index.php @ 3432:4e82fa3c576d

Visit:

Revision 3432:4e82fa3c576d, 15.8 KB checked in by franck <carnet.franck.paul@…>, 9 years ago (diff)
Ugly hack for SQLite CB driver for value beginning or ending by a single quote

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12
13	if (isset($_SERVER['DC_RC_PATH'])) {
14	$rc_path = $_SERVER['DC_RC_PATH'];
15	} elseif (isset($_SERVER['REDIRECT_DC_RC_PATH'])) {
16	$rc_path = $_SERVER['REDIRECT_DC_RC_PATH'];
17	} else {
18	$rc_path = dirname(__FILE__).'/../../inc/config.php';
19	}
20
21	require dirname(__FILE__).'/../../inc/prepend.php';
22	require dirname(__FILE__).'/check.php';
23
24	$can_install = true;
25	$err = '';
26
27	# Loading locales for detected language
28	$dlang = http::getAcceptLanguage();
29	if ($dlang != 'en')
30	{
31	l10n::init($dlang);
32	l10n::set(dirname(__FILE__).'/../../locales/'.$dlang.'/date');
33	l10n::set(dirname(__FILE__).'/../../locales/'.$dlang.'/main');
34	l10n::set(dirname(__FILE__).'/../../locales/'.$dlang.'/plugins');
35	}
36
37	if (!defined('DC_MASTER_KEY') \|\| DC_MASTER_KEY == '') {
38	$can_install = false;
39	$err = '<p>'.__('Please set a master key (DC_MASTER_KEY) in configuration file.').'</p>';
40	}
41
42	# Check if dotclear is already installed
43	$schema = dbSchema::init($core->con);
44	if (in_array($core->prefix.'post',$schema->getTables())) {
45	$can_install = false;
46	$err = '<p>'.__('Dotclear is already installed.').'</p>';
47	}
48
49	# Check system capabilites
50	if (!dcSystemCheck($core->con,$_e)) {
51	$can_install = false;
52	$err = '<p>'.__('Dotclear cannot be installed.').'</p><ul><li>'.implode('</li><li>',$_e).'</li></ul>';
53	}
54
55	# Get information and perform install
56	$u_email = $u_firstname = $u_name = $u_login = $u_pwd = '';
57	$mail_sent = false;
58	if ($can_install && !empty($_POST))
59	{
60	$u_email = !empty($_POST['u_email']) ? $_POST['u_email'] : null;
61	$u_firstname = !empty($_POST['u_firstname']) ? $_POST['u_firstname'] : null;
62	$u_name = !empty($_POST['u_name']) ? $_POST['u_name'] : null;
63	$u_login = !empty($_POST['u_login']) ? $_POST['u_login'] : null;
64	$u_pwd = !empty($_POST['u_pwd']) ? $_POST['u_pwd'] : null;
65	$u_pwd2 = !empty($_POST['u_pwd2']) ? $_POST['u_pwd2'] : null;
66
67	try
68	{
69	# Check user information
70	if (empty($u_login)) {
71	throw new Exception(__('No user ID given'));
72	}
73	if (!preg_match('/^[A-Za-z0-9@._-]{2,}$/',$u_login)) {
74	throw new Exception(__('User ID must contain at least 2 characters using letters, numbers or symbols.'));
75	}
76	if ($u_email && !text::isEmail($u_email)) {
77	throw new Exception(__('Invalid email address'));
78	}
79
80	if (empty($u_pwd)) {
81	throw new Exception(__('No password given'));
82	}
83	if ($u_pwd != $u_pwd2) {
84	throw new Exception(__("Passwords don't match"));
85	}
86	if (strlen($u_pwd) < 6) {
87	throw new Exception(__('Password must contain at least 6 characters.'));
88	}
89
90	# Try to guess timezone
91	$default_tz = 'Europe/London';
