Example #1
0
function process()
{
    global $DB;
    global $website;
    global $events;
    global $theme;
    set_time_limit(0);
    setlocale(LC_ALL, $_SESSION['navigate_install_locale']);
    $lang = navigate_install_load_language();
    switch ($_REQUEST['process']) {
        case 'verify_zip':
            sleep(1);
            if (!file_exists('package.zip')) {
                die(json_encode($lang['missing_package']));
            } else {
                $zip = new ZipArchive();
                if ($zip->open('package.zip') !== TRUE) {
                    die(json_encode($lang['invalid_package']));
                } else {
                    $zip->close();
                    die(json_encode(true));
                }
            }
            break;
        case 'extract_zip':
            $npath = getcwd() . NAVIGATE_FOLDER;
            $npath = str_replace('\\', '/', $npath);
            if (!file_exists($npath)) {
                mkdir($npath);
            }
            if (file_exists($npath)) {
                $zip = new ZipArchive();
                if ($zip->open('package.zip') === TRUE) {
                    $zip->extractTo($npath);
                    $zip->close();
                    copy($npath . '/crossdomain.xml', dirname($npath) . '/crossdomain.xml');
                    die(json_encode(true));
                } else {
                    die(json_encode($lang['extraction_failed']));
                }
            }
            die(json_encode($lang['folder_not_exists']));
            break;
        case 'chmod':
            sleep(1);
            // chmod the directories recursively
            $npath = getcwd() . NAVIGATE_FOLDER;
            if (!navigate_install_chmodr($npath, 0755)) {
                die(json_encode($lang['chmod_failed']));
            } else {
                die(json_encode(true));
            }
            break;
        case 'verify_database':
            if ($_REQUEST['PDO_DRIVER'] == 'mysql' || $_REQUEST['PDO_DRIVER'] == 'mysql-socket') {
                try {
                    $dsn = "mysql:host=" . $_REQUEST['PDO_HOSTNAME'] . ";port=" . $_REQUEST['PDO_PORT'] . ';charset=utf8';
                    if ($_REQUEST['PDO_DRIVER'] == "mysql-socket") {
                        $dsn = "mysql:unix_socket=" . $_REQUEST['PDO_SOCKET'] . ";charset=utf8";
                    }
                    $db_test = @new PDO($dsn, $_REQUEST['PDO_USERNAME'], $_REQUEST['PDO_PASSWORD']);
                    if (!$db_test) {
                        echo json_encode(array('error' => $lang['database_connect_error']));
                    } else {
                        $create_database_privilege = false;
                        $drop_database_privilege = false;
                        $stm = $db_test->query('SHOW DATABASES;');
                        $rs = $stm->fetchAll(PDO::FETCH_COLUMN, 'Database');
                        $rs = array_diff($rs, array('mysql', 'information_schema'));
                        $stm = $db_test->query('SHOW PRIVILEGES;');
                        $privileges = $stm->fetchAll(PDO::FETCH_ASSOC);
                        for ($p = 0; $p < count($privileges); $p++) {
                            if ($privileges[$p]['Privilege'] == 'Create') {
                                if (strpos($privileges[$p]['Context'], 'Databases') !== false) {
                                    $create_database_privilege = true;
                                }
                            }
                            if ($privileges[$p]['Privilege'] == 'Drop') {
                                if (strpos($privileges[$p]['Context'], 'Databases') !== false) {
                                    $drop_database_privilege = true;
                                }
                            }
                        }
                        if ($create_database_privilege && $drop_database_privilege) {
                            // check if we are really allowed to create databases
                            $dbname = 'navigate_test_' . time();
                            $create_result = $db_test->exec('CREATE DATABASE ' . $dbname);
                            if ($create_result) {
                                $db_test->exec('DROP DATABASE ' . $dbname);
                            }
                            if (!$create_result) {
                                $create_database_privilege = false;
                            }
                        }
                        $db_test = NULL;
                        echo json_encode(array('databases' => array_values($rs), 'create_database_privilege' => $create_database_privilege));
                    }
                } catch (Exception $e) {
                    echo json_encode(array('error' => $e->getMessage()));
                }
            } else {
                echo json_encode(array('error' => $lang['database_driver_error']));
            }
            exit;
            break;
        case 'database_create':
            $DB = new database();
