/**
  * Creates the database tables necessary for the CMS to function
  *
  * @param array $menuPages  The menu configuration array
  * @return void
  */
 public static function build_database()
 {
     // Loads necessary MySQL to build and populate the database
     $file_array = array();
     $var_arr = array();
     $file_array[] = CMS_PATH . 'core/resources/sql/build_database.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_pages.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_entries.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_categories.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_entry_categories.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_featured.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_users.sql';
     $file_array[] = CMS_PATH . 'core/resources/sql/build_table_comments.sql';
     // If an admin is initializing the ECMS, create his or her account
     if (DEV_PASS !== '') {
         $filepath = CMS_PATH . 'core/resources/sql/insert_users_entry.sql';
         // Create a salted hash of the password
         $password_hash = AdminUtilities::createSaltedHash(DEV_PASS);
         // Assign variables needed to properly parse the file
         $var_arr = array($filepath => array('display' => DEV_DISPLAY_NAME, 'username' => DEV_USER_NAME, 'email' => DEV_EMAIL, 'vcode' => sha1(uniqid(time(), TRUE)), 'clearance' => DEV_CLEARANCE, 'password' => $password_hash));
         // Add the file to the array
         $file_array[] = $filepath;
     }
     // Load the files
     $sql = Utilities::load_file($file_array, $var_arr);
     // Execute the loaded queries
     try {
         $dsn = "mysql:host=" . DB_HOST . ";dbname=" . DB_NAME;
         $db = new PDO($dsn, DB_USER, DB_PASS);
         $db->query($sql);
     } catch (Exception $e) {
         ECMS_Error::log_exception($e);
     }
 }
Beispiel #2
0
 public function verify_user()
 {
     // Store and clean the POST data
     $this->_store_post_data();
     // Make sure the username is valid
     if (!SIV::validate($_POST['username'], SIV::USERNAME)) {
         // Set error message
         $this->_sdata->error = '0001';
     } else {
         if (!SIV::validate($_POST['display'], SIV::STRING)) {
             // Set error message
             $this->_sdata->error = '0002';
         } else {
             if (strlen($_POST['password']) < 8) {
                 // Set error message
                 $this->_sdata->error = '0003';
             } else {
                 if ($_POST['password'] !== $_POST['verify-password']) {
                     // Set error message
                     $this->_sdata->error = '0004';
                 } else {
                     // Reset the error code
                     $this->_sdata->error = '0000';
                     // Grab cleaned data out of the temporary session data
                     $username = $this->_sdata->temp->username;
                     $display = $this->_sdata->temp->display;
                     $vcode = $this->_sdata->temp->vcode;
                     // Create a salted hash of the password
                     $password = AdminUtilities::createSaltedHash($_POST['password']);
                 }
             }
         }
     }
     // Check for errors
     if ($this->_sdata->error !== '0000') {
         // Bounce back to the verification form
         header('Location: /admin/verify/' . $vcode);
         exit;
     }
     // Define the update query
     $sql = "UPDATE `" . DB_NAME . "`.`" . DB_PREFIX . "users`\n                SET\n                    `username`=:username,\n                    `display`=:display,\n                    `password`=:password,\n                    `active`=1\n                WHERE `vcode`=:vcode\n                AND `active`=0\n                LIMIT 1";
     try {
         $stmt = $this->db->prepare($sql);
         $stmt->bindParam(':username', $username, PDO::PARAM_STR);
         $stmt->bindParam(':display', $display, PDO::PARAM_STR);
         $stmt->bindParam(':password', $password, PDO::PARAM_STR);
         $stmt->bindParam(':vcode', $vcode, PDO::PARAM_STR);
         $stmt->execute();
         if ($stmt->errorCode() !== '00000') {
             FB::error($e);
             $err = $stmt->errorInfo();
             ECMS_Error::log_exception(new Exception($err[2]));
         }
         $stmt->closeCursor();
         $this->_sdata = NULL;
         return TRUE;
     } catch (Exception $e) {
         ECMS_Error::log_exception($e);
     }
 }
 static function buildDB($menuPages)
 {
     $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
     if ($mysqli->connect_errno) {
         exit("Couldn't connect to the database." . $mysqli->connect_error());
     }
     $admin_u = DEV_NAME;
     $admin_e = DEV_EMAIL;
     $admin_p = AdminUtilities::createSaltedHash(DEV_PASS);