92	if (!empty($_POST['u_date']) && function_exists('timezone_open'))
93	{
94	if (preg_match('/$(.+)$$/',$_POST['u_date'],$_tz)) {
95	$_tz = $_tz[1];
96	$_tz = @timezone_open($_tz);
97	if ($_tz instanceof DateTimeZone) {
98	$_tz = @timezone_name_get($_tz);
99
100	// check if timezone is valid
101	// date_default_timezone_set throw E_NOTICE and/or E_WARNING if timezone is not valid and return false
102	if (@date_default_timezone_set($_tz)!==false && $_tz) {
103	$default_tz = $_tz;
104	}
105	}
106	unset($_tz);
107	}
108	}
109
110	# Create schema
111	$_s = new dbStruct($core->con,$core->prefix);
112	require dirname(__FILE__).'/../../inc/dbschema/db-schema.php';
113
114	$si = new dbStruct($core->con,$core->prefix);
115	$changes = $si->synchronize($_s);
116
117	# Create user
118	$cur = $core->con->openCursor($core->prefix.'user');
119	$cur->user_id = $u_login;
120	$cur->user_super = 1;
121	$cur->user_pwd = $core->auth->crypt($u_pwd);
122	$cur->user_name = (string) $u_name;
123	$cur->user_firstname = (string) $u_firstname;
124	$cur->user_email = (string) $u_email;
125	$cur->user_lang = $dlang;
126	$cur->user_tz = $default_tz;
127	$cur->user_creadt = date('Y-m-d H:i:s');
128	$cur->user_upddt = date('Y-m-d H:i:s');
129	$cur->user_options = serialize($core->userDefaults());
130	$cur->insert();
131
132	$core->auth->checkUser($u_login);
133
134	$admin_url = preg_replace('%install/index.php$%','',$_SERVER['REQUEST_URI']);
135	$root_url = preg_replace('%/admin/install/index.php$%','',$_SERVER['REQUEST_URI']);
136
137	# Create blog
138	$cur = $core->con->openCursor($core->prefix.'blog');
139	$cur->blog_id = 'default';
140	$cur->blog_url = http::getHost().$root_url.'/index.php?';
141	$cur->blog_name = __('My first blog');
142	$core->addBlog($cur);
143	$core->blogDefaults($cur->blog_id);
144
145	$blog_settings = new dcSettings($core,'default');
146	$blog_settings->addNamespace('system');
147	$blog_settings->system->put('blog_timezone',$default_tz);
148	$blog_settings->system->put('lang',$dlang);
149	$blog_settings->system->put('public_url',$root_url.'/public');
150	$blog_settings->system->put('themes_url',$root_url.'/themes');
151
152	# date and time formats
153	$formatDate = __('%A, %B %e %Y');
154	$date_formats = array('%Y-%m-%d','%m/%d/%Y','%d/%m/%Y','%Y/%m/%d','%d.%m.%Y','%b %e %Y','%e %b %Y','%Y %b %e',
155	'%a, %Y-%m-%d','%a, %m/%d/%Y','%a, %d/%m/%Y','%a, %Y/%m/%d','%B %e, %Y','%e %B, %Y','%Y, %B %e','%e. %B %Y',
156	'%A, %B %e, %Y','%A, %e %B, %Y','%A, %Y, %B %e','%A, %Y, %B %e','%A, %e. %B %Y');
157	$time_formats = array('%H:%M','%I:%M','%l:%M','%Hh%M','%Ih%M','%lh%M');
158	if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') {
159	$formatDate = preg_replace('#(?<!%)((?:%%)*)%e#','\1%#d',$formatDate);
160	$date_formats = array_map(create_function('$f',
161	'return str_replace(\'%e\',\'%#d\',$f);'
162	),$date_formats);
163	}
164	$blog_settings->system->put('date_format',$formatDate);
