Index: branches/2.8.x/CHANGELOG =================================================================== --- branches/2.8.x/CHANGELOG (revision 1883) +++ branches/2.8.x/CHANGELOG (revision 1884) @@ -11,6 +11,10 @@ ! = Update/Change =============================================================================== +10 Mar-2013 Build 1884 Dietmar Woellbrink (Luisehahne) +! from security reasons the new installation has changed + from the old config.php into new setup.ini.php without + using global constants for critical values like username & password and so on. 07 Mar-2013 Build 1883 Dietmar Woellbrink (Luisehahne) ! groups change languages class to translate class ! prepare upgrade-script for WB Version 2.8.4 (versioncompare) Index: branches/2.8.x/wb/config.php.new =================================================================== --- branches/2.8.x/wb/config.php.new (revision 1883) +++ branches/2.8.x/wb/config.php.new (revision 1884) @@ -1 +0,0 @@ - thead { - background-color: #f2f1ff; - } - table > thead > tr { - } - table > thead > tr > th { - color: #555758; - font-size: 1.15em; - padding: 1.2em 1em; - } - table > thead > tr > td { - color: #555758; - font-size: 1.08em; - padding: 1.2em 1em; - } - table > tbody { - display: block; - } - table > tbody > tr { - border-bottom :1px solid #222222; /* #d2d1cc; */ - padding :0.8em 0 0.2em 0; - width :100%; -} - table > tbody > tr > th { - font-size: 1em; - width: 1%; - padding-left: 0.8em; padding-right: 0.8em; - vertical-align: top; - text-align: right; - white-space: nowrap; - } - table > tbody > tr > td { - font-size: 1em; - width: 19%; - padding-left: 0.8em; padding-right: 0.8em; - vertical-align: top; - text-align: left; - line-height :2em; - } - -td.step-row { - line-height : 3em; - color : #666666; - font-weight : bold; - font-size : 100%; -} -td.name { - width : 180px; - color: #666666; - vertical-align :middle; - font-weight : bold; - font-size : 90%; - float :left; - } -td.value { - width : 100%; - vertical-align :middle; - } -td.value input { - width : 100%; - vertical-align :middle; - } - - -h1.step-row { - margin : 0; - display :inline; - color : #6699ff; -} +table { margin-top :15px; margin-bottom :5px; width :100%; border-style :solid; border-width :1px 2px 2px 1px; border-color :#A3BACA; background :#F8F8FF; } + table > thead { background :#F2F1FF; } + table > thead > tr { } + table > thead > tr > th { color :#555758; font-size :1.15em; padding :1.2em 1em; } + table > thead > tr > td { color :#555758; font-size :1.08em; padding :1.2em 1em; } + table > tbody { display :block; } + table > tbody > tr { border-bottom :1px solid #222222; /* #d2d1cc; */ padding :0.8em 0 0.2em 0; width :100%; } + table > tbody > tr > th { font-size :1em; width :1%; padding-left :0.8em; padding-right :0.8em; vertical-align :top; text-align :right; white-space :nowrap; } + table > tbody > tr > td { font-size :1em; width :19%; padding-left :0.8em; padding-right :0.8em; vertical-align :top; text-align :left; line-height :2em; } +td.step-row { line-height :3em; color :#666666; font-weight :bold; font-size :100%; } +td.name { width :180px; color :#666666; vertical-align :middle; font-weight :bold; font-size :90%; float :left; } +td.value { width :100%; vertical-align :middle; } +td.value input { width :100%; vertical-align :middle; } +h1.step-row { margin :0; display :inline; color :#6699FF; } /* FORM Elements */ -form { margin: 0; } -input, select { padding: 2px; border: solid 1px #a3baca; } -input:focus, select:focus { background: #fdf8e8; } -input.submit { - color: #305c8d; - font-size: 12px; - font-weight: bold; - text-transform: uppercase; - letter-spacing: 1px; - padding: 6px; - margin: 1em 0; - cursor: pointer; - border: outset 2px green; -} -input.submit:hover { - border-style: inset; -} -input.submit.bad { - background-color: #fde8e8; - border-color: red; -} -input.submit.good { - background-color: #deffde; - border-color: green; -} +form { margin :0; } +input, select { padding :2px; border :solid 1px #A3BACA; } +input:focus, select:focus { background :#FDF8E8; } +input.submit { color :#305C8D; font-size :12px; font-weight :bold; text-transform :uppercase; letter-spacing :1px; padding :6px; margin :1em 0; cursor :pointer; border :outset 2px #008000; } +input.submit:hover { border-style :inset; } +input.submit.bad { border-color :#FF0000; background :#FDE8E8; } +input.submit.good { border-color :#008000; background :#DEFFDE; } /* COMMON Elements */ -img {border: none; } -p { margin: 11px 0 4px 0 } -h1 { color: #3a628f; font-size: 1.3em; margin: 10px 0 5px; border-top: medium none } -a, a:link, a:visited, a:active { color: #003366; text-decoration: underline } -a:focus {outline: none; } -a:hover { color: #336699 } +img { border :none; } +p { margin :11px 0 4px 0; } +h1 { color :#3A628F; font-size :1.3em; margin :10px 0 5px; border-top :medium none; } +a, a:link, a:visited, a:active { color :#003366; text-decoration :underline; } +a:focus { outline :none; } +a:hover { color :#336699; } /* HINTS */ - -.warning, .error { - color: #b70000; - line-height: 1.2em; - background-color: #fde8e8; - margin-top: 0.5em; - padding: 0.3em 0.5em; - border: solid 1px -} -.warning { - color: #ca6800; -} -.bad { color: #b70000; } -.good { color: #118301; } -.warn { color: #ca6800; } -.hint { color: #464646; font-size: 0.85em; } -.small { font-size: 0.85em; } -.italic { font-style: italic; } -.center { text-align: center; } -.hide { display: none; } +.warning, .error { color :#B70000; line-height :1.2em; margin-top :0.5em; padding :0.3em 0.5em; border :solid 1px; background :#FDE8E8; } +.warning { color :#CA6800; } +.bad { color :#B70000; } +.good { color :#118301; } +.warn { color :#CA6800; } +.hint { color :#464646; font-size :0.85em; } +.small { font-size :0.85em; } +.italic { font-style :italic; } +.center { text-align :center; } +.hide { display :none; } /* List Elements */ -ul { margin: 0; padding: 2px 0 2px 15px; } -li { list-style-type: square; margin: 0; } +ul { margin :0; padding :2px 0 2px 15px; } +li { list-style-type :square; margin :0; } /* ************************************************************************** */ Index: branches/2.8.x/wb/install/save.php =================================================================== --- branches/2.8.x/wb/install/save.php (revision 1883) +++ branches/2.8.x/wb/install/save.php (revision 1884) @@ -1,20 +1,38 @@ . */ +/** + * save.php + * + * @category Core + * @package Core_Environment + * @subpackage Installer + * @author Dietmar Wöllbrink + * @copyright Werner v.d.Decken + * @license http://www.gnu.org/licenses/gpl.html GPL License + * @version 0.0.2 + * @revision $Revision$ + * @link $HeadURL$ + * @lastmodified $Date$ + * @since File available since 2012-04-01 + * @description xyz + */ + $debug = true; include(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php'); @@ -21,6 +39,89 @@ include(dirname(dirname(__FILE__)).'