author | Dan |
Tue, 26 Jun 2007 21:57:43 -0400 | |
changeset 25 | 08d027882993 |
parent 21 | 663fcf528726 |
child 31 | dc8741857bde |
permissions | -rwxr-xr-x |
0 | 1 |
<?php |
2 |
||
3 |
/* |
|
4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
5 |
* Version 1.0 (Banshee) |
0 | 6 |
* upgrade.php - upgrade script |
7 |
* Copyright (C) 2006-2007 Dan Fuhry |
|
8 |
* |
|
9 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
10 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
11 |
* |
|
12 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
13 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
14 |
*/ |
|
15 |
||
16 |
define('IN_ENANO_INSTALL', 'true'); |
|
17 |
||
18 |
if(!defined('scriptPath')) { |
|
19 |
$sp = dirname($_SERVER['REQUEST_URI']); |
|
20 |
if($sp == '/' || $sp == '\\') $sp = ''; |
|
21 |
define('scriptPath', $sp); |
|
22 |
} |
|
23 |
||
24 |
if(!defined('contentPath')) { |
|
25 |
$sp = dirname($_SERVER['REQUEST_URI']); |
|
26 |
if($sp == '/' || $sp == '\\') $sp = ''; |
|
27 |
define('contentPath', $sp); |
|
28 |
} |
|
29 |
||
30 |
global $_starttime, $this_page, $sideinfo; |
|
31 |
$_starttime = microtime(true); |
|
32 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
33 |
// Determine directory (special case for development servers) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
34 |
if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') ) |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
35 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
36 |
$filename = str_replace('/repo/', '/', __FILE__); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
37 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
38 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
39 |
{ |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
40 |
$filename = __FILE__; |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
41 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
42 |
|
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
43 |
define('ENANO_ROOT', dirname($filename)); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
44 |
|
0 | 45 |
require(ENANO_ROOT.'/includes/constants.php'); |
46 |
||
47 |
if(defined('ENANO_DEBUG')) |
|
48 |
{ |
|
49 |
require_once(ENANO_ROOT.'/includes/debugger/debugConsole.php'); |
|
50 |
} |
|
51 |
else |
|
52 |
{ |
|
53 |
function dc_here($m) { return false; } |
|
54 |
function dc_dump($a, $g) { return false; } |
|
55 |
function dc_watch($n) { return false; } |
|
56 |
function dc_start_timer($u) { return false; } |
|
57 |
function dc_stop_timer($m) { return false; } |
|
58 |
} |
|
59 |
||
60 |
// SCRIPT CONFIGURATION |
|
61 |
// Everything related to versions goes here! |
|
62 |
||
63 |
// Valid versions to upgrade from |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
64 |
$valid_versions = Array('1.0b1', '1.0b2', '1.0b3', '1.0b4', '1.0RC1', '1.0RC2', '1.0RC3'); |
0 | 65 |
|
66 |
// Basically a list of dependencies, which should be resolved automatically |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
67 |
// If, for example, upgrading from 1.0b1 to 1.0RC1 requires one extra query that would not |
0 | 68 |
// normally be required (for whatever reason) then you would add a custom version number to the array under key '1.0b1'. |
69 |
$deps_list = Array( |
|
70 |
'1.0b1' => Array('1.0b2'), |
|
71 |
'1.0b2' => Array('1.0b3'), |
|
72 |