            if (!$DB->connect()) {
                // try to create the database automatically
                if (PDO_DRIVER == 'mysql') {
                    if (PDO_DATABASE != '') {
                        if (PDO_HOSTNAME != "") {
                            $dsn = "mysql:host=" . PDO_HOSTNAME . ";port=" . PDO_PORT . ";charset=utf8";
                        } else {
                            $dsn = "mysql:unix_socket=" . PDO_SOCKET . ";charset=utf8";
                        }
                        $db_test = new PDO($dsn, PDO_USERNAME, PDO_PASSWORD);
                        $db_test->exec('CREATE DATABASE IF NOT EXISTS `' . PDO_DATABASE . '` DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;');
                        $db_test = NULL;
                    }
                    if (!$DB->connect()) {
                        echo json_encode(array('error' => $DB->get_last_error()));
                    } else {
                        echo json_encode(array('ok' => $lang['database_created']));
                    }
                }
            } else {
                echo json_encode(array('ok' => $lang['database_exists']));
            }
            exit;
            break;
        case 'database_import':
            $DB = new database();
            if (!$DB->connect()) {
                die(json_encode(array('error' => $DB->get_last_error())));
            }
            try {
                $sql = file_get_contents('navigate.sql');
                $sql = str_replace("{#!NAVIGATE_FOLDER!#}", NAVIGATE_PARENT . NAVIGATE_FOLDER, $sql);
                $sql = explode("\n\n", $sql);
                // can't do it in one step => SQLSTATE[HY000]: General error: 2014
                foreach ($sql as $sqlline) {
                    $sqlline = trim($sqlline);
                    if (empty($sqlline)) {
                        continue;
                    }
                    if (!@$DB->execute($sqlline)) {
                        $error = $DB->get_last_error();
                    }
                    if (!empty($error)) {
                        break;
                    }
                }
            } catch (Exception $e) {
                $error = $e->getMessage();
            }
            if (!empty($error) && false) {
                echo json_encode(array('error' => $error));
            } else {
                echo json_encode(array('ok' => $lang['done']));
            }
            exit;
            break;
        case 'create_account':
            // create admin
            try {
                $DB = new database();
                if (!$DB->connect()) {
                    die(json_encode(array('error' => $DB->get_last_error())));
                }
                $user = new user();
                $user->id = 0;
                $user->username = $_SESSION['NAVIGATE-SETUP']['ADMIN_USERNAME'];
                $user->set_password($_SESSION['NAVIGATE-SETUP']['ADMIN_PASSWORD']);
                $user->email = $_SESSION['NAVIGATE-SETUP']['ADMIN_EMAIL'];
                $user->profile = 1;
                $user->skin = 'cupertino';
                $user->language = $_SESSION['navigate_install_lang'];
                $user->blocked = 0;
                $user->timezone = 'UTC';
                $user->date_format = 'Y-m-d H:i';
                $user->decimal_separator = ',';
                $user->thousands_separator = '';
                $user->attempts = 0;
                $user->cookie_hash = '';
                $user->activation_key = '';
                $ok = $user->insert();
                if (!$ok) {
                    throw new Exception($lang['error']);
                }
                // create default website details
                $website = new website();
                $website->create_default();
                $_SESSION['NAVIGATE-SETUP']['WEBSITE_DEFAULT'] = $website->id;
                echo json_encode(array('ok' => $lang['done']));
            } catch (Exception $e) {
                echo json_encode(array('error' => $e->getMessage()));
            }
            exit;
            break;
        case 'install_default_theme':
            try {
                $DB = new database();
                if (!$DB->connect()) {
                    die(json_encode(array('error' => $DB->get_last_error())));
                }
                if (@$_SESSION['NAVIGATE-SETUP']['DEFAULT_THEME'] == 'theme_kit') {
                    $website = new website();
                    $website->load($_SESSION['NAVIGATE-SETUP']['WEBSITE_DEFAULT']);
                    $website->theme = 'theme_kit';
                    $website->languages = array('en' => array('language' => 'en', 'variant' => '', 'code' => 'en', 'system_locale' => 'en_US.utf8'), 'es' => array('language' => 'es', 'variant' => '', 'code' => 'es', 'system_locale' => 'es_ES.utf8'));
                    $website->languages_published = array('en', 'es');
                    $website->save();
                    // default objects (first user, no events bound...)
