diff options
Diffstat (limited to 'install/ElggInstaller.php')
| -rw-r--r-- | install/ElggInstaller.php | 285 |
1 files changed, 201 insertions, 84 deletions
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php index 164a7ee85..78cdde90f 100644 --- a/install/ElggInstaller.php +++ b/install/ElggInstaller.php @@ -2,7 +2,27 @@ /** * Elgg Installer. - * Controller for installing Elgg. + * Controller for installing Elgg. Supports both web-based on CLI installation. + * + * This controller steps the user through the install process. The method for + * each step handles both the GET and POST requests. There is no XSS/CSRF protection + * on the POST processing since the installer is only run once by the administrator. + * + * The installation process can be resumed by hitting the first page. The installer + * will try to figure out where to pick up again. + * + * All the logic for the installation process is in this class, but it depends on + * the core libraries. To do this, we selectively load a subset of the core libraries + * for the first few steps and then load the entire engine once the database and + * site settings are configured. In addition, this controller does its own session + * handling until the database is setup. + * + * There is an aborted attempt in the code at creating the data directory for + * users as a subdirectory of Elgg's root. The idea was to protect this directory + * through a .htaccess file. The problem is that a malicious user can upload a + * .htaccess of his own that overrides the protection for his user directory. The + * best solution is server level configuration that turns off AllowOverride for the + * data directory. See ticket #3453 for discussion on this. * * @package Elgg.Core * @subpackage Installer @@ -19,6 +39,7 @@ class ElggInstaller { ); protected $status = array( + 'config' => FALSE, 'database' => FALSE, 'settings' => FALSE, 'admin' => FALSE, @@ -26,12 +47,15 @@ class ElggInstaller { protected $isAction = FALSE; - protected $autoLogin = FALSE; + protected $autoLogin = TRUE; /** * Constructor bootstraps the Elgg engine */ public function __construct() { + // load ElggRewriteTester as we depend on it + require_once(dirname(__FILE__) . "/ElggRewriteTester.php"); + $this->isAction = $_SERVER['REQUEST_METHOD'] === 'POST'; $this->bootstrapConfig(); @@ -96,6 +120,9 @@ class ElggInstaller { * account. If it fails, an exception is thrown. It does not check any of * the requirements as the multiple step web installer does. * + * If the settings.php file exists, it will use that rather than the parameters + * passed to this function. + * * @param array $params Array of key value pairs * @param bool $createHtaccess Should .htaccess be created * @@ -130,7 +157,7 @@ class ElggInstaller { 'password', ); foreach ($requiredParams as $key) { - if (!array_key_exists($key, $params)) { + if (empty($params[$key])) { $msg = elgg_echo('install:error:requiredfield', array($key)); throw new InstallationException($msg); } @@ -140,22 +167,28 @@ class ElggInstaller { $params['password1'] = $params['password2'] = $params['password']; if ($createHtaccess) { - require_once(dirname(__FILE__) . "/ElggRewriteTester.php"); $rewriteTester = new ElggRewriteTester(); if (!$rewriteTester->createHtaccess($CONFIG->path)) { throw new InstallationException(elgg_echo('install:error:htaccess')); } } - if (!$this->createSettingsFile($params)) { - throw new InstallationException(elgg_echo('install:error:settings')); + $this->setInstallStatus(); + + if (!$this->status['config']) { + if (!$this->createSettingsFile($params)) { + throw new InstallationException(elgg_echo('install:error:settings')); + } } if (!$this->connectToDatabase()) { throw new InstallationException(elgg_echo('install:error:databasesettings')); } - if (!$this->installDatabase()) { - throw new InstallationException(elgg_echo('install:error:cannotloadtables')); + + if (!$this->status['database']) { + if (!