aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKlaus Weidenbach <Klaus.Weidenbach@gmx.net>2015-05-24 01:34:08 +0200
committerKlaus Weidenbach <Klaus.Weidenbach@gmx.net>2015-05-24 02:58:52 +0200
commite90c331bf62630629f9fc651a4255628605f2a2b (patch)
tree03a986f335de5fbf8562eef031f6011609f0badb
parent7f9e4d6add614563242db41e2fe2eee371c7a35f (diff)
downloadvolse-hubzilla-e90c331bf62630629f9fc651a4255628605f2a2b.tar.gz
volse-hubzilla-e90c331bf62630629f9fc651a4255628605f2a2b.tar.bz2
volse-hubzilla-e90c331bf62630629f9fc651a4255628605f2a2b.zip
Add PHP's xml module check and upload limits to setup.
And some documentation.
-rwxr-xr-xindex.php127
-rwxr-xr-xmod/setup.php444
2 files changed, 313 insertions, 258 deletions
diff --git a/index.php b/index.php
index 716c24fe6..3c2f172f5 100755
--- a/index.php
+++ b/index.php
@@ -1,47 +1,42 @@
-<?php /** @file */
-
+<?php
/**
+ * @file index.php
*
- * Red Matrix
+ * @brief The main entry point to the application.
*
+ * Bootstrap the application, load configuration, load modules, load theme, etc.
*/
-/**
- *
+/*
* bootstrap the application
- *
*/
-
require_once('boot.php');
-
+// our global App object
$a = new App;
-/**
- *
+/*
* Load the configuration file which contains our DB credentials.
- * Ignore errors. If the file doesn't exist or is empty, we are running in installation mode.'
- *
+ * Ignore errors. If the file doesn't exist or is empty, we are running in
+ * installation mode.
*/
$a->install = ((file_exists('.htconfig.php') && filesize('.htconfig.php')) ? false : true);
-@include(".htconfig.php");
+@include('.htconfig.php');
$a->timezone = ((x($default_timezone)) ? $default_timezone : 'UTC');
date_default_timezone_set($a->timezone);
-/**
- *
+/*
* Try to open the database;
- *
*/
-require_once("include/dba/dba_driver.php");
+require_once('include/dba/dba_driver.php');
if(! $a->install) {
$db = dba_factory($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type, $a->install);
- unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
+ unset($db_host, $db_port, $db_user, $db_pass, $db_data, $db_type);
/**
* Load configs from db. Overwrite configs from .htconfig.php
@@ -51,10 +46,10 @@ if(! $a->install) {
load_config('system');
load_config('feature');
- require_once("include/session.php");
+ require_once('include/session.php');
load_hooks();
call_hooks('init_1');
-
+
$a->language = get_best_language();
load_translation_table($a->language);
// Force the cookie to be secure (https only) if this site is SSL enabled. Must be done before session_start().
@@ -82,7 +77,7 @@ else {
*
* The order of these may be important so use caution if you think they're all
* intertwingled with no logical order and decide to sort it out. Some of the
- * dependencies have changed, but at least at one time in the recent past - the
+ * dependencies have changed, but at least at one time in the recent past - the
* order was critical to everything working properly
*
*/
@@ -100,7 +95,7 @@ if(array_key_exists('system_language',$_POST)) {
else
unset($_SESSION['language']);
}
-if((x($_SESSION,'language')) && ($_SESSION['language'] !== $lang)) {
+if((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) {
$a->language = $_SESSION['language'];
load_translation_table($a->language);
}
@@ -113,20 +108,19 @@ if((x($_GET,'zid')) && (! $a->install)) {
}
}
-if((x($_SESSION,'authenticated')) || (x($_POST,'auth-params')) || ($a->module === 'login'))
- require("include/auth.php");
+if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || ($a->module === 'login'))
+ require('include/auth.php');
-
-if(! x($_SESSION,'sysmsg'))
+if(! x($_SESSION, 'sysmsg'))
$_SESSION['sysmsg'] = array();
-if(! x($_SESSION,'sysmsg_info'))
+if(! x($_SESSION, 'sysmsg_info'))
$_SESSION['sysmsg_info'] = array();
/*
- * check_config() is responsible for running update scripts. These automatically
+ * check_config() is responsible for running update scripts. These automatically
* update the DB schema whenever we push a new one out. It also checks to see if
- * any plugins have been added or removed and reacts accordingly.
+ * any plugins have been added or removed and reacts accordingly.
*/
@@ -154,23 +148,22 @@ $a->set_apps($arr['app_menu']);
* and use it for handling our URL request.
* The module file contains a few functions that we call in various circumstances
* and in the following order:
- *
+ *
* "module"_init
* "module"_post (only called if there are $_POST variables)
* "module"_aside
* $theme_$module_aside (and $extends_$module_aside) are run first if either exist
* if either of these return false, module_aside is not called
- * This allows a theme to over-ride the sidebar layout completely.
+ * This allows a theme to over-ride the sidebar layout completely.
* "module"_content - the string return of this function contains our page body
*
- * Modules which emit other serialisations besides HTML (XML,JSON, etc.) should do
+ * Modules which emit other serialisations besides HTML (XML,JSON, etc.) should do
* so within the module init and/or post functions and then invoke killme() to terminate
* further processing.
