function create_tables()
{
global $errors, $DFLT;
//$PHP_SELF = $_SERVER['PHP_SELF'];
$gallery_dir = strtr(dirname($_SERVER['PHP_SELF']), '\\', '/');
$protocol = isset($_SERVER['HTTPS']) ? 'https' : 'http';
$gallery_url_prefix = $protocol . '://' . $_SERVER['HTTP_HOST'] . $gallery_dir . (substr($gallery_dir, -1) == '/' ? '' : '/');
$db_schema = "{$DFLT['sql_d']}/schema.sql";
$db_basic = "{$DFLT['sql_d']}/basic.sql";
if (($sch_open = fopen($db_schema, 'r')) === FALSE) {
$errors .= "<hr /><br />The file '{$db_schema}' could not be found. Check that you have uploaded all Coppermine files to your server<br /><br />";
return;
} else {
$sql_query = fread($sch_open, filesize($db_schema));
if (($bas_open = fopen($db_basic, 'r')) === FALSE) {
$errors .= "<hr /><br />The file '{$db_basic}' could not be found. Check that you have uploaded all Coppermine files to your server<br /><br />";
return;
} else {
$sql_query .= fread($bas_open, filesize($db_basic));
}
}
require 'include/passwordhash.inc.php';
$password_params = explode(':', cpg_password_create_hash($_POST['admin_password']));
// Insert the admin account
$sql_query .= "INSERT INTO CPG_users (user_id, user_group, user_active, user_name, user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations, user_lastvisit, user_regdate, user_group_list, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_actkey ) VALUES (1, 1, 'YES', '{$_POST['admin_username']}', '{$password_params[HASH_PBKDF2_INDEX]}', '{$password_params[HASH_SALT_INDEX]}', '{$password_params[HASH_ALGORITHM_INDEX]}', '{$password_params[HASH_ITERATION_INDEX]}', NOW(), NOW(), '', '{$_POST['admin_email']}', '', '', '', '', '', '', '');\n";
// Set configuration values for image package
$sql_query .= "REPLACE INTO CPG_config VALUES ('thumb_method', '{$_POST['thumb_method']}');\n";
$sql_query .= "REPLACE INTO CPG_config VALUES ('impath', '{$_POST['impath']}');\n";
$sql_query .= "REPLACE INTO CPG_config VALUES ('ecards_more_pic_target', '{$gallery_url_prefix}');\n";
$sql_query .= "REPLACE INTO CPG_config VALUES ('gallery_admin_email', '{$_POST['admin_email']}');\n";
// Enable silly_safe_mode if test has shown that it is not configured properly
if (test_silly_safe_mode() == TRUE) {
$sql_query .= "REPLACE INTO CPG_config VALUES ('silly_safe_mode', '1');\n";
}
// Test write permissions for main dir
if (!is_writable('.')) {
$sql_query .= "REPLACE INTO CPG_config VALUES ('default_dir_mode', '0777');\n";
$sql_query .= "REPLACE INTO CPG_config VALUES ('default_file_mode', '0666');\n";
}
// Update table prefix
$sql_query = preg_replace('/CPG_/', $_POST['table_prefix'], $sql_query);
$sql_query = remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, ';');
foreach ($sql_query as $q) {
if (!mysql_query($q)) {
$errors .= "MySQL Error: " . mysql_error() . " on query '{$q}'<br /><br />";
return;
}
}
}
function check_user_info(&$error)
{
global $CONFIG;
global $lang_register_php, $lang_common, $lang_register_approve_email;
global $lang_register_user_login, $lang_errors;
$superCage = Inspekt::makeSuperCage();
$user_name = trim(get_post_var('username'));
$password = trim(get_post_var('password'));
$password_again = trim(get_post_var('password_verification'));
$email = trim(get_post_var('email'));
$profile1 = $superCage->post->getEscaped('user_profile1');
$profile2 = $superCage->post->getEscaped('user_profile2');
$profile3 = $superCage->post->getEscaped('user_profile3');
$profile4 = $superCage->post->getEscaped('user_profile4');
$profile5 = $superCage->post->getEscaped('user_profile5');
$profile6 = $superCage->post->getEscaped('user_profile6');
$agree_disclaimer = $superCage->post->getEscaped('agree');
$captcha_confirmation = $superCage->post->getEscaped('confirmCode');
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'";
$result = cpg_db_query($sql);
if ($result->numRows(free)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>';
return false;
}
if (utf_strlen($user_name) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>';
}
if (!empty($CONFIG['global_registration_pw'])) {
$global_registration_pw = get_post_var('global_registration_pw');
if ($global_registration_pw != $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>';
} elseif ($password == $CONFIG['global_registration_pw']) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>';
}
}
if (utf_strlen($password) < 2) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>';
}
if ($password == $user_name) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>';
}
if ($password != $password_again) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>';
}
if (!Inspekt::isEmail($email)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>';
}
if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>';
}
// Perform the ban check against email address and username
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1");
if ($result->numRows(true)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>';
}
$result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1");
if ($result->numRows(true)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>';
}
// check captcha
if ($CONFIG['registration_captcha'] != 0) {
if (!captcha_plugin_enabled('register')) {
require "include/captcha.inc.php";
if (!PhpCaptcha::Validate($captcha_confirmation)) {
$error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>';
}
} else {
$error = CPGPluginAPI::filter('captcha_register_validate', $error);
}
}
if (!$CONFIG['allow_duplicate_emails_addr']) {
$sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'";
$result = cpg_db_query($sql);
if ($result->numRows(true)) {
$error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>';
}
}
$error = CPGPluginAPI::filter('register_form_validate', $error);
