PageRenderTime 46ms CodeModel.GetById 16ms RepoModel.GetById 1ms app.codeStats 0ms

/install/index.php

https://github.com/jinbo51/DiscuzX
PHP | 484 lines | 426 code | 52 blank | 6 comment | 100 complexity | b86bd7baca3971486618146f1588c8df MD5 | raw file
Possible License(s): BSD-3-Clause
  1. <?php
  2. /**
  3. * [Discuz!] (C)2001-2099 Comsenz Inc.
  4. * This is NOT a freeware, use is subject to license terms
  5. *
  6. * $Id: index.php 22348 2011-05-04 01:16:02Z monkey $
  7. */
  8. error_reporting(E_ERROR | E_WARNING | E_PARSE);
  9. @set_time_limit(1000);
  10. @set_magic_quotes_runtime(0);
  11. define('IN_DISCUZ', TRUE);
  12. define('IN_COMSENZ', TRUE);
  13. define('ROOT_PATH', dirname(__FILE__).'/../');
  14. require ROOT_PATH.'./source/discuz_version.php';
  15. require ROOT_PATH.'./install/include/install_var.php';
  16. require ROOT_PATH.'./install/include/install_mysql.php';
  17. require ROOT_PATH.'./install/include/install_function.php';
  18. require ROOT_PATH.'./install/include/install_lang.php';
  19. $view_off = getgpc('view_off');
  20. define('VIEW_OFF', $view_off ? TRUE : FALSE);
  21. $allow_method = array('show_license', 'env_check', 'app_reg', 'db_init', 'ext_info', 'install_check', 'tablepre_check');
  22. $step = intval(getgpc('step', 'R')) ? intval(getgpc('step', 'R')) : 0;
  23. $method = getgpc('method');
  24. if(empty($method) || !in_array($method, $allow_method)) {
  25. $method = isset($allow_method[$step]) ? $allow_method[$step] : '';
  26. }
  27. if(empty($method)) {
  28. show_msg('method_undefined', $method, 0);
  29. }
  30. if(file_exists($lockfile) && $method != 'ext_info') {
  31. show_msg('install_locked', '', 0);
  32. } elseif(!class_exists('dbstuff')) {
  33. show_msg('database_nonexistence', '', 0);
  34. }
  35. timezone_set();
  36. $uchidden = getgpc('uchidden');
  37. if(in_array($method, array('app_reg', 'ext_info'))) {
  38. $isHTTPS = ($_SERVER['HTTPS'] && strtolower($_SERVER['HTTPS']) != 'off') ? true : false;
  39. $PHP_SELF = $_SERVER['PHP_SELF'] ? $_SERVER['PHP_SELF'] : $_SERVER['SCRIPT_NAME'];
  40. $bbserver = 'http'.($isHTTPS ? 's' : '').'://'.preg_replace("/\:\d+/", '', $_SERVER['HTTP_HOST']).($_SERVER['SERVER_PORT'] && $_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443 ? ':'.$_SERVER['SERVER_PORT'] : '');
  41. $default_ucapi = $bbserver.'/ucenter';
  42. $default_appurl = $bbserver.substr($PHP_SELF, 0, strrpos($PHP_SELF, '/') - 8);
  43. }
  44. if($method == 'show_license') {
  45. transfer_ucinfo($_POST);
  46. show_license();
  47. } elseif($method == 'env_check') {
  48. VIEW_OFF && function_check($func_items);
  49. env_check($env_items);
  50. dirfile_check($dirfile_items);
  51. show_env_result($env_items, $dirfile_items, $func_items, $filesock_items);
  52. } elseif($method == 'app_reg') {
  53. @include ROOT_PATH.CONFIG;
  54. @include ROOT_PATH.CONFIG_UC;
  55. if(!defined('UC_API')) {
  56. define('UC_API', '');
  57. }
  58. if(getgpc('install_ucenter') == 'yes') {
  59. header("Location: index.php?step=3&install_ucenter=yes");
  60. die;
  61. }
  62. $submit = true;
  63. $error_msg = array();
  64. if(isset($form_app_reg_items) && is_array($form_app_reg_items)) {
  65. foreach($form_app_reg_items as $key => $items) {
  66. $$key = getgpc($key, 'p');
  67. if(!isset($$key) || !is_array($$key)) {
  68. $submit = false;
  69. break;
  70. }
  71. foreach($items as $k => $v) {
  72. $tmp = $$key;
  73. $$k = $tmp[$k];
  74. if(empty($$k) || !preg_match($v['reg'], $$k)) {
  75. if(empty($$k) && !$v['required']) {
  76. continue;
  77. }
  78. $submit = false;
  79. VIEW_OFF or $error_msg[$key][$k] = 1;
  80. }
  81. }
  82. }
  83. } else {
  84. $submit = false;
  85. }
  86. $ucapi = defined('UC_API') && UC_API ? UC_API : $default_ucapi;
  87. if($submit) {
  88. $app_type = 'DISCUZX'; // Only For Discuz!
