if (install_read_config_value('HTTP_SERVER') != '') {
$phreebooks_previous_version_installed = true;
}
if (install_read_config_value('DB_DATABASE') == '') {
$phreebooks_previous_version_installed = false;
}
//read the configure.php file and look for hints that it's just a copy of dist-configure.php
$lines = file('../../includes/configure.php');
foreach ($lines as $line) {
if (substr_count($line, 'dist-configure.php') > 0) {
$phreebooks_previous_version_installed = false;
}
}
//end foreach
$zdb_type = install_read_config_value('DB_TYPE');
$zdb_prefix = install_read_config_value('DB_PREFIX');
if ($zdb_type != '' && $zdb_name != '') {
// now check database connectivity
$zc_install->functionExists($zdb_type, '', '');
$zc_install->dbConnect($zdb_type, $zdb_server, $zdb_name, $zdb_user, $zdb_pwd, '', '');
if ($zc_install->error == false) {
$phreebooks_database_connect_OK = true;
}
if ($zc_install->error == true) {
$phreebooks_previous_version_installed = false;
}
//reset error-check class after connection attempt
$zc_install->error = false;
$zc_install->fatal_error = false;
$zc_install->error_list = array();
}
// On to a fresh install...
// check for the table users and block install if exists
$sql = "show tables like '" . $_POST['db_prefix'] . "users'";
$result = $db->Execute($sql);
if ($result->RecordCount() > 0) {
$zc_install->setError(ERROR_TEXT_DB_EXISTS, ERROR_CODE_DB_EXISTS, true);
}
//now let's write the files
if (!$zc_install->fatal_error) {
require 'includes/admin_configure.php';
$fp = fopen($_GET['physical_path'] . '/includes/configure.php', 'w');
fputs($fp, $file_contents);
fclose($fp);
@chmod($_GET['physical_path'] . '/includes/configure.php', 0644);
// test whether the files were written successfully
$ztst_http_server = install_read_config_value('HTTP_SERVER');
if ($ztst_http_server != $http_server) {
$zc_install->setError(ERROR_TEXT_COULD_NOT_WRITE_CONFIGURE_FILES, ERROR_CODE_COULD_NOT_WRITE_CONFIGURE_FILES, true);
}
}
if (!$zc_install->fatal_error) {
// load the fresh database
session_start();
$_SESSION['company'] = $_POST['db_name'];
// save the company name as a session variable as if logged in
$_SESSION['db_server'] = $_POST['db_host'];
// save the db server as a session variable as if logged in
$_SESSION['db_user'] = $_POST['db_username'];
// save the db user as a session variable as if logged in
$_SESSION['db_pw'] = $_POST['db_pass'];
// save the db pw as a session variable as if logged in
function db_check_database_privs($priv = '', $table = '', $show_privs = false)
{
//bypass for now ... will attempt to use with modifications in a new release later
if ($show_privs == true) {
return 'Not Checked|||Not Checked';
}
return true;
// end bypass
global $zdb_server, $zdb_user, $zdb_name;
if (!gen_not_null($zdb_server)) {
$zdb_server = install_read_config_value('DB_SERVER');
}
if (!gen_not_null($zdb_user)) {
$zdb_user = $_SESSION['db_user'];
}
if (!gen_not_null($zdb_name)) {
$zdb_name = $_SESSION['company'];
}
if (isset($_GET['nogrants']) || isset($_POST['nogrants'])) {
return true;
}
// bypass if flag set
//Display permissions, or check for suitable permissions to carry out a particular task
//possible outputs:
//GRANT ALL PRIVILEGES ON *.* TO 'xyz'@'localhost' WITH GRANT OPTION
//GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, FILE, INDEX, ALTER ON *.* TO 'xyz'@'localhost' IDENTIFIED BY PASSWORD '2344'
//GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `db1`.* TO 'xyz'@'localhost'
//GRANT SELECT (id) ON db1.tablename TO 'xyz'@'localhost
global $db;
global $db_test;
$granted_privs_list = '';
if (ZC_UPG_DEBUG3 == true) {
echo '<br />Checking for priv: [' . (gen_not_null($priv) ? $priv : 'none specified') . ']<br />';
}
if (!defined('DB_SERVER')) {
define('DB_SERVER', $zdb_server);
}
if (!defined('DB_SERVER_USERNAME')) {
define('DB_SERVER_USERNAME', $zdb_user);
}
if (!defined('DB_DATABASE')) {
define('DB_DATABASE', $zdb_name);
}
$user = DB_SERVER_USERNAME . "@" . DB_SERVER;
if ($user == 'DB_SERVER_USERNAME@DB_SERVER' || DB_DATABASE == 'DB_DATABASE') {
return true;
}
// bypass if constants not set properly
$sql = "show grants for " . $user;
if (ZC_UPG_DEBUG3 == true) {
echo $sql . '<br />';
}
if (is_object($db)) {
$result = $db->Execute($sql);
} elseif (is_object($db_test)) {
$result = $db_test->Execute($sql);
}
while (!$result->EOF) {
if (ZC_UPG_DEBUG3 == true) {
echo $result->fields['Grants for ' . $user] . '<br />';
}
$grant_syntax = $result->fields['Grants for ' . $user] . ' ';
$granted_privs = str_replace('GRANT ', '', $grant_syntax);
// remove "GRANT" keyword
$granted_privs = substr($granted_privs, 0, strpos($granted_privs, ' TO '));
//remove anything after the "TO" keyword
$granted_db = str_replace(array('`', '\\'), '', substr($granted_privs, strpos($granted_privs, ' ON ') + 4));
//remove backquote and find "ON" string
if (ZC_UPG_DEBUG3 == true) {
echo 'privs_list = ' . $granted_privs . '<br />';
}
if (ZC_UPG_DEBUG3 == true) {
echo 'granted_db = ' . $granted_db . '<br />';
}
$db_priv_ok += $granted_db == '*.*' || $granted_db == DB_DATABASE . '.*' || $granted_db == DB_DATABASE . '.' . $table ? true : false;
if (ZC_UPG_DEBUG3 == true) {
echo 'db-priv-ok=' . $db_priv_ok . '<br />';
}
if ($db_priv_ok) {
// if the privs list pertains to the current database, or is *.*, carry on
$granted_privs = substr($granted_privs, 0, strpos($granted_privs, ' ON '));
//remove anything after the "ON" keyword
$granted_privs_list .= $granted_privs_list == '' ? $granted_privs : ', ' . $granted_privs;
$specific_priv_found = gen_not_null($priv) && substr_count($granted_privs, $priv) == 1;
if (ZC_UPG_DEBUG3 == true) {
echo 'specific priv[' . $priv . '] found =' . $specific_priv_found . '<br />';
}
if (ZC_UPG_DEBUG3 == true) {
echo 'spec+db=' . ($specific_priv_found && $db_priv_ok == true) . ' ||| ';
}
if (ZC_UPG_DEBUG3 == true) {
echo 'all+db=' . ($granted_privs == 'ALL PRIVILEGES' && $db_priv_ok == true) . '<br /><br />';
}
if ($specific_priv_found && $db_priv_ok == true || $granted_privs == 'ALL PRIVILEGES' && $db_priv_ok == true) {
return true;
// privs found
}
}
// endif $db_priv_ok
$result->MoveNext();
}
if ($show_privs) {
if (ZC_UPG_DEBUG3 == true) {
echo 'LIST OF PRIVS=' . $granted_privs_list . '<br />';
}
return $db_priv_ok . '|||' . $granted_privs_list;
} else {
return false;
// if not found, return false
}
}
