if (install_read_config_value('HTTP_SERVER') != '') { $phreebooks_previous_version_installed = true; } if (install_read_config_value('DB_DATABASE') == '') { $phreebooks_previous_version_installed = false; } //read the configure.php file and look for hints that it's just a copy of dist-configure.php $lines = file('../../includes/configure.php'); foreach ($lines as $line) { if (substr_count($line, 'dist-configure.php') > 0) { $phreebooks_previous_version_installed = false; } } //end foreach $zdb_type = install_read_config_value('DB_TYPE'); $zdb_prefix = install_read_config_value('DB_PREFIX'); if ($zdb_type != '' && $zdb_name != '') { // now check database connectivity $zc_install->functionExists($zdb_type, '', ''); $zc_install->dbConnect($zdb_type, $zdb_server, $zdb_name, $zdb_user, $zdb_pwd, '', ''); if ($zc_install->error == false) { $phreebooks_database_connect_OK = true; } if ($zc_install->error == true) { $phreebooks_previous_version_installed = false; } //reset error-check class after connection attempt $zc_install->error = false; $zc_install->fatal_error = false; $zc_install->error_list = array(); }
// On to a fresh install... // check for the table users and block install if exists $sql = "show tables like '" . $_POST['db_prefix'] . "users'"; $result = $db->Execute($sql); if ($result->RecordCount() > 0) { $zc_install->setError(ERROR_TEXT_DB_EXISTS, ERROR_CODE_DB_EXISTS, true); } //now let's write the files if (!$zc_install->fatal_error) { require 'includes/admin_configure.php'; $fp = fopen($_GET['physical_path'] . '/includes/configure.php', 'w'); fputs($fp, $file_contents); fclose($fp); @chmod($_GET['physical_path'] . '/includes/configure.php', 0644); // test whether the files were written successfully $ztst_http_server = install_read_config_value('HTTP_SERVER'); if ($ztst_http_server != $http_server) { $zc_install->setError(ERROR_TEXT_COULD_NOT_WRITE_CONFIGURE_FILES, ERROR_CODE_COULD_NOT_WRITE_CONFIGURE_FILES, true); } } if (!$zc_install->fatal_error) { // load the fresh database session_start(); $_SESSION['company'] = $_POST['db_name']; // save the company name as a session variable as if logged in $_SESSION['db_server'] = $_POST['db_host']; // save the db server as a session variable as if logged in $_SESSION['db_user'] = $_POST['db_username']; // save the db user as a session variable as if logged in $_SESSION['db_pw'] = $_POST['db_pass']; // save the db pw as a session variable as if logged in
function db_check_database_privs($priv = '', $table = '', $show_privs = false) { //bypass for now ... will attempt to use with modifications in a new release later if ($show_privs == true) { return 'Not Checked|||Not Checked'; } return true; // end bypass global $zdb_server, $zdb_user, $zdb_name; if (!gen_not_null($zdb_server)) { $zdb_server = install_read_config_value('DB_SERVER'); } if (!gen_not_null($zdb_user)) { $zdb_user = $_SESSION['db_user']; } if (!gen_not_null($zdb_name)) { $zdb_name = $_SESSION['company']; } if (isset($_GET['nogrants']) || isset($_POST['nogrants'])) { return true; } // bypass if flag set //Display permissions, or check for suitable permissions to carry out a particular task //possible outputs: //GRANT ALL PRIVILEGES ON *.* TO 'xyz'@'localhost' WITH GRANT OPTION //GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, FILE, INDEX, ALTER ON *.* TO 'xyz'@'localhost' IDENTIFIED BY PASSWORD '2344' //GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON `db1`.* TO 'xyz'@'localhost' //GRANT SELECT (id) ON db1.tablename TO 'xyz'@'localhost global $db; global $db_test; $granted_privs_list = ''; if (ZC_UPG_DEBUG3 == true) { echo '<br />Checking for priv: [' . (gen_not_null($priv) ? $priv : 'none specified') . ']<br />'; } if (!defined('DB_SERVER')) { define('DB_SERVER', $zdb_server); } if (!defined('DB_SERVER_USERNAME')) { define('DB_SERVER_USERNAME', $zdb_user); } if (!defined('DB_DATABASE')) { define('DB_DATABASE', $zdb_name); } $user = DB_SERVER_USERNAME . "@" . DB_SERVER; if ($user == 'DB_SERVER_USERNAME@DB_SERVER' || DB_DATABASE == 'DB_DATABASE') { return true; } // bypass if constants not set properly $sql = "show grants for " . $user; if (ZC_UPG_DEBUG3 == true) { echo $sql . '<br />'; } if (is_object($db)) { $result = $db->Execute($sql); } elseif (is_object($db_test)) { $result = $db_test->Execute($sql); } while (!$result->EOF) { if (ZC_UPG_DEBUG3 == true) { echo $result->fields['Grants for ' . $user] . '<br />'; } $grant_syntax = $result->fields['Grants for ' . $user] . ' '; $granted_privs = str_replace('GRANT ', '', $grant_syntax); // remove "GRANT" keyword $granted_privs = substr($granted_privs, 0, strpos($granted_privs, ' TO ')); //remove anything after the "TO" keyword $granted_db = str_replace(array('`', '\\'), '', substr($granted_privs, strpos($granted_privs, ' ON ') + 4)); //remove backquote and find "ON" string if (ZC_UPG_DEBUG3 == true) { echo 'privs_list = ' . $granted_privs . '<br />'; } if (ZC_UPG_DEBUG3 == true) { echo 'granted_db = ' . $granted_db . '<br />'; } $db_priv_ok += $granted_db == '*.*' || $granted_db == DB_DATABASE . '.*' || $granted_db == DB_DATABASE . '.' . $table ? true : false; if (ZC_UPG_DEBUG3 == true) { echo 'db-priv-ok=' . $db_priv_ok . '<br />'; } if ($db_priv_ok) { // if the privs list pertains to the current database, or is *.*, carry on $granted_privs = substr($granted_privs, 0, strpos($granted_privs, ' ON ')); //remove anything after the "ON" keyword $granted_privs_list .= $granted_privs_list == '' ? $granted_privs : ', ' . $granted_privs; $specific_priv_found = gen_not_null($priv) && substr_count($granted_privs, $priv) == 1; if (ZC_UPG_DEBUG3 == true) { echo 'specific priv[' . $priv . '] found =' . $specific_priv_found . '<br />'; } if (ZC_UPG_DEBUG3 == true) { echo 'spec+db=' . ($specific_priv_found && $db_priv_ok == true) . ' ||| '; } if (ZC_UPG_DEBUG3 == true) { echo 'all+db=' . ($granted_privs == 'ALL PRIVILEGES' && $db_priv_ok == true) . '<br /><br />'; } if ($specific_priv_found && $db_priv_ok == true || $granted_privs == 'ALL PRIVILEGES' && $db_priv_ok == true) { return true; // privs found } } // endif $db_priv_ok $result->MoveNext(); } if ($show_privs) { if (ZC_UPG_DEBUG3 == true) { echo 'LIST OF PRIVS=' . $granted_privs_list . '<br />'; } return $db_priv_ok . '|||' . $granted_privs_list; } else { return false; // if not found, return false } }