0
+ − 1
<?php
+ − 2
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
165
+ − 5
* Version 1.1.1
0
+ − 6
* upgrade.php - upgrade script
+ − 7
* Copyright (C) 2006-2007 Dan Fuhry
+ − 8
*
+ − 9
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11
*
+ − 12
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14
*/
+ − 15
+ − 16
define('IN_ENANO_INSTALL', 'true');
+ − 17
+ − 18
if(!defined('scriptPath')) {
+ − 19
$sp = dirname($_SERVER['REQUEST_URI']);
+ − 20
if($sp == '/' || $sp == '\\') $sp = '';
+ − 21
define('scriptPath', $sp);
+ − 22
}
+ − 23
+ − 24
if(!defined('contentPath')) {
+ − 25
$sp = dirname($_SERVER['REQUEST_URI']);
+ − 26
if($sp == '/' || $sp == '\\') $sp = '';
+ − 27
define('contentPath', $sp);
+ − 28
}
+ − 29
+ − 30
global $_starttime, $this_page, $sideinfo;
+ − 31
$_starttime = microtime(true);
+ − 32
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 33
// Determine directory (special case for development servers)
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 34
if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 35
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 36
$filename = str_replace('/repo/', '/', __FILE__);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 37
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 38
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 39
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 40
$filename = __FILE__;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 41
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 42
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 43
define('ENANO_ROOT', dirname($filename));
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 44
0
+ − 45
require(ENANO_ROOT.'/includes/constants.php');
+ − 46
+ − 47
if(defined('ENANO_DEBUG'))
+ − 48
{
+ − 49
require_once(ENANO_ROOT.'/includes/debugger/debugConsole.php');
+ − 50
}
+ − 51
else
+ − 52
{
+ − 53
function dc_here($m) { return false; }
+ − 54
function dc_dump($a, $g) { return false; }
+ − 55
function dc_watch($n) { return false; }
+ − 56
function dc_start_timer($u) { return false; }
+ − 57
function dc_stop_timer($m) { return false; }
+ − 58
}
+ − 59
+ − 60
// SCRIPT CONFIGURATION
+ − 61
// Everything related to versions goes here!
+ − 62
+ − 63
// Valid versions to upgrade from
148
+ − 64
$valid_versions = Array('1.0b1', '1.0b2', '1.0b3', '1.0b4', '1.0RC1', '1.0RC2', '1.0RC3', '1.0', '1.0.1', '1.0.1.1', '1.0.2b1');
0
+ − 65
+ − 66
// Basically a list of dependencies, which should be resolved automatically
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 67
// If, for example, upgrading from 1.0b1 to 1.0RC1 requires one extra query that would not
0
+ − 68
// normally be required (for whatever reason) then you would add a custom version number to the array under key '1.0b1'.
+ − 69
$deps_list = Array(
+ − 70
'1.0b1' => Array('1.0b2'),
+ − 71
'1.0b2' => Array('1.0b3'),
+ − 72
'1.0b3' => Array('1.0b4'),
+ − 73
'1.0b4' => Array('1.0RC1'),
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 74
'1.0RC1' => Array('1.0RC2'),
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 75
'1.0RC2' => Array('1.0RC3'),
129
0b5244001799
Rebranded as 1.0.1.1; fixed category page drawing bug; updated link to GPL in the about page to the GPLv2
Dan
diff
changeset
+ − 76
'1.0RC3' => Array('1.0'),
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
diff
changeset
+ − 77
'1.0' => Array('1.0.1'),
148
+ − 78
'1.0.1' => Array('1.0.1.1'),
+ − 79
'1.0.1.1' => Array('1.0.2b1')
0
+ − 80
);
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
diff
changeset
+ − 81
$this_version = '1.0.2';
0
+ − 82
$func_list = Array(
112
+ − 83
'1.0' => Array('u_1_0_1_update_del_votes'),
31
+ − 84