  89. $app_name = $sitename ? $sitename : SOFT_NAME;
  90. $app_url = $siteurl ? $siteurl : $default_appurl;
  91. $ucapi = $ucurl ? $ucurl : (defined('UC_API') && UC_API ? UC_API : $default_ucapi);
  92. $ucip = isset($ucip) ? $ucip : '';
  93. $ucfounderpw = $ucpw;
  94. $app_tagtemplates = 'apptagtemplates[template]='.urlencode('<a href="{url}" target="_blank">{subject}</a>').'&'.
  95. 'apptagtemplates[fields][subject]='.urlencode($lang['tagtemplates_subject']).'&'.
  96. 'apptagtemplates[fields][uid]='.urlencode($lang['tagtemplates_uid']).'&'.
  97. 'apptagtemplates[fields][username]='.urlencode($lang['tagtemplates_username']).'&'.
  98. 'apptagtemplates[fields][dateline]='.urlencode($lang['tagtemplates_dateline']).'&'.
  99. 'apptagtemplates[fields][url]='.urlencode($lang['tagtemplates_url']);
  100. $ucapi = preg_replace("/\/$/", '', trim($ucapi));
  101. if(empty($ucapi) || !preg_match("/^(http:\/\/)/i", $ucapi)) {
  102. show_msg('uc_url_invalid', $ucapi, 0);
  103. } else {
  104. if(!$ucip) {
  105. $temp = @parse_url($ucapi);
  106. $ucip = gethostbyname($temp['host']);
  107. if(ip2long($ucip) == -1 || ip2long($ucip) === FALSE) {
  108. show_msg('uc_dns_error', $ucapi, 0);
  109. }
  110. }
  111. }
  112. include_once ROOT_PATH.'./uc_client/client.php';
  113. $ucinfo = dfopen($ucapi.'/index.php?m=app&a=ucinfo&release='.UC_CLIENT_RELEASE, 500, '', '', 1, $ucip);
  114. list($status, $ucversion, $ucrelease, $uccharset, $ucdbcharset, $apptypes) = explode('|', $ucinfo);
  115. if($status != 'UC_STATUS_OK') {
  116. show_msg('uc_url_unreachable', $ucapi, 0);
  117. } else {
  118. $dbcharset = strtolower($dbcharset ? str_replace('-', '', $dbcharset) : $dbcharset);
  119. $ucdbcharset = strtolower($ucdbcharset ? str_replace('-', '', $ucdbcharset) : $ucdbcharset);
  120. if(UC_CLIENT_VERSION > $ucversion) {
  121. show_msg('uc_version_incorrect', $ucversion, 0);
  122. } elseif($dbcharset && $ucdbcharset != $dbcharset) {
  123. show_msg('uc_dbcharset_incorrect', '', 0);
  124. }
  125. $postdata = "m=app&a=add&ucfounder=&ucfounderpw=".urlencode($ucpw)."&apptype=".urlencode($app_type)."&appname=".urlencode($app_name)."&appurl=".urlencode($app_url)."&appip=&appcharset=".CHARSET.'&appdbcharset='.DBCHARSET.'&'.$app_tagtemplates.'&release='.UC_CLIENT_RELEASE;
  126. $ucconfig = dfopen($ucapi.'/index.php', 500, $postdata, '', 1, $ucip);
  127. if(empty($ucconfig)) {
  128. show_msg('uc_api_add_app_error', $ucapi, 0);
  129. } elseif($ucconfig == '-1') {
  130. show_msg('uc_admin_invalid', '', 0);
  131. } else {
  132. list($appauthkey, $appid) = explode('|', $ucconfig);
  133. $ucconfig_array = explode('|', $ucconfig);
  134. $ucconfig_array[] = $ucapi;
  135. $ucconfig_array[] = $ucip;
  136. if(empty($appauthkey) || empty($appid)) {
  137. show_msg('uc_data_invalid', '', 0);
  138. } elseif($succeed = save_uc_config($ucconfig_array, ROOT_PATH.CONFIG_UC)) {
  139. if(VIEW_OFF) {
  140. show_msg('app_reg_success');
  141. } else {
  142. $step = $step + 1;
  143. header("Location: index.php?step=$step");
  144. exit;
  145. }
  146. } else {
  147. show_msg('config_unwriteable', '', 0);
  148. }
  149. }
  150. }
  151. }
  152. if(VIEW_OFF) {
  153. show_msg('missing_parameter', '', 0);
  154. } else {
  155. show_form($form_app_reg_items, $error_msg);
  156. }
  157. } elseif($method == 'db_init') {
  158. if(getgpc('install_ucenter') == 'yes') {
  159. define('DZUCFULL', true);
  160. } else {
  161. define('DZUCFULL', false);