$this->installDatabase()) { + throw new InstallationException(elgg_echo('install:error:cannotloadtables')); + } } // load remaining core libraries @@ -278,7 +311,7 @@ class ElggInstaller { 'dbpassword' => array( 'type' => 'password', 'value' => '', - 'required' => TRUE, + 'required' => FALSE, ), 'dbname' => array( 'type' => 'text', @@ -355,11 +388,10 @@ class ElggInstaller { protected function settings($submissionVars) { global $CONFIG; - $languages = get_installed_translations(); $formVars = array( 'sitename' => array( 'type' => 'text', - 'value' => 'New Elgg site', + 'value' => 'My New Community', 'required' => TRUE, ), 'siteemail' => array( @@ -382,12 +414,6 @@ class ElggInstaller { 'value' => '', 'required' => TRUE, ), - 'language' => array( - 'type' => 'dropdown', - 'value' => 'en', - 'options_values' => $languages, - 'required' => TRUE, - ), 'siteaccess' => array( 'type' => 'access', 'value' => ACCESS_PUBLIC, @@ -395,8 +421,19 @@ class ElggInstaller { ), ); + // if Apache, we give user option of having Elgg create data directory + //if (ElggRewriteTester::guessWebServer() == 'apache') { + // $formVars['dataroot']['type'] = 'combo'; + // $CONFIG->translations['en']['install:settings:help:dataroot'] = + // $CONFIG->translations['en']['install:settings:help:dataroot:apache']; + //} + if ($this->isAction) { do { + //if (!$this->createDataDirectory($submissionVars, $formVars)) { + // break; + //} + if (!$this->validateSettingsVars($submissionVars, $formVars)) { break; } @@ -454,7 +491,7 @@ class ElggInstaller { 'required' => TRUE, ), ); - + if ($this->isAction) { do { if (!$this->validateAdminVars($submissionVars, $formVars)) { @@ -493,11 +530,7 @@ class ElggInstaller { $params = array(); if ($this->autoLogin) { - // remind users to enable / disable desired tools - $msg = elgg_echo('firstadminlogininstructions'); - elgg_add_admin_notice('first_installation_plugin_reminder', $msg); - - $params['destination'] = 'pg/admin/plugins/simple'; + $params['destination'] = 'admin'; } else { $params['destination'] = 'index.php'; } @@ -538,7 +571,12 @@ class ElggInstaller { * @return string */ protected function getNextStep($currentStep) { - return $this->steps[1 + array_search($currentStep, $this->steps)]; + $index = 1 + array_search($currentStep, $this->steps); + if (isset($this->steps[$index])) { + return $this->steps[$index]; + } else { + return null; + } } /** @@ -568,6 +606,8 @@ class ElggInstaller { $this->loadSettingsFile(); + $this->status['config'] = TRUE; + // must be able to connect to database to jump install steps $dbSettingsPass = $this->checkDatabaseSettings( $CONFIG->dbuser, @@ -686,8 +726,9 @@ class ElggInstaller { // bootstrapping with required files in a required order $required_files = array( - 'elgglib.php', 'views.php', 'access.php', 'system_log.php', 'export.php', 'configuration.php', - 'sessions.php', 'languages.php', 'input.php', 'install.php', 'cache.php', 'output.php' + 'elgglib.php', 'views.php', 'access.php', 'system_log.php', 'export.php', + 'configuration.php', 'sessions.php', 'languages.php', 'pageowner.php', + 'input.php', 'cache.php', 'output.php', ); foreach ($required_files as $file) { @@ -712,11 +753,16 @@ class ElggInstaller { $dbIndex = array_search('database', $this->getSteps()); $settingsIndex = array_search('settings', $this->getSteps()); + $adminIndex = array_search('admin', $this->getSteps()); + $completeIndex = array_search('complete', $this->getSteps()); $stepIndex = array_search($step, $this->getSteps()); - if ($stepIndex <= $settingsIndex) { - // install has its own session handling before the db created and set up - session_name('Elgg'); + // To log in the user, we need to use the Elgg core session handling. + // Otherwise, use default php session handling + $useElggSession = ($stepIndex == $adminIndex && $this->isAction) || + $stepIndex == $completeIndex; + if (!$useElggSession) { + session_name('Elgg_install'); session_start(); elgg_unregister_event_handler('boot', 'system', 'session_init'); } @@ -739,11 +785,12 @@ class ElggInstaller { 'memcache.php', 'metadata.php', 'metastrings.php', 'navigation.php', 'notification.php', 'objects.php', 'opendd.php', 'pagehandler.php', - 'pageowner.php', 'pam.php', 'plugins.php', + 'pam.php', 'plugins.php', 'private_settings.php', 'relationships.php', 'river.php', 'sites.php', 'statistics.php', 'tags.php', 'user_settings.php', - 'users.php', 'version.php', 'web_services.php', - 'widgets.php', 'xml.php', 'xml-rpc.php' + 'users.php', 'upgrade.php', 'web_services.php', + 'widgets.php', 'xml.php', 'xml-rpc.php', + 'deprecated-1.7.php', 'deprecated-1.8.php', ); foreach ($lib_files as $file) { @@ -754,11 +801,17 @@ class ElggInstaller { } } - $this->initGlobals(); - - set_default_config(); + setup_db_connections(); + register_translations(dirname(dirname(__FILE__)) . "/languages/"); + + if ($stepIndex > $settingsIndex) { + $CONFIG->site_guid = (int) datalist_get('default_site'); + $CONFIG->site_id = $CONFIG->site_guid; + $CONFIG->site = get_entity($CONFIG->site_guid); + $CONFIG->dataroot = datalist_get('dataroot'); + _elgg_session_boot(NULL, NULL, NULL); + } - elgg_trigger_event('boot', 'system'); elgg_trigger_event('init', 'system'); } } @@ -777,6 +830,10 @@ class ElggInstaller { $CONFIG->wwwroot = $this->getBaseUrl(); $CONFIG->url = $CONFIG->wwwroot; $CONFIG->path = dirname(dirname(__FILE__)) . '/'; + $CONFIG->viewpath = $CONFIG->path . 