'1.0b4' => Array('u_1_0_RC1_update_user_ids', 'u_1_0_RC1_add_admins_to_group', 'u_1_0_RC1_alter_files_table', 'u_1_0_RC1_destroy_session_cookie', 'u_1_0_RC1_set_contact_email', 'u_1_0_RC1_update_page_text'), // ,
16
+ − 85
// '1.0RC2' => Array('u_1_0_populate_userpage_comments')
31
+ − 86
'1.0RC3' => Array('u_1_0_RC3_make_users_extra')
0
+ − 87
);
+ − 88
+ − 89
if(!isset($_GET['mode']))
+ − 90
{
+ − 91
$_GET['mode'] = 'login';
+ − 92
}
+ − 93
+ − 94
function err($t)
+ − 95
{
+ − 96
global $template;
+ − 97
echo $t;
+ − 98
$template->footer();
+ − 99
exit;
+ − 100
}
+ − 101
+ − 102
require(ENANO_ROOT.'/includes/template.php');
+ − 103
+ − 104
// Initialize the session manager
+ − 105
require(ENANO_ROOT.'/includes/functions.php');
+ − 106
require(ENANO_ROOT.'/includes/dbal.php');
+ − 107
require(ENANO_ROOT.'/includes/paths.php');
+ − 108
require(ENANO_ROOT.'/includes/sessions.php');
+ − 109
require(ENANO_ROOT.'/includes/plugins.php');
+ − 110
require(ENANO_ROOT.'/includes/rijndael.php');
+ − 111
require(ENANO_ROOT.'/includes/render.php');
+ − 112
$db = new mysql();
+ − 113
$db->connect();
+ − 114
+ − 115
$plugins = new pluginLoader();
+ − 116
+ − 117
if(!defined('ENANO_CONFIG_FETCHED'))
+ − 118
{
+ − 119
// Select and fetch the site configuration
+ − 120
$e = $db->sql_query('SELECT config_name, config_value FROM '.table_prefix.'config;');
+ − 121
if ( !$e )
+ − 122
{
+ − 123
$db->_die('Some critical configuration information could not be selected.');
+ − 124
}
+ − 125
else
+ − 126
{
+ − 127
define('ENANO_CONFIG_FETCHED', ''); // Used in die_semicritical to figure out whether to call getConfig() or not
+ − 128
}
+ − 129
+ − 130
$enano_config = Array();
+ − 131
while($r = $db->fetchrow())
+ − 132
{
+ − 133
$enano_config[$r['config_name']] = $r['config_value'];
+ − 134
}
+ − 135
$db->free_result();
+ − 136
}
+ − 137
+ − 138
$v = enano_version();
+ − 139
if(in_array($v, Array(false, '', '1.0b3', '1.0b4')))
+ − 140
{
+ − 141
$ul_admin = 2;
+ − 142
$ul_mod = 1;
+ − 143
$ul_member = 0;
+ − 144
$ul_guest = -1;
+ − 145
}
+ − 146
else
+ − 147
{
+ − 148
$ul_admin = USER_LEVEL_ADMIN;
+ − 149
$ul_mod = USER_LEVEL_MOD;
+ − 150
$ul_member = USER_LEVEL_MEMBER;
+ − 151
$ul_guest = USER_LEVEL_GUEST;
+ − 152
}
+ − 153
+ − 154
$_GET['title'] = 'unset';
+ − 155
+ − 156
$session = new sessionManager();
+ − 157
$paths = new pathManager();
+ − 158
$session->start();
+ − 159
+ − 160
$template = new template_nodb();
+ − 161
$template->load_theme('oxygen', 'bleu', false);
+ − 162
+ − 163
$modestrings = Array(
+ − 164
'login' => 'Administrative login',
+ − 165
'welcome' => 'Welcome',
+ − 166
'setversion' => 'Select Enano version',
+ − 167
'confirm' => 'Confirm upgrade',
+ − 168
'upgrade' => 'Database installation',
+ − 169
'finish' => 'Upgrade complete'
+ − 170
);
+ − 171
+ − 172
$sideinfo = '';
+ − 173
$vars = $template->extract_vars('elements.tpl');
+ − 174
$p = $template->makeParserText($vars['sidebar_button']);
+ − 175
foreach ( $modestrings as $id => $str )
+ − 176
{
+ − 177
if ( $_GET['mode'] == $id )
+ − 178
{
+ − 179
$flags = 'style="font-weight: bold; text-decoration: underline;"';
+ − 180
$this_page = $str;
+ − 181
}
+ − 182
else
+ − 183
{
+ − 184
$flags = '';
+ − 185
}
+ − 186
$p->assign_vars(Array(
+ − 187
'HREF' => '#',
+ − 188
'FLAGS' => $flags . ' onclick="return false;"',
+ − 189
'TEXT' => $str
+ − 190
));
+ − 191
$sideinfo .= $p->run();
+ − 192
}
+ − 193
+ − 194
$template->init_vars();
+ − 195
+ − 196
function upg_assign_vars($schema)
+ − 197
{
+ − 198
$schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string(getConfig('site_name')), $schema);
+ − 199
$schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string(getConfig('site_desc')), $schema);
+ − 200
$schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string(getConfig('copyright_notice')), $schema);
+ − 201
$schema = str_replace('{{TABLE_PREFIX}}', table_prefix, $schema);
