projects / mailer.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security line in all includes changed
[mailer.git] / inc / install-inc.php
diff --git a/inc/install-inc.php b/inc/install-inc.php
index 14d36d3efbf2a59d71d5f836be289c55d0383fcf..55eb350f4fd272dab2db9fa5976de5e90018b5eb 100644 (file)
--- a/inc/install-inc.php
+++ b/inc/install-inc.php
@@ -36,7 +36,7 @@
  ************************************************************************/
 
 // Some security stuff...
  ************************************************************************/
 
 // Some security stuff...
-if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
+if (!defined('__SECURITY')) {
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
        $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
        require($INC);
 }
@@ -45,9 +45,10 @@ if (ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) {
 function install_WriteData ($file, $comment, $prefix, $suffix, $DATA, $sneak=0) {
        // Initialize all and count up the "seak" value
        $done = false;
 function install_WriteData ($file, $comment, $prefix, $suffix, $DATA, $sneak=0) {
        // Initialize all and count up the "seak" value
        $done = false;
-       $next = 0;
+       $next = -1;
        $sneak++;
        $sneak++;
-       if ((file_exists($file)) && (is_readable($file))) {
+
+       if (FILE_READABLE($file)) {
                $search = "CFG: ".$comment;
                $tmp = $file.".tmp";
                $fp = @fopen($file, 'r') or OUTPUT_HTML("<STRONG>READ:</STRONG> ".$file."<br />");
                $search = "CFG: ".$comment;
                $tmp = $file.".tmp";
                $fp = @fopen($file, 'r') or OUTPUT_HTML("<STRONG>READ:</STRONG> ".$file."<br />");
@@ -56,15 +57,22 @@ function install_WriteData ($file, $comment, $prefix, $suffix, $DATA, $sneak=0)
                        if (is_resource($fp_tmp)) {
                                while (!feof($fp)) {
                                        $line = fgets ($fp, 10240);
                        if (is_resource($fp_tmp)) {
                                while (!feof($fp)) {
                                        $line = fgets ($fp, 10240);
-                                       if (strpos($line, $search) > -1) $next = 0;
+                                       //* DEBUG: */ echo $search."/<font color=\"red\">".htmlentities($line)."</font><br />\n";
+                                       $found = strpos($line, $search);
+                                       //* DEBUG: */ echo "FOUND: <font color=\"brown\">";
+                                       //* DEBUG: */ var_dump($found);
+                                       //* DEBUG: */ echo "</font><br />\n";
+                                       if ($found !== false) $next = 0;
                                        if ($next > -1) {
                                                if ($next == $sneak) {
                                                        $next = -1;
                                                        $line = $prefix.$DATA.$suffix."\n";
                                        if ($next > -1) {
                                                if ($next == $sneak) {
                                                        $next = -1;
                                                        $line = $prefix.$DATA.$suffix."\n";
+                                                       //* DEBUG: */ echo "NEW: <font color=\"blue\">".htmlentities($line)."</font><br />\n";
                                                } else {
                                                        $next++;
                                                }
                                        }
                                                } else {
                                                        $next++;
                                                }
                                        }
+                                       //* DEBUG: */ echo "WRITE: <font color=\"green\">".htmlentities($line)."</font><br />\n";
                                        fputs($fp_tmp, $line);
                                }
                                fclose($fp_tmp);
                                        fputs($fp_tmp, $line);
                                }
                                fclose($fp_tmp);
@@ -158,7 +166,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                if (empty($mysql['prefix'])) $mysql['prefix'] = "mxchange_";
                if ((sizeof($FATAL) > 0) || (!empty($FATAL[0]))) {
                        OUTPUT_HTML("<SPAN class=\"install_fatal\">");
                if (empty($mysql['prefix'])) $mysql['prefix'] = "mxchange_";
                if ((sizeof($FATAL) > 0) || (!empty($FATAL[0]))) {
                        OUTPUT_HTML("<SPAN class=\"install_fatal\">");
-                       foreach ($FATAL as $key=>$err) {
+                       foreach ($FATAL as $key => $err) {
                                OUTPUT_HTML("  <STRONG>&middot;</STRONG>&nbsp;".FATAL_NO.($key + 1).":&nbsp;".$err."<br />");
                        }
