/**
* Setup the database connection
*
* @access public
*/
public function __construct()
{
if (!self::$host && !self::$user && !self::$password && !self::$database) {
return false;
}
$this->connection = db_connect(self::$host, self::$user, self::$password);
db_select_database(self::$database);
}
function db_init()
{
global $db, $db_settings;
/* Database */
$db = new CountingDB($db_settings['host'], $db_settings['username'], $db_settings['password'], "postgres", $db_settings['port'], $db_settings['charset']);
$db->query("DROP DATABASE IF EXISTS {$db_settings['database']}");
$db->query("CREATE DATABASE {$db_settings['database']}");
db_select_database();
db_run_file("db.sql");
}
function db_connect($host, $user, $passwd, $db = "")
{
//Assert
if (!strlen($user) || !strlen($passwd) || !strlen($host)) {
return NULL;
}
//Connect
if (!($dblink = @mysql_connect($host, $user, $passwd))) {
return NULL;
}
//Select the database, if any.
if ($db) {
db_select_database($db);
}
//set desired encoding just in case mysql charset is not UTF-8 - Thanks to FreshMedia
@mysql_query('SET NAMES "UTF8"');
@mysql_query('SET COLLATION_CONNECTION=utf8_general_ci');
return $dblink;
}
function db_connect($host, $user, $passwd, $options = array())
{
//Assert
if (!strlen($user) || !strlen($passwd) || !strlen($host)) {
return NULL;
}
//Connect
$start = (double) microtime() * 1000000;
if (!($dblink = @mysql_connect($host, $user, $passwd))) {
return NULL;
}
//Select the database, if any.
if ($options['db']) {
db_select_database($options['db']);
}
//set desired encoding just in case mysql charset is not UTF-8 - Thanks to FreshMedia
@mysql_query('SET NAMES "utf8"');
@mysql_query('SET CHARACTER SET "utf8"');
@mysql_query('SET COLLATION_CONNECTION=utf8_general_ci');
@db_set_variable('sql_mode', '');
// Use connection timing to seed the random number generator
Misc::__rand_seed((double) microtime() * 1000000 - $start);
return $dblink;
}
}
sleep(1);
}
if ($t >= CONNECTION_TIMEOUT_SEC) {
err("Timed out waiting for database TCP connection");
}
//Check database installation status
$db_installed = false;
echo "Connecting to database mysql://{$vars['dbuser']}@{$vars['dbhost']}/{$vars['dbname']}\n";
if (!db_connect($vars['dbhost'], $vars['dbuser'], $vars['dbpass'])) {
err(sprintf(__('Unable to connect to MySQL server: %s'), db_connect_error()));
} elseif (explode('.', db_version()) < explode('.', $installer->getMySQLVersion())) {
err(sprintf(__('osTicket requires MySQL %s or later!'), $installer->getMySQLVersion()));
} elseif (!db_select_database($vars['dbname']) && !db_create_database($vars['dbname'])) {
err("Database doesn't exist");
} elseif (!db_select_database($vars['dbname'])) {
err('Unable to select the database');
} else {
$sql = 'SELECT * FROM `' . $vars['prefix'] . 'config` LIMIT 1';
if (db_query($sql, false)) {
$db_installed = true;
echo "Database already installed\n";
}
}
//Create secret if not set by env var and not previously stored
DEFINE('SECRET_FILE', '/data/secret.txt');
if (!$vars['siri']) {
if (file_exists(SECRET_FILE)) {
echo "Loading installation secret\n";
$vars['siri'] = file_get_contents(SECRET_FILE);
} else {
define('TICKET_TABLE', TABLE_PREFIX . 'ticket');
define('TICKET_NOTE_TABLE', TABLE_PREFIX . 'ticket_note');
define('TICKET_MESSAGE_TABLE', TABLE_PREFIX . 'ticket_message');
define('TICKET_RESPONSE_TABLE', TABLE_PREFIX . 'ticket_response');
define('TICKET_ATTACHMENT_TABLE', TABLE_PREFIX . 'ticket_attachment');
define('TICKET_PRIORITY_TABLE', TABLE_PREFIX . 'ticket_priority');
define('TICKET_LOCK_TABLE', TABLE_PREFIX . 'ticket_lock');
define('EMAIL_TABLE', TABLE_PREFIX . 'email');
define('POP3_TABLE', TABLE_PREFIX . 'email_pop3');
define('EMAIL_TEMPLATE_TABLE', TABLE_PREFIX . 'email_template');
define('BANLIST_TABLE', TABLE_PREFIX . 'email_banlist');
define('TIMEZONE_TABLE', TABLE_PREFIX . 'timezone');
#Connect to the DB && get configuration from database
$ferror = null;
$cfg = new Config();
if (!db_connect(DBHOST, DBUSER, DBPASS) || !db_select_database(DBNAME)) {
$ferror = 'Unable to connect to the DB';
} elseif (!$cfg->load(1)) {
$ferror = 'Unable to load config info';
}
if ($ferror) {
//Fatal error
if (defined(ADMIN_EMAIL) && Validator::is_email(ADMIN_EMAIL)) {
Misc::sendmail(ADMIN_EMAIL, 'Fatal DB Error', $ferror, ADMIN_EMAIL);
}
die("<b>Fatal Error:</b> Contact site admin.");
exit;
}
//Set default timezone...staff will overwrite it.
