# HG changeset patch # User Dan # Date 1195167639 18000 # Node ID 62ee6685ad189646fd70f5680abac4559305e89c # Parent 90b7a52bea45310afe544efe84d1f01175425c9f# Parent acb9d021b860deca3188229eba187b7d932e1d97 Merging in all changes from revision 185 (90b7a52bea45) diff -r 90b7a52bea45 -r 62ee6685ad18 .htaccess diff -r 90b7a52bea45 -r 62ee6685ad18 .htaccess.new diff -r 90b7a52bea45 -r 62ee6685ad18 README --- a/README Sat Oct 20 21:59:27 2007 -0400 +++ b/README Thu Nov 15 18:00:39 2007 -0500 @@ -1,25 +1,80 @@ Enano CMS -Version 1.0.1 +Version 1.0.2 ----------------------------- Thanks for downloading Enano! If you're looking for an installation guide, -you can find it at . +you can find it at . COPYRIGHT ----------------------------- +Enano CMS +Copyright (C) 2006-2007 Dan Fuhry. All rights except those explicitly granted +by the included license agreement reserved. + +PHILOSOPHY +----------------------------- + We strongly believe in the idea of Free Software. Enano is released under the GNU General Public License; see the file GPL included with this release for details. +LICENSING +----------------------------- + +This program is Free Software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free Software +Foundation; either version 2 of the License, or (at your option) any later +version. + +This program is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A +PARTICULAR PURPOSE. See the GNU General Public License for details. + +You should have received a copy of the GNU General Public License along with +this program; if not, write to: + + Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor + Boston, MA 02110-1301, USA + +----------------------------- + Most of the PHP code in Enano was written by Dan Fuhry. Some parts were borrowed from other projects that are also released under Free licenses; see the various files under the licenses/ directory included with this release for details. +If you are planning to make a commercial fork of Enano, all of the software and +libraries included with Enano are available under licenses that allow you to do +so; however, in compliance with the GPL, you must: + +a) provide attribution to the Enano team in source code files and on the + (renamed) Special:About_Enano page, +b) remove all instances of the word Enano and the Enano logo from your + derivative work, with the exception of the following phrase, which must + be shown on the (renamed) Special:About_Enano page: + + "The software used on this website was based on Enano CMS. Copyright + (C) 2006-2007 Enano Foundation." + + The words "Enano CMS" must link to the page . You may + (at your option) also include a notice of non-endorsement by the Enano + Foundation, unless you're lucky enough to become an official fork + maintainer. + +c) Provide the complete source code for your modified version of Enano under + the terms of the GNU General Public License, and +d) Include the complete and unmodified licenses/ directory, which contains + licensing information for third-party libraries that Enano uses. + +As permitted by the GPL, you may charge for the service of downloading Enano +from your server; however, you may not prevent others from distributing Enano +or any modified version. + CHANGES IN THIS RELEASE ----------------------------- -Please see for a list of changes in +Please see for a list of changes in this release. UPGRADING FROM PREVIOUS RELEASES @@ -44,15 +99,22 @@ You can find more themes for Enano at . Again, we're still working on packaging up themes and creating pages for them, -so try to be patient. We have quite a few themes in the works. +so try to be patient. We have quite a few themes in the works. You can create +your own themes too; for more information, see Chapter V of the Enano +Administrator's handbook, at . GETTING SUPPORT ----------------------------- +Before contacting support, have a look at the Enano Documentation at +. Most of Enano's features are documented with +step-by-step guides at this site; if you encounter a problem, then please +contact the Enano team as instructed below. + Support for Enano is available via the Enano forums at . You can also use our IRC channel -(irc.freenode.net #enano) or purchase paid support via instant messaging for -US$20 an hour. +(irc.freenode.net #enano) or purchase paid one-on-one support via instant +messaging for US$20 an hour. Have fun with Enano! diff -r 90b7a52bea45 -r 62ee6685ad18 ajax.php diff -r 90b7a52bea45 -r 62ee6685ad18 config.new.php diff -r 90b7a52bea45 -r 62ee6685ad18 config.php diff -r 90b7a52bea45 -r 62ee6685ad18 includes/clientside/sbedit.js --- a/includes/clientside/sbedit.js Sat Oct 20 21:59:27 2007 -0400 +++ b/includes/clientside/sbedit.js Thu Nov 15 18:00:39 2007 -0500 @@ -164,7 +164,7 @@ var id = input.sbedit_id; var parent = input.parentNode; parent.removeChild(input); - parent.appendChild(document.createTextNode(newname)); + parent.appendChild(document.createTextNode(( newname == '' ? '' : newname ))); parent.ondblclick = function() { ajaxRenameSidebarStage1(this, this._idcache); return false; }; var img = document.createElement('img'); img.src = scriptPath + '/images/loading.gif'; diff -r 90b7a52bea45 -r 62ee6685ad18 includes/clientside/static/enano-lib-basic.js --- a/includes/clientside/static/enano-lib-basic.js Sat Oct 20 21:59:27 2007 -0400 +++ b/includes/clientside/static/enano-lib-basic.js Thu Nov 15 18:00:39 2007 -0500 @@ -112,6 +112,7 @@ var startwidth = false; var startheight = false; var do_width = false; +var ajax_load_icon = scriptPath + '/images/loading.gif'; // You have an NSIS coder in your midst... var MB_OK = 1; diff -r 90b7a52bea45 -r 62ee6685ad18 includes/clientside/static/misc.js --- a/includes/clientside/static/misc.js Sat Oct 20 21:59:27 2007 -0400 +++ b/includes/clientside/static/misc.js Thu Nov 15 18:00:39 2007 -0500 @@ -196,7 +196,7 @@ { if ( document.getElementById('ajaxloadicon') ) { - document.getElementById('ajaxloadicon').src=scriptPath + '/images/loading.gif'; + document.getElementById('ajaxloadicon').src=ajax_load_icon; } } diff -r 90b7a52bea45 -r 62ee6685ad18 includes/dbal.php --- a/includes/dbal.php Sat Oct 20 21:59:27 2007 -0400 +++ b/includes/dbal.php Thu Nov 15 18:00:39 2007 -0500 @@ -2,7 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.1 + * Version 1.0.2 (Coblynau) * Copyright (C) 2006-2007 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License @@ -140,7 +140,7 @@ $this->query_backtrace = ''; $this->num_queries = 0; dc_here('dbal: we\'re in, selecting database...'); - $q = $this->sql_query('USE '.$dbname.';'); + $q = $this->sql_query('USE `'.$dbname.'`;'); if(!$q) $this->_die('The database could not be selected.'); dc_here('dbal: connected to MySQL'); $this->disable_errorhandler(); diff -r 90b7a52bea45 -r 62ee6685ad18 includes/functions.php --- a/includes/functions.php Sat Oct 20 21:59:27 2007 -0400 +++ b/includes/functions.php Thu Nov 15 18:00:39 2007 -0500 @@ -3011,7 +3011,7 @@ * @return int */ -function password_score($password, &$debug = false) +function password_score($password, &$debug) { if ( !is_string($password) ) { @@ -3182,6 +3182,169 @@ $cron_tasks[$hour_interval][] = $func; } +/** + * Scales an image to the specified width and height, and writes the output to the specified + * file. Will use ImageMagick if present, but if not will attempt to scale with GD. This will + * always scale images proportionally. + * @param string Path to image file + * @param string Path to output file + * @param int Image width, in pixels + * @param int Image height, in pixels + * @param bool If true, the output file will be deleted if it exists before it is written + * @return bool True on success, false on failure + */ + +function scale_image($in_file, $out_file, $width = 225, $height = 225, $unlink = false) +{ + global $db, $session, $paths, $template, $plugins; // Common objects + + if ( !is_int($width) || !is_int($height) ) + return false; + + if ( !file_exists($in_file) ) + return false; + + if ( preg_match('/["\'\/\\]/', $in_file) || preg_match('/["\'\/\\]/', $out_file) ) + die('SECURITY: scale_image(): infile or outfile path is screwy'); + + if ( file_exists($out_file) && !