2018-07-13 18:39:55 +02:00
< ? php
/*
2018-11-29 22:57:06 +01:00
* Copyright ( c ) Codiad & Kent Safranski ( codiad . com ), Isaac Brown ( telaaedifex . com ),
* distributed as - is and without warranty under the MIT License . See
2018-07-13 18:39:55 +02:00
* [ root ] / license . txt for more . This information must remain intact .
*/
//////////////////////////////////////////////////////////////////////
// Paths
//////////////////////////////////////////////////////////////////////
2018-11-29 22:57:06 +01:00
$path = $_POST [ 'path' ];
2018-07-13 18:39:55 +02:00
2018-11-29 22:57:06 +01:00
$rel = str_replace ( '/components/install/process.php' , '' , $_SERVER [ 'REQUEST_URI' ] );
2018-07-13 18:39:55 +02:00
2018-11-29 22:57:06 +01:00
$workspace = $path . " /workspace " ;
$users = $path . " /data/users.php " ;
$projects = $path . " /data/projects.php " ;
$active = $path . " /data/active.php " ;
$sessions = $path . " /data/sessions " ;
$config = $path . " /config.php " ;
2018-07-13 18:39:55 +02:00
//////////////////////////////////////////////////////////////////////
// Functions
//////////////////////////////////////////////////////////////////////
2018-11-29 22:57:06 +01:00
function saveFile ( $file , $data ) {
2019-04-01 22:20:57 +02:00
$write = fopen ( $file , 'w' ) or die ( '{"message": "can\'t open file"}' );
2018-11-29 22:57:06 +01:00
fwrite ( $write , $data );
fclose ( $write );
2018-07-13 18:39:55 +02:00
}
2018-11-29 22:57:06 +01:00
function saveJSON ( $file , $data ) {
$data = " <?php/*| \r \n " . json_encode ( $data ) . " \r \n |*/?> " ;
saveFile ( $file , $data );
2018-07-13 18:39:55 +02:00
}
2018-11-29 22:57:06 +01:00
function encryptPassword ( $p ) {
return sha1 ( md5 ( $p ) );
2018-07-13 18:39:55 +02:00
}
2018-11-29 22:57:06 +01:00
function cleanUsername ( $username ) {
return preg_replace ( '#[^A-Za-z0-9' . preg_quote ( '-_@. ' ) . ']#' , '' , $username );
2018-07-13 18:39:55 +02:00
}
2018-11-29 22:57:06 +01:00
function isAbsPath ( $path ) {
return $path [ 0 ] === '/' ;
2018-07-13 18:39:55 +02:00
}
2018-11-29 22:57:06 +01:00
function cleanPath ( $path ) {
// prevent Poison Null Byte injections
$path = str_replace ( chr ( 0 ), '' , $path );
// prevent go out of the workspace
while ( strpos ( $path , '../' ) !== false ) {
$path = str_replace ( '../' , '' , $path );
}
return $path ;
2018-07-13 18:39:55 +02:00
}
//////////////////////////////////////////////////////////////////////
// Verify no overwrites
//////////////////////////////////////////////////////////////////////
2019-03-04 21:39:30 +01:00
if ( ! ( defined ( 'DBHOST' ) && defined ( 'DBNAME' ) && defined ( 'DBUSER' ) && defined ( 'DBPASS' ) && defined ( 'DBTYPE' ) ) ) {
2018-11-29 22:57:06 +01:00
//////////////////////////////////////////////////////////////////
// Get POST responses
//////////////////////////////////////////////////////////////////
$username = cleanUsername ( $_POST [ 'username' ] );
$password = encryptPassword ( $_POST [ 'password' ] );
$project_name = $_POST [ 'project_name' ];
if ( isset ( $_POST [ 'project_path' ] ) ) {
$project_path = $_POST [ 'project_path' ];
} else {
$project_path = $project_name ;
}
$timezone = $_POST [ 'timezone' ];
2019-03-01 13:01:05 +01:00
2019-02-04 22:42:12 +01:00
$dbtype = $_POST [ 'dbtype' ];
2018-12-14 19:08:07 +01:00
$dbhost = $_POST [ 'dbhost' ];
$dbname = $_POST [ 'dbname' ];
$dbuser = $_POST [ 'dbuser' ];
$dbpass = $_POST [ 'dbpass' ];
2018-12-11 23:58:01 +01:00
2019-03-01 13:01:05 +01:00
//Valid databases Codiad is able to use
2019-03-04 21:39:30 +01:00
$db_types = [
'mysql' ,
'postgresql' ,
//'sqlite',
2019-03-01 13:01:05 +01:00
];
//Is selected database type valid?