list($mysqltz) = db_fetch_row(db_query('SELECT @@session.time_zone '));
$cfg->setMysqlTZ($mysqltz);
}
//Connect to the DB
if (!$errors && !db_connect($_POST['dbhost'], $_POST['dbuser'], $_POST['dbpass'])) {
$errors['mysql'] = 'Unable to connect to MySQL server. Possibly invalid login info. <br>';
}
//check mysql version
if (!$errors && db_version() < '4.1.1') {
$errors['mysql'] = 'osTicket requires MySQL 4.1.1 or better! Please upgrade';
}
//Select the DB
if (!$errors && !db_select_database($_POST['dbname'])) {
//Try creating the missing DB
if (!db_query('CREATE DATABASE ' . $_POST['dbname'])) {
$errors['dbname'] = 'Database doesn\'t exist';
$errors['mysql'] = 'Unable to create the database due to permission';
} elseif (!db_select_database($_POST['dbname'])) {
$errors['dbname'] = 'Unable to select the database';
}
}
//Get database schema
if (!$errors && (!file_exists(SCHEMAFILE) || !($schema = file_get_contents(SCHEMAFILE)))) {
$errors['err'] = 'Internal error. Please make sure your download is the latest';
$errors['mysql'] = 'Missing SQL schema';
}
//Open the file for writing..
if (!$errors && !($fp = @fopen(CONFIGFILE, 'r+'))) {
$errors['err'] = 'Unable to open config file for writting. Permission denied!';
}
//IF no errors..Do the install. Let the fun start...
if (!$errors && $schema && $fp) {
define('ADMIN_EMAIL', $_POST['email']);
define('API_KEY_TABLE', TABLE_PREFIX . 'api_key');
define('TIMEZONE_TABLE', TABLE_PREFIX . 'timezone');
#Global override
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
// Take the left-most item for X-Forwarded-For
$_SERVER['REMOTE_ADDR'] = array_pop(explode(',', trim($_SERVER['HTTP_X_FORWARDED_FOR'])));
}
#Connect to the DB && get configuration from database
$ferror = null;
$options = array();
if (defined('DBSSLCA')) {
$options['ssl'] = array('ca' => DBSSLCA, 'cert' => DBSSLCERT, 'key' => DBSSLKEY);
}
if (!db_connect(DBHOST, DBUSER, DBPASS, $options)) {
$ferror = 'Unable to connect to the database -' . db_connect_error();
} elseif (!db_select_database(DBNAME)) {
$ferror = 'Unknown or invalid database ' . DBNAME;
} elseif (!($ost = osTicket::start()) || !($cfg = $ost->getConfig())) {
$ferror = 'Unable to load config info from DB. Get tech support.';
}
if ($ferror) {
//Fatal error
//try alerting admin using email in config file
$msg = $ferror . "\n\n" . THISPAGE;
Mailer::sendmail(ADMIN_EMAIL, 'osTicket Fatal Error', $msg, sprintf('"osTicket Alerts"<%s>', ADMIN_EMAIL));
//Display generic error to the user
Http::response(500, "<b>Fatal Error:</b> Contact system administrator.");
}
//Init
$session = $ost->getSession();
//System defaults we might want to make global//
function install($vars) {
$this->errors=$f=array();
$f['name'] = array('type'=>'string', 'required'=>1, 'error'=>__('Name required'));
$f['email'] = array('type'=>'email', 'required'=>1, 'error'=>__('Valid email required'));
$f['fname'] = array('type'=>'string', 'required'=>1, 'error'=>__('First name required'));
$f['lname'] = array('type'=>'string', 'required'=>1, 'error'=>__('Last name required'));
$f['admin_email'] = array('type'=>'email', 'required'=>1, 'error'=>__('Valid email required'));
$f['username'] = array('type'=>'username', 'required'=>1, 'error'=>__('Username required'));
$f['passwd'] = array('type'=>'password', 'required'=>1, 'error'=>__('Password required'));
$f['passwd2'] = array('type'=>'password', 'required'=>1, 'error'=>__('Confirm Password'));
$f['prefix'] = array('type'=>'string', 'required'=>1, 'error'=>__('Table prefix required'));
$f['dbhost'] = array('type'=>'string', 'required'=>1, 'error'=>__('Host name required'));
$f['dbname'] = array('type'=>'string', 'required'=>1, 'error'=>__('Database name required'));
$f['dbuser'] = array('type'=>'string', 'required'=>1, 'error'=>__('Username required'));
$f['dbpass'] = array('type'=>'string', 'required'=>1, 'error'=>__('Password required'));
$vars = array_map('trim', $vars);
if(!Validator::process($f,$vars,$this->errors) && !$this->errors['err'])
$this->errors['err']=__('Missing or invalid data - correct the errors and try again.');
//Staff's email can't be same as system emails.
if($vars['admin_email'] && $vars['email'] && !strcasecmp($vars['admin_email'],$vars['email']))
$this->errors['admin_email']=__('Conflicts with system email above');
//Admin's pass confirmation.
if(!$this->errors && strcasecmp($vars['passwd'],$vars['passwd2']))
$this->errors['passwd2']=__('Password(s) do not match');
//Check table prefix underscore required at the end!
