @subpackage Installer |
|
| 25 |
* @author Dietmar Wöllbrink <dietmar.woellbrink@websitebaker.org> |
|
| 26 |
* @copyright Werner v.d.Decken <wkl@isteam.de> |
|
| 27 |
* @license http://www.gnu.org/licenses/gpl.html GPL License |
|
| 28 |
* @version 0.0.2 |
|
| 29 |
* @revision $Revision$ |
|
| 30 |
* @link $HeadURL$ |
|
| 31 |
* @lastmodified $Date$ |
|
| 32 |
* @since File available since 2012-04-01 |
|
| 33 |
* @description xyz |
|
| 34 |
*/ |
|
| 35 |
|
|
| 18 | 36 |
$debug = true; |
| 19 | 37 |
|
| 20 | 38 |
include(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php'); |
| 21 | 39 |
include(dirname(dirname(__FILE__)).'/framework/WbAutoloader.php'); |
| 22 | 40 |
WbAutoloader::doRegister(array('admin'=>'a', 'modules'=>'m'));
|
| 23 | 41 |
|
| 42 |
/** |
|
| 43 |
* Set constants for system/install values |
|
| 44 |
* @throws RuntimeException |
|
| 45 |
*/ |
|
| 46 |
function _SetInstallPathConstants() {
|
|
| 47 |
if(!defined('DEBUG')){ define('DEBUG', false); } // normaly set in config file
|
|
| 48 |
if(!defined('ADMIN_DIRECTORY')){ define('ADMIN_DIRECTORY', 'admin'); }
|
|
| 49 |
if(!preg_match('/xx[a-z0-9_][a-z0-9_\-\.]+/i', 'xx'.ADMIN_DIRECTORY)) {
|
|
| 50 |
throw new RuntimeException('Invalid admin-directory: ' . ADMIN_DIRECTORY);
|
|
| 51 |
} |
|
| 52 |
if(!defined('WB_PATH')){ define('WB_PATH', dirname(dirname(__FILE__))); }
|
|
| 53 |
if(!defined('ADMIN_URL')){ define('ADMIN_URL', WB_URL.'/'.ADMIN_DIRECTORY); }
|
|
| 54 |
if(!defined('ADMIN_PATH')){ define('ADMIN_PATH', WB_PATH.'/'.ADMIN_DIRECTORY); }
|
|
| 55 |
if(!defined('WB_REL')){
|
|
| 56 |
$x1 = parse_url(WB_URL); |
|
| 57 |
define('WB_REL', (isset($x1['path']) ? $x1['path'] : ''));
|
|
| 58 |
} |
|
| 59 |
define('ADMIN_REL', WB_REL.'/'.ADMIN_DIRECTORY);
|
|
| 60 |
if(!defined('DOCUMENT_ROOT')) {
|
|
| 61 |
|
|
| 62 |
define('DOCUMENT_ROOT', preg_replace('/'.preg_quote(WB_REL, '/').'$/', '', WB_PATH));
|
|
| 63 |
} |
|
| 64 |
define('TMP_PATH', WB_PATH.'/temp');
|
|
| 65 |
} |
|
| 66 |
|
|
| 67 |
/** |
|
| 68 |
* Read DB settings from configuration file |
|
| 69 |
* @return string |
|
| 70 |
* @throws RuntimeException |
|
| 71 |
* |
|
| 72 |
*/ |
|
| 73 |
function _readConfiguration($sRetvalType = 'url') {
|
|
| 74 |
// check for valid file request. Becomes more stronger in next version |
|
| 75 |
$x = debug_backtrace(); |
|
| 76 |
$bValidRequest = false; |
|
| 77 |
if(sizeof($x) != 0) {
|
|
| 78 |
foreach($x as $aStep) {
|
|
| 79 |
// define the scripts which can read the configuration |
|
| 80 |
if(preg_match('/(save.php|index.php|config.php|upgrade-script.php)$/si', $aStep['file'])) {
|
|
| 81 |
$bValidRequest = true; |
|
| 82 |
break; |
|
| 83 |
} |
|
| 84 |
} |
|
| 85 |
}else {
|
|
| 86 |
$bValidRequest = true; |
|
| 87 |
} |
|
| 88 |
if(!$bValidRequest) {
|
|
| 89 |
throw new RuntimeException('illegal function request!');
|
|
| 90 |
} |
|
| 91 |
$aRetval = array(); |
|
| 92 |
$sSetupFile = dirname(dirname(__FILE__)).'/setup.ini.php'; |
|
| 93 |
if(is_readable($sSetupFile)) {
|
|
| 94 |
$aCfg = parse_ini_file($sSetupFile, true); |
|
| 95 |
foreach($aCfg['Constants'] as $key=>$value) {
|
|
| 96 |
if($key == 'debug') { $value = filter_var($value, FILTER_VALIDATE_BOOLEAN); }
|
|
| 97 |
if(!defined(strtoupper($key))) { define(strtoupper($key), $value); }
|
|
| 98 |
} |
|
| 99 |
$db = $aCfg['DataBase']; |
|