*/
if(strlen($a->module)) {
-
/**
*
* We will always have a module name.
@@ -184,7 +177,6 @@ if(strlen($a->module)) {
$a->module_loaded = true;
}
-
if((strpos($a->module,'admin') === 0) && (! is_site_admin())) {
$a->module_loaded = false;
notice( t('Permission denied.') . EOL);
@@ -197,7 +189,6 @@ if(strlen($a->module)) {
*/
if(! $a->module_loaded) {
-
if(file_exists("mod/site/{$a->module}.php")) {
include_once("mod/site/{$a->module}.php");
$a->module_loaded = true;
@@ -210,37 +201,36 @@ if(strlen($a->module)) {
/**
- *
* The URL provided does not resolve to a valid module.
*
- * On Dreamhost sites, quite often things go wrong for no apparent reason and they send us to '/internal_error.html'.
- * We don't like doing this, but as it occasionally accounts for 10-20% or more of all site traffic -
+ * On Dreamhost sites, quite often things go wrong for no apparent reason and they send us to '/internal_error.html'.
+ * We don't like doing this, but as it occasionally accounts for 10-20% or more of all site traffic -
* we are going to trap this and redirect back to the requested page. As long as you don't have a critical error on your page
* this will often succeed and eventually do the right thing.
*
* Otherwise we are going to emit a 404 not found.
- *
*/
if(! $a->module_loaded) {
// Stupid browser tried to pre-fetch our Javascript img template. Don't log the event or return anything - just quietly exit.
- if((x($_SERVER,'QUERY_STRING')) && preg_match('/{[0-9]}/',$_SERVER['QUERY_STRING']) !== 0) {
+ if((x($_SERVER, 'QUERY_STRING')) && preg_match('/{[0-9]}/', $_SERVER['QUERY_STRING']) !== 0) {
killme();
}
- if((x($_SERVER,'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && isset($dreamhost_error_hack)) {
+ if((x($_SERVER, 'QUERY_STRING')) && ($_SERVER['QUERY_STRING'] === 'q=internal_error.html') && isset($dreamhost_error_hack)) {
logger('index.php: dreamhost_error_hack invoked. Original URI =' . $_SERVER['REQUEST_URI']);
goaway($a->get_baseurl() . $_SERVER['REQUEST_URI']);
}
logger('index.php: page not found: ' . $_SERVER['REQUEST_URI'] . ' ADDRESS: ' . $_SERVER['REMOTE_ADDR'] . ' QUERY: ' . $_SERVER['QUERY_STRING'], LOGGER_DEBUG);
- header($_SERVER["SERVER_PROTOCOL"] . ' 404 ' . t('Not Found'));
- $tpl = get_markup_template("404.tpl");
+ header($_SERVER['SERVER_PROTOCOL'] . ' 404 ' . t('Not Found'));
+ $tpl = get_markup_template('404.tpl');
$a->page['content'] = replace_macros($tpl, array(
- '$message' => t('Page not found.' )
+ '$message' => t('Page not found.')
));
- // pretend this is a module so it will initialise the theme.
+
+ // pretend this is a module so it will initialise the theme
$a->module = '404';
$a->module_loaded = true;
}
@@ -249,11 +239,10 @@ if(strlen($a->module)) {
/* initialise content region */
-if(! x($a->page,'content'))
+if(! x($a->page, 'content'))
$a->page['content'] = '';
-
if(! ($a->module === 'setup')) {
/* set JS cookie */
if($_COOKIE['jsAvailable'] != 1) {
@@ -263,9 +252,9 @@ if(! ($a->module === 'setup')) {
$_COOKIE['jsAvailable'] = 1;
}
}
- call_hooks('page_content_top',$a->page['content']);
-}
+ call_hooks('page_content_top', $a->page['content']);
+}
@@ -282,7 +271,7 @@ if($a->module_loaded) {
* For this reason, please restrict the use of templates to those which
* do not provide any presentation details - as themes will not be able
* to over-ride them.
