Skip to content

Commit

Permalink
Merge branch 'craigk5n:master' into xact
Browse files Browse the repository at this point in the history
  • Loading branch information
bbannon authored Nov 29, 2023
2 parents 04cdbff + 78bcd84 commit d9a7057
Show file tree
Hide file tree
Showing 14 changed files with 143 additions and 272 deletions.
4 changes: 2 additions & 2 deletions includes/config.php
Original file line number Diff line number Diff line change
Expand Up @@ -343,7 +343,7 @@ function do_config($callingFromInstall=false)

//echo "<pre>"; print_r($rows); echo "</pre>"; exit;
if (!$rows || empty($rows) || empty($rows[0])) {
header($locateStr . 'UNKNOWN&reason=missing');
header($locateStr);
exit;
} else {
$versionInDb = $rows[0][0];
Expand All @@ -367,7 +367,7 @@ function do_config($callingFromInstall=false)
} else {
if (!$callingFromInstall) {
// Must mean we don't have a settings.php file or env variables.
header($locateStr . 'UNKNOWN');
header($locateStr);
exit;
}
}
Expand Down
78 changes: 59 additions & 19 deletions install/index.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<?php

/**
* Main page for install/config of db settings.
* This page is used to create/update includes/settings.php and it also supports
Expand All @@ -10,7 +11,7 @@
* - Make sure the last entry in all the upgrade-*.sql files reference
* this same version. For example, for "v1.0.0", there should be a
* comment of the format: /*upgrade_v1.0.0 */
/* ( Don't remove this line as it leads to nested C-Style comments )
/* ( Don't remove this line as it leads to nested C-Style comments )
* If there are NO db changes, then you should just modify the
* the last comment to be the new version number. If there are
* db changes, you should create a new entry in the *.sql files
Expand All @@ -37,7 +38,14 @@
require_once 'install_functions.php';
require_once 'sql/upgrade_matrix.php';

$debugInstaller = false; // Set to true to get more details on the installer pages
$debugInstaller = false; // Set to true to get more details on the installer pages (but breaks redirects)
$includeLogoutButton = false; // Can be helpful testing installer

if ($debugInstaller && isset($_GET['action']) && $_GET['action'] == 'logout') {
session_name('WebCalendar-Install-' . __DIR__);
session_start();
session_destroy();
}

do_config(true);
ini_set('session.cookie_lifetime', 3600); // 3600 seconds = 1 hour
Expand All @@ -55,16 +63,29 @@
function tryDbConnect()
{
global $settings, $db_database;
if (!isset($_SESSION['db_host']) || !isset($_SESSION['db_login']) || !isset($_SESSION['db_database'])) {
if (!isset($settings['db_type']) || !isset($_SESSION['db_host']) || !isset($_SESSION['db_login']) || !isset($_SESSION['db_database'])) {
return false;
}
try {
// Don't require database to exist in mysqli
if ($_SESSION['db_type'] == 'mysqli') {
$mysqli = new mysqli($_SESSION['db_host'], $_SESSION['db_login'], $_SESSION['db_password']);
if ($mysqli->connect_error) {
return false;
}
return true;
} else {
$c = @dbi_connect(
$_SESSION['db_host'],
$_SESSION['db_login'],
$_SESSION['db_password'],
$_SESSION['db_database'],
false
);
}
} catch (Exception $e) {
return false;
}
$c = @dbi_connect(
$_SESSION['db_host'],
$_SESSION['db_login'],
$_SESSION['db_password'],
$_SESSION['db_database'],
false
);
return !empty($c);
}

Expand Down Expand Up @@ -210,7 +231,14 @@ function_exists('gd_info'),
translate('Safe Mode needs to be disabled to allow setting env variables to specify the timezone')
]
];
//echo "<pre>"; print_r($php_settings); echo "</pre>";
if ($debugInstaller) {
echo "<h2>PHP Settings</h2><pre>";
print_r($php_settings);
echo "</pre>";
echo "<h2>settings.php</h2><pre>";
print_r($settings);
echo "</pre>";
}
// Has the user modified the App Settings so they are different than settings.php
if (empty($_SESSION['appSettingsModified'])) {
$appSettingsModified = false;
Expand All @@ -221,8 +249,13 @@ function_exists('gd_info'),
// Can we connect?
$connectError = '';
$canConnectDb = tryDbConnect();
if (!$canConnectDb)
$connectError = dbi_error ();
if (!$canConnectDb) {
if (empty($settings['db_type'])) {
$connectError = translate('Connection not yet configured');
} else {
$connectError = dbi_error();
}
}
$emptyDatabase = $canConnectDb ? isEmptyDatabase() : true;
$unsavedDbSettings = !empty($_SESSION['unsavedDbSettings']); // Keep track if Db settings were modified by not yet saved
$reportedDbVersion = 'Unknown';
Expand All @@ -231,7 +264,7 @@ function_exists('gd_info'),
$databaseCurrent = false;
$settingsSaved = true; // True if a valid settings.php found unless user changes settings
$detectedDbVersion = 'Unknown';
if ($canConnectDb) {
if ($canConnectDb && !empty($db_connection)) {
$reportedDbVersion = getDbVersion();
$detectedDbVersion = getDatabaseVersionFromSchema();
if ($debugInstaller) {
Expand Down Expand Up @@ -283,16 +316,15 @@ function_exists('gd_info'),
["step" => "dbsettings", "name" => "Database Configuration", "complete" => $canConnectDb && !$unsavedDbSettings],
["step" => "createdb", "name" => "Create Database", "complete" => $databaseExists && !$unsavedDbSettings],
["step" => "dbtables", "name" => "Create/Update Tables", "complete" => $databaseCurrent && !$unsavedDbSettings],
["step" => "dbload", "name" => "Load Defaults", "complete" => !$emptyDatabase],
["step" => "adminuser", "name" => "Create Admin User", "complete" => $adminUserCount > 0 && !$unsavedDbSettings],
["step" => "finish", "name" => "Completion", "complete" => false]
];
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? 'welcome';
// Make sure we received the CSRF token
if (empty($_POST['csrf_form_key'])) {
$_SESSION['alert'] = translate('Your form post was either missing a required session token or timed out.');
redirectToAction($action);
$_SESSION['alert'] = translate('Your form post was either missing a required session token or timed out.');
redirectToAction($action);
}
} else {
$action = $_GET['action'] ?? 'welcome';
Expand Down Expand Up @@ -457,7 +489,7 @@ function_exists('gd_info'),
<h3><?php echo $step['name']; ?></h3>
<form id="<?php echo htmlentities($action); ?>_form" method="POST" action="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<?php
echo csrf_form_key ();
echo csrf_form_key();
if ($error) {
echo "<div class='alert alert-danger'>" . htmlentities($error) . "</div>";
}
Expand Down Expand Up @@ -517,6 +549,14 @@ function_exists('gd_info'),
</script>

