index.php @ 3291:34af0b763d82

Visit:

Revision 3291:34af0b763d82, 15.2 KB checked in by franck <carnet.franck.paul@…>, 9 years ago (diff)
Put CSP activation and directives in settings, thanks Gvx for report.

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12
13	if (isset($_SERVER['DC_RC_PATH'])) {
14	$rc_path = $_SERVER['DC_RC_PATH'];
15	} elseif (isset($_SERVER['REDIRECT_DC_RC_PATH'])) {
16	$rc_path = $_SERVER['REDIRECT_DC_RC_PATH'];
17	} else {
18	$rc_path = dirname(__FILE__).'/../../inc/config.php';
19	}
20
21	require dirname(__FILE__).'/../../inc/prepend.php';
22	require dirname(__FILE__).'/check.php';
23
24	$can_install = true;
25	$err = '';
26
27	# Loading locales for detected language
28	$dlang = http::getAcceptLanguage();
29	if ($dlang != 'en')
30	{
31	l10n::init($dlang);
32	l10n::set(dirname(__FILE__).'/../../locales/'.$dlang.'/date');
33	l10n::set(dirname(__FILE__).'/../../locales/'.$dlang.'/main');
34	l10n::set(dirname(__FILE__).'/../../locales/'.$dlang.'/plugins');
35	}
36
37	if (!defined('DC_MASTER_KEY') \|\| DC_MASTER_KEY == '') {
38	$can_install = false;
39	$err = '<p>'.__('Please set a master key (DC_MASTER_KEY) in configuration file.').'</p>';
40	}
41
42	# Check if dotclear is already installed
43	$schema = dbSchema::init($core->con);
44	if (in_array($core->prefix.'post',$schema->getTables())) {
45	$can_install = false;
46	$err = '<p>'.__('Dotclear is already installed.').'</p>';
47	}
48
49	# Check system capabilites
50	if (!dcSystemCheck($core->con,$_e)) {
51	$can_install = false;
52	$err = '<p>'.__('Dotclear cannot be installed.').'</p><ul><li>'.implode('</li><li>',$_e).'</li></ul>';
53	}
54
55	# Get information and perform install
56	$u_email = $u_firstname = $u_name = $u_login = $u_pwd = '';
57	$mail_sent = false;
58	if ($can_install && !empty($_POST))
59	{
60	$u_email = !empty($_POST['u_email']) ? $_POST['u_email'] : null;
61	$u_firstname = !empty($_POST['u_firstname']) ? $_POST['u_firstname'] : null;
62	$u_name = !empty($_POST['u_name']) ? $_POST['u_name'] : null;
63	$u_login = !empty($_POST['u_login']) ? $_POST['u_login'] : null;
64	$u_pwd = !empty($_POST['u_pwd']) ? $_POST['u_pwd'] : null;
65	$u_pwd2 = !empty($_POST['u_pwd2']) ? $_POST['u_pwd2'] : null;
66
67	try
68	{
69	# Check user information
70	if (empty($u_login)) {
71	throw new Exception(__('No user ID given'));
72	}
73	if (!preg_match('/^[A-Za-z0-9@._-]{2,}$/',$u_login)) {
74	throw new Exception(__('User ID must contain at least 2 characters using letters, numbers or symbols.'));
75	}
76	if ($u_email && !text::isEmail($u_email)) {
77	throw new Exception(__('Invalid email address'));
78	}
79
80	if (empty($u_pwd)) {
81	throw new Exception(__('No password given'));
82	}
83	if ($u_pwd != $u_pwd2) {
84	throw new Exception(__("Passwords don't match"));
85	}
86	if (strlen($u_pwd) < 6) {
87	throw new Exception(__('Password must contain at least 6 characters.'));
88	}
89
90	# Try to guess timezone
91	$default_tz = 'Europe/London';
92	if (!empty($_POST['u_date']) && function_exists('timezone_open'))
93	{
94	if (preg_match('/$(.+)$$/',$_POST['u_date'],$_tz)) {
95	$_tz = $_tz[1];
96	$_tz = @timezone_open($_tz);
97	if ($_tz instanceof DateTimeZone) {
98	$_tz = @timezone_name_get($_tz);
99
100	// check if timezone is valid