- */
+ */
if(function_exists($a->module . '_init')) {
call_hooks($a->module . '_mod_init', $placeholder);
@@ -310,32 +299,31 @@ if($a->module_loaded) {
* load current theme info
*/
- $theme_info_file = "view/theme/".current_theme()."/php/theme.php";
+ $theme_info_file = 'view/theme/' . current_theme() . '/php/theme.php';
if (file_exists($theme_info_file)){
require_once($theme_info_file);
}
- if(function_exists(str_replace('-','_',current_theme()) . '_init')) {
- $func = str_replace('-','_',current_theme()) . '_init';
+ if(function_exists(str_replace('-', '_', current_theme()) . '_init')) {
+ $func = str_replace('-', '_', current_theme()) . '_init';
$func($a);
}
- elseif (x($a->theme_info,"extends") && file_exists("view/theme/".$a->theme_info["extends"]."/php/theme.php")) {
- require_once("view/theme/".$a->theme_info["extends"]."/php/theme.php");
- if(function_exists(str_replace('-','_',$a->theme_info["extends"]) . '_init')) {
- $func = str_replace('-','_',$a->theme_info["extends"]) . '_init';
+ elseif (x($a->theme_info, 'extends') && file_exists('view/theme/' . $a->theme_info['extends'] . '/php/theme.php')) {
+ require_once('view/theme/' . $a->theme_info['extends'] . '/php/theme.php');
+ if(function_exists(str_replace('-', '_', $a->theme_info['extends']) . '_init')) {
+ $func = str_replace('-', '_', $a->theme_info['extends']) . '_init';
$func($a);
}
}
if(($_SERVER['REQUEST_METHOD'] === 'POST') && (! $a->error)
&& (function_exists($a->module . '_post'))
- && (! x($_POST,'auth-params'))) {
+ && (! x($_POST, 'auth-params'))) {
call_hooks($a->module . '_mod_post', $_POST);
$func = $a->module . '_post';
$func($a);
}
-
if(! $a->error) {
// If a theme has defined an _aside() function, run that first
//
@@ -353,9 +341,9 @@ if($a->module_loaded) {
$func = str_replace('-','_',current_theme()) . '_' . $a->module . '_aside';
$aside_default = $func($a);
}
- elseif($aside_default && x($a->theme_info,"extends")
- && (function_exists(str_replace('-','_',$a->theme_info["extends"]) . '_' . $a->module . '_aside'))) {
- $func = str_replace('-','_',$a->theme_info["extends"]) . '_' . $a->module . '_aside';
+ elseif($aside_default && x($a->theme_info, "extends")
+ && (function_exists(str_replace('-', '_',$a->theme_info["extends"]) . '_' . $a->module . '_aside'))) {
+ $func = str_replace('-', '_', $a->theme_info["extends"]) . '_' . $a->module . '_aside';
$aside_default = $func($a);
}
if($aside_default && function_exists($a->module . '_aside')) {
@@ -373,24 +361,25 @@ if($a->module_loaded) {
call_hooks($a->module . '_mod_aftercontent', $arr);
$a->page['content'] .= $arr['content'];
}
-
}
// If you're just visiting, let javascript take you home
-if(x($_SESSION,'visitor_home'))
+if(x($_SESSION, 'visitor_home')) {
$homebase = $_SESSION['visitor_home'];
-elseif(local_channel())
+} elseif(local_channel()) {
$homebase = $a->get_baseurl() . '/channel/' . $a->channel['channel_address'];
+}
-if(isset($homebase))
- $a->page['content'] .= '<script>var homebase="' . $homebase . '" ; </script>';
+if(isset($homebase)) {
+ $a->page['content'] .= '<script>var homebase = "' . $homebase . '";</script>';
+}
// now that we've been through the module content, see if the page reported
// a permission problem and if so, a 403 response would seem to be in order.
-if(stristr( implode("",$_SESSION['sysmsg']), t('Permission denied'))) {
- header($_SERVER["SERVER_PROTOCOL"] . ' 403 ' . t('Permission denied.'));
+if(stristr(implode("", $_SESSION['sysmsg']), t('Permission denied'))) {
+ header($_SERVER['SERVER_PROTOCOL'] . ' 403 ' . t('Permission denied.'));
}
diff --git a/mod/setup.php b/mod/setup.php
index eba28a9bc..d88cf73f1 100755
--- a/mod/setup.php
+++ b/mod/setup.php
@@ -1,40 +1,53 @@
<?php
+/**
+ * @file mod/setup.php
+ *
+ * Controller for the initial setup/installation.
+ *
+ * @todo This setup module could need some love and improvements.
+ */
-$install_wizard_pass=1;
-
+$install_wizard_pass = 1;
+/**
+ * @brief Initialisation for the setup module.
+ *
+ * @param[in,out] App &$a
+ */
function setup_init(&$a){
- // Ensure that if somebody hasn't read the install documentation and doesn't have all
- // the required modules or has a totally borked shared hosting provider and they can't
+ // Ensure that if somebody hasn't read the install documentation and doesn't have all
+ // the required modules or has a totally borked shared hosting provider and they can't
// figure out what the hell is going on - that we at least spit out an error message which
// we can inquire about when they write to tell us that our software doesn't work.
- // The worst thing we can do at this point is throw a white screen of death and rely on
- // them knowing about servers and php modules and logfiles enough so that we can guess
+ // The worst thing we can do at this point is throw a white screen of death and rely on
+ // them knowing about servers and php modules and logfiles enough so that we can guess
// at the source of the problem. As ugly as it may be, we need to throw a technically worded
- // PHP error message in their face. Once installation is complete application errors will
- // throw a white screen because these error messages divulge information which can
- // potentially be useful to hackers.
-
-
- error_reporting(E_ERROR | E_WARNING | E_PARSE );
- ini_set('log_errors','0');
- ini_set('display_errors', '1');
+ // PHP error message in their face. Once installation is complete application errors will
+ // throw a white screen because these error messages divulge information which can
+ // potentially be useful to hackers.
+ error_reporting(E_ERROR | E_WARNING | E_PARSE );
+ ini_set('log_errors', '0');
+ ini_set('display_errors', '1');
// $baseurl/setup/testrwrite to test if rewite in .htaccess is working
- if (argc() ==2 && argv(1)=="testrewrite") {
- echo "ok";
+ if (argc() == 2 && argv(1) == "testrewrite") {
+ echo 'ok';
killme();
}
+
global $install_wizard_pass;
- if (x($_POST,'pass'))
+ if (x($_POST, 'pass'))
$install_wizard_pass = intval($_POST['pass']);
-
-
}
+/**
+ * @brief Handle the actions of the different setup steps.
