function mysql_insert($tableName, $colsToValues, $tempDisableMysqlStrictMode = false)
{
//
$tableName = getTableNameWithPrefix($tableName);
$set = mysql_getMysqlSetValues($colsToValues);
$insert = "INSERT INTO `{$tableName}` SET {$set}";
//
if ($tempDisableMysqlStrictMode) {
mysqlStrictMode(false);
}
mysql_query($insert) or dieAsCaller("MySQL Error: " . mysql_error() . "\n");
$recordNum = mysql_insert_id();
if ($tempDisableMysqlStrictMode) {
mysqlStrictMode(true);
}
return $recordNum;
}
//set error messages
if (!@$_REQUEST['name']) {
$errorsAndAlerts .= "<li>Please enter your name.</li>";
}
if (!@$_REQUEST['email']) {
$errorsAndAlerts .= "<li>Please enter your email address.</li>";
} elseif (!isValidEmail(@$_REQUEST['email'])) {
$errorsAndAlerts .= "<li>Please enter a valid email address.</li>";
}
if (!@$_REQUEST['comment']) {
$errorsAndAlerts .= "<li>Please enter your comment.</li>";
}
// IF NO ERRORS, SUBMIT FORM
if (!@$errorsAndAlerts) {
// turn off strict mysql error checking for: STRICT_ALL_TABLES
mysqlStrictMode(false);
// disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later)
// add record
mysql_query("INSERT INTO `{$TABLE_PREFIX}contact_form_submissions` SET\n\t name = '" . mysql_real_escape_string($_REQUEST['name']) . "',\n\t email_address = '" . mysql_real_escape_string($_REQUEST['email']) . "',\n\t comment = '" . mysql_real_escape_string($_REQUEST['comment']) . "',\n\n\t createdDate = NOW(),\n\t updatedDate = NOW(),\n\t createdByUserNum = '0',\n\t updatedByUserNum = '0'") or die("MySQL Error Creating Record:<br/>\n" . htmlspecialchars(mysql_error()) . "\n");
$recordNum = mysql_insert_id();
// email everyone who wants to know
// $emailHeaders = emailTemplate_loadFromDB(array(
// 'template_id' => 'CMS-CONTACT-US',
// 'placeholders' => array(
// 'user.name' => $_REQUEST['name'],
// 'user.email' => $_REQUEST['email'],
// 'user.comment' => $_REQUEST['comment'],
// 'yyyy-mm-dd' => date("Y-m-d"),
// 'time' => date("H:i"),
// ),
// ));
function installIfNeeded()
{
global $SETTINGS, $APP, $TABLE_PREFIX;
if (isInstalled()) {
return;
}
// skip if already installed
// rename default files
renameOrRemoveDefaultFiles();
// error checking
if ($SETTINGS['uploadDir'] && !is_dir($SETTINGS['uploadDir'])) {
print "Upload directory doesn't exist, please update 'uploadDir' in /data/" . SETTINGS_FILENAME . "<br/>\n";
print "Current uploadDir value: " . htmlencode($SETTINGS['uploadDir']) . "<br/>\n";
print "Suggested uploadDir value: uploads/ or ../uploads/<br/>\n";
exit;
}
// error checking
checkFilePermissions();
// display license
if (@$_REQUEST['menu'] == 'license') {
showInterface('license.php');
}
// save
if (@$_REQUEST['save']) {
// error checking
if (!$_REQUEST['licenseCompanyName']) {
alert("Please enter your 'Company Name'<br/>\n");
}
if (!$_REQUEST['licenseDomainName']) {
alert("Please enter your 'Domain Name'<br/>\n");
}
if (!$_REQUEST['licenseProductId']) {
alert("Please enter your 'Product Id'<br/>\n");
} else {
if (!isValidProductId($_REQUEST['licenseProductId'])) {
alert("Invalid Product Id!<br/>\n");
}
}
if (!$_REQUEST['agreeToOneInstall']) {
alert("Please check 'I agree not to use this 'Product Id' for multiple installs'<br/>\n");
}
if (!$_REQUEST['understandTermination']) {
alert("Please check 'I understand doing so may cause be to lose my right to use this software'<br/>\n");