101	// date_default_timezone_set throw E_NOTICE and/or E_WARNING if timezone is not valid and return false
102	if (@date_default_timezone_set($_tz)!==false && $_tz) {
103	$default_tz = $_tz;
104	}
105	}
106	unset($_tz);
107	}
108	}
109
110	# Create schema
111	$_s = new dbStruct($core->con,$core->prefix);
112	require dirname(__FILE__).'/../../inc/dbschema/db-schema.php';
113
114	$si = new dbStruct($core->con,$core->prefix);
115	$changes = $si->synchronize($_s);
116
117	# Create user
118	$cur = $core->con->openCursor($core->prefix.'user');
119	$cur->user_id = $u_login;
120	$cur->user_super = 1;
121	$cur->user_pwd = $core->auth->crypt($u_pwd);
122	$cur->user_name = (string) $u_name;
123	$cur->user_firstname = (string) $u_firstname;
124	$cur->user_email = (string) $u_email;
125	$cur->user_lang = $dlang;
126	$cur->user_tz = $default_tz;
127	$cur->user_creadt = date('Y-m-d H:i:s');
128	$cur->user_upddt = date('Y-m-d H:i:s');
129	$cur->user_options = serialize($core->userDefaults());
130	$cur->insert();
131
132	$core->auth->checkUser($u_login);
133
134	$admin_url = preg_replace('%install/index.php$%','',$_SERVER['REQUEST_URI']);
135	$root_url = preg_replace('%/admin/install/index.php$%','',$_SERVER['REQUEST_URI']);
136
137	# Create blog
138	$cur = $core->con->openCursor($core->prefix.'blog');
139	$cur->blog_id = 'default';
140	$cur->blog_url = http::getHost().$root_url.'/index.php?';
141	$cur->blog_name = __('My first blog');
142	$core->addBlog($cur);
143	$core->blogDefaults($cur->blog_id);
144
145	$blog_settings = new dcSettings($core,'default');
146	$blog_settings->addNamespace('system');
147	$blog_settings->system->put('blog_timezone',$default_tz);
148	$blog_settings->system->put('lang',$dlang);
149	$blog_settings->system->put('public_url',$root_url.'/public');
150	$blog_settings->system->put('themes_url',$root_url.'/themes');
151
152	# date and time formats
153	$formatDate = __('%A, %B %e %Y');
154	$date_formats = array('%Y-%m-%d','%m/%d/%Y','%d/%m/%Y','%Y/%m/%d','%d.%m.%Y','%b %e %Y','%e %b %Y','%Y %b %e',
155	'%a, %Y-%m-%d','%a, %m/%d/%Y','%a, %d/%m/%Y','%a, %Y/%m/%d','%B %e, %Y','%e %B, %Y','%Y, %B %e','%e. %B %Y',
156	'%A, %B %e, %Y','%A, %e %B, %Y','%A, %Y, %B %e','%A, %Y, %B %e','%A, %e. %B %Y');
157	$time_formats = array('%H:%M','%I:%M','%l:%M','%Hh%M','%Ih%M','%lh%M');
158	if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') {
159	$formatDate = preg_replace('#(?<!%)((?:%%)*)%e#','\1%#d',$formatDate);
160	$date_formats = array_map(create_function('$f',
161	'return str_replace(\'%e\',\'%#d\',$f);'
162	),$date_formats);
163	}
164	$blog_settings->system->put('date_format',$formatDate);
165	$blog_settings->system->put('date_formats',$date_formats,'array','Date formats examples',true,true);
166	$blog_settings->system->put('time_formats',$time_formats,'array','Time formats examples',true,true);
167
168	# Add repository URL for themes and plugins
169	$blog_settings->system->put('store_plugin_url','http://update.dotaddict.org/dc2/plugins.xml','string','Plugins XML feed location',true,true);
170	$blog_settings->system->put('store_theme_url','http://update.dotaddict.org/dc2/themes.xml','string','Themes XML feed location',true,true);
171
172	# CSP directive (admin part)
