<?php
+/* Log the user out if it was logged in.
+ * This is mostly for devs running the install screen and
+ * fater succeeding the first screen suddenly being logged in
+ * with old credentials/uid weirdness.
+ * Code from example #1 at https://www.php.net/manual/en/function.session-destroy.php
+ */
+session_start();
+$_SESSION = Array();
+if (ini_get("session.use_cookies")) {
+ $params = session_get_cookie_params();
+ setcookie(session_name(), '', time() - 42000,
+ $params["path"], $params["domain"],
+ $params["secure"], $params["httponly"]
+ );
+}
+session_destroy();
-require_once "../common.php";
+require_once "../inc/common.php";
/* Get the base url */
$uri = $_SERVER['REQUEST_URI'];
$auth_method_name = NULL;
switch($auth_method)
{
- case "sql_auth":
- $auth_method_name = "SQLAuth";
+ case "sql_db":
+ $auth_method_name = "SQLDB";
break;
- case "file_auth":
- $auth_method_name = "FileAuth";
+ case "file_db":
+ $auth_method_name = "FileDB";
break;
}
if ($auth_method)
$config["base_url"] = BASE_URL;
$config["plugins"] = Array("$auth_method");
- if ($auth_method == "sql_auth")
+ if ($auth_method == "sql_db")
{
$config["mysql"] = [
"host" => $opts->sql_host,
];
}
+ generate_secrets();
+
/* First, write only the config file */
write_config_file();
- if ($auth_method == "sql_auth")
- if (!sql_auth::create_tables())
+ if ($auth_method == "sql_db")
+ {
+ sql_db::delete_tables();
+ if (!sql_db::create_tables())
Message::Fail("Could not create SQL tables");
+ } else if ($auth_method == "file_db")
+ {
+ file_db::delete_db();
+ }
$user = [
"user_name" => $opts->account_user,
Message::Fail("Could not create user");
return;
}
- $lkup->add_permission(PERMISSION_MANAGE_USERS);
+ $lkup->add_meta('role', 'Super-Admin');
+
+ /* Enable lookups on HIBP by default */
+ $config['hibp'] = true;
/* Now, write all the config (config.php + settings in DB) */
write_config();
<!-- Form start -->
<form method="post">
<div id="page3" class="container">
- <h5>Authentication Backend</h5>
+ <h5>Database Backend</h5>
<br>
- Which authentication backend would you like to use?
+ Which database backend would you like to use?
<br><br>
Please choose from the available options:
<div class="form-group">
<div class="form-check">
- <input class="form-check-input" type="radio" name="auth_method" id="file_auth_radio" value="file_auth">
- <label class="form-check-label" for="file_auth_radio">
- File-based Authentication (Uses local files as a database, no setup needed)
+ <input class="form-check-input" type="radio" name="auth_method" id="file_db_radio" value="file_db">
+ <label class="form-check-label" for="file_db_radio">
+ File-based database (Uses local files as a database, no additional setup needed)
</label>
</div>
<div class="form-check">
- <input class="form-check-input" type="radio" name="auth_method" id="sql_auth_radio" value="sql_auth">
- <label class="form-check-label" for="sql_auth_radio">
- SQL Authentication (Requires an SQL database)
+ <input class="form-check-input" type="radio" name="auth_method" id="sql_db_radio" value="sql_db">
+ <label class="form-check-label" for="sql_db_radio">
+ SQL Database (Requires an SQL database)
</label>
</div>
</div>
</div>
<div class="form-group">
<label for="sql_username">Username</label>
- <input name="sql_user" type="text" class="revalidation-needed-sql form-control" id="sql_user" aria-describedby="username_help">
+ <input name="sql_user" type="text" class="revalidation-needed-sql form-control" id="sql_user" aria-describedby="username_help" autocomplete="new-password">
<small id="username_help" class="form-text text-muted">The name of SQL user</small>
</div>
<div class="form-group">
<label for="sql_password">Password</label>
- <input name="sql_password" type="password" class="revalidation-needed-sql form-control" id="sql_password">
+ <input name="sql_password" type="password" class="revalidation-needed-sql form-control" id="sql_password" autocomplete="new-password">
</div>
<div class="form-group">
<label for="sql_table_prefix">Table prefix</label>
</div>
</div>
</form>
+
+<!-- Database overwrite prompt -->
+<div class="modal fade" id="db_overwrite_modal" tabindex="-1" role="dialog" aria-labelledby="confirmModalCenterTitle" aria-hidden="true">
+ <div class="modal-dialog modal-dialog-centered" role="document">
+ <div class="modal-content">
+ <div class="modal-header">
+ <h5 class="modal-title" id="myModalLabel">Database already contains data</h5>
+ <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+ <span aria-hidden="true">×</span>
+ </button>
+ </div>
+ <div class="modal-body">
+ The database already exists and contains data.
