]> git.mxchange.org Git - quix0rs-gnu-social.git/blob - install.php
Potential SQL injection in Local_group::setNickname()
[quix0rs-gnu-social.git] / install.php
1 <?php
2 /**
3  * StatusNet - the distributed open-source microblogging tool
4  * Copyright (C) 2009-2010, StatusNet, Inc.
5  *
6  * This program is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU Affero General Public License as published by
8  * the Free Software Foundation, either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU Affero General Public License for more details.
15  *
16  * You should have received a copy of the GNU Affero General Public License
17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18  *
19  * @category Installation
20  * @package  Installation
21  *
22  * @author   Adrian Lang <mail@adrianlang.de>
23  * @author   Brenda Wallace <shiny@cpan.org>
24  * @author   Brett Taylor <brett@webfroot.co.nz>
25  * @author   Brion Vibber <brion@pobox.com>
26  * @author   CiaranG <ciaran@ciarang.com>
27  * @author   Craig Andrews <candrews@integralblue.com>
28  * @author   Eric Helgeson <helfire@Erics-MBP.local>
29  * @author   Evan Prodromou <evan@status.net>
30  * @author   Robin Millette <millette@controlyourself.ca>
31  * @author   Sarven Capadisli <csarven@status.net>
32  * @author   Tom Adams <tom@holizz.com>
33  * @author   Zach Copley <zach@status.net>
34  * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org
35  * @license  GNU Affero General Public License http://www.gnu.org/licenses/
36  * @version  0.9.x
37  * @link     http://status.net
38  */
39
40 define('INSTALLDIR', dirname(__FILE__));
41
42 require INSTALLDIR . '/lib/installer.php';
43
44 /**
45  * Helper class for building form
46  */
47 class Posted {
48     /**
49      * HTML-friendly escaped string for the POST param of given name, or empty.
50      * @param string $name
51      * @return string
52      */
53     function value($name)
54     {
55         return htmlspecialchars($this->string($name));
56     }
57
58     /**
59      * The given POST parameter value, forced to a string.
60      * Missing value will give ''.
61      *
62      * @param string $name
63      * @return string
64      */
65     function string($name)
66     {
67         return strval($this->raw($name));
68     }
69
70     /**
71      * The given POST parameter value, in its original form.
72      * Magic quotes are stripped, if provided.
73      * Missing value will give null.
74      *
75      * @param string $name
76      * @return mixed
77      */
78     function raw($name)
79     {
80         if (isset($_POST[$name])) {
81             return $this->dequote($_POST[$name]);
82         } else {
83             return null;
84         }
85     }
86
87     /**
88      * If necessary, strip magic quotes from the given value.
89      *
90      * @param mixed $val
91      * @return mixed
92      */
93     function dequote($val)
94     {
95         if (get_magic_quotes_gpc()) {
96             if (is_string($val)) {
97                 return stripslashes($val);
98             } else if (is_array($val)) {
99                 return array_map(array($this, 'dequote'), $val);
100             }
101         }
102         return $val;
103     }
104 }
105
106 /**
107  * Web-based installer: provides a form and such.
108  */
109 class WebInstaller extends Installer
110 {
111     /**
112      * the actual installation.
113      * If call libraries are present, then install
114      *
115      * @return void
116      */
117     function main()
118     {
119         if (!$this->checkPrereqs()) {
120             $this->showForm();
121             return;
122         }
123
124         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
125             $this->handlePost();
126         } else {
127             $this->showForm();
128         }
129     }
130
131     /**
132      * Web implementation of warning output
133      */
134     function warning($message, $submessage='')
135     {
136         print "<p class=\"error\">$message</p>\n";
137         if ($submessage != '') {
138             print "<p>$submessage</p>\n";
139         }
140     }
141
142     /**
143      * Web implementation of status output
144      */
145     function updateStatus($status, $error=false)
146     {
147         echo '<li' . ($error ? ' class="error"': '' ) . ">$status</li>";
148     }
149
150     /**
151      * Show the web form!
