An application in PHP with a web front-end to manage your food shopping with your friends easily. Deprecated, use https://github.com/spiral-project/ihatemoney instead.

install.php 15KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247
  1. <?php
  2. require_once('inc/CSRF.inc.php');
  3. require_once('inc/functions.php');
  4. if(file_exists('data/config.php')) exit('<p>Your Bouffe@Ulm instance is already configured. You should either delete data/config.php to access this page or delete the install.php for security reasons if you are ok with the configuration.<br/><a href="index.php">Go to your instance</a>.</p>');
  5. if(!function_exists("file_get_contents") && !function_exists("file_put_contents")) {
  6. $error = "Functions <em>file_get_contents</em> and <em>file_put_contents</em> seems to not be available on your PHP installation. You should enable them first.";
  7. $block_form = true;
  8. }
  9. if(!is_writable('data/')) {
  10. $error = "The script seems to be unable to write to <em>data/</em> folder (to write the <em>data/config.php</em> configuration file). You should give write access during install and disable them after (chmod 777 -R data/ to install and chmod 755 -R data/ after installation for example). You'll need right access on this folder each time you will want to edit settings.";
  11. $block_form = true;
  12. }
  13. if(!is_writable('tmp/')) {
  14. $error = "The script seems to be unable to write to <em>tmp/</em> folder (to store the cached files for templates). You should give write access to this folder.";
  15. $block_form = true;
  16. }
  17. if(!is_writable('db_backups/')) {
  18. $error = "The script seems to be unable to write to <em>db_backups/</em> folder (to write the database backups). You should give write access to this folder.";
  19. $block_form = true;
  20. }
  21. if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_password']) && !empty($_POST['mysql_db']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['currency']) && !empty($_POST['timezone']) && !empty($_POST['lang']) && !empty($_POST['template']) && !empty($_POST['admin_login']) && !empty($_POST['admin_password']) && check_token(600, 'install')) {
  22. $mysql_prefix = (!empty($_POST['mysql_prefix'])) ? $_POST['mysql_prefix'] : '';
  23. $current_template = $_POST['template'];
  24. $current_lang = $_POST['lang'];
  25. try {
  26. $db = new PDO('mysql:host='.$_POST['mysql_host'].';dbname='.$_POST['mysql_db'], $_POST['mysql_login'], $_POST['mysql_password']);
  27. //Create table "Users"
  28. $db->query('CREATE TABLE IF NOT EXISTS '.$mysql_prefix.'Users (
  29. id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
  30. login VARCHAR(255),
  31. email VARCHAR(255),
  32. display_name VARCHAR(255),
  33. password VARCHAR(130),
  34. admin TINYINT(1),
  35. json_token VARCHAR(32),
  36. notifications TINYINT(1),
  37. stay_signed_in_token VARCHAR(32),
  38. UNIQUE (login),
  39. UNIQUE (display_name),
  40. UNIQUE (json_token),
  41. UNIQUE (stay_signed_in_token)
  42. ) DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
  43. //Create table "Invoices"
  44. $db->query('CREATE TABLE IF NOT EXISTS '.$mysql_prefix.'Invoices (
  45. id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
  46. date DATETIME,
  47. buyer INT(11),
  48. FOREIGN KEY (buyer) REFERENCES '.$mysql_prefix.'Users(id) ON DELETE CASCADE,
  49. amount INT(11),
  50. what TEXT
  51. ) DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
  52. //Create table "Users_in_invoices"
  53. $db->query('CREATE TABLE IF NOT EXISTS '.$mysql_prefix.'Users_in_invoices (
  54. invoice_id INT(11) NOT NULL,
  55. FOREIGN KEY (invoice_id) REFERENCES '.$mysql_prefix.'Invoices(id) ON DELETE CASCADE,
  56. user_id INT(11),
  57. FOREIGN KEY (user_id) REFERENCES '.$mysql_prefix.'Users(id) ON DELETE CASCADE,
  58. guests INT(11)
  59. ) DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
  60. //Create table "Paybacks"
  61. $db->query('CREATE TABLE IF NOT EXISTS '.$mysql_prefix.'Paybacks (
  62. id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
  63. date DATETIME,
  64. invoice_id INT(11),
  65. FOREIGN KEY (invoice_id) REFERENCES '.$mysql_prefix.'Invoices(id) ON DELETE CASCADE,
  66. amount INT(11),
  67. from_user INT(11),
  68. FOREIGN KEY (from_user) REFERENCES '.$mysql_prefix.'Users(id) ON DELETE CASCADE,
  69. to_user INT(11),
  70. FOREIGN KEY (to_user) REFERENCES '.$mysql_prefix.'Users(id) ON DELETE CASCADE
  71. ) DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
  72. // Create table "GlobalPaybacks"
  73. $db->query('CREATE TABLE IF NOT EXISTS '.$mysql_prefix.'GlobalPaybacks (
  74. id INT(11) NOT NULL AUTO_INCREMENT PRIMARY KEY,
  75. date DATETIME,
  76. closed TINYINT(1)
  77. ) DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
  78. // Create table "Users_in_GlobalPaybacks"
  79. $db->query('CREATE TABLE IF NOT EXISTS '.$mysql_prefix.'Users_in_GlobalPaybacks (