| 100 |
$db['type'] = isset($db['type']) ? $db['type'] : 'mysql'; |
|
| 101 |
$db['user'] = isset($db['user']) ? $db['user'] : 'foo'; |
|
| 102 |
$db['pass'] = isset($db['pass']) ? $db['pass'] : 'bar'; |
|
| 103 |
$db['host'] = isset($db['host']) ? $db['host'] : 'localhost'; |
|
| 104 |
$db['port'] = isset($db['port']) ? $db['port'] : '3306'; |
|
| 105 |
$db['port'] = ($db['port'] != '3306') ? $db['port'] : ''; |
|
| 106 |
$db['name'] = isset($db['name']) ? $db['name'] : 'dummy'; |
|
| 107 |
$db['charset'] = isset($db['charset']) ? $db['charset'] : 'utf8'; |
|
| 108 |
$db['table_prefix'] = (isset($db['table_prefix']) ? $db['table_prefix'] : ''); |
|
| 109 |
define('TABLE_PREFIX', $db['table_prefix']);
|
|
| 110 |
if($sRetvalType == 'dsn') {
|
|
| 111 |
$aRetval[0] = $db['type'].':dbname='.$db['name'].';host='.$db['host'].';' |
|
| 112 |
. ($db['port'] != '' ? 'port='.(int)$db['port'].';' : ''); |
|
| 113 |
$aRetval[1] = array('CHARSET' => $db['charset'], 'TABLE_PREFIX' => $db['table_prefix']);
|
|
| 114 |
$aRetval[2] = array( 'user' => $db['user'], 'pass' => $db['pass']); |
|
| 115 |
}else { // $sRetvalType == 'url'
|
|
| 116 |
$aRetval[0] = $db['type'].'://'.$db['user'].':'.$db['pass'].'@' |
|
| 117 |
. $db['host'].($db['port'] != '' ? ':'.$db['port'] : '').'/'.$db['name']; |
|
| 118 |
} |
|
| 119 |
unset($db, $aCfg); |
|
| 120 |
return $aRetval; |
|
| 121 |
} |
|
| 122 |
throw new RuntimeException('unable to read setup.ini.php');
|
|
| 123 |
} |
|
| 124 |
|
|
| 24 | 125 |
if (true === $debug) {
|
| 25 | 126 |
ini_set('display_errors', 1);
|
| 26 | 127 |
error_reporting(E_ALL); |
| ... | ... | |
| 142 | 243 |
$wb_url = $_POST['wb_url']; |
| 143 | 244 |
} |
| 144 | 245 |
// Remove any slashes at the end of the URL |
| 145 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "/") {
|
|
| 146 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1); |
|
| 147 |
} |
|
| 148 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "\\") {
|
|
| 149 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1); |
|
| 150 |
} |
|
| 151 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "/") {
|
|
| 152 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1); |
|
| 153 |
} |
|
| 154 |
if(substr($wb_url, strlen($wb_url)-1, 1) == "\\") {
|
|
| 155 |
$wb_url = substr($wb_url, 0, strlen($wb_url)-1); |
|
| 156 |
} |
|
| 246 |
$wb_url = rtrim($wb_url,'/\\'); |
|
| 157 | 247 |
// Get the default time zone |
| 158 | 248 |
if(!isset($_POST['default_timezone']) OR !is_numeric($_POST['default_timezone'])) {
|
| 159 | 249 |
set_error('Please select a valid default timezone', 'default_timezone');
|
| ... | ... | |
| 228 | 318 |
$database_username = $_POST['database_username']; |
| 229 | 319 |
} |
| 230 | 320 |
// Check if user has entered a database password |
| 231 |
if(!isset($_POST['database_password'])) {
|
|
| 321 |
if(!isset($_POST['database_password'])&& ($_POST['database_password']==='') ) {
|
|
| 232 | 322 |
set_error('Please enter a database password', 'database_password');
|
| 233 | 323 |
} else {
|
| 234 | 324 |
$database_password = $_POST['database_password']; |
| ... | ... | |
| 281 | 371 |
// End admin user details code |
| 282 | 372 |
|
| 283 | 373 |
// Try and write settings to config file |
| 284 |
$config_content = "" . |
|
| 285 |
"<?php\n". |
|
| 286 |
"\n". |
|
| 287 |
"define('DEBUG', false);\n".