'1.0b3' => Array('1.0b4'), |
|
73 |
'1.0b4' => Array('1.0RC1'), |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
74 |
'1.0RC1' => Array('1.0RC2'), |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
75 |
'1.0RC2' => Array('1.0RC3') |
0 | 76 |
); |
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
77 |
$this_version = '1.0'; |
0 | 78 |
$func_list = Array( |
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
0
diff
changeset
|
79 |
'1.0b4' => Array('u_1_0_RC1_update_user_ids', 'u_1_0_RC1_add_admins_to_group', 'u_1_0_RC1_alter_files_table', 'u_1_0_RC1_destroy_session_cookie', 'u_1_0_RC1_set_contact_email', 'u_1_0_RC1_update_page_text') // , |
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
0
diff
changeset
|
80 |
// '1.0RC2' => Array('u_1_0_populate_userpage_comments') |
0 | 81 |
); |
82 |
||
83 |
if(!isset($_GET['mode'])) |
|
84 |
{ |
|
85 |
$_GET['mode'] = 'login'; |
|
86 |
} |
|
87 |
||
88 |
function err($t) |
|
89 |
{ |
|
90 |
global $template; |
|
91 |
echo $t; |
|
92 |
$template->footer(); |
|
93 |
exit; |
|
94 |
} |
|
95 |
||
96 |
require(ENANO_ROOT.'/includes/template.php'); |
|
97 |
||
98 |
// Initialize the session manager |
|
99 |
require(ENANO_ROOT.'/includes/functions.php'); |
|
100 |
require(ENANO_ROOT.'/includes/dbal.php'); |
|
101 |
require(ENANO_ROOT.'/includes/paths.php'); |
|
102 |
require(ENANO_ROOT.'/includes/sessions.php'); |
|
103 |
require(ENANO_ROOT.'/includes/plugins.php'); |
|
104 |
require(ENANO_ROOT.'/includes/rijndael.php'); |
|
105 |
require(ENANO_ROOT.'/includes/render.php'); |
|
106 |
$db = new mysql(); |
|
107 |
$db->connect(); |
|
108 |
||
109 |
$plugins = new pluginLoader(); |
|
110 |
||
111 |
if(!defined('ENANO_CONFIG_FETCHED')) |
|
112 |
{ |
|
113 |
// Select and fetch the site configuration |
|
114 |
$e = $db->sql_query('SELECT config_name, config_value FROM '.table_prefix.'config;'); |
|
115 |
if ( !$e ) |
|
116 |
{ |
|
117 |
$db->_die('Some critical configuration information could not be selected.'); |
|
118 |
} |
|
119 |
else |
|
120 |
{ |
|
121 |
define('ENANO_CONFIG_FETCHED', ''); // Used in die_semicritical to figure out whether to call getConfig() or not |
|
122 |
} |
|
123 |
||
124 |
$enano_config = Array(); |
|
125 |
while($r = $db->fetchrow()) |
|
126 |
{ |
|
127 |
$enano_config[$r['config_name']] = $r['config_value']; |
|
128 |
} |
|
129 |
$db->free_result(); |
|
130 |
} |
|
131 |
||
132 |
$v = enano_version(); |
|
133 |
if(in_array($v, Array(false, '', '1.0b3', '1.0b4'))) |
|
134 |
{ |
|
135 |
$ul_admin = 2; |
|
136 |
$ul_mod = 1; |
|
137 |
$ul_member = 0; |
|
138 |
$ul_guest = -1; |
|
139 |
} |
|
140 |
else |
|
141 |
{ |
|
142 |
$ul_admin = USER_LEVEL_ADMIN; |
|
143 |
$ul_mod = USER_LEVEL_MOD; |
|
144 |
$ul_member = USER_LEVEL_MEMBER; |
|
145 |
$ul_guest = USER_LEVEL_GUEST; |
|
146 |
} |
|
147 |
||
148 |
$_GET['title'] = 'unset'; |
|
149 |
||
150 |
$session = new sessionManager(); |
|
151 |
$paths = new pathManager(); |
|
152 |
$session->start(); |
|
153 |
||
154 |
$template = new template_nodb(); |
|
155 |
$template->load_theme('oxygen', 'bleu', false); |
|
156 |
||
157 |
$modestrings = Array( |
|
158 |
'login' => 'Administrative login', |
|
159 |
'welcome' => 'Welcome', |
|
160 |
'setversion' => 'Select Enano version', |
|
161 |
'confirm' => 'Confirm upgrade', |
|
162 |
'upgrade' => 'Database installation', |
|
163 |
'finish' => 'Upgrade complete' |
|
164 |