$unlink ) + return false; + else if ( file_exists($out_file) && $unlink ) + @unlink($out_file); + if ( file_exists($out_file) ) + // couldn't unlink (delete) the output file + return false; + + $file_ext = substr($in_file, ( strrpos($in_file, '.') + 1)); + switch($file_ext) + { + case 'png': + $func = 'imagecreatefrompng'; + break; + case 'jpg': + case 'jpeg': + $func = 'imagecreatefromjpeg'; + break; + case 'gif': + $func = 'imagecreatefromgif'; + break; + case 'xpm': + $func = 'imagecreatefromxpm'; + break; + default: + return false; + } + + $magick_path = getConfig('imagemagick_path'); + $can_use_magick = ( + getConfig('enable_imagemagick') == '1' && + file_exists($magick_path) && + is_executable($magick_path) + ); + $can_use_gd = ( + function_exists('getimagesize') && + function_exists('imagecreatetruecolor') && + function_exists('imagecopyresampled') && + function_exists($func) + ); + if ( $can_use_magick ) + { + if ( !preg_match('/^([\/A-z0-9_-]+)$/', $magick_path) ) + { + die('SECURITY: ImageMagick path is screwy'); + } + $cmdline = "$magick_path \"$in_file\" -resize \"{$width}x{$height}>\" \"$out_file\""; + system($cmdline, $return); + if ( !file_exists($out_file) ) + return false; + return true; + } + else if ( $can_use_gd ) + { + @list($width_orig, $height_orig) = @getimagesize($in_file); + if ( !$width_orig || !$height_orig ) + return false; + // calculate new width and height + + $ratio = $width_orig / $height_orig; + if ( $ratio > 1 ) + { + // orig. width is greater that height + $new_width = $width; + $new_height = round( $width / $ratio ); + } + else if ( $ratio < 1 ) + { + // orig. height is greater than width + $new_width = round( $height / $ratio ); + $new_height = $height; + } + else if ( $ratio == 1 ) + { + $new_width = $width; + $new_height = $width; + } + if ( $new_width > $width_orig || $new_height > $height_orig ) + { + // Too big for our britches here; set it to only convert the file + $new_width = $width_orig; + $new_height = $height_orig; + } + + $newimage = @imagecreatetruecolor($new_width, $new_height); + if ( !$newimage ) + return false; + $oldimage = @$func($in_file); + if ( !$oldimage ) + return false; + + // Perform scaling + imagecopyresampled($newimage, $oldimage, 0, 0, 0, 0, $new_width, $new_height, $width_orig, $height_orig); + + // Get output format + $out_ext = substr($out_file, ( strrpos($out_file, '.') + 1)); + switch($out_ext) + { + case 'png': + $outfunc = 'imagepng'; + break; + case 'jpg': + case 'jpeg': + $outfunc = 'imagejpeg'; + break; + case 'gif': + $outfunc = 'imagegif'; + break; + case 'xpm': + $outfunc = 'imagexpm'; + break; + default: + imagedestroy($newimage); + imagedestroy($oldimage); + return false; + } + + // Write output + $outfunc($newimage, $out_file); + + // clean up + imagedestroy($newimage); + imagedestroy($oldimage); + + // done! + return true; + } + // Neither scaling method worked; we'll let plugins try to scale it, and then if the file still doesn't exist, die + $code = $plugins->setHook('scale_image_failure'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + if ( file_exists($out_file) ) + return true; + return false; +} + //die('
Original:  01010101010100101010100101010101011010'."\nProcessed: ".uncompress_bitfield(compress_bitfield('01010101010100101010100101010101011010')).'
