PageRenderTime 119ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 0ms

/installer/install.php

http://github.com/ushahidi/Ushahidi_Web
PHP | 968 lines | 829 code | 68 blank | 71 comment | 59 complexity | 44676ea386f1ff17af8a1ac8e2d29b8d MD5 | raw file
Possible License(s): LGPL-2.1
  1. <?php
  2. /**
  3. * This class acts like a controller.
  4. *
  5. * PHP version 5
  6. * LICENSE: This source file is subject to LGPL license
  7. * that is available through the world-wide-web at the following URI:
  8. * http://www.gnu.org/copyleft/lesser.html
  9. * @author Ushahidi Team <team@ushahidi.com>
  10. * @package Ushahidi - http://source.ushahididev.com
  11. * @module Admin Dashboard Controller
  12. * @copyright Ushahidi - http://www.ushahidi.com
  13. * @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General
  14. * Public License (LGPL)
  15. */
  16. require_once('form.php');
  17. require_once('modulecheck.php');
  18. class Install
  19. {
  20. private $database_file;
  21. private $install_directory;
  22. public function __construct()
  23. {
  24. global $form;
  25. $this->install_directory = dirname(dirname(__FILE__));
  26. $this->_index();
  27. }
  28. public function _index()
  29. {
  30. session_start();
  31. }
  32. /**
  33. * Validates the form fields and does the necessary processing.
  34. */
  35. public function _install_db_info( $username, $password, $host, $select_db_type,
  36. $db_name, $table_prefix, $base_path )
  37. {
  38. global $form;
  39. //check for empty fields
  40. if(!$username || strlen($username = trim($username)) == 0 ){
  41. $form->set_error("username", "Please make sure to " .
  42. "enter the <strong>username</strong> of the database server.");
  43. }
  44. if( !$host || strlen($host = trim($host)) == 0 ){
  45. $form->set_error("host","Please enter the <strong>host</strong> of the
  46. database server." );
  47. }
  48. if( !$db_name || strlen($db_name = trim($db_name)) == 0 ){
  49. $form->set_error("db_name","Please enter the <strong>name</strong> of your database.");
  50. }
  51. // load database.template.php and work from it.
  52. if(!file_exists('../application/config/database.template.php')){
  53. $form->set_error("load_db_tpl","<strong>Oops!</strong> I need the file called " .
  54. "<code>database.template.php</code> to work
  55. from. Please make sure this file is in the <code>application/config/</code> folder.");
  56. }
  57. // load .htaccess file and work with it.
  58. if(!file_exists('../.htaccess')){
  59. $form->set_error("load_htaccess_file","<strong>Oops!</strong> I need a file called " .
  60. "<code>.htaccess</code> to work
  61. with. Please make sure this file is in the root directory of your Ushahidi files.");
  62. }
  63. if( !is_writable('../.htaccess')) {
  64. $form->set_error('htaccess_perm',
  65. "<strong>Oops!</strong> Ushahidi is unable to write to the <code>.htaccess</code> file. " .
  66. "Please change the permissions of that file to allow write access (777). " .
  67. "<p>Here are instructions for changing file permissions:</p>" .
  68. "<ul>" .
  69. " <li><a href=\"http://www.washington.edu/computing/unix/permissions.html\">Unix/Linux</a></li>" .
  70. " <li><a href=\"http://support.microsoft.com/kb/308419\">Windows</a></li>" .
  71. "</ul>");
  72. }
  73. if( !is_writable('../application/config')) {
  74. $form->set_error('permission',
  75. "<strong>Oops!</strong> Ushahidi is trying to create and/or edit a file called \"" .
  76. "database.php\" and is unable to do so at the moment. This is probably due to the fact " .
  77. "that your permissions aren't set up properly for the <code>config</code> folder. " .
  78. "Please change the permissions of that folder to allow write access (777). " .
  79. "<p>Here are instructions for changing file permissions:</p>" .
  80. "<ul>" .
  81. " <li><a href=\"http://www.washington.edu/computing/unix/permissions.html\">Unix/Linux</a></li>" .
  82. " <li><a href=\"http://support.microsoft.com/kb/308419\">Windows</a></li>" .
  83. "</ul>");
  84. }
  85. if( !is_writable('../application/config/config.php')) {
  86. $form->set_error('config_perm',
  87. "<strong>Oops!</strong> Ushahidi is trying to edit a file called \"" .
  88. "config.php\" and is unable to do so at the moment. This is probably due to the fact " .