+ − 202
if(getConfig('wiki_mode')=='1') $schema = str_replace('{{WIKI_MODE}}', '1', $schema);
+ − 203
else $schema = str_replace('{{WIKI_MODE}}', '0', $schema);
+ − 204
return $schema;
+ − 205
}
+ − 206
+ − 207
/* Version-specific functions */
+ − 208
+ − 209
function u_1_0_RC1_update_user_ids()
+ − 210
{
+ − 211
global $db;
+ − 212
// First, make sure this hasn't already been done
+ − 213
$q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE user_id=1;');
+ − 214
if ( !$q )
+ − 215
$db->_die();
+ − 216
$row = $db->fetchrow();
+ − 217
if ( $row['username'] == 'Anonymous' )
+ − 218
return true;
+ − 219
// Find the first unused user ID
+ − 220
$used = Array();
95
1dac77b46f07
Changed style of copyright in St. Patty; first attempt at fixing some upgrade issues from beta 3 or so
dan
diff
changeset
+ − 221
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users;');
0
+ − 222
if ( !$q )
+ − 223
$db->_die();
95
1dac77b46f07
Changed style of copyright in St. Patty; first attempt at fixing some upgrade issues from beta 3 or so
dan
diff
changeset
+ − 224
$notfirst = false;
0
+ − 225
while ( $row = $db->fetchrow() )
+ − 226
{
+ − 227
$i = intval($row['user_id']);
+ − 228
$used[$i] = true;
95
1dac77b46f07
Changed style of copyright in St. Patty; first attempt at fixing some upgrade issues from beta 3 or so
dan
diff
changeset
+ − 229
if ( !isset($used[$i - 1]) && $notfirst )
0
+ − 230
{
+ − 231
$id = $i - 1;
+ − 232
break;
+ − 233
}
95
1dac77b46f07
Changed style of copyright in St. Patty; first attempt at fixing some upgrade issues from beta 3 or so
dan
diff
changeset
+ − 234
$notfirst = true;
0
+ − 235
}
+ − 236
if ( !isset($id) )
+ − 237
$id = $i + 1;
95
1dac77b46f07
Changed style of copyright in St. Patty; first attempt at fixing some upgrade issues from beta 3 or so
dan
diff
changeset
+ − 238
if ( $id == 0 )
1dac77b46f07
Changed style of copyright in St. Patty; first attempt at fixing some upgrade issues from beta 3 or so
dan
diff
changeset
+ − 239
$id = 2;
0
+ − 240
$db->free_result();
+ − 241
+ − 242
$q = $db->sql_query('UPDATE '.table_prefix.'users SET user_id=' . $id . ' WHERE user_id=1;');
+ − 243
if(!$q)
+ − 244
$db->_die();
+ − 245
$q = $db->sql_query('UPDATE '.table_prefix.'users SET user_id=1 WHERE user_id=-1 AND username=\'Anonymous\';');
+ − 246
if(!$q)
+ − 247
$db->_die();
+ − 248
+ − 249
}
+ − 250
+ − 251
function u_1_0_RC1_add_admins_to_group()
+ − 252
{
+ − 253
global $db;
+ − 254
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_level=' . USER_LEVEL_ADMIN . ';');
+ − 255
if ( !$q )
+ − 256
$db->_die();
+ − 257
$base = 'INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES';
+ − 258
$blocks = Array();
+ − 259
while ( $row = $db->fetchrow($q) )
+ − 260
{
+ − 261
$blocks[] = '(2,' . $row['user_id'] . ')';
+ − 262
}
+ − 263
$blocks = implode(',', $blocks);
+ − 264
$sql = $base . $blocks . ';';
+ − 265
if(!$db->sql_query($sql))
+ − 266
$db->_die();
+ − 267
}
+ − 268
+ − 269
function u_1_0_RC1_alter_files_table()
+ − 270
{
+ − 271
global $db;
+ − 272
if(!is_dir(ENANO_ROOT.'/files'))
+ − 273
@mkdir(ENANO_ROOT . '/files');
+ − 274
if(!is_dir(ENANO_ROOT.'/files'))
+ − 275
die('ERROR: Couldn\'t create files directory');
+ − 276
$q = $db->sql_unbuffered_query('SELECT * FROM '.table_prefix.'files;', $db->_conn);
+ − 277
if(!$q) $db->_die();
+ − 278
while ( $row = $db->fetchrow() )
+ − 279
{
+ − 280
$file_data = base64_decode($row['data']);
+ − 281
$path = ENANO_ROOT . '/files/' . md5( $row['filename'] . '_' . $file_data ) . '_' . $row['time_id'] . $row['file_extension'];
+ − 282
@unlink($path);
+ − 283
$handle = @fopen($path, 'w');
+ − 284
if(!$handle)
+ − 285
die('fopen failed');
+ − 286
fwrite($handle, $file_data);
+ − 287
fclose($handle);
+ − 288
+ − 289
}
+ − 290
+ − 291