  162. }
  163. $submit = true;
  164. $default_config = $_config = array();
  165. $default_configfile = './config/config_global_default.php';
  166. if(!file_exists(ROOT_PATH.$default_configfile)) {
  167. exit('config_global_default.php was lost, please reupload this file.');
  168. } else {
  169. include ROOT_PATH.$default_configfile;
  170. $default_config = $_config;
  171. }
  172. if(file_exists(ROOT_PATH.CONFIG)) {
  173. include ROOT_PATH.CONFIG;
  174. } else {
  175. $_config = $default_config;
  176. }
  177. $dbhost = $_config['db'][1]['dbhost'];
  178. $dbname = $_config['db'][1]['dbname'];
  179. $dbpw = $_config['db'][1]['dbpw'];
  180. $dbuser = $_config['db'][1]['dbuser'];
  181. $tablepre = $_config['db'][1]['tablepre'];
  182. $adminemail = 'admin@admin.com';
  183. $error_msg = array();
  184. if(isset($form_db_init_items) && is_array($form_db_init_items)) {
  185. foreach($form_db_init_items as $key => $items) {
  186. $$key = getgpc($key, 'p');
  187. if(!isset($$key) || !is_array($$key)) {
  188. $submit = false;
  189. break;
  190. }
  191. foreach($items as $k => $v) {
  192. $tmp = $$key;
  193. $$k = $tmp[$k];
  194. if(empty($$k) || !preg_match($v['reg'], $$k)) {
  195. if(empty($$k) && !$v['required']) {
  196. continue;
  197. }
  198. $submit = false;
  199. VIEW_OFF or $error_msg[$key][$k] = 1;
  200. }
  201. }
  202. }
  203. } else {
  204. $submit = false;
  205. }
  206. if($submit && !VIEW_OFF && $_SERVER['REQUEST_METHOD'] == 'POST') {
  207. if($password != $password2) {
  208. $error_msg['admininfo']['password2'] = 1;
  209. $submit = false;
  210. }
  211. $forceinstall = isset($_POST['dbinfo']['forceinstall']) ? $_POST['dbinfo']['forceinstall'] : '';
  212. $dbname_not_exists = true;
  213. if(!empty($dbhost) && empty($forceinstall)) {
  214. $dbname_not_exists = check_db($dbhost, $dbuser, $dbpw, $dbname, $tablepre);
  215. if(!$dbname_not_exists) {
  216. $form_db_init_items['dbinfo']['forceinstall'] = array('type' => 'checkbox', 'required' => 0, 'reg' => '/^.*+/');
  217. $error_msg['dbinfo']['forceinstall'] = 1;
  218. $submit = false;
  219. $dbname_not_exists = false;
  220. }
  221. }
  222. }
  223. if($submit) {
  224. $step = $step + 1;
  225. if(empty($dbname)) {
  226. show_msg('dbname_invalid', $dbname, 0);
  227. } else {
  228. $link = @mysql_connect($dbhost, $dbuser, $dbpw);
  229. if(!$link) {
  230. $errno = mysql_errno($link);
  231. $error = mysql_error($link);
  232. if($errno == 1045) {
  233. show_msg('database_errno_1045', $error, 0);
  234. } elseif($errno == 2003) {
  235. show_msg('database_errno_2003', $error, 0);
  236. } else {
  237. show_msg('database_connect_error', $error, 0);
  238. }
  239. }
  240. if(mysql_get_server_info() > '4.1') {
  241. mysql_query("CREATE DATABASE IF NOT EXISTS `$dbname` DEFAULT CHARACTER SET ".DBCHARSET, $link);
  242. } else {
  243. mysql_query("CREATE DATABASE IF NOT EXISTS `$dbname`", $link);
  244. }
  245. if(mysql_errno()) {
  246. show_msg('database_errno_1044', mysql_error(), 0);
  247. }
  248. mysql_close($link);
  249. }
  250. if(strpos($tablepre, '.') !== false || intval($tablepre{0})) {
  251. show_msg('tablepre_invalid', $tablepre, 0);
  252. }
  253. if($username && $email && $password) {
  254. if(strlen($username) > 15 || preg_match("/^$|^c:\\con\\con$| |[,\"\s\t\<\>&]|^Guest/is", $username)) {
  255. show_msg('admin_username_invalid', $username, 0);