173	$blog_settings->system->put('csp_admin_on',true,'boolean','Send CSP header (admin)',true,true);
174	$blog_settings->system->put('csp_admin_default',"\'self\'",'string','CSP default-src directive',true,true);
175	$blog_settings->system->put('csp_admin_script',"\'self\' \'unsafe-inline\' \'unsafe-eval\'",'string','CSP script-src directive',true,true);
176	$blog_settings->system->put('csp_admin_style',"\'self\' \'unsafe-inline\'",'string','CSP style-src directive',true,true);
177	$blog_settings->system->put('csp_admin_img',"\'self\' data: media.dotaddict.org",'string','CSP img-src directive',true,true);
178
179	# Add Dotclear version
180	$cur = $core->con->openCursor($core->prefix.'version');
181	$cur->module = 'core';
182	$cur->version = (string) DC_VERSION;
183	$cur->insert();
184
185	# Create first post
186	$core->setBlog('default');
187
188	$cur = $core->con->openCursor($core->prefix.'post');
189	$cur->user_id = $u_login;
190	$cur->post_format = 'xhtml';
191	$cur->post_lang = $dlang;
192	$cur->post_title = __('Welcome to Dotclear!');
193	$cur->post_content = '<p>'.__('This is your first entry. When you\'re ready '.
194	'to blog, log in to edit or delete it.').'</p>';
195	$cur->post_content_xhtml = $cur->post_content;
196	$cur->post_status = 1;
197	$cur->post_open_comment = 1;
198	$cur->post_open_tb = 0;
199	$post_id = $core->blog->addPost($cur);
200
201	# Add a comment to it
202	$cur = $core->con->openCursor($core->prefix.'comment');
203	$cur->post_id = $post_id;
204	$cur->comment_tz = $default_tz;
205	$cur->comment_author = __('Dotclear Team');
206	$cur->comment_email = 'contact@dotclear.net';
207	$cur->comment_site = 'http://www.dotclear.org/';
208	$cur->comment_content = __("<p>This is a comment.</p>\n<p>To delete it, log in and ".
209	"view your blog's comments. Then you might remove or edit it.</p>");
210	$core->blog->addComment($cur);
211
212	# Plugins initialization
213	define('DC_CONTEXT_ADMIN',true);
214	$core->plugins->loadModules(DC_PLUGINS_ROOT);
215	$plugins_install = $core->plugins->installModules();
216
217	# Add dashboard module options
218	$core->auth->user_prefs->addWorkspace('dashboard');
219	$core->auth->user_prefs->dashboard->put('doclinks',true,'boolean','',null,true);
220	$core->auth->user_prefs->dashboard->put('dcnews',true,'boolean','',null,true);
221	$core->auth->user_prefs->dashboard->put('quickentry',true,'boolean','',null,true);
222
223	# Add accessibility options
224	$core->auth->user_prefs->addWorkspace('accessibility');
225	$core->auth->user_prefs->accessibility->put('nodragdrop',false,'boolean','',null,true);
226
227	# Add user interface options
228	$core->auth->user_prefs->addWorkspace('interface');
229	$core->auth->user_prefs->interface->put('enhanceduploader',true,'boolean','',null,true);
230
231	# Add default favorites
232	$core->favs = new dcFavorites($core);
233	$init_favs = array('posts','new_post','newpage','comments','categories','media','blog_theme','widgets','simpleMenu','prefs','help');
234	$core->favs->setFavoriteIDs($init_favs,true);
235
236	$step = 1;
237	}
238	catch (Exception $e)
239	{
240	$err = $e->getMessage();
241	}
242	}
243
244	if (!isset($step)) {
245	$step = 0;
246	}
247	header('Content-Type: text/html; charset=UTF-8');
248