); |
|
165 |
||
166 |
$sideinfo = ''; |
|
167 |
$vars = $template->extract_vars('elements.tpl'); |
|
168 |
$p = $template->makeParserText($vars['sidebar_button']); |
|
169 |
foreach ( $modestrings as $id => $str ) |
|
170 |
{ |
|
171 |
if ( $_GET['mode'] == $id ) |
|
172 |
{ |
|
173 |
$flags = 'style="font-weight: bold; text-decoration: underline;"'; |
|
174 |
$this_page = $str; |
|
175 |
} |
|
176 |
else |
|
177 |
{ |
|
178 |
$flags = ''; |
|
179 |
} |
|
180 |
$p->assign_vars(Array( |
|
181 |
'HREF' => '#', |
|
182 |
'FLAGS' => $flags . ' onclick="return false;"', |
|
183 |
'TEXT' => $str |
|
184 |
)); |
|
185 |
$sideinfo .= $p->run(); |
|
186 |
} |
|
187 |
||
188 |
$template->init_vars(); |
|
189 |
||
190 |
function upg_assign_vars($schema) |
|
191 |
{ |
|
192 |
$schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string(getConfig('site_name')), $schema); |
|
193 |
$schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string(getConfig('site_desc')), $schema); |
|
194 |
$schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string(getConfig('copyright_notice')), $schema); |
|
195 |
$schema = str_replace('{{TABLE_PREFIX}}', table_prefix, $schema); |
|
196 |
if(getConfig('wiki_mode')=='1') $schema = str_replace('{{WIKI_MODE}}', '1', $schema); |
|
197 |
else $schema = str_replace('{{WIKI_MODE}}', '0', $schema); |
|
198 |
return $schema; |
|
199 |
} |
|
200 |
||
201 |
/* Version-specific functions */ |
|
202 |
||
203 |
function u_1_0_RC1_update_user_ids() |
|
204 |
{ |
|
205 |
global $db; |
|
206 |
// First, make sure this hasn't already been done |
|
207 |
$q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE user_id=1;'); |
|
208 |
if ( !$q ) |
|
209 |
$db->_die(); |
|
210 |
$row = $db->fetchrow(); |
|
211 |
if ( $row['username'] == 'Anonymous' ) |
|
212 |
return true; |
|
213 |
// Find the first unused user ID |
|
214 |
$used = Array(); |
|
215 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users'); |
|
216 |
if ( !$q ) |
|
217 |
$db->_die(); |
|
218 |
$c = false; |
|
219 |
while ( $row = $db->fetchrow() ) |
|
220 |
{ |
|
221 |
$i = intval($row['user_id']); |
|
222 |
$used[$i] = true; |
|
223 |
if ( !isset($used[$i - 1]) && $c ) |
|
224 |
{ |
|
225 |
$id = $i - 1; |
|
226 |
break; |
|
227 |
} |
|
228 |
$c = true; |
|
229 |
} |
|
230 |
if ( !isset($id) ) |
|
231 |
$id = $i + 1; |
|
232 |
$db->free_result(); |
|
233 |
||
234 |
$q = $db->sql_query('UPDATE '.table_prefix.'users SET user_id=' . $id . ' WHERE user_id=1;'); |
|
235 |
if(!$q) |
|
236 |
$db->_die(); |
|
237 |
$q = $db->sql_query('UPDATE '.table_prefix.'users SET user_id=1 WHERE user_id=-1 AND username=\'Anonymous\';'); |
|
238 |
if(!$q) |
|
239 |
$db->_die(); |
|
240 |
||
241 |
} |
|
242 |
||
243 |
function u_1_0_RC1_add_admins_to_group() |
|
244 |
{ |
|
245 |
global $db; |
|
246 |
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE user_level=' . USER_LEVEL_ADMIN . ';'); |
|
247 |
if ( !$q ) |
|
248 |
$db->_die(); |
|
249 |
$base = 'INSERT INTO '.table_prefix.'group_members(group_id,user_id) VALUES'; |
|
250 |
$blocks = Array(); |
|
251 |
while ( $row = $db->fetchrow($q) ) |
|
252 |
{ |
|
253 |
$blocks[] = '(2,' . $row['user_id'] . ')'; |
|
254 |
} |
|
255 |
$blocks = implode(',', $blocks); |
|
256 |
$sql = $base . $blocks . ';'; |
|
257 |
if(!$db->sql_query($sql)) |
|
258 |
$db->_die(); |
|
259 |
} |
|
260 |
||
261 |
function u_1_0_RC1_alter_files_table() |