165	$blog_settings->system->put('date_formats',$date_formats,'array','Date formats examples',true,true);
166	$blog_settings->system->put('time_formats',$time_formats,'array','Time formats examples',true,true);
167
168	# Add repository URL for themes and plugins
169	$blog_settings->system->put('store_plugin_url','http://update.dotaddict.org/dc2/plugins.xml','string','Plugins XML feed location',true,true);
170	$blog_settings->system->put('store_theme_url','http://update.dotaddict.org/dc2/themes.xml','string','Themes XML feed location',true,true);
171
172	# CSP directive (admin part)
173
174	// SQlite Clearbricks driver does not allow using single quote at beginning or end of a field value
175	// so we have to use neutral values (localhost and 127.0.0.1) for some CSP directives
176	$csp_prefix = $core->con->driver() == 'sqlite' ? 'localhost ' : ''; // Hack for SQlite Clearbricks driver
177	$csp_suffix = $core->con->driver() == 'sqlite' ? ' 127.0.0.1' : ''; // Hack for SQlite Clearbricks driver
178
179	$blog_settings->system->put('csp_admin_on',true,'boolean','Send CSP header (admin)',true,true);
180	$blog_settings->system->put('csp_admin_report_only',false,'boolean','CSP Report only violations (admin)',true,true);
181	$blog_settings->system->put('csp_admin_default',
182	$csp_prefix."'self'".$csp_suffix,'string','CSP default-src directive',true,true);
183	$blog_settings->system->put('csp_admin_script',
184	$csp_prefix."'self' 'unsafe-inline' 'unsafe-eval'".$csp_suffix,'string','CSP script-src directive',true,true);
185	$blog_settings->system->put('csp_admin_style',
186	$csp_prefix."'self' 'unsafe-inline'".$csp_suffix,'string','CSP style-src directive',true,true);
187	$blog_settings->system->put('csp_admin_img',
188	$csp_prefix."'self' data: media.dotaddict.org blob:",'string','CSP img-src directive',true,true);
189
190	# Add Dotclear version
191	$cur = $core->con->openCursor($core->prefix.'version');
192	$cur->module = 'core';
193	$cur->version = (string) DC_VERSION;
194	$cur->insert();
195
196	# Create first post
197	$core->setBlog('default');
198
199	$cur = $core->con->openCursor($core->prefix.'post');
200	$cur->user_id = $u_login;
201	$cur->post_format = 'xhtml';
202	$cur->post_lang = $dlang;
203	$cur->post_title = __('Welcome to Dotclear!');
204	$cur->post_content = '<p>'.__('This is your first entry. When you\'re ready '.
205	'to blog, log in to edit or delete it.').'</p>';
206	$cur->post_content_xhtml = $cur->post_content;
207	$cur->post_status = 1;
208	$cur->post_open_comment = 1;
209	$cur->post_open_tb = 0;
210	$post_id = $core->blog->addPost($cur);
211
212	# Add a comment to it
213	$cur = $core->con->openCursor($core->prefix.'comment');
214	$cur->post_id = $post_id;
215	$cur->comment_tz = $default_tz;
216	$cur->comment_author = __('Dotclear Team');
217	$cur->comment_email = 'contact@dotclear.net';
218	$cur->comment_site = 'http://www.dotclear.org/';
219	$cur->comment_content = __("<p>This is a comment.</p>\n<p>To delete it, log in and ".