$q = $db->sql_query('ALTER TABLE '.table_prefix.'files DROP PRIMARY KEY, ADD COLUMN file_id int(12) NOT NULL auto_increment FIRST, ADD PRIMARY KEY (file_id), ADD COLUMN file_key varchar(32) NOT NULL;');
+ − 292
if(!$q) $db->_die();
+ − 293
+ − 294
$list = Array();
+ − 295
$q = $db->sql_unbuffered_query('SELECT * FROM '.table_prefix.'files;', $db->_conn);
+ − 296
if(!$q) $db->_die();
+ − 297
while ( $row = $db->fetchrow($q) )
+ − 298
{
+ − 299
$file_data = base64_decode($row['data']);
+ − 300
$key = md5( $row['filename'] . '_' . $file_data );
+ − 301
$list[] = 'UPDATE '.table_prefix.'files SET file_key=\'' . $key . '\' WHERE file_id=' . $row['file_id'] . ';';
+ − 302
}
+ − 303
+ − 304
foreach ( $list as $sql )
+ − 305
{
+ − 306
if(!$db->sql_query($sql)) $db->_die();
+ − 307
}
+ − 308
+ − 309
if(!$db->sql_query('ALTER TABLE '.table_prefix.'files DROP data')) $db->_die();
+ − 310
+ − 311
}
+ − 312
+ − 313
function u_1_0_RC1_destroy_session_cookie()
+ − 314
{
+ − 315
unset($_COOKIE['sid']);
+ − 316
setcookie('sid', '', time()-3600*24, scriptPath);
+ − 317
setcookie('sid', '', time()-3600*24, scriptPath.'/');
+ − 318
}
+ − 319
+ − 320
function u_1_0_RC1_set_contact_email()
+ − 321
{
+ − 322
global $db;
+ − 323
$q = $db->sql_query('SELECT email FROM '.table_prefix.'users WHERE user_level='.USER_LEVEL_ADMIN.' ORDER BY user_level ASC LIMIT 1;');
+ − 324
if(!$q)
+ − 325
$db->_die();
+ − 326
$row = $db->fetchrow();
+ − 327
setConfig('contact_email', $row['email']);
+ − 328
}
+ − 329
+ − 330
function u_1_0_RC1_update_page_text()
+ − 331
{
+ − 332
global $db;
+ − 333
$q = $db->sql_unbuffered_query('SELECT page_id,namespace,page_text,char_tag FROM '.table_prefix.'page_text');
+ − 334
if (!$q)
+ − 335
$db->_die();
+ − 336
+ − 337
$qs = array();
+ − 338
+ − 339
while ( $row = $db->fetchrow($q) )
+ − 340
{
+ − 341
$row['page_text'] = str_replace(Array(
+ − 342
"{QUOT:{$row['char_tag']}}",
+ − 343
"{APOS:{$row['char_tag']}}",
+ − 344
"{SLASH:{$row['char_tag']}}"
+ − 345
), Array(
+ − 346
'"', "'", '\\'
+ − 347
), $row['page_text']);
+ − 348
$qs[] = 'UPDATE '.table_prefix.'page_text SET page_text=\'' . mysql_real_escape_string($row['page_text']) . '\'
+ − 349
WHERE page_id=\'' . mysql_real_escape_string($row['page_id']) . '\' AND
+ − 350
namespace=\'' . mysql_real_escape_string($row['namespace']) . '\';';
+ − 351
}
+ − 352
+ − 353
foreach($qs as $query)
+ − 354
{
+ − 355
if(!$db->sql_query($query))
+ − 356
$db->_die();
+ − 357
}
+ − 358
}
+ − 359
112
+ − 360
function u_1_0_1_update_del_votes()
0
+ − 361
{
+ − 362
global $db;
112
+ − 363
$q = $db->sql_query('SELECT urlname, namespace, delvote_ips FROM '.table_prefix.'pages;');
0
+ − 364
if ( !$q )
+ − 365
$db->_die();
+ − 366
112
+ − 367
while ( $row = $db->fetchrow($q) )
0
+ − 368
{
112
+ − 369
$ips = strval($row['delvote_ips']);
+ − 370
if ( is_array( @unserialize($ips) ) )
+ − 371
continue;
+ − 372
$ips = explode('|', $ips);
+ − 373
$new = array(
+ − 374
'ip' => array(),
+ − 375
'u' => array()
+ − 376
);
+ − 377
$i = 0;
+ − 378
$prev = '';
+ − 379
$prev_is_ip = false;
+ − 380
foreach ( $ips as $ip )
+ − 381
{
+ − 382
$i++;
+ − 383
$current_is_ip = is_valid_ip($ip);
+ − 384
if ( $current_is_ip && $prev_is_ip )
+ − 385
{
113
+ − 386
$i++;
112
+ − 387
$new['u'][] = $prev;
+ − 388
}
+ − 389
if ( $current_is_ip )
+ − 390
{
+ − 391
$new['ip'][] = $ip;
+ − 392
}
+ − 393
else
+ − 394
{
+ − 395
$new['u'][] = $ip;
+ − 396
}
+ − 397
$prev = $ip;
+ − 398
$prev_is_ip = $current_is_ip;
+ − 399
}
113
+ − 400
if ( $i % 2 == 1 && $prev_is_ip )
+ − 401
{
+ − 402
$new['u'][] = $ip;
+ − 403
}
112
+ − 404
$new = serialize($new);
+ − 405
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET delvote_ips=\'' . $db->escape($new) . '\' WHERE urlname=\'' . $db->escape($row['urlname']) . '\' AND namespace=\'' . $db->escape($row['namespace']) . '\';');