|
262 |
{ |
|
263 |
global $db; |
|
264 |
if(!is_dir(ENANO_ROOT.'/files')) |
|
265 |
@mkdir(ENANO_ROOT . '/files'); |
|
266 |
if(!is_dir(ENANO_ROOT.'/files')) |
|
267 |
die('ERROR: Couldn\'t create files directory'); |
|
268 |
$q = $db->sql_unbuffered_query('SELECT * FROM '.table_prefix.'files;', $db->_conn); |
|
269 |
if(!$q) $db->_die(); |
|
270 |
while ( $row = $db->fetchrow() ) |
|
271 |
{ |
|
272 |
$file_data = base64_decode($row['data']); |
|
273 |
$path = ENANO_ROOT . '/files/' . md5( $row['filename'] . '_' . $file_data ) . '_' . $row['time_id'] . $row['file_extension']; |
|
274 |
@unlink($path); |
|
275 |
$handle = @fopen($path, 'w'); |
|
276 |
if(!$handle) |
|
277 |
die('fopen failed'); |
|
278 |
fwrite($handle, $file_data); |
|
279 |
fclose($handle); |
|
280 |
||
281 |
} |
|
282 |
||
283 |
$q = $db->sql_query('ALTER TABLE '.table_prefix.'files DROP PRIMARY KEY, ADD COLUMN file_id int(12) NOT NULL auto_increment FIRST, ADD PRIMARY KEY (file_id), ADD COLUMN file_key varchar(32) NOT NULL;'); |
|
284 |
if(!$q) $db->_die(); |
|
285 |
||
286 |
$list = Array(); |
|
287 |
$q = $db->sql_unbuffered_query('SELECT * FROM '.table_prefix.'files;', $db->_conn); |
|
288 |
if(!$q) $db->_die(); |
|
289 |
while ( $row = $db->fetchrow($q) ) |
|
290 |
{ |
|
291 |
$file_data = base64_decode($row['data']); |
|
292 |
$key = md5( $row['filename'] . '_' . $file_data ); |
|
293 |
$list[] = 'UPDATE '.table_prefix.'files SET file_key=\'' . $key . '\' WHERE file_id=' . $row['file_id'] . ';'; |
|
294 |
} |
|
295 |
||
296 |
foreach ( $list as $sql ) |
|
297 |
{ |
|
298 |
if(!$db->sql_query($sql)) $db->_die(); |
|
299 |
} |
|
300 |
||
301 |
if(!$db->sql_query('ALTER TABLE '.table_prefix.'files DROP data')) $db->_die(); |
|
302 |
||
303 |
} |
|
304 |
||
305 |
function u_1_0_RC1_destroy_session_cookie() |
|
306 |
{ |
|
307 |
unset($_COOKIE['sid']); |
|
308 |
setcookie('sid', '', time()-3600*24, scriptPath); |
|
309 |
setcookie('sid', '', time()-3600*24, scriptPath.'/'); |
|
310 |
} |
|
311 |
||
312 |
function u_1_0_RC1_set_contact_email() |
|
313 |
{ |
|
314 |
global $db; |
|
315 |
$q = $db->sql_query('SELECT email FROM '.table_prefix.'users WHERE user_level='.USER_LEVEL_ADMIN.' ORDER BY user_level ASC LIMIT 1;'); |
|
316 |
if(!$q) |
|
317 |
$db->_die(); |
|
318 |
$row = $db->fetchrow(); |
|
319 |
setConfig('contact_email', $row['email']); |
|
320 |
} |
|
321 |
||
322 |
function u_1_0_RC1_update_page_text() |
|
323 |
{ |
|
324 |
global $db; |
|
325 |
$q = $db->sql_unbuffered_query('SELECT page_id,namespace,page_text,char_tag FROM '.table_prefix.'page_text'); |
|
326 |
if (!$q) |
|
327 |
$db->_die(); |
|
328 |
||
329 |
$qs = array(); |
|
330 |
||
331 |
while ( $row = $db->fetchrow($q) ) |
|
332 |
{ |
|
333 |
$row['page_text'] = str_replace(Array( |
|
334 |
"{QUOT:{$row['char_tag']}}", |
|
335 |
"{APOS:{$row['char_tag']}}", |
|
336 |
"{SLASH:{$row['char_tag']}}" |
|
337 |
), Array( |
|
338 |
'"', "'", '\\' |
|
339 |
), $row['page_text']); |
|
340 |
$qs[] = 'UPDATE '.table_prefix.'page_text SET page_text=\'' . mysql_real_escape_string($row['page_text']) . '\' |
|
341 |
WHERE page_id=\'' . mysql_real_escape_string($row['page_id']) . '\' AND |
|
342 |
namespace=\'' . mysql_real_escape_string($row['namespace']) . '\';'; |
|
343 |
} |
|
344 |
||
345 |
foreach($qs as $query) |
|
346 |
{ |
|
347 |
if(!$db->sql_query($query)) |
|
348 |