+ *
+ * @param[in,out] App &$a
+ */
function setup_post(&$a) {
global $install_wizard_pass, $db;
@@ -58,8 +71,9 @@ function setup_post(&$a) {
require_once('include/dba/dba_driver.php');
unset($db);
$db = dba_factory($dbhost, $dbport, $dbuser, $dbpass, $dbdata, $dbtype, true);
+
if(! $db->connected) {
- echo "Database Connect failed: " . $db->error;
+ echo 'Database Connect failed: ' . $db->error;
killme();
$a->data['db_conn_failed']=true;
}
@@ -83,10 +97,10 @@ function setup_post(&$a) {
}
}*/
//if(get_db_errno()) {
-
+
//}
- return;
+ return;
break;
case 4:
$urlpath = $a->get_path();
@@ -100,10 +114,9 @@ function setup_post(&$a) {
$timezone = notags(trim($_POST['timezone']));
$adminmail = notags(trim($_POST['adminmail']));
$siteurl = notags(trim($_POST['siteurl']));
-
if($siteurl != z_root()) {
- $test = z_fetch_url($siteurl."/setup/testrewrite");
+ $test = z_fetch_url($siteurl."/setup/testrewrite");
if((! $test['success']) || ($test['body'] != 'ok')) {
$a->data['url_fail'] = true;
$a->data['url_error'] = $test['error'];
@@ -147,7 +160,7 @@ function setup_post(&$a) {
$a->data['db_installed'] = true;
return;
- break;
+ break;
}
}
@@ -156,47 +169,50 @@ function get_db_errno() {
return mysqli_connect_errno();
else
return mysql_errno();
-}
+}
+/**
+ * @brief Get output for the setup page.
+ *
+ * Depending on the state we are currently in it returns different content.
+ *
+ * @param App &$a
+ * @return string parsed HTML output
+ */
function setup_content(&$a) {
-
global $install_wizard_pass, $db;
+
$o = '';
- $wizard_status = "";
+ $wizard_status = '';
$install_title = t('$Projectname Server - Setup');
-
-
- if(x($a->data,'db_conn_failed')) {
+ if(x($a->data, 'db_conn_failed')) {
$install_wizard_pass = 2;
$wizard_status = t('Could not connect to database.');
}
- if(x($a->data,'url_fail')) {
+ if(x($a->data, 'url_fail')) {
$install_wizard_pass = 3;
$wizard_status = t('Could not connect to specified site URL. Possible SSL certificate or DNS issue.');
if($a->data['url_error'])
$wizard_status .= ' ' . $a->data['url_error'];
}
- if(x($a->data,'db_create_failed')) {
+ if(x($a->data, 'db_create_failed')) {
$install_wizard_pass = 2;
$wizard_status = t('Could not create table.');
}
-
- $db_return_text="";
- if(x($a->data,'db_installed')) {
+ $db_return_text = '';
+ if(x($a->data, 'db_installed')) {
$txt = '<p style="font-size: 130%;">';
$txt .= t('Your site database has been installed.') . EOL;
$db_return_text .= $txt;
}
-
- if(x($a->data,'db_failed')) {
+ if(x($a->data, 'db_failed')) {
$txt = t('You may need to import the file "install/schema_xxx.sql" manually using a database client.') . EOL;
$txt .= t('Please see the file "install/INSTALL.txt".') . EOL ."<hr>" ;
$txt .= "<pre>".$a->data['db_failed'] . "</pre>". EOL ;
$db_return_text .= $txt;
}
-
if($db && $db->connected) {
$r = q("SELECT COUNT(*) as `total` FROM `account`");
if($r && count($r) && $r[0]['total']) {
@@ -210,23 +226,22 @@ function setup_content(&$a) {
}
}
- if(x($a->data,'txt') && strlen($a->data['txt'])) {
+ if(x($a->data, 'txt') && strlen($a->data['txt'])) {
$db_return_text .= manual_config($a);
}
-
- if ($db_return_text!="") {
+
+ if ($db_return_text != "") {
$tpl = get_markup_template('install.tpl');
return replace_macros($tpl, array(
'$title' => $install_title,
- '$pass' => "",
+ '$pass' => '',
'$text' => $db_return_text . what_next(),
));
}
-
+
switch ($install_wizard_pass){
case 1: { // System check
-
$checks = array();
check_funcs($checks);
@@ -238,22 +253,23 @@ function setup_content(&$a) {
check_smarty3($checks);
check_keys($checks);
-
- if(x($_POST,'phpath'))
+
+ if (x($_POST, 'phpath'))
$phpath = notags(trim($_POST['phpath']));
check_php($phpath, $checks);
- check_htaccess($checks);
-
- function check_passed($v, $c){
+ check_phpconfig($checks);
+
+ check_htaccess($checks);
+
+ function check_passed($v, $c) {
if ($c['required'])
$v = $v && $c['status'];
+
return $v;
}
$checkspassed = array_reduce($checks, "check_passed", true);
-
-
$tpl = get_markup_template('install_checks.tpl');
$o .= replace_macros($tpl, array(
@@ -269,7 +285,7 @@ function setup_content(&$a) {
));
return $o;
}; break;
-
+
case 2: { // Database config
$dbhost = ((x($_POST,'dbhost')) ? notags(trim($_POST['dbhost'])) : 'localhost');
@@ -281,7 +297,6 @@ function setup_content(&$a) {
$phpath = notags(trim($_POST['phpath']));
$adminmail = notags(trim($_POST['adminmail']));
$siteurl = notags(trim($_POST['siteurl']));
-
$tpl = get_markup_template('install_db.tpl');
$o .= replace_macros($tpl, array(
@@ -292,7 +307,7 @@ function setup_content(&$a) {