'views/'; + $CONFIG->pluginspath = $CONFIG->path . 'mod/'; + $CONFIG->context = array(); + $CONFIG->entity_types = array('group', 'object', 'site', 'user'); } /** @@ -1015,6 +1072,13 @@ class ElggInstaller { 'message' => elgg_echo("install:check:php:register_globals") ); } + + if (ini_get('session.auto_start')) { + $phpReport[] = array( + 'severity' => 'failure', + 'message' => elgg_echo("install:check:php:session.auto_start") + ); + } } /** @@ -1027,8 +1091,6 @@ class ElggInstaller { protected function checkRewriteRules(&$report) { global $CONFIG; - require_once(dirname(__FILE__) . "/ElggRewriteTester.php"); - $tester = new ElggRewriteTester(); $url = elgg_get_site_url() . "rewrite.php"; $report['rewrite'] = array($tester->run($url, $CONFIG->path)); @@ -1086,11 +1148,21 @@ class ElggInstaller { foreach ($formVars as $field => $info) { if ($info['required'] == TRUE && !$submissionVars[$field]) { $name = elgg_echo("install:database:label:$field"); - register_error("$name is required"); + register_error(elgg_echo('install:error:requiredfield', array($name))); return FALSE; } } + // according to postgres documentation: SQL identifiers and key words must + // begin with a letter (a-z, but also letters with diacritical marks and + // non-Latin letters) or an underscore (_). Subsequent characters in an + // identifier or key word can be letters, underscores, digits (0-9), or dollar signs ($). + // Refs #4994 + if (!preg_match("/^[a-zA-Z_][\w]*$/", $submissionVars['dbprefix'])) { + register_error(elgg_echo('install:error:database_prefix')); + return FALSE; + } + return $this->checkDatabaseSettings( $submissionVars['dbuser'], $submissionVars['dbpassword'], @@ -1223,6 +1295,39 @@ class ElggInstaller { */ /** + * Create the data directory if requested + * + * @param array $submissionVars Submitted vars + * @param array $formVars Variables in the form + * @return bool + */ + protected function createDataDirectory(&$submissionVars, $formVars) { + // did the user have option of Elgg creating the data directory + if ($formVars['dataroot']['type'] != 'combo') { + return TRUE; + } + + // did the user select the option + if ($submissionVars['dataroot'] != 'dataroot-checkbox') { + return TRUE; + } + + $dir = sanitise_filepath($submissionVars['path']) . 'data'; + if (file_exists($dir) || mkdir($dir, 0700)) { + $submissionVars['dataroot'] = $dir; + if (!file_exists("$dir/.htaccess")) { + $htaccess = "Order Deny,Allow\nDeny from All\n"; + if (!file_put_contents("$dir/.htaccess", $htaccess)) { + return FALSE; + } + } + return TRUE; + } + + return FALSE; + } + + /** * Validate the site settings form variables * * @param array $submissionVars Submitted vars @@ -1231,15 +1336,39 @@ class ElggInstaller { * @return bool */ protected function validateSettingsVars($submissionVars, $formVars) { + global $CONFIG; foreach ($formVars as $field => $info) { - if ($info['required'] == TRUE && !$submissionVars[$field]) { + $submissionVars[$field] = trim($submissionVars[$field]); + if ($info['required'] == TRUE && $submissionVars[$field] === '') { $name = elgg_echo("install:settings:label:$field"); register_error(elgg_echo('install:error:requiredfield', array($name))); return FALSE; } } + // check that data root is absolute path + if (stripos(PHP_OS, 'win') === 0) { + if (strpos($submissionVars['dataroot'], ':') !== 1) { + $msg = elgg_echo('install:error:relative_path', array($submissionVars['dataroot'])); + register_error($msg); + return FALSE; + } + } else { + if (strpos($submissionVars['dataroot'], '/') !== 0) { + $msg = elgg_echo('install:error:relative_path', array($submissionVars['dataroot'])); + register_error($msg); + return FALSE; + } + } + + // check that data root exists + if (!file_exists($submissionVars['dataroot'])) { + $msg = elgg_echo('install:error:datadirectoryexists', array($submissionVars['dataroot'])); + register_error($msg); + return FALSE; + } + // check that data root is writable if (!is_writable($submissionVars['dataroot'])) { $msg = elgg_echo('install:error:writedatadirectory', array($submissionVars['dataroot'])); @@ -1247,11 +1376,13 @@ class ElggInstaller { return FALSE; } - // check that data root is not subdirectory of Elgg root - if (stripos($submissionVars['dataroot'], $submissionVars['path']) !