if($vars['prefix'] && substr($vars['prefix'], -1)!='_')
$this->errors['prefix']=__('Bad prefix. Must have underscore (_) at the end. e.g \'ost_\'');
//Make sure admin username is not very predictable. XXX: feels dirty but necessary
if(!$this->errors['username'] && in_array(strtolower($vars['username']),array('admin','admins','username','osticket')))
$this->errors['username']=__('Bad username');
// Support port number specified in the hostname with a colon (:)
list($host, $port) = explode(':', $vars['dbhost']);
if ($port && is_numeric($port) && ($port < 1 || $port > 65535))
$this->errors['db'] = __('Invalid database port number');
//MYSQL: Connect to the DB and check the version & database (create database if it doesn't exist!)
if(!$this->errors) {
if(!db_connect($vars['dbhost'],$vars['dbuser'],$vars['dbpass']))
$this->errors['db']=sprintf(__('Unable to connect to MySQL server: %s'), db_connect_error());
elseif(explode('.', db_version()) < explode('.', $this->getMySQLVersion()))
$this->errors['db']=sprintf(__('osTicket requires MySQL %s or later!'),$this->getMySQLVersion());
elseif(!db_select_database($vars['dbname']) && !db_create_database($vars['dbname'])) {
$this->errors['dbname']=__("Database doesn't exist");
$this->errors['db']=__('Unable to create the database.');
} elseif(!db_select_database($vars['dbname'])) {
$this->errors['dbname']=__('Unable to select the database');
} else {
//Abort if we have another installation (or table) with same prefix.
$sql = 'SELECT * FROM `'.$vars['prefix'].'config` LIMIT 1';
if(db_query($sql, false)) {
$this->errors['err'] = __('We have a problem - another installation with same table prefix exists!');
$this->errors['prefix'] = __('Prefix already in-use');
} else {
//Try changing charset and collation of the DB - no bigie if we fail.
db_query('ALTER DATABASE '.$vars['dbname'].' DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci', false);
}
}
}
//bailout on errors.
if($this->errors) return false;
/*************** We're ready to install ************************/
define('ADMIN_EMAIL',$vars['admin_email']); //Needed to report SQL errors during install.
define('TABLE_PREFIX',$vars['prefix']); //Table prefix
Bootstrap::defineTables(TABLE_PREFIX);
Bootstrap::loadCode();
$debug = true; // Change it to false to squelch SQL errors.
//Last minute checks.
if(!file_exists($this->getConfigFile()) || !($configFile=file_get_contents($this->getConfigFile())))
$this->errors['err']=__('Unable to read config file. Permission denied! (#2)');
elseif(!($fp = @fopen($this->getConfigFile(),'r+')))
$this->errors['err']=__('Unable to open config file for writing. Permission denied! (#3)');
else {
$streams = DatabaseMigrater::getUpgradeStreams(INCLUDE_DIR.'upgrader/streams/');
foreach ($streams as $stream=>$signature) {
$schemaFile = INC_DIR."streams/$stream/install-mysql.sql";
if (!file_exists($schemaFile) || !($fp2 = fopen($schemaFile, 'rb')))
$this->errors['err'] = sprintf(
__('%s: Internal Error - please make sure your download is the latest (#1)'),
$stream);
elseif (
// TODO: Make the hash algo configurable in the streams
// configuration ( core : md5 )
!($hash = md5(fread($fp2, filesize($schemaFile))))
|| strcasecmp($signature, $hash))
$this->errors['err'] = sprintf(
__('%s: Unknown or invalid schema signature (%s .. %s)'),
$stream,
$signature, $hash);
elseif (!$this->load_sql_file($schemaFile, $vars['prefix'], true, $debug))
$this->errors['err'] = sprintf(
__('%s: Error parsing SQL schema! Get help from developers (#4)'),
$stream);
}
}
if(!$this->errors) {
// TODO: Use language selected from install worksheet
$i18n = new Internationalization($vars['lang_id']);
$i18n->loadDefaultData();
Signal::send('system.install', $this);
$sql='SELECT `id` FROM '.TABLE_PREFIX.'sla ORDER BY `id` LIMIT 1';
$sla_id_1 = db_result(db_query($sql, false));
$sql='SELECT `dept_id` FROM '.TABLE_PREFIX.'department ORDER BY `dept_id` LIMIT 1';
$dept_id_1 = db_result(db_query($sql, false));
$sql='SELECT `tpl_id` FROM '.TABLE_PREFIX.'email_template_group ORDER BY `tpl_id` LIMIT 1';
$template_id_1 = db_result(db_query($sql, false));
$sql='SELECT `group_id` FROM '.TABLE_PREFIX.'groups ORDER BY `group_id` LIMIT 1';
$group_id_1 = db_result(db_query($sql, false));
$sql='SELECT `value` FROM '.TABLE_PREFIX.'config WHERE namespace=\'core\' and `key`=\'default_timezone_id\' LIMIT 1';
$default_timezone = db_result(db_query($sql, false));
//Create admin user.