+ − 406
if ( !$e )
+ − 407
$db->_die();
0
+ − 408
}
112
+ − 409
$db->free_result($q);
0
+ − 410
}
+ − 411
31
+ − 412
function u_1_0_RC3_make_users_extra()
+ − 413
{
+ − 414
global $db;
95
1dac77b46f07
Changed style of copyright in St. Patty; first attempt at fixing some upgrade issues from beta 3 or so
dan
diff
changeset
+ − 415
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_id > 0;');
31
+ − 416
if ( !$q )
+ − 417
$db->_die();
+ − 418
+ − 419
$ids = array();
+ − 420
while ( $row = $db->fetchrow() )
+ − 421
{
+ − 422
$ids[] = intval($row['user_id']);
+ − 423
}
+ − 424
+ − 425
$ids = '(' . implode('),(', $ids) . ')';
95
1dac77b46f07
Changed style of copyright in St. Patty; first attempt at fixing some upgrade issues from beta 3 or so
dan
diff
changeset
+ − 426
if ( $ids == '' )
1dac77b46f07
Changed style of copyright in St. Patty; first attempt at fixing some upgrade issues from beta 3 or so
dan
diff
changeset
+ − 427
return false;
31
+ − 428
$sql = "INSERT INTO " . table_prefix . "users_extra(user_id) VALUES$ids;";
+ − 429
+ − 430
if ( !$db->sql_query($sql) )
+ − 431
$db->_die();
+ − 432
}
+ − 433
0
+ − 434
switch($_GET['mode'])
+ − 435
{
+ − 436
case "login":
110
+ − 437
if ( $session->user_logged_in && $session->user_level < $ul_admin )
+ − 438
{
+ − 439
$template->header();
+ − 440
echo '<p>Your user account does not have permission to perform an upgrade of Enano. Return to the <a href="index.php">index page</a>.</p>';
+ − 441
$template->footer();
+ − 442
exit;
+ − 443
}
0
+ − 444
if($session->user_logged_in && $session->user_level >= $ul_admin)
+ − 445
{
+ − 446
if(isset($_POST['login']))
+ − 447
{
+ − 448
$session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_admin);
+ − 449
if($session->sid_super)
+ − 450
{
+ − 451
header('Location: upgrade.php?mode=welcome&auth='.$session->sid_super);
+ − 452
exit;
+ − 453
}
+ − 454
}
+ − 455
$template->header();
+ − 456
?>
+ − 457
<form action="upgrade.php?mode=login" method="post">
+ − 458
<table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4">
+ − 459
<tr>
+ − 460
<th colspan="2">You must re-authenticate to perform this upgrade.</th>
+ − 461
</tr>
+ − 462
<?php
+ − 463
if(isset($_POST['login']))
+ − 464
{
+ − 465
echo '<tr><td colspan="2"><p style="color: red;">Login failed. Bad password?</p></td></tr>';
+ − 466
}
+ − 467
?>
+ − 468
<tr>
+ − 469
<td>Username:</td><td><input type="text" name="username" size="30" /></td>
+ − 470
</tr>
+ − 471
<tr>
+ − 472
<td>Password:</td><td><input type="password" name="password" size="30" /></td>
+ − 473
</tr>
+ − 474
<tr>
+ − 475
<td colspan="2" style="text-align: center;"><input type="submit" name="login" value="Log in" />
+ − 476
</tr>
+ − 477
</table>
+ − 478
</form>
+ − 479
<?php
+ − 480
}
+ − 481
else
+ − 482
{
+ − 483
if(isset($_POST['login']))
+ − 484
{
+ − 485
$result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_member);
+ − 486
if($result == 'success')
+ − 487
{
+ − 488
header('Location: upgrade.php');
+ − 489
exit;
+ − 490
}
+ − 491
}
+ − 492
$template->header();
+ − 493
?>
+ − 494
<form action="upgrade.php?mode=login" method="post">
+ − 495
<table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4">
+ − 496
<tr>
+ − 497
<th colspan="2">Please log in to continue with this upgrade.</th>
+ − 498
</tr>
+ − 499
<?php
+ − 500
if(isset($_POST['login']))
+ − 501
{
+ − 502
echo '<tr><td colspan="2"><p style="color: red;">Login failed. Bad password?</p></td></tr>';
+ − 503
}
+ − 504
?>
+ − 505
<tr>
+ − 506
<td>Username:</td><td><input type="text" name="username" size="30" /></td>
+ − 507
</tr>
+ − 508
<tr>
+ − 509
<td>Password:</td><td><input type="password" name="password" size="30" /></td>
+ − 510
</tr>
+ − 511
<tr>
+ − 512
