PageRenderTime 47ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 1ms

/wp-content/plugins/duplicator/installer/build/ajax.step2.php

https://gitlab.com/sokeara/Tribal_Education
PHP | 279 lines | 255 code | 13 blank | 11 comment | 9 complexity | d8a9c3deccb0094e716bbc1f406622cc MD5 | raw file
    

  1. <?php
    2. 

  2. // Exit if accessed directly
    3. 

  3. if (! defined('DUPLICATOR_INIT')) {
    4. 

  4. 	$_baseURL = "http://" . strlen($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'];
    5. 

  5. 	header("HTTP/1.1 301 Moved Permanently");
    6. 

  6. 	header("Location: $_baseURL");
    7. 

  7. 	exit; 
    8. 

  8. }
    9. 

  9. 

  10. /* JSON RESPONSE: Most sites have warnings turned off by default, but if they're turned on the warnings
    11. 

  11. cause errors in the JSON data Here we hide the status so warning level is reset at it at the end*/
    12. 

  12. $ajax2_error_level = error_reporting();
    13. 

  13. error_reporting(E_ERROR);
    14. 

  14. 

  15. //====================================================================================================
    16. 

  16. //DATABASE UPDATES
    17. 

  17. //====================================================================================================
    18. 

  18. 

  19. $ajax2_start = DUPX_Util::get_microtime();
    20. 

  20. 

  21. //MYSQL CONNECTION
    22. 

  22. $dbh = DUPX_Util::db_connect($_POST['dbhost'], $_POST['dbuser'], html_entity_decode($_POST['dbpass']), $_POST['dbname'], $_POST['dbport']);
    23. 

  23. $charset_server = @mysqli_character_set_name($dbh);
    24. 

  24. @mysqli_query($dbh, "SET wait_timeout = {$GLOBALS['DB_MAX_TIME']}");
    25. 

  25. DUPX_Util::mysql_set_charset($dbh, $_POST['dbcharset'], $_POST['dbcollate']);
    26. 

  26. 

  27. //POST PARAMS
    28. 

  28. $_POST['blogname'] = mysqli_real_escape_string($dbh, $_POST['blogname']);
    29. 

  29. $_POST['postguid'] = isset($_POST['postguid']) && $_POST['postguid'] == 1 ? 1 : 0;
    30. 

  30. $_POST['fullsearch'] = isset($_POST['fullsearch']) && $_POST['fullsearch'] == 1 ? 1 : 0;
    31. 

  31. $_POST['path_old'] = isset($_POST['path_old']) ? trim($_POST['path_old']) : null;
    32. 

  32. $_POST['path_new'] = isset($_POST['path_new']) ? trim($_POST['path_new']) : null;
    33. 

  33. $_POST['siteurl'] = isset($_POST['siteurl']) ? rtrim(trim($_POST['siteurl']), '/') : null;
    34. 

  34. $_POST['tables'] = isset($_POST['tables']) && is_array($_POST['tables']) ? array_map('stripcslashes', $_POST['tables']) : array();
    35. 

  35. $_POST['url_old'] = isset($_POST['url_old']) ? trim($_POST['url_old']) : null;
    36. 

  36. $_POST['url_new'] = isset($_POST['url_new']) ? rtrim(trim($_POST['url_new']), '/') : null;
    37. 

  37. 

  38. //LOGGING
    39. 

  39. $POST_LOG = $_POST;
    40. 

  40. unset($POST_LOG['tables']);
    41. 

  41. unset($POST_LOG['plugins']);
    42. 

  42. unset($POST_LOG['dbpass']);
    43. 

  43. ksort($POST_LOG);
    44. 

  44. 

  45. $date = @date('h:i:s');
    46. 

  46. $charset_client = @mysqli_character_set_name($dbh);
    47. 

  47. 

  48. $log = <<<LOG
    49. 

  49. \n\n
    50. 

  50. ********************************************************************************
    51. 

  51. DUPLICATOR INSTALL-LOG
    52. 

  52. STEP2 START @ {$date}
    53. 

  53. NOTICE: Do not post to public sites or forums
    54. 

  54. ********************************************************************************
    55. 

  55. CHARSET SERVER:\t{$charset_server}
    56. 

  56. CHARSET CLIENT:\t {$charset_client} \n
    57. 

  57. LOG;
    58. 

  58. DUPX_Log::Info($log);
    59. 

  59. 

  60. //Detailed logging
    61. 