  89. "that your permissions aren't set up properly for the <code>config.php</code> file. " .
  90. "Please change the permissions of that folder to allow write access (777). " .
  91. "<p>Here are instructions for changing file permissions:</p>" .
  92. "<ul>" .
  93. " <li><a href=\"http://www.washington.edu/computing/unix/permissions.html\">Unix/Linux</a></li>" .
  94. " <li><a href=\"http://support.microsoft.com/kb/308419\">Windows</a></li>" .
  95. "</ul>"
  96. /* CB: Commenting this out... I think it's better if we just have them change the permissions of the specific
  97. files and folders rather than all the files
  98. "Alternatively, you could make the webserver own all the ushahidi files. On unix usually, you" .
  99. "issue this command <code>chown -R www-data:ww-data</code>");
  100. */
  101. );
  102. }
  103. if(!$this->_make_connection($username, $password, $host)){
  104. $form->set_error("connection","<strong>Oops!</strong>, We couldn't make a connection to
  105. the database server with the credentials given. Please make sure they are correct.");
  106. }
  107. /**
  108. * error exists, have user correct them.
  109. */
  110. if( $form->num_errors > 0 ) {
  111. return 1;
  112. } else {
  113. $this->_add_config_details($base_path);
  114. $this->_add_htaccess_entry($base_path);
  115. $this->_add_db_details( $username, $password, $host, $select_db_type,
  116. $db_name, $table_prefix );
  117. $this->_import_sql($username, $password, $host, $db_name, $table_prefix);
  118. $this->_chmod_folders();
  119. $sitename = $this->_get_url();
  120. $url = $this->_get_url();
  121. $configure_stats = $this->_configure_stats($sitename, $url, $host, $username, $password, $db_name, $table_prefix);
  122. return 0;
  123. }
  124. }
  125. /**
  126. * Validates general settings fields and then add details to
  127. * the settings table.
  128. */
  129. public function _general_settings($site_name, $site_tagline, $default_lang, $site_email, $table_prefix,$clean_url)
  130. {
  131. global $form;
  132. //check for empty fields
  133. if(!$site_name || strlen($site_name = trim($site_name)) == 0 ){
  134. $form->set_error("site_name", "Please make sure to " .
  135. "enter a <strong>site name</strong>.");
  136. } else {
  137. $site_name = stripslashes($site_name);
  138. }
  139. if(!$site_tagline || strlen($site_tagline = trim($site_tagline)) == 0 ){
  140. $form->set_error("site_tagline", "Please make sure to " .
  141. "enter a <strong>site tagline</strong>.");
  142. } else {
  143. $site_tagline = stripslashes($site_tagline);
  144. }
  145. /* Email error checking */
  146. if(!$site_email || strlen($site_email = trim($site_email)) == 0){
  147. $form->set_error("site_email", "Please enter a <strong>site email address</strong>.");
  148. } else{
  149. /* Check if valid email address */
  150. $regex = "/^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
  151. ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
  152. ."\.([a-z]{2,}){1}$/i";
  153. if(!preg_match($regex,$site_email)){
  154. $form->set_error("site_email", "Please enter a valid email address. ex: johndoe@email.com.");
  155. }
  156. $site_email = stripslashes($site_email);
  157. }
  158. /**
  159. * error exists, have user correct them.
  160. */
  161. if( $form->num_errors > 0 ) {
  162. return 1;
  163. } else {
  164. $this->_add_general_settings($site_name, $site_tagline, $default_lang, $site_email, $table_prefix,$clean_url);
  165. return 0;
  166. }
  167. }
  168. public function _map_info($map_provider, $map_api_key, $table_prefix)
  169. {
  170. global $form;
  171. //check for empty fields
  172. if(!$map_api_key || strlen($map_api_key = trim($map_api_key)) == 0 ){
  173. $form->set_error("map_provider_api_key", "Please make sure to " .
  174. "enter an<strong> api key</strong> for your map provider.");
  175. } else {
  176. $map_api_key = stripslashes($map_api_key);
  177. }
  178. /**
  179. * error exists, have user correct them.
  180. */
  181. if( $form->num_errors > 0 ) {
  182. return 1;
  183. } else {
  184. $this->_add_map_info($map_provider, $map_api_key, $table_prefix );
  185. return 0;
  186. }
  187. }
  188. public function _mail_server($alert_email, $mail_username,$mail_password,
  189. $mail_port,$mail_host,$mail_type,$mail_ssl,$table_prefix){
  190. global $form;
  191. //check for empty fields
  192. if(!$alert_email || strlen($alert_email = trim($alert_email)) == 0 ){
  193. $form->set_error("site_alert_email", "Please make sure to " .
