2018-07-13 18:39:55 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
/*
|
2018-11-29 22:57:06 +01:00
|
|
|
* Copyright (c) Codiad & Kent Safranski (codiad.com), Isaac Brown (telaaedifex.com),
|
|
|
|
|
* distributed as-is and without warranty under the MIT License. See
|
2018-07-13 18:39:55 +02:00
|
|
|
* [root]/license.txt for more. This information must remain intact.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Paths
|
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
$path = $_POST['path'];
|
2018-07-13 18:39:55 +02:00
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
$rel = str_replace( '/components/install/process.php', '', $_SERVER['REQUEST_URI'] );
|
2018-07-13 18:39:55 +02:00
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
$workspace = $path . "/workspace";
|
|
|
|
|
$users = $path . "/data/users.php";
|
|
|
|
|
$projects = $path . "/data/projects.php";
|
|
|
|
|
$active = $path . "/data/active.php";
|
|
|
|
|
$sessions = $path . "/data/sessions";
|
|
|
|
|
$config = $path . "/config.php";
|
2018-07-13 18:39:55 +02:00
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Functions
|
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
function saveFile( $file, $data ) {
|
|
|
|
|
|
|
|
|
|
$write = fopen( $file, 'w' ) or die( "can't open file" );
|
|
|
|
|
fwrite( $write, $data );
|
|
|
|
|
fclose( $write );
|
2018-07-13 18:39:55 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
function saveJSON( $file, $data ) {
|
|
|
|
|
|
|
|
|
|
$data = "<?php/*|\r\n" . json_encode( $data ) . "\r\n|*/?>";
|
|
|
|
|
saveFile( $file, $data );
|
2018-07-13 18:39:55 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
function encryptPassword( $p ) {
|
|
|
|
|
|
|
|
|
|
return sha1( md5( $p ) );
|
2018-07-13 18:39:55 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
function cleanUsername( $username ) {
|
|
|
|
|
|
|
|
|
|
return preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ' ). ']#', '', $username );
|
2018-07-13 18:39:55 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
function isAbsPath( $path ) {
|
|
|
|
|
|
|
|
|
|
return $path[0] === '/';
|
2018-07-13 18:39:55 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
function cleanPath( $path ) {
|
|
|
|
|
|
|
|
|
|
// prevent Poison Null Byte injections
|
|
|
|
|
$path = str_replace( chr( 0 ), '', $path );
|
|
|
|
|
|
|
|
|
|
// prevent go out of the workspace
|
|
|
|
|
while ( strpos( $path, '../' ) !== false ) {
|
|
|
|
|
|
|
|
|
|
$path = str_replace( '../', '', $path );
|
|
|
|
|
}
|
|
|
|
|
return $path;
|
2018-07-13 18:39:55 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
|
// Verify no overwrites
|
|
|
|
|
//////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
2019-03-04 21:39:30 +01:00
|
|
|
if ( ! ( defined( 'DBHOST' ) && defined( 'DBNAME' ) && defined( 'DBUSER' ) && defined( 'DBPASS' ) && defined( 'DBTYPE' ) ) ) {
|
2018-11-29 22:57:06 +01:00
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
// Get POST responses
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
|
|
$username = cleanUsername( $_POST['username'] );
|
|
|
|
|
$password = encryptPassword( $_POST['password'] );
|
|
|
|
|
$project_name = $_POST['project_name'];
|
|
|
|
|
if ( isset( $_POST['project_path'] ) ) {
|
|
|
|
|
|
|
|
|
|
$project_path = $_POST['project_path'];
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
|
|
$project_path = $project_name;
|
|
|
|
|
}
|
|
|
|
|
$timezone = $_POST['timezone'];
|
2019-03-01 13:01:05 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
$dbtype = $_POST['dbtype'];
|
2018-12-14 19:08:07 +01:00
|
|
|
$dbhost = $_POST['dbhost'];
|
|
|
|
|
$dbname = $_POST['dbname'];
|
|
|
|
|
$dbuser = $_POST['dbuser'];
|
|
|
|
|
$dbpass = $_POST['dbpass'];
|
2018-12-11 23:58:01 +01:00
|
|
|
|
2019-03-01 13:01:05 +01:00
|
|
|
//Valid databases Codiad is able to use
|
2019-03-04 21:39:30 +01:00
|
|
|
$db_types = [
|
|
|
|
|
'mysql',
|
|
|
|
|
'postgresql',
|
|
|
|
|
//'sqlite',
|
2019-03-01 13:01:05 +01:00
|
|
|
];
|
|
|
|
|
|
|
|
|
|
//Is selected database type valid?