if ($error != '') {
return false;
}
if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) {
$active = 'NO';
list($usec, $sec) = explode(' ', microtime());
$seed = (double) $sec + (double) $usec * 100000;
srand($seed);
$act_key = md5(uniqid(rand(), 1));
} else {
$active = 'YES';
$act_key = '';
}
require 'include/passwordhash.inc.php';
$password_params = explode(':', cpg_password_create_hash($password));
$sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$password_params[HASH_PBKDF2_INDEX]}', '{$password_params[HASH_SALT_INDEX]}', '{$password_params[HASH_ALGORITHM_INDEX]}', '{$password_params[HASH_ITERATION_INDEX]}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$CONFIG['lang']}')";
$result = cpg_db_query($sql);
$user_array = array();
$user_array['user_id'] = cpg_db_last_insert_id();
$user_array['user_name'] = $user_name;
$user_array['user_email'] = $email;
$user_array['user_active'] = $active;
CPGPluginAPI::action('register_form_submit', $user_array);
if ($CONFIG['log_mode']) {
log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG);
}
// Create a personal album if corresponding option is enabled
if ($CONFIG['personal_album_on_registration'] == 1) {
$user_id = cpg_db_last_insert_id();
$catid = $user_id + FIRST_USER_CAT;
cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})");
}
// Registrations must be activated/verified by the user clicking a link in an email
if ($CONFIG['reg_requires_valid_email']) {
// Mail the user the activation/verification link
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) {
cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__);
}
msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php');
} else {
if ($CONFIG['admin_activation']) {
// We need admin activation only
msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php');
} else {
// No activation required, account is ready for login
msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php');
}
}
// email notification or actication link to admin
if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
if (UDB_INTEGRATION == 'coppermine') {
// get default language in which to inform the admins
$result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1");
while ($row = $result->fetchAssoc()) {
if (!empty($row['user_email'])) {
$admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']);
}
}
$result->free();
} else {
//@todo: is it possible to get the language from bridged installs?
$admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english');
}
foreach ($admins as $admin) {
//check if the admin language is available
if (file_exists("lang/{$admin['lang']}.php")) {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']);
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']);
} else {
$lang_register_php_def = cpg_get_default_lang_var('lang_register_php');
$lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email');
}
// if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address
if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) {
$act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key;
$template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link);
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars)));
} elseif ($CONFIG['reg_notify_admin_email']) {
// otherwise, email is for information only
cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name));
}
}
}
return true;
}
function createAdmin()
{
global $CONFIG, $config, $language;
if (!isset($config['admin_username']) || $config['admin_username'] == '') {
$GLOBALS['error'] = $language['no_admin_username'];
return false;
}
if (!isset($config['admin_password']) || $config['admin_password'] == '') {
$GLOBALS['error'] = $language['no_admin_password'];
return false;
}
if (!isset($config['admin_email']) || $config['admin_email'] == '') {
$GLOBALS['error'] = $language['no_admin_email'];
return false;
}
require 'include/passwordhash.inc.php';
$password_params = explode(':', cpg_password_create_hash($config['admin_password']));
// Insert the admin account
$sql_query = "INSERT INTO {$config['db_prefix']}users " . "(user_group, user_active, user_name, user_password, user_password_salt, " . " user_password_hash_algorithm, user_password_iterations, user_lastvisit, " . " user_regdate, user_group_list, user_email, user_profile1, user_profile2, " . " user_profile3, user_profile4, user_profile5, user_profile6, user_actkey) " . "VALUES " . "(1, 'YES', '{$config['admin_username']}', '{$password_params[HASH_PBKDF2_INDEX]}', " . " '{$password_params[HASH_SALT_INDEX]}', '{$password_params[HASH_ALGORITHM_INDEX]}', '{$password_params[HASH_ITERATION_INDEX]}', " . " NOW(), NOW(), '', '{$config['admin_email']}', '', '', '', '', '', '', '');\n";
// Set gallery admin mail
$sql_query .= "REPLACE INTO CPG_config VALUES ('gallery_admin_email', '{$config['admin_email']}');\n";
// Update table prefix
$sql_query = preg_replace('/CPG_/', $config['db_prefix'], $sql_query);
require_once 'include/sql_parse.php';
$sql_query = remove_remarks($sql_query);
$sql_query = split_sql_file($sql_query, ';');
// Get a connection with the db.
// if (!checkSqlConnection()) {
// return false;
// }
foreach ($sql_query as $q) {
if (!cpg_db_query($q)) {
$GLOBALS['error'] = $language['dbase_error'] . cpg_db_getError() . ' ' . $language['on_q'] . " '{$q}'";
return false;
}
}
return true;
}
function cpg_password_create_update_string($password)
{
$password_params = explode(':', cpg_password_create_hash($password));
return "user_password = '******', user_password_salt = '{$password_params[HASH_SALT_INDEX]}', user_password_hash_algorithm = '{$password_params[HASH_ALGORITHM_INDEX]}', user_password_iterations = '{$password_params[HASH_ITERATION_INDEX]}'";
}