220	"view your blog's comments. Then you might remove or edit it.</p>");
221	$core->blog->addComment($cur);
222
223	# Plugins initialization
224	define('DC_CONTEXT_ADMIN',true);
225	$core->plugins->loadModules(DC_PLUGINS_ROOT);
226	$plugins_install = $core->plugins->installModules();
227
228	# Add dashboard module options
229	$core->auth->user_prefs->addWorkspace('dashboard');
230	$core->auth->user_prefs->dashboard->put('doclinks',true,'boolean','',null,true);
231	$core->auth->user_prefs->dashboard->put('dcnews',true,'boolean','',null,true);
232	$core->auth->user_prefs->dashboard->put('quickentry',true,'boolean','',null,true);
233
234	# Add accessibility options
235	$core->auth->user_prefs->addWorkspace('accessibility');
236	$core->auth->user_prefs->accessibility->put('nodragdrop',false,'boolean','',null,true);
237
238	# Add user interface options
239	$core->auth->user_prefs->addWorkspace('interface');
240	$core->auth->user_prefs->interface->put('enhanceduploader',true,'boolean','',null,true);
241
242	# Add default favorites
243	$core->favs = new dcFavorites($core);
244	$init_favs = array('posts','new_post','newpage','comments','categories','media','blog_theme','widgets','simpleMenu','prefs','help');
245	$core->favs->setFavoriteIDs($init_favs,true);
246
247	$step = 1;
248	}
249	catch (Exception $e)
250	{
251	$err = $e->getMessage();
252	}
253	}
254
255	if (!isset($step)) {
256	$step = 0;
257	}
258	header('Content-Type: text/html; charset=UTF-8');
259
260	// Prevents Clickjacking as far as possible
261	header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
262
263	?>
264	<!DOCTYPE html>
265	<html lang="en">
266	<head>
267	<meta charset="UTF-8" />
268	<meta http-equiv="Content-Script-Type" content="text/javascript" />
269	<meta http-equiv="Content-Style-Type" content="text/css" />
270	<meta http-equiv="Content-Language" content="en" />
271	<meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />
272	<meta name="GOOGLEBOT" content="NOSNIPPET" />
273	<title><?php echo __('Dotclear Install'); ?></title>
274
275	<link rel="stylesheet" href="../style/install.css" type="text/css" media="screen" />
276
277	<script type="text/javascript" src="../js/jquery/jquery.js"></script>
278	<?php echo dcPage::jsLoad('../js/jquery/jquery.pwstrength.js'); ?>
279	<script type="text/javascript">
280	$(function() {
281	var login_re = new RegExp('[^A-Za-z0-9@._-]+','g');
282	$('#u_firstname').keyup(function() {
283	var login = this.value.toLowerCase().replace(login_re,'').substring(0,32);
284	$('#u_login').val(login);
285	});
286	$('#u_login').keyup(function() {
287	$(this).val(this.value.replace(login_re,''));
288	});
289
290	<?php echo "\$('#u_pwd').pwstrength({texts: ['".
291	sprintf(__('Password strength: %s'),__('very weak'))."', '".
292	sprintf(__('Password strength: %s'),__('weak'))."', '".
293	sprintf(__('Password strength: %s'),__('mediocre'))."', '".
294	sprintf(__('Password strength: %s'),__('strong'))."', '".
295	sprintf(__('Password strength: %s'),__('very strong'))."']});\n"; ?>
296
297	$('#u_login').parent().after($('<input type="hidden" name="u_date" value="' + Date().toLocaleString() + '" />'));
298
299	var password_link = $('<a href="#" id="obfus"><?php echo(__('show')); ?></a>').click(function() {
300	$('#password').show();
301	$(this).remove();
302	return false;
303	});
304	$('#password').hide().before(password_link);
305	});
306	</script>
307	</head>
308
309	<body id="dotclear-admin" class="install">
310	<div id="content">
311	<?php
312	echo
313	'<h1>'.__('Dotclear installation').'</h1>'.
314	'<div id="main">';
315
316	if (!is_writable(DC_TPL_CACHE)) {
317	echo '<div class="error" role="alert"><p>'.sprintf(__('Cache directory %s is not writable.'),DC_TPL_CACHE).'</p></div>';
318	}
319
320	if ($can_install && !empty($err)) {
321	echo '<div class="error" role="alert"><p><strong>'.__('Errors:').'</strong></p>'.$err.'</div>';
322	}
323
324	if (!empty($_GET['wiz'])) {
325	echo '<p class="success" role="alert">'.__('Configuration file has been successfully created.').'</p>';
326	}
327
328	if ($can_install && $step == 0)
329	{
330	echo
331	'<h2>'.__('User information').'</h2>'.
332
333	'<p>'.__('Please provide the following information needed to create the first user.').'</p>'.
334
335	'<form action="index.php" method="post">'.
336	'<fieldset><legend>'.__('User information').'</legend>'.
337	'<p><label for="u_firstname">'.__('First Name:').'</label> '.
338	form::field('u_firstname',30,255,html::escapeHTML($u_firstname)).'</p>'.
339	'<p><label for="u_name">'.__('Last Name:').'</label> '.
