Exemplo n.º 1
0
function final_action()
{
    if (isset($_SESSION['step'])) {
        unset($_SESSION['step']);
    }
    if (isset($_SESSION['finish'])) {
        unset($_SESSION['finish']);
    }
    $set = new file_array(CMS_FILE_SITE);
    foreach ($_SESSION as $key => $val) {
        $set->add($key, $val);
    }
    $set->add('recorded_root', $_SERVER['DOCUMENT_ROOT']);
    if ($set->get('db_database') === false) {
        if ($set->get('recorded_domain') === false) {
            $site_n = $_SERVER['HTTP_HOST'];
        } else {
            $arr = explode('.', $set->get('recorded_domain'));
            if (count($arr) == 3) {
                $site_n = $arr[1];
            } else {
                $site_n = $_SERVER['HTTP_HOST'];
            }
        }
        // Remove any periods or dashes
        $site_n = str_replace(array('.', '-'), '', $site_n);
        // If the database name is too long (SQL usernames are limited to 16 chars), take a substring
        if (strlen($site_n) >= 12) {
            $db_name = substr($site_n, 0, 11);
        } else {
            $db_name = $site_n;
        }
        // Append a random character to make it hard to brute force the SQL accounts
        $db_name = $db_name . rand(1, 9999);
        $set->add('db_database', $db_name);
        $set->add('db_write_username', $db_name . 'w');
        $set->add('db_write_password', md5(uniqid(rand(), TRUE)));
        $set->add('db_read_username', $db_name . 'r');
        $set->add('db_read_password', md5(uniqid(rand(), TRUE)));
    }
    if ($set->get('unique_id') === false) {
        $set->add('unique_id', '93a0f790450c2d24f07b8d59cf52c891');
    }
    cleanUp();
    header("Location: index.php");
    exit;
}
Exemplo n.º 2
0
function db_prepare()
{
    $set = new file_array(CMS_FILE_SITE);
    if ($set->get('setup') != CMS_OS) {
        $mysqli = @new mysqli(DB_HOST, DB_ROOT_USERNAME, '', DB_DATABASE);
        $files = glob(CMS_HIDDEN . DIR_SEP . "mysql_backup" . DIR_SEP . "*.sql");
        if (!count($files)) {
            die('No restore found!');
        }
        if (IS_WIN_OS) {
            // Set the path and extension
            $exe_path = MYSQL_BIN . DIR_SEP;
            $exe_ext = '.exe';
        } else {
            // Set the path and extension
            $exe_path = '';
            $exe_ext = '';
        }
        // Reset the password to blank
        exec("\"" . $exe_path . "mysql" . $exe_ext . "\" --user " . DB_ROOT_USERNAME . " -p" . DB_ROOT_PASSWORD . " -h 127.0.0.1 -e \"use mysql; update user set password=PASSWORD('') where User='******'; FLUSH PRIVILEGES;\"");
        // Add a new database
        exec("\"" . $exe_path . "mysql" . $exe_ext . "\" --user " . DB_ROOT_USERNAME . " -h 127.0.0.1 -e \"drop database " . DB_DATABASE . ";\"");
        exec("\"" . $exe_path . "mysql" . $exe_ext . "\" --user " . DB_ROOT_USERNAME . " -h 127.0.0.1 -e \"create database " . DB_DATABASE . ";\"");
        // Add new accounts
        exec("\"" . $exe_path . "mysql" . $exe_ext . "\" --user " . DB_ROOT_USERNAME . " -h 127.0.0.1 -e \"DROP USER '" . DB_WRITE_USERNAME . "'@'localhost';\"");
        exec("\"" . $exe_path . "mysql" . $exe_ext . "\" --user " . DB_ROOT_USERNAME . " -h 127.0.0.1 -e \"DROP USER '" . DB_READ_USERNAME . "'@'localhost';\"");
        exec("\"" . $exe_path . "mysql" . $exe_ext . "\" --user " . DB_ROOT_USERNAME . " -h 127.0.0.1 -e \"CREATE USER '" . DB_WRITE_USERNAME . "'@'localhost' IDENTIFIED BY '" . DB_WRITE_PASSWORD . "';\"");
        exec("\"" . $exe_path . "mysql" . $exe_ext . "\" --user " . DB_ROOT_USERNAME . " -h 127.0.0.1 -e \"CREATE USER '" . DB_READ_USERNAME . "'@'localhost' IDENTIFIED BY '" . DB_READ_PASSWORD . "';\"");
        // Grant permissions to the accounts
        exec("\"" . $exe_path . "mysql" . $exe_ext . "\" --user " . DB_ROOT_USERNAME . " -h 127.0.0.1 -e \"GRANT ALL ON " . DB_DATABASE . ".* TO '" . DB_WRITE_USERNAME . "'@'localhost';\"");
        exec("\"" . $exe_path . "mysql" . $exe_ext . "\" --user " . DB_ROOT_USERNAME . " -h 127.0.0.1 -e \"GRANT SELECT ON " . DB_DATABASE . ".* TO '" . DB_READ_USERNAME . "'@'localhost';\"");
        exec("\"" . $exe_path . "mysql" . $exe_ext . "\" --user " . DB_ROOT_USERNAME . " -h 127.0.0.1 -e \"FLUSH PRIVILEGES;\"");
        // Get the newest file (at the bottom)
        $r = $files[count($files) - 1];
        exec("\"" . $exe_path . "mysql" . $exe_ext . "\" --user " . DB_ROOT_USERNAME . " -h 127.0.0.1 " . DB_DATABASE . " < \"{$r}\"");
        exec("\"" . $exe_path . "mysqladmin" . $exe_ext . "\" -u " . DB_ROOT_USERNAME . " password " . DB_ROOT_PASSWORD);
        // Mark the install as complete
        $set->add('setup', CMS_OS);
        if (file_exists(CMS_FILE_INCLUDE)) {
            unlink(CMS_FILE_INCLUDE);
        }
        header("Location: http://" . $_SERVER['HTTP_HOST']);
        exit;
    }
}