Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
authorDan
Sat, 17 Nov 2007 23:09:12 -0500 (2007-11-18)
changeset 215 58477ab3937f
parent 214 43add2be1371
child 216 06db76725891
Hopefully managed to put enough hacks in there to make renaming the config file the last step, so if it fails, it can be done manually
includes/dbal.php
includes/sessions.php
install.php
--- a/includes/dbal.php	Sat Nov 17 22:56:26 2007 -0500
+++ b/includes/dbal.php	Sat Nov 17 23:09:12 2007 -0500
@@ -121,13 +121,25 @@
     return $internal_text;
   }
   
-  function connect() {
+  function connect()
+  {
     $this->enable_errorhandler();
+    
     dc_here('dbal: trying to connect....');
-    @include(ENANO_ROOT.'/config.php');
-    if(isset($crypto_key))
+    
+    if ( defined('IN_ENANO_INSTALL') )
+    {
+      @include(ENANO_ROOT.'/config.new.php');
+    }
+    else
+    {
+      @include(ENANO_ROOT.'/config.php');
+    }
+      
+    if ( isset($crypto_key) )
       unset($crypto_key); // Get this sucker out of memory fast
-    if(!defined('ENANO_INSTALLED') && !defined('MIDGET_INSTALLED') && !defined('IN_ENANO_INSTALL') )
+    
+    if ( !defined('ENANO_INSTALLED') && !defined('MIDGET_INSTALLED') && !defined('IN_ENANO_INSTALL') )
     {
       dc_here('dbal: oops, looks like Enano isn\'t set up. Constants ENANO_INSTALLED, MIDGET_INSTALLED, and IN_ENANO_INSTALL are all undefined.');
       header('Location: install.php'); 
@@ -136,46 +148,74 @@
     $this->_conn = @mysql_connect($dbhost, $dbuser, $dbpasswd);
     unset($dbuser);
     unset($dbpasswd); // Security
-    if(!$this->_conn) { dc_here('dbal: uhoh!<br />'.mysql_error()); grinding_halt('Enano is having a problem', '<p>Error: couldn\'t connect to MySQL.<br />'.mysql_error().'</p>'); }
+    
+    if ( !$this->_conn )
+    {
+      dc_here('dbal: uhoh!<br />'.mysql_error());
+      grinding_halt('Enano is having a problem', '<p>Error: couldn\'t connect to MySQL.<br />'.mysql_error().'</p>');
+    }
+    
+    // Reset some variables
     $this->query_backtrace = '';
     $this->num_queries = 0;
+    
     dc_here('dbal: we\'re in, selecting database...');
     $q = $this->sql_query('USE `'.$dbname.'`;');
-    if(!$q) $this->_die('The database could not be selected.');
+    
+    if ( !$q )
+      $this->_die('The database could not be selected.');
+    
+    // We're in!
     dc_here('dbal: connected to MySQL');
+    
     $this->disable_errorhandler();
+    return true;
   }
   
-  function sql_query($q) {
+  function sql_query($q)
+  {
     $this->enable_errorhandler();
     $this->num_queries++;
-    $this->query_backtrace .= $q."\n";
+    $this->query_backtrace .= $q . "\n";
     $this->latest_query = $q;
     dc_here('dbal: making SQL query:<br /><tt>'.$q.'</tt>');
-    if(!$this->_conn) $this->_die('A database connection has not yet been established.');
-    if(!$this->check_query($q))
+    // First make sure we have a connection
+    if ( !$this->_conn )
+    {
+      $this->_die('A database connection has not yet been established.');
+    }
+    // Does this query look malicious?
+    if ( !$this->check_query($q) )
     {
       $this->report_query($q);
       grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p><p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>');
     }
+    
     $r = mysql_query($q, $this->_conn);
     $this->latest_result = $r;
     $this->disable_errorhandler();
     return $r;
   }
   
-  function sql_unbuffered_query($q) {
+  function sql_unbuffered_query($q)
+  {
     $this->enable_errorhandler();
     $this->num_queries++;
     $this->query_backtrace .= '(UNBUFFERED) ' . $q."\n";
     $this->latest_query = $q;
     dc_here('dbal: making SQL query:<br /><tt>'.$q.'</tt>');
-    if(!$this->_conn) $this->_die('A database connection has not yet been established.');
-    if(!$this->check_query($q))
+    // First make sure we have a connection
+    if ( !$this->_conn )
+    {
+      $this->_die('A database connection has not yet been established.');
+    }
+    // Does this query look malicious?
+    if ( !$this->check_query($q) )
     {
       $this->report_query($q);
       grinding_halt('SQL Injection attempt', '<p>Enano has caught and prevented an SQL injection attempt. Your IP address has been recorded and the administrator has been notified.</p><p>Query was:</p><pre>'.htmlspecialchars($q).'</pre>');
     }
+    
     $r = mysql_unbuffered_query($q, $this->_conn);
     $this->latest_result = $r;
     $this->disable_errorhandler();
--- a/includes/sessions.php	Sat Nov 17 22:56:26 2007 -0500
+++ b/includes/sessions.php	Sat Nov 17 23:09:12 2007 -0500
@@ -260,7 +260,16 @@
   function __construct()
   {
     global $db, $session, $paths, $template, $plugins; // Common objects
-    include(ENANO_ROOT.'/config.php');
+    
+    if ( defined('IN_ENANO_INSTALL') )
+    {
+      @include(ENANO_ROOT.'/config.new.php');
+    }
+    else
+    {
+      @include(ENANO_ROOT.'/config.php');
+    }
+    
     unset($dbhost, $dbname, $dbuser, $dbpasswd);
     if(isset($crypto_key))
     {
--- a/install.php	Sat Nov 17 22:56:26 2007 -0500
+++ b/install.php	Sat Nov 17 23:09:12 2007 -0500
@@ -1557,7 +1557,6 @@
       run_installer_stage('parse', 'Prepare to execute schema file', 'stg_parse_schema', 'Enano encountered an internal error while parsing the SQL file that contains the database structure and initial data. Please contact the Enano team for support.', false);
       run_installer_stage('sql', 'Execute installer schema', 'stg_install', 'The installation failed because an SQL query wasn\'t quite correct. It is possible that you entered malformed data into a form field, or there may be a bug in Enano with your version of MySQL. Please contact the Enano team for support.', false);
       run_installer_stage('writeconfig', 'Write configuration files', 'stg_write_config', 'Enano was unable to write the configuration file with your site\'s database credentials. This is almost always because your configuration file does not have the correct permissions. On Windows servers, you may see this message even if the check on the System Requirements page passed. Temporarily running IIS as the Administrator user may help.');
-      run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. On some UNIX systems, you need to CHMOD the directory with your Enano files to 777 in order for this stage to succeed.');
       
       // Mainstream installation complete - Enano should be usable now
       // The stage of starting the API is special because it has to be called out of function context.
@@ -1591,6 +1590,10 @@
                            While under most circumstances you can still <a href="install.php?mode=finish">finish the installation</a>, you should be aware that some servers cannot
                            properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose
                            to finish the installation, please be aware that you may be unable to log into your site.');
+
+      // Final step is to rename the config file      
+      run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. Please perform the following rename operations and then <a href="install.php?mode=finish">finish the installation</a>.<ul><li>Rename config.new.php to config.php</li><li>Rename .htaccess.new to .htaccess (only if you selected Tiny URLs)</li></ul>');
+      
       close_install_table();
       
       unset($template);