                        OUTPUT_HTML("</SPAN><br />");
                                OUTPUT_HTML("  <STRONG>&middot;</STRONG>&nbsp;".FATAL_NO.($key + 1).":&nbsp;".$err."<br />");
                        }
                        OUTPUT_HTML("</SPAN><br />");
@@ -264,10 +272,10 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
   <TD>
     <SELECT name=\"warn_no_pass\" size=\"1\" class=\"install_select\">
       <OPTION value=\"true\"");
   <TD>
     <SELECT name=\"warn_no_pass\" size=\"1\" class=\"install_select\">
       <OPTION value=\"true\"");
-               if (warn_no_pass) OUTPUT_HTML(" selected=\"selected\"");
+               if (isBooleanConstantAndTrue('warn_no_pass')) OUTPUT_HTML(" selected=\"selected\"");
                OUTPUT_HTML(">".YES."</OPTION>
       <OPTION value=\"false\"");
                OUTPUT_HTML(">".YES."</OPTION>
       <OPTION value=\"false\"");
-               if (!warn_no_pass) OUTPUT_HTML(" selected=\"selected\"");
+               if (!isBooleanConstantAndTrue('warn_no_pass')) OUTPUT_HTML(" selected=\"selected\"");
                OUTPUT_HTML(">".NO."</OPTION>
     </SELECT>
   </TD>
                OUTPUT_HTML(">".NO."</OPTION>
     </SELECT>
   </TD>
@@ -278,10 +286,10 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
   <TD>
     <SELECT name=\"wfooter\" size=\"1\" class=\"install_select\">
       <OPTION value=\"true\"");
   <TD>
     <SELECT name=\"wfooter\" size=\"1\" class=\"install_select\">
       <OPTION value=\"true\"");
-               if (WRITE_FOOTER) OUTPUT_HTML(" selected=\"selected\"");
+               if (isBooleanConstantAndTrue('WRITE_FOOTER')) OUTPUT_HTML(" selected=\"selected\"");
                OUTPUT_HTML(">".YES."</OPTION>
       <OPTION value=\"false\"");
                OUTPUT_HTML(">".YES."</OPTION>
       <OPTION value=\"false\"");
-               if (!WRITE_FOOTER) OUTPUT_HTML(" selected=\"selected\"");
+               if (!isBooleanConstantAndTrue('WRITE_FOOTER')) OUTPUT_HTML(" selected=\"selected\"");
                OUTPUT_HTML(">".NO."</OPTION>
     </SELECT>
   </TD>
                OUTPUT_HTML(">".NO."</OPTION>
     </SELECT>
   </TD>
@@ -303,7 +311,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
 <TR><TD colspan=\"2\" height=\"21\" class=\"seperator\">&nbsp;</TD></TR>
 <TR>
   <TD colspan=\"2\" align=\"center\">");
 <TR><TD colspan=\"2\" height=\"21\" class=\"seperator\">&nbsp;</TD></TR>
 <TR>
   <TD colspan=\"2\" align=\"center\">");
-               foreach ($mysql as $key=>$value) {
+               foreach ($mysql as $key => $value) {
                        OUTPUT_HTML("    <INPUT type=\"hidden\" name=\"mysql[".$key."]\" value=\"".$value."\">");
                }
                OUTPUT_HTML("    <INPUT type=\"hidden\" name=\"spath\" value=\"".__SPATH_VALUE."\">
                        OUTPUT_HTML("    <INPUT type=\"hidden\" name=\"mysql[".$key."]\" value=\"".$value."\">");
                }
                OUTPUT_HTML("    <INPUT type=\"hidden\" name=\"spath\" value=\"".__SPATH_VALUE."\">
@@ -334,12 +342,12 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                                $db = SQL_SELECT_DB($mysql['dbase'], $link, __FILE__, __LINE__);
                                if ($db) {
                                        // Automatically run install.sql
                                $db = SQL_SELECT_DB($mysql['dbase'], $link, __FILE__, __LINE__);
                                if ($db) {
                                        // Automatically run install.sql
-                                       if ((file_exists($_POST['spath']."install/tables.sql")) && (file_exists($_POST['spath']."install/menu-".GET_LANGUAGE().".sql"))) {
+                                       if ((FILE_READABLE($_POST['spath']."install/tables.sql")) && (FILE_READABLE($_POST['spath']."install/menu-".GET_LANGUAGE().".sql"))) {
                                                // Both exists so import them
                                                foreach (array("tables.sql", "menu-".GET_LANGUAGE().".sql") as $dump) {
                                                        // Should be save here because file_exists() is there but we check it again. :)
                                                        $file = secureString($_POST['spath']) . "install/" . $dump;
                                                // Both exists so import them
                                                foreach (array("tables.sql", "menu-".GET_LANGUAGE().".sql") as $dump) {
                                                        // Should be save here because file_exists() is there but we check it again. :)
                                                        $file = secureString($_POST['spath']) . "install/" . $dump;
-                                                       if ((file_exists($file)) && (is_readable($file))) {
+                                                       if (FILE_READABLE($file)) {
                                                                // Load the file
                                                                $sql = implode("", file($file));
 
