2018-07-13 18:39:55 +02:00
< ? php
/*
2018-11-29 22:57:06 +01:00
* Copyright ( c ) Codiad & Kent Safranski ( codiad . com ), Isaac Brown ( telaaedifex . com ),
* distributed as - is and without warranty under the MIT License . See
2018-07-13 18:39:55 +02:00
* [ root ] / license . txt for more . This information must remain intact .
*/
//////////////////////////////////////////////////////////////////////
// Paths
//////////////////////////////////////////////////////////////////////
2018-11-29 22:57:06 +01:00
$path = $_POST [ 'path' ];
2018-07-13 18:39:55 +02:00
2018-11-29 22:57:06 +01:00
$rel = str_replace ( '/components/install/process.php' , '' , $_SERVER [ 'REQUEST_URI' ] );
2018-07-13 18:39:55 +02:00
2018-11-29 22:57:06 +01:00
$workspace = $path . " /workspace " ;
$users = $path . " /data/users.php " ;
$projects = $path . " /data/projects.php " ;
$active = $path . " /data/active.php " ;
$sessions = $path . " /data/sessions " ;
$config = $path . " /config.php " ;
2018-07-13 18:39:55 +02:00
//////////////////////////////////////////////////////////////////////
// Functions
//////////////////////////////////////////////////////////////////////
2018-11-29 22:57:06 +01:00
function saveFile ( $file , $data ) {
$write = fopen ( $file , 'w' ) or die ( " can't open file " );
fwrite ( $write , $data );
fclose ( $write );
2018-07-13 18:39:55 +02:00
}
2018-11-29 22:57:06 +01:00
function saveJSON ( $file , $data ) {
$data = " <?php/*| \r \n " . json_encode ( $data ) . " \r \n |*/?> " ;
saveFile ( $file , $data );
2018-07-13 18:39:55 +02:00
}
2018-11-29 22:57:06 +01:00
function encryptPassword ( $p ) {
return sha1 ( md5 ( $p ) );
2018-07-13 18:39:55 +02:00
}
2018-11-29 22:57:06 +01:00
function cleanUsername ( $username ) {
return preg_replace ( '#[^A-Za-z0-9' . preg_quote ( '-_@. ' ) . ']#' , '' , $username );
2018-07-13 18:39:55 +02:00
}
2018-11-29 22:57:06 +01:00
function isAbsPath ( $path ) {
return $path [ 0 ] === '/' ;
2018-07-13 18:39:55 +02:00
}
2018-11-29 22:57:06 +01:00
function cleanPath ( $path ) {
// prevent Poison Null Byte injections
$path = str_replace ( chr ( 0 ), '' , $path );
// prevent go out of the workspace
while ( strpos ( $path , '../' ) !== false ) {
$path = str_replace ( '../' , '' , $path );
}
return $path ;
2018-07-13 18:39:55 +02:00
}
//////////////////////////////////////////////////////////////////////
// Verify no overwrites
//////////////////////////////////////////////////////////////////////
2018-11-29 22:57:06 +01:00
if ( ( file_exists ( $user_settings_file ) || file_exists ( $projects_file ) || file_exists ( $users_file ) ) || ! ( defined ( " DBHOST " ) && defined ( " DBNAME " ) && defined ( " DBUSER " ) && defined ( " DBPASS " ) && defined ( " DBTYPE " ) ) ) {
//////////////////////////////////////////////////////////////////
// Get POST responses
//////////////////////////////////////////////////////////////////
$username = cleanUsername ( $_POST [ 'username' ] );
$password = encryptPassword ( $_POST [ 'password' ] );
$project_name = $_POST [ 'project_name' ];
if ( isset ( $_POST [ 'project_path' ] ) ) {
$project_path = $_POST [ 'project_path' ];
} else {
$project_path = $project_name ;
}
$timezone = $_POST [ 'timezone' ];
2018-12-11 23:58:01 +01:00
$dbhost = $_POST [ 'DBHOST' ];
$dbname = $_POST [ 'DBNAME' ];
$dbuser = $_POST [ 'DBUSER' ];
$dbpass = $_POST [ 'DBPASS' ];
$connection = mysqli_connect ( $dbhost , $dbuser , $dbpass , $dbname ) or die ( formatJSEND ( " error " , 'Error connecting to mysql database. Please contact the website administrator.' ) );
$bind_vars = array ();
$bind = " " ;
$sql = "
-- phpMyAdmin SQL Dump
-- version 4.6 . 6 deb5
-- https :// www . phpmyadmin . net /
--
-- Host : localhost : 3306
-- Generation Time : Dec 11 , 2018 at 05 : 31 PM
-- Server version : 5.7 . 24 - 0 ubuntu0 . 18.04 . 1
-- PHP Version : 7.2 . 10 - 0 ubuntu0 . 18.04 . 1
SET SQL_MODE = 'NO_AUTO_VALUE_ON_ZERO' ;
SET time_zone = '+00:00' ;