249	// Prevents Clickjacking as far as possible
250	header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
251
252	?>
253	<!DOCTYPE html>
254	<html lang="en">
255	<head>
256	<meta charset="UTF-8" />
257	<meta http-equiv="Content-Script-Type" content="text/javascript" />
258	<meta http-equiv="Content-Style-Type" content="text/css" />
259	<meta http-equiv="Content-Language" content="en" />
260	<meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />
261	<meta name="GOOGLEBOT" content="NOSNIPPET" />
262	<title><?php echo __('Dotclear Install'); ?></title>
263
264	<link rel="stylesheet" href="../style/install.css" type="text/css" media="screen" />
265
266	<script type="text/javascript" src="../js/jquery/jquery.js"></script>
267	<?php echo dcPage::jsLoad('../js/jquery/jquery.pwstrength.js'); ?>
268	<script type="text/javascript">
269	//<![CDATA[
270	$(function() {
271	var login_re = new RegExp('[^A-Za-z0-9@._-]+','g');
272	$('#u_firstname').keyup(function() {
273	var login = this.value.toLowerCase().replace(login_re,'').substring(0,32);
274	$('#u_login').val(login);
275	});
276	$('#u_login').keyup(function() {
277	$(this).val(this.value.replace(login_re,''));
278	});
279
280	<?php echo "\$('#u_pwd').pwstrength({texts: ['".
281	sprintf(__('Password strength: %s'),__('very weak'))."', '".
282	sprintf(__('Password strength: %s'),__('weak'))."', '".
283	sprintf(__('Password strength: %s'),__('mediocre'))."', '".
284	sprintf(__('Password strength: %s'),__('strong'))."', '".
285	sprintf(__('Password strength: %s'),__('very strong'))."']});\n"; ?>
286
287	$('#u_login').parent().after($('<input type="hidden" name="u_date" value="' + Date().toLocaleString() + '" />'));
288
289	var password_link = $('<a href="#" id="obfus"><?php echo(__('show')); ?></a>').click(function() {
290	$('#password').show();
291	$(this).remove();
292	return false;
293	});
294	$('#password').hide().before(password_link);
295	});
296	//]]>
297	</script>
298	</head>
299
300	<body id="dotclear-admin" class="install">
301	<div id="content">
302	<?php
303	echo
304	'<h1>'.__('Dotclear installation').'</h1>'.
305	'<div id="main">';
306
307	if (!is_writable(DC_TPL_CACHE)) {
308	echo '<div class="error" role="alert"><p>'.sprintf(__('Cache directory %s is not writable.'),DC_TPL_CACHE).'</p></div>';
309	}
310
311	if ($can_install && !empty($err)) {
312	echo '<div class="error" role="alert"><p><strong>'.__('Errors:').'</strong></p>'.$err.'</div>';
313	}
314
315	if (!empty($_GET['wiz'])) {
316	echo '<p class="success" role="alert">'.__('Configuration file has been successfully created.').'</p>';
317	}
318
319	if ($can_install && $step == 0)
320	{
321	echo
322	'<h2>'.__('User information').'</h2>'.
323
324	'<p>'.__('Please provide the following information needed to create the first user.').'</p>'.
325
326	'<form action="index.php" method="post">'.
327	'<fieldset><legend>'.__('User information').'</legend>'.
328	'<p><label for="u_firstname">'.__('First Name:').'</label> '.
329	form::field('u_firstname',30,255,html::escapeHTML($u_firstname)).'</p>'.
330	'<p><label for="u_name">'.__('Last Name:').'</label> '.
331	form::field('u_name',30,255,html::escapeHTML($u_name)).'</p>'.
332	'<p><label for="u_email">'.__('Email:').'</label> '.