                                                                // Load the file
                                                                $sql = implode("", file($file));
 
@@ -372,24 +380,24 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                                                }
 
                                                // Ok, all done. So we can write the config data to the php files
                                                }
 
                                                // Ok, all done. So we can write the config data to the php files
-                                               if ($_POST['spath'] != PATH) install_WriteData($_POST['spath']."inc/config.php", "SERVER-PATH", "define ('PATH', \"", "\");", $_POST['spath'], 0);
-                                               if ($_POST['burl']  != URL)  install_WriteData($_POST['spath']."inc/config.php", "HOST-URL", "define ('URL', \"", "\");", $_POST['burl'], 0);
-                                               install_WriteData($_POST['spath']."inc/config.php", "MAIN_TITLE", "define ('MAIN_TITLE', \"", "\");", $_POST['title'], 0);
-                                               install_WriteData($_POST['spath']."inc/config.php", "SLOGAN", "define ('SLOGAN', \"", "\");", $_POST['slogan'], 0);
-                                               install_WriteData($_POST['spath']."inc/config.php", "WEBMASTER", "define ('WEBMASTER', \"", "\");", $_POST['email'], 0);
-                                               install_WriteData($_POST['spath']."inc/config.php", "NULLPASS-WARNING", "define ('warn_no_pass', ", ");", $_POST['warn_no_pass'], 0);
-                                               install_WriteData($_POST['spath']."inc/config.php", "WRITE-FOOTER", "define ('WRITE_FOOTER', ", ");", $_POST['wfooter'], 0);
-                                               install_WriteData($_POST['spath']."inc/config.php", "BACKLINK", "define ('ENABLE_BACKLINK', ", ");", $_POST['blink'], 0);
-                                               // install_WriteData($_POST['spath']."inc/config.php", "OUTPUT-MODE", "define ('OUTPUT_MODE', \"", "\");", $_POST['omode'], 0);
+                                               if ($_POST['spath'] != PATH) install_WriteData($_POST['spath']."inc/config.php", "SERVER-PATH", "define('PATH', \"", "\");", $_POST['spath'], 0);
+                                               if ($_POST['burl']  != URL)  install_WriteData($_POST['spath']."inc/config.php", "HOST-URL", "define('URL', \"", "\");", $_POST['burl'], 0);
+                                               install_WriteData($_POST['spath']."inc/config.php", "MAIN_TITLE", "define('MAIN_TITLE', \"", "\");", $_POST['title'], 0);
+                                               install_WriteData($_POST['spath']."inc/config.php", "SLOGAN", "define('SLOGAN', \"", "\");", $_POST['slogan'], 0);
+                                               install_WriteData($_POST['spath']."inc/config.php", "WEBMASTER", "define('WEBMASTER', \"", "\");", $_POST['email'], 0);
+                                               install_WriteData($_POST['spath']."inc/config.php", "NULLPASS-WARNING", "define('warn_no_pass', ", ");", $_POST['warn_no_pass'], 0);
+                                               install_WriteData($_POST['spath']."inc/config.php", "WRITE-FOOTER", "define('WRITE_FOOTER', ", ");", $_POST['wfooter'], 0);
+                                               install_WriteData($_POST['spath']."inc/config.php", "BACKLINK", "define('ENABLE_BACKLINK', ", ");", $_POST['blink'], 0);
+                                               // install_WriteData($_POST['spath']."inc/config.php", "OUTPUT-MODE", "define('OUTPUT_MODE', \"", "\");", $_POST['omode'], 0);
                                                install_WriteData($_POST['spath']."inc/config.php", "MYSQL-HOST", "     'host'     => \"", "\",", $mysql['host'], 0);
                                                install_WriteData($_POST['spath']."inc/config.php", "MYSQL-DBASE", "    'dbase'    => \"", "\",", $mysql['dbase'], 0);
                                                install_WriteData($_POST['spath']."inc/config.php", "MYSQL-LOGIN", "    'login'    => \"", "\",", $mysql['login'], 0);
                                                install_WriteData($_POST['spath']."inc/config.php", "MYSQL-PASSWORD", " 'password' => \"", "\",", $mysql['pass1'], 0);
                                                install_WriteData($_POST['spath']."inc/config.php", "MYSQL-HOST", "     'host'     => \"", "\",", $mysql['host'], 0);
                                                install_WriteData($_POST['spath']."inc/config.php", "MYSQL-DBASE", "    'dbase'    => \"", "\",", $mysql['dbase'], 0);
                                                install_WriteData($_POST['spath']."inc/config.php", "MYSQL-LOGIN", "    'login'    => \"", "\",", $mysql['login'], 0);
                                                install_WriteData($_POST['spath']."inc/config.php", "MYSQL-PASSWORD", " 'password' => \"", "\",", $mysql['pass1'], 0);
-                                               install_WriteData($_POST['spath']."inc/config.php", "MYSQL-PREFIX", "define ('_MYSQL_PREFIX', \"", "\");", $mysql['prefix'], 0);
-                                               install_WriteData($_POST['spath']."inc/config.php", "SMTP-HOSTNAME", "define ('SMTP_HOSTNAME', \"", "\");", $_POST['smtp_host'], 0);
-                                               install_WriteData($_POST['spath']."inc/config.php", "SMTP-USER", "define ('SMTP_USER', \"", "\");", $_POST['smtp_user'], 0);
-                                               install_WriteData($_POST['spath']."inc/config.php", "SMTP-PASSWORD", "define ('SMTP_PASSWORD', \"", "\");", $_POST['smtp_pass'], 0);
-                                               install_WriteData($_POST['spath']."inc/config.php", "INSTALLED", "define ('mxchange_installed', ", ");", "true", 0);
+                                               install_WriteData($_POST['spath']."inc/config.php", "MYSQL-PREFIX", "define('_MYSQL_PREFIX', \"", "\");", $mysql['prefix'], 0);
+                                               install_WriteData($_POST['spath']."inc/config.php", "SMTP-HOSTNAME", "define('SMTP_HOSTNAME', \"", "\");", $_POST['smtp_host'], 0);
+                                               install_WriteData($_POST['spath']."inc/config.php", "SMTP-USER", "define('SMTP_USER', \"", "\");", $_POST['smtp_user'], 0);
+                                               install_WriteData($_POST['spath']."inc/config.php", "SMTP-PASSWORD", "define('SMTP_PASSWORD', \"", "\");", $_POST['smtp_pass'], 0);
+                                               install_WriteData($_POST['spath']."inc/config.php", "INSTALLED", "define('mxchange_installed', ", ");", "true", 0);
 
