]> git.p6c8.net - jirafeau_project.git/blob - install.php
admin.php: fix authentication bypass vulnerability
[jirafeau_project.git] / install.php
1 <?php
2 /*
3 * Jirafeau, your web file repository
4 * Copyright (C) 2008 Julien "axolotl" BERNARD <axolotl@magieeternelle.org>
5 * Copyright (C) 2015 Nicola Spanti (RyDroid) <dev@nicola-spanti.info>
6 *
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
16 *
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
19 */
20 define ('JIRAFEAU_ROOT', dirname (__FILE__) . '/');
21 define ('NL', "\n");
22 define ('QUOTE', "'");
23
24 define ('JIRAFEAU_CFG', JIRAFEAU_ROOT.'lib/config.local.php');
25 define ('JIRAFEAU_VAR_RAND_LENGTH', 15);
26
27 require (JIRAFEAU_ROOT . 'lib/functions.php');
28 require (JIRAFEAU_ROOT . 'lib/lang.php');
29 require (JIRAFEAU_ROOT . 'lib/config.original.php');
30
31 function
32 jirafeau_quoted ($str)
33 {
34 return QUOTE . str_replace (QUOTE, "\'", $str) . QUOTE;
35 }
36
37 function
38 jirafeau_export_cfg ($cfg)
39 {
40 $handle = fopen (JIRAFEAU_CFG, 'w');
41 fwrite ($handle, '<?php' . NL);
42 fwrite ($handle,
43 '/* ' .
44 t ('This file was generated by the install process. ' .
45 'You can edit it. Please see config.original.php to understand the ' .
46 'configuration items.') . ' */' . NL);
47 foreach ($cfg as $key => $item)
48 {
49 fwrite ($handle, '$cfg[' . jirafeau_quoted ($key) . '] = ');
50 if (is_bool ($item))
51 fwrite ($handle, ($item ? 'true' : 'false'));
52 else if (is_string ($item))
53 fwrite ($handle, jirafeau_quoted ($item));
54 else if (is_int ($item))
55 fwrite ($handle, $item);
56 else if (is_array ($item))
57 fwrite ($handle, str_replace(array("\n", "\r"), "",
58 var_export ($item, true)));
59 else
60 fwrite ($handle, 'null');
61 fwrite ($handle, ';'.NL);
62 }
63 /* No newline at the end of the file to be able to send headers. */
64 fwrite ($handle, '?>');
65 fclose ($handle);
66 }
67
68 function
69 jirafeau_mkdir ($path)
70 {
71 return !(!file_exists ($path) && !@mkdir ($path, 0755));
72 }
73
74 /**
75 * Returns true whether the path is writable or we manage to make it
76 * so, which essentially is the same thing.
77 * @param $path is the file or directory to be tested.
78 * @return true if $path is writable.
79 */
80 function
81 jirafeau_is_writable ($path)
82 {
83 /* "@" gets rid of error messages. */
84 return is_writable ($path) || @chmod ($path, 0777);
85 }
86
87 function
88 jirafeau_check_var_dir ($path)
89 {
90 $mkdir_str1 = t('The following directory could not be created') . ':';
91 $mkdir_str2 = t('You should create this directory manually.');
92 $write_str1 = t('The following directory is not writable') . ':';
93 $write_str2 = t('You should give the write permission to the web server on ' .
94 'this directory.');
95 $solution_str = t('Here is a solution') . ':';
96
97 if (!jirafeau_mkdir ($path) || !jirafeau_is_writable ($path))
98 return array ('has_error' => true,
99 'why' => $mkdir_str1 . '<br /><code>' .
100 $path . '</code><br />' . $solution_str .
101 '<br />' . $mkdir_str2);
102
103 foreach (array ('files', 'links', 'async', 'alias') as $subdir)
104 {
105 $subpath = $path.$subdir;
106
107 if (!jirafeau_mkdir ($subpath) || !jirafeau_is_writable ($subpath))
108 return array ('has_error' => true,
109 'why' => $mkdir_str1 . '<br /><code>' .
110 $subpath . '</code><br />' . $solution_str .
111 '<br />' . $mkdir_str2);
112 }
113
114 return array ('has_error' => false, 'why' => '');
115 }
116
117 function
118 jirafeau_add_ending_slash ($path)
119 {
120 return $path . ((substr ($path, -1) == '/') ? '' : '/');
121 }
122
123 if ($cfg['installation_done'] === true)
124 {
125 header('Location: index.php');
126 exit;
127 }
128
129 if (!file_exists (JIRAFEAU_CFG))
130 {
131 /* We try to create an empty one. */
132 if (!@touch (JIRAFEAU_CFG))
133 {
134 require (JIRAFEAU_ROOT . 'lib/template/header.php');
135 echo '<div class="error"><p>' .
136 t('The local configuration file could not be created. Create a ' .
137 '<code>lib/config.local.php</code> file and give the write ' .
138 'permission to the web server (preferred solution), or give the ' .
139 'write permission to the web server on the <code>lib</code> ' .
140 'directory.') .