  61. $log  = "--------------------------------------\n";
    62. 

  62. $log .= "POST DATA\n";
    63. 

  63. $log .= "--------------------------------------\n";
    64. 

  64. $log .= print_r($POST_LOG, true);		
    65. 

  65. $log .= "--------------------------------------\n";
    66. 

  66. $log .= "SCANNED TABLES\n";
    67. 

  67. $log .= "--------------------------------------\n";
    68. 

  68. $log .= (isset($_POST['tables']) && count($_POST['tables'] > 0)) 
    69. 

  69. 		? print_r($_POST['tables'], true) 
    70. 

  70. 		: 'No tables selected to update';
    71. 

  71. $log .= "--------------------------------------\n";
    72. 

  72. $log .= "KEEP PLUGINS ACTIVE\n";
    73. 

  73. $log .= "--------------------------------------\n";
    74. 

  74. $log .= (isset($_POST['plugins']) && count($_POST['plugins'] > 0)) 
    75. 

  75. 		? print_r($_POST['plugins'], true) 
    76. 

  76. 		: 'No plugins selected for activation';
    77. 

  77. DUPX_Log::Info($log, 2);
    78. 

  78. 

  79. //UPDATE SETTINGS
    80. 

  80. $serial_plugin_list = (isset($_POST['plugins']) && count($_POST['plugins'] > 0)) ? @serialize($_POST['plugins']) : '';
    81. 

  81. mysqli_query($dbh, "UPDATE `{$GLOBALS['FW_TABLEPREFIX']}options` SET option_value = '{$_POST['blogname']}' WHERE option_name = 'blogname' ");
    82. 

  82. mysqli_query($dbh, "UPDATE `{$GLOBALS['FW_TABLEPREFIX']}options` SET option_value = '{$serial_plugin_list}'  WHERE option_name = 'active_plugins' ");
    83. 

  83. 

  84. $log  = "--------------------------------------\n";
    85. 

  85. $log .= "SERIALIZER ENGINE\n";
    86. 

  86. $log .= "[*] scan every column\n";
    87. 

  87. $log .= "[~] scan only text columns\n";
    88. 

  88. $log .= "[^] no searchable columns\n";
    89. 

  89. $log .= "--------------------------------------";
    90. 

  90. DUPX_Log::Info($log);
    91. 

  91. 

  92. $url_old_json = str_replace('"', "", json_encode($_POST['url_old']));
    93. 

  93. $url_new_json = str_replace('"', "", json_encode($_POST['url_new']));
    94. 

  94. $path_old_json = str_replace('"', "", json_encode($_POST['path_old']));
    95. 

  95. $path_new_json = str_replace('"', "", json_encode($_POST['path_new']));
    96. 

  96. 

  97. array_push($GLOBALS['REPLACE_LIST'], 
    98. 

  98. 		array('search' => $_POST['url_old'],  'replace' => $_POST['url_new']), 
    99. 

  99. 		array('search' => $_POST['path_old'], 'replace' => $_POST['path_new']), 
    100. 

  100. 		array('search' => $url_old_json,	  'replace' => $url_new_json), 
    101. 

  101. 		array('search' => $path_old_json,	  'replace' => $path_new_json), 	
    102. 

  102. 		array('search' => urlencode($_POST['path_old']), 'replace' => urlencode($_POST['path_new'])), 
    103. 

  103. 		array('search' => urlencode($_POST['url_old']),  'replace' => urlencode($_POST['url_new'])),
    104. 

  104. 		array('search' => rtrim(DUPX_Util::unset_safe_path($_POST['path_old']), '\\'), 'replace' => rtrim($_POST['path_new'], '/'))
    105. 

  105. );
    106. 

  106. 

  107. //Remove trailing slashes
    108. 

  108. function _dupx_array_rtrim(&$value) {
    109. 

  109.     $value = rtrim($value, '\/');
    110. 

  110. }
    111. 

  111. array_walk_recursive($GLOBALS['REPLACE_LIST'], _dupx_array_rtrim);
    112. 

  112. 

  113. @mysqli_autocommit($dbh, false);
    114. 

  114. $report = DUPX_UpdateEngine::load($dbh, $GLOBALS['REPLACE_LIST'], $_POST['tables'], $_POST['fullsearch']);
    115. 

  115. @mysqli_commit($dbh);
    116. 

  116. @mysqli_autocommit($dbh, true);
    117. 

  117. 

  118. 

  119. //BUILD JSON RESPONSE
    120. 