                                                // Close the link
                                                SQL_CLOSE($link, __FILE__, __LINE__);
 
                                                // Close the link
                                                SQL_CLOSE($link, __FILE__, __LINE__);
@@ -401,7 +409,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                                        }
                                }
                        }
                                        }
                                }
                        }
-                       if ((sizeof($FATAL) > 0) || ($FATAL[0] != ""))
+                       if ((sizeof($FATAL) > 0) || ($FATAL[0] != ''))
                        {
                                $OUT = "";
                                foreach ($FATAL as $value)
                        {
                                $OUT = "";
                                foreach ($FATAL as $value)
@@ -410,7 +418,7 @@ if ((!isBooleanConstantAndTrue('mxchange_installed')) || (!isBooleanConstantAndT
                                }
                                define('__FATAL_ERROR_LI', $OUT);
                                $OUT = "";
                                }
                                define('__FATAL_ERROR_LI', $OUT);
                                $OUT = "";
-                               foreach ($mysql as $key=>$value)
+                               foreach ($mysql as $key => $value)
                                {
                                        $OUT .= "    <INPUT type=\"hidden\" name=\"mysql[".$key."]\" value=\"".$value."\">\n";
                                }
                                {
                                        $OUT .= "    <INPUT type=\"hidden\" name=\"mysql[".$key."]\" value=\"".$value."\">\n";
                                }
Mailer-Project repository