$db->_die(); |
|
349 |
} |
|
350 |
} |
|
351 |
||
352 |
function u_1_0_populate_userpage_comments() |
|
353 |
{ |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
354 |
// |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
355 |
// UNFINISHED... |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
356 |
// |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
357 |
|
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
0
diff
changeset
|
358 |
/* |
0 | 359 |
global $db; |
360 |
$q = $db->sql_query('SELECT COUNT(c.comment_id) AS num_comments...'); |
|
361 |
if ( !$q ) |
|
362 |
$db->_die(); |
|
363 |
||
364 |
while ( $row = $db->fetchrow() ) |
|
365 |
{ |
|
366 |
||
367 |
} |
|
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
0
diff
changeset
|
368 |
*/ |
0 | 369 |
} |
370 |
||
371 |
switch($_GET['mode']) |
|
372 |
{ |
|
373 |
case "login": |
|
374 |
if($session->user_logged_in && $session->user_level >= $ul_admin) |
|
375 |
{ |
|
376 |
if(isset($_POST['login'])) |
|
377 |
{ |
|
378 |
$session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_admin); |
|
379 |
if($session->sid_super) |
|
380 |
{ |
|
381 |
header('Location: upgrade.php?mode=welcome&auth='.$session->sid_super); |
|
382 |
exit; |
|
383 |
} |
|
384 |
} |
|
385 |
$template->header(); |
|
386 |
?> |
|
387 |
<form action="upgrade.php?mode=login" method="post"> |
|
388 |
<table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4"> |
|
389 |
<tr> |
|
390 |
<th colspan="2">You must re-authenticate to perform this upgrade.</th> |
|
391 |
</tr> |
|
392 |
<?php |
|
393 |
if(isset($_POST['login'])) |
|
394 |
{ |
|
395 |
echo '<tr><td colspan="2"><p style="color: red;">Login failed. Bad password?</p></td></tr>'; |
|
396 |
} |
|
397 |
?> |
|
398 |
<tr> |
|
399 |
<td>Username:</td><td><input type="text" name="username" size="30" /></td> |
|
400 |
</tr> |
|
401 |
<tr> |
|
402 |
<td>Password:</td><td><input type="password" name="password" size="30" /></td> |
|
403 |
</tr> |
|
404 |
<tr> |
|
405 |
<td colspan="2" style="text-align: center;"><input type="submit" name="login" value="Log in" /> |
|
406 |
</tr> |
|
407 |
</table> |
|
408 |
</form> |
|
409 |
<?php |
|
410 |
} |
|
411 |
else |
|
412 |
{ |
|
413 |
if(isset($_POST['login'])) |
|
414 |
{ |
|
415 |
$result = $session->login_without_crypto($_POST['username'], $_POST['password'], false, $ul_member); |
|
416 |
if($result == 'success') |
|
417 |
{ |
|
418 |
header('Location: upgrade.php'); |
|
419 |
exit; |
|
420 |
} |
|
421 |
} |
|
422 |
$template->header(); |
|
423 |
?> |
|
424 |
<form action="upgrade.php?mode=login" method="post"> |
|
425 |
<table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4"> |
|
426 |
<tr> |
|
427 |
<th colspan="2">Please log in to continue with this upgrade.</th> |
|
428 |
</tr> |
|
429 |
<?php |
|
430 |
if(isset($_POST['login'])) |
|
431 |
{ |
|
432 |
echo '<tr><td colspan="2"><p style="color: red;">Login failed. Bad password?</p></td></tr>'; |
|
433 |
} |
|
434 |
?> |
|
435 |
<tr> |
|
436 |
<td>Username:</td><td><input type="text" name="username" size="30" /></td> |
|
437 |
</tr> |
|
438 |
<tr> |
|
439 |
<td>Password:</td><td><input type="password" name="password" size="30" /></td> |
|
440 |
</tr> |
|
441 |
<tr> |
|
442 |
<td colspan="2" style="text-align: center;"><input type="submit" name="login" value="Log in" /> |
|
443 |
</tr> |
|
444 |
</table> |
|
445 |
</form> |