  194. "enter a <strong>site alert email address</strong>.");
  195. }
  196. if( !$mail_username || strlen($mail_username = trim($mail_username)) == 0 ){
  197. $form->set_error("mail_server_username","Please enter the <strong>user name</strong> of your mail server." );
  198. }
  199. if( !$mail_password || strlen($mail_password = trim($mail_password)) == 0 ){
  200. $form->set_error("mail_server_pwd","Please enter the <strong>password</strong> for your email account.");
  201. }
  202. if(!$mail_port|| strlen($mail_port = trim($mail_port)) == 0 ){
  203. $form->set_error("mail_server_port", "Please make sure to " .
  204. "enter the <strong>port</strong> for your mail server.");
  205. }
  206. if(!$mail_host|| strlen($mail_host = trim($mail_host)) == 0 ){
  207. $form->set_error("mail_server_host", "Please make sure to " .
  208. "enter the <strong>host</strong> of the mail server.");
  209. }
  210. /**
  211. * error exists, have user correct them.
  212. */
  213. if( $form->num_errors > 0 ) {
  214. return 1;
  215. } else {
  216. $this->_add_mail_server_info( $alert_email, $mail_username,$mail_password,
  217. $mail_port,$mail_host,$mail_type,$mail_ssl,$table_prefix );
  218. return 0;
  219. }
  220. }
  221. /**
  222. * gets the URL
  223. */
  224. private function _get_url()
  225. {
  226. global $_SERVER;
  227. if ($_SERVER["SERVER_PORT"] != "80" && $_SERVER["SERVER_PORT"] != "443") {
  228. $url = $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
  229. } else {
  230. $url = $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
  231. }
  232. $url = substr($url,0,stripos($url,'/installer/'));
  233. if(isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') return "https://{$url}";
  234. return "http://{$url}";
  235. }
  236. /**
  237. * adds the database details to the config/database.php file.
  238. */
  239. private function _add_db_details( $username, $password, $host,
  240. $select_db_type, $db_name, $table_prefix )
  241. {
  242. // echo "$username, $password, $host,
  243. // $select_db_type, $db_name, $table_prefix";
  244. $database_file = @file('../application/config/database.template.php');
  245. $handle = @fopen('../application/config/database.php', 'w');
  246. foreach( $database_file as $line_number => $line )
  247. {
  248. switch( trim(substr( $line,0,14 )) ) {
  249. case "'type' =":
  250. fwrite($handle, str_replace("'mysql'","'".
  251. $select_db_type."'",$line ));
  252. break;
  253. case "'user' =":
  254. fwrite($handle, str_replace("'username'","'".
  255. $username."'",$line ));
  256. break;
  257. case "'pass' =":
  258. fwrite($handle, str_replace("'password'","'".
  259. $password."'",$line));
  260. break;
  261. case "'host' =":
  262. fwrite($handle, str_replace("'localhost'","'".
  263. $host."'",$line));
  264. break;
  265. case "'database' =":
  266. fwrite($handle, str_replace("'db'","'".
  267. $db_name."'",$line));
  268. break;
  269. case "'table_prefix":
  270. fwrite($handle, str_replace("''","'".
  271. ($table_prefix ? $table_prefix."_'" : "'"),$line));
  272. break;
  273. default:
  274. fwrite($handle, $line);
  275. }
  276. }
  277. fclose($handle);
  278. //for security reasons change permission on the file to 666
  279. chmod('../application/config/database.php',0666);
  280. }
  281. /**
  282. * adds the site_name to the application/config/config.php file
  283. */
  284. private function _add_config_details( $base_path )
  285. {
  286. $config_file = @file('../application/config/config.template.php');
  287. $handle = @fopen('../application/config/config.php', 'w');
  288. foreach( $config_file as $line_number => $line )
  289. {
  290. if( !empty( $base_path ) )
  291. {
  292. switch( trim(substr( $line,0,23 )) ) {
  293. case "\$config['site_domain']":
  294. fwrite($handle, str_replace("/","/".
