function init_default_config() { // default language of the site = installation language (cookie) // (if no cookie, then set to English) if (!($lang = $GLOBALS['lcm_lang'])) { $lang = 'en'; } $meta_name_middle = 'no'; if ($lang == 'bg' || $lang == 'pt_br') { $meta_name_middle = 'yes'; } // Check whether database supports utf8 $db_utf8 = 'no'; if (!preg_match('/^MySQL (4\\.0|3\\.)/', lcm_sql_server_info())) { $db_utf8 = 'yes'; } // c.f. http://www.lcm.ngo-bg.org/article28.html $list_meta = array('default_language' => $lang, 'site_open_subscription' => 'no', 'site_name' => 'title_software', 'site_description' => 'title_software_description', 'currency' => _T('currency_default_format'), 'case_default_read' => 'yes', 'case_default_write' => 'no', 'case_read_always' => 'no', 'case_write_always' => 'no', 'client_name_middle' => $meta_name_middle, 'client_citizen_number' => 'no', 'client_civil_status' => 'no', 'client_income' => 'no', 'client_hide_all' => 'no', 'client_share_read' => 'yes', 'client_share_write' => 'yes', 'client_date_birth' => 'no', 'person_name_format' => '1', 'org_hide_all' => 'no', 'org_share_read' => 'yes', 'org_share_write' => 'yes', 'case_court_archive' => 'no', 'case_assignment_date' => 'yes', 'case_alledged_crime' => 'yes_optional', 'case_legal_reason' => 'yes_optional', 'case_new_showorg' => 'no', 'case_allow_modif' => 'yes', 'fu_sum_billed' => 'no', 'fu_allow_modif' => 'yes', 'hide_emails' => 'no', 'db_utf8' => $db_utf8, 'charset' => 'UTF-8'); $modifs = false; while (list($key, $value) = each($list_meta)) { if (!read_meta($key)) { write_meta($key, $value); $modifs = true; } } if ($modifs) { write_metas(); } // Force the update list of available languages include_lcm('inc_lang'); init_languages(true); }
function lcm_db_40_refresh_case_update() { $server_info = lcm_sql_server_info(); // [ML] This won't work on MySQL 3.23 .. nor 4.0 (?!) if (preg_match('/^MySQL/', $server_info) && !preg_match('/^MySQL 3\\./', $server_info) && !preg_match('/^MySQL 4\\.0/', $server_info)) { lcm_query("UPDATE lcm_case \n\t\t\t\t\t\tSET date_update = (SELECT max(fu.date_start) \n\t\t\t\t\t\t\t\t\t\tFROM lcm_followup as fu \n\t\t\t\t\t\t\t\t\t\tWHERE lcm_case.id_case = fu.id_case\n\t\t\t\t\t\t\t\t\t\tGROUP BY fu.id_case)", true); } else { // [ML] Probably not the best idea.. but brain-dead mysql // incompatibilities are driving me crazy.. // // Note: using the join to exclude non-empty dates allows to // continue/re-run the upgrade if it makes a time-out. $result = lcm_query("SELECT c.id_case, MAX(fu.date_start) as date\n\t\t\t\t\t\t\t\tFROM lcm_followup as fu, lcm_case as c\n\t\t\t\t\t\t\t\tWHERE fu.id_case = c.id_case\n\t\t\t\t\t\t\t\t AND c.date_update != '0000-00-00 00:00:00'\n\t\t\t\t\t\t\t\tGROUP BY fu.id_case\n\t\t\t\t\t\t\t\tORDER BY fu.id_case ASC"); while ($row = lcm_fetch_array($result)) { lcm_query("UPDATE lcm_case\n\t\t\t\t\t\t\tSET date_update = '" . $row['date'] . "'\n\t\t\t\t\t\t\tWHERE id_case = " . $row['id_case']); } } }