|
|
| 288 |
"define('DB_TYPE', 'mysql');\n".
|
|
| 289 |
"define('DB_HOST', '$database_host');\n".
|
|
| 290 |
"define('DB_NAME', '$database_name');\n".
|
|
| 291 |
"define('DB_USERNAME', '$database_username');\n".
|
|
| 292 |
"define('DB_PASSWORD', '$database_password');\n".
|
|
| 293 |
"define('TABLE_PREFIX', '$table_prefix');\n".
|
|
| 294 |
"\n". |
|
| 295 |
"define('WB_URL', '$wb_url');\n".
|
|
| 296 |
"define('ADMIN_DIRECTORY', 'admin'); // no leading/trailing slash or backslash!! A simple directory only!!\n".
|
|
| 297 |
"\n". |
|
| 298 |
"require_once(dirname(__FILE__).'/framework/initialize.php');\n"; |
|
| 299 |
|
|
| 300 |
$config_filename = '../config.php'; |
|
| 374 |
$sConfigContent = |
|
| 375 |
";<?php die('sorry, illegal file access'); ?>#####\n"
|
|
| 376 |
.";################################################\n" |
|
| 377 |
."; WebsiteBaker configuration file\n" |
|
| 378 |
."; auto generated ".date('Y-m-d h:i:s A e ')."\n"
|
|
| 379 |
.";################################################\n" |
|
| 380 |
."[Constants]\n" |
|
| 381 |
."debug = false\n" |
|
| 382 |
."wb_url = ".$wb_url."\n" |
|
| 383 |
."admin_directory = admin\n" |
|
| 384 |
.";##########\n" |
|
| 385 |
."[DataBase]\n" |
|
| 386 |
."type = \"mysql\"\n" |
|
| 387 |
."user = \"".$database_username."\"\n" |
|
| 388 |
."pass = \"".$database_password."\"\n" |
|
| 389 |
."host = \"".$database_host."\"\n" |
|
| 390 |
."port = \"3306\"\n" |
|
| 391 |
."name = \"".$database_name."\"\n" |
|
| 392 |
."charset = \"utf8\"\n" |
|
| 393 |
."table_prefix = \"".$table_prefix."\"\n" |
|
| 394 |
.";\n" |
|
| 395 |
.";################################################\n"; |
|
| 396 |
$sConfigFile = realpath('../setup.ini.php');
|
|
| 397 |
$sConfigName = basename($sConfigFile); |
|
| 301 | 398 |
// Check if the file exists and is writable first. |
| 302 |
if(file_exists($config_filename) AND is_writable($config_filename)) {
|
|
| 303 |
if(!$handle = fopen($config_filename, 'w')) {
|
|
| 304 |
set_error("Cannot open the configuration file ($config_filename)");
|
|
| 399 |
if(file_exists($sConfigFile) && is_writable($sConfigFile)) {
|
|
| 400 |
if(!$handle = fopen($sConfigFile, 'w')) {
|
|
| 401 |
set_error("Cannot open the configuration file ($sConfigName)");
|
|
| 305 | 402 |
} else {
|
| 306 |
if (fwrite($handle, $config_content) === FALSE) {
|
|
| 307 |
set_error("Cannot write to the configuration file ($config_filename)");
|
|
| 403 |
if (fwrite($handle, $sConfigContent) === FALSE) {
|
|
| 404 |
set_error("Cannot write to the configuration file ($sConfigName)");
|
|
| 308 | 405 |
} |
| 309 | 406 |
// Close file |
| 310 | 407 |
fclose($handle); |
| 311 | 408 |
} |
| 312 | 409 |
} else {
|
| 313 |
set_error("The configuration file $config_filename is not writable. Change its permissions so it is, then re-run step 4.");
|
|
| 410 |
set_error("The configuration file $sConfigName is not writable. Change its permissions so it is, then re-run step 4.");
|
|
| 314 | 411 |
} |
| 315 | 412 |
|
| 316 |
// Define configuration vars |
|
| 317 |
define('DEBUG', false);
|
|
| 318 |
define('DB_TYPE', 'mysql');
|
|
| 319 |
define('DB_HOST', $database_host);
|
|
| 320 |
define('DB_NAME', $database_name);
|
|
| 321 |
define('DB_USERNAME', $database_username);