152      */
153     function showForm()
154     {
155         global $dbModules;
156         $post = new Posted();
157         $dbRadios = '';
158         $dbtype = $post->raw('dbtype');
159         foreach (self::$dbModules as $type => $info) {
160             if ($this->checkExtension($info['check_module'])) {
161                 if ($dbtype == null || $dbtype == $type) {
162                     $checked = 'checked="checked" ';
163                     $dbtype = $type; // if we didn't have one checked, hit the first
164                 } else {
165                     $checked = '';
166                 }
167                 $dbRadios .= "<input type=\"radio\" name=\"dbtype\" id=\"dbtype-$type\" value=\"$type\" $checked/> $info[name]<br />\n";
168             }
169         }
170
171         echo<<<E_O_T
172     <form method="post" action="install.php" class="form_settings" id="form_install">
173         <fieldset>
174             <fieldset id="settings_site">
175                 <legend>Site settings</legend>
176                 <ul class="form_data">
177                     <li>
178                         <label for="sitename">Site name</label>
179                         <input type="text" id="sitename" name="sitename" value="{$post->value('sitename')}" />
180                         <p class="form_guide">The name of your site</p>
181                     </li>
182                     <li>
183                         <label for="fancy-enable">Fancy URLs</label>
184                         <input type="radio" name="fancy" id="fancy-enable" value="enable" checked='checked' /> enable<br />
185                         <input type="radio" name="fancy" id="fancy-disable" value="" /> disable<br />
186                         <p class="form_guide" id='fancy-form_guide'>Enable fancy (pretty) URLs. Auto-detection failed, it depends on Javascript.</p>
187                     </li>
188                 </ul>
189             </fieldset>
190
191             <fieldset id="settings_db">
192                 <legend>Database settings</legend>
193                 <ul class="form_data">
194                     <li>
195                         <label for="host">Hostname</label>
196                         <input type="text" id="host" name="host" value="{$post->value('host')}" />
197                         <p class="form_guide">Database hostname</p>
198                     </li>
199                     <li>
200                         <label for="dbtype">Type</label>
201                         $dbRadios
202                         <p class="form_guide">Database type</p>
203                     </li>
204                     <li>
205                         <label for="database">Name</label>
206                         <input type="text" id="database" name="database" value="{$post->value('database')}" />
207                         <p class="form_guide">Database name</p>
208                     </li>
209                     <li>
210                         <label for="dbusername">DB username</label>
211                         <input type="text" id="dbusername" name="dbusername" value="{$post->value('dbusername')}" />
212                         <p class="form_guide">Database username</p>
213                     </li>
214                     <li>
215                         <label for="dbpassword">DB password</label>
216                         <input type="password" id="dbpassword" name="dbpassword" value="{$post->value('dbpassword')}" />
217                         <p class="form_guide">Database password (optional)</p>
218                     </li>
219                 </ul>
220             </fieldset>
221
222             <fieldset id="settings_admin">
223                 <legend>Administrator settings</legend>
224                 <ul class="form_data">
225                     <li>
226                         <label for="admin_nickname">Administrator nickname</label>
227                         <input type="text" id="admin_nickname" name="admin_nickname" value="{$post->value('admin_nickname')}" />
228                         <p class="form_guide">Nickname for the initial StatusNet user (administrator)</p>
229                     </li>
230                     <li>
231                         <label for="admin_password">Administrator password</label>
232                         <input type="password" id="admin_password" name="admin_password" value="{$post->value('admin_password')}" />
233                         <p class="form_guide">Password for the initial StatusNet user (administrator)</p>
234                     </li>
235                     <li>
236                         <label for="admin_password2">Confirm password</label>
237                         <input type="password" id="admin_password2" name="admin_password2" value="{$post->value('admin_password2')}" />
238                     </li>
239                     <li>
240                         <label for="admin_email">Administrator e-mail</label>
241                         <input id="admin_email" name="admin_email" value="{$post->value('admin_email')}" />
242                         <p class="form_guide">Optional email address for the initial StatusNet user (administrator)</p>
243                     </li>
244                     <li>
245                         <label for="admin_updates">Subscribe to announcements</label>
246                         <input type="checkbox" id="admin_updates" name="admin_updates" value="true" checked="checked" />
247                         <p class="form_guide">Release and security feed from <a href="http://update.status.net/">update@status.net</a> (recommended)</p>
248                     </li>
249                 </ul>
250             </fieldset>
251             <fieldset id="settings_profile">
252                 <legend>Site profile</legend>
253                 <ul class="form_data">
254                     <li>
255                         <label for="site_profile">Type of site</label>
256                         <select id="site_profile" name="site_profile">
257                             <option value="private">Private</option>
258                             <option value="community">Community</option>
259                             <option value ="public">Public</option>
260                             <option value ="singleuser">Single User</option>
261                         </select>
262                         <p class="form_guide">Initial access settings for your site</p>
263                     </li>
264                 </ul>
265             </fieldset>
266             <input type="submit" name="submit" class="submit" value="Submit" />
267         </fieldset>
268     </form>
269
270 E_O_T;
271     }
272
273     /**
274      * Handle a POST submission... if we have valid input, start the install!