$sql='INSERT INTO '.TABLE_PREFIX.'staff SET created=NOW() '
.", isactive=1, isadmin=1, group_id='$group_id_1', dept_id='$dept_id_1'"
.", timezone_id='$default_timezone', max_page_size=25"
.', email='.db_input($vars['admin_email'])
.', firstname='.db_input($vars['fname'])
.', lastname='.db_input($vars['lname'])
.', username='******'username'])
.', passwd='.db_input(Passwd::hash($vars['passwd']));
if(!db_query($sql, false) || !($uid=db_insert_id()))
$this->errors['err']=__('Unable to create admin user (#6)');
}
if(!$this->errors) {
//Create default emails!
$email = $vars['email'];
list(,$domain)=explode('@',$vars['email']);
$sql='INSERT INTO '.TABLE_PREFIX.'email (`name`,`email`,`created`,`updated`) VALUES '
." ('Support','$email',NOW(),NOW())"
.",('osTicket Alerts','alerts@$domain',NOW(),NOW())"
.",('','noreply@$domain',NOW(),NOW())";
$support_email_id = db_query($sql, false) ? db_insert_id() : 0;
$sql='SELECT `email_id` FROM '.TABLE_PREFIX."email WHERE `email`='alerts@$domain' LIMIT 1";
$alert_email_id = db_result(db_query($sql, false));
//Create config settings---default settings!
$defaults = array(
'default_email_id'=>$support_email_id,
'alert_email_id'=>$alert_email_id,
'default_dept_id'=>$dept_id_1, 'default_sla_id'=>$sla_id_1,
'default_template_id'=>$template_id_1,
'admin_email'=>$vars['admin_email'],
'schema_signature'=>$streams['core'],
'helpdesk_url'=>URL,
'helpdesk_title'=>$vars['name']);
$config = new Config('core');
if (!$config->updateAll($defaults))
$this->errors['err']=__('Unable to create config settings').' (#7)';
// Set company name
require_once(INCLUDE_DIR.'class.company.php');
$company = new Company();
$company->getForm()->setAnswer('name', $vars['name']);
$company->getForm()->save();
foreach ($streams as $stream=>$signature) {
if ($stream != 'core') {
$config = new Config($stream);
if (!$config->update('schema_signature', $signature))
$this->errors['err']=__('Unable to create config settings').' (#8)';
}
}
}
if($this->errors) return false; //Abort on internal errors.
//Rewrite the config file - MUST be done last to allow for installer recovery.
$configFile= str_replace("define('OSTINSTALLED',FALSE);","define('OSTINSTALLED',TRUE);",$configFile);
$configFile= str_replace('%ADMIN-EMAIL',$vars['admin_email'],$configFile);
$configFile= str_replace('%CONFIG-DBHOST',$vars['dbhost'],$configFile);
$configFile= str_replace('%CONFIG-DBNAME',$vars['dbname'],$configFile);
$configFile= str_replace('%CONFIG-DBUSER',$vars['dbuser'],$configFile);
$configFile= str_replace('%CONFIG-DBPASS',$vars['dbpass'],$configFile);
$configFile= str_replace('%CONFIG-PREFIX',$vars['prefix'],$configFile);
$configFile= str_replace('%CONFIG-SIRI',Misc::randCode(32),$configFile);
if(!$fp || !ftruncate($fp,0) || !fwrite($fp,$configFile)) {
$this->errors['err']=__('Unable to write to config file. Permission denied! (#5)');
return false;
}
@fclose($fp);
/************* Make the system happy ***********************/
$sql='UPDATE '.TABLE_PREFIX."email SET dept_id=$dept_id_1";
db_query($sql, false);
global $cfg;
$cfg = new OsticketConfig();
//Create a ticket to make the system warm and happy.
$errors = array();
$ticket_vars = $i18n->getTemplate('templates/ticket/installed.yaml')
->getData();
$ticket = Ticket::create($ticket_vars, $errors, 'api', false, false);
if ($ticket
&& ($org = Organization::objects()->order_by('id')->one())) {
$user=User::lookup($ticket->getOwnerId());
$user->setOrganization($org);
}
//TODO: create another personalized ticket and assign to admin??
//Log a message.
$msg=__("Congratulations osTicket basic installation completed!\n\nThank you for choosing osTicket!");
$sql='INSERT INTO '.TABLE_PREFIX.'syslog SET created=NOW(), updated=NOW(), log_type="Debug" '
.', title="osTicket installed!"'
.', log='.db_input($msg)
.', ip_address='.db_input($_SERVER['REMOTE_ADDR']);
db_query($sql, false);
return true;
}
function connect()
{
#Connect to the DB && get configuration from database
$ferror = null;
$options = array();
if (defined('DBSSLCA')) {
$options['ssl'] = array('ca' => DBSSLCA, 'cert' => DBSSLCERT, 'key' => DBSSLKEY);
}
if (!db_connect(DBHOST, DBUSER, DBPASS, $options)) {
$ferror = sprintf('Unable to connect to the database — %s', db_connect_error());
} elseif (!db_select_database(DBNAME)) {
$ferror = sprintf('Unknown or invalid database: %s', DBNAME);
}
if ($ferror) {
//Fatal error
self::croak($ferror);
}
}
function install($vars)
{
$this->errors = $f = array();
$f['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required');
$f['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$f['fname'] = array('type' => 'string', 'required' => 1, 'error' => 'First name required');
$f['lname'] = array('type' => 'string', 'required' => 1, 'error' => 'Last name required');
$f['admin_email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$f['username'] = array('type' => 'username', 'required' => 1, 'error' => 'Username required');
$f['passwd'] = array('type' => 'password', 'required' => 1, 'error' => 'Password required');
$f['passwd2'] = array('type' => 'string', 'required' => 1, 'error' => 'Confirm password');
$f['prefix'] = array('type' => 'string', 'required' => 1, 'error' => 'Table prefix required');
$f['dbhost'] = array('type' => 'string', 'required' => 1, 'error' => 'Hostname required');
$f['dbname'] = array('type' => 'string', 'required' => 1, 'error' => 'Database name required');
$f['dbuser'] = array('type' => 'string', 'required' => 1, 'error' => 'Username required');
$f['dbpass'] = array('type' => 'string', 'required' => 1, 'error' => 'password required');
if (!Validator::process($f, $vars, $this->errors) && !$this->errors['err']) {
$this->errors['err'] = 'Missing or invalid data - correct the errors and try again.';
}
//Staff's email can't be same as system emails.