'); ?> diff -r 90b7a52bea45 -r 62ee6685ad18 includes/pageutils.php --- a/includes/pageutils.php Sat Oct 20 21:59:27 2007 -0400 +++ b/includes/pageutils.php Thu Nov 15 18:00:39 2007 -0500 @@ -822,7 +822,7 @@ return 'The page "' . $name . '" has been undeleted according to the log created at ' . $rb['date_string'] . '.'; break; case "reupload": - if ( !$session->get_permissions('history_rollbacks_extra') ) + if ( !$session->get_permissions('history_rollback_extra') ) { return 'Administrative privileges are required for file rollbacks.'; } diff -r 90b7a52bea45 -r 62ee6685ad18 includes/paths.php --- a/includes/paths.php Sat Oct 20 21:59:27 2007 -0400 +++ b/includes/paths.php Thu Nov 15 18:00:39 2007 -0500 @@ -2,7 +2,7 @@ /** * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.1 + * Version 1.0.2 (Coblynau) * Copyright (C) 2006-2007 Dan Fuhry * paths.php - The part of Enano that actually manages content. Everything related to page handling and namespaces is in here. * @@ -54,7 +54,7 @@ $session->register_acl_type('mod_comments', AUTH_DISALLOW, 'Moderate comments', Array('edit_comments'), 'Article|User|Project|Template|File|Help|System|Category'); $session->register_acl_type('history_view', AUTH_WIKIMODE, 'View history/diffs', Array('read'), 'Article|User|Project|Template|File|Help|System|Category'); $session->register_acl_type('history_rollback', AUTH_DISALLOW, 'Rollback history', Array('history_view'), 'Article|User|Project|Template|File|Help|System|Category'); - $session->register_acl_type('history_rollback_extra', AUTH_DISALLOW, 'Undelete page(s)', Array('history_rollback'), 'Article|User|Project|Template|File|Help|System|Category'); + $session->register_acl_type('history_rollback_extra', AUTH_DISALLOW, 'Undelete page(s)', Array('history_rollback'), 'Article|User|Project|Template|File|Help|System|Category|Special'); $session->register_acl_type('protect', AUTH_DISALLOW, 'Protect page(s)', Array('read'), 'Article|User|Project|Template|File|Help|System|Category'); $session->register_acl_type('rename', AUTH_WIKIMODE, 'Rename page(s)', Array('read'), 'Article|User|Project|Template|File|Help|System|Category'); $session->register_acl_type('clear_logs', AUTH_DISALLOW, 'Clear page logs (dangerous)', Array('read', 'protect', 'even_when_protected'), 'Article|User|Project|Template|File|Help|System|Category'); diff -r 90b7a52bea45 -r 62ee6685ad18 includes/sessions.php --- a/includes/sessions.php Sat Oct 20 21:59:27 2007 -0400 +++ b/includes/sessions.php Thu Nov 15 18:00:39 2007 -0500 @@ -206,8 +206,8 @@ var $acl_deps = Array(); /** - * Our tell-all list of permissions. - * @access private - or, preferably, protected + * Our tell-all list of permissions. Do not even try to change this. + * @access private * @var array */ @@ -863,7 +863,7 @@ { // Stash it in a cookie // For now, make the cookie last forever, we can change this in 1.1.x - setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/' ); + setcookie( 'sid', $session_key, time()+315360000, scriptPath.'/', null, ( isset($_SERVER['HTTPS']) ) ); $_COOKIE['sid'] = $session_key; } // $keyhash is stored in the database, this is for compatibility with the older DB structure @@ -2596,8 +2596,8 @@ var $acl_deps = Array(); /** - * Our tell-all list of permissions. - * @access private - or, preferably, protected...too bad this has to be PHP4 compatible + * Our tell-all list of permissions. Do not even try to change this. + * @access private * @var array */ diff -r 90b7a52bea45 -r 62ee6685ad18 includes/template.php --- a/includes/template.php Sat Oct 20 21:59:27 2007 -0400 +++ b/includes/template.php Thu Nov 15 18:00:39 2007 -0500 @@ -42,7 +42,7 @@ $this->plugin_blocks = Array(); $this->theme_loaded = false; - $this->fading_button = '
+ $this->fading_button = '
'; @@ -798,7 +798,7 @@ { $login_link = makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . $session->user_level, true); echo '
