/**
* Install controller.
*
* @return void
*/
function install(Core $core)
{
define('_ZINSTALLVER', Core::VERSION_NUM);
$serviceManager = $core->getContainer();
$eventManager = $core->getDispatcher();
// Lazy load DB connection to avoid testing DSNs that are not yet valid (e.g. no DB created yet)
$dbEvent = new GenericEvent(null, array('lazy' => true));
$eventManager->dispatch('doctrine.init_connection', $dbEvent);
$core->init(Core::STAGE_ALL & ~Core::STAGE_THEME & ~Core::STAGE_MODS & ~Core::STAGE_LANGS & ~Core::STAGE_DECODEURLS & ~Core::STAGE_SESSIONS);
// Power users might have moved the temp folder out of the root and changed the config.php
// accordingly. Make sure we respect this security related settings
$tempDir = isset($GLOBALS['ZConfig']['System']['temp']) ? $GLOBALS['ZConfig']['System']['temp'] : 'ztemp';
// define our smarty object
$smarty = new Smarty();
$smarty->caching = false;
$smarty->compile_check = true;
$smarty->left_delimiter = '{';
$smarty->right_delimiter = '}';
$smarty->compile_dir = $tempDir . '/view_compiled';
$smarty->template_dir = 'install/templates';
$smarty->plugins_dir = array('plugins', 'install/templates/plugins');
$smarty->clear_compiled_tpl();
file_put_contents("{$tempDir}/view_compiled/index.html", '');
$lang = FormUtil::getPassedValue('lang', '', 'GETPOST');
$dbhost = FormUtil::getPassedValue('dbhost', '', 'GETPOST');
$dbusername = FormUtil::getPassedValue('dbusername', '', 'GETPOST');
$dbpassword = FormUtil::getPassedValue('dbpassword', '', 'GETPOST');
$dbname = FormUtil::getPassedValue('dbname', '', 'GETPOST');
$dbprefix = '';
$dbdriver = FormUtil::getPassedValue('dbdriver', '', 'GETPOST');
$dbtabletype = FormUtil::getPassedValue('dbtabletype', '', 'GETPOST');
$username = FormUtil::getPassedValue('username', '', 'POST');
$password = FormUtil::getPassedValue('password', '', 'POST');
$repeatpassword = FormUtil::getPassedValue('repeatpassword', '', 'POST');
$email = FormUtil::getPassedValue('email', '', 'GETPOST');
$action = FormUtil::getPassedValue('action', '', 'GETPOST');
$notinstalled = isset($_GET['notinstalled']);
$installedState = isset($GLOBALS['ZConfig']['System']['installed']) ? $GLOBALS['ZConfig']['System']['installed'] : 0;
// If somehow we are browsing the not installed page but installed, redirect back to homepage
if ($installedState && $notinstalled) {
$response = new RedirectResponse(System::getHomepageUrl());
return $response->send();
}
// see if the language was already selected
$languageAlreadySelected = $lang ? true : false;
if (!$notinstalled && $languageAlreadySelected && empty($action)) {
$response = new RedirectResponse(System::getBaseUri() . "/install.php?action=requirements&lang={$lang}");
return $response->send();
}
// see if the language was already selected
$languageAlreadySelected = $lang ? true : false;
if (!$notinstalled && $languageAlreadySelected && empty($action)) {
$response = new RedirectResponse(System::getBaseUri() . "/install.php?action=requirements&lang={$lang}");
return $response->send();
}
// load the installer language files
if (empty($lang)) {
if (is_readable('config/installer.ini')) {
$test = parse_ini_file('config/installer.ini');
$lang = isset($test['language']) ? $test['language'] : 'en';
} else {
$available = ZLanguage::getInstalledLanguages();
$detector = new ZLanguageBrowser($available);
$lang = $detector->discover();
}
$lang = DataUtil::formatForDisplay($lang);
}
// setup multilingual
$GLOBALS['ZConfig']['System']['language_i18n'] = $lang;
$GLOBALS['ZConfig']['System']['multilingual'] = true;
$GLOBALS['ZConfig']['System']['languageurl'] = true;
$GLOBALS['ZConfig']['System']['language_detect'] = false;
$serviceManager->loadArguments($GLOBALS['ZConfig']['System']);
$_lang = ZLanguage::getInstance();
$_lang->setup();
$lang = ZLanguage::getLanguageCode();
$installbySQL = file_exists("install/sql/custom-{$lang}.sql") ? "install/sql/custom-{$lang}.sql" : false;
$smarty->assign('lang', $lang);
$smarty->assign('installbySQL', $installbySQL);
$smarty->assign('langdirection', ZLanguage::getDirection());
$smarty->assign('charset', ZLanguage::getEncoding());
// show not installed case
if ($notinstalled) {
header('HTTP/1.1 503 Service Unavailable');
$smarty->display('notinstalled.tpl');
$smarty->clear_compiled_tpl();
file_put_contents("{$tempDir}/view_compiled/index.html", '');
exit;
}
// assign the values from config.php
$smarty->assign($GLOBALS['ZConfig']['System']);
// if the system is already installed, halt.