== FALSE) { - $msg = elgg_echo('install:error:locationdatadirectory', array($submissionVars['dataroot'])); - register_error($msg); - return FALSE; + if (!isset($CONFIG->data_dir_override) || !$CONFIG->data_dir_override) { + // check that data root is not subdirectory of Elgg root + if (stripos($submissionVars['dataroot'], $submissionVars['path']) === 0) { + $msg = elgg_echo('install:error:locationdatadirectory', array($submissionVars['dataroot'])); + register_error($msg); + return FALSE; + } } // check that email address is email address @@ -1283,11 +1414,11 @@ class ElggInstaller { $submissionVars['wwwroot'] = sanitise_filepath($submissionVars['wwwroot']); $site = new ElggSite(); - $site->name = $submissionVars['sitename']; - $site->url = $submissionVars['wwwroot']; + $site->name = strip_tags($submissionVars['sitename']); + $site->url = $submissionVars['wwwroot']; $site->access_id = ACCESS_PUBLIC; - $site->email = $submissionVars['siteemail']; - $guid = $site->save(); + $site->email = $submissionVars['siteemail']; + $guid = $site->save(); if (!$guid) { register_error(elgg_echo('install:error:createsite')); @@ -1304,27 +1435,21 @@ class ElggInstaller { datalist_set('default_site', $site->getGUID()); datalist_set('version', get_version()); datalist_set('simplecache_enabled', 1); - datalist_set('viewpath_cache_enabled', 1); + datalist_set('system_cache_enabled', 1); // new installations have run all the upgrades $upgrades = elgg_get_upgrade_files($submissionVars['path'] . 'engine/lib/upgrades/'); datalist_set('processed_upgrades', serialize($upgrades)); set_config('view', 'default', $site->getGUID()); - set_config('language', $submissionVars['language'], $site->getGUID()); + set_config('language', 'en', $site->getGUID()); set_config('default_access', $submissionVars['siteaccess'], $site->getGUID()); set_config('allow_registration', TRUE, $site->getGUID()); set_config('walled_garden', FALSE, $site->getGUID()); + set_config('allow_user_default_access', '', $site->getGUID()); $this->enablePlugins(); - // reset the views path in case of installing over an old data dir. - $dataroot = datalist_get('dataroot'); - $cache = new ElggFileCache($dataroot); - $cache->delete('view_paths'); - elgg_invalidate_simplecache(); - elgg_regenerate_simplecache(); - return TRUE; } @@ -1337,8 +1462,8 @@ class ElggInstaller { elgg_generate_plugin_entities(); $plugins = elgg_get_plugins('any'); foreach ($plugins as $plugin) { - if ($plugin->manifest) { - if ($plugin->manifest->getActivateOnInstall()) { + if ($plugin->getManifest()) { + if ($plugin->getManifest()->getActivateOnInstall()) { $plugin->activate(); } } @@ -1404,29 +1529,36 @@ class ElggInstaller { protected function createAdminAccount($submissionVars, $login = FALSE) { global $CONFIG; - $guid = register_user( - $submissionVars['username'], - $submissionVars['password1'], - $submissionVars['displayname'], - $submissionVars['email'] - ); + try { + $guid = register_user( + $submissionVars['username'], + $submissionVars['password1'], + $submissionVars['displayname'], + $submissionVars['email'] + ); + } catch (Exception $e) { + register_error($e->getMessage()); + return false; + } if (!$guid) { register_error(elgg_echo('install:admin:cannot_create')); - return FALSE; + return false; } $user = get_entity($guid); if (!$user) { register_error(elgg_echo('install:error:loadadmin')); - return FALSE; + return false; } elgg_set_ignore_access(TRUE); if ($user->makeAdmin() == FALSE) { register_error(elgg_echo('install:error:adminaccess')); + } else { + datalist_set('admin_registered', 1); } - elgg_set_ignore_access(FALSE); + elgg_set_ignore_access(false); // add validation data to satisfy user validation plugins create_metadata($guid, 'validated', TRUE, '', 0, ACCESS_PUBLIC); @@ -1440,19 +1572,4 @@ class ElggInstaller { return TRUE; } - - /** - * Init globals because engine loaded within a function - * - * @return void - */ - protected function initGlobals() { - global $DB_QUERY_CACHE, $DB_DELAYED_QUERIES; - $DB_QUERY_CACHE = array(); - $DB_DELAYED_QUERIES = array(); - - global $METASTRINGS_CACHE, $METASTRINGS_DEADNAME_CACHE; - $METASTRINGS_CACHE = array(); - $METASTRINGS_DEADNAME_CACHE = array(); - } } |