'; - echo 'Your administrative session has timed out. Log in again'; + echo 'Your administrative session has timed out. Log in again'; echo '
'; } if ( $this->site_disabled && $session->user_level >= USER_LEVEL_ADMIN && ( $paths->page != $paths->nslist['Special'] . 'Administration' ) ) @@ -1413,7 +1413,9 @@ // $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?) ([^\]]+)\\]#', '\\3
', $message); // $message = preg_replace('#\[(http|ftp|irc):\/\/([a-z0-9\/:_\.\?&%\#@_\\\\-]+?)\\]#', '\\1://\\2
', $message); - preg_match_all('/\[((https?|ftp|irc):\/\/([^@\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?) ([^\]]+)\]/is', $message, $ext_link); + preg_match_all('/\[((https?|ftp|irc):\/\/([^@\s\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?) ([^\]]+)\]/is', $message, $ext_link); + + // die('
' . htmlspecialchars( print_r($ext_link, true) ) . '
'); for ( $i = 0; $i < count($ext_link[0]); $i++ ) { @@ -1425,7 +1427,7 @@ $message = str_replace($ext_link[0][$i], $text_parser->run(), $message); } - preg_match_all('/\[((https?|ftp|irc):\/\/([^@\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?)\]/is', $message, $ext_link); + preg_match_all('/\[((https?|ftp|irc):\/\/([^@\s\]"\':]+)?((([a-z0-9-]+\.)*)[a-z0-9-]+)(\/[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]*(\?(([a-z0-9_-]+)(=[A-z0-9_%\|~`\!@#\$\^&\*\(\):;\.,\/-\[\]]+)?((&([a-z0-9_-]+)(=[A-z0-9_%\|~`!\!@#\$\^&\*\(\):;\.,\/-]+)?)*))?)?)?)\]/is', $message, $ext_link); for ( $i = 0; $i < count($ext_link[0]); $i++ ) { @@ -1673,7 +1675,8 @@ $admintitle = ( $session->user_level >= USER_LEVEL_ADMIN ) ? 'title="You may disable this button in the admin panel under General Configuration."' : ''; if(getConfig('sflogo_enabled')=='1') { - $ob[] = 'SourceForge.net Logo'; + $sflogo_secure = ( isset($_SERVER['HTTPS']) ) ? 'https' : 'http'; + $ob[] = 'SourceForge.net Logo'; } if(getConfig('w3c_v32') =='1') $ob[] = 'Valid HTML 3.2'; if(getConfig('w3c_v40') =='1') $ob[] = 'Valid HTML 4.0'; diff -r 90b7a52bea45 -r 62ee6685ad18 index.php --- a/index.php Sat Oct 20 21:59:27 2007 -0400 +++ b/index.php Thu Nov 15 18:00:39 2007 -0500 @@ -11,8 +11,11 @@ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. * + * @package Enano + * @subpackage Frontend + * */ - + // Set up gzip encoding before any output is sent $aggressive_optimize_html = true; diff -r 90b7a52bea45 -r 62ee6685ad18 install.php --- a/install.php Sat Oct 20 21:59:27 2007 -0400 +++ b/install.php Thu Nov 15 18:00:39 2007 -0500 @@ -1,1214 +1,1822 @@ -The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.

If you wish to upgrade an older Enano installation to this version, please use the upgrade script.

'); - exit; -} - -define('IN_ENANO_INSTALL', 'true'); - -define('ENANO_VERSION', '1.1.1'); -// In beta versions, define ENANO_BETA_VERSION here - -if(!defined('scriptPath')) { - $sp = dirname($_SERVER['REQUEST_URI']); - if($sp == '/' || $sp == '\\') $sp = ''; - define('scriptPath', $sp); -} - -if(!defined('contentPath')) { - $sp = dirname($_SERVER['REQUEST_URI']); - if($sp == '/' || $sp == '\\') $sp = ''; - define('contentPath', $sp); -} -global $_starttime, $this_page, $sideinfo; -$_starttime = microtime(true); - -// Determine directory (special case for development servers) -if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') ) -{ - $filename = str_replace('/repo/', '/', __FILE__); -} -else -{ - $filename = __FILE__; -} - -define('ENANO_ROOT', dirname($filename)); - -function is_page($p) -{ - return true; -} - -require('includes/wikiformat.php'); -require('includes/constants.php'); -require('includes/rijndael.php'); -require('includes/functions.php'); - -strip_magic_quotes_gpc(); - -//die('Key size: ' . AES_BITS . '
Block size: ' . AES_BLOCKSIZE); - -if(!function_exists('wikiFormat')) -{ - function wikiFormat