  295. $base_path."/",$line ));
  296. break;
  297. default:
  298. fwrite($handle, $line);
  299. }
  300. }else {
  301. fwrite($handle, $line);
  302. }
  303. }
  304. }
  305. /**
  306. * Removes index.php from index page variable in application/config.config.php file
  307. */
  308. private function _remove_index_page($yes_or_no) {
  309. $config_file = @file('../application/config/config.php');
  310. $handle = @fopen('../application/config/config.php', 'w');
  311. if(is_array($config_file) ) {
  312. foreach( $config_file as $line_number => $line )
  313. {
  314. if( $yes_or_no == 1 ) {
  315. if( strpos(" ".$line,"\$config['index_page'] = 'index.php';") != 0 ) {
  316. fwrite($handle, str_replace("index.php","",$line ));
  317. } else {
  318. fwrite($handle, $line);
  319. }
  320. } else {
  321. if( strpos(" ".$line,"\$config['index_page'] = '';") != 0 ) {
  322. fwrite($handle, str_replace("''","'index.php'",$line ));
  323. } else {
  324. fwrite($handle, $line);
  325. }
  326. }
  327. }
  328. }
  329. }
  330. /**
  331. * Adds the right RewriteBase entry to the .htaccess file.
  332. *
  333. * @param base_path - the base path.
  334. */
  335. private function _add_htaccess_entry($base_path) {
  336. $htaccess_file = @file('../.htaccess');
  337. $handle = @fopen('../.htaccess','w');
  338. if( is_array( $htaccess_file ) ) {
  339. foreach($htaccess_file as $line_number => $line ) {
  340. if( !empty($base_path) && $base_path != "/" ) {
  341. if( strpos(" ".$line,"RewriteBase /") != 0 ) {
  342. fwrite($handle, str_replace("/","/".$base_path,$line));
  343. } else {
  344. fwrite($handle,$line);
  345. }
  346. } else {
  347. fwrite($handle,$line);
  348. }
  349. }
  350. }
  351. }
  352. /**
  353. * Imports sql file to the database.
  354. */
  355. private function _import_sql($username, $password, $host, $db_name, $table_prefix = NULL)
  356. {
  357. $connection = @mysql_connect("$host", "$username", "$password");
  358. $db_schema = @file_get_contents('../sql/ushahidi.sql');
  359. // If a table prefix is specified, add it to sql
  360. if ($table_prefix) {
  361. $find = array(
  362. 'CREATE TABLE IF NOT EXISTS `',
  363. 'INSERT INTO `',
  364. 'ALTER TABLE `',
  365. 'UPDATE `',
  366. 'DELETE FROM `'
  367. );
  368. $replace = array(
  369. 'CREATE TABLE IF NOT EXISTS `'.$table_prefix.'_',
  370. 'INSERT INTO `'.$table_prefix.'_',
  371. 'ALTER TABLE `'.$table_prefix.'_',
  372. 'UPDATE `'.$table_prefix.'_',
  373. 'DELETE FROM `'.$table_prefix.'_'
  374. );
  375. $db_schema = str_replace($find, $replace, $db_schema);
  376. }
  377. // Use todays date as the date for the first incident in the system
  378. $db_schema = str_replace('2010-01-01 12:00:00',
  379. date("Y-m-d H:i:s",time()), $db_schema);
  380. $result = @mysql_query('CREATE DATABASE '.$db_name);
  381. // select newly created db
  382. @mysql_select_db($db_name,$connection);
  383. /**
  384. * split by ; to get the sql statement for creating individual
  385. * tables.
  386. */
  387. $tables = explode(';',$db_schema);
  388. foreach($tables as $query) {
  389. $result = @mysql_query($query,$connection);
  390. }
  391. @mysql_close( $connection );
  392. }
  393. /**
  394. * Adds general settings detail to the db.
  395. * @param site_name - site name.
  396. * @param site_tagline - site name.
  397. * @param defaul_lang - default language.
  398. * @param site_email - site email.
  399. */
  400. private function _add_general_settings($site_name, $site_tagline, $default_lang, $site_email, $table_prefix = NULL,$clean_url) {
  401. $table_prefix = ($table_prefix) ? $table_prefix.'_' : "";
  402. $connection = @mysql_connect($_SESSION['host'],$_SESSION['username'], $_SESSION['password']);
  403. @mysql_select_db($_SESSION['db_name'],$connection);
  404. @mysql_query('UPDATE `'.$table_prefix.'settings` SET `site_name` = \''.mysql_escape_string($site_name).
