tiki-install.php 6.85 KB
Newer Older
1
<?php
changi67's avatar
changi67 committed
2
/**
kstingel's avatar
kstingel committed
3
 * Tiki's Installation script.
rjsmelo's avatar
rjsmelo committed
4
 *
kstingel's avatar
kstingel committed
5 6
 * Used to install a fresh Tiki instance, to upgrade an existing Tiki to a newer version and to test sendmail.
 *
rjsmelo's avatar
rjsmelo committed
7
 * @package TikiWiki
8
 * @copyright (c) Copyright by authors of the Tiki Wiki CMS Groupware Project. All Rights Reserved. See copyright.txt for details and a complete list of authors.
kstingel's avatar
kstingel committed
9
 * @licence Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
changi67's avatar
changi67 committed
10
 */
changi67's avatar
changi67 committed
11
// $Id$
12

13
$in_installer = 1;
14
define('TIKI_IN_INSTALLER', 1);
rjsmelo's avatar
rjsmelo committed
15 16 17 18 19 20 21 22 23
if (! isset($title)) {
	$title = 'Tiki Installer';
}
if (! isset($content)) {
	$content = 'No content specified. Something went wrong.<br/>Please tell your administrator.<br/>If you are the administrator, you may want to check for / file a bug report.';
}
if (! isset($dberror)) {
	$dberror = false;
}
24

25 26 27 28
// Show all errors
error_reporting(-1);
ini_set('display_errors', 1);

29
// Check that PHP version is sufficient
30

31 32
if (version_compare(PHP_VERSION, '7.1.0', '<')) {
	$title = 'PHP 7.1 is required';
rjsmelo's avatar
rjsmelo committed
33
	$content = '<p>Please contact your system administrator ( if you are not the one ;) ). Your version: ' . PHP_VERSION . ' <br /> <br /> ' . 'Please also visit <a href="tiki-check.php">Server Check</a>' . '</p>';
Kissaki's avatar
Kissaki committed
34
	createPage($title, $content);
35 36
}

37 38 39 40
require_once('lib/init/initlib.php');
$tikipath = dirname(__FILE__) . '/';
TikiInit::appendIncludePath($tikipath);

41
require_once('db/tiki-db.php');	// to set up multitiki etc if there
42

rjsmelo's avatar
rjsmelo committed
43
$lockFile = 'db/' . $tikidomainslash . 'lock';
44

45
// if tiki installer is locked (probably after previous installation) display notice
46
if (file_exists($lockFile)) {
47
	$title = 'Tiki Installer Disabled';
rjsmelo's avatar
rjsmelo committed
48
	$td = empty($tikidomain) ? '' : '/' . $tikidomain;
49
	$content = '
50 51 52
							<p>As a security precaution, the Tiki Installer has been disabled. To re-enable the installer:</p>
							<div style="border: solid 1px #ccc; margin: 1em auto; width: 40%;">
								<ol style="text-align: left">
rjsmelo's avatar
rjsmelo committed
53 54
									<li>Use your file manager application to find the directory where you have unpacked your Tiki and remove the <strong><code>lock</code></strong> file which was created in the <strong><code>db' . $td . '</code></strong> folder.</li>
									<li>Re-run <strong><a href="tiki-install.php' . (empty($tikidomain) ? '' : "?multi=$tikidomain") . '" title="Tiki Installer">tiki-install.php' . (empty($tikidomain) ? '' : "?multi=$tikidomain") . '</a></strong>.</li>
55 56
								</ol>
							</div>';
Kissaki's avatar
Kissaki committed
57
	createPage($title, $content);
58 59
}

60
if (!empty($db) && ! $db->getOne("SELECT COUNT(*) FROM `information_schema`.`character_sets` WHERE `character_set_name` = 'utf8mb4';")) {
61 62 63
	die(tr('Your database does not support the utf8mb4 character set required in Tiki19 and above. You need to upgrade your mysql or mariadb installation.'));
}

64
$tikiroot = str_replace('\\', '/', dirname($_SERVER['PHP_SELF']));
65
$session_params = session_get_cookie_params();
Kissaki's avatar
Kissaki committed
66
session_set_cookie_params($session_params['lifetime'], $tikiroot);
67
unset($session_params);
68
session_start();
69

70 71
$rootcheck = empty($tikiroot) || $tikiroot === '/' ? '' : $tikiroot;
$refered = isset($_SERVER['HTTP_REFERER']) ? strpos($_SERVER['HTTP_REFERER'], $rootcheck . '/tiki-install.php') : false;
rjsmelo's avatar
rjsmelo committed
72 73
if (! $refered || ($refered && ! isset($_POST['install_step']))) {
	unset($_SESSION['accessible']);
74
}
75
// Were database details defined before? If so, load them
rjsmelo's avatar
rjsmelo committed
76 77
if (file_exists('db/' . $tikidomainslash . 'local.php')) {
	include 'db/' . $tikidomainslash . 'local.php';
78 79