if ($vars['admin_email'] && $vars['email'] && !strcasecmp($vars['admin_email'], $vars['email'])) {
$this->errors['admin_email'] = 'Conflicts with system email above';
}
//Admin's pass confirmation.
if (!$this->errors && strcasecmp($vars['passwd'], $vars['passwd2'])) {
$this->errors['passwd2'] = 'passwords to not match!';
}
//Check table prefix underscore required at the end!
if ($vars['prefix'] && substr($vars['prefix'], -1) != '_') {
$this->errors['prefix'] = 'Bad prefix. Must have underscore (_) at the end. e.g \'ost_\'';
}
//Make sure admin username is not very predictable. XXX: feels dirty but necessary
if (!$this->errors['username'] && in_array(strtolower($vars['username']), array('admin', 'admins', 'username', 'osticket'))) {
$this->errors['username'] = '******';
}
// Support port number specified in the hostname with a colon (:)
list($host, $port) = explode(':', $vars['dbhost']);
if ($port && is_numeric($port) && ($port < 1 || $port > 65535)) {
$this->errors['db'] = 'Invalid database port number';
}
//MYSQL: Connect to the DB and check the version & database (create database if it doesn't exist!)
if (!$this->errors) {
if (!db_connect($vars['dbhost'], $vars['dbuser'], $vars['dbpass'])) {
$this->errors['db'] = 'Unable to connect to MySQL server. ' . db_connect_error();
} elseif (explode('.', db_version()) < explode('.', $this->getMySQLVersion())) {
$this->errors['db'] = sprintf('osTicket requires MySQL %s or better!', $this->getMySQLVersion());
} elseif (!db_select_database($vars['dbname']) && !db_create_database($vars['dbname'])) {
$this->errors['dbname'] = 'Database doesn\'t exist';
$this->errors['db'] = 'Unable to create the database.';
} elseif (!db_select_database($vars['dbname'])) {
$this->errors['dbname'] = 'Unable to select the database';
} else {
//Abort if we have another installation (or table) with same prefix.
$sql = 'SELECT * FROM `' . $vars['prefix'] . 'config` LIMIT 1';
if (db_query($sql, false)) {
$this->errors['err'] = 'We have a problem - another installation with same table prefix exists!';
$this->errors['prefix'] = 'Prefix already in-use';
} else {
//Try changing charset and collation of the DB - no bigie if we fail.
db_query('ALTER DATABASE ' . $vars['dbname'] . ' DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci', false);
}
}
}
//bailout on errors.
if ($this->errors) {
return false;
}
/*************** We're ready to install ************************/
define('ADMIN_EMAIL', $vars['admin_email']);
//Needed to report SQL errors during install.
define('PREFIX', $vars['prefix']);
//Table prefix
$debug = true;
// Change it to false to squelch SQL errors.
//Last minute checks.
if (!file_exists($this->getConfigFile()) || !($configFile = file_get_contents($this->getConfigFile()))) {
$this->errors['err'] = 'Unable to read config file. Permission denied! (#2)';
} elseif (!($fp = @fopen($this->getConfigFile(), 'r+'))) {
$this->errors['err'] = 'Unable to open config file for writing. Permission denied! (#3)';
} else {
$streams = DatabaseMigrater::getUpgradeStreams(INCLUDE_DIR . 'upgrader/streams/');
foreach ($streams as $stream => $signature) {
$schemaFile = INC_DIR . "streams/{$stream}/install-mysql.sql";
if (!file_exists($schemaFile) || !($fp2 = fopen($schemaFile, 'rb'))) {
$this->errors['err'] = $stream . ': Internal Error - please make sure your download is the latest (#1)';
} elseif (!($hash = md5(fread($fp2, filesize($schemaFile)))) || strcasecmp($signature, $hash)) {
$this->errors['err'] = $stream . ': Unknown or invalid schema signature (' . $signature . ' .. ' . $hash . ')';
} elseif (!$this->load_sql_file($schemaFile, $vars['prefix'], true, $debug)) {
$this->errors['err'] = $stream . ': Error parsing SQL schema! Get help from developers (#4)';
}
}
}
$sql = 'SELECT `id` FROM ' . PREFIX . 'sla ORDER BY `id` LIMIT 1';
$sla_id_1 = db_result(db_query($sql, false), 0);
$sql = 'SELECT `dept_id` FROM ' . PREFIX . 'department ORDER BY `dept_id` LIMIT 1';
$dept_id_1 = db_result(db_query($sql, false), 0);
$sql = 'SELECT `tpl_id` FROM ' . PREFIX . 'email_template_group ORDER BY `tpl_id` LIMIT 1';
$template_id_1 = db_result(db_query($sql, false), 0);
$sql = 'SELECT `group_id` FROM ' . PREFIX . 'groups ORDER BY `group_id` LIMIT 1';
$group_id_1 = db_result(db_query($sql, false), 0);
$sql = 'SELECT `id` FROM ' . PREFIX . 'timezone WHERE offset=-5.0 LIMIT 1';
$eastern_timezone = db_result(db_query($sql, false), 0);
if (!$this->errors) {
//Create admin user.