<td colspan="2" style="text-align: center;"><input type="submit" name="login" value="Log in" />
+ − 513
</tr>
+ − 514
</table>
+ − 515
</form>
+ − 516
<?php
+ − 517
}
+ − 518
break;
+ − 519
case "welcome":
+ − 520
if(!$session->sid_super) { $template->header(); echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; }
+ − 521
+ − 522
// Just show a simple welcome page to display version information
+ − 523
$template->header();
+ − 524
require('config.php');
+ − 525
+ − 526
?>
+ − 527
+ − 528
<div style="text-align: center; margin-top: 10px;">
+ − 529
<img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-blue.png" style="display: block; margin: 0 auto; padding-left: 134px;" />
+ − 530
<h2>Welcome to the Enano upgrade wizard</h2>
+ − 531
<?php
+ − 532
if ( file_exists('./_nightly.php') )
+ − 533
{
+ − 534
echo '<div class="warning-box" style="text-align: left; margin: 10px auto; display: table; width: 60%;"><b>You are about to upgrade to a NIGHTLY BUILD of Enano.</b><br />Nightly builds CANNOT be re-upgraded to the final release. They may also contain serious flaws, security problems, or extraneous debugging information. Continuing this process on a production site is NOT recommended.</div>';
+ − 535
}
+ − 536
?>
+ − 537
</div>
+ − 538
<div style="display: table; margin: 0 auto;">
+ − 539
<p>You are about to upgrade Enano to version <b><?php echo $this_version; ?></b>. Before you continue, please ensure that:</p>
+ − 540
<ul>
+ − 541
<li>You have completely backed up your database (<b><?php echo "$dbhost:$dbname"; ?></b>)</li>
+ − 542
<li>You have backed up the entire Enano directory (<b><?php echo ENANO_ROOT; ?></b>)</li>
+ − 543
<li>You have reviewed the release notes for this version, and you<br />are comfortable with any known bugs or issues</li>
91
+ − 544
<li>If you've configured Enano to work using a MySQL user with restricted<br />privileges, you need to enable ALTER, CREATE TABLE, and CREATE INDEX privileges<br />for this upgrade to work.</li>
0
+ − 545
</ul>
+ − 546
</div>
+ − 547
<div style="text-align: center; margin-top: 10px;">
+ − 548
<form action="upgrade.php?mode=setversion&auth=<?php echo $session->sid_super; ?>" method="post">
+ − 549
<input type="submit" value="Continue with upgrade" />
+ − 550
</form>
+ − 551
</div>
+ − 552
+ − 553
<?php
+ − 554
+ − 555
break;
+ − 556
case "setversion":
+ − 557
if(!$session->sid_super) { $template->header(); echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; }
+ − 558
$v = ( function_exists('enano_version') ) ? enano_version() : '';
+ − 559
if(!in_array($v, $valid_versions) && $v != '')
+ − 560
{
+ − 561
$template->header();
+ − 562
?>
+ − 563
<p>Your version of Enano (<?php echo $v; ?>) can't be upgraded to this version (<?php echo $this_version; ?>).</p>
+ − 564
<?php
+ − 565
break;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 566
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 567
else if($v == '')
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 568
{
0
+ − 569
// OK, we don't know which version he's running. So we'll cheat ;-)
+ − 570
$template->header();
+ − 571
echo "<form action='upgrade.php?mode=confirm&auth={$session->sid_super}' method='post'>";
+ − 572
?>
+ − 573
<p>Sorry, we couldn't detect which version of Enano you're running on your server. Please select which version of Enano you have below, and make absolutely sure that you're correct.</p>
+ − 574
<p><select name="version"><?php
+ − 575
foreach($valid_versions as $c)
+ − 576
{
+ − 577
echo "<option value='{$c}'>{$c}</option>";
+ − 578
}
+ − 579
?></select></p>
+ − 580
<p>
+ − 581
<input type="submit" value="Continue" />
+ − 582
</p>
+ − 583
<?php
+ − 584
echo `</form>`;
+ − 585
break;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 586
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 587