function install_step_1() { install_html_start('AUTO', '', 1); echo "<h3><small>" . _T('install_step_one') . "</small> " . _T('install_title_sql_connection') . "</h3>\n"; echo show_all_errors($_SESSION['errors']); echo "<p class='simple_text'>" . _T('install_info_sql_connection') . " " . lcm_help("install_database") . "</p>\n"; $db_address = _session('db_address', 'localhost'); $db_login = _session('db_login'); $db_password = _session('db_password'); $db_choice = _session('db_choice'); // Fetch the previous configuration data to make things easier (if possible) $lcm_config_prefix = isset($_SERVER['LcmConfigDir']) ? $_SERVER['LcmConfigDir'] : 'inc/config'; if (@file_exists($lcm_config_prefix . '/inc_connect_install.php')) { $s = @join('', @file($lcm_config_prefix . '/inc_connect_install.php')); if (ereg("mysql_connect\\([\"'](.*)[\"'],[\"'](.*)[\"'],[\"'](.*)[\"']\\)", $s, $regs)) { $db_address = $regs[1]; $db_login = $regs[2]; } else { if (ereg("lcm_connect_db\\('(.*)','(.*)','(.*)','(.*)','(.*)'\\)", $s, $regs)) { $db_address = $regs[1]; if ($port_db = $regs[2]) { $db_address .= ':' . $port_db; } $db_login = $regs[3]; } } } echo "<form action='install.php' method='post'>\n"; echo "<input type='hidden' name='step' value='2' />\n"; echo "<fieldset class='fs_box'>\n"; echo "<div><label for='db_address'><strong>" . f_err_star('address') . _T('install_database_address') . "</strong></label></div>\n"; echo "<input type='text' id='db_address' name='db_address' value=\"{$db_address}\" size='40' class='txt_lmnt' />\n"; echo "<br />\n"; echo "<br />\n"; echo "<div><label for='db_login'><strong>" . f_err_star('login') . _T('install_connection_login') . "</strong></label></div>\n"; echo "<input type='text' id='db_login' name='db_login' value=\"{$db_login}\" size='40' class='txt_lmnt' />\n"; echo "<br />\n"; echo "<br />\n"; echo "<div><label for='db_password'><strong>" . f_err_star('password') . _T('install_connection_password') . "</strong></label></div>\n"; echo "<input type='password' id='db_password' name='db_password' value=\"{$db_password}\" size='40' class='txt_lmnt' />\n"; // Afaik, there is no way to get a list of databases in PgSQL // without logging in first, and to login, you must provide DBname if (preg_match("/^PostgreSQL/", lcm_sql_server_info())) { echo "<br />\n"; echo "<br />\n"; echo "<div><label for='db_choice'><strong>" . f_err_star('dbname') . "Database name" . "</strong></label></div>\n"; // TRAD echo "<input type='text' id='db_choice' name='db_choice' value=\"{$db_choice}\" size='40' class='txt_lmnt' />\n"; } echo "</fieldset>\n"; echo "<div align='" . $GLOBALS['lcm_lang_right'] . "'>" . "<button type='submit' name='Next'>" . _T('button_next') . " >></button> " . "</div>\n"; echo "</form>\n"; install_html_end(); }
function lcm_panic($message) { global $lcm_version, $lcm_db_version; function lcm_ini_get($param) { $ret = ini_get($param); return $ret ? $ret : 'n/a'; } echo "<p>" . _T('warning_panic_is_useful') . "</p>\n"; $error = "[INTERNAL] (v" . $lcm_version . "-db" . $lcm_db_version . ", PHP v" . PHP_VERSION . ")\n"; $error .= "Server: " . $_SERVER['SERVER_SOFTWARE'] . "\n"; if (function_exists('lcm_sql_server_info')) { $error .= "SQL server: " . lcm_sql_server_info() . "\n"; } else { $error .= "SQL server: not yet connected\n"; } $error .= "Referer: " . $_SERVER['HTTP_REFERER'] . "\n"; $error .= "Request: " . $_SERVER['REQUEST_METHOD'] . " " . $_SERVER['REQUEST_URI'] . "\n"; $error .