  120. $JSON = array();
    121. 

  121. $JSON['step1'] = json_decode(urldecode($_POST['json']));
    122. 

  122. $JSON['step2'] = $report;
    123. 

  123. $JSON['step2']['warn_all'] = 0;
    124. 

  124. $JSON['step2']['warnlist'] = array();
    125. 

  125. 

  126. DUPX_UpdateEngine::log_stats($report);
    127. 

  127. DUPX_UpdateEngine::log_errors($report);
    128. 

  128. 

  129. //Reset the postguid data
    130. 

  130. if ($_POST['postguid']) {
    131. 

  131. 	mysqli_query($dbh, "UPDATE `{$GLOBALS['FW_TABLEPREFIX']}posts` SET guid = REPLACE(guid, '{$_POST['url_new']}', '{$_POST['url_old']}')");
    132. 

  132. 	$update_guid = @mysqli_affected_rows($dbh) or 0;
    133. 

  133. 	DUPX_Log::Info("Reverted '{$update_guid}' post guid columns back to '{$_POST['url_old']}'");
    134. 

  134. }
    135. 

  135. 

  136. /* FINAL UPDATES: Must happen after the global replace to prevent double pathing
    137. 

  137.   http://xyz.com/abc01 will become http://xyz.com/abc0101  with trailing data */
    138. 

  138. mysqli_query($dbh, "UPDATE `{$GLOBALS['FW_TABLEPREFIX']}options` SET option_value = '{$_POST['url_new']}'  WHERE option_name = 'home' ");
    139. 

  139. mysqli_query($dbh, "UPDATE `{$GLOBALS['FW_TABLEPREFIX']}options` SET option_value = '{$_POST['siteurl']}'  WHERE option_name = 'siteurl' ");
    140. 

  140. 

  141. 

  142. //====================================================================================================
    143. 

  143. //FINAL CLEANUP
    144. 

  144. //====================================================================================================
    145. 

  145. DUPX_Log::Info("\n********************************************************************************");
    146. 

  146. DUPX_Log::Info('START FINAL CLEANUP: ' . @date('h:i:s'));
    147. 

  147. DUPX_Log::Info("********************************************************************************");
    148. 

  148. 

  149. /*CREATE NEW USER LOGIC */
    150. 

  150. if (strlen($_POST['wp_username']) >= 4 && strlen($_POST['wp_password']) >= 6) {
    151. 

  151. 	
    152. 

  152. 	$newuser_check = mysqli_query($dbh, "SELECT COUNT(*) AS count FROM `{$GLOBALS['FW_TABLEPREFIX']}users` WHERE user_login = '{$_POST['wp_username']}' ");
    153. 

  153. 	$newuser_row   = mysqli_fetch_row($newuser_check);
    154. 

  154.     $newuser_count = is_null($newuser_row) ? 0 : $newuser_row[0];
    155. 

  155. 	
    156. 

  156. 	if ($newuser_count == 0) {
    157. 

  157. 	
    158. 

  158. 		$newuser_datetime =	@date("Y-m-d H:i:s");
    159. 

  159. 		$newuser_security = mysqli_real_escape_string($dbh, 'a:1:{s:13:"administrator";s:1:"1";}');
    160. 

  160. 

  161. 		$newuser_test1 = @mysqli_query($dbh, "INSERT INTO `{$GLOBALS['FW_TABLEPREFIX']}users` 
    162. 

  162. 			(`user_login`, `user_pass`, `user_nicename`, `user_email`, `user_registered`, `user_activation_key`, `user_status`, `display_name`) 
    163. 

  163. 			VALUES ('{$_POST['wp_username']}', MD5('{$_POST['wp_password']}'), '{$_POST['wp_username']}', '', '{$newuser_datetime}', '', '0', '{$_POST['wp_username']}')");
    164. 

    165. 

  165. 		$newuser_insert_id = mysqli_insert_id($dbh);
    166. 

  166. 

  167. 		$newuser_test2 = @mysqli_query($dbh, "INSERT INTO `{$GLOBALS['FW_TABLEPREFIX']}usermeta` 
    168. 

  168. 				(`user_id`, `meta_key`, `meta_value`) VALUES ('{$newuser_insert_id}', '{$GLOBALS['FW_TABLEPREFIX']}capabilities', '{$newuser_security}')");
    169. 

    170. 

