/** * Install * Performs an installation based on the request in $xml * * @return Void Returns nothing, exits on error */ function Install() { $install = &$this->xml->install; // Required variables: $required = array( 'licenseKey','installPath', 'user' => array( 'email', 'username', 'password' ), 'database' => array( 'dbUser','dbPass','dbDatabase','dbServer' // ,'dbType' ) ); $errors = array(); foreach ($required as $node_name => $node) { if (is_array($node)) { foreach ($node as $variable) { if (!isset($install->$node_name->$variable)) { $errors[] = array('code' => 'missing' . ucfirst($node_name) . ucfirst($variable), 'message' => 'The ' . $node_name . ' ' . $variable . ' value was not supplied.'); } } } else { if (!isset($install->$node)) { $errors[] = array('code' => 'missing' . ucfirst($node), 'message' => 'The ' . $node . ' value was not supplied.'); } } } if (count($errors)) { $this->Error('Please fill out all mandatory fields to complete the installation.',$errors); } // Check if config file is writable $config_file = SENDSTUDIO_INCLUDES_DIRECTORY . "/config.php"; if (!is_writable($config_file)) { $this->Error('Before you can install Interspire Email Marketer make sure the following files are writable.',array(array('code' => 'filePermissions', 'message' => $config_file . ' is not writable.'))); } if (!is_writable(TEMP_DIRECTORY)) { $this->Error('Before you can install Interspire Email Marketer make sure the following files are writable.',array(array('code' => 'filePermissions', 'message' => TEMP_DIRECTORY . ' is not writable.'))); } $license_key = (string)$install->licenseKey; list($error, $msg) = sesion_start($license_key); if ($error) { $this->Error('A valid license key was not supplied.',array(array('code' => 'badLicenseKey','message' => $msg))); } /** * Connect to the database */ /** * Due to a problem with Plesk only mysql installations can be done * if ($install->database->dbType == 'postgresql') { require(dirname(__FILE__) . "/lib/database/pgsql.php"); $db_type = 'PGSQLDb'; $db_type_name = 'pgsql'; } elseif ($install->database->dbType == 'mysql') { */ require_once IEM_PATH . '/ext/database/mysql.php'; $db_type = 'MySQLDb'; $db_type_name = 'mysql'; defined('SENDSTUDIO_DATABASE_TYPE') or define('SENDSTUDIO_DATABASE_TYPE', $db_type_name); /** } else { $this->Error('The installer was not able to connect to the database.',array(array('code' => 'dbConnectError', 'message' => 'Unknown database type ' . $install->database->dbType))); } */ $db = new $db_type($install->database->dbServer, $install->database->dbUser, $install->database->dbPass, $install->database->dbDatabase); $db->TablePrefix = $install->database->tablePrefix; $db->ErrorCallback = array(&$this,'DatabaseError'); IEM::getDatabase($db); if (!$db->connection) { $this->Error('The installer was not able to connect to the database.', array(array('code' => 'dbConnectError', 'message' => "Unable to connect to the database: " . $db->GetError()))); } /** * Load the database schema file and create the database tables */ require_once(IEM_PATH . "/install/schema." . $db_type_name . ".php"); $tableprefix = ''; if (isset($install->database->tablePrefix)) { $tableprefix = (string)$install->database->tablePrefix; } foreach ($queries as $query) { $query = str_replace('%%TABLEPREFIX%%', $tableprefix, $query); $db->Query($query); } /** * Find the server timezone and write the configuration file */ $this->LoadLanguageFile('Timezones'); $timezone = date('O'); $timezone = preg_replace('/([+-])0/', '$1', $timezone); if ($timezone == '+000') { $timezone = 'GMT'; } $timez = 'GMT'; foreach ($GLOBALS['SendStudioTimeZones'] as $k => $tz) { // if we're using date('O') it doesn't include "GMT" or the ":" // see if we can match it up. $tz_trim = str_replace(array('GMT', ':'), '', $tz); if ($tz_trim == $timezone) { $timez = $tz; break; } } if (!defined('SENDSTUDIO_SERVERTIMEZONE')) { define('SENDSTUDIO_SERVERTIMEZONE', $timez); } define('SENDSTUDIO_TABLEPREFIX', $tableprefix); ob_start(); $settings_api = $this->GetApi('Settings'); $settings_details = array(); $settings_details['DATABASE_UTF8PATCH'] = '1'; $settings_details['DATABASE_TYPE'] = $db_type_name; $settings_details['DATABASE_USER'] = (string)$install->database->dbUser; $settings_details['DATABASE_PASS'] = (string)$install->database->dbPass; $settings_details['DATABASE_HOST'] = (string)$install->database->dbServer; $settings_details['DATABASE_NAME'] = (string)$install->database->dbDatabase; $settings_details['TABLEPREFIX'] = $tableprefix; $settings_details['LICENSEKEY'] = (string)$install->licenseKey; $settings_details['APPLICATION_URL'] = (string)$install->installPath; $settings_details['SERVERTIMEZONE'] = $timez; $settings_details['DEFAULTCHARSET'] = 'UTF-8'; $settings_details['EMAIL_ADDRESS'] = (string)$install->user->email; // now for the default settings. $settings_details['SMTP_PORT'] = '25'; $settings_details['IPTRACKING'] = '1'; $settings_details['MAX_IMAGEWIDTH'] = 700; $settings_details['MAX_IMAGEHEIGHT'] = 400; $settings_details['BOUNCE_IMAP'] = '0'; $settings_details['ALLOW_EMBEDIMAGES'] = '1'; $settings_details['ATTACHMENT_SIZE'] = '2048'; $settings_details['CRON_SEND'] = '5'; $settings_details['CRON_AUTORESPONDER'] = '10'; $settings_details['CRON_BOUNCE'] = '60'; $settings_details['EMAILSIZE_WARNING'] = '500'; $settings_details['EMAILSIZE_MAXIMUM'] = '2048'; $settings_details['RESEND_MAXIMUM'] = '3'; $settings_api->Set('Settings', $settings_details); $settings_api->Db = &$db; $settings_api->Save(); // ----- Update the default user account $username = $install->user->username; $unique_token = API_USERS::generateUniqueToken($username); $new_password = API_USERS::generatePasswordHash($install->user->password, $unique_token); $tempServerTimeZone = $db->Quote($settings_details['SERVERTIMEZONE']); $tempEmailAddress = $db->Quote(strval($install->user->email)); $tempUniqueToken = $db->Quote($unique_token); $tempUsername = $db->Quote($username); $tempPassword = $db->Quote($new_password); $tempHTMLFooter = $db->Quote(GetLang('Default_Global_HTML_Footer', '')); $tempTEXTFooter = $db->Quote(GetLang('Default_Global_Text_Footer', '')); $query = " UPDATE {$tableprefix}users SET unique_token = '{$tempUniqueToken}', usertimezone = '{$tempServerTimeZone}', emailaddress ='{$tempEmailAddress}', textfooter ='{$tempTEXTFooter}', htmlfooter ='{$tempHTMLFooter}', username = '******', password ='******' WHERE userid = 1 "; $db->Query($query); unset($tempTEXTFooter); unset($tempHTMLFooter); unset($tempPassword); unset($tempUniqueToken); unset($tempEmailAddress); unset($tempServerTimeZone); unset($new_password); unset($unique_token); // ----- ob_end_clean(); /** * Installation is finished */ $this->PrintHeader(); ?> <status>OK</status> <installPath><?php echo $install->installPath; ?></installPath> <user> <username>admin</username> <password><?php echo $install->user->password; ?></password> </user> <?php $this->PrintFooter(); return; }
/** * _authenticate * Return user record based on the username/password that is supplied. * If user does not exists, it will return an integer 0 (Zero). * * @param String $username Username to login user with * @param String $password Password to login user with * @param String $xmltoken XML Token to login user with * @return Mixed Returns an associative array of the user record if username/password match, 0 if record does not match, FALSE if error occured * * @uses Db::Quote() * @uses Db::Query() * @uses Db::GetError() * @uses Db::Fetch() * @uses Db::FreeResult() */ private function _authenticate($username, $password, $xmltoken) { $db = IEM::getDatabase(); $username = $db->Quote($username); if ($password === '' && $xmltoken === '') { return 0; } $query = "SELECT * FROM [|PREFIX|]users WHERE username = '******' AND status = '1'"; $result = $db->Query($query); if ($result == false) { list($error, $level) = $db->GetError(); trigger_error($error, $level); return false; } $details = $db->Fetch($result); $db->FreeResult($result); if (empty($details)) { return 0; } if (!empty($password)) { $tempPassword = $password; if (array_key_exists('unique_token', $details)) { $tempPassword = API_USERS::generatePasswordHash($password, $details['unique_token']); } else { $tempPassword = md5($password); } if ($details['password'] != $tempPassword) { return 0; } } elseif (!empty($xmltoken) && $details['xmltoken'] != $xmltoken) { return 0; } return $details; }
/** * Save * This function saves the current class vars to the user. * It will also save permissions by calling SavePermissions unless $update_perms is false. * * @see SavePermissions * * @param Boolean $update_perms Defaults to true to save permissions, false will skip this. * * @return Boolean Returns true if it worked, false if it fails. */ function Save($update_perms = true) { $this->FilterData(); if (!$this->Validate('save')) { return false; } /** * @see usexhtml for what a value of 2 means. */ $useWYSIWYG = (int) $this->usewysiwyg; if ($this->usewysiwyg && !$this->usexhtml) { $useWYSIWYG = 2; } $enableactivitylog = ($this->enableactivitylog ? 1 : 0); if (!is_array($this->eventactivitytype)) { $this->eventactivitytype = array(); } if (!ss9024kwehbehb($this)) { return -1; } $this->GetDb(); $userid = intval($this->userid); $upgrade = 0; // ----- Check if they were trial user before they save $query = "SELECT trialuser FROM [|PREFIX|]users WHERE userid=" . $userid; $result = $this->Db->Query($query); if (!$result) { list($error, $level) = $this->Db->GetError(); trigger_error($error, $level); return false; } $row = $this->Db->Fetch($result); if (!empty($row) && isset($row['trialuser'])) { if ($this->trialuser != $row['trialuser']) { // If it this object trialuser property is set to 1, that means it is downgrading // 1 = Upgrading from free // 2 = Downgrading from paid $upgrade = ($this->trialuser == '1' ? 2 : 1); } } $this->Db->FreeResult($result); // ----- $this->Db->StartTransaction(); // unique_token is intentionally left out $query = "UPDATE [|PREFIX|]users SET groupid = " . intval($this->groupid) . ", username='******', status='" . (int) $this->status . "'"; $query .= ", trialuser='******'1' ? '1' : '0') . "'"; $query .= ", fullname='" . $this->Db->Quote($this->fullname) . "', emailaddress='" . $this->Db->Quote($this->emailaddress) . "'"; $query .= ", editownsettings='" . (int) $this->editownsettings . "', usertimezone='" . $this->Db->Quote($this->usertimezone) . "'"; $query .= ", textfooter='" . $this->Db->Quote($this->textfooter) . "', htmlfooter='" . $this->Db->Quote($this->htmlfooter) . "'"; $query .= ", infotips='" . (int) $this->infotips . "', smtpserver='" . $this->Db->Quote($this->smtpserver) . "', smtpusername='******', smtppassword='******', smtpport=" . (int) $this->smtpport; $query .= ", usewysiwyg='" . $useWYSIWYG . "', enableactivitylog='" . $enableactivitylog . "'"; $query .= ", xmlapi='" . (int) $this->xmlapi . "', xmltoken='" . $this->Db->Quote($this->xmltoken) . "', gettingstarted=" . intval($this->gettingstarted); $query .= ", googlecalendarusername='******', googlecalendarpassword='******'"; $query .= ", eventactivitytype = '" . $this->Db->Quote(serialize($this->eventactivitytype)) . "'"; $query .= ", adminnotify_email='" . $this->Db->Quote($this->adminnotify_email) . "', adminnotify_send_flag='" . intval($this->adminnotify_send_flag) . "', adminnotify_send_threshold =" . (int) $this->adminnotify_send_threshold . ", adminnotify_send_emailtext='" . $this->Db->Quote($this->adminnotify_send_emailtext) . "'"; $query .