275      * Otherwise shows the form along with any error messages.
276      */
277     function handlePost()
278     {
279         echo <<<STR
280         <dl class="system_notice">
281             <dt>Page notice</dt>
282             <dd>
283                 <ul>
284 STR;
285         $this->validated = $this->prepare();
286         if ($this->validated) {
287             $this->doInstall();
288         }
289         echo <<<STR
290             </ul>
291         </dd>
292     </dl>
293 STR;
294         if (!$this->validated) {
295             $this->showForm();
296         }
297     }
298
299     /**
300      * Read and validate input data.
301      * May output side effects.
302      *
303      * @return boolean success
304      */
305     function prepare()
306     {
307         $post = new Posted();
308         $this->host     = $post->string('host');
309         $this->dbtype   = $post->string('dbtype');
310         $this->database = $post->string('database');
311         $this->username = $post->string('dbusername');
312         $this->password = $post->string('dbpassword');
313         $this->sitename = $post->string('sitename');
314         $this->fancy    = (bool)$post->string('fancy');
315
316         $this->adminNick    = strtolower($post->string('admin_nickname'));
317         $this->adminPass    = $post->string('admin_password');
318         $adminPass2         = $post->string('admin_password2');
319         $this->adminEmail   = $post->string('admin_email');
320         $this->adminUpdates = $post->string('admin_updates');
321
322         $this->siteProfile = $post->string('site_profile');
323
324         $this->server = $_SERVER['HTTP_HOST'];
325         $this->path = substr(dirname($_SERVER['PHP_SELF']), 1);
326
327         $fail = false;
328         if (!$this->validateDb()) {
329             $fail = true;
330         }
331
332         if (!$this->validateAdmin()) {
333             $fail = true;
334         }
335
336         if ($this->adminPass != $adminPass2) {
337             $this->updateStatus("Administrator passwords do not match. Did you mistype?", true);
338             $fail = true;
339         }
340
341         if (!$this->validateSiteProfile()) {
342             $fail = true;
343         }
344
345         return !$fail;
346     }
347
348 }
349
350 ?>
351 <?php echo"<?"; ?> xml version="1.0" encoding="UTF-8" <?php echo "?>"; ?>
352 <!DOCTYPE html
353 PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
354        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
355 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en_US" lang="en_US">
356     <head>
357         <title>Install StatusNet</title>
358         <link rel="shortcut icon" href="favicon.ico"/>
359         <link rel="stylesheet" type="text/css" href="theme/base/css/display.css" media="screen, projection, tv"/>
360         <link rel="stylesheet" type="text/css" href="theme/neo/css/display.css" media="screen, projection, tv"/>
361         <!--[if IE]><link rel="stylesheet" type="text/css" href="theme/base/css/ie.css" /><![endif]-->
362         <!--[if lte IE 6]><link rel="stylesheet" type="text/css" theme/base/css/ie6.css" /><![endif]-->
363         <!--[if lte IE 7]><link rel="stylesheet" type="text/css" theme/base/css/ie7.css" /><![endif]-->
364         <script src="js/jquery.min.js"></script>
365         <script src="js/install.js"></script>
366     </head>
367     <body id="install">
368         <div id="wrap">
369             <div id="header">
370                 <address id="site_contact" class="vcard">
371                     <a class="url home bookmark" href=".">
372                         <img class="logo photo" src="theme/neo/logo.png" alt="StatusNet"/>
373                         <span class="fn org">StatusNet</span>
374                     </a>
375                 </address>
376                 <div id="site_nav_global_primary"></div>
377             </div>
378             <div id="core">
379              <div id="aside_primary_wrapper">
380               <div id="content_wrapper">
381                <div id="site_nav_local_views_wrapper">
382                 <div id="site_nav_local_views"></div>
383
384                 <div id="content">
385                      <div id="content_inner">
386                         <h1>Install StatusNet</h1>
387 <?php
388 $installer = new WebInstaller();
389 $installer->main();
390 ?>
391                    </div>
392                 </div>
393
394                 <div id="aside_primary" class="aside"></div>
395                </div>
396               </div>
397              </div>
398             </div>
399             <div id="footer"></div>
400         </div>
401     </body>
402 </html>