'$info_03' => t('The database you specify below should already exist. If it does not, please create it before continuing.'),
'$status' => $wizard_status,
-
+
'$dbhost' => array('dbhost', t('Database Server Name'), $dbhost, t('Default is localhost')),
'$dbport' => array('dbport', t('Database Port'), $dbport, t('Communication port number - use 0 for default')),
'$dbuser' => array('dbuser', t('Database Login Name'), $dbuser, ''),
@@ -302,16 +317,14 @@ function setup_content(&$a) {
'$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')),
'$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')),
-
'$lbl_10' => t('Please select a default timezone for your website'),
-
+
'$baseurl' => $a->get_baseurl(),
-
+
'$phpath' => $phpath,
-
+
'$submit' => t('Submit'),
-
));
return $o;
}; break;
@@ -324,241 +337,296 @@ function setup_content(&$a) {
$dbdata = notags(trim($_POST['dbdata']));
$dbtype = intval(notags(trim($_POST['dbtype'])));
$phpath = notags(trim($_POST['phpath']));
-
+
$adminmail = notags(trim($_POST['adminmail']));
$siteurl = notags(trim($_POST['siteurl']));
$timezone = ((x($_POST,'timezone')) ? ($_POST['timezone']) : 'America/Los_Angeles');
-
+
$tpl = get_markup_template('install_settings.tpl');
$o .= replace_macros($tpl, array(
'$title' => $install_title,
'$pass' => t('Site settings'),
-
'$status' => $wizard_status,
-
- '$dbhost' => $dbhost,
- '$dbport' => $dbport,
+
+ '$dbhost' => $dbhost,
+ '$dbport' => $dbport,
'$dbuser' => $dbuser,
'$dbpass' => $dbpass,
'$dbdata' => $dbdata,
'$phpath' => $phpath,
'$dbtype' => $dbtype,
-
+
'$adminmail' => array('adminmail', t('Site administrator email address'), $adminmail, t('Your account email address must match this in order to use the web admin panel.')),
'$siteurl' => array('siteurl', t('Website URL'), z_root(), t('Please use SSL (https) URL if available.')),
-
'$timezone' => array('timezone', t('Please select a default timezone for your website'), $timezone, '', get_timezones()),
-
+
'$baseurl' => $a->get_baseurl(),
-
-
-
+
'$submit' => t('Submit'),
-
));
return $o;
}; break;
-
}
}
/**
- * checks : array passed to template
- * title : string
- * status : boolean
- * required : boolean
- * help : string optional
+ * @brief Add a check result to the array for output.
+ *
+ * @param[in,out] array &$checks array passed to template
+ * @param string $title a title for the check
+ * @param boolean $status
+ * @param boolean $required
+ * @param[optional] string $help optional help string
*/
-function check_add(&$checks, $title, $status, $required, $help){
+function check_add(&$checks, $title, $status, $required, $help = '') {
$checks[] = array(
- 'title' => $title,
- 'status' => $status,
+ 'title' => $title,
+ 'status' => $status,
'required' => $required,
- 'help' => $help,
+ 'help' => $help
);
}
+/**
+ * @brief Checks the PHP environment.
+ *
+ * @param[in,out] string &$phpath
+ * @param[out] array &$checks
+ */
function check_php(&$phpath, &$checks) {
- if (strlen($phpath)){
+ $help = '';
+
+ if (strlen($phpath)) {
$passed = file_exists($phpath);
} else {
if(is_windows())
$phpath = trim(shell_exec('where php'));
else
$phpath = trim(shell_exec('which php'));
+
$passed = strlen($phpath);
}
- $help = "";
+
if(!$passed) {
$help .= t('Could not find a command line version of PHP in the web server PATH.'). EOL;
- $help .= t("If you don't have a command line version of PHP installed on server, you will not be able to run background polling via cron.") . EOL;
+ $help .= t('If you don\'t have a command line version of PHP installed on server, you will not be able to run background polling via cron.') . EOL;
$help .= EOL . EOL ;
$tpl = get_markup_template('field_input.tpl');
$help .= replace_macros($tpl, array(
'$field' => array('phpath', t('PHP executable path'), $phpath, t('Enter full path to php executable. You can leave this blank to continue the installation.')),
));
- $phpath="";
+ $phpath = '';
}
-
+
check_add($checks, t('Command line PHP').($passed?" (<tt>$phpath</tt>)":""), $passed, false, $help);
-
+
if($passed) {
$str = autoname(8);
$cmd = "$phpath install/testargs.php $str";
$result = trim(shell_exec($cmd));
$passed2 = $result == $str;
- $help = "";
+ $help = '';
if(!$passed2) {
$help .= t('The command line version of PHP on your system does not have "register_argc_argv" enabled.'). EOL;
$help .= t('This is required for message delivery to work.');
}
+
check_add($checks, t('PHP register_argc_argv'), $passed, true, $help);
}
-
-
}
-function check_keys(&$checks) {
+/**
+ * @brief Some PHP configuration checks.