= ", adminnotify_import_flag='" . intval($this->adminnotify_import_flag) . "', adminnotify_import_threshold =" . (int) $this->adminnotify_import_threshold . ", adminnotify_import_emailtext='" . $this->Db->Quote($this->adminnotify_import_emailtext) . "'"; if (!empty($this->password)) { $processedPassword = API_USERS::generatePasswordHash($this->password, $this->unique_token); $query .= ', password=\'' . $this->Db->Quote($processedPassword) . '\''; } $query .= ' WHERE userid=' . $userid; $result = $this->Db->Query($query); if (!$result) { $this->Db->RollbackTransaction(); list($error, $level) = $this->Db->GetError(); trigger_error($error, $level); return false; } if (!check_user_dir($this->userid, $upgrade)) { $this->Db->RollbackTransaction(); trigger_error(__CLASS__ . '::' . __METHOD__ . ' - User files/data was not found?', E_USER_NOTICE); return false; } $this->Db->CommitTransaction(); $this->_cacheUserTypeCount = false; $this->password = null; $currentUser = IEM::userGetCurrent(); if ($currentUser->userid == $this->userid) { IEM::userFlushCache(); } return true; }
/** * SaveDefaultSettings * Saves the default settings into the database. * Note that the database and required system settings must be set up before this is called. * * @return Array The first element is an error code indicating success (0) or failure (> 0). The second element is an error string. */ public function SaveDefaultSettings() { if (!$this->CheckRequiredFields()) { return array(self::SETTINGS_MISSING, 'All required settings must be loaded first.'); } if (!$this->_db) { return array(self::DB_MISSING, 'Database connection must be established first.'); } require_once SENDSTUDIO_API_DIRECTORY . '/settings.php'; $settings_api = new Settings_API(false); $settings = $this->_settings; $settings['DATABASE_UTF8PATCH'] = '1'; $settings['SERVERTIMEZONE'] = self::GetTimezone(); $settings['DEFAULTCHARSET'] = 'UTF-8'; $settings['SMTP_PORT'] = '25'; $settings['IPTRACKING'] = '1'; $settings['MAXHOURLYRATE'] = '0'; $settings['ALLOW_ATTACHMENTS'] = '1'; $settings['USEMULTIPLEUNSUBSCRIBE'] = '0'; $settings['CONTACTCANMODIFYEMAIL'] = '0'; $settings['FORCE_UNSUBLINK'] = '0'; $settings['MAXOVERSIZE'] = '0'; $settings['MAX_IMAGEWIDTH'] = '700'; $settings['MAX_IMAGEHEIGHT'] = '400'; $settings['BOUNCE_IMAP'] = '0'; $settings['ALLOW_EMBEDIMAGES'] = '1'; $settings['ATTACHMENT_SIZE'] = '2048'; $settings['CRON_ENABLED'] = '0'; $settings['CRON_SEND'] = '5'; $settings['CRON_AUTORESPONDER'] = '10'; $settings['CRON_BOUNCE'] = '60'; $settings['EMAILSIZE_WARNING'] = '500'; $settings['EMAILSIZE_MAXIMUM'] = '2048'; $settings['RESEND_MAXIMUM'] = '3'; $settings['CREDIT_INCLUDE_AUTORESPONDERS'] = '1'; $settings['CREDIT_INCLUDE_TRIGGERS'] = '1'; $settings['CREDIT_WARNINGS'] = '0'; $settings_api->Set('Settings', $settings); // set the table prefix constant for the API to work define('SENDSTUDIO_TABLEPREFIX', $this->_db->TablePrefix); $settings_api->Db =& $this->_db; $settings_api->Save(); $username = $_POST['admin_username']; $usernameToken = API_USERS::generateUniqueToken($username); $password = API_USERS::generatePasswordHash($_POST['admin_password'], $usernameToken); // Set the admin user's settings $query = 'UPDATE [|PREFIX|]users SET '; $query .= " usertimezone='" . $this->_db->Quote($settings['SERVERTIMEZONE']) . "', "; $query .= " emailaddress='" . $this->_db->Quote($settings['EMAIL_ADDRESS']) . "', "; $query .= " textfooter='" . $this->_db->Quote(GetLang('Default_Global_Text_Footer')) . "', "; $query .= " htmlfooter='" . $this->_db->Quote(GetLang('Default_Global_HTML_Footer')) . "', "; $query .= " unique_token='" . $this->_db->Quote($usernameToken) . "', "; $query .= " username='******', "; $query .= " password='******' "; $query .= ' WHERE userid=1'; $result = $this->_db->Query($query); if (!$result) { return array(self::DB_QUERY_ERROR, $this->_db->GetErrorMsg()); } return array(self::SUCCESS, null); }