|
2019-03-04 21:39:30 +01:00
|
|
|
if( ! in_array( $dbtype, $db_types ) ) {
|
|
|
|
|
|
|
|
|
|
die( "Invalid database. Please select one of " . implode( ", ", $db_types ) . "." );
|
2019-03-01 13:01:05 +01:00
|
|
|
}
|
|
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
try {
|
|
|
|
|
|
|
|
|
|
$connection = new PDO( "{$dbtype}:host={$dbhost};dbname={$dbname}", $dbuser, $dbpass );
|
|
|
|
|
} catch( exception $e ) {
|
|
|
|
|
|
|
|
|
|
die( "Could not connect to database." );
|
|
|
|
|
die();
|
|
|
|
|
}
|
2018-12-11 23:58:01 +01:00
|
|
|
$bind_vars = array();
|
|
|
|
|
$bind = "";
|
2019-03-04 21:39:30 +01:00
|
|
|
$database_sql_fullpath = $path . '/components/install/sql/' . $dbtype . '.sql';
|
|
|
|
|
if( ! is_file( $database_sql_fullpath ) ) {
|
|
|
|
|
|
2019-03-03 20:13:26 +01:00
|
|
|
die("Could not find the sql of the database ".$dbtype." to execute");
|
|
|
|
|
}
|
2019-03-04 21:39:30 +01:00
|
|
|
$sql = file_get_contents( $database_sql_fullpath );
|
2019-03-03 20:13:26 +01:00
|
|
|
|
2019-02-04 22:42:12 +01:00
|
|
|
|
|
|
|
|
try {
|
2019-03-04 21:39:30 +01:00
|
|
|
|
2019-03-03 20:13:26 +01:00
|
|
|
//Create the database
|
2019-03-04 21:39:30 +01:00
|
|
|
$result = $connection->exec( $sql );
|
2019-02-04 22:42:12 +01:00
|
|
|
} catch( PDOException $e ) {
|
|
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
die($e->getMessage());
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$error = $connection->errorInfo();
|
|
|
|
|
if( ! $error[0] == "00000" ) {
|
|
|
|
|
|
|
|
|
|
die( $error[2] );
|
2019-02-04 22:42:12 +01:00
|
|
|
}
|
2018-12-11 23:58:01 +01:00
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
// Create Projects files
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
|
|
$project_path = cleanPath( $project_path );
|
|
|
|
|
|
|
|
|
|
if ( ! isAbsPath( $project_path ) ) {
|
2019-02-04 22:42:12 +01:00
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
$project_path = str_replace( " ", "_", preg_replace( '/[^\w-\.]/', '', $project_path ) );
|
2018-12-14 19:08:07 +01:00
|
|
|
if( ! is_dir( $workspace . "/" . $project_path ) ) {
|
|
|
|
|
|
|
|
|
|
mkdir( $workspace . "/" . $project_path );
|
|
|
|
|
}
|
2018-11-29 22:57:06 +01:00
|
|
|
} else {
|
|
|
|
|
|
|
|
|
|
$project_path = cleanPath( $project_path );
|
|
|
|
|
if ( substr( $project_path, -1 ) == '/' ) {
|
|
|
|
|
|
|
|
|
|
$project_path = substr( $project_path, 0, strlen( $project_path ) - 1 );
|
|
|
|
|
}
|
|
|
|
|
if ( ! file_exists( $project_path ) ) {
|
|
|
|
|
|
|
|
|
|
if ( ! mkdir( $project_path . '/', 0755, true ) ) {
|
|
|
|
|
|
|
|
|
|
die( "Unable to create Absolute Path" );
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
|
|
if ( ! is_writable( $project_path ) || ! is_readable( $project_path ) ) {
|
|
|
|
|
|
|
|
|
|
die( "No Read/Write Permission" );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$bind_variables = array(
|
2018-12-11 23:58:01 +01:00
|
|
|
$project_name,
|
|
|
|
|
$project_path,
|
|
|
|
|
$username
|
|
|
|
|
);
|
2019-02-04 23:35:54 +01:00
|
|
|
$query = "INSERT INTO projects(name, path, owner) VALUES (?,?,?);";
|
2019-02-04 22:42:12 +01:00
|
|
|
$statement = $connection->prepare( $query );
|
|
|
|
|
$statement->execute( $bind_variables );
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$error = $statement->errorInfo();
|
2018-12-11 23:58:01 +01:00
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
if( ! $error[0] == "00000" ) {
|
|
|
|
|
|
|
|
|
|
die( $error[2] );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$bind_variables = array(
|
2018-12-11 23:58:01 +01:00
|
|
|
"",
|
|
|
|
|
"",
|
|
|
|
|
$username,
|
|
|
|
|
$password,
|
|
|
|
|
"",
|
|
|
|
|
$project_path,
|
|
|
|
|
"admin",
|
|
|
|
|
"",
|
|
|
|
|
""
|
|
|
|
|
);
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$query = "INSERT INTO users(first_name, last_name, username, password, email, project, access, groups, token) VALUES (?,?,?,?,?,?,?,?,?)";
|
2019-02-04 22:42:12 +01:00
|
|
|
$statement = $connection->prepare( $query );
|
|
|
|
|
$statement->execute( $bind_variables );
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
$error = $statement->errorInfo();
|
2018-12-11 23:58:01 +01:00
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
if( ! $error[0] == "00000" ) {
|
|
|
|
|
|
|
|
|
|
die( $error[2] );
|
|
|
|
|
}
|
2018-12-14 19:08:07 +01:00
|
|
|
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
|
2018-07-24 14:56:42 +02:00
|
|
|
/**
|
2018-11-29 22:57:06 +01:00
|
|
|
* Create sessions path.
