tiki-install.php 6.51 KB
Newer Older
1
<?php
changi67's avatar
changi67 committed
2
/**
kstingel's avatar
kstingel committed
3 4 5 6 7
 * Tiki's Installation script.
 * 
 * Used to install a fresh Tiki instance, to upgrade an existing Tiki to a newer version and to test sendmail.
 *
 * @package TikiWiki 
8
 * @copyright (c) Copyright 2002-2015 by authors of the Tiki Wiki CMS Groupware Project. All Rights Reserved. See copyright.txt for details and a complete list of authors.
kstingel's avatar
kstingel committed
9
 * @licence Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
changi67's avatar
changi67 committed
10
 */
changi67's avatar
changi67 committed
11
// $Id$
12

13
$in_installer = 1;
14
define('TIKI_IN_INSTALLER', 1);
15
if (!isset($title)) $title = 'Tiki Installer';
16
if (!isset($content)) $content = 'No content specified. Something went wrong.<br/>Please tell your administrator.<br/>If you are the administrator, you may want to check for / file a bug report.';
17
if (!isset($dberror)) $dberror = false;
18

19 20 21 22
// Show all errors
error_reporting(-1);
ini_set('display_errors', 1);

23
// Check that PHP version is sufficient
24

25 26
if (version_compare(PHP_VERSION, '5.5.0', '<')) {
	$title = 'PHP 5.5 is required';
27
	$content = '<p>Please contact your system administrator ( if you are not the one ;) ). Your version: '.PHP_VERSION.' <br /> <br /> '.'Please also visit <a href="tiki-check.php">Server Check</a>'.'</p>';
Kissaki's avatar
Kissaki committed
28
	createPage($title, $content);
29 30
}

31 32 33 34
require_once('lib/init/initlib.php');
$tikipath = dirname(__FILE__) . '/';
TikiInit::appendIncludePath($tikipath);

35
require_once('db/tiki-db.php');	// to set up multitiki etc if there
36

37 38
$lockFile = 'db/'.$tikidomainslash.'lock';

39
// if tiki installer is locked (probably after previous installation) display notice
40
if (file_exists($lockFile)) {
41
	$title = 'Tiki Installer Disabled';
42
	$td = empty($tikidomain)? '': '/'.$tikidomain;
43
	$content = '
44 45 46
							<p>As a security precaution, the Tiki Installer has been disabled. To re-enable the installer:</p>
							<div style="border: solid 1px #ccc; margin: 1em auto; width: 40%;">
								<ol style="text-align: left">
47
									<li>Use your file manager application to find the directory where you have unpacked your Tiki and remove the <strong><code>lock</code></strong> file which was created in the <strong><code>db'.$td.'</code></strong> folder.</li>
48
									<li>Re-run <strong><a href="tiki-install.php'.(empty($tikidomain)?'':"?multi=$tikidomain").'" title="Tiki Installer">tiki-install.php'.(empty($tikidomain)?'':"?multi=$tikidomain").'</a></strong>.</li>
49 50
								</ol>
							</div>';
Kissaki's avatar
Kissaki committed
51
	createPage($title, $content);
52 53
}

54
$tikiroot = str_replace('\\', '/', dirname($_SERVER['PHP_SELF']));
55
$session_params = session_get_cookie_params();
Kissaki's avatar
Kissaki committed
56
session_set_cookie_params($session_params['lifetime'], $tikiroot);
57
unset($session_params);
58
session_start();
59

60 61
$rootcheck = empty($tikiroot) || $tikiroot === '/' ? '' : $tikiroot;
$refered = isset($_SERVER['HTTP_REFERER']) ? strpos($_SERVER['HTTP_REFERER'], $rootcheck . '/tiki-install.php') : false;
62
if (!$refered || ($refered && !isset($_POST['install_step']))) {
63 64
	unset ($_SESSION['accessible']);
}
65
// Were database details defined before? If so, load them
66 67
if (file_exists('db/'.$tikidomainslash.'local.php')) {
	include 'db/'.$tikidomainslash.'local.php';
68 69 70 71