333	form::field('u_email',30,255,html::escapeHTML($u_email)).'</p>'.
334	'</fieldset>'.
335
336	'<fieldset><legend>'.__('Username and password').'</legend>'.
337	'<p><label for="u_login" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('Username:').' '.
338	form::field('u_login',30,32,html::escapeHTML($u_login)).'</label></p>'.
339	'<div class="pw-table">'.
340	'<p class="pw-cell">'.
341	'<label for="u_pwd" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('New password:').'</label>'.
342	form::password('u_pwd',30,255,'','','',false,' data-indicator="pwindicator" ').
343	'</p>'.
344	'<div id="pwindicator">'.
345	' <div class="bar"></div>'.
346	' <p class="label no-margin"></p>'.
347	'</div>'.
348	'</div>'.
349	'<p><label for="u_pwd2" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('Confirm password:').' '.
350	form::password('u_pwd2',30,255).'</label></p>'.
351	'</fieldset>'.
352
353	'<p><input type="submit" value="'.__('Save').'" /></p>'.
354	'</form>';
355	}
356	elseif ($can_install && $step == 1)
357	{
358	# Plugins install messages
359	$plugins_install_result = '';
360	if (!empty($plugins_install['success']))
361	{
362	$plugins_install_result .= '<div class="static-msg">'.__('Following plugins have been installed:').'<ul>';
363	foreach ($plugins_install['success'] as $k => $v) {
364	$plugins_install_result .= '<li>'.$k.'</li>';
365	}
366	$plugins_install_result .= '</ul></div>';
367	}
368	if (!empty($plugins_install['failure']))
369	{
370	$plugins_install_result .= '<div class="error">'.__('Following plugins have not been installed:').'<ul>';
371	foreach ($plugins_install['failure'] as $k => $v) {
372	$plugins_install_result .= '<li>'.$k.' ('.$v.')</li>';
373	}
374	$plugins_install_result .= '</ul></div>';
375	}
376
377	echo
378	'<h2>'.__('All done!').'</h2>'.
379
380	$plugins_install_result.
381
382	'<p class="success" role="alert">'.__('Dotclear has been successfully installed. Here is some useful information you should keep.').'</p>'.
383
384	'<h3>'.__('Your account').'</h3>'.
385	'<ul>'.
386	'<li>'.__('Username:').' <strong>'.html::escapeHTML($u_login).'</strong></li>'.
387	'<li>'.__('Password:').' <strong id="password">'.html::escapeHTML($u_pwd).'</strong></li>'.
388	'</ul>'.
389
390	'<h3>'.__('Your blog').'</h3>'.
391	'<ul>'.
392	'<li>'.__('Blog address:').' <strong>'.html::escapeHTML(http::getHost().$root_url).'/index.php?</strong></li>'.
393	'<li>'.__('Administration interface:').' <strong>'.html::escapeHTML(http::getHost().$admin_url).'</strong></li>'.
394	'</ul>'.
395
396	'<form action="../auth.php" method="post">'.
397	'<p><input type="submit" value="'.__('Manage your blog now').'" />'.
398	form::hidden(array('user_id'),html::escapeHTML($u_login)).
399	form::hidden(array('user_pwd'),html::escapeHTML($u_pwd)).
400	'</p>'.
401	'</form>';
402	}
403	elseif (!$can_install)
404	{
405	echo '<h2>'.__('Installation can not be completed').'</h2>'.
406	'<div class="error" role="alert"><p><strong>'.__('Errors:').'</strong></p>'.$err.'</div>'.
407	'<p>'.__('For the said reasons, Dotclear can not be installed. '.
408	'Please refer to <a href="http://dotclear.org/documentation/2.0/admin/install">'.
409	'the documentation</a> to learn how to correct the problem.').'</p>';
410	}
411	?>
412	</div>
413	</div>
414	</body>
415	</html>

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: admin/install/index.php @ 3291:34af0b763d82

Download in other formats:

Sites map