* the License, or (at your option) any later version. * * * * eLabFTW is distributed in the hope that it will be useful, * * but WITHOUT ANY WARRANTY; without even the implied * * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR * * PURPOSE. See the GNU Affero General Public License for more details. * * * * You should have received a copy of the GNU Affero General Public * * License along with eLabFTW. If not, see <http://www.gnu.org/licenses/>. * * * ********************************************************************************/ /* admin.php - for administration of the elab */ require_once 'inc/common.php'; require_once 'inc/locale.php'; require_once 'vendor/autoload.php'; $crypto = new \Elabftw\Elabftw\Crypto(); if ($_SESSION['is_admin'] != 1) { die(ADMIN_DIE); } $page_title = _('Admin panel'); $selected_menu = null; require_once 'inc/head.php'; require_once 'inc/info_box.php'; require_once 'vendor/autoload.php'; $formKey = new \Elabftw\Elabftw\FormKey(); ?> <script src="js/tinymce/tinymce.min.js"></script> <script src="js/raphael/raphael-min.js"></script> <script src="js/colorwheel/colorwheel.js"></script> <?php if (strlen(get_config('mail_from')) == 0) {
function getMailer() { $crypto = new \Elabftw\Elabftw\Crypto(); // Choose mail transport method; either smtp or sendmail $mail_method = get_config('mail_method'); switch ($mail_method) { // Use SMTP Server case 'smtp': $transport = Swift_SmtpTransport::newInstance(get_config('smtp_address'), get_config('smtp_port'), get_config('smtp_encryption'))->setUsername(get_config('smtp_username'))->setPassword($crypto->decrypt(get_config('smtp_password'))); break; // Use php mail function // Use php mail function case 'php': $transport = Swift_MailTransport::newInstance(); break; // Use locally installed MTA (aka sendmail); Default // Use locally installed MTA (aka sendmail); Default default: $transport = Swift_SendmailTransport::newInstance(get_config('sendmail_path') . ' -bs'); break; } $mailer = Swift_Mailer::newInstance($transport); return $mailer; }
} if (!$table_is_here) { q("CREATE TABLE IF NOT EXISTS `items_revisions` (\n `id` int(10) unsigned NOT NULL AUTO_INCREMENT PRIMARY KEY,\n `item_id` int(10) unsigned NOT NULL,\n `body` text NOT NULL,\n `savedate` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n `userid` int(11) NOT NULL\n ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci;"); } // 20150324 : adding secret key used to encrypt the SMTP password // first we check if we can write the config file if (!is_writable('config.php')) { // check that there is no secret key already if (!defined('SECRET_KEY')) { $msg_arr[] = "[ERROR] Please allow webserver to write config file, or add SECRET_KEY yourself to config.php. <a href='https://github.com/elabftw/elabftw/wiki/Troubleshooting'>Link to documentation</a>"; $_SESSION['errors'] = $msg_arr; header('Location: sysconfig.php'); exit; } } elseif (is_writable('config.php') && !defined('SECRET_KEY')) { $crypto = new \Elabftw\Elabftw\Crypto(); // add generated strings to config file // the IV is stored in hex $data_to_add = "\ndefine('SECRET_KEY', '" . $crypto->getSecretKey() . "');\ndefine('IV', '" . bin2hex($crypto->getIv()) . "');\n"; try { file_put_contents('config.php', $data_to_add, FILE_APPEND); } catch (Exception $e) { $msg_arr[] = "[ERROR] " . $e->getMessage(); $_SESSION['errors'] = $msg_arr; header('Location: sysconfig.php'); exit; } // ok so now we have a secret key, an IV and we want to convert our old cleartext SMTP password to an encrypted one $config_arr = array(); // if there is a password in cleartext in the database, we encrypt it if (strlen(get_config('smtp_password')) > 0) {