}
if (!$_REQUEST['agreeToLicense']) {
alert("Please check 'I accept the terms of the License Agreement'<br/>\n");
}
if (!$_REQUEST['mysqlHostname']) {
alert("Please enter your 'MySQL Hostname'<br/>\n");
}
if (!$_REQUEST['mysqlDatabase']) {
alert("Please enter your 'MySQL Database'<br/>\n");
}
if (!$_REQUEST['mysqlUsername']) {
alert("Please enter your 'MySQL Username'<br/>\n");
}
if (!$_REQUEST['mysqlTablePrefix']) {
alert("Please enter your 'MySQL Table Prefix'<br/>\n");
} elseif (preg_match("/[A-Z]/", $_REQUEST['mysqlTablePrefix'])) {
alert("Value for 'MySQL Table Prefix' must be lowercase.<br/>\n");
} elseif (!preg_match("/^[a-z]/i", $_REQUEST['mysqlTablePrefix'])) {
alert("Value for 'MySQL Table Prefix' must start with a letter.<br/>\n");
} elseif (!preg_match("/_\$/", $_REQUEST['mysqlTablePrefix'])) {
alert("Value for 'MySQL Table Prefix' must end in underscore.<br/>\n");
}
// New Installation
if (!@$_REQUEST['restoreFromBackup']) {
if (!$_REQUEST['adminFullname']) {
alert("Please enter 'Admin Full Name'<br/>\n");
}
if (!$_REQUEST['adminEmail']) {
alert("Please enter 'Admin Email'<br/>\n");
} elseif (!isValidEmail($_REQUEST['adminEmail'])) {
alert("Please enter a valid email for 'Admin Email' (Example: user@example.com)<br/>\n");
}
if (!$_REQUEST['adminUsername']) {
alert("Please enter 'Admin Username'<br/>\n");
}
$passwordErrors = getNewPasswordErrors($_REQUEST['adminPassword1'], $_REQUEST['adminPassword2'], $_REQUEST['adminUsername']);
// v2.52
if ($passwordErrors) {
alert(nl2br(htmlencode($passwordErrors)));
}
}
// Restore from Backup
if (@$_REQUEST['restoreFromBackup']) {
if (!$_REQUEST['restore']) {
alert("Please select a backup file to restore<br/>\n");
}
}
// Advanced - v2.53
if (!@$_REQUEST['useCustomSettingsFile']) {
if (is_file(SETTINGS_DEV_FILEPATH)) {
alert(t("You must select 'Use Custom Settings File' since a custom settings file for this domain already exists!") . "<br/>\n");
} elseif (isDevServer()) {
alert("This is a development server, you must select 'Use Custom Settings File'." . "<br/>\n");
}
}
if (@$_REQUEST['webPrefixUrl'] != '') {
if (!preg_match("|^(\\w+:/)?/|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL must start with /") . "<br/>\n");
}
if (preg_match("|/\$|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL cannot end with /") . "<br/>\n");
}
}
// update settings (not saved unless there are no errors)
$SETTINGS['cookiePrefix'] = substr(md5(mt_rand()), 0, 5) . '_';
//v2.51 shortened prefix so it's easy to see full cookie names in browser cookie list
$SETTINGS['adminEmail'] = @$SETTINGS['adminEmail'] ? $SETTINGS['adminEmail'] : $_REQUEST['adminEmail'];
$SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName'];
$SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName'];
$SETTINGS['licenseProductId'] = $_REQUEST['licenseProductId'];
$SETTINGS['webRootDir'] = @$SETTINGS['webRootDir'] ? $SETTINGS['webRootDir'] : @$_SERVER['DOCUMENT_ROOT'];
$SETTINGS['mysql']['hostname'] = $_REQUEST['mysqlHostname'];
$SETTINGS['mysql']['database'] = $_REQUEST['mysqlDatabase'];
$SETTINGS['mysql']['username'] = $_REQUEST['mysqlUsername'];
$SETTINGS['mysql']['password'] = $_REQUEST['mysqlPassword'];
$SETTINGS['mysql']['tablePrefix'] = $_REQUEST['mysqlTablePrefix'];
$TABLE_PREFIX = $_REQUEST['mysqlTablePrefix'];
// update TABLE_PREFIX global as well.