  170. 		$newuser_test3 = @mysqli_query($dbh, "INSERT INTO `{$GLOBALS['FW_TABLEPREFIX']}usermeta` 
    171. 

  171. 				(`user_id`, `meta_key`, `meta_value`) VALUES ('{$newuser_insert_id}', '{$GLOBALS['FW_TABLEPREFIX']}user_level', '10')");
    172. 

  172. 				
    173. 

  173. 		//Misc Meta-Data Settings:
    174. 

  174. 		@mysqli_query($dbh, "INSERT INTO `{$GLOBALS['FW_TABLEPREFIX']}usermeta` (`user_id`, `meta_key`, `meta_value`) VALUES ('{$newuser_insert_id}', 'rich_editing', 'true')");
    175. 

  175. 		@mysqli_query($dbh, "INSERT INTO `{$GLOBALS['FW_TABLEPREFIX']}usermeta` (`user_id`, `meta_key`, `meta_value`) VALUES ('{$newuser_insert_id}', 'admin_color',  'fresh')");
    176. 

  176. 		@mysqli_query($dbh, "INSERT INTO `{$GLOBALS['FW_TABLEPREFIX']}usermeta` (`user_id`, `meta_key`, `meta_value`) VALUES ('{$newuser_insert_id}', 'nickname', '{$_POST['wp_username']}')");
    177. 

  177. 

  178. 		if ($newuser_test1 && $newuser_test2 && $newuser_test3) {
    179. 

  179. 			DUPX_Log::Info("NEW WP-ADMIN USER: New username '{$_POST['wp_username']}' was created successfully \n ");
    180. 

  180. 		} else {
    181. 

  181. 			$newuser_warnmsg = "NEW WP-ADMIN USER: Failed to create the user '{$_POST['wp_username']}' \n ";
    182. 

  182. 			$JSON['step2']['warnlist'][] = $newuser_warnmsg;
    183. 

  183. 			DUPX_Log::Info($newuser_warnmsg);
    184. 

  184. 		}			
    185. 

  185. 	} 
    186. 

  186. 	else {
    187. 

  187. 		$newuser_warnmsg = "NEW WP-ADMIN USER: Username '{$_POST['wp_username']}' already exists in the database.  Unable to create new account \n";
    188. 

  188. 		$JSON['step2']['warnlist'][] = $newuser_warnmsg;
    189. 

  189. 		DUPX_Log::Info($newuser_warnmsg);
    190. 

  190. 	}
    191. 

  191. }
    192. 

  192. 

  193. /*MU Updates*/
    194. 

  194. $mu_newDomain = parse_url($_POST['url_new']);
    195. 

  195. $mu_oldDomain = parse_url($_POST['url_old']);
    196. 

  196. $mu_newDomainHost = $mu_newDomain['host'];
    197. 

  197. $mu_oldDomainHost = $mu_oldDomain['host'];
    198. 

  198. $mu_newUrlPath = parse_url($_POST['url_new'], PHP_URL_PATH);
    199. 

  199. $mu_oldUrlPath = parse_url($_POST['url_old'], PHP_URL_PATH);
    200. 

  200. 

  201. $mu_updates = @mysqli_query($dbh, "UPDATE `{$GLOBALS['FW_TABLEPREFIX']}blogs` SET domain = '{$mu_newDomainHost}' WHERE domain = '{$mu_oldDomainHost}'");
    202. 

  202. if ($mu_updates) {
    203. 

  203. 	DUPX_Log::Info("Update MU table blogs: domain {$mu_newDomainHost} ");
    204. 

  204. } else {
    205. 

  205. 	DUPX_Log::Info("UPDATE `{$GLOBALS['FW_TABLEPREFIX']}blogs` SET domain = '{$mu_newDomainHost}' WHERE domain = '{$mu_oldDomainHost}'");
    206. 

  206. }
    207. 

  207. 

  208. /*UPDATE WP-CONFIG FILE */
    209. 

  209. $patterns = array("/('|\")WP_HOME.*?\)\s*;/", 
    210. 

  210. 				  "/('|\")WP_SITEURL.*?\)\s*;/",
    211. 

  211. 				  "/('|\")DOMAIN_CURRENT_SITE.*?\)\s*;/",
    212. 

  212. 				  "/('|\")PATH_CURRENT_SITE.*?\)\s*;/");						
    213. 

  213. $replace  = array("'WP_HOME', '{$_POST['url_new']}');",
    214. 

  214. 				  "'WP_SITEURL', '{$_POST['url_new']}');",
    215. 