/framework/WbAutoloader.php'); WbAutoloader::doRegister(array('admin'=>'a', 'modules'=>'m')); +/** + * Set constants for system/install values + * @throws RuntimeException + */ + function _SetInstallPathConstants() { + if(!defined('DEBUG')){ define('DEBUG', false); } // normaly set in config file + if(!defined('ADMIN_DIRECTORY')){ define('ADMIN_DIRECTORY', 'admin'); } + if(!preg_match('/xx[a-z0-9_][a-z0-9_\-\.]+/i', 'xx'.ADMIN_DIRECTORY)) { + throw new RuntimeException('Invalid admin-directory: ' . ADMIN_DIRECTORY); + } + if(!defined('WB_PATH')){ define('WB_PATH', dirname(dirname(__FILE__))); } + if(!defined('ADMIN_URL')){ define('ADMIN_URL', WB_URL.'/'.ADMIN_DIRECTORY); } + if(!defined('ADMIN_PATH')){ define('ADMIN_PATH', WB_PATH.'/'.ADMIN_DIRECTORY); } + if(!defined('WB_REL')){ + $x1 = parse_url(WB_URL); + define('WB_REL', (isset($x1['path']) ? $x1['path'] : '')); + } + define('ADMIN_REL', WB_REL.'/'.ADMIN_DIRECTORY); + if(!defined('DOCUMENT_ROOT')) { + + define('DOCUMENT_ROOT', preg_replace('/'.preg_quote(WB_REL, '/').'$/', '', WB_PATH)); + } + define('TMP_PATH', WB_PATH.'/temp'); + } + +/** + * Read DB settings from configuration file + * @return string + * @throws RuntimeException + * + */ + function _readConfiguration($sRetvalType = 'url') { + // check for valid file request. Becomes more stronger in next version + $x = debug_backtrace(); + $bValidRequest = false; + if(sizeof($x) != 0) { + foreach($x as $aStep) { + // define the scripts which can read the configuration + if(preg_match('/(save.php|index.php|config.php|upgrade-script.php)$/si', $aStep['file'])) { + $bValidRequest = true; + break; + } + } + }else { + $bValidRequest = true; + } + if(!$bValidRequest) { + throw new RuntimeException('illegal function request!'); + } + $aRetval = array(); + $sSetupFile = dirname(dirname(__FILE__)).'/setup.ini.php'; + if(is_readable($sSetupFile)) { + $aCfg = parse_ini_file($sSetupFile, true); + foreach($aCfg['Constants'] as $key=>$value) { + if($key == 'debug') { $value = filter_var($value, FILTER_VALIDATE_BOOLEAN); } + if(!defined(strtoupper($key))) { define(strtoupper($key), $value); } + } + $db = $aCfg['DataBase']; + $db['type'] = isset($db['type']) ? $db['type'] : 'mysql'; + $db['user'] = isset($db['user']) ? $db['user'] : 'foo'; + $db['pass'] = isset($db['pass']) ? $db['pass'] : 'bar'; + $db['host'] = isset($db['host']) ? $db['host'] : 'localhost'; + $db['port'] = isset($db['port']) ? $db['port'] : '3306'; + $db['port'] = ($db['port'] != '3306') ? $db['port'] : ''; + $db['name'] = isset($db['name']) ? $db['name'] : 'dummy'; + $db['charset'] = isset($db['charset']) ? $db['charset'] : 'utf8'; + $db['table_prefix'] = (isset($db['table_prefix']) ? $db['table_prefix'] : ''); + define('TABLE_PREFIX', $db['table_prefix']); + if($sRetvalType == 'dsn') { + $aRetval[0] = $db['type'].':dbname='.$db['name'].';host='.$db['host'].';' + . ($db['port'] != '' ? 'port='.(int)$db['port'].';' : ''); + $aRetval[1] = array('CHARSET' => $db['charset'], 'TABLE_PREFIX' => $db['table_prefix']); + $aRetval[2] = array( 'user' => $db['user'], 'pass' => $db['pass']); + }else { // $sRetvalType == 'url' + $aRetval[0] = $db['type'].'://'.$db['user'].':'.$db['pass'].'@' + . $db['host'].($db['port'] != '' ? ':'.$db['port'] : '').'/'.