	// In case of replication, ignore it during installer.
	unset( $shadow_dbs, $shadow_user, $shadow_pass, $shadow_host );

72
	// check for provided login details and check against the old, saved details that they're correct
73 74
	if (isset($_POST['dbuser'], $_POST['dbpass'])) {
		if (($_POST['dbuser'] == $user_tiki) && ($_POST['dbpass'] == $pass_tiki)) {
75
			$_SESSION['accessible'] = true;
76 77
			unset ($_POST['dbuser']);
			unset ($_POST['dbpass']);
78 79 80 81 82 83 84
		} else {
			$_SESSION['installer_auth_failure'] = isset($_SESSION['installer_auth_failure']) ? $_SESSION['installer_auth_failure'] + 1 : 1;

			// If there are too many failures during a single session, lock the installer as a precaution
			if ($_SESSION['installer_auth_failure'] >= 20) {
				touch($lockFile);
			}
85
		}
86
	}
87
} else {
88
	// No database info found, so it's a first-install and thus installer is accessible
89
	$_SESSION['accessible'] = true;
90
}
91

92 93
if (isset($_SESSION['accessible'])) {
	// allowed to access installer, include it
94 95
	$logged = true;
	$admin_acc = 'y';
96
	include_once 'installer/tiki-installer.php';
97
} else {
98
	// Installer knows db details but no login details were received for this script.
99 100 101
	// Thus, display a form.
	$title = 'Tiki Installer Security Precaution';
	$content = '
102
							<p style="margin-top: 24px;">You are attempting to run the Tiki Installer. For your protection, this installer can be used only by a site administrator.</p>
103 104
							<p>To verify that you are a site administrator, enter your <strong><em>database</em></strong> credentials (database username and password) here.</p>
							<p>If you have forgotten your database credentials, find the directory where you have unpacked your Tiki and have a look inside the <strong><code>db</code></strong> folder into the <strong><code>local.php</code></strong> file.</p>
105
							<form method="post" action="tiki-install.php">
106
								<input type="hidden" name="enterinstall" value="1">
107 108
								<p><label for="dbuser" class="sr-only">Database username</label> <input type="text" id="dbuser" name="dbuser" placeholder="Database username"/></p>
								<p><label for="dbpass" class="sr-only">Database password</label> <input type="password" id="dbpass" name="dbpass" placeholder="Database password"/></p>
109
								<p><input type="submit" class="btn btn-primary btn-sm" value=" Validate and Continue " /></p>
110 111
							</form>
							<p>&nbsp;</p>';
Kissaki's avatar
Kissaki committed
112
	createPage($title, $content);
113 114
}

115

116
/**
kstingel's avatar
kstingel committed
117 118 119 120 121 122
 * creates the HTML page to be displayed.
 * 
 * Tiki may not have been installed when we reach here, so we can't use our templating system yet. 
 * 
 * @param string $title   page Title
 * @param mixed  $content page Content
123
 */
124 125
function createPage($title, $content)
{
126
	echo <<<END
127 128 129 130
<!DOCTYPE html 
	PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
luciash's avatar
luciash committed
131 132
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
133
		<link type="text/css" rel="stylesheet" href="vendor/twitter/bootstrap/dist/css/bootstrap.css" />
134
		<title>$title</title>
luciash's avatar
luciash committed
135
	</head>
136 137 138 139 140 141 142 143 144 145 146 147
	<body class="container text-center">
		<div class="row">
			<img alt="Site Logo" src="img/tiki/Tiki_WCG.png" style="margin: 10px;" />
		</div>
		<div class="row">
			<h1>
				$title
			</h1>
		</div>
		</div>
			<div id="middle">
				$content
148
			</div>
149
		</div>
150
		<div class="row">
151
			<a href="http://tiki.org" target="_blank" title="Powered by Tiki Wiki CMS Groupware"><img src="img/tiki/tikibutton.png" alt="Powered by Tiki Wiki CMS Groupware" /></a>
luciash's avatar
luciash committed
152 153
		</div>
	</body>
154
</html>
155
END;
156
	die;
157
}