if ($GLOBALS['ZConfig']['System']['installed']) {
_installer_alreadyinstalled($smarty);
}
// check for an empty action - if so then show the first installer page
if (empty($action)) {
$action = 'lang';
}
// perform tasks based on our action
switch ($action) {
case 'processBDInfo':
$dbname = trim($dbname);
$dbusername = trim($dbusername);
if (empty($dbname) || empty($dbusername)) {
$action = 'dbinformation';
$smarty->assign('dbconnectmissing', true);
} elseif (!preg_match('/^[\\w-]*$/', $dbname) || strlen($dbname) > 64) {
$action = 'dbinformation';
$smarty->assign('dbinvalidname', true);
} else {
update_config_php($dbhost, $dbusername, $dbpassword, $dbname, $dbdriver, $dbtabletype);
update_installed_status(0);
try {
$dbh = new PDO("{$dbdriver}:host={$dbhost};dbname={$dbname}", $dbusername, $dbpassword);
} catch (PDOException $e) {
$action = 'dbinformation';
$smarty->assign('reason', $e->getMessage());
$smarty->assign('dbconnectfailed', true);
}
}
if ($action != 'dbinformation') {
$action = 'createadmin';
}
break;
case 'finish':
if (!$username || preg_match('/[^\\p{L}\\p{N}_\\.\\-]/u', $username)) {
$action = 'createadmin';
$smarty->assign('uservalidatefailed', true);
$smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email));
} elseif (mb_strlen($password) < 7) {
$action = 'createadmin';
$smarty->assign('badpassword', true);
$smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email));
} elseif ($password !== $repeatpassword) {
$action = 'createadmin';
$smarty->assign('passwordcomparefailed', true);
$smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email));
} elseif (!validateMail($email)) {
$action = 'createadmin';
$smarty->assign('emailvalidatefailed', true);
$smarty->assign(array('username' => $username, 'password' => $password, 'repeatpassword' => $repeatpassword, 'email' => $email));
} else {
$installedOk = false;
// if it is the distribution and the process have not failed in a previous step
if ($installbySQL) {
// checks if exists a previous installation with the same prefix
$proceed = true;
$dbnameConfig = $GLOBALS['ZConfig']['DBInfo']['databases']['default']['dbname'];
$exec = $dbdriver == 'mysql' || $dbdriver == 'mysqli' ? "SHOW TABLES FROM `{$dbnameConfig}` LIKE '%'" : "SHOW TABLES FROM {$dbnameConfig} LIKE '%'";
$tables = DBUtil::executeSQL($exec);
if ($tables->rowCount() > 0) {
$proceed = false;
$action = 'dbinformation';
$smarty->assign('dbexists', true);
}
if ($proceed) {
// checks if file exists
if (!file_exists($installbySQL)) {
$action = 'dbinformation';
$smarty->assign('dbdumpfailed', true);
} else {
// execute the SQL dump
$lines = file($installbySQL);
$exec = '';
foreach ($lines as $line_num => $line) {
$line = trim($line);
if (empty($line) || strpos($line, '--') === 0) {
continue;
}
$exec .= $line;
if (strrpos($line, ';') === strlen($line) - 1) {
if (!DBUtil::executeSQL($exec)) {
$action = 'dbinformation';
$smarty->assign('dbdumpfailed', true);
break;
}
$exec = '';
}
}
ModUtil::dbInfoLoad('Users', 'Users');
ModUtil::dbInfoLoad('Extensions', 'Extensions');
ModUtil::initCoreVars(true);
createuser($username, $password, $email);
$installedOk = true;
}
}
} else {
installmodules($lang);
createuser($username, $password, $email);
$installedOk = true;
}
if ($installedOk) {
// create our new site admin
// TODO: Email username/password to administrator email address. Cannot use ModUtil::apiFunc for this.