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 588
{
0
+ − 589
header('Location: upgrade.php?mode=confirm&auth='.$session->sid_super);
+ − 590
}
+ − 591
break;
+ − 592
case "confirm":
+ − 593
$enano_version = ( isset($_POST['version']) ) ? $_POST['version'] : enano_version();
+ − 594
+ − 595
$template->header();
+ − 596
if(!$session->sid_super) { echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; }
+ − 597
?>
+ − 598
<form action="upgrade.php?mode=upgrade&auth=<?php echo $session->sid_super; ?>" method="post">
+ − 599
<table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4">
+ − 600
<tr>
+ − 601
<td colspan="2"><p><b>Are you sure you want to perform this upgrade?</b></p><p>You can still cancel the upgrade process now. If<br />the upgrade fails, you will need to roll back<br />any actions made using manual SQL queries.</p><p><b>Please clear your browser cache or<br />shift-reload after the upgrade.</b><br />If you fail to do so, some page elements may<br />be broken.</td>
+ − 602
</tr>
+ − 603
<tr>
+ − 604
<td colspan="2" style="text-align: center;">
+ − 605
<input type="hidden" name="enano_version" value="<?php echo $enano_version; ?>" />
+ − 606
<input type="submit" name="doit" value="Upgrade Enano!" />
+ − 607
</td>
+ − 608
</tr>
+ − 609
</table>
+ − 610
</form>
+ − 611
<?php
+ − 612
break;
+ − 613
case "upgrade":
+ − 614
$template->header();
+ − 615
if(!$session->sid_super) { echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; }
+ − 616
if(!isset($_POST['enano_version'])) { echo '<p>Can\'t find the version information on the POST query, are you trying to do this upgrade directly? Please <a href="upgrade.php">restart the upgrade</a>.</p>'; break; }
+ − 617
$enano_version = $_POST['enano_version'];
+ − 618
echo '<p>Preparing for schema execution...';
+ − 619
// Build an array of queries
+ − 620
$schema = file_get_contents('upgrade.sql');
+ − 621
+ − 622
// Strip out and process version blocks
148
+ − 623
preg_match_all('#---BEGIN ([0-9A-z\.\-]*?)---'."\n".'((.*?)'."\n)?".'---END \\1---#is', $schema, $matches);
0
+ − 624
+ − 625
$from_list =& $matches[1];
148
+ − 626
$query_list =& $matches[3];
0
+ − 627
+ − 628
foreach($matches[0] as $m)
+ − 629
{
+ − 630
$schema = str_replace($m, '', $schema);
+ − 631
}
+ − 632
$schema = explode("\n", $schema);
+ − 633
foreach($schema as $k => $q)
+ − 634
{
+ − 635
if(substr($q, 0, 2) == '--' || $q == '')
+ − 636
{
+ − 637
unset($schema[$k]);
+ − 638
//die('<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>');
+ − 639
}
+ − 640
else
+ − 641
{
+ − 642
$schema[$k] = upg_assign_vars($schema[$k]);
+ − 643
}
+ − 644
}
+ − 645
+ − 646
foreach($query_list as $k => $q)
+ − 647
{
+ − 648
$query_list[$k] = explode("\n", $query_list[$k]);
+ − 649
foreach($query_list[$k] as $i => $s)
+ − 650
{
+ − 651
$tq =& $query_list[$k][$i];
+ − 652
if(substr($s, 0, 2) == '--' || $s == '')
+ − 653
{
+ − 654
unset($query_list[$k][$i]);
+ − 655
//die('<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>');
+ − 656
}
+ − 657
else
+ − 658
{
+ − 659
$query_list[$k][$i] = upg_assign_vars($query_list[$k][$i]);
+ − 660
}
+ − 661
}
+ − 662
$query_list[$k] = array_values($query_list[$k]);
+ − 663
}
+ − 664
+ − 665
$assoc_list = Array();
+ − 666
+ − 667
foreach($from_list as $i => $v)
+ − 668
{
+ − 669
$assoc_list[$v] = $query_list[$i];
+ − 670
}
+ − 671
+ − 672
$schema = array_values($schema);
+ − 673
+ − 674
$deps_resolved = false;
+ − 675
$installing_versions = Array($enano_version);
+ − 676
+ − 677
while(true)
+ − 678
{
+ − 679
$v = array_keys($deps_list);
+ − 680
foreach($v as $i => $ver)
+ − 681
{
+ − 682
if(in_array($ver, $installing_versions))
+ − 683
{
+ − 684
// $ver is on the list of versions to be installed. Add its dependencies to the list of versions to install.