<br>
<?php
// Include Logout link if debugging
if ($includeLogoutButton && isset($_SESSION["validUser"])) {
?>
<br><a href="index.php?action=logout">Logout</a>
<?php
}
?>
</body>

</html>
</html>
2 changes: 1 addition & 1 deletion install/install_ajax.php
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ function testDbConnection($host, $login, $password, $database)

try {
if ($_POST['dbType'] == 'mysqli') {
$c = new mysqli($host, $login, $password, $database); // don't specify db
$c = new mysqli($host, $login, $password); // don't specify db
$ret = ($c->connect_errno == 0);
$error_msg = $c->connect_error . ", login=$login, password=$password, host=$host";
$c->close();
Expand Down
6 changes: 3 additions & 3 deletions install/install_appsettings_handler.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,13 @@
$error = translate('Unknown error');
} else {
// Save settings to session
$_SESSION['use_http_auth'] == 'N'; // default
$_SESSION['use_http_auth'] = 'N'; // default
$_SESSION['user_inc'] = $_POST['user_inc'];
if ($_SESSION['user_inc'] == 'http') {
$_SESSION['user_inc'] == 'user.php';
$_SESSION['user_inc'] = 'user.php';
$_SESSION['use_http_auth'] == 'Y';
} else if ($_SESSION['user_inc'] == 'none') {
$_SESSION['user_inc'] == 'user.php'; // single-user
$_SESSION['user_inc'] = 'user.php'; // single-user
}
$_SESSION['single_user'] = $_POST['user_inc'] == 'none' ? 'Y' : 'N';
if (empty($_POST['readonly']))
Expand Down
2 changes: 1 addition & 1 deletion install/install_auth.php
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<?php
$passwordSet = !empty($_SESSION['install_password']);
$passwordSet = !empty($settings['install_password']);
if (!$passwordSet) {
// Not yet set
?> <p>
Expand Down
13 changes: 7 additions & 6 deletions install/install_auth_handler.php
Original file line number Diff line number Diff line change
Expand Up @@ -37,22 +37,22 @@ function write_password_in_new_settings($file, $password, $hint)
{
$date = new DateTime();
$formattedDate = $date->format('D, d M Y H:i:s O');
$content = "<?php\n/* updated via install\/index.php on " . $formattedDate . "\n" .
"install_password: $password\ninstall_password_hint: $hint\n# end settings.php *\n/?>\n";
$content = "<?php\n/* updated via install/index.php on " . $formattedDate . "\n" .
"install_password: $password\ninstall_password_hint: $hint\n# end settings.php */\n?>\n";
return file_put_contents($file, $content);
}

// Handle form submission on Auth page (both setting and checking password)
$passwordSet = !empty($_SESSION['install_password']);
$passwordSet = !empty($settings['install_password']);

if (!$passwordSet) {
// No password set. New instsall. Set password now.
$password = $_POST['password'];
$password2 = $_POST['password2'];
$password = $_POST['password'] ?? '';
$password2 = $_POST['password2'] ?? '';
if ($password != $password2) {
$error = translate('Your passwords must match.');
}
$hint = $_POST['hint'];
$hint = $_POST['hint'] ?? '';
$settingsFile = __DIR__ . '/../includes/settings.php';
if (file_exists($settingsFile) && strlen(file_get_contents($settingsFile) > 10)) {
$ret = update_password_in_settings($settingsFile, md5($password), $hint);
Expand All @@ -62,6 +62,7 @@ function write_password_in_new_settings($file, $password, $hint)
if (!$ret) {
$error = 'Error writing ' . $settingsFile . ' file.';
} else {
$_SESSION['alert'] = translate('Install password saved. Login with password to continue.');
redirectToNextAction();
}
} else {
Expand Down
24 changes: 0 additions & 24 deletions install/install_dbload.php

This file was deleted.

Loading

0 comments on commit d9a7057

Please sign in to comment.