Beispiel #1
0
function doConfigureContent()
{
    if (!isset($_SESSION['configureComplete'])) {
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['siteName'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['siteEmail'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['nonSecureURL'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['secureURL'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['webDirectory'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['timeZone'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['username'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['firstName'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['lastName'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['email'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['password1'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['password2'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if ($_POST['password1'] != $_POST['password2']) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'The inputted passwords for the first account don\'t match.';
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['smtpServer'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['smtpPort'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!is_numeric($_POST['smtpPort'])) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'Please enter a valid port for the SMTP Server.';
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['smtpUserName'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['smtpPassword1'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if (!isset($_POST['smtpPassword2'])) {
        unset($_SESSION['configureComplete']);
        header('Location: install.php?action=configure');
        return;
    }
    if ($_POST['smtpPassword1'] != $_POST['smtpPassword2']) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'The inputted passwords for the SMTP account don\'t match.';
        header('Location: install.php?action=configure');
        return;
    }
    $siteName = strip_tags(trim($_POST['siteName']));
    $siteEmail = strip_tags(trim($_POST['siteEmail']));
    $nonSecureURL = strip_tags(trim($_POST['nonSecureURL']));
    $secureURL = strip_tags(trim($_POST['secureURL']));
    $webDirectory = strip_tags(trim($_POST['webDirectory']));
    $timeZone = strip_tags(trim($_POST['timeZone']));
    $username = strip_tags(trim($_POST['username']));
    $firstName = strip_tags(trim($_POST['firstName']));
    $lastName = strip_tags(trim($_POST['lastName']));
    $email = strip_tags(trim($_POST['email']));
    $password = $_POST['password1'];
    $smtpServers = strip_tags(trim($_POST['smtpServer']));
    $smtpPort = intval($_POST['smtpPort']);
    $smtpUserName = strip_tags(trim($_POST['smtpUserName']));
    $enc = new Encrypter();
    $smtpPassword = $enc->encrypt(trim($_POST['smtpPassword1']));
    $smtpUseEncryption = isset($_POST['smtpUseEncryption']);
    $emailValidator = new emailValidator();
    if (!$emailValidator->validate($siteEmail)) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'The site email isn\'t a valid email address.';
        header('Location: install.php?action=configure');
        return;
    }
    if (!$emailValidator->validate($email)) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'The email address for the first user isn\'t valid.';
        header('Location: install.php?action=configure');
        return;
    }
    unset($emailValidator);
    $urlValidator = new urlValidator();
    $options = array('noDirectories', 'mightBeIP');
    $nonSecureOptions = array_merge($options, array('httpOnly'));
    $secureOptions = array_merge($options, array('httpsOnly'));
    if (!$urlValidator->validate($nonSecureURL, $nonSecureOptions)) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'The non-secure URL isn\'t valid. Please try again.';
        header('Location: install.php?action=configure');
        return;
    }
    if (!$urlValidator->validate($secureURL, $secureOptions)) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'The secure URL isn\'t valid. Please try again.';
        header('Location: install.php?action=configure');
        return;
    }
    unset($urlValidator);
    if ($webDirectory[0] != '/') {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'I couldn\'t validate the web directory. Please try again.';
        header('Location: install.php?action=configure');
        return;
    }
    $timeZoneValidator = new phpTimeZoneValidator();
    if (!$timeZoneValidator->validate($timeZone)) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'I couldn\'t validate the selected time zone. Please try again.';
        header('Location: install.php?action=configure');
        return;
    }
    unset($timeZoneValidator);
    $password = Hasher::generateHash($password);