  256. } elseif(!strstr($email, '@') || $email != stripslashes($email) || $email != dhtmlspecialchars($email)) {
  257. show_msg('admin_email_invalid', $email, 0);
  258. } else {
  259. if(!DZUCFULL) {
  260. $adminuser = check_adminuser($username, $password, $email);
  261. if($adminuser['uid'] < 1) {
  262. show_msg($adminuser['error'], '', 0);
  263. }
  264. }
  265. }
  266. } else {
  267. show_msg('admininfo_invalid', '', 0);
  268. }
  269. $uid = DZUCFULL ? 1 : $adminuser['uid'];
  270. $authkey = substr(md5($_SERVER['SERVER_ADDR'].$_SERVER['HTTP_USER_AGENT'].$dbhost.$dbuser.$dbpw.$dbname.$username.$password.$pconnect.substr($timestamp, 0, 6)), 8, 6).random(10);
  271. $_config['db'][1]['dbhost'] = $dbhost;
  272. $_config['db'][1]['dbname'] = $dbname;
  273. $_config['db'][1]['dbpw'] = $dbpw;
  274. $_config['db'][1]['dbuser'] = $dbuser;
  275. $_config['db'][1]['tablepre'] = $tablepre;
  276. $_config['admincp']['founder'] = (string)$uid;
  277. $_config['security']['authkey'] = $authkey;
  278. $_config['cookie']['cookiepre'] = random(4).'_';
  279. $_config['memory']['prefix'] = random(6).'_';
  280. save_config_file(ROOT_PATH.CONFIG, $_config, $default_config);
  281. $db = new dbstuff;
  282. $db->connect($dbhost, $dbuser, $dbpw, $dbname, DBCHARSET);
  283. if(!VIEW_OFF) {
  284. show_header();
  285. show_install();
  286. }
  287. if(DZUCFULL) {
  288. install_uc_server();
  289. }
  290. $sql = file_get_contents($sqlfile);
  291. $sql = str_replace("\r\n", "\n", $sql);
  292. runquery($sql);
  293. runquery($extrasql);
  294. $sql = file_get_contents(ROOT_PATH.'./install/data/install_data.sql');
  295. $sql = str_replace("\r\n", "\n", $sql);
  296. runquery($sql);
  297. $onlineip = $_SERVER['REMOTE_ADDR'];
  298. $timestamp = time();
  299. $backupdir = substr(md5($_SERVER['SERVER_ADDR'].$_SERVER['HTTP_USER_AGENT'].substr($timestamp, 0, 4)), 8, 6);
  300. $ret = false;
  301. if(is_dir(ROOT_PATH.'data/backup')) {
  302. $ret = @rename(ROOT_PATH.'data/backup', ROOT_PATH.'data/backup_'.$backupdir);
  303. }
  304. if(!$ret) {
  305. @mkdir(ROOT_PATH.'data/backup_'.$backupdir, 0777);
  306. }
  307. if(is_dir(ROOT_PATH.'data/backup_'.$backupdir)) {
  308. $db->query("REPLACE INTO {$tablepre}common_setting (skey, svalue) VALUES ('backupdir', '$backupdir')");
  309. }
  310. $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz';
  311. $siteuniqueid = 'DX'.$chars[date('y')%60].$chars[date('n')].$chars[date('j')].$chars[date('G')].$chars[date('i')].$chars[date('s')].substr(md5($onlineip.$timestamp), 0, 4).random(4);
  312. $db->query("REPLACE INTO {$tablepre}common_setting (skey, svalue) VALUES ('authkey', '$authkey')");
  313. $db->query("REPLACE INTO {$tablepre}common_setting (skey, svalue) VALUES ('siteuniqueid', '$siteuniqueid')");
  314. $db->query("REPLACE INTO {$tablepre}common_setting (skey, svalue) VALUES ('adminemail', '$email')");
  315. install_extra_setting();
  316. $db->query("REPLACE INTO {$tablepre}common_setting (skey, svalue) VALUES ('backupdir', '".$backupdir."')");
  317. $password = md5(random(10));
  318. $db->query("REPLACE INTO {$tablepre}common_member (uid, username, password, adminid, groupid, email, regdate) VALUES ('$uid', '$username', '$password', '1', '1', '$email', '".time()."');");
  319. $db->query("UPDATE {$tablepre}common_cron SET lastrun='0', nextrun='".($timestamp + 3600)."'");
  320. install_data($username, $uid);
  321. $testdata = $portalstatus = 1;
  322. $groupstatus = $homestatus = 0;
  323. if($testdata) {