  405. '\', site_tagline = \''.mysql_escape_string($site_tagline).'\', site_language= \''.mysql_escape_string($default_lang).'\' , site_email= \''.mysql_escape_string($site_email).'\' ');
  406. @mysql_close($connection);
  407. // Enable / disable clean url
  408. $this->_remove_index_page($clean_url);
  409. }
  410. /**
  411. * Adds google map api key to the settings table.
  412. * @param map_provider - map provider.
  413. * @param map_api_key - map api key
  414. */
  415. private function _add_map_info($map_provider, $map_api_key, $table_prefix = NULL ){
  416. $table_prefix = ($table_prefix) ? $table_prefix.'_' : "";
  417. //TODO modularize the db connection part.
  418. $connection = @mysql_connect($_SESSION['host'],$_SESSION['username'], $_SESSION['password']);
  419. @mysql_select_db($_SESSION['db_name'],$connection);
  420. @mysql_query('UPDATE `'.$table_prefix.'settings` SET `default_map` = \''.mysql_escape_string($map_provider).
  421. '\', api_google = \''.mysql_escape_string($map_api_key).'\' ');
  422. @mysql_close($connection);
  423. }
  424. /**
  425. * Adds mail server details to the settings table.
  426. *
  427. */
  428. private function _add_mail_server_info( $alert_email, $mail_username,$mail_password,
  429. $mail_port,$mail_host,$mail_type,$mail_ssl, $table_prefix = NULL ) {
  430. $table_prefix = ($table_prefix) ? $table_prefix.'_' : "";
  431. $connection = @mysql_connect($_SESSION['host'],$_SESSION['username'], $_SESSION['password']);
  432. @mysql_select_db($_SESSION['db_name'],$connection);
  433. @mysql_query('UPDATE `'.$table_prefix.'settings` SET `alerts_email` = \''.mysql_escape_string($alert_email).
  434. '\', `email_username` = \''.mysql_escape_string($mail_username).'\' , `email_password` = \''.mysql_escape_string($mail_password).'\'' .
  435. ', `email_port` = \''.mysql_escape_string($mail_port).'\' , `email_host` = \''.mysql_escape_string($mail_host).'\' ' .
  436. ', `email_servertype` = \''.mysql_escape_string($mail_type).'\' , `email_ssl` = \''.mysql_escape_string($mail_ssl).'\' ');
  437. @mysql_close($connection);
  438. }
  439. /**
  440. * check if we can make connection to the db server with the credentials
  441. * given.
  442. */
  443. private function _make_connection($username, $password, $host)
  444. {
  445. $connection = @mysql_connect("$host", "$username", "$password");
  446. if( $connection ) {
  447. @mysql_close( $connection );
  448. return TRUE;
  449. }else {
  450. @mysql_close( $connection );
  451. return FALSE;
  452. }
  453. }
  454. /**
  455. * Set up stat tracking
  456. */
  457. private function _configure_stats($sitename, $url, $host, $username, $password, $db_name, $table_prefix = NULL)
  458. {
  459. $table_prefix = ($table_prefix) ? $table_prefix.'_' : "";
  460. $stat_url = 'http://tracker.ushahidi.com/px.php?task=cs&sitename='.urlencode($sitename).'&url='.urlencode($url);
  461. $xml = simplexml_load_string($this->_curl_req($stat_url));
  462. $stat_id = (string)$xml->id[0];
  463. $stat_key = (string)$xml->key[0];
  464. if($stat_id > 0){
  465. $connection = @mysql_connect("$host", "$username", "$password");
  466. @mysql_select_db($db_name,$connection);
  467. @mysql_query('UPDATE `'.$table_prefix.'settings` SET `stat_id` = \''.mysql_escape_string($stat_id).'\', `stat_key` = \''.mysql_escape_string($stat_key).'\' WHERE `id` =1 LIMIT 1;');
  468. @mysql_close($connection);
  469. return $stat_id;
  470. }
  471. return false;
  472. }
  473. /**
  474. * Change permissions on the cache, logs, and upload folders.
  475. */
  476. private function _chmod_folders()
  477. {
  478. @chmod('../application/cache',0777);
  479. @chmod('../application/logs',0777);
  480. @chmod('../media/uploads',0777);
  481. }
  482. /**
  483. * check if ushahidi has been installed.
  484. */
  485. public function is_ushahidi_installed()
  486. {
  487. /**
  488. * Check if config file exists.