$db['name']; + } + unset($db, $aCfg); + return $aRetval; + } + throw new RuntimeException('unable to read setup.ini.php'); + } + if (true === $debug) { ini_set('display_errors', 1); error_reporting(E_ALL); @@ -142,18 +243,7 @@ $wb_url = $_POST['wb_url']; } // Remove any slashes at the end of the URL -if(substr($wb_url, strlen($wb_url)-1, 1) == "/") { - $wb_url = substr($wb_url, 0, strlen($wb_url)-1); -} -if(substr($wb_url, strlen($wb_url)-1, 1) == "\\") { - $wb_url = substr($wb_url, 0, strlen($wb_url)-1); -} -if(substr($wb_url, strlen($wb_url)-1, 1) == "/") { - $wb_url = substr($wb_url, 0, strlen($wb_url)-1); -} -if(substr($wb_url, strlen($wb_url)-1, 1) == "\\") { - $wb_url = substr($wb_url, 0, strlen($wb_url)-1); -} +$wb_url = rtrim($wb_url,'/\\'); // Get the default time zone if(!isset($_POST['default_timezone']) OR !is_numeric($_POST['default_timezone'])) { set_error('Please select a valid default timezone', 'default_timezone'); @@ -228,7 +318,7 @@ $database_username = $_POST['database_username']; } // Check if user has entered a database password -if(!isset($_POST['database_password'])) { +if(!isset($_POST['database_password'])&& ($_POST['database_password']==='') ) { set_error('Please enter a database password', 'database_password'); } else { $database_password = $_POST['database_password']; @@ -281,64 +371,82 @@ // End admin user details code // Try and write settings to config file -$config_content = "" . -"#####\n" +.";################################################\n" +."; WebsiteBaker configuration file\n" +."; auto generated ".date('Y-m-d h:i:s A e ')."\n" +.";################################################\n" +."[Constants]\n" +."debug = false\n" +."wb_url = ".$wb_url."\n" +."admin_directory = admin\n" +.";##########\n" +."[DataBase]\n" +."type = \"mysql\"\n" +."user = \"".$database_username."\"\n" +."pass = \"".$database_password."\"\n" +."host = \"".$database_host."\"\n" +."port = \"3306\"\n" +."name = \"".$database_name."\"\n" +."charset = \"utf8\"\n" +."table_prefix = \"".$table_prefix."\"\n" +.";\n" +.";################################################\n"; +$sConfigFile = realpath('../setup.ini.php'); +$sConfigName = basename($sConfigFile); // Check if the file exists and is writable first. -if(file_exists($config_filename) AND is_writable($config_filename)) { - if(!$handle = fopen($config_filename, 'w')) { - set_error("Cannot open the configuration file ($config_filename)"); +if(file_exists($sConfigFile) && is_writable($sConfigFile)) { + if(!$handle = fopen($sConfigFile, 'w')) { + set_error("Cannot open the configuration file ($sConfigName)"); } else { - if (fwrite($handle, $config_content) === FALSE) { - set_error("Cannot write to the configuration file ($config_filename)"); + if (fwrite($handle, $sConfigContent) === FALSE) { + set_error("Cannot write to the configuration file ($sConfigName)"); } // Close file fclose($handle); } } else { - set_error("The configuration file $config_filename is not writable. Change its permissions so it is, then re-run step 4."); + set_error("The configuration file $sConfigName is not writable. Change its permissions so it is, then re-run step 4."); } -// Define configuration vars -define('DEBUG', false); -define('DB_TYPE', 'mysql'); -define('DB_HOST', $database_host); -define('DB_NAME', $database_name); -define('DB_USERNAME', $database_username); -define('DB_PASSWORD', $database_password); -define('TABLE_PREFIX', $table_prefix); -define('WB_PATH', dirname(dirname(__FILE__))); -define('WB_URL', $wb_url); -define('ADMIN_DIRECTORY', 'admin'); -define('ADMIN_PATH', WB_PATH.'/'.ADMIN_DIRECTORY); -define('ADMIN_URL', $wb_url.'/'.ADMIN_DIRECTORY); +// load db configuration --- +$sDbConnectType = 'url'; // depending from class WbDatabase it can be 'url' or 'dsn' +$aSqlData = _readConfiguration($sDbConnectType); -// Check if the user has entered a correct path - if(!file_exists(WB_PATH.'