2019-03-04 21:39:30 +01:00
if ( ! in_array ( $dbtype , $db_types ) ) {
2019-04-01 22:20:57 +02:00
die ( '{"message": "Invalid database. Please select one of the following: ' . implode ( " , " , $db_types ) . '.", "error": "' . addslashes ( json_encode ( array ( $dbtype , $db_types ) ) ) . '"}' );
2019-03-01 13:01:05 +01:00
}
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
try {
$connection = new PDO ( " { $dbtype } :host= { $dbhost } ;dbname= { $dbname } " , $dbuser , $dbpass );
2019-04-01 22:20:57 +02:00
} catch ( PDOException $e ) {
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
2019-04-01 22:20:57 +02:00
die ( '{"message":"Could not connect to database.","error":"' . addslashes ( json_encode ( $e -> getMessage () ) ) . '"}' );
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
}
2018-12-11 23:58:01 +01:00
$bind_vars = array ();
$bind = " " ;
2019-03-04 21:39:30 +01:00
$database_sql_fullpath = $path . '/components/install/sql/' . $dbtype . '.sql' ;
if ( ! is_file ( $database_sql_fullpath ) ) {
2019-04-01 22:20:57 +02:00
die ( '{"message":"Could not find the sql script for the database type: ' . $dbtype . '","error":"' . addslashes ( json_encode ( array ( " path " => $database_sql_fullpath , " dbtype " => $dbtype ) ) ) . '"}' );
2019-03-03 20:13:26 +01:00
}
2019-03-04 21:39:30 +01:00
$sql = file_get_contents ( $database_sql_fullpath );
2019-02-04 22:42:12 +01:00
try {
2019-03-04 21:39:30 +01:00
2019-03-03 20:13:26 +01:00
//Create the database
2019-03-04 21:39:30 +01:00
$result = $connection -> exec ( $sql );
2019-02-04 22:42:12 +01:00
} catch ( PDOException $e ) {
2019-04-01 22:20:57 +02:00
die ( '{"message":"Could not create initial tables in database.","error":"' . addslashes ( json_encode ( $e -> getMessage () ) ) . '"}' );
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
}
$error = $connection -> errorInfo ();
if ( ! $error [ 0 ] == " 00000 " ) {
2019-04-01 22:20:57 +02:00
die ( '{"message":"Could not create initial tables in database.","error":"' . addslashes ( json_encode ( $error ) ) . '"}' );
2019-02-04 22:42:12 +01:00
}
2018-12-11 23:58:01 +01:00
2018-11-29 22:57:06 +01:00
//////////////////////////////////////////////////////////////////
// Create Projects files
//////////////////////////////////////////////////////////////////
$project_path = cleanPath ( $project_path );
if ( ! isAbsPath ( $project_path ) ) {
2019-02-04 22:42:12 +01:00
2018-11-29 22:57:06 +01:00
$project_path = str_replace ( " " , " _ " , preg_replace ( '/[^\w-\.]/' , '' , $project_path ) );
2018-12-14 19:08:07 +01:00
if ( ! is_dir ( $workspace . " / " . $project_path ) ) {
mkdir ( $workspace . " / " . $project_path );
}
2018-11-29 22:57:06 +01:00
} else {
$project_path = cleanPath ( $project_path );
if ( substr ( $project_path , - 1 ) == '/' ) {
$project_path = substr ( $project_path , 0 , strlen ( $project_path ) - 1 );
}
if ( ! file_exists ( $project_path ) ) {
if ( ! mkdir ( $project_path . '/' , 0755 , true ) ) {
2019-04-01 22:20:57 +02:00
die ( '{"message": "Unable to create Absolute Path"}' );
2018-11-29 22:57:06 +01:00
}
} else {
if ( ! is_writable ( $project_path ) || ! is_readable ( $project_path ) ) {
2019-04-01 22:20:57 +02:00
die ( '{"message": "No Read/Write Permission"}' );
2018-11-29 22:57:06 +01:00
}
}
}
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
$bind_variables = array (
2018-12-11 23:58:01 +01:00
$project_name ,
$project_path ,
$username
);
2019-02-04 23:35:54 +01:00
$query = " INSERT INTO projects(name, path, owner) VALUES (?,?,?); " ;
2019-02-04 22:42:12 +01:00
$statement = $connection -> prepare ( $query );
$statement -> execute ( $bind_variables );
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
$error = $statement -> errorInfo ();
2018-12-11 23:58:01 +01:00
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
if ( ! $error [ 0 ] == " 00000 " ) {
2019-04-01 22:20:57 +02:00
die ( '{"message":"Could not create project in database.","error":"' . addslashes ( json_encode ( $error )) . '"}' );
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
}
$bind_variables = array (
2018-12-11 23:58:01 +01:00
" " ,
" " ,
$username ,
$password ,
" " ,
$project_path ,
" admin " ,
" " ,
" "
);
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
$query = " INSERT INTO users(first_name, last_name, username, password, email, project, access, groups, token) VALUES (?,?,?,?,?,?,?,?,?) " ;
2019-02-04 22:42:12 +01:00
$statement = $connection -> prepare ( $query );
$statement -> execute ( $bind_variables );
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
$error = $statement -> errorInfo ();
2018-12-11 23:58:01 +01:00
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
if ( ! $error [ 0 ] == " 00000 " ) {
2019-04-01 22:20:57 +02:00
die ( '{"message":"Could not create user in database.","error":"' . addslashes ( json_encode ( $error )) . '"}' );
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
}
2018-12-14 19:08:07 +01:00
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
2018-07-24 14:56:42 +02:00
/**
2018-11-29 22:57:06 +01:00
* Create sessions path .