$SETTINGS['webPrefixUrl'] = $_REQUEST['webPrefixUrl'];
// display errors
if (alert()) {
require "lib/menus/install.php";
exit;
}
// connect to mysql
$errors = connectToMySQL('returnErrors');
if ($errors) {
alert($errors);
require "lib/menus/install.php";
exit;
} else {
connectToMySQL();
}
// create schema tables
createMissingSchemaTablesAndFields();
clearAlertsAndNotices();
// don't show "created table/field" alerts
// New Installation: check if admin user already exists
if (!@$_REQUEST['restoreFromBackup']) {
$passwordHash = getPasswordDigest($_REQUEST['adminPassword1']);
$identicalUserExists = mysql_count('accounts', array('username' => $_REQUEST['adminUsername'], 'password' => $passwordHash, 'isAdmin' => '1'));
if (!$identicalUserExists) {
// if the don't exist, check if a user with the same username exists and show an error if they do
$count = mysql_count('accounts', array('username' => $_REQUEST['adminUsername']));
if (!$identicalUserExists && $count > 0) {
alert("Admin username already exists, please choose another.<br/>\n");
}
}
// create admin user
if (!$identicalUserExists && !alert()) {
mysqlStrictMode(false);
// disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later)
mysql_query("INSERT INTO `{$TABLE_PREFIX}accounts` SET\n createdDate = NOW(),\n createdByUserNum = '0',\n updatedDate = NOW(),\n updatedByUserNum = '0',\n fullname = '" . mysql_escape($_REQUEST['adminFullname']) . "', email = '" . mysql_escape($_REQUEST['adminEmail']) . "',\n username = '******'adminUsername']) . "', password = '******',\n disabled = '0',\n isAdmin = '1',\n expiresDate = '0000-00-00 00:00:00',\n neverExpires = '1'") or alert("MySQL Error Creating Admin User:<br/>\n" . htmlencode(mysql_error()) . "\n");
// create accesslist entry
mysql_query("INSERT INTO `{$TABLE_PREFIX}_accesslist` (userNum, tableName, accessLevel, maxRecords, randomSaveId)\n VALUES (LAST_INSERT_ID(), 'all', '9', NULL, '1234567890')") or alert("MySQL Error Creating Admin Access List:<br/>\n" . htmlencode(mysql_error()) . "\n");
}
}
// Restore from Backup: Restore backup file
if (@$_REQUEST['restoreFromBackup']) {
$userCount = mysql_count('accounts');
if ($userCount) {
$userTable = $TABLE_PREFIX . 'accounts';
$errorMessage = sprintf("Can't restore from backup because it would overwrite the %s existing user accounts in the specified database location.<br/>\n", $userCount);
$errorMessage .= sprintf("Try changing the MySQL Database or Table Prefix to restore to a different location, or remove existing users from '%s'.<br/>\n", $userTable);
alert($errorMessage);
} else {
// restore database
$filename = @$_REQUEST['restore'];
mysqlStrictMode(false);
// disable Mysql strict errors
restoreDatabase(DATA_DIR . '/backups/' . $filename);
notice("Restored backup file /data/backups/{$filename}");
makeAllUploadRecordsRelative();
}
}
// save settings
if (!alert()) {
saveSettings(@$_REQUEST['useCustomSettingsFile']);
isInstalled(true);
// save installed status
redirectBrowserToURL('?menu=home', true);
// refresh page
exitl;
}
}
// set defaults
if (!array_key_exists('licenseDomainName', $_REQUEST)) {
$_REQUEST['licenseDomainName'] = $_SERVER['HTTP_HOST'];
}
if (!array_key_exists('mysqlHostname', $_REQUEST)) {
$_REQUEST['mysqlHostname'] = $SETTINGS['mysql']['hostname'];
}
if (!array_key_exists('mysqlDatabase', $_REQUEST)) {
$_REQUEST['mysqlDatabase'] = $SETTINGS['mysql']['database'];
}
if (!array_key_exists('mysqlUsername', $_REQUEST)) {
$_REQUEST['mysqlUsername'] = $SETTINGS['mysql']['username'];
}
if (!array_key_exists('mysqlTablePrefix', $_REQUEST)) {
$_REQUEST['mysqlTablePrefix'] = $SETTINGS['mysql']['tablePrefix'];
}
// show form
require "lib/menus/install.php";
exit;
}
}
if ($isMyAccountMenu && $isNewRecord) {
die("Record doesn't exist! My Account menu can't create new records.");
}
doAction('record_save_errorchecking', $tableName, $recordExists, $oldRecord);
doAction('record_save_posterrorchecking', $tableName, $recordExists, $oldRecord);