                    $user = new user();
                    $user->load(1);
                    $events = new events();
                    $zip = new ZipArchive();
                    $zip_open_status = $zip->open(NAVIGATE_PATH . '/themes/theme_kit.zip');
                    if ($zip_open_status === TRUE) {
                        $zip->extractTo(NAVIGATE_PATH . '/themes/theme_kit');
                        $zip->close();
                        $theme = new theme();
                        $theme->load('theme_kit');
                        $theme->import_sample($website);
                    }
                    echo json_encode(array('ok' => $lang['done']));
                } else {
                    // user does not want to install the default theme
                    echo json_encode(array('ok' => $lang['not_selected']));
                }
            } catch (Exception $e) {
                echo json_encode(array('error' => $e->getMessage()));
            }
            exit;
            break;
        case 'apache_htaccess':
            try {
                $nvweb = dirname($_SERVER['REQUEST_URI']) . NAVIGATE_FOLDER . '/web/nvweb.php';
                $nvweb = str_replace('//', '/', $nvweb);
                $data = array();
                $data[] = 'Options +FollowSymLinks';
                $data[] = 'Options -Indexes';
                $data[] = 'RewriteEngine On';
                $data[] = 'RewriteBase /';
                $data[] = 'RewriteCond %{REQUEST_FILENAME} !-f';
                $data[] = 'RewriteCond %{REQUEST_FILENAME} !-d';
                $data[] = 'RewriteRule ^(.+) ' . $nvweb . '?route=$1 [QSA]';
                $data[] = 'RewriteRule ^$ ' . $nvweb . '?route=nv.empty [L,QSA]';
                $ok = @file_put_contents(dirname(NAVIGATE_PATH) . '/.htaccess', implode("\n", $data));
                if (!$ok) {
                    throw new Exception($lang['unexpected_error']);
                }
                echo json_encode('true');
            } catch (Exception $e) {
                echo json_encode(array('error' => $e->getMessage()));
            }
            exit;
            break;
    }
}
Example #2
0
function run()
{
    global $user;
    global $layout;
    global $website;
    global $theme;
    global $DB;
    $out = '';
    switch ($_REQUEST['act']) {
        case 'theme_info':
            echo '<iframe src="' . NAVIGATE_URL . '/themes/' . $_REQUEST['theme'] . '/' . $_REQUEST['theme'] . '.info.html' . '" scrolling="auto" frameborder="0"  width="100%" height="100%"></iframe>';
            core_terminate();
            break;
        case 'remove':
            // check the theme is not actually used in any website
            $usages = $DB->query_single('COUNT(*)', 'nv_websites', ' theme = ' . protect($_REQUEST['theme']));
            if ($usages == 0) {
                try {
                    $theme = new theme();
                    $theme->load($_REQUEST['theme']);
                    $status = $theme->delete();
                    echo json_encode($status);
                } catch (Exception $e) {
                    echo $e->getMessage();
                }
            } else {
                $status = t(537, "Can't remove the theme because it is currently being used by another website.");
                echo $status;
            }
            core_terminate();
            break;
            /*
            case 'export':
                $out = themes_export_form();
                break;
            */
        /*
        case 'export':
            $out = themes_export_form();
            break;
        */
        case 'theme_sample_content_import':
            try {
                $theme->import_sample();
                $layout->navigate_notification(t(374, "Item installed successfully."), false);
            } catch (Exception $e) {
                $layout->navigate_notification($e->getMessage(), true, true);
            }
            $themes = theme::list_available();
            $out = themes_grid($themes);
            break;
        case 'theme_sample_content_export':
            if (empty($_POST)) {
                $out = themes_sample_content_export_form();
            } else {
                $categories = explode(',', $_POST['categories']);
                $folder = $_POST['folder'];
                $items = explode(',', $_POST['elements']);
                $block_groups = explode(',', $_POST['block_groups']);
                $blocks = explode(',', $_POST['blocks']);
                $comments = explode(',', $_POST['comments']);
                theme::export_sample($categories, $items, $block_groups, $blocks, $comments, $folder);
                core_terminate();
            }
            break;
        case 'install_from_hash':
            $url = base64_decode($_GET['hash']);
            if (!empty($url) && $user->permission("themes.install") == "true") {
                $error = false;
                parse_str(parse_url($url, PHP_URL_QUERY), $query);
                $tmp_file = sys_get_temp_dir() . DIRECTORY_SEPARATOR . $query['code'] . '.zip';
                @core_file_curl($url, $tmp_file);
                if (@filesize($tmp_file) == 0) {
                    @unlink($tmp_file);
                    // core file curl failed, try using file_get_contents...