  489. */
  490. $is_installed = true;
  491. if( file_exists('../application/config/database.php') )
  492. {
  493. $database_file = file('../application/config/database.php');
  494. if( preg_match( "/username/",$database_file[22] ) &&
  495. preg_match( "/password/",$database_file[23] ) ){
  496. $is_installed = false;
  497. }
  498. } else {
  499. $is_installed = false;
  500. }
  501. return $is_installed;
  502. }
  503. /**
  504. * Helper function to send a cURL request
  505. * @param url - URL for cURL to hit
  506. */
  507. public function _curl_req( $url )
  508. {
  509. // Make sure cURL is installed
  510. if (!function_exists('curl_exec')) {
  511. return false;
  512. }
  513. $curl_handle = curl_init();
  514. curl_setopt($curl_handle,CURLOPT_URL,$url);
  515. curl_setopt($curl_handle,CURLOPT_CONNECTTIMEOUT,15); // Timeout set to 15 seconds. This is somewhat arbitrary and can be changed.
  516. curl_setopt($curl_handle,CURLOPT_RETURNTRANSFER,1); //Set curl to store data in variable instead of print
  517. $buffer = curl_exec($curl_handle);
  518. curl_close($curl_handle);
  519. return $buffer;
  520. }
  521. /**
  522. * Check if relevant directories are writable.
  523. */
  524. public function _check_writable_dir() {
  525. global $form;
  526. if( !is_writable('../.htaccess')) {
  527. $form->set_error('htaccess_perm',
  528. "<strong>Oops!</strong> Ushahidi is unable to write to your <code>.htaccess</code> file. " .
  529. "Please change the permissions of that file to allow write access (777). ");
  530. }
  531. if( !is_writable('../application/config')) {
  532. $form->set_error('config_folder_perm',
  533. "<strong>Oops!</strong> Ushahidi needs the <code>application/config</code> folder to be writable. ".
  534. "Please change the permissions of that folder to allow write access (777). ");
  535. }
  536. if( !is_writable('../application/config/config.php')) {
  537. $form->set_error('config_file_perm',
  538. "<strong>Oops!</strong> Ushahidi is unable to write to <code>application/config/config.php</code> file. " .
  539. "Please change the permissions of that file to allow write access (777). ");
  540. }
  541. if( !is_writable('../application/cache')) {
  542. $form->set_error('cache_perm',
  543. "<strong>Oops!</strong> Ushahidi needs <code>application/cache</code> folder to be writable. ".
  544. "Please change the permissions of that folder to allow write access (777). ");
  545. }
  546. if( !is_writable('../application/logs')) {
  547. $form->set_error('logs_perm',
  548. "<strong>Oops!</strong> Ushahidi needs <code>application/logs</code> folder to be writable. " .
  549. "Please change the permissions of that folder to allow write access (777). ");
  550. }
  551. if( !is_writable('../media/uploads')) {
  552. $form->set_error('uploads_perm',
  553. "<strong>Oops!</strong> Ushahidi needs <code>media/uploads</code> folder to be writable. " .
  554. "Please change the permissions of that folder to allow write access (777). ");
  555. }
  556. /**
  557. * error exists, have user correct them.
  558. */
  559. if( $form->num_errors > 0 ) {
  560. return 1;
  561. } else {
  562. return 0;
  563. }
  564. }
  565. /**
  566. * Check if required PHP libraries are installed. Basic Mode.
  567. */
  568. public function _check_modules() {
  569. global $form, $modules;
  570. if( ! $modules->isLoaded('curl')
  571. OR ! $modules->isLoaded('pcre')
  572. OR ! $modules->isLoaded('iconv')
  573. OR ! $modules->isLoaded('mcrypt')
  574. OR ! $modules->isLoaded('SPL')
  575. OR ! $modules->isLoaded('mysql')
  576. ) {
  577. $form->set_error('modules',
  578. "<strong>Oops!</strong> Send an email to your system administrator or web host saying: \"I'm installing an application which requires
  579. <a href=\"http://php.net/curl\" target=\"_blank\">cURL</a>,
  580. <a href=\"http://php.net/pcre\" target=\"_blank\">PCRE</a>,
  581. <a href=\"http://php.net/iconv\" target=\"_blank\">iconv</a>,
  582. <a href=\"http://php.net/mcrypt\" target=\"_blank\">mcrypt</a>,
  583. <a href=\"http://php.net/spl\" target=\"_blank\">SPL</a> and
  584. <a href=\"http://php.net/mysql\" target=\"_blank\">MySQL</a>.