+ − 685
foreach($deps_list[$ver] as $dep)
+ − 686
{
+ − 687
if(!in_array($dep, $installing_versions))
+ − 688
{
+ − 689
$installing_versions[] = $dep;
+ − 690
}
+ − 691
}
+ − 692
}
+ − 693
if($i == count($deps_list) - 1)
+ − 694
{
+ − 695
break 2;
+ − 696
}
+ − 697
}
+ − 698
}
+ − 699
+ − 700
foreach($installing_versions as $this_ver)
+ − 701
{
+ − 702
$schema = array_merge($schema, $assoc_list[$this_ver]);
+ − 703
}
+ − 704
+ − 705
// Time for some proper SQL syntax!
+ − 706
// Also check queries for so-called injection attempts to make
+ − 707
// sure that it doesn't fail during the upgrade process and
+ − 708
// leave the user with a half-upgraded database
+ − 709
foreach($schema as $s => $q)
+ − 710
{
+ − 711
if(substr($q, strlen($q)-1, 1) != ';')
+ − 712
{
+ − 713
$schema[$s] .= ';';
+ − 714
}
+ − 715
if ( !$db->check_query($schema[$s]) )
+ − 716
{
+ − 717
// Uh-oh, the check failed, bail out
+ − 718
// The DBAL runs sanity checks on all queries for safety,
+ − 719
// so if the check fails in mid-upgrade we are in deep
+ − 720
// dodo doo-doo.
+ − 721
echo 'Query failed sanity check, this should never happen and is a bug.</p><p>Query was:</p><pre>'.$schema[$s].'</pre>';
+ − 722
break 2;
+ − 723
}
+ − 724
}
+ − 725
+ − 726
$schema = array_values($schema);
+ − 727
+ − 728
// Used extensively for debugging
+ − 729
// echo '<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>';
+ − 730
// break;
+ − 731
+ − 732
echo 'done!<br />Executing upgrade schema...';
+ − 733
+ − 734
// OK, do the loop, baby!!!
+ − 735
foreach($schema as $q)
+ − 736
{
218
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 737
if ( substr($q, 0, 1) == '@' )
0
+ − 738
{
218
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 739
// if the first character is @, don't fail on error
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 740
$db->sql_query(substr($q, 1));
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 741
}
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 742
else
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 743
{
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 744
if ( !$db->sql_query($q) )
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 745
{
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 746
echo $db->get_error();
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 747
break 2;
e0ec986c0af3
Searching sucks, and Enano's search algorithm was complete bullcrap. So I rewrote it. No, it does not use Google search technology. Like they have a patent for using the Arial font on search result pages anyway.
Dan
diff
changeset
+ − 748
}
0
+ − 749
}
+ − 750
}
+ − 751
+ − 752
// Call any custom functions
+ − 753
foreach ( $installing_versions as $ver )
+ − 754
{
+ − 755
if ( isset($func_list[$ver]) )
+ − 756
{
+ − 757
foreach($func_list[$ver] as $function)
+ − 758
{
+ − 759
@call_user_func($function);
+ − 760
}
+ − 761
}
+ − 762
}
+ − 763
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 764
// Log the upgrade
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 765
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'upgrade_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($session->username) . '\', \'' . mysql_real_escape_string($this_version) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');');
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 766
0
+ − 767
echo 'done!</p>';
+ − 768
echo '<p>You will be redirected shortly. If you aren\'t redirected, <a href="index.php">click here</a>.</p>
+ − 769
<script type="text/javascript">setTimeout("window.location=\'index.php\'", 2000)</script>';
+ − 770
break;
+ − 771
}
+ − 772
$template->footer();
+ − 773
+ − 774
?>