/framework/class.admin.php')) { - set_error('It appears the Absolute path that you entered is incorrect'); +_SetInstallPathConstants(); + +if(!file_exists(WB_PATH.'/framework/class.admin.php')) { + set_error('It appears the Absolute path that you entered is incorrect'); +} + +$database = WbDatabase::getInstance(); +try{ + if($sDbConnectType == 'dsn') { + $bTmp = @$database->doConnect($aSqlData[0], $aSqlData[1]['user'], $aSqlData[1]['pass'], $aSqlData[2]); + }else { + $bTmp = @$database->doConnect($aSqlData[0], TABLE_PREFIX); } - $sSqlUrl = DB_TYPE.'://'.DB_USERNAME.':'.DB_PASSWORD.'@'.DB_HOST.'/'.DB_NAME; - $database = WbDatabase::getInstance(); - $database->doConnect($sSqlUrl); +} catch (RuntimeException $e) { + if(!file_put_contents($sConfigFile,"getMessage()); +} - $sSecMod = (defined('SECURE_FORM_MODULE') && SECURE_FORM_MODULE != '') ? '.'.SECURE_FORM_MODULE : ''; - $sSecMod = WB_PATH.'/framework/SecureForm'.$sSecMod.'.php'; - require_once($sSecMod); - require_once(WB_PATH.'/framework/class.admin.php'); +unset($aSqlData); +// write the config.php +$sConfigContent = "print_error class admin_dummy extends admin Property changes on: branches/2.8.x/wb/install/save.php ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Modified: svn:keywords ## -1 +1 ## -Id \ No newline at end of property +Date Revision Id HeadURL \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: branches/2.8.x/wb/install/index.php =================================================================== --- branches/2.8.x/wb/install/index.php (revision 1883) +++ branches/2.8.x/wb/install/index.php (revision 1884) @@ -1,20 +1,38 @@ . */ +/** + * index.php + * + * @category Core + * @package Core_Environment + * @subpackage Installer + * @author Dietmar Wöllbrink + * @copyright Werner v.d.Decken + * @license http://www.gnu.org/licenses/gpl.html GPL License + * @version 0.0.2 + * @revision $Revision$ + * @link $HeadURL$ + * @lastmodified $Date$ + * @since File available since 2012-04-01 + * @description xyz + */ + // Start a session if(!defined('SESSION_STARTED')) { session_name('wb_session_id'); @@ -22,11 +40,9 @@ define('SESSION_STARTED', true); } -$mod_path = dirname(str_replace('\\', '/', __FILE__)); -$doc_root = rtrim(realpath($_SERVER['DOCUMENT_ROOT']),'/'); -$mod_name = basename($mod_path); -$wb_path = dirname(dirname(realpath( __FILE__))); -$wb_root = str_replace(realpath($doc_root),'',$wb_path); +$doc_root = str_replace('\\','/',rtrim(realpath($_SERVER['DOCUMENT_ROOT']),'/').'/'); +$wb_path = str_replace('\\','/',rtrim(dirname(dirname(realpath( __FILE__))),'/')).'/'; +$wb_root = str_replace(($doc_root),'',$wb_path); // Function to highlight input fields which contain wrong/missing data function field_error($field_name='') { @@ -68,13 +84,56 @@ } } -$sapi_type = php_sapi_name(); - +//$sapi_type = php_sapi_name(); if(!isset($_SESSION['operating_system'])) { - $operating_system = ((strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 'windows' : 'linux'); + $operating_system = ((strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') ? 'windows' : 'linux'); } else { - $operating_system = $_SESSION['operating_system']; + $operating_system = $_SESSION['operating_system']; } + +function checkConfigFile ($sWbPath,$sType ) { + $config = ''; + $sConfigContent = " 128) + { + $config = 'Already installed? Check!'; +// try to open and to write + } elseif( !$handle = fopen($sConfigFile, 'w') ) + { + $config = 'Not Writeable'; + } else { + if (fwrite($handle, $sConfigContent) === FALSE) { + $config = 'Not Writeable'; + } else { + $config = ''; + $_SESSION[$sType.'