  80. global_payback_id INT(11) NOT NULL,
  81. FOREIGN KEY (global_payback_id) REFERENCES '.$mysql_prefix.'GlobalPaybacks(id) ON DELETE CASCADE,
  82. user1_id INT(11),
  83. FOREIGN KEY (user1_id) REFERENCES '.$mysql_prefix.'Users(id) ON DELETE CASCADE,
  84. user2_id INT(11),
  85. FOREIGN KEY (user2_id) REFERENCES '.$mysql_prefix.'Users(id) ON DELETE CASCADE,
  86. amount INT(11)
  87. ) DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci');
  88. } catch (PDOException $e) {
  89. $error = 'Unable to connect to database and create database, check your credentials and config.<br/>Error message: '.$e->getMessage().'.';
  90. }
  91. if(!empty($_POST['email_webmaster']) && !filter_var($_POST['email_webmaster'], FILTER_VALIDATE_EMAIL)) {
  92. $error = "Webmaster's email address is invalid.";
  93. }
  94. if(empty($error)) {
  95. if(function_exists('mcrypt_create_iv')) {
  96. $salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
  97. }
  98. else {
  99. mt_srand(microtime(true)*100000 + memory_get_usage(true));
  100. $salt = md5(uniqid(mt_rand(), true));
  101. }
  102. $salt = sprintf("$2a$%02d$", 10) . $salt; //prefix for blowfish
  103. $config = "<?php
  104. define('VERSION_NUMBER', '0.1beta');
  105. define('MYSQL_HOST', '".$_POST['mysql_host']."');
  106. define('MYSQL_LOGIN', '".$_POST['mysql_login']."');
  107. define('MYSQL_PASSWORD', '".$_POST['mysql_password']."');
  108. define('MYSQL_DB', '".$_POST['mysql_db']."');
  109. define('MYSQL_PREFIX', '".$mysql_prefix."');
  110. define('INSTANCE_TITLE', '".$_POST['instance_title']."');
  111. define('BASE_URL', '".$_POST['base_url']."');
  112. define('SALT', '".$salt."');
  113. define('CURRENCY', '".$_POST['currency']."');
  114. define('EMAIL_WEBMASTER', '".$_POST['email_webmaster']."');
  115. define('TEMPLATE_DIR', 'tpl/".$_POST['template']."');
  116. define('LANG', 'i18n/".$_POST['lang']."');
  117. date_default_timezone_set('".$_POST['timezone']."');
  118. ";
  119. if(file_put_contents("data/config.php", $config) !== false && file_put_contents("data/notice", '') !== false) {
  120. try {
  121. require_once('inc/User.class.php');
  122. $admin = new User();
  123. $admin->setLogin($_POST['admin_login']);
  124. $admin->setDisplayName(!empty($_POST['admin_display_name']) ? $_POST['admin_display_name'] : '');
  125. $admin->setPassword($admin->encrypt($_POST['admin_password']));
  126. $admin->setAdmin(true);
  127. $admin->setEmail($email_webmaster);
  128. $admin->setStaySignedInToken("");
  129. $admin->setNotifications(3);
  130. $admin->newJsonToken();
  131. $admin->save();
  132. header('location: index.php');
  133. exit();
  134. } catch (Exception $e) {
  135. $error = 'An error occurred when inserting user in the database.<br/> Error message: '.$e->getMessage().'.';
  136. }
  137. }
  138. else {
  139. $error = 'Unable to write configuration to config file data/config.php.';
  140. }
  141. }
  142. }
  143. else {
  144. $current_template = 'default';
  145. $current_lang = 'en.php';
  146. }
  147. $token = generate_token('install');
  148. ?>
  149. <!DOCTYPE html>
  150. <html lang="fr">
  151. <head>
  152. <meta charset="utf-8">
  153. <title>Bouffe@Ulm - Installation</title>
  154. <link rel="stylesheet" media="screen" type="text/css" href="tpl/default/css/style.css" />
  155. <script type="text/javascript" src="tpl/default/js/main.js"></script>
  156. </head>
  157. <body id="install">
  158. <h1 class="center">Bouffe@Ulm - Installation</h1>
  159. <?php
  160. if(!empty($error)) {
  161. echo '<p class="error">'.$error.'</p>';
  162. }
  163. ?>
  164. <p class="center">This small form will guide you through the installation of Bouffe@Ulm. You must fill in all the fields.</p>
  165. <form action="install.php" method="post">
  166. <fieldset>
  167. <legend>Database</legend>
  168. <p><label for="mysql_host">MySQL host: </label><input type="text" name="mysql_host" id="mysql_host" value="<?php echo (!empty($_POST['mysql_host'])) ? htmlspecialchars($_POST['mysql_host']) : 'localhost';?>"/></p>
  169. <p><label for="mysql_login">MySQL login: </label><input type="text" name="mysql_login" id="mysql_login" value="<?php echo (!empty($_POST['mysql_login'])) ? htmlspecialchars($_POST['mysql_login']) : '';?>"/></p>
  170. <p><label for="mysql_password">MySQL password: </label><input type="password" name="mysql_password" id="mysql_password"/> <a title="Toggle visible" href="#" onclick="toggle_password('mysql_password'); return false;"><img src="tpl/default/img/toggleVisible.png" alt="Toggle visible"/></a></p>
  171. <p>
  172. <label for="mysql_db">Name of the MySQL database to use: </label><input type="text" name="mysql_db" id="mysql_db" value="<?php echo (!empty($_POST['mysql_db'])) ? htmlspecialchars($_POST['mysql_db']) : 'BouffeATUlm';?>"/><br/>
  173. <em>Note:</em> You <em>must</em> create this database first.