|
446 |
<?php |
|
447 |
} |
|
448 |
break; |
|
449 |
case "welcome": |
|
450 |
if(!$session->sid_super) { $template->header(); echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; } |
|
451 |
||
452 |
// Just show a simple welcome page to display version information |
|
453 |
$template->header(); |
|
454 |
require('config.php'); |
|
455 |
||
456 |
?> |
|
457 |
||
458 |
<div style="text-align: center; margin-top: 10px;"> |
|
459 |
<img alt="[ Enano CMS Project logo ]" src="images/enano-artwork/installer-greeting-blue.png" style="display: block; margin: 0 auto; padding-left: 134px;" /> |
|
460 |
<h2>Welcome to the Enano upgrade wizard</h2> |
|
461 |
<?php |
|
462 |
if ( file_exists('./_nightly.php') ) |
|
463 |
{ |
|
464 |
echo '<div class="warning-box" style="text-align: left; margin: 10px auto; display: table; width: 60%;"><b>You are about to upgrade to a NIGHTLY BUILD of Enano.</b><br />Nightly builds CANNOT be re-upgraded to the final release. They may also contain serious flaws, security problems, or extraneous debugging information. Continuing this process on a production site is NOT recommended.</div>'; |
|
465 |
} |
|
466 |
?> |
|
467 |
</div> |
|
468 |
<div style="display: table; margin: 0 auto;"> |
|
469 |
<p>You are about to upgrade Enano to version <b><?php echo $this_version; ?></b>. Before you continue, please ensure that:</p> |
|
470 |
<ul> |
|
471 |
<li>You have completely backed up your database (<b><?php echo "$dbhost:$dbname"; ?></b>)</li> |
|
472 |
<li>You have backed up the entire Enano directory (<b><?php echo ENANO_ROOT; ?></b>)</li> |
|
473 |
<li>You have reviewed the release notes for this version, and you<br />are comfortable with any known bugs or issues</li> |
|
474 |
</ul> |
|
475 |
</div> |
|
476 |
<div style="text-align: center; margin-top: 10px;"> |
|
477 |
<form action="upgrade.php?mode=setversion&auth=<?php echo $session->sid_super; ?>" method="post"> |
|
478 |
<input type="submit" value="Continue with upgrade" /> |
|
479 |
</form> |
|
480 |
</div> |
|
481 |
||
482 |
<?php |
|
483 |
||
484 |
break; |
|
485 |
case "setversion": |
|
486 |
if(!$session->sid_super) { $template->header(); echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; } |
|
487 |
$v = ( function_exists('enano_version') ) ? enano_version() : ''; |
|
488 |
if(!in_array($v, $valid_versions) && $v != '') |
|
489 |
{ |
|
490 |
$template->header(); |
|
491 |
?> |
|
492 |
<p>Your version of Enano (<?php echo $v; ?>) can't be upgraded to this version (<?php echo $this_version; ?>).</p> |
|
493 |
<?php |
|
494 |
break; |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
495 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
496 |
else if($v == '') |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
497 |
{ |
0 | 498 |
// OK, we don't know which version he's running. So we'll cheat ;-) |
499 |
$template->header(); |
|
500 |
echo "<form action='upgrade.php?mode=confirm&auth={$session->sid_super}' method='post'>"; |
|
501 |
?> |
|
502 |
<p>Sorry, we couldn't detect which version of Enano you're running on your server. Please select which version of Enano you have below, and make absolutely sure that you're correct.</p> |
|
503 |
<p><select name="version"><?php |
|
504 |
foreach($valid_versions as $c) |
|
505 |
{ |
|
506 |
echo "<option value='{$c}'>{$c}</option>"; |
|
507 |
} |
|
508 |
?></select></p> |
|
509 |