_rename'] = true; + } + // Close file + fclose($handle); + } + } else { + $config = 'Not Writeable'; + } +// it's config.php.new + } elseif((file_exists($sConfigFile.'.new')==true)) + { + $config = 'Please rename to '.$sType.'.php'; + } else { + $config = 'Missing!!?'; + } + return $config; +} + + ?> @@ -152,6 +211,15 @@ + PHP Interface + + + + + + + Server DefaultCharset + +   + @@ -198,77 +269,58 @@ Writeable'; - $config_content = " 128) - { - $installFlag = false; - $config = 'Already installed? Check!'; -// try to open and to write - } elseif( !$handle = fopen($wb_path.$configFile, 'w') ) - { - $installFlag = false; - $config = 'Not Writeable'; - } else { - if (fwrite($handle, $config_content) === FALSE) { - $installFlag = false; - $config = 'Not Writeable'; - } else { - $config = 'Writeable'; - $_SESSION['config_rename'] = true; - } - // Close file - fclose($handle); - } - } else { - $installFlag = false; - $config = 'Not Writeable'; - } -// it's config.php.new - } elseif((file_exists($wb_path.'/config.php.new')==true)) - { - $configFile = '/config.php.new'; - $installFlag = false; - $config = 'Please rename to config.php'; - } else - { - $installFlag = false; - $config = 'Missing!!?'; - } + $sTmp = ''; + $config = ''; + $sConfigFile = 'config.php.new'; + if( ($sTmp = checkConfigFile($wb_path,'config')) === '' ) { + $config = 'Writeable'; + } else { + $config = $sTmp; } + $sConfigFile = preg_match('/(?:rename)/i',$config) ? $sConfigFile : 'setup.ini.php'; + $installFlag = $installFlag && ($sTmp == ''); ?> - + +Writeable'; + } else { + $config = $sTmp; + } + $sSetupIniFile = preg_match('/(?:rename)/i',$config) ? $sSetupIniFile : 'setup.ini.php'; + $installFlag = $installFlag && ($sTmp == ''); +?> - + + + + + - + - + - + - + - + + + +

Step 2

 Please check the following files/folders are writeable before continuing...
/pages/
pages/ Writeable'; } elseif(!file_exists('../pages/')) {$installFlag = false; echo 'Directory Not Found'; } else { echo 'Unwriteable'; } ?>/media/media/ Writeable'; } elseif(!file_exists('../media/')) {$installFlag = false; echo 'Directory Not Found'; } else { echo 'Unwriteable'; } ?>
/templates/templates/ Writeable'; } elseif(!file_exists('../templates/')) {$installFlag = false; echo 'Directory Not Found'; } else { echo 'Unwriteable'; } ?>/modules/modules/ Writeable'; } elseif(!file_exists('../modules/')) {$installFlag = false; echo 'Directory Not Found'; } else { echo 'Unwriteable'; } ?>
/languages/languages/ Writeable'; } elseif(!file_exists('../languages/')) {$installFlag = false; echo 'Directory Not Found'; } else { echo 'Unwriteable'; } ?>/temp/temp/ Writeable'; } elseif(!file_exists('../temp/')) {$installFlag = false; echo 'Directory Not Found'; } else { echo 'Unwriteable'; } ?>
 
@@ -364,6 +416,9 @@ + + +
 
@@ -394,6 +449,9 @@ + + +
 
@@ -437,6 +495,9 @@ (Please note: May remove existing tables and data) + + +
 
@@ -449,6 +510,9 @@ type="text" tabindex="13" name="website_title" value="" /> + + +
 
@@ -479,6 +543,9 @@ type="password" tabindex="17" name="admin_repassword" value="" /> + + +
 
Property changes on: branches/2.8.x/wb/install/index.php ___________________________________________________________________ Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Modified: svn:keywords ## -1,4 +1 ## -Id -Revision -HeadURL -Date \ No newline at end of property +Date Revision Id HeadURL \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property