  585. Can you ensure that these PHP libraries are installed?\"");
  586. }
  587. /**
  588. * error exists, have user correct them.
  589. */
  590. if( $form->num_errors > 0 ) {
  591. return 1;
  592. } else {
  593. return 0;
  594. }
  595. }
  596. /**
  597. * Check if required PHP libraries are installed. Advanced Mode.
  598. */
  599. public function _check_modules_advanced() {
  600. global $form, $modules;
  601. if( ! $modules->isLoaded('curl')) {
  602. $form->set_error('curl',
  603. "<strong>Oops!</strong> Ushahidi needs <a href=\"http://php.net/curl\" target=\"_blank\">cURL</a> for getting or sending files using the URL syntax. ");
  604. }
  605. if( ! $modules->isLoaded('pcre')) {
  606. $form->set_error('pcre',
  607. "<strong>Oops!</strong> Ushahidi needs <a href=\"http://php.net/pcre\" target=\"_blank\">PCRE</a> compiled with <code>â&#x20AC;&#x201C;enable-utf8</code> and <code>â&#x20AC;&#x201C;enable-unicode-properties</code> for UTF-8 functions to work properly. ");
  608. }
  609. if( ! $modules->isLoaded('iconv')) {
  610. $form->set_error('iconv',
  611. "<strong>Oops!</strong> Ushahidi needs <a href=\"http://php.net/iconv\" target=\"_blank\">iconv</a> for UTF-8 transliteration. ");
  612. }
  613. if( ! $modules->isLoaded('mcrypt')) {
  614. $form->set_error('mcrypt',
  615. "<strong>Oops!</strong> Ushahidi needs <a href=\"http://php.net/mcrypt\" target=\"_blank\">mcrypt</a> for encryption. ");
  616. }
  617. if( ! $modules->isLoaded('SPL')) {
  618. $form->set_error('spl',
  619. "<strong>Oops!</strong> Ushahidi needs <a href=\"http://php.net/spl\" target=\"_blank\">SPL</a> for several core libraries. ");
  620. }
  621. if ( ! $modules->isLoaded('mysql')) {
  622. $form->set_error('mysql',
  623. "<strong>Oops!</strong> Ushahidi needs <a href=\"http://php.net/mysql\" target=\"_blank\">MySQL</a> for database access. ");
  624. }
  625. /**
  626. * error exists, have user correct them.
  627. */
  628. if( $form->num_errors > 0 ) {
  629. return 1;
  630. } else {
  631. return 0;
  632. }
  633. }
  634. /**
  635. * Adds header details to the installer html pages.
  636. */
  637. public function _include_html_header() {
  638. /*TODO make title tag configurable*/
  639. $header = <<<HTML
  640. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  641. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  642. <html xmlns="http://www.w3.org/1999/xhtml">
  643. <head>
  644. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
  645. <title>Database Connections / Ushahidi Web Installer</title>
  646. <link href="../media/css/installer.css" rel="stylesheet" type="text/css" />
  647. </head>
  648. <script src="../media/js/jquery.js" type="text/javascript" charset="utf-8"></script>
  649. <script src="../media/js/login.js" type="text/javascript" charset="utf-8"></script>
  650. </head>
  651. HTML;
  652. return $header;
  653. }
  654. /**
  655. * Gets the current directory ushahidi is installed in.