$sql = 'INSERT INTO ' . PREFIX . 'staff SET created=NOW() ' . ", isactive=1, isadmin=1, group_id={$group_id_1}, dept_id={$dept_id_1}" . ", timezone_id={$eastern_timezone}, max_page_size=25" . ', email=' . db_input($vars['admin_email']) . ', firstname=' . db_input($vars['fname']) . ', lastname=' . db_input($vars['lname']) . ', username='******'username']) . ', passwd=' . db_input(Passwd::hash($vars['passwd']));
if (!db_query($sql, false) || !($uid = db_insert_id())) {
$this->errors['err'] = 'Unable to create admin user (#6)';
}
}
if (!$this->errors) {
//Create default emails!
$email = $vars['email'];
list(, $domain) = explode('@', $vars['email']);
$sql = 'INSERT INTO ' . PREFIX . 'email (`name`,`email`,`created`,`updated`) VALUES ' . " ('Support','{$email}',NOW(),NOW())" . ",('osTicket Alerts','alerts@{$domain}',NOW(),NOW())" . ",('','noreply@{$domain}',NOW(),NOW())";
$support_email_id = db_query($sql, false) ? db_insert_id() : 0;
$sql = 'SELECT `email_id` FROM ' . PREFIX . "email WHERE `email`='alerts@{$domain}' LIMIT 1";
$alert_email_id = db_result(db_query($sql, false), 0);
//Create config settings---default settings!
//XXX: rename ostversion helpdesk_* ??
// XXX: Some of this can go to the core install file
$defaults = array('isonline' => '0', 'default_email_id' => $support_email_id, 'alert_email_id' => $alert_email_id, 'default_dept_id' => $dept_id_1, 'default_sla_id' => $sla_id_1, 'default_timezone_id' => $eastern_timezone, 'default_template_id' => $template_id_1, 'admin_email' => db_input($vars['admin_email']), 'schema_signature' => db_input($streams['core']), 'helpdesk_url' => db_input(URL), 'helpdesk_title' => db_input($vars['name']));
foreach ($defaults as $key => $value) {
$sql = 'UPDATE ' . PREFIX . 'config SET updated=NOW(), value=' . $value . ' WHERE namespace="core" AND `key`=' . db_input($key);
if (!db_query($sql, false)) {
$this->errors['err'] = 'Unable to create config settings (#7)';
}
}
foreach ($streams as $stream => $signature) {
if ($stream != 'core') {
$sql = 'INSERT INTO ' . PREFIX . 'config (`namespace`, `key`, `value`, `updated`) ' . 'VALUES (' . db_input($stream) . ', ' . db_input('schema_signature') . ', ' . db_input($signature) . ', NOW())';
if (!db_query($sql, false)) {
$this->errors['err'] = 'Unable to create config settings (#7)';
}
}
}
}
if ($this->errors) {
return false;
}
//Abort on internal errors.
//Rewrite the config file - MUST be done last to allow for installer recovery.
$configFile = str_replace("define('OSTINSTALLED',FALSE);", "define('OSTINSTALLED',TRUE);", $configFile);
$configFile = str_replace('%ADMIN-EMAIL', $vars['admin_email'], $configFile);
$configFile = str_replace('%CONFIG-DBHOST', $vars['dbhost'], $configFile);
$configFile = str_replace('%CONFIG-DBNAME', $vars['dbname'], $configFile);
$configFile = str_replace('%CONFIG-DBUSER', $vars['dbuser'], $configFile);
$configFile = str_replace('%CONFIG-DBPASS', $vars['dbpass'], $configFile);
$configFile = str_replace('%CONFIG-PREFIX', $vars['prefix'], $configFile);
$configFile = str_replace('%CONFIG-SIRI', Misc::randCode(32), $configFile);
if (!$fp || !ftruncate($fp, 0) || !fwrite($fp, $configFile)) {
$this->errors['err'] = 'Unable to write to config file. Permission denied! (#5)';
return false;
}
@fclose($fp);
/************* Make the system happy ***********************/
$sql = 'UPDATE ' . PREFIX . "email SET dept_id={$dept_id_1}";
db_query($sql, false);
$sql = 'UPDATE ' . PREFIX . "department SET email_id={$support_email_id}" . ", autoresp_email_id={$support_email_id}";
db_query($sql, false);
//Create a ticket to make the system warm and happy.