$serviceManager->get('session')->start();
$authenticationInfo = array('login_id' => $username, 'pass' => $password);
$authenticationMethod = array('modname' => 'Users', 'method' => 'uname');
UserUtil::loginUsing($authenticationMethod, $authenticationInfo);
// add admin email as site email
System::setVar('adminmail', $email);
if (!$installbySQL) {
Theme_Util::regenerate();
}
// set site status as installed and protect config.php file
update_installed_status(1);
@chmod('config/config.php', 0400);
if (!is_readable('config/config.php')) {
@chmod('config/config.php', 0440);
if (!is_readable('config/config.php')) {
@chmod('config/config.php', 0444);
}
}
// install all plugins
$systemPlugins = PluginUtil::loadAllSystemPlugins();
foreach ($systemPlugins as $plugin) {
PluginUtil::install($plugin);
}
LogUtil::registerStatus(__('Congratulations! Zikula has been successfullly installed.'));
$response = new RedirectResponse(ModUtil::url('Admin', 'admin', 'adminpanel'));
$response->send();
exit;
}
}
break;
case 'requirements':
$checks = _check_requirements();
$ok = true;
foreach ($checks as $check) {
if (!$check) {
$ok = false;
break;
}
}
foreach ($checks['files'] as $check) {
if (!$check['writable']) {
$ok = false;
break;
}
}
if ($ok) {
$response = new RedirectResponse(System::getBaseUri() . "/install.php?action=dbinformation&lang={$lang}");
$response->send();
exit;
}
$smarty->assign('checks', $checks);
break;
}
// check our action template exists
$action = DataUtil::formatForOS($action);
if ($smarty->template_exists("installer_{$action}.tpl")) {
$smarty->assign('action', $action);
$templateName = "installer_{$action}.tpl";
} else {
$smarty->assign('action', 'error');
$templateName = 'installer_error.tpl';
}
$smarty->assign('maincontent', $smarty->fetch($templateName));
$smarty->display('installer_page.tpl');
$smarty->clear_compiled_tpl();
file_put_contents("{$tempDir}/view_compiled/index.html", '');
}
}
$display = '';
$pageBody = '';
if (isset($_POST['cancel'])) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
switch ($mode) {
case 'logout':
$pageBody = userLogout();
break;
case 'profile':
case 'user':
$pageBody .= userprofile();
break;
case 'create':
$pageBody .= createuser();
break;
case 'getpassword':
$pageBody .= _userGetpassword();
break;
case 'newpwd':
$pageBody .= _userNewpwd();
break;
case 'setnewpwd':
$pageBody .= _userSetnewpwd();
break;
case 'emailpasswd':
$pageBody .= _userEmailpassword();
break;
case 'new':
$pageBody .= newuserform();
$display .= USER_showProfile($uid);
} else {
COM_redirect($_CONF['site_url'] . '/index.php');
}
} else {
COM_redirect($_CONF['site_url'] . '/index.php');
}
break;
case 'create':
if ($_CONF['disable_new_user_registration']) {
$display .= COM_showMessageText($LANG04[122], $LANG04[22]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[22]));
} else {
$email = COM_applyFilter($_POST['email']);
$email_conf = COM_applyFilter($_POST['email_conf']);
$display .= createuser(COM_applyFilter($_POST['username']), $email, $email_conf);
}
break;
case 'getpassword':
if ($_CONF['passwordspeedlimit'] == 0) {