  656. */
  657. public function _get_base_path($request_uri) {
  658. return substr( substr($request_uri,0,stripos($request_uri,'/installer/')) ,1);
  659. }
  660. /**
  661. * Check if clean url can be enabled on the server so
  662. * Ushahidi can emit clean URLs
  663. *
  664. * @return boolean
  665. */
  666. function _check_for_clean_url() {
  667. $url = $this->_get_url()."/installer/mod_rewrite/";
  668. $curl_handle = curl_init();
  669. curl_setopt($curl_handle, CURLOPT_URL, $url);
  670. curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, true );
  671. curl_exec($curl_handle);
  672. $return_code = curl_getinfo($curl_handle,CURLINFO_HTTP_CODE);
  673. curl_close($curl_handle);
  674. if( $return_code == 404 OR $return_code == 403 ) {
  675. return FALSE;
  676. } else {
  677. return TRUE;
  678. }
  679. }
  680. /**
  681. * Validate password information
  682. */
  683. function _password_info($password,$password_confirm,$table_prefix = NULL)
  684. {
  685. global $form;
  686. // Check for empty password fields
  687. // Password field is empty
  688. if ( !$password || strlen($password = trim($password)) == 0)
  689. {
  690. $form->set_error('password',"You must enter a password.");
  691. }
  692. // Password confirmation field is empty
  693. if (( !$password_confirm || strlen($password_confirm = trim($password_confirm)) == 0) && !empty($password))
  694. {
  695. $form->set_error('confirm',"You must enter the password confirmation.");
  696. }
  697. // Passwords don't match
  698. if (((!empty($password) && !empty($password_confirm)) && ($password != $password_confirm)) || (empty($password) && !empty($password_confirm)))
  699. {
  700. $form->set_error('match',"Your passwords don't match.");
  701. }
  702. // Password length issues
  703. if (strlen($password) < 8 || strlen($password) > 255)
  704. {
  705. $form->set_error('length',"Your password should not be less than 8 characters long or more than 255 characters long.");
  706. }
  707. // Password invalid
  708. if( !($this->password_rule($password)))
  709. {
  710. $form->set_error('invalid',"Your password should have aplhabetical characters, the # and @symbol, numbers, dashes and underscores only.");
  711. }
  712. if ( $form->num_errors > 0)
  713. {
  714. return 1;
  715. }
  716. else
  717. {
  718. $this->_add_password_info($password);
  719. return 0;
  720. }
  721. }
  722. /**
  723. * Add the hashed password to the users table
  724. *
  725. * @param string password to be encrypted
  726. */
  727. function _add_password_info($password)
  728. {
  729. // Encrypt the password
  730. $admin_pass = $this->hash_password($password);
  731. $table_prefix = ($table_prefix) ? $table_prefix.'_' : "";
  732. $connection = @mysql_connect($_SESSION['host'],$_SESSION['username'], $_SESSION['password']);
  733. @mysql_select_db($_SESSION['db_name'],$connection);
  734. @mysql_query('UPDATE `'.$table_prefix.'users` SET `password` = \''.mysql_escape_string($admin_pass).
  735. '\' WHERE `id` =1 LIMIT 1;');
  736. @mysql_close($connection);
  737. }
  738. /**
  739. * Creates a hashed password from a plaintext password, inserting salt
  740. * based on the configured salt pattern.
  741. *
  742. * @param string plaintext password
  743. * @return string hashed password string
  744. */
  745. public function hash_password($password, $salt = FALSE)
  746. {
  747. $salt_pattern = array(3, 5, 6, 10, 24, 26, 35, 36, 37, 40);
  748. //array(1, 3, 5, 9, 14, 15, 20, 21, 28, 30);
  749. if ($salt === FALSE)
  750. {
  751. // Create a salt seed, same length as the number of offsets in the pattern
  752. $salt = substr($this->hash(uniqid(NULL, TRUE)), 0, count($salt_pattern));
  753. }
  754. // Password hash that the salt will be inserted into
  755. $hash = $this->hash($salt.$password);
  756. // Change salt to an array
  757. $salt = str_split($salt, 1);
  758. // Returned password
  759. $password = '';
  760. // Used to calculate the length of splits
  761. $last_offset = 0;
  762. foreach ($salt_pattern as $offset)
  763. {
  764. // Split a new part of the hash off
  765. $part = substr($hash, 0, $offset - $last_offset);
  766. // Cut the current part out of the hash
  767. $hash = substr($hash, $offset - $last_offset);
  768. // Add the part to the password, appending the salt character
  769. $password .= $part.array_shift($salt);
  770. // Set the last offset to the current offset
  771. $last_offset = $offset;
  772. }
  773. // Return the password, with the remaining hash appended
  774. return $password.$hash;
  775. }
  776. /**
  777. * Perform a hash, using the configured method.
  778. *
  779. * @param string string to hash
  780. * @return string
  781. */
  782. public function hash($str)
  783. {
  784. return hash('sha1', $str);
  785. }
  786. /**
  787. * Check that password contains alphabetical letters, numbers, the # and @ symbol, hashes and underscores only
  788. *
  789. * @param string string that needs checking
  790. * @return boolean
  791. */
  792. public function password_rule($password, $utf8 = FALSE)
  793. {
  794. return ($utf8 === TRUE)
  795. ? (bool) preg_match('/^[-\pL\pN#@_]++$/uD', (string) $password)
  796. : (bool) preg_match('/^[-a-z0-9#@_]++$/iD', (string) $password);
  797. }
  798. }
  799. $install = new Install();
  800. $form = new Form();
  801. $modules = new Modulecheck();
  802. ?>