|
|
| 322 |
define('DB_PASSWORD', $database_password);
|
|
| 323 |
define('TABLE_PREFIX', $table_prefix);
|
|
| 324 |
define('WB_PATH', dirname(dirname(__FILE__)));
|
|
| 325 |
define('WB_URL', $wb_url);
|
|
| 326 |
define('ADMIN_DIRECTORY', 'admin');
|
|
| 327 |
define('ADMIN_PATH', WB_PATH.'/'.ADMIN_DIRECTORY);
|
|
| 328 |
define('ADMIN_URL', $wb_url.'/'.ADMIN_DIRECTORY);
|
|
| 413 |
// load db configuration --- |
|
| 414 |
$sDbConnectType = 'url'; // depending from class WbDatabase it can be 'url' or 'dsn' |
|
| 415 |
$aSqlData = _readConfiguration($sDbConnectType); |
|
| 329 | 416 |
|
| 330 |
// Check if the user has entered a correct path |
|
| 331 |
if(!file_exists(WB_PATH.'/framework/class.admin.php')) {
|
|
| 332 |
set_error('It appears the Absolute path that you entered is incorrect');
|
|
| 417 |
_SetInstallPathConstants(); |
|
| 418 |
|
|
| 419 |
if(!file_exists(WB_PATH.'/framework/class.admin.php')) {
|
|
| 420 |
set_error('It appears the Absolute path that you entered is incorrect');
|
|
| 421 |
} |
|
| 422 |
|
|
| 423 |
$database = WbDatabase::getInstance(); |
|
| 424 |
try{
|
|
| 425 |
if($sDbConnectType == 'dsn') {
|
|
| 426 |
$bTmp = @$database->doConnect($aSqlData[0], $aSqlData[1]['user'], $aSqlData[1]['pass'], $aSqlData[2]); |
|
| 427 |
}else {
|
|
| 428 |
$bTmp = @$database->doConnect($aSqlData[0], TABLE_PREFIX); |
|
| 333 | 429 |
} |
| 334 |
$sSqlUrl = DB_TYPE.'://'.DB_USERNAME.':'.DB_PASSWORD.'@'.DB_HOST.'/'.DB_NAME; |
|
| 335 |
$database = WbDatabase::getInstance(); |
|
| 336 |
$database->doConnect($sSqlUrl); |
|
| 430 |
} catch (RuntimeException $e) {
|
|
| 431 |
if(!file_put_contents($sConfigFile,"<?php\n")) {
|
|
| 432 |
set_error("Cannot write to the configuration file ($sSetupFile)");
|
|
| 433 |
} |
|
| 434 |
set_error($e->getMessage()); |
|
| 435 |
} |
|
| 337 | 436 |
|
| 338 |
$sSecMod = (defined('SECURE_FORM_MODULE') && SECURE_FORM_MODULE != '') ? '.'.SECURE_FORM_MODULE : '';
|
|
| 339 |
$sSecMod = WB_PATH.'/framework/SecureForm'.$sSecMod.'.php'; |
|
| 340 |
require_once($sSecMod); |
|
| 341 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
| 437 |
unset($aSqlData); |
|
| 438 |
// write the config.php |
|
| 439 |
$sConfigContent = "<?php\n" |
|
| 440 |
."/* this file is for backward compatibility only */\n" |
|
| 441 |
."include_once(dirname(__FILE__).'/framework/initialize.php');\n"; |
|
| 442 |
$sSetupFile = WB_PATH.'/config.php'; |
|
| 443 |
if(!file_put_contents($sSetupFile,$sConfigContent)) {
|
|
| 444 |
set_error("Cannot write to the configuration file ($sSetupFile)");
|
|
| 445 |
} |
|
| 446 |
$sSecMod = (defined('SECURE_FORM_MODULE') && SECURE_FORM_MODULE != '') ? '.'.SECURE_FORM_MODULE : '';
|
|
| 447 |
$sSecMod = WB_PATH.'/framework/SecureForm'.$sSecMod.'.php'; |
|
| 448 |
require_once($sSecMod); |
|
| 449 |
require_once(WB_PATH.'/framework/class.admin.php'); |
|
| 342 | 450 |
|
| 343 | 451 |
// Dummy class to allow modules' install scripts to call $admin->print_error |
| 344 | 452 |
class admin_dummy extends admin |
| 345 | 453 | |
Also available in: Unified diff
! from security reasons the new installation has changed
from the old config.php into new setup.ini.php without
using global constants for critical values like username & password and so on.