} //We check to see if we are installed or not... if (!file_exists("includes/Settings.php") || !(include_once "includes/Settings.php")) { header("Location: install/index.php"); die; } else { if (!function_exists("sqlconfig")) { header("Location: install/index.php"); die; } } //Check if install folder still is there //Warn user that it still there.. //Maybe delete it? require_once "includes/includes.php"; $db = new Database(sqlconfig()); $cms = new JuliCMS($db); //This is the interfase template designers talk to //Todo: accesslevels $accesslevel = 0; //Everybody //Load modules $result = $db->sql("SELECT foldername,frontend FROM " . $db->tb_prefix . "modules"); while ($v = mysql_fetch_array($result, MYSQL_ASSOC)) { if ($v['frontend'] == "") { continue; } //Possible rfi //and defintly a lfi //but won't really matter as it would be better to attack from the module file included.. //although if someone gains write access to db, they could comprimise the whole site.
//TODO: Javascript validation $text = " <h1>Website Configuration</h1>\n Please fill in your settings for your website:<br />\n <br />\n " . $error . "\n <fieldset>\n <legend>Website Configuration</legend>\n <label>Website name: </label><input tabindex=\"1\" value=\"\" name=\"wbname\" type=\"text\"/><a class=\"information defaultDOMWindow\" href=\"#wbname\">The name of your website</a><br />\n <label>Website slogan: </label><input tabindex=\"2\" value=\"\" name=\"slogan\" type=\"text\"/><a class=\"information defaultDOMWindow\" href=\"#slogan\">The slogan of your website</a><br />\n <label>Admin username: </label><input tabindex=\"3\" value=\"\" name=\"username\" type=\"text\"/><a class=\"information defaultDOMWindow\" href=\"#username\">Your admin username</a><br />\n <label>Admin password: </label><input tabindex=\"4\" value=\"\" name=\"password\" type=\"password\"/><a class=\"information defaultDOMWindow\" href=\"#password\">Your admin password</a><br />\n <label>Confirm password: </label><input tabindex=\"5\" value=\"\" name=\"password2\" type=\"password\"/><a class=\"information defaultDOMWindow\" href=\"#password2\">Password confirmation</a><br />\n <label>Admin Email: </label><input tabindex=\"6\" value=\"\" name=\"email\" type=\"text\"/><a class=\"information defaultDOMWindow\" href=\"#email\">Your admin email</a><br />\n " . $previousinstall . "\n </fieldset>\n \n\n<script type=\"text/javascript\">\n\$('.defaultDOMWindow').openDOMWindow({\neventType:'click'\n});\n</script>\n\n<div id=\"wbname\" style=\"display:none;\" >\n <span><b>Website name:</b><br />The name of your website<br /> eg. \"Norwegian Curling Team\" or \"The Gathering\"</span>\n</div>\n<div id=\"slogan\" style=\"display:none;\" >\n <span><b>Website slogan:</b><br />The slogan of your website<br /> eg. \"Our pants are the best!\" or \"We make things happend!\"<br />Leave blank if unsure.</span>\n</div>\n\n<div id=\"username\" style=\"display:none;\" >\n <span><b>Administrator username:</b><br />Your preferd administrator username<br />This is the username you will use to log into the admin panel</span>\n</div>\n<div id=\"password\" style=\"display:none;\" >\n <span><b>Administrator password:</b><br />The password for the administrator username<br />Please make this a strong password(link-todo)<br />todo: explain why..</span>\n</div>\n<div id=\"password2\" style=\"display:none;\" >\n <span><b>Password confirmation:</b><br />Confirm the password you wrote<br />todo: explain why..</span>\n</div>\n<div id=\"email\" style=\"display:none;\" >\n <span><b>Administrator email:</b><br />Your email address<br />This is used when sending notifications about your site<br />and if you would happend to forget your password</span>\n</div>\n"; break; case 4: //Done if ($_POST['wbname'] != "" && $_POST['username'] != "" && $_POST['password'] != "" && $_POST['password2'] != "" && $_POST['email'] != "") { if ($_POST['password'] != $_POST['password2']) { header('Location: ' . $_SERVER['PHP_SELF'] . '?step=3&error=1'); die; } } else { header('Location: ' . $_SERVER['PHP_SELF'] . '?step=3&error=0'); die; } require_once "../includes/Settings.php"; $sqlconfig = sqlconfig(); $force = mysql_connect($sqlconfig['host'], $sqlconfig['username'], $sqlconfig['password']) or die("<b>Can't connect to server</b><br />\n<i>" . mysql_error() . "</i>"); mysql_select_db($sqlconfig['db']) or die("<b>Can't select db</b><br />\n<i>" . mysql_error() . "</i>"); function sql($query, $debug = 0) { global $force; if ($debug != 0) { $r = mysql_query($query, $force) or die("<b>Error submiting query...</b><br />\n" . mysql_error()); } else { $r = mysql_query($query, $force); } return $r; } $time = time(); $date = date('HisYmd'); $datetime = date('Y-m-d H:i:s');