* the License, or (at your option) any later version. * * * * eLabFTW is distributed in the hope that it will be useful, * * but WITHOUT ANY WARRANTY; without even the implied * * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR * * PURPOSE. See the GNU Affero General Public License for more details. * * * * You should have received a copy of the GNU Affero General Public * * License along with eLabFTW. If not, see <http://www.gnu.org/licenses/>. * * * ********************************************************************************/ /* admin-exec.php - for administration of the elab */ require_once '../inc/common.php'; require_once ELAB_ROOT . 'inc/locale.php'; require_once ELAB_ROOT . 'vendor/autoload.php'; $crypto = new \Elabftw\Elabftw\Crypto(); // only admin can use this if ($_SESSION['is_admin'] != 1) { die(_('This section is out of your reach.')); } $msg_arr = array(); $errflag = false; $email = ''; $formKey = new \Elabftw\Elabftw\FormKey(); // VALIDATE USERS if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST['validate'])) { // sql to validate users $sql = "UPDATE users SET validated = 1 WHERE userid = :userid"; $req = $pdo->prepare($sql); // check we only have int in validate array if (!filter_var_array($_POST['validate'], FILTER_VALIDATE_INT)) {
* You should have received a copy of the GNU Affero General Public * * License along with eLabFTW. If not, see <http://www.gnu.org/licenses/>. * * * ********************************************************************************/ /* sysconfig.php - configuration system */ require_once 'inc/common.php'; require_once 'inc/locale.php'; if ($_SESSION['is_sysadmin'] != 1) { die(_('This section is out of your reach.')); } $page_title = _('eLabFTW configuration'); $selected_menu = null; require_once 'inc/head.php'; require_once 'inc/info_box.php'; require_once 'vendor/autoload.php'; $crypto = new \Elabftw\Elabftw\Crypto(); $formKey = new \Elabftw\Elabftw\FormKey(); if (strlen(get_config('mail_method')) == 0) { $message = sprintf(_('Please finalize install : %slink to documentation%s.'), "<a href='https://github.com/elabftw/elabftw/wiki/finalizing'>", "</a>"); display_message('error', $message); } ?> <?php // get current version if (check_executable('git')) { $current_version = shell_exec('git describe --abbrev=0 --tags'); // it is possible to have git installed, but elabftw is installed without git (zip or tarball) // so we need to check if the version actually looks like a version number if (preg_match('/[0-99]+\\.[0-99]+\\.[0-99]+.*/', $current_version) === 1) { // display the current version to sysadmin
$db_password = $_POST['db_password']; } // connect to DB try { $pdo_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION; $pdo = new PDO('mysql:host=' . $db_host . ';dbname=' . $db_name, $db_user, $db_password, $pdo_options); } catch (Exception $e) { die('Error : ' . $e->getMessage()); } // now import the structure import_sql_structure(); // BUILD CONFIG FILE // the new file to write to $config_file = '../config.php'; $elab_root = substr(realpath(__FILE__), 0, -20) . '/'; $crypto = new \Elabftw\Elabftw\Crypto(); // what we will write $config = "<?php\ndefine('DB_HOST', '" . $db_host . "');\ndefine('DB_NAME', '" . $db_name . "');\ndefine('DB_USER', '" . $db_user . "');\ndefine('DB_PASSWORD', '" . $db_password . "');\ndefine('ELAB_ROOT', '" . $elab_root . "');\ndefine('SECRET_KEY', '" . $crypto->getSecretKey() . "');\ndefine('IV', '" . bin2hex($crypto->getIv()) . "');\n"; // we try to write content to file and propose the file for download if we can't write to it if (file_put_contents($config_file, $config)) { // it's cool, we managed to write the config file // let's put restricting permissions on it as discussed in #129 if (is_writable($config_file)) { chmod($config_file, 0400); } $infos_arr = array(); $infos_arr[] = 'Congratulations, you successfully installed eLabFTW, now you need to <strong>register</strong> your account (you will have admin rights).'; $_SESSION['infos'] = $infos_arr; header('Location: ../register.php'); exit;