    if ($password == false) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'I couldn\'t properly hash your password. Please try again.';
        header('Location: install.php?action=configure');
        return;
    }
    $database = Database::getInstance();
    $database->connect();
    if (!$database->isConnected()) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'I couldn\'t establish a connection to the database. Please try again. If you keep receiving this error, please delete the site/config.xml and start the installer again.';
        header('Location: install.php?action=configure');
        return;
    }
    if ($smtpUseEncryption == 'tls') {
        $smtpEncryption = 'true';
    } else {
        $smtpEncryption = 'false';
    }
    if ($webDirectory !== "/") {
        $webDirectory .= '/';
    }
    $variables = array('cleanURLsEnabled' => 'false', 'educaskVersion' => EDUCASK_VERSION, 'guestRoleID' => '1', 'maintenanceMode' => 'false', 'siteEmail' => $siteEmail, 'siteTheme' => 'default', 'siteTimeZone' => $timeZone, 'siteTitle' => $siteName, 'siteWebAddress' => $nonSecureURL, 'siteWebAddressSecure' => $secureURL, 'siteWebDirectory' => $webDirectory, 'smtpServer' => $smtpServers, 'smtpPort' => $smtpPort, 'smtpUserName' => $smtpUserName, 'smtpPassword' => $smtpPassword, 'smtpUseEncryption' => $smtpEncryption, 'lastCronRun' => '2015-01-01 21:15:53', 'cronRunning' => 'false', 'cronFrequency' => '10 minutes', 'minimumPasswordLength' => '5', 'lockoutPeriod' => '10', 'numberOfAttemptsBeforeLockout' => '3', 'maxSessionIdAge' => '600');
    foreach ($variables as $name => $value) {
        $name = $database->escapeString($name);
        $value = $database->escapeString($value);
        if (!$database->insertData('variable', 'variableName, variableValue', "'{$name}', '{$value}'")) {
            $_SESSION['errors'][] = "I wasn't able to insert the variable {$name} with a value of {$value} into the variable table. You may want to manually add this row to the variable table in the database. For help on this, please see <a href=\"https://www.educask.com\" target=\"_blank\">this page</a>.";
            //@ToDo: make the link point to actual help
            continue;
        }
    }
    $database->updateTable('variable', 'readOnly=1', "variableName='educaskVersion'");
    $sqlScript = EDUCASK_ROOT . '/core/sql/defaultRolesInstallSafe.sql';
    if (!is_file($sqlScript)) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'I couldn\'t find the SQL script to create the needed roles. Please make sure that ' . $sqlScript . ' exists and is readable by PHP.';
        header('Location: install.php?action=configure');
        return;
    }
    $sql = file_get_contents($sqlScript);
    if (!$sql) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'I couldn\'t read the SQL script in order to create the needed roles. Please make sure PHP can read the file ' . $sqlScript;
        header('Location: install.php?action=configure');
        return;
    }
    $sqlStatements = explode(';', $sql);
    foreach ($sqlStatements as $sqlStatement) {
        $sqlStatement = trim($sqlStatement);
        if ($sqlStatement == '') {
            continue;
        }
        $database->makeCustomQuery($sqlStatement);
    }
    $username = $database->escapeString($username);
    $firstName = $database->escapeString($firstName);
    $lastName = $database->escapeString($lastName);
    $email = $database->escapeString($email);
    $password = $database->escapeString($password);
    $success = $database->insertData('user', 'userID, userName, firstName, lastName, email, password, roleID', "0, 'anonGuest', 'Anonymous', 'Guest', '*****@*****.**', '', 1");
    $success = $success && $database->updateTable("user", "userID=0", "userID=1");
    $success = $success && $database->insertData('user', 'userID, userName, firstName, lastName, email, password, roleID', "1, '{$username}', '{$firstName}', '{$lastName}', '{$email}', '{$password}', 4");
    if (!$success) {
        unset($_SESSION['configureComplete']);
        $_SESSION['errors'][] = 'I couldn\'t create the new user account. Please try again. For help on this, please see <a href="https://www.educask.com" target="_blank">this page</a>.';
        //@ToDo: make the link point to actual help
        header('Location: install.php?action=configure');
        return;
    }
    $database->makeCustomQuery("ALTER TABLE user AUTO_INCREMENT=2");
    header('Location: install.php?action=install');
}
Beispiel #2
0
 public function setSecureWebAddress($inUrl)
 {
     $validator = new urlValidator();
     if (!$validator->validate($inUrl, array('mightBeIP', 'noDirectories', 'httpsOnly'))) {
         return false;
     }
     if (!$this->urlSecure->setValue($inUrl)) {
         return false;
     }
     if (!$this->urlSecure->save()) {
         return false;
     }
     self::setInstance($this);
 }