                    $tmp = @file_get_contents($url);
                    if (!empty($tmp)) {
                        @file_put_contents($tmp_file, $tmp);
                    }
                    unset($tmp);
                }
                if (@filesize($tmp_file) > 0) {
                    // uncompress ZIP and copy it to the themes dir
                    @mkdir(NAVIGATE_PATH . '/themes/' . $query['code']);
                    $zip = new ZipArchive();
                    $zip_open_status = $zip->open($tmp_file);
                    if ($zip_open_status === TRUE) {
                        $zip->extractTo(NAVIGATE_PATH . '/themes/' . $query['code']);
                        $zip->close();
                        $layout->navigate_notification(t(374, "Item installed successfully."), false);
                    } else {
                        $layout->navigate_notification('ERROR ' . $zip_open_status, true, true);
                        $error = true;
                    }
                } else {
                    $layout->navigate_notification(t(56, 'Unexpected error'), true, true);
                    $error = true;
                }
                if ($error) {
                    $layout->add_content('
                        <div id="navigate_marketplace_install_from_hash_error">
                            <p>' . t(529, "It has not been possible to download the item you have just bought from the marketplace.") . '</p>
                            <p>' . t(530, "You have to visit your Marketplace Dashboard and download the file, then use the <strong>Install from file</strong> button you'll find in the actions bar on the right.") . '</p>
                            <p>' . t(531, "Sorry for the inconvenience.") . '</p>
                            <a class="uibutton" href="http://www.navigatecms.com/en/marketplace/dashboard" target="_blank"><span class="ui-icon ui-icon-extlink" style="float: left;"></span> ' . t(532, "Navigate CMS Marketplace") . '</a>
                        </div>
                    ');
                    $layout->add_script('
                        $("#navigate_marketplace_install_from_hash_error").dialog({
                            modal: true,
                            title: "' . t(56, "Unexpected error") . '"
                        });
                    ');
                }
            }
            // don't break, we want to show the themes grid right now (theme_upload by browser upload won't trigger)
        // don't break, we want to show the themes grid right now (theme_upload by browser upload won't trigger)
        case 'theme_upload':
            if (isset($_FILES['theme-upload']) && $_FILES['theme-upload']['error'] == 0 && $user->permission("themes.install") == "true") {
                // uncompress ZIP and copy it to the themes dir
                $tmp = trim(substr($_FILES['theme-upload']['name'], 0, strpos($_FILES['theme-upload']['name'], '.')));
                $theme_name = filter_var($tmp, FILTER_SANITIZE_EMAIL);
                if ($tmp != $theme_name) {
                    $layout->navigate_notification(t(344, 'Security error'), true, true);
                } else {
                    @mkdir(NAVIGATE_PATH . '/themes/' . $theme_name);
                    $zip = new ZipArchive();
                    if ($zip->open($_FILES['theme-upload']['tmp_name']) === TRUE) {
                        $zip->extractTo(NAVIGATE_PATH . '/themes/' . $theme_name);
                        $zip->close();
                        $layout->navigate_notification(t(374, "Item installed successfully."), false);
                    } else {
                        $layout->navigate_notification(t(262, 'Error uploading file'), true, true);
                    }
                }
            }
            // don't break, we want to show the themes grid right now
        // don't break, we want to show the themes grid right now
        case 'themes':
        default:
            if (@$_REQUEST['opt'] == 'install') {
                $ntheme = new theme();
                $ntheme->load($_REQUEST['theme']);
                $website->theme = $ntheme->name;
                if (!empty($ntheme->styles)) {
                    $nst = get_object_vars($ntheme->styles);
                    $nst = array_keys($nst);
                    if (!isset($website->theme_options) || empty($website->theme_options)) {
                        $website->theme_options = json_decode('{"style": ""}');
                    }
                    $website->theme_options->style = array_shift($nst);
                } else {
                    if (!isset($website->theme_options) || empty($website->theme_options)) {
                        $website->theme_options = json_decode('{"style": ""}');
                    } else {
                        $website->theme_options->style = "";
                    }
                }
                try {
                    $website->update();
                    $layout->navigate_notification(t(374, "Item installed successfully."), false);
                } catch (Exception $e) {
                    $layout->navigate_notification($e->getMessage(), true, true);
                }
            }
            $themes = theme::list_available();
            $out = themes_grid($themes);
            break;
    }
    return $out;
}