|
|
|
|
|
*/
|
2018-07-24 14:56:42 +02:00
|
|
|
|
|
|
|
|
if ( ! is_dir( $sessions ) ) {
|
Changed $path to __DIR__ for config location, Updated auto reload variables, Removed unload listener for auto reload, Changed project default to array so that if no projects exist the program does not crash, Updated autosave to use let instead of vars, Fixed capitalization for sideExpanded variable, Added try catch to pdo initialization on install, Added more error checks on install, Removed password function on install query, Changed default settings array, Added loading div to user delete, Updated queries that threw errors when a default value was zero, Added blank username and password check,
2019-02-09 22:14:27 +01:00
|
|
|
|
2018-07-27 19:59:08 +02:00
|
|
|
mkdir( $sessions, 00755 );
|
2018-07-24 14:56:42 +02:00
|
|
|
}
|
|
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
// Create Active file
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
2018-12-21 17:43:51 +01:00
|
|
|
saveJSON( $active, array( '' ) );
|
2018-11-29 22:57:06 +01:00
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
// Create Config
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$config_data = '<?php
|
2018-07-13 18:39:55 +02:00
|
|
|
|
|
|
|
|
/*
|
2018-11-29 22:57:06 +01:00
|
|
|
* Copyright (c) Codiad & Kent Safranski (codiad.com), Isaac Brown (telaaedifex.com),
|
|
|
|
|
* distributed as-is and without warranty under the MIT License. See
|
2018-07-13 18:39:55 +02:00
|
|
|
* [root]/license.txt for more. This information must remain intact.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
// CONFIG
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
|
|
// PATH TO CODIAD
|
|
|
|
|
define("BASE_PATH", "' . $path . '");
|
|
|
|
|
|
|
|
|
|
// BASE URL TO CODIAD (without trailing slash)
|
|
|
|
|
define("BASE_URL", "' . $_SERVER["HTTP_HOST"] . $rel . '");
|
|
|
|
|
|
|
|
|
|
// THEME : default, modern or clear (look at /themes)
|
|
|
|
|
define("THEME", "default");
|
|
|
|
|
|
|
|
|
|
// ABSOLUTE PATH
|
|
|
|
|
define("WHITEPATHS", BASE_PATH . ",/home");
|
|
|
|
|
|
|
|
|
|
// SESSIONS (e.g. 7200)
|
|
|
|
|
$cookie_lifetime = "0";
|
|
|
|
|
|
|
|
|
|
// TIMEZONE
|
|
|
|
|
date_default_timezone_set("' . $_POST['timezone'] . '");
|
|
|
|
|
|
|
|
|
|
// External Authentification
|
|
|
|
|
//define("AUTH_PATH", "/path/to/customauth.php");
|
|
|
|
|
|
2018-07-25 14:56:41 +02:00
|
|
|
// Site Name
|
2018-12-14 18:30:04 +01:00
|
|
|
define("SITE_NAME", "' . $_POST['site_name'] . '");
|
2018-07-25 14:56:41 +02:00
|
|
|
|
2018-11-29 22:57:06 +01:00
|
|
|
// Database Information
|
|
|
|
|
define( "DBHOST", "' . $_POST['dbhost'] . '" );
|
|
|
|
|
define( "DBNAME", "' . $_POST['dbname'] . '" );
|
|
|
|
|
define( "DBUSER", "' . $_POST['dbuser'] . '" );
|
|
|
|
|
define( "DBPASS", "' . $_POST['dbpass'] . '" );
|
2019-02-04 22:42:12 +01:00
|
|
|
define( "DBTYPE", "' . $_POST['dbtype'] . '" );
|
2018-11-29 22:57:06 +01:00
|
|
|
|
2018-07-13 18:39:55 +02:00
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
// ** DO NOT EDIT CONFIG BELOW **
|
|
|
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
|
|
// PATHS
|
|
|
|
|
define("COMPONENTS", BASE_PATH . "/components");
|
|
|
|
|
define("PLUGINS", BASE_PATH . "/plugins");
|
|
|
|
|
define("THEMES", BASE_PATH . "/themes");
|
|
|
|
|
define("DATA", BASE_PATH . "/data");
|
|
|
|
|
define("WORKSPACE", BASE_PATH . "/workspace");
|
|
|
|
|
|
|
|
|
|
// URLS
|
|
|
|
|
define("WSURL", BASE_URL . "/workspace");
|
|
|
|
|
|
|
|
|
|
// Marketplace
|
|
|
|
|
//define("MARKETURL", "http://market.codiad.com/json");
|
|
|
|
|
';
|
2018-11-29 22:57:06 +01:00
|
|
|
|
|
|
|
|
saveFile( $config, $config_data );
|
|
|
|
|
echo( "success" );
|
2019-03-03 20:13:26 +01:00
|
|
|
}
|