  215. 				  "'DOMAIN_CURRENT_SITE', '{$mu_newDomainHost}');",
    216. 

  216. 				  "'PATH_CURRENT_SITE', '{$mu_newUrlPath}');");
    217. 

  217. $config_file = @file_get_contents('wp-config.php', true);
    218. 

  218. $config_file = preg_replace($patterns, $replace, $config_file);
    219. 

  219. file_put_contents('wp-config.php', $config_file);
    220. 

  220. 

  221. //Create Snapshots directory
    222. 

  222. if (!file_exists(DUPLICATOR_SSDIR_NAME)) {
    223. 

  223. 	mkdir(DUPLICATOR_SSDIR_NAME, 0755);
    224. 

  224. }
    225. 

  225. $fp = fopen(DUPLICATOR_SSDIR_NAME . '/index.php', 'w');
    226. 

  226. fclose($fp);
    227. 

  227. 

  228. 

  229. //===============================
    230. 

  230. //NOTICE TESTS
    231. 

  231. //===============================
    232. 

  232. DUPX_Log::Info("\n--------------------------------------");
    233. 

  233. DUPX_Log::Info("NOTICES");
    234. 

  234. DUPX_Log::Info("--------------------------------------");
    235. 

  235. $config_vars = array('WP_CONTENT_DIR', 'WP_CONTENT_URL', 'WPCACHEHOME', 'COOKIE_DOMAIN', 'WP_SITEURL', 'WP_HOME', 'WP_TEMP_DIR');
    236. 

  236. $config_found = DUPX_Util::string_has_value($config_vars, $config_file);
    237. 

  237. 

  238. //Files
    239. 

  239. if ($config_found) {
    240. 

  240. 	$msg = 'WP-CONFIG NOTICE: The wp-config.php has one or more of the following values set [' . implode(", ", $config_vars) . '].  Please validate these values are correct by opening the file and checking the values.';
    241. 

  241. 	$JSON['step2']['warnlist'][] = $msg;
    242. 

  242. 	DUPX_Log::Info($msg);
    243. 

  243. }
    244. 

  244. 

  245. //Database
    246. 

  246. $result = @mysqli_query($dbh, "SELECT option_value FROM `{$GLOBALS['FW_TABLEPREFIX']}options` WHERE option_name IN ('upload_url_path','upload_path')");
    247. 

  247. if ($result) {
    248. 

  248. 	while ($row = mysqli_fetch_row($result)) {
    249. 

  249. 		if (strlen($row[0])) {
    250. 

  250. 			$msg = "MEDIA SETTINGS NOTICE: The table '{$GLOBALS['FW_TABLEPREFIX']}options' has at least one the following values ['upload_url_path','upload_path'] set please validate settings. These settings can be changed in the wp-admin by going to Settings->Media area see 'Uploading Files'";
    251. 

  251. 			$JSON['step2']['warnlist'][] = $msg;
    252. 

  252. 			DUPX_Log::Info($msg);
    253. 

  253. 			break;
    254. 

  254. 		}
    255. 

  255. 	}
    256. 

  256. }
    257. 

  257. 

  258. if (empty($JSON['step2']['warnlist'])) {
    259. 

  259. 	DUPX_Log::Info("No Notices Found\n");
    260. 

  260. }
    261. 

  261. 

  262. $JSON['step2']['warn_all'] = empty($JSON['step2']['warnlist']) ? 0 : count($JSON['step2']['warnlist']);
    263. 

  263. 

  264. mysqli_close($dbh);
    265. 

  265. @unlink('database.sql');
    266. 

  266. 

  267. //CONFIG Setup
    268. 

  268. DUPX_ServerConfig::Setup();
    269. 

  269. 

  270. $ajax2_end = DUPX_Util::get_microtime();
    271. 

  271. $ajax2_sum = DUPX_Util::elapsed_time($ajax2_end, $ajax2_start);
    272. 

  272. DUPX_Log::Info("********************************************************************************");
    273. 

  273. DUPX_Log::Info('STEP 2 COMPLETE @ ' . @date('h:i:s') . " - TOTAL RUNTIME: {$ajax2_sum}");
    274. 

  274. DUPX_Log::Info("********************************************************************************");
    275. 

  275. 

  276. $JSON['step2']['pass'] = 1;
    277. 

  277. error_reporting($ajax2_error_level);
    278. 

  278. die(json_encode($JSON));
    279. 

  279. ?>
    280.