### insert blank record if needed
if ($isNewRecord) {
// insert blank record
mysqlStrictMode(false);
// disable strict mode so we don't get errors for not specifying field values
mysql_query("INSERT INTO `{$escapedTableName}` () VALUES()");
# or die("MySQL Error: ". htmlencode(mysql_error()) . "\n");
$last_insert_id = mysql_insert_id();
// NOTE: This must come RIGHT after query or it won't work
mysqlStrictMode(true);
// get record number
$_REQUEST['num'] = $last_insert_id;
// adopt uploads
if ($_REQUEST['preSaveTempId']) {
adoptUploads($tableName, $_REQUEST['preSaveTempId'], $last_insert_id);
}
}
### update record
$updateColumnValues = _getColsToValuesForSQLSet($mySqlColsAndTypes, $newRecordValues, $isNewRecord);
if ($updateColumnValues) {
$updateQuery = "UPDATE `{$escapedTableName}` SET {$updateColumnValues} WHERE num = '" . mysql_escape($_REQUEST['num']) . "'";
$result = @mysql_query($updateQuery);
// if error
if (!$result) {
$error = "MySQL Error: " . mysql_error() . "\n";
function connectToMySQL($returnErrors = false)
{
global $SETTINGS, $DBH;
### Get connection details
$hostname = getFirstDefinedValue(@$SETTINGS["mysql:{$_SERVER['HTTP_HOST']}"]['hostname'], $SETTINGS['mysql']['hostname']);
$username = getFirstDefinedValue(@$SETTINGS["mysql:{$_SERVER['HTTP_HOST']}"]['username'], $SETTINGS['mysql']['username']);
$password = getFirstDefinedValue(@$SETTINGS["mysql:{$_SERVER['HTTP_HOST']}"]['password'], $SETTINGS['mysql']['password']);
$database = getFirstDefinedValue(@$SETTINGS["mysql:{$_SERVER['HTTP_HOST']}"]['database'], $SETTINGS['mysql']['database']);
$textOnlyErrors = coalesce(inCLI(), @$SETTINGS["mysql:{$_SERVER['HTTP_HOST']}"]['textOnlyErrors'], $SETTINGS['mysql']['textOnlyErrors']);
## SLOW REMOTE CONNECTION
## If you are connecting to a remote database that is intolerably slow, try
## updating the mysql configuration file (often "/etc/my.cfg") by adding the
## following option to the [mysqld] section:
##
## skip-name-resolve
##
## Here is the MySQL documentation for this option:
##
## --skip-name-resolve
## Do not resolve host names when checking client connections. Use only IP addresses.
## If you use this option, all Host column values in the grant tables must be IP addresses or localhost.
### Connect to database
$DBH = @mysql_connect($hostname, $username, $password);
if (!$DBH) {
$connectionError = mysql_error();
if ($returnErrors) {
return "Error connecting to MySQL:<br/>\n{$connectionError}";
} elseif ($textOnlyErrors) {
die("Error connecting to MySQL: {$connectionError}");
} else {
$libDir = pathinfo(__FILE__, PATHINFO_DIRNAME);
// viewers may be in different dirs
include "{$libDir}/menus/dbConnectionError.php";
}
exit;
}
// select db
$isDbSelected = mysql_select_db($database);
if (!$isDbSelected) {
mysql_query("CREATE DATABASE `{$database}`") or die("MySQL Error: " . mysql_error() . "\n");
mysql_select_db($database) or die("MySQL Error: " . mysql_error() . "\n");
}
### check for required mysql version
$currentVersion = preg_replace("/[^0-9\\.]/", '', mysql_get_server_info());
if (version_compare(REQUIRED_MYSQL_VERSION, $currentVersion, '>')) {
$error = "This program requires MySQL v" . REQUIRED_MYSQL_VERSION . " or newer. This server has v{$currentVersion} installed.<br/>\n";
$error .= "Please ask your server administrator to install MySQL v" . REQUIRED_MYSQL_VERSION . " or newer.<br/>\n";
if ($returnErrors) {
return $error;
}
die($error);
}
### Set Character Set
# note: set through PHP 'set_charset' function so mysql_real_escape string() knows what charset to use. setting the charset
# ... through mysql queries with 'set names' didn't cause mysql_client_encoding() to return a different value
mysql_set_charset("utf8") or die("Error loading character set utf8: " . mysql_error() . '');
# set MySQL strict mode - http://dev.mysql.com/doc/refman/5.0/en/server-sql-mode.html
mysqlStrictMode(true);
# set MySQL timezone offset
setMySqlTimezone();
//
return '';
}