141 '</p></div>';
142 require (JIRAFEAU_ROOT . 'lib/template/footer.php');
143 exit;
144 }
145 }
146
147 if (!is_writable (JIRAFEAU_CFG) && !@chmod (JIRAFEAU_CFG, '0666'))
148 {
149 require (JIRAFEAU_ROOT . 'lib/template/header.php');
150 echo '<div class="error"><p>' .
151 t('The local configuration is not writable by the web server. ' .
152 'Give the write permission to the web server on the ' .
153 '<code>lib/config.local.php</code> file.') .
154 '</p></div>';
155 require (JIRAFEAU_ROOT . 'lib/template/footer.php');
156 exit;
157 }
158
159 if (isset ($_POST['step']) && isset ($_POST['next']))
160 {
161 switch ($_POST['step'])
162 {
163 case 1:
164 $cfg['lang'] = $_POST['lang'];
165 jirafeau_export_cfg ($cfg);
166 break;
167
168 case 2:
169 $cfg['admin_password'] = $_POST['admin_password'];
170 jirafeau_export_cfg ($cfg);
171 break;
172
173 case 3:
174 $cfg['web_root'] = jirafeau_add_ending_slash ($_POST['web_root']);
175 $cfg['var_root'] = jirafeau_add_ending_slash ($_POST['var_root']);
176 jirafeau_export_cfg ($cfg);
177 break;
178
179 case 4:
180 $cfg['web_root'] = jirafeau_add_ending_slash ($_POST['web_root']);
181 $cfg['var_root'] = jirafeau_add_ending_slash ($_POST['var_root']);
182 jirafeau_export_cfg ($cfg);
183 break;
184 }
185
186 }
187
188 require (JIRAFEAU_ROOT . 'lib/settings.php');
189 require (JIRAFEAU_ROOT . 'lib/template/header.php');
190
191 $current = 1;
192 if (isset ($_POST['next']))
193 $current = $_POST['step'] + 1;
194 else if (isset ($_POST['previous']))
195 $current = $_POST['step'] - 1;
196 else if (isset ($_POST['retry']))
197 $current = $_POST['step'];
198
199 switch ($current)
200 {
201 case 1:
202 default:
203 ?><h2><?php printf (t('Installation of Jirafeau') . ' - ' . t('step') .
204 ' %d ' . t('out of') . ' %d', 1, 4);
205 ?></h2> <div id = "install"> <form action =
206 "<?php echo basename(__FILE__); ?>" method = "post"> <input type =
207 "hidden" name = "jirafeau" value =
208 "<?php echo JIRAFEAU_VERSION; ?>" /><input type = "hidden" name =
209 "step" value = "1" /><fieldset> <legend><?php echo t('Language');
210 ?></legend> <table> <tr> <td class = "info" colspan =
211 "2"><?php echo
212 t
213 ('Jirafeau is internationalised. Choose a specific langage or ' .
214 'choose Automatic (langage is provided by user\'s browser).');
215 ?></td> </tr> <tr> <td class = "label"><label for = "select_lang"
216 ><?php echo t('Choose the default language') . ':';
217 ?></label></td>
218 <td class = "field">
219 <select name = "lang" id = "select_lang">
220 <?php foreach ($languages_list as $key => $item)
221 {
222 echo '<option value="'.$key.'"'.($key ==
223 $cfg['lang'] ? ' selected="selected"'
224 : '').'>'.$item.'</option>'.NL;
225 }
226 ?></select>
227 </td>
228 </tr>
229 <tr class = "nav">
230 <td></td>
231 <td class = "nav next"><input type = "submit" name = "next" value =
232 "<?php echo t('Next step'); ?>" /></td> </tr> </table>
233 </fieldset> </form> </div> <?php
234 break;
235
236 case 2:
237 ?><h2><?php printf (t('Installation of Jirafeau') . ' - ' . t('step') .
238 ' %d ' . t('out of') . ' %d', 2, 4);
239 ?></h2> <div id = "install"> <form action =
240 "<?php echo basename(__FILE__); ?>" method = "post"> <input type =
241 "hidden" name = "jirafeau" value =
242 "<?php echo JIRAFEAU_VERSION; ?>" /><input type = "hidden" name =
243 "step" value = "2" /><fieldset> <legend><?php
244 echo t('Administration password');
245 ?></legend> <table> <tr> <td class = "info" colspan =
246 "2"><?php echo
247 t
248 ('Jirafeau has an administration interface (through admin.php). ' .
249 'You can set a password to access the interface or leave it empty ' .
250 'to disable the interface.');
251 ?></td> </tr> <tr> <td class = "label"><label for = "select_password"
252 ><?php echo t('Administration password') . ':';
253 ?></label></td>
254 <td class = "field"><input type = "password" name = "admin_password"
255 id = "admin_password" size = "40" /></td>
256 </tr>
257 <tr class = "nav">
258 <td></td>
259 <td class = "nav next">
260 <input type = "submit"
261 class = "navleft" name = "previous" value = "<?php
262 echo t('Previous step'); ?>" />
263 <input type = "submit" name = "next" value =
264 "<?php echo t('Next step'); ?>" /></td> </tr> </table>
265 </fieldset> </form> </div> <?php
266 break;
267
268 case 3:
269 ?><h2><?php printf (t('Installation of Jirafeau') . ' - ' . t('step') .