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */ ;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */ ;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */ ;
/*!40101 SET NAMES utf8mb4 */ ;
--
-- Database : `code_test`
--
-- --------------------------------------------------------
--
-- Table structure for table `options`
--
CREATE TABLE IF NOT EXISTS `options` (
`id` int ( 11 ) NOT NULL ,
`name` varchar ( 255 ) NOT NULL ,
`value` text NOT NULL
) ENGINE = InnoDB DEFAULT CHARSET = latin1 ;
-- --------------------------------------------------------
--
-- Table structure for table `projects`
--
CREATE TABLE IF NOT EXISTS `projects` (
`id` int ( 11 ) NOT NULL ,
`name` varchar ( 255 ) NOT NULL ,
`path` varchar ( 255 ) NOT NULL ,
`owner` varchar ( 255 ) NOT NULL ,
`access` text
) ENGINE = InnoDB DEFAULT CHARSET = latin1 ;
-- --------------------------------------------------------
--
-- Table structure for table `users`
--
CREATE TABLE IF NOT EXISTS `users` (
`id` int ( 11 ) NOT NULL ,
`first_name` varchar ( 255 ) DEFAULT NULL ,
`last_name` varchar ( 255 ) DEFAULT NULL ,
`username` varchar ( 255 ) NOT NULL ,
`password` text NOT NULL ,
`email` varchar ( 255 ) DEFAULT NULL ,
`project` varchar ( 255 ) DEFAULT NULL ,
`access` varchar ( 255 ) NOT NULL ,
`groups` text ,
`token` text
) ENGINE = InnoDB DEFAULT CHARSET = latin1 ;
--
-- Table structure for table `user_options`
--
CREATE TABLE IF NOT EXISTS `user_options` (
`id` int ( 11 ) NOT NULL ,
`name` varchar ( 255 ) NOT NULL ,
`username` varchar ( 255 ) NOT NULL ,
`value` text NOT NULL
) ENGINE = InnoDB DEFAULT CHARSET = latin1 ;
--
-- Indexes for dumped tables
--
--
-- Indexes for table `options`
--
ALTER TABLE `options`
ADD PRIMARY KEY ( `id` ),
ADD UNIQUE KEY `option_name` ( `name` );
--
-- Indexes for table `projects`
--
ALTER TABLE `projects`
ADD PRIMARY KEY ( `id` ),
ADD UNIQUE KEY `project_path` ( `path` , `owner` );
--
-- Indexes for table `users`
--
ALTER TABLE `users`
ADD PRIMARY KEY ( `id` ),
ADD UNIQUE KEY `username` ( `username` );
--
-- Indexes for table `user_options`
--
ALTER TABLE `user_options`
ADD PRIMARY KEY ( `id` ),
ADD UNIQUE KEY `option_name` ( `name` , `username` );
--
-- AUTO_INCREMENT for dumped tables
--
--
-- AUTO_INCREMENT for table `options`
--
ALTER TABLE `options`
MODIFY `id` int ( 11 ) NOT NULL AUTO_INCREMENT ;
--
-- AUTO_INCREMENT for table `projects`
--
ALTER TABLE `projects`
MODIFY `id` int ( 11 ) NOT NULL AUTO_INCREMENT , AUTO_INCREMENT = 41 ;
--
-- AUTO_INCREMENT for table `users`
--
ALTER TABLE `users`
MODIFY `id` int ( 11 ) NOT NULL AUTO_INCREMENT , AUTO_INCREMENT = 79 ;
--
-- AUTO_INCREMENT for table `user_options`
--
ALTER TABLE `user_options`
MODIFY `id` int ( 11 ) NOT NULL AUTO_INCREMENT , AUTO_INCREMENT = 2541 ;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */ ;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */ ;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */ ;
" ;
2018-12-14 18:30:04 +01:00
$result = mysqli_multi_query ( $connection , $sql ) or die ( $error );
2018-12-11 23:58:01 +01:00
if ( $connection -> error ) {
$return = formatJSEND ( " error " , $connection -> error );
}
2018-11-29 22:57:06 +01:00
//////////////////////////////////////////////////////////////////
// Create Projects files
//////////////////////////////////////////////////////////////////
$project_path = cleanPath ( $project_path );
if ( ! isAbsPath ( $project_path ) ) {
$project_path = str_replace ( " " , " _ " , preg_replace ( '/[^\w-\.]/' , '' , $project_path ) );
mkdir ( $workspace . " / " . $project_path );
} else {
$project_path = cleanPath ( $project_path );
if ( substr ( $project_path , - 1 ) == '/' ) {
$project_path = substr ( $project_path , 0 , strlen ( $project_path ) - 1 );
}
if ( ! file_exists ( $project_path ) ) {
if ( ! mkdir ( $project_path . '/' , 0755 , true ) ) {
die ( " Unable to create Absolute Path " );
}
} else {
if ( ! is_writable ( $project_path ) || ! is_readable ( $project_path ) ) {