+ *
+ * @todo Change how we display such informational text. Add more description
+ * how to change them.
+ *
+ * @param[out] array &$checks
+ */
+function check_phpconfig(&$checks) {
+ require_once 'include/environment.php';
$help = '';
+ $result = getPhpiniUploadLimits();
+ $help = sprintf(t('Your max allowed total upload size is set to %s. Maximum size of one file to upload is set to %s. You are allowed to upload up to %d files at once.'),
+ userReadableSize($result['post_max_size']),
+ userReadableSize($result['max_upload_filesize']),
+ $result['max_file_uploads']
+ );
+ $help .= '<br>' . t('You can adjust these settings in the servers php.ini.');
+
+ check_add($checks, t('PHP upload limits'), true, false, $help);
+}
+
+/**
+ * @brief Check if the openssl implementation can generate keys.
+ *
+ * @param[out] array $checks
+ */
+function check_keys(&$checks) {
+ $help = '';
$res = false;
- if(function_exists('openssl_pkey_new'))
- $res=openssl_pkey_new(array(
- 'digest_alg' => 'sha1',
- 'private_key_bits' => 4096,
- 'encrypt_key' => false ));
+ if (function_exists('openssl_pkey_new')) {
+ $res = openssl_pkey_new(array(
+ 'digest_alg' => 'sha1',
+ 'private_key_bits' => 4096,
+ 'encrypt_key' => false)
+ );
+ }
// Get private key
- if(! $res) {
+ if (! $res) {
$help .= t('Error: the "openssl_pkey_new" function on this system is not able to generate encryption keys'). EOL;
$help .= t('If running under Windows, please see "http://www.php.net/manual/en/openssl.installation.php".');
}
- check_add($checks, t('Generate encryption keys'), $res, true, $help);
+ check_add($checks, t('Generate encryption keys'), $res, true, $help);
}
-
+/**
+ * @brief Check for some PHP functions and modules.
+ *
+ * @param[in,out] array &$checks
+ */
function check_funcs(&$checks) {
$ck_funcs = array();
- check_add($ck_funcs, t('libCurl PHP module'), true, true, "");
- check_add($ck_funcs, t('GD graphics PHP module'), true, true, "");
- check_add($ck_funcs, t('OpenSSL PHP module'), true, true, "");
- check_add($ck_funcs, t('mysqli or postgres PHP module'), true, true, "");
- check_add($ck_funcs, t('mb_string PHP module'), true, true, "");
- check_add($ck_funcs, t('mcrypt PHP module'), true, true, "");
-
-
+
+ // add check metadata, the real check is done bit later and return values set
+ check_add($ck_funcs, t('libCurl PHP module'), true, true);
+ check_add($ck_funcs, t('GD graphics PHP module'), true, true);
+ check_add($ck_funcs, t('OpenSSL PHP module'), true, true);
+ check_add($ck_funcs, t('mysqli or postgres PHP module'), true, true);
+ check_add($ck_funcs, t('mb_string PHP module'), true, true);
+ check_add($ck_funcs, t('mcrypt PHP module'), true, true);
+ check_add($ck_funcs, t('xml PHP module'), true, true);
+
if(function_exists('apache_get_modules')){
- if (! in_array('mod_rewrite',apache_get_modules())) {
+ if (! in_array('mod_rewrite', apache_get_modules())) {
check_add($ck_funcs, t('Apache mod_rewrite module'), false, true, t('Error: Apache webserver mod-rewrite module is required but not installed.'));
} else {
- check_add($ck_funcs, t('Apache mod_rewrite module'), true, true, "");
+ check_add($ck_funcs, t('Apache mod_rewrite module'), true, true);
}
}
if((! function_exists('proc_open')) || strstr(ini_get('disable_functions'),'proc_open')) {
check_add($ck_funcs, t('proc_open'), false, true, t('Error: proc_open is required but is either not installed or has been disabled in php.ini'));
}
else {
- check_add($ck_funcs, t('proc_open'), true, true, "");
+ check_add($ck_funcs, t('proc_open'), true, true);
}
- if(! function_exists('curl_init')){
- $ck_funcs[0]['status']= false;
- $ck_funcs[0]['help']= t('Error: libCURL PHP module required but not installed.');
+ if(! function_exists('curl_init')) {
+ $ck_funcs[0]['status'] = false;
+ $ck_funcs[0]['help'] = t('Error: libCURL PHP module required but not installed.');
}
- if(! function_exists('imagecreatefromjpeg')){
- $ck_funcs[1]['status']= false;
- $ck_funcs[1]['help']= t('Error: GD graphics PHP module with JPEG support required but not installed.');
+ if(! function_exists('imagecreatefromjpeg')) {
+ $ck_funcs[1]['status'] = false;
+ $ck_funcs[1]['help'] = t('Error: GD graphics PHP module with JPEG support required but not installed.');
}
if(! function_exists('openssl_public_encrypt')) {
- $ck_funcs[2]['status']= false;
- $ck_funcs[2]['help']= t('Error: openssl PHP module required but not installed.');
+ $ck_funcs[2]['status'] = false;