$sql = 'INSERT INTO ' . PREFIX . 'ticket SET created=NOW(), status="open", source="Web" ' . " ,priority_id=0, dept_id={$dept_id_1}, topic_id=0 " . ' ,ticketID=' . db_input(Misc::randNumber(6)) . ' ,email="*****@*****.**" ' . ' ,name="osTicket Support" ' . ' ,subject="osTicket Installed!"';
if (db_query($sql, false) && ($tid = db_insert_id())) {
if (!($msg = file_get_contents(INC_DIR . 'msg/installed.txt'))) {
$msg = 'Congratulations and Thank you for choosing osTicket!';
}
$sql = 'INSERT INTO ' . PREFIX . 'ticket_thread SET created=NOW()' . ', source="Web" ' . ', thread_type="M" ' . ', ticket_id=' . db_input($tid) . ', title=' . db_input('osTicket Installed') . ', body=' . db_input($msg);
db_query($sql, false);
}
//TODO: create another personalized ticket and assign to admin??
//Log a message.
$msg = "Congratulations osTicket basic installation completed!\n\nThank you for choosing osTicket!";
$sql = 'INSERT INTO ' . PREFIX . 'syslog SET created=NOW(), updated=NOW(), log_type="Debug" ' . ', title="osTicket installed!"' . ', log=' . db_input($msg) . ', ip_address=' . db_input($_SERVER['REMOTE_ADDR']);
db_query($sql, false);
return true;
}
function install($vars)
{
$this->errors = $f = array();
$f['name'] = array('type' => 'string', 'required' => 1, 'error' => 'Name required');
$f['email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$f['fname'] = array('type' => 'string', 'required' => 1, 'error' => 'First name required');
$f['lname'] = array('type' => 'string', 'required' => 1, 'error' => 'Last name required');
$f['admin_email'] = array('type' => 'email', 'required' => 1, 'error' => 'Valid email required');
$f['username'] = array('type' => 'username', 'required' => 1, 'error' => 'Username required');
$f['passwd'] = array('type' => 'password', 'required' => 1, 'error' => 'Password required');
$f['passwd2'] = array('type' => 'string', 'required' => 1, 'error' => 'Confirm password');
$f['prefix'] = array('type' => 'string', 'required' => 1, 'error' => 'Table prefix required');
$f['dbhost'] = array('type' => 'string', 'required' => 1, 'error' => 'Hostname required');
$f['dbname'] = array('type' => 'string', 'required' => 1, 'error' => 'Database name required');
$f['dbuser'] = array('type' => 'string', 'required' => 1, 'error' => 'Username required');
$f['dbpass'] = array('type' => 'string', 'required' => 1, 'error' => 'password required');
if (!Validator::process($f, $vars, $this->errors) && !$this->errors['err']) {
$this->errors['err'] = 'Missing or invalid data - correct the errors and try again.';
}
//Staff's email can't be same as system emails.
if ($vars['admin_email'] && $vars['email'] && !strcasecmp($vars['admin_email'], $vars['email'])) {
$this->errors['admin_email'] = 'Conflicts with system email above';
}
//Admin's pass confirmation.
if (!$this->errors && strcasecmp($vars['passwd'], $vars['passwd2'])) {
$this->errors['passwd2'] = 'passwords to not match!';
}
//Check table prefix underscore required at the end!
if ($vars['prefix'] && substr($vars['prefix'], -1) != '_') {
$this->errors['prefix'] = 'Bad prefix. Must have underscore (_) at the end. e.g \'ost_\'';
}
//Make sure admin username is not very predictable. XXX: feels dirty but necessary
if (!$this->errors['username'] && in_array(strtolower($vars['username']), array('admin', 'admins', 'username', 'osticket'))) {
$this->errors['username'] = '******';
}
//MYSQL: Connect to the DB and check the version & database (create database if it doesn't exist!)
if (!$this->errors) {
if (!db_connect($vars['dbhost'], $vars['dbuser'], $vars['dbpass'])) {
$this->errors['db'] = 'Unable to connect to MySQL server. Possibly invalid login info.';
} elseif (db_version() < $this->getMySQLVersion()) {
$this->errors['db'] = sprintf('osTicket requires MySQL %s or better!', $this->getMySQLVersion());
} elseif (!db_select_database($vars['dbname']) && !db_create_database($vars['dbname'])) {
$this->errors['dbname'] = 'Database doesn\'t exist';
$this->errors['db'] = 'Unable to create the database.';
} elseif (!db_select_database($vars['dbname'])) {
$this->errors['dbname'] = 'Unable to select the database';
}
}
//bailout on errors.
if ($this->errors) {
return false;
}
/*************** We're ready to install ************************/
define('ADMIN_EMAIL', $vars['admin_email']);
//Needed to report SQL errors during install.
define('PREFIX', $vars['prefix']);
//Table prefix
$schemaFile = INC_DIR . 'sql/osTicket-mysql.sql';
//DB dump.
$debug = true;
//XXX:Change it to true to show SQL errors.