$_CONF['passwordspeedlimit'] = 300;
// 5 minutes
}
COM_clearSpeedlimit($_CONF['passwordspeedlimit'], 'password');
$last = COM_checkSpeedlimit('password');
if ($last > 0) {
$display .= COM_showMessageText(sprintf($LANG04[93], $last, $_CONF['passwordspeedlimit']), $LANG12[26]);
} else {
$display .= getpasswordform();
}
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[25]));
<?php
include 'functions.php';
if ($_POST["type"] == "create") {
$passhash = password_hash($_POST['password'], PASSWORD_DEFAULT);
try {
createuser($_POST['username'], $passhash, $_POST['email'], $_POST['firstname'], $_POST['lastname'], $_POST['middlename']);
} catch (Exception $e) {
echo $e->getCode();
}
} else {
if ($_POST["type"] == "login") {
try {
$result = loginuser($_POST['username'], $_POST['password']);
echo $result["message"];
if ($result["message"] == "SUCCESS") {
session_start();
$_SESSION['username'] = $result['username'];
$_SESSION['firstname'] = $result['firstname'];
$_SESSION['lastname'] = $result['lastname'];
$_SESSION['middlename'] = $result['middlename'];
$_SESSION['email'] = $result['email'];
}
} catch (Exception $e) {
// echo $e -> getMessage();
}
} else {
if ($_POST["type"] == "logout") {
logout();
} else {
if ($_POST["type"] == "newgrant") {
public function testAddUser()
{
createuser("KOUKOU", "KIKOU", "2");
$array = list_all_user(__DIR__ . "/../src/files/roles.json");
$this->assertArrayHasKey('KOUKOU', $array);
}
<?php
ob_start();
if (isset($_POST["usr"]) && isset($_POST["pwd"]) && isset($_POST["roles"])) {
createuser($_POST["usr"], $_POST["pwd"], $_POST["roles"]);
}
function createuser($usr, $pwd, $role)
{
// Creates new users
$error = "";
if ($usr != null && $pwd != null && $role != null) {
$pwd = htmlentities($pwd);
$pwd = hash('sha512', "zztask" . $pwd . "bcrypt");
$usr = htmlentities(strtolower($usr));
$file = fopen(__DIR__ . "/files/login.json", "r");
// Gets current list of users
$line = fgets($file);
$arr = json_decode($line, true);
fclose($file);
if (!isset($arr[$usr])) {
// to look if this user already exist
$array = array($usr => $pwd);
// If not, then we add the new user
if (isset($arr)) {
$log = array_merge($arr, $array);
// By merging the 2 vars
} else {
$log = $array;
}
$file = fopen(__DIR__ . "/files/login.json", "w");
// Writes down the new user list
// User Creates an account by entering in their EMAIL and Creating a Password
$email = filter_input(INPUT_POST, 'email');
$password = filter_input(INPUT_POST, 'password');
// Error Validating the Email and Password Entered
$errors = array();
if (!isValidEmail($email)) {
$errors[] = 'Email is not Valid';
}
if (!isValidPassword($password)) {
$errors[] = 'Password is not Valid';
}
/* As long as their is no Errors the Email and Password
* for that user are added to the database and Granted access
*/
if (count($errors) == 0) {
if (createuser($email, $password)) {
$results = 'User Added';
} else {
$results = 'User was not Added';
}
}
}
?>
<!-- Provides the Results of the Account Creation & the Login Form -->
<?php
include '../Includes/errors.html.php';
?>
<?php