*/
2018-07-24 14:56:42 +02:00
if ( ! is_dir ( $sessions ) ) {
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
2018-07-27 19:59:08 +02:00
mkdir ( $sessions , 00755 );
2018-07-24 14:56:42 +02:00
}
2018-11-29 22:57:06 +01:00
//////////////////////////////////////////////////////////////////
// Create Active file
//////////////////////////////////////////////////////////////////
2018-12-21 17:43:51 +01:00
saveJSON ( $active , array ( '' ) );
2018-11-29 22:57:06 +01:00
//////////////////////////////////////////////////////////////////
// Create Config
//////////////////////////////////////////////////////////////////
$config_data = ' < ? php
2018-07-13 18:39:55 +02:00
/*
2018-11-29 22:57:06 +01:00
* Copyright ( c ) Codiad & Kent Safranski ( codiad . com ), Isaac Brown ( telaaedifex . com ),
* distributed as - is and without warranty under the MIT License . See
2018-07-13 18:39:55 +02:00
* [ root ] / license . txt for more . This information must remain intact .
*/
//////////////////////////////////////////////////////////////////
// CONFIG
//////////////////////////////////////////////////////////////////
// PATH TO CODIAD
define ( " BASE_PATH " , " ' . $path . ' " );
// BASE URL TO CODIAD (without trailing slash)
define ( " BASE_URL " , " ' . $_SERVER["HTTP_HOST"] . $rel . ' " );
// THEME : default, modern or clear (look at /themes)
define ( " THEME " , " default " );
// ABSOLUTE PATH
define ( " WHITEPATHS " , BASE_PATH . " ,/home " );
// SESSIONS (e.g. 7200)
$cookie_lifetime = " 0 " ;
// TIMEZONE
date_default_timezone_set ( " ' . $_POST['timezone'] . ' " );
// External Authentification
//define("AUTH_PATH", "/path/to/customauth.php");
2018-07-25 14:56:41 +02:00
// Site Name
2018-12-14 18:30:04 +01:00
define ( " SITE_NAME " , " ' . $_POST['site_name'] . ' " );
2018-07-25 14:56:41 +02:00
2018-11-29 22:57:06 +01:00
// Database Information
define ( " DBHOST " , " ' . $_POST['dbhost'] . ' " );
define ( " DBNAME " , " ' . $_POST['dbname'] . ' " );
define ( " DBUSER " , " ' . $_POST['dbuser'] . ' " );
define ( " DBPASS " , " ' . $_POST['dbpass'] . ' " );
2019-02-04 22:42:12 +01:00
define ( " DBTYPE " , " ' . $_POST['dbtype'] . ' " );
2018-11-29 22:57:06 +01:00
2018-07-13 18:39:55 +02:00
//////////////////////////////////////////////////////////////////
// ** DO NOT EDIT CONFIG BELOW **
//////////////////////////////////////////////////////////////////
// PATHS
define ( " COMPONENTS " , BASE_PATH . " /components " );
define ( " PLUGINS " , BASE_PATH . " /plugins " );
define ( " THEMES " , BASE_PATH . " /themes " );
define ( " DATA " , BASE_PATH . " /data " );
define ( " WORKSPACE " , BASE_PATH . " /workspace " );
// URLS
define ( " WSURL " , BASE_URL . " /workspace " );
// Marketplace
//define("MARKETURL", "http://market.codiad.com/json");
' ;
2018-11-29 22:57:06 +01:00
saveFile ( $config , $config_data );
echo ( " success " );
2019-03-03 20:13:26 +01:00
}