  324. install_testdata($username, $uid);
  325. }
  326. if(!$portalstatus) {
  327. $db->query("REPLACE INTO {$tablepre}common_setting (skey, svalue) VALUES ('portalstatus', '0')");
  328. }
  329. if(!$groupstatus) {
  330. $db->query("REPLACE INTO {$tablepre}common_setting (skey, svalue) VALUES ('groupstatus', '0')");
  331. }
  332. if(!$homestatus) {
  333. $db->query("REPLACE INTO {$tablepre}common_setting (skey, svalue) VALUES ('homestatus', '0')");
  334. }
  335. $yearmonth = date('Ym_', time());
  336. loginit($yearmonth.'ratelog');
  337. loginit($yearmonth.'illegallog');
  338. loginit($yearmonth.'modslog');
  339. loginit($yearmonth.'cplog');
  340. loginit($yearmonth.'errorlog');
  341. loginit($yearmonth.'banlog');
  342. dir_clear(ROOT_PATH.'./data/template');
  343. dir_clear(ROOT_PATH.'./data/cache');
  344. dir_clear(ROOT_PATH.'./data/threadcache');
  345. dir_clear(ROOT_PATH.'./uc_client/data');
  346. dir_clear(ROOT_PATH.'./uc_client/data/cache');
  347. foreach($serialize_sql_setting as $k => $v) {
  348. $v = addslashes(serialize($v));
  349. $db->query("REPLACE INTO {$tablepre}common_setting VALUES ('$k', '$v')");
  350. }
  351. $query = $db->query("SELECT COUNT(*) FROM {$tablepre}common_member");
  352. $totalmembers = $db->result($query, 0);
  353. $userstats = array('totalmembers' => $totalmembers, 'newsetuser' => $username);
  354. $ctype = 1;
  355. $data = addslashes(serialize($userstats));
  356. $db->query("REPLACE INTO {$tablepre}common_syscache (cname, ctype, dateline, data) VALUES ('userstats', '$ctype', '".time()."', '$data')");
  357. touch($lockfile);
  358. VIEW_OFF && show_msg('initdbresult_succ');
  359. if(!VIEW_OFF) {
  360. echo '<script type="text/javascript">function setlaststep() {document.getElementById("laststep").disabled=false;window.location=\'index.php?method=ext_info\';}</script><script type="text/javascript">setTimeout(function(){window.location=\'index.php?method=ext_info\'}, 30000);</script><iframe src="../misc.php?mod=initsys" style="display:none;" onload="setlaststep()"></iframe>'."\r\n";
  361. show_footer();
  362. }
  363. }
  364. if(VIEW_OFF) {
  365. show_msg('missing_parameter', '', 0);
  366. } else {
  367. show_form($form_db_init_items, $error_msg);
  368. }
  369. } elseif($method == 'ext_info') {
  370. @touch($lockfile);
  371. if(VIEW_OFF) {
  372. show_msg('ext_info_succ');
  373. } else {
  374. show_header();
  375. echo '</div><div class="main" style="margin-top: -123px;padding-left:30px"><span id="platformIntro"></span>';
  376. echo '<script type="text/javascript" src="http://cp.discuz.qq.com/cloud/platformIntroJS?siteurl='.urlencode($default_appurl).'&version='.DISCUZ_VERSION.'" charset="utf-8"></script>';
  377. echo '<iframe frameborder="0" width="700" height="550" allowTransparency="true" src="http://addon.discuz.com/api/outer.php?id=installed&siteurl='.urlencode($default_appurl).'&version='.DISCUZ_VERSION.'"></iframe>';
  378. echo '</div>';
  379. show_footer();
  380. }
  381. } elseif($method == 'install_check') {
  382. if(file_exists($lockfile)) {
  383. show_msg('installstate_succ');
  384. } else {
  385. show_msg('lock_file_not_touch', $lockfile, 0);
  386. }
  387. } elseif($method == 'tablepre_check') {
  388. $dbinfo = getgpc('dbinfo');
  389. extract($dbinfo);
  390. if(check_db($dbhost, $dbuser, $dbpw, $dbname, $tablepre)) {
  391. show_msg('tablepre_not_exists', 0);
  392. } else {
  393. show_msg('tablepre_exists', $tablepre, 0);
  394. }
  395. }