Beispiel #1
0
}
// 20150324 : adding secret key used to encrypt the SMTP password
// first we check if we can write the config file
if (!is_writable('config.php')) {
    // check that there is no secret key already
    if (!defined('SECRET_KEY')) {
        $msg_arr[] = "[ERROR] Please allow webserver to write config file, or add SECRET_KEY yourself to config.php. <a href='https://github.com/elabftw/elabftw/wiki/Troubleshooting'>Link to documentation</a>";
        $_SESSION['errors'] = $msg_arr;
        header('Location: sysconfig.php');
        exit;
    }
} elseif (is_writable('config.php') && !defined('SECRET_KEY')) {
    $crypto = new \Elabftw\Elabftw\Crypto();
    // add generated strings to config file
    // the IV is stored in hex
    $data_to_add = "\ndefine('SECRET_KEY', '" . $crypto->getSecretKey() . "');\ndefine('IV', '" . bin2hex($crypto->getIv()) . "');\n";
    try {
        file_put_contents('config.php', $data_to_add, FILE_APPEND);
    } catch (Exception $e) {
        $msg_arr[] = "[ERROR] " . $e->getMessage();
        $_SESSION['errors'] = $msg_arr;
        header('Location: sysconfig.php');
        exit;
    }
    // ok so now we have a secret key, an IV and we want to convert our old cleartext SMTP password to an encrypted one
    $config_arr = array();
    // if there is a password in cleartext in the database, we encrypt it
    if (strlen(get_config('smtp_password')) > 0) {
        $config_arr['smtp_password'] = $crypto->encrypt(get_config('smtp_password'));
    }
    if (strlen(get_config('stamppass')) > 0) {
Beispiel #2
0
// connect to DB
try {
    $pdo_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
    $pdo = new PDO('mysql:host=' . $db_host . ';dbname=' . $db_name, $db_user, $db_password, $pdo_options);
} catch (Exception $e) {
    die('Error : ' . $e->getMessage());
}
// now import the structure
import_sql_structure();
// BUILD CONFIG FILE
// the new file to write to
$config_file = '../config.php';
$elab_root = substr(realpath(__FILE__), 0, -20) . '/';
$crypto = new \Elabftw\Elabftw\Crypto();
// what we will write
$config = "<?php\ndefine('DB_HOST', '" . $db_host . "');\ndefine('DB_NAME', '" . $db_name . "');\ndefine('DB_USER', '" . $db_user . "');\ndefine('DB_PASSWORD', '" . $db_password . "');\ndefine('ELAB_ROOT', '" . $elab_root . "');\ndefine('SECRET_KEY', '" . $crypto->getSecretKey() . "');\ndefine('IV', '" . bin2hex($crypto->getIv()) . "');\n";
// we try to write content to file and propose the file for download if we can't write to it
if (file_put_contents($config_file, $config)) {
    // it's cool, we managed to write the config file
    // let's put restricting permissions on it as discussed in #129
    if (is_writable($config_file)) {
        chmod($config_file, 0400);
    }
    $infos_arr = array();
    $infos_arr[] = 'Congratulations, you successfully installed eLabFTW, 
    now you need to <strong>register</strong> your account (you will have admin rights).';
    $_SESSION['infos'] = $infos_arr;
    header('Location: ../register.php');
    exit;
} else {
    header('Content-Type: text/x-delimtext; name="config.php"');