  174. </p>
  175. <p><label for="mysql_prefix">Prefix for the created tables: </label><input type="text" name="mysql_prefix" id="mysql_prefix" value="<?php echo (!empty($_POST['mysql_prefix'])) ? htmlspecialchars($_POST['mysql_prefix']) : 'bouffeatulm_';?>"/><br/>
  176. <em>Note:</em> Leave the field blank to not use any.</p>
  177. </fieldset>
  178. <fieldset>
  179. <legend>General options</legend>
  180. <p><label for="instance_title">Title to display in pages: </label><input type="text" name="instance_title" id="instance_title" value="<?php echo (!empty($_POST['instance_title'])) ? htmlspecialchars($_POST['instance_title']) : 'Bouffe@Ulm';?>"/></p>
  181. <p>
  182. <label for="base_url">Base URL: </label><input type="text" size="30" name="base_url" id="base_url" value="<?php echo (!empty($_POST['base_url'])) ? htmlspecialchars($_POST['base_url']) : htmlspecialchars('http'.(empty($_SERVER['HTTPS'])?'':'s').'://'.$_SERVER['SERVER_NAME'].str_replace("install.php", "", $_SERVER['REQUEST_URI'])); ?>"/><br/>
  183. <em>Note:</em> This is the base URL from which you access this page. You must keep the trailing "/" in the above address.
  184. </p>
  185. <p><label for="currency">Currency: </label><input type="text" name="currency" id="currency" size="3" value="<?php echo (!empty($_POST['currency']) ? htmlspecialchars($_POST['currency']) : '€');?>"/></p>
  186. <p>
  187. <label for="timezone">Timezone: </label><input type="text" name="timezone" id="timezone" value="<?php echo htmlspecialchars(@date_default_timezone_get());?>"/><br/>
  188. <em>For example:</em> Europe/Paris. See the doc for more info.
  189. </p>
  190. <p><label for="email_webmaster">Webmaster's email (optionnal): </label><input type="text" name="email_webmaster" id="email_webmaster" <?php echo (!empty($_POST['currency']) ? 'value="'.htmlspecialchars($_POST['email_webmaster']).'"' : '');?>/></p>
  191. <p>
  192. <label for="lang">Lang: </label>
  193. <select name="lang" id="lang">
  194. <?php
  195. foreach (listLangs() as $value) {
  196. ?>
  197. <option value="<?php echo $value['value'];?>" <?php echo ($value['value'] == $current_lang ? 'selected="selected"' : ''); ?>><?php echo $value['option']; ?></option>
  198. <?php
  199. }
  200. ?>
  201. </select>
  202. </p>
  203. <p>
  204. <label for="template">Template : </label>
  205. <select name="template" id="template">
  206. <?php
  207. foreach (listTemplates('tpl/') as $tpl) {
  208. ?>
  209. <option value="<?php echo $tpl['value'];?>" <?php if ($tpl['value'] == $current_template) { echo 'selected="selected"'; }?>><?php echo $tpl['option']; ?></option>
  210. <?php
  211. }
  212. ?>
  213. </select>
  214. </fieldset>
  215. <fieldset>
  216. <legend>Administrator</legend>
  217. <p><label for="admin_login">Admin username: </label><input type="text" name="admin_login" id="admin_login" <?php echo (!empty($_POST['admin_login'])) ? 'value="'.htmlspecialchars($_POST['admin_login']).'"' : '';?>/></p>
  218. <p><label for="admin_display_name">Admin displayed name: </label><input type="text" name="admin_display_name" id="admin_display_name" <?php echo (!empty($_POST['admin_display_name']) ? 'value="'.htmlspecialchars($_POST['admin_display_name']).'"' : '');?>/> (Leave empty to use the login)</p>
  219. <p><label for="admin_password">Admin password: </label><input type="password" name="admin_password" id="admin_password"/> <a href="#" title="Toggle visible" onclick="toggle_password('admin_password'); return false;"><img src="tpl/default/img/toggleVisible.png" alt="Toggle visible"/></a></p>
  220. </fieldset>
  221. <p class="center"><input <?php echo (!empty($block_form)) ? 'disabled ' : '';?>type="submit" value="Install"><input type="hidden" name="token" value="<?php echo $token;?>"/></p>
  222. </form>
  223. </body>
  224. </html>