     $sql = "CREATE DATABASE IF NOT EXISTS `" . DB_NAME . "`\n                DEFAULT CHARACTER SET " . DEFAULT_CHARACTER_SET . " COLLATE " . DEFAULT_COLLATION . ";\n                CREATE TABLE IF NOT EXISTS `" . DB_NAME . "`.`" . DB_PREFIX . "entryMgr`\n                (\n                    `id`        INT UNSIGNED NOT NULL PRIMARY KEY auto_increment,\n                    `page`      VARCHAR(64) NOT NULL,\n                    `title`     VARCHAR(255) DEFAULT NULL,\n                    `subhead`   VARCHAR(75) DEFAULT NULL,\n                    `body`      TEXT DEFAULT NULL,\n                    `img`       VARCHAR(128) DEFAULT NULL,\n                    `imgcap`    VARCHAR(128) DEFAULT NULL,\n                    `data1`     VARCHAR(255) DEFAULT NULL,\n                    `data2`     VARCHAR(255) DEFAULT NULL,\n                    `data3`     VARCHAR(255) DEFAULT NULL,\n                    `data4`     VARCHAR(255) DEFAULT NULL,\n                    `data5`     VARCHAR(255) DEFAULT NULL,\n                    `data6`     VARCHAR(255) DEFAULT NULL,\n                    `data7`     VARCHAR(255) DEFAULT NULL,\n                    `data8`     VARCHAR(255) DEFAULT NULL,\n                    `author`    VARCHAR(64) DEFAULT '" . SITE_CONTACT_NAME . "',\n                    `created`   INT(12),\n                    INDEX(`page`),\n                    INDEX(`created`),\n                    INDEX(`title`),\n                    FULLTEXT KEY `search` (`title`,`body`,`data2`)\n                ) ENGINE=MYISAM CHARACTER SET " . DEFAULT_CHARACTER_SET . " COLLATE " . DEFAULT_COLLATION . ";\n                CREATE TABLE IF NOT EXISTS `" . DB_NAME . "`.`" . DB_PREFIX . "adminMgr`\n                (\n                    `id`        INT UNSIGNED NOT NULL PRIMARY KEY auto_increment,\n                    `admin_u`    VARCHAR(60) UNIQUE,\n                    `admin_e`    VARCHAR(100) UNIQUE,\n                    `admin_p`    VARCHAR(150) DEFAULT NULL,\n                    `admin_v`    VARCHAR(150) NOT NULL,\n                    `is_admin`    TINYINT(1) DEFAULT '0',\n                    INDEX(admin_v)\n                ) ENGINE=MYISAM CHARACTER SET " . DEFAULT_CHARACTER_SET . " COLLATE " . DEFAULT_COLLATION . ";\n                INSERT INTO `" . DB_NAME . "`.`" . DB_PREFIX . "entryMgr`\n                (\n                    `page`, `title`, `body`, `img`, `imgcap`,\n                    `data2`, `data6`, `author`, `created`\n                )\n                VALUES\n                (\n                    '" . DEFAULT_PAGE . "', 'Welcome to the ECMS!',\n                    '<p>You have successfully installed the " . "<a href=\"http://ennuicms.com/\">ECMS</a>.</p>" . "\r\n<p>To get started:</p>\r\n<ul>\r\n<li>" . "<a href=\"/admin\">Log in</a> using the username " . "and password you set up in the config files</li>\r\n" . "<li>Edit this entry to contain the content for your " . "site''s home page</li>\r\n<li>Add content to the " . "rest of the pages on your site</li>\r\n</ul>\r\n" . "<h2>HTML Element Style Test (h2)</h2>\r\n" . "<blockquote>\r\n<p>This is a blockquote. Putamus " . "lectores litterarum dynamicus facilisi dolore. " . "Facilisi qui zzril legunt nibh in. Nostrud nonummy " . "sequitur autem consequat ut. Assum tincidunt " . "vulputate gothica molestie veniam.</p>\r\n" . "</blockquote>\r\n<h3>H3 Element</h3>\r\n<p>Sed " . "consequat tempor ex formas dignissim. Lobortis " . "anteposuerit consectetuer consequat ullamcorper " . "dolore. Dolore imperdiet amet iis sed iriure. " . "Luptatum adipiscing lorem augue diam te. Cum autem " . "claritas tempor sed augue.</p>\r\n<h4>H4 Element" . "</h4>\r\n<ol>\r\n<li>This is an ordered list</li>" . "\r\n<li>Typi at doming usus lectores parum.</li>" . "\r\n<li>Parum quod legentis qui nonummy mirum. Nunc " . "quis consequat in seacula consectetuer.</li>\r\n" . "</ol>\r\n<h5>H5 Element</h5>\r\n<p>Parum quod " . "legentis qui nonummy mirum. Nunc quis consequat in " . "seacula consectetuer. Est humanitatis eros duis qui " . "quarta. Enim quod in aliquip placerat insitam. " . "Putamus consequat hendrerit demonstraverunt " . "eleifend claram. Videntur molestie typi hendrerit " . "duis qui.</p>\r\n<h6>H6 Element</h6>\r\n<p>Mazim ut " . "euismod formas amet in. Ex blandit nulla tincidunt " . "wisi consequat. Typi illum ad luptatum " . "Investigationes legentis.</p>',\n                    'blog, entry, testing', 'welcome-to-the-ecms',\n                    'Ennui Design', " . time() . "\n                )\n                ON DUPLICATE KEY UPDATE `created`=" . time() . ";";
     if (DEV_PASS != '') {
         $sql .= "INSERT INTO `" . DB_NAME . "`.`" . DB_PREFIX . "adminMgr`\n                    (`admin_u`, `admin_e`, `admin_p`, `admin_v`, `is_admin`)\n                VALUES\n                    ('{$admin_u}', '{$admin_e}', '{$admin_p}', '" . sha1(time()) . "', '1')\n                ON DUPLICATE KEY UPDATE `is_admin`=1;";
     }
     if (array_key_exists('blog', $menuPages)) {
         $sql .= "\n                CREATE TABLE IF NOT EXISTS `" . DB_NAME . "`.`" . DB_PREFIX . "blogCmnt`\n                (\n                    `id`        INT(5) PRIMARY KEY auto_increment,\n                    `bid`        INT(5),\n                    `user`        VARCHAR(60),\n                    `email`        VARCHAR(100),\n                    `link`        VARCHAR(100),\n                    `comment`    TEXT,\n                    `timestamp`    INT(12),\n                    `subscribe`    TINYINT(1) DEFAULT '0',\n                    INDEX(bid),\n                    INDEX(timestamp),\n                    INDEX(subscribe)\n                ) ENGINE=MYISAM CHARACTER SET " . DEFAULT_CHARACTER_SET . " COLLATE " . DEFAULT_COLLATION . ";";
     }
     if ($mysqli->multi_query($sql)) {
         do {
             if ($result = $mysqli->store_result()) {
                 echo "Table created.<br />\n";
                 $result->close();
             }
         } while ($mysqli->next_result());
     } else {
         exit('Database tables could not be created. ' . $mysqli->error());
     }
     $mysqli->close();
     return true;
 }