<p> |
|
510 |
<input type="submit" value="Continue" /> |
|
511 |
</p> |
|
512 |
<?php |
|
513 |
echo `</form>`; |
|
514 |
break; |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
515 |
} |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
516 |
else |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
517 |
{ |
0 | 518 |
header('Location: upgrade.php?mode=confirm&auth='.$session->sid_super); |
519 |
} |
|
520 |
break; |
|
521 |
case "confirm": |
|
522 |
$enano_version = ( isset($_POST['version']) ) ? $_POST['version'] : enano_version(); |
|
523 |
||
524 |
$template->header(); |
|
525 |
if(!$session->sid_super) { echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; } |
|
526 |
?> |
|
527 |
<form action="upgrade.php?mode=upgrade&auth=<?php echo $session->sid_super; ?>" method="post"> |
|
528 |
<table border="0" style="margin-left: auto; margin-right: auto; margin-top: 5px;" cellspacing="1" cellpadding="4"> |
|
529 |
<tr> |
|
530 |
<td colspan="2"><p><b>Are you sure you want to perform this upgrade?</b></p><p>You can still cancel the upgrade process now. If<br />the upgrade fails, you will need to roll back<br />any actions made using manual SQL queries.</p><p><b>Please clear your browser cache or<br />shift-reload after the upgrade.</b><br />If you fail to do so, some page elements may<br />be broken.</td> |
|
531 |
</tr> |
|
532 |
<tr> |
|
533 |
<td colspan="2" style="text-align: center;"> |
|
534 |
<input type="hidden" name="enano_version" value="<?php echo $enano_version; ?>" /> |
|
535 |
<input type="submit" name="doit" value="Upgrade Enano!" /> |
|
536 |
</td> |
|
537 |
</tr> |
|
538 |
</table> |
|
539 |
</form> |
|
540 |
<?php |
|
541 |
break; |
|
542 |
case "upgrade": |
|
543 |
$template->header(); |
|
544 |
if(!$session->sid_super) { echo '<p>No admin session found! Please <a href="upgrade.php">restart the upgrade</a>.</p>'; $template->footer(); exit; } |
|
545 |
if(!isset($_POST['enano_version'])) { echo '<p>Can\'t find the version information on the POST query, are you trying to do this upgrade directly? Please <a href="upgrade.php">restart the upgrade</a>.</p>'; break; } |
|
546 |
$enano_version = $_POST['enano_version']; |
|
547 |
echo '<p>Preparing for schema execution...'; |
|
548 |
// Build an array of queries |
|
549 |
$schema = file_get_contents('upgrade.sql'); |
|
550 |
||
551 |
// Strip out and process version blocks |
|
552 |
preg_match_all('#---BEGIN ([0-9A-z\.\-]*?)---'."\n".'(.*?)'."\n".'---END \\1---#is', $schema, $matches); |
|
553 |
||
554 |
$from_list =& $matches[1]; |
|
555 |
$query_list =& $matches[2]; |
|
556 |
||
557 |
foreach($matches[0] as $m) |
|
558 |
{ |
|
559 |
$schema = str_replace($m, '', $schema); |
|
560 |
} |
|
561 |
$schema = explode("\n", $schema); |
|
562 |
foreach($schema as $k => $q) |
|
563 |
{ |
|
564 |
if(substr($q, 0, 2) == '--' || $q == '') |
|
565 |
{ |
|
566 |
unset($schema[$k]); |
|
567 |
//die('<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>'); |
|
568 |
} |
|
569 |
else |
|
570 |
{ |
|
571 |
$schema[$k] = upg_assign_vars($schema[$k]); |
|
572 |
} |
|
573 |
} |
|
574 |
||
575 |
foreach($query_list as $k => $q) |
|
576 |
{ |
|
577 |
$query_list[$k] = explode("\n", $query_list[$k]); |
|
578 |
foreach($query_list[$k] as $i => $s) |
|
579 |
{ |
|
580 |
$tq =& $query_list[$k][$i]; |
|
581 |
if(substr($s, 0, 2) == '--' || $s == '') |
|
582 |
{ |
|
583 |