die ( " No Read/Write Permission " );
}
}
}
2018-12-11 23:58:01 +01:00
$bind_vars = array (
$project_name ,
$project_path ,
$username
);
$bind = " sss " ;
$sql = " INSERT INTO `projects`(`name`, `path`, `owner`) VALUES (?,?,?) " ;
$result = mysqli_prepare ( $connection , $sql ) or die ( $error );
2018-12-14 18:30:04 +01:00
$result -> bind_param ( $bind , ... $bind_vars );
2018-12-11 23:58:01 +01:00
$result -> execute ();
if ( $connection -> error ) {
$return = formatJSEND ( " error " , $connection -> error );
}
$bind_vars = array (
" " ,
" " ,
$username ,
$password ,
" " ,
$project_path ,
" admin " ,
" " ,
" "
);
$bind = " sssssssss " ;
$sql = " INSERT INTO `users`(`first_name`, `last_name`, `username`, `password`, `email`, `project`, `access`, `groups`, `token`) VALUES (?,?,?,PASSWORD(?),?,?,?,?,?) " ;
$result = mysqli_prepare ( $connection , $sql ) or die ( $error );
2018-12-14 18:30:04 +01:00
$result -> bind_param ( $bind , ... $bind_vars );
2018-12-11 23:58:01 +01:00
$result -> execute ();
if ( $connection -> error ) {
$return = formatJSEND ( " error " , $connection -> error );
}
2018-07-24 14:56:42 +02:00
/**
2018-11-29 22:57:06 +01:00
* Create sessions path .
*/
2018-07-24 14:56:42 +02:00
if ( ! is_dir ( $sessions ) ) {
2018-11-29 22:57:06 +01:00
2018-07-27 19:59:08 +02:00
mkdir ( $sessions , 00755 );
2018-07-24 14:56:42 +02:00
}
2018-11-29 22:57:06 +01:00
//////////////////////////////////////////////////////////////////
// Create Active file
//////////////////////////////////////////////////////////////////
saveJSON ( $active , array ( '' ));
//////////////////////////////////////////////////////////////////
// Create Config
//////////////////////////////////////////////////////////////////
$config_data = ' < ? php
2018-07-13 18:39:55 +02:00
/*
2018-11-29 22:57:06 +01:00
* Copyright ( c ) Codiad & Kent Safranski ( codiad . com ), Isaac Brown ( telaaedifex . com ),
* distributed as - is and without warranty under the MIT License . See
2018-07-13 18:39:55 +02:00
* [ root ] / license . txt for more . This information must remain intact .
*/
//////////////////////////////////////////////////////////////////
// CONFIG
//////////////////////////////////////////////////////////////////
// PATH TO CODIAD
define ( " BASE_PATH " , " ' . $path . ' " );
// BASE URL TO CODIAD (without trailing slash)
define ( " BASE_URL " , " ' . $_SERVER["HTTP_HOST"] . $rel . ' " );
// THEME : default, modern or clear (look at /themes)
define ( " THEME " , " default " );
// ABSOLUTE PATH
define ( " WHITEPATHS " , BASE_PATH . " ,/home " );
// SESSIONS (e.g. 7200)
$cookie_lifetime = " 0 " ;
// TIMEZONE
date_default_timezone_set ( " ' . $_POST['timezone'] . ' " );
// External Authentification
//define("AUTH_PATH", "/path/to/customauth.php");
2018-07-25 14:56:41 +02:00
// Site Name
2018-12-14 18:30:04 +01:00
define ( " SITE_NAME " , " ' . $_POST['site_name'] . ' " );
2018-07-25 14:56:41 +02:00
2018-11-29 22:57:06 +01:00
// Database Information
define ( " DBHOST " , " ' . $_POST['dbhost'] . ' " );
define ( " DBNAME " , " ' . $_POST['dbname'] . ' " );
define ( " DBUSER " , " ' . $_POST['dbuser'] . ' " );
define ( " DBPASS " , " ' . $_POST['dbpass'] . ' " );
define ( " DBTYPE " , " mysql " );
2018-07-13 18:39:55 +02:00
//////////////////////////////////////////////////////////////////
// ** DO NOT EDIT CONFIG BELOW **
//////////////////////////////////////////////////////////////////
// PATHS
define ( " COMPONENTS " , BASE_PATH . " /components " );
define ( " PLUGINS " , BASE_PATH . " /plugins " );
define ( " THEMES " , BASE_PATH . " /themes " );
define ( " DATA " , BASE_PATH . " /data " );
define ( " WORKSPACE " , BASE_PATH . " /workspace " );
// URLS
define ( " WSURL " , BASE_URL . " /workspace " );
// Marketplace
//define("MARKETURL", "http://market.codiad.com/json");
' ;
2018-11-29 22:57:06 +01:00
saveFile ( $config , $config_data );
echo ( " success " );
2018-07-13 18:39:55 +02:00
}