+ $ck_funcs[2]['help'] = t('Error: openssl PHP module required but not installed.');
}
- if(! function_exists('mysqli_connect') && !function_exists('pg_connect')){
- $ck_funcs[3]['status']= false;
- $ck_funcs[3]['help']= t('Error: mysqli or postgres PHP module required but neither are installed.');
+ if(! function_exists('mysqli_connect') && !function_exists('pg_connect')) {
+ $ck_funcs[3]['status'] = false;
+ $ck_funcs[3]['help'] = t('Error: mysqli or postgres PHP module required but neither are installed.');
}
- if(! function_exists('mb_strlen')){
- $ck_funcs[4]['status']= false;
- $ck_funcs[4]['help']= t('Error: mb_string PHP module required but not installed.');
+ if(! function_exists('mb_strlen')) {
+ $ck_funcs[4]['status'] = false;
+ $ck_funcs[4]['help'] = t('Error: mb_string PHP module required but not installed.');
}
- if(! function_exists('mcrypt_encrypt')){
- $ck_funcs[5]['status']= false;
- $ck_funcs[5]['help']= t('Error: mcrypt PHP module required but not installed.');
+ if(! function_exists('mcrypt_encrypt')) {
+ $ck_funcs[5]['status'] = false;
+ $ck_funcs[5]['help'] = t('Error: mcrypt PHP module required but not installed.');
+ }
+ if(! extension_loaded('xml')) {
+ $ck_funcs[6]['status'] = false;
+ $ck_funcs[6]['help'] = t('Error: xml PHP module required for DAV but not installed.');
}
-
- $checks = array_merge($checks, $ck_funcs);
-
+ $checks = array_merge($checks, $ck_funcs);
}
-
+/**
+ * @brief Check for .htconfig requirements.
+ *
+ * @param[out] array &$checks
+ */
function check_htconfig(&$checks) {
$status = true;
- $help = "";
- if( (file_exists('.htconfig.php') && !is_writable('.htconfig.php')) ||
+ $help = '';
+
+ if( (file_exists('.htconfig.php') && !is_writable('.htconfig.php')) ||
(!file_exists('.htconfig.php') && !is_writable('.')) ) {
-
- $status=false;
- $help = t('The web installer needs to be able to create a file called ".htconfig.php" in the top folder of your web server and it is unable to do so.') .EOL;
- $help .= t('This is most often a permission setting, as the web server may not be able to write files in your folder - even if you can.').EOL;
- $help .= t('At the end of this procedure, we will give you a text to save in a file named .htconfig.php in your Red top folder.').EOL;
- $help .= t('You can alternatively skip this procedure and perform a manual installation. Please see the file "install/INSTALL.txt" for instructions.').EOL;
- }
-
- check_add($checks, t('.htconfig.php is writable'), $status, false, $help);
+ $status = false;
+ $help = t('The web installer needs to be able to create a file called ".htconfig.php" in the top folder of your web server and it is unable to do so.') .EOL;
+ $help .= t('This is most often a permission setting, as the web server may not be able to write files in your folder - even if you can.').EOL;
+ $help .= t('At the end of this procedure, we will give you a text to save in a file named .htconfig.php in your Red top folder.').EOL;
+ $help .= t('You can alternatively skip this procedure and perform a manual installation. Please see the file "install/INSTALL.txt" for instructions.').EOL;
+ }
+ check_add($checks, t('.htconfig.php is writable'), $status, false, $help);
}
+/**
+ * @brief Checks for our templating engine Smarty3 requirements.
+ *
+ * @param[out] array &$checks
+ */
function check_smarty3(&$checks) {
$status = true;
- $help = "";
- if( !is_writable(TEMPLATE_BUILD_PATH) ) {
-
- $status=false;
+ $help = '';
+
+ if(! is_writable(TEMPLATE_BUILD_PATH) ) {
+ $status = false;
$help = t('Red uses the Smarty3 template engine to render its web views. Smarty3 compiles templates to PHP to speed up rendering.') .EOL;
$help .= sprintf( t('In order to store these compiled templates, the web server needs to have write access to the directory %s under the Red top level folder.'), TEMPLATE_BUILD_PATH) . EOL;
$help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.').EOL;
- $help .= sprintf( t('Note: as a security measure, you should give the web server write access to %s only--not the template files (.tpl) that it contains.'), TEMPLATE_BUILD_PATH) . EOL;
+ $help .= sprintf( t('Note: as a security measure, you should give the web server write access to %s only--not the template files (.tpl) that it contains.'), TEMPLATE_BUILD_PATH) . EOL;
}
-
- check_add($checks, sprintf( t('%s is writable'), TEMPLATE_BUILD_PATH), $status, true, $help);
+ check_add($checks, sprintf( t('%s is writable'), TEMPLATE_BUILD_PATH), $status, true, $help);
}
+/**
+ * @brief Check for store directory.