340	form::field('u_name',30,255,html::escapeHTML($u_name)).'</p>'.
341	'<p><label for="u_email">'.__('Email:').'</label> '.
342	form::field('u_email',30,255,html::escapeHTML($u_email)).'</p>'.
343	'</fieldset>'.
344
345	'<fieldset><legend>'.__('Username and password').'</legend>'.
346	'<p><label for="u_login" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('Username:').' '.
347	form::field('u_login',30,32,html::escapeHTML($u_login)).'</label></p>'.
348	'<div class="pw-table">'.
349	'<p class="pw-cell">'.
350	'<label for="u_pwd" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('New password:').'</label>'.
351	form::password('u_pwd',30,255,'','','',false,' data-indicator="pwindicator" ').
352	'</p>'.
353	'<div id="pwindicator">'.
354	' <div class="bar"></div>'.
355	' <p class="label no-margin"></p>'.
356	'</div>'.
357	'</div>'.
358	'<p><label for="u_pwd2" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('Confirm password:').' '.
359	form::password('u_pwd2',30,255).'</label></p>'.
360	'</fieldset>'.
361
362	'<p><input type="submit" value="'.__('Save').'" /></p>'.
363	'</form>';
364	}
365	elseif ($can_install && $step == 1)
366	{
367	# Plugins install messages
368	$plugins_install_result = '';
369	if (!empty($plugins_install['success']))
370	{
371	$plugins_install_result .= '<div class="static-msg">'.__('Following plugins have been installed:').'<ul>';
372	foreach ($plugins_install['success'] as $k => $v) {
373	$plugins_install_result .= '<li>'.$k.'</li>';
374	}
375	$plugins_install_result .= '</ul></div>';
376	}
377	if (!empty($plugins_install['failure']))
378	{
379	$plugins_install_result .= '<div class="error">'.__('Following plugins have not been installed:').'<ul>';
380	foreach ($plugins_install['failure'] as $k => $v) {
381	$plugins_install_result .= '<li>'.$k.' ('.$v.')</li>';
382	}
383	$plugins_install_result .= '</ul></div>';
384	}
385
386	echo
387	'<h2>'.__('All done!').'</h2>'.
388
389	$plugins_install_result.
390
391	'<p class="success" role="alert">'.__('Dotclear has been successfully installed. Here is some useful information you should keep.').'</p>'.
392
393	'<h3>'.__('Your account').'</h3>'.
394	'<ul>'.
395	'<li>'.__('Username:').' <strong>'.html::escapeHTML($u_login).'</strong></li>'.
396	'<li>'.__('Password:').' <strong id="password">'.html::escapeHTML($u_pwd).'</strong></li>'.
397	'</ul>'.
398
399	'<h3>'.__('Your blog').'</h3>'.
400	'<ul>'.
401	'<li>'.__('Blog address:').' <strong>'.html::escapeHTML(http::getHost().$root_url).'/index.php?</strong></li>'.
402	'<li>'.__('Administration interface:').' <strong>'.html::escapeHTML(http::getHost().$admin_url).'</strong></li>'.
403	'</ul>'.
404
405	'<form action="../auth.php" method="post">'.
406	'<p><input type="submit" value="'.__('Manage your blog now').'" />'.
407	form::hidden(array('user_id'),html::escapeHTML($u_login)).
408	form::hidden(array('user_pwd'),html::escapeHTML($u_pwd)).
409	'</p>'.
410	'</form>';
411	}
412	elseif (!$can_install)
413	{
414	echo '<h2>'.__('Installation can not be completed').'</h2>'.
415	'<div class="error" role="alert"><p><strong>'.__('Errors:').'</strong></p>'.$err.'</div>'.
416	'<p>'.__('For the said reasons, Dotclear can not be installed. '.
417	'Please refer to <a href="http://dotclear.org/documentation/2.0/admin/install">'.
418	'the documentation</a> to learn how to correct the problem.').'</p>';
419	}
420	?>
421	</div>
422	</div>
423	</body>
424	</html>

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: admin/install/index.php @ 3432:4e82fa3c576d

Download in other formats:

Sites map