unset($query_list[$k][$i]); |
|
584 |
//die('<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>'); |
|
585 |
} |
|
586 |
else |
|
587 |
{ |
|
588 |
$query_list[$k][$i] = upg_assign_vars($query_list[$k][$i]); |
|
589 |
} |
|
590 |
} |
|
591 |
$query_list[$k] = array_values($query_list[$k]); |
|
592 |
} |
|
593 |
||
594 |
$assoc_list = Array(); |
|
595 |
||
596 |
foreach($from_list as $i => $v) |
|
597 |
{ |
|
598 |
$assoc_list[$v] = $query_list[$i]; |
|
599 |
} |
|
600 |
||
601 |
$schema = array_values($schema); |
|
602 |
||
603 |
$deps_resolved = false; |
|
604 |
$installing_versions = Array($enano_version); |
|
605 |
||
606 |
while(true) |
|
607 |
{ |
|
608 |
$v = array_keys($deps_list); |
|
609 |
foreach($v as $i => $ver) |
|
610 |
{ |
|
611 |
if(in_array($ver, $installing_versions)) |
|
612 |
{ |
|
613 |
// $ver is on the list of versions to be installed. Add its dependencies to the list of versions to install. |
|
614 |
foreach($deps_list[$ver] as $dep) |
|
615 |
{ |
|
616 |
if(!in_array($dep, $installing_versions)) |
|
617 |
{ |
|
618 |
$installing_versions[] = $dep; |
|
619 |
} |
|
620 |
} |
|
621 |
} |
|
622 |
if($i == count($deps_list) - 1) |
|
623 |
{ |
|
624 |
break 2; |
|
625 |
} |
|
626 |
} |
|
627 |
} |
|
628 |
||
629 |
foreach($installing_versions as $this_ver) |
|
630 |
{ |
|
631 |
$schema = array_merge($schema, $assoc_list[$this_ver]); |
|
632 |
} |
|
633 |
||
634 |
// Time for some proper SQL syntax! |
|
635 |
// Also check queries for so-called injection attempts to make |
|
636 |
// sure that it doesn't fail during the upgrade process and |
|
637 |
// leave the user with a half-upgraded database |
|
638 |
foreach($schema as $s => $q) |
|
639 |
{ |
|
640 |
if(substr($q, strlen($q)-1, 1) != ';') |
|
641 |
{ |
|
642 |
$schema[$s] .= ';'; |
|
643 |
} |
|
644 |
if ( !$db->check_query($schema[$s]) ) |
|
645 |
{ |
|
646 |
// Uh-oh, the check failed, bail out |
|
647 |
// The DBAL runs sanity checks on all queries for safety, |
|
648 |
// so if the check fails in mid-upgrade we are in deep |
|
649 |
// dodo doo-doo. |
|
650 |
echo 'Query failed sanity check, this should never happen and is a bug.</p><p>Query was:</p><pre>'.$schema[$s].'</pre>'; |
|
651 |
break 2; |
|
652 |
} |
|
653 |
} |
|
654 |
||
655 |
$schema = array_values($schema); |
|
656 |
||
657 |
// Used extensively for debugging |
|
658 |
// echo '<pre>'.htmlspecialchars(print_r($schema, true)).'</pre>'; |
|
659 |
// break; |
|
660 |
||
661 |
echo 'done!<br />Executing upgrade schema...'; |
|
662 |
||
663 |
// OK, do the loop, baby!!! |
|
664 |
foreach($schema as $q) |
|
665 |
{ |
|
666 |
$r = $db->sql_query($q); |
|
667 |
if(!$r) |
|
668 |
{ |
|
669 |
echo $db->get_error(); |
|
670 |
break 2; |
|
671 |
} |
|
672 |
} |
|
673 |
||
674 |
// Call any custom functions |
|
675 |
foreach ( $installing_versions as $ver ) |
|
676 |
{ |
|
677 |
if ( isset($func_list[$ver]) ) |
|
678 |
{ |
|
679 |
foreach($func_list[$ver] as $function) |
|
680 |
{ |
|
681 |
@call_user_func($function); |
|
682 |
} |
|
683 |
} |
|
684 |
} |
|
685 |
||
686 |
echo 'done!</p>'; |
|
687 |
echo '<p>You will be redirected shortly. If you aren\'t redirected, <a href="index.php">click here</a>.</p> |
|
688 |
<script type="text/javascript">setTimeout("window.location=\'index.php\'", 2000)</script>'; |
|
689 |
break; |
|
690 |
} |
|
691 |
$template->footer(); |
|
692 |
||
693 |
?> |