= "Error: " . $message . "\n"; // Show DB version in meta cache $error .= "Version-DB: " . read_meta('lcm_db_version') . " (in cache)\n"; // Show existence + size of cache, in case it doesnt exist, or there were // problems while generating it (i.e. it will be less than 30kb) if (include_data_exists('inc_meta_cache')) { if (isset($_SERVER['LcmDataDir'])) { $prefix = $_SERVER['LcmDataDir'] . '/'; } else { $prefix = 'inc/data/'; } $error .= "inc_meta_cache: exists (" . filesize($prefix . 'inc_meta_cache.php') . " bytes)\n"; } else { $error .= "inc_meta_cache: does NOT exists\n"; } $check_confs = array('safe_mode', 'safe_mode_gid', 'safe_mode_include_dir', 'safe_mode_exec_dir', 'open_basedir', 'disable_functions'); foreach ($check_confs as $conf) { $error .= $conf . ': ' . lcm_ini_get($conf) . "\n"; } if ($GLOBALS['debug']) { $error .= "cookie_prefix: " . $GLOBALS['cookie_prefix'] . "\n"; $error .= "table_prefix: " . $GLOBALS['table_prefix'] . "\n"; $error .= "_GET: " . get_var_dump($_GET) . "\n"; $error .= "_POST: " . get_var_dump($_POST) . "\n"; $error .= "_COOKIE: " . get_var_dump($_COOKIE) . "\n"; $error .= "_SERVER: " . get_var_dump($_SERVER) . "\n"; $error .= "included_files: " . get_var_dump($GLOBALS['included_files']) . "\n"; $error .= "meta: " . get_var_dump($GLOBALS['meta']) . "\n"; } // Too much paranoia? I am not even sure if we can inject code // either XSS or shellcode .. but should not hurt.. $error = htmlspecialchars($error); // Make different lcm_getbacktrace() calls to avoid html in logs lcm_log($error . lcm_getbacktrace(false) . "END OF REPORT\n"); die("<pre>" . $error . " " . lcm_getbacktrace() . "END OF REPORT\n</pre>"); }
function import_database($input_filename) { global $tabs; $input_filename = clean_input($input_filename); $root = addslashes(getcwd()); $dir = DIR_BACKUPS_PREFIX . $input_filename; if (file_exists($dir)) { if ($_POST['conf'] !== 'yes') { // Print confirmation form lcm_page_start(_T('title_archives'), '', '', 'archives_import'); show_tabs_links($tabs, 1, true); echo "<fieldset class='info_box'>\n"; show_page_subtitle(_T('generic_subtitle_warning'), 'archives_import'); echo "<p class='normal_text'><img src='images/jimmac/icon_warning.gif' alt='' " . "align='right' height='48' width='48' />" . _T('archives_info_restore_will_delete') . "</p>\n"; echo "<form action='import_db.php' method='post'>\n"; echo '<input type="hidden" name="action" value="import" />' . "\n"; echo "<button type='submit' class='simple_form_btn' name='conf' value='yes'>" . _T('info_yes') . "</button>\n"; echo "<button type='submit' class='simple_form_btn' name='conf' value='no'>" . _T('info_no') . "</button>\n"; echo "<input type='hidden' name='file' value='{$input_filename}' />\n"; echo "<input type='hidden' name='restore_type' value='" . $_POST['restore_type'] . "' />\n"; echo "</form>"; echo "</fieldset\n>"; lcm_page_end(); return; } } // Get saved database version if (!($fh = fopen("{$dir}/db-version", 'r'))) { lcm_panic("System error: Could not open file '{$dir}/db-version"); } $backup_db_version = intval(fread($fh, 10)); fclose($fh); // For debugging - use another database //lcm_query("use lcm_new"); // Recreate tables if ($_POST['restore_type'] == 'clean' || $backup_db_version < read_meta('lcm_db_version')) { // Open backup dir if (!