270 ' %d ' . t('out of') . ' %d', 3, 4);
271 ?></h2> <div id = "install"> <form action =
272 "<?php echo basename(__FILE__); ?>" method = "post"> <input type =
273 "hidden" name = "jirafeau" value =
274 "<?php echo JIRAFEAU_VERSION; ?>" /><input type = "hidden" name =
275 "step" value =
276 "3" /><fieldset> <legend><?php echo t('Information');
277 ?></legend> <table> <tr> <td class = "info" colspan =
278 "2"><?php echo
279 t
280 ('The base address of Jirafeau is the first part of the URL, until ' .
281 '(and including) the last slash. For example: ' .
282 '"http://www.example.com/". Do not forget the trailing slash!');
283 ?></td> </tr> <tr> <td class = "label"><label for = "input_web_root"
284 ><?php echo t('Base address') . ':';
285 ?></label></td>
286 <td class = "field"><input type = "text" name = "web_root"
287 id = "input_web_root" value = "<?php
288 echo (empty($cfg['web_root']) ?
289 'http://' . $_SERVER['HTTP_HOST'] . str_replace(basename(__FILE__),
290 '', $_SERVER['REQUEST_URI']) : $cfg['web_root']);
291 ?>" size = "40" /></td>
292 </tr> <tr> <td class = "info" colspan = "2"><?php
293 echo t('The data directory is where your files and information about' .
294 ' your files will be stored. You should put it outside your web ' .
295 'site, or at least restrict the access to this directory. Do not ' .
296 'forget the trailing slash!');
297 ?></td> </tr> <tr> <td class = "label"><label for = "input_var_root"
298 ><?php echo t('Data directory') . ':';
299 ?></label></td>
300 <td class = "field"><input type = "text" name = "var_root"
301 id = "input_var_root" value = "<?php
302 if(empty($cfg['var_root'])) {
303 $alphanum = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' .
304 'abcdefghijklmnopqrstuvwxyz' . '0123456789';
305 $len_alphanum = strlen($alphanum);
306 $var = 'var-';
307 for($i = 0; $i <JIRAFEAU_VAR_RAND_LENGTH; $i++) {
308 $var .= substr($alphanum, mt_rand(0, $len_alphanum - 1), 1);
309 }
310 echo JIRAFEAU_ROOT . $var . '/';
311 }
312 else
313 echo $cfg['var_root'];
314 ?>" size = "40" /></td>
315 </tr> <tr> <td colspan = "2"><input type = "submit"
316 class = "navleft" name = "previous" value = "<?php
317 echo t('Previous step'); ?>" />
318 <input type = "submit" class = "navright" name = "next" value = "
319 <?php echo t('Next step'); ?>" />
320 </td> </tr> </table> </fieldset>
321 </form> </div> <?php
322 break;
323
324 case 4:
325 ?><h2><?php printf (t('Installation of Jirafeau') . ' - ' . t('step') .
326 ' %d ' . t('out of') . ' %d', 4, 4);
327 ?></h2> <div id = "install"> <form action =
328 "<?php echo basename(__FILE__); ?>" method = "post"> <input type =
329 "hidden" name = "jirafeau" value =
330 "<?php echo JIRAFEAU_VERSION; ?>" /><input type = "hidden" name =
331 "step" value =
332 "4" /><fieldset> <legend><?php echo t('Finalisation');
333 ?></legend> <table> <tr> <td class = "info" colspan =
334 "2"><?php echo
335 t ('Jirafeau is setting the website according to the configuration ' .
336 'you provided.');
337 ?></td> </tr> <tr> <td class = "nav previous"><input type =
338 "submit" name = "previous" value =
339 "
340 <?php
341 echo t('Previous step');
342 ?>" /></td> <td></td> </tr>
343 </table> </fieldset> </form> </div>
344 <?php
345 $err = jirafeau_check_var_dir ($cfg['var_root']);
346 if ($err['has_error'])
347 {
348 echo '<div class="error"><p>'.$err['why'].'<br />'.NL;
349 ?><form action = "<?php echo basename(__FILE__); ?>" method =
350 "post"> <input type = "hidden" name = "jirafeau" value =
351 "<?php echo JIRAFEAU_VERSION; ?>" /><input type = "hidden" name =
352 "step" value = "4" /><input type = "submit" name =
353 "retry" value =
354 "<?php echo t('Retry this step'); ?>" /></form>
355 <?php echo '</p></div>';
356 }
357 else
358 {
359 $cfg['installation_done'] = true;
360 jirafeau_export_cfg ($cfg);
361 echo '<div class="message"><p>' .
362 t('Jirafeau is now fully operational') . ':' .
363 '<br /><a href="' . $cfg['web_root'] . '">' .
364 $cfg['web_root'].'</a></p></div>';
365 }
366 break;
367 }
368
369 require (JIRAFEAU_ROOT . 'lib/template/footer.php');
370 ?>

patrick-canterino.de