//Last minute checks.
if (!file_exists($schemaFile)) {
$this->errors['err'] = 'Internal Error - please make sure your download is the latest (#1)';
} elseif (!($signature = trim(file_get_contents("{$schemaFile}.md5"))) || strcasecmp($signature, md5_file($schemaFile))) {
$this->errors['err'] = 'Unknown or invalid schema signature (' . $signature . ' .. ' . md5_file($schemaFile) . ')';
} elseif (!file_exists($this->getConfigFile()) || !($configFile = file_get_contents($this->getConfigFile()))) {
$this->errors['err'] = 'Unable to read config file. Permission denied! (#2)';
} elseif (!($fp = @fopen($this->getConfigFile(), 'r+'))) {
$this->errors['err'] = 'Unable to open config file for writing. Permission denied! (#3)';
} elseif (!$this->load_sql_file($schemaFile, $vars['prefix'], true, $debug)) {
$this->errors['err'] = 'Error parsing SQL schema! Get help from developers (#4)';
}
if (!$this->errors) {
//Create admin user.
$sql = 'INSERT INTO ' . PREFIX . 'staff SET created=NOW() ' . ', isactive=1, isadmin=1, group_id=1, dept_id=1, timezone_id=8, max_page_size=25 ' . ', email=' . db_input($_POST['admin_email']) . ', firstname=' . db_input($vars['fname']) . ', lastname=' . db_input($vars['lname']) . ', username='******'username']) . ', passwd=' . db_input(Passwd::hash($vars['passwd']));
if (!mysql_query($sql) || !($uid = mysql_insert_id())) {
$this->errors['err'] = 'Unable to create admin user (#6)';
}
}
if (!$this->errors) {
//Create config settings---default settings!
//XXX: rename ostversion helpdesk_* ??
$sql = 'INSERT INTO ' . PREFIX . 'config SET updated=NOW(), isonline=0 ' . ', default_email_id=1, alert_email_id=2, default_dept_id=1 ' . ', default_sla_id=1, default_timezone_id=8, default_template_id=1 ' . ', admin_email=' . db_input($vars['admin_email']) . ', schema_signature=' . db_input($signature) . ', helpdesk_url=' . db_input(URL) . ', helpdesk_title=' . db_input($vars['name']);
if (!mysql_query($sql) || !($cid = mysql_insert_id())) {
$this->errors['err'] = 'Unable to create config settings (#7)';
}
}
if ($this->errors) {
return false;
}
//Abort on internal errors.
//Rewrite the config file - MUST be done last to allow for installer recovery.
$configFile = str_replace("define('OSTINSTALLED',FALSE);", "define('OSTINSTALLED',TRUE);", $configFile);
$configFile = str_replace('%ADMIN-EMAIL', $vars['admin_email'], $configFile);
$configFile = str_replace('%CONFIG-DBHOST', $vars['dbhost'], $configFile);
$configFile = str_replace('%CONFIG-DBNAME', $vars['dbname'], $configFile);
$configFile = str_replace('%CONFIG-DBUSER', $vars['dbuser'], $configFile);
$configFile = str_replace('%CONFIG-DBPASS', $vars['dbpass'], $configFile);
$configFile = str_replace('%CONFIG-PREFIX', $vars['prefix'], $configFile);
$configFile = str_replace('%CONFIG-SIRI', Misc::randcode(32), $configFile);
if (!$fp || !ftruncate($fp, 0) || !fwrite($fp, $configFile)) {
$this->errors['err'] = 'Unable to write to config file. Permission denied! (#5)';
return false;
}
@fclose($fp);
/************* Make the system happy ***********************/
//Create default emails!
$email = $vars['email'];
list(, $domain) = explode('@', $vars['email']);
$sql = 'INSERT INTO ' . PREFIX . 'email (`email_id`, `dept_id`, `name`,`email`,`created`,`updated`) VALUES ' . " (1,1,'Support','{$email}',NOW(),NOW())" . ",(2,1,'osTicket Alerts','alerts@{$domain}',NOW(),NOW())" . ",(3,1,'','noreply@{$domain}',NOW(),NOW())";
@mysql_query($sql);
//Create a ticket to make the system warm and happy.
$sql = 'INSERT INTO ' . PREFIX . 'ticket SET created=NOW(), status="open", source="Web" ' . ' ,priority_id=2, dept_id=1, topic_id=1 ' . ' ,ticketID=' . db_input(Misc::randNumber(6)) . ' ,email="*****@*****.**" ' . ' ,name="osTicket Support" ' . ' ,subject="osTicket Installed!"';
if (mysql_query($sql) && ($tid = mysql_insert_id())) {
if (!($msg = file_get_contents(INC_DIR . 'msg/installed.txt'))) {
$msg = 'Congratulations and Thank you for choosing osTicket!';
}
$sql = 'INSERT INTO ' . PREFIX . 'ticket_thread SET created=NOW()' . ', source="Web" ' . ', thread_type="M" ' . ', ticket_id=' . db_input($tid) . ', title=' . db_input('osTicket Installed') . ', body=' . db_input($msg);
@mysql_query($sql);
}
//TODO: create another personalized ticket and assign to admin??
//Log a message.
$msg = "Congratulations osTicket basic installation completed!\n\nThank you for choosing osTicket!";
$sql = 'INSERT INTO ' . PREFIX . 'syslog SET created=NOW(), updated=NOW(), log_type="Debug" ' . ', title="osTicket installed!"' . ', log=' . db_input($msg) . ', ip_address=' . db_input($_SERVER['REMOTE_ADDR']);
@mysql_query($sql);
return true;
}