+ If you continue then this existing data will be deleted.
+ </div>
+ <div class="modal-footer">
+ <button id="CloseButton" type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
+ <button id="ProceedButton" type="button" class="btn btn-danger" onclick="nextstep();">Continue</button>
+ </form>
+ </div>
+ </div>
+ </div>
+</div>
+
+<!-- Database error dialog -->
+<div class="modal fade" id="db_error_modal" tabindex="-1" role="dialog" aria-labelledby="confirmModalCenterTitle" aria-hidden="true">
+ <div class="modal-dialog modal-dialog-centered" role="document">
+ <div class="modal-content">
+ <div class="modal-header">
+ <h5 class="modal-title" id="myModalLabel">Database server error</h5>
+ <button type="button" class="close" data-dismiss="modal" aria-label="Close">
+ <span aria-hidden="true">×</span>
+ </button>
+ </div>
+ <div class="modal-body" id="db_error_text">
+ Unable to connect to the database.
+ </div>
+ <div class="modal-footer">
+ <button id="CloseButton" type="button" class="btn btn-primary" data-dismiss="modal">Ok</button>
+ </form>
+ </div>
+ </div>
+ </div>
+</div>
+
<script>
let BASE_URL = '<?php echo BASE_URL; ?>';
let chmod_help = document.getElementById('chmod_help');
let page3 = document.getElementById('page3');
let page4 = document.getElementById('page4');
- let file_auth_radio = document.getElementById('file_auth_radio');
- let sql_auth_radio = document.getElementById('sql_auth_radio');
+ let file_db_radio = document.getElementById('file_db_radio');
+ let sql_db_radio = document.getElementById('sql_db_radio');
let sql_form = document.getElementById('sql_form');
let sql_host = document.getElementById('sql_host');
let sql_db = document.getElementById('sql_db');
}
page3_next.addEventListener('click', e => {
+<?php if (file_exists(UPATH.'/data/database.php')) { ?>
+ $('#db_overwrite_modal').modal();
+ e.preventDefault();
+ return false;
+<?php } ?>
page3.style.display = 'none';
page4.style.display = '';
});
- file_auth_radio.addEventListener('click', e => {
- if (file_auth_radio.checked){
+ file_db_radio.addEventListener('click', e => {
+ if (file_db_radio.checked){
sql_form.style.display = 'none';
sql_test_conn.style.display = 'none';
page3_next.style.display = '';
}
});
- sql_auth_radio.addEventListener('click', e => {
- if (!file_auth_radio.checked){
+ sql_db_radio.addEventListener('click', e => {
+ if (!file_db_radio.checked){
sql_form.style.display = '';
sql_test_conn.style.display = '';
page3_next.style.display = 'none';
sql_test_conn.addEventListener('click', e => {
sql_test_conn.classList.add('disabled');
sql_test_conn.innerHTML = "Checking...";
- fetch(BASE_URL + 'api/installation.php?method=sql&host='+sql_host.value+'&database='+sql_db.value+'&user='+sql_user.value+'&password='+sql_pass.value)
+ fetch(BASE_URL + 'api/installation.php', {
+ method:'POST',
+ headers: {'Content-Type':'application/x-www-form-urlencoded'},
+ body: 'method=sql&'+
+ 'host='+encodeURIComponent(sql_host.value)+
+ '&database='+encodeURIComponent(sql_db.value)+
+ '&user='+encodeURIComponent(sql_user.value)+
+ '&password='+encodeURIComponent(sql_pass.value)+
+ '&table_prefix='+encodeURIComponent(sql_table_prefix.value)
+ })
.then(response => response.json())
.then(data => {
if (data.success)
{
- // do something with the JSON data
- sql_test_conn.innerHTML = "Success!";
- setTimeout(function() {
- sql_test_conn.style.display = 'none';
- page3_next.style.display = '';
- }, 2000);
+ nextstep();
+ } else
+ if (data.warn)
+ {
+ $('#db_overwrite_modal').modal();
}
else
{
sql_test_conn.innerHTML = "Failed!";
+ $('#db_error_text').html(data.error ? data.error : 'An error occured while connecting to the DB server');
+ $('#db_error_modal').modal();
setTimeout(function() {
sql_test_conn.innerHTML = "Test connection";
sql_test_conn.classList.remove('disabled');
page4.style.display = 'none';
});
+
+ function nextstep()
+ {
+ $('#db_overwrite_modal').modal('hide');
+ page3.style.display = 'none';
+ page4.style.display = '';
+ window.scrollTo(0,0);
+ }
</script>
\ No newline at end of file