+ *
+ * @param[out] array &$checks
+ */
function check_store(&$checks) {
$status = true;
- $help = "";
+ $help = '';
- @os_mkdir(TEMPLATE_BUILD_PATH,STORAGE_DEFAULT_PERMISSIONS,true);
+ @os_mkdir(TEMPLATE_BUILD_PATH, STORAGE_DEFAULT_PERMISSIONS, true);
- if( !is_writable('store') ) {
-
- $status=false;
+ if(! is_writable('store')) {
+ $status = false;
$help = t('Red uses the store directory to save uploaded files. The web server needs to have write access to the store directory under the Red top level folder') . EOL;
$help .= t('Please ensure that the user that your web server runs as (e.g. www-data) has write access to this folder.').EOL;
}
-
- check_add($checks, t('store is writable'), $status, true, $help);
+ check_add($checks, t('store is writable'), $status, true, $help);
}
-
+/**
+ * @brief Check URL rewrite und SSL certificate.
+ *
+ * @param[out] array &$checks
+ */
function check_htaccess(&$checks) {
$a = get_app();
$status = true;
- $help = "";
+ $help = '';
$ssl_error = false;
$url = $a->get_baseurl() . '/setup/testrewrite';
if (function_exists('curl_init')){
- $test = z_fetch_url($url);
+ $test = z_fetch_url($url);
if(! $test['success']) {
if(strstr($url,'https://')) {
$test = z_fetch_url($url,false,0,array('novalidate' => true));
@@ -581,26 +649,27 @@ function check_htaccess(&$checks) {
$help .= t('This can cause usability issues elsewhere (not just on your own site) so we must insist on this requirement.') .EOL;
$help .= t('Providers are available that issue free certificates which are browser-valid.'). EOL;
- check_add($checks, t('SSL certificate validation'),false,true, $help);
+ check_add($checks, t('SSL certificate validation'), false, true, $help);
}
- }
-
- if ((! $test['success']) || ($test['body'] != "ok")) {
- $status = false;
- $help = t('Url rewrite in .htaccess is not working. Check your server configuration.'.'Test: '.var_export($test,true));
- }
- check_add($checks, t('Url rewrite is working'), $status, true, $help);
- } else {
- // cannot check modrewrite if libcurl is not installed
- }
-
+ }
+
+ if ((! $test['success']) || ($test['body'] != "ok")) {
+ $status = false;
+ $help = t('Url rewrite in .htaccess is not working. Check your server configuration.'.'Test: '.var_export($test,true));
+ }
+
+ check_add($checks, t('Url rewrite is working'), $status, true, $help);
+ } else {
+ // cannot check modrewrite if libcurl is not installed
+ }
}
-
+
function manual_config(&$a) {
- $data = htmlspecialchars($a->data['txt'],ENT_COMPAT,'UTF-8');
+ $data = htmlspecialchars($a->data['txt'], ENT_COMPAT, 'UTF-8');
$o = t('The database configuration file ".htconfig.php" could not be written. Please use the enclosed text to create a configuration file in your web server root.');
$o .= "<textarea rows=\"24\" cols=\"80\" >$data</textarea>";
+
return $o;
}
@@ -619,50 +688,47 @@ function load_database($db) {
$arr = explode(';',$str);
$errors = false;
foreach($arr as $a) {
- if(strlen(trim($a))) {
+ if(strlen(trim($a))) {
$r = @$db->q(trim($a));
if(! $r) {
$errors .= t('Errors encountered creating database tables.') . $a . EOL;
}
}
}
+
return $errors;
}
function what_next() {
$a = get_app();
// install the standard theme
- set_config('system','allowed_themes','redbasic');
+ set_config('system', 'allowed_themes', 'redbasic');
// Set a lenient list of ciphers if using openssl. Other ssl engines
- // (e.g. NSS used in RedHat) require different syntax, so hopefully
- // the default curl cipher list will work for most sites. If not,
+ // (e.g. NSS used in RedHat) require different syntax, so hopefully
+ // the default curl cipher list will work for most sites. If not,
// this can set via config. Many distros are now disabling RC4,
// but many Red sites still use it and are unable to change it.
// We do not use SSL for encryption, only to protect session cookies.
- // z_fetch_url() is also used to import shared links and other content
+ // z_fetch_url() is also used to import shared links and other content
// so in theory most any cipher could show up and we should do our best
- // to make the content available rather than tell folks that there's a
- // weird SSL error which they can't do anything about.
+ // to make the content available rather than tell folks that there's a
+ // weird SSL error which they can't do anything about.
$x = curl_version();
if(stristr($x['ssl_version'],'openssl'))
set_config('system','curl_ssl_ciphers','ALL:!eNULL');
-
// Create a system channel
require_once ('include/identity.php');
- create_sys_channel();
-
+ create_sys_channel();
$baseurl = $a->get_baseurl();
- return
+ return
t('<h1>What next</h1>')
."<p>".t('IMPORTANT: You will need to [manually] setup a scheduled task for the poller.')
- .t('Please see the file "install/INSTALL.txt".')
+ .t('Please see the file "install/INSTALL.txt".')
."</p><p>"
.t("Go to your new Red node <a href='$baseurl/register'>registration page</a> and register as new user. Remember to use the same email you have entered as administrator email. This will allow you to enter the site admin panel.")
."</p>";
}
-
-