	// In case of replication, ignore it during installer.
rjsmelo's avatar
rjsmelo committed
80
	unset($shadow_dbs, $shadow_user, $shadow_pass, $shadow_host);
81

82
	// check for provided login details and check against the old, saved details that they're correct
83 84
	if (isset($_POST['dbuser'], $_POST['dbpass'])) {
		if (($_POST['dbuser'] == $user_tiki) && ($_POST['dbpass'] == $pass_tiki)) {
85
			$_SESSION['accessible'] = true;
rjsmelo's avatar
rjsmelo committed
86 87
			unset($_POST['dbuser']);
			unset($_POST['dbpass']);
88 89 90 91 92 93 94
		} else {
			$_SESSION['installer_auth_failure'] = isset($_SESSION['installer_auth_failure']) ? $_SESSION['installer_auth_failure'] + 1 : 1;

			// If there are too many failures during a single session, lock the installer as a precaution
			if ($_SESSION['installer_auth_failure'] >= 20) {
				touch($lockFile);
			}
95
		}
96
	}
97
} else {
98
	// No database info found, so it's a first-install and thus installer is accessible
99
	$_SESSION['accessible'] = true;
100
}
101

102 103
if (isset($_SESSION['accessible'])) {
	// allowed to access installer, include it
104 105
	$logged = true;
	$admin_acc = 'y';
106
	include_once 'installer/tiki-installer.php';
107
} else {
108
	// Installer knows db details but no login details were received for this script.
109 110 111
	// Thus, display a form.
	$title = 'Tiki Installer Security Precaution';
	$content = '
112
							<p style="margin-top: 24px;">You are attempting to run the Tiki Installer. For your protection, this installer can be used only by a site administrator.</p>
113 114
							<p>To verify that you are a site administrator, enter your <strong><em>database</em></strong> credentials (database username and password) here.</p>
							<p>If you have forgotten your database credentials, find the directory where you have unpacked your Tiki and have a look inside the <strong><code>db</code></strong> folder into the <strong><code>local.php</code></strong> file.</p>
115
							<form method="post" action="tiki-install.php">
116
								<input type="hidden" name="enterinstall" value="1">
117 118
								<p><label for="dbuser" class="sr-only">Database username</label> <input type="text" id="dbuser" name="dbuser" placeholder="Database username"/></p>
								<p><label for="dbpass" class="sr-only">Database password</label> <input type="password" id="dbpass" name="dbpass" placeholder="Database password"/></p>
119
								<p><input type="submit" class="btn btn-primary btn-sm" value=" Validate and Continue " /></p>
120 121
							</form>
							<p>&nbsp;</p>';
Kissaki's avatar
Kissaki committed
122
	createPage($title, $content);
123 124
}

125

126
/**
kstingel's avatar
kstingel committed
127
 * creates the HTML page to be displayed.
rjsmelo's avatar
rjsmelo committed
128 129 130
 *
 * Tiki may not have been installed when we reach here, so we can't use our templating system yet.
 *
kstingel's avatar
kstingel committed
131 132
 * @param string $title   page Title
 * @param mixed  $content page Content
133
 */
134 135
function createPage($title, $content)
{
136
	echo <<<END
137 138 139 140
<!DOCTYPE html 
	PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
luciash's avatar
luciash committed
141 142
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
143
		<link type="text/css" rel="stylesheet" href="vendor_bundled/vendor/twbs/bootstrap/dist/css/bootstrap.css" />
144
		<title>$title</title>
luciash's avatar
luciash committed
145
	</head>
146 147 148 149 150 151 152 153 154 155 156 157
	<body class="container text-center">
		<div class="row">
			<img alt="Site Logo" src="img/tiki/Tiki_WCG.png" style="margin: 10px;" />
		</div>
		<div class="row">
			<h1>
				$title
			</h1>
		</div>
		</div>
			<div id="middle">
				$content
158
			</div>
159
		</div>
160
		<div class="row">
161
			<a href="http://tiki.org" target="_blank" title="Powered by Tiki Wiki CMS Groupware"><img src="img/tiki/tikibutton.png" alt="Powered by Tiki Wiki CMS Groupware" /></a>
luciash's avatar
luciash committed
162 163
		</div>
	</body>
164
</html>
165
END;
166
	die;
167
}