($dh = opendir("{$dir}/"))) { lcm_panic("System error: Could not open directory '{$dir}'"); } while ($file = readdir($dh)) { // Get table name $table = substr($file, 0, -10); // Add path to filename $file = "{$dir}/{$file}"; if (strlen($file) > 10) { if (is_file($file) && substr($file, -10) === ".structure" && is_file("{$dir}/{$table}" . DATA_EXT_NAME)) { // Clear the table $q = "DROP TABLE IF EXISTS {$table}"; $result = lcm_query($q); // Create table $fh = fopen($file, 'r'); $q = fread($fh, filesize($file)); fclose($fh); $result = lcm_query_restore_table($q); } } } closedir($dh); // Update lcm_db_version // [ML] This is rather useless because they will be overwritten when the // values are loaded (LOAD FILE), but I leave it just in case there are // obscur bugs (altough this will most likely generate strange bugs..) write_meta('lcm_db_version', $backup_db_version); if (!preg_match('/^MySQL (4\\.0|3\\.)/', lcm_sql_server_info())) { write_meta('db_utf8', 'yes'); } write_metas(); } else { if ($backup_db_version > read_meta('lcm_db_version')) { // Backup version newer than installed db version lcm_page_start(_T('title_archives'), '', '', 'archives_import'); // Show tabs show_tabs_links($tabs, 1, true); // Show tab header echo "Version mismatch!\n"; // TRAD echo "<fieldset class='info_box'>\n"; echo "Backup database version is newer than the installed database."; // TRAD echo "</fieldset\n>"; lcm_page_end(); return; } else { // Backup and current db versions are equal } } // // Import data into database tables\ // // Change backup dir permissions, so MySQL could read from it. chmod($dir, 0755); // Open backup dir if (!($dh = opendir("{$dir}/"))) { lcm_panic("System error: Could not open directory '{$dir}'"); } while ($file = readdir($dh)) { // Get table name $table = substr($file, 0, -DATA_EXT_LEN); // Add path to filename $file = "{$dir}/{$file}"; if (strlen($file) > 5) { // [ML] why? if (is_file($file) && substr($file, -DATA_EXT_LEN) === DATA_EXT_NAME) { // If restore_type='clean', clear the table if ($_POST['restore_type'] == 'clean') { lcm_query("TRUNCATE TABLE {$table}"); } $q = "LOAD DATA INFILE '{$file}' "; $q .= $_POST['restore_type'] == 'replace' ? 'REPLACE' : 'IGNORE'; $q .= "\tINTO TABLE {$table}\n\t\t\t\t\tFIELDS TERMINATED BY ','\n\t\t\t\t\t\tOPTIONALLY ENCLOSED BY '\"'\n\t\t\t\t\t\tESCAPED BY '\\\\'\n\t\t\t\t\tLINES TERMINATED BY '\r\n'"; $result = lcm_query($q); } } } closedir($dh); // Change backup dir permissions back chmod($dir, 0700); // Update lcm_db_version since we have overwritten lcm_meta write_meta('lcm_db_version', $backup_db_version); if ($_REQUEST['restore_type'] == 'clean') { if (!preg_match('/^MySQL (4\\.0|3\\.)/', lcm_sql_server_info())) { write_meta('db_utf8', 'yes'); } } write_metas(); lcm_page_start(_T('title_archives'), '', '', 'archives_import'); // FIXME? show_tabs_links($tabs, 1, true); echo '<div class="sys_msg_box">' . "\n"; show_page_subtitle("Import finished", 'archives_import'); // FIXME TRAD? echo "Backup '{$input_filename}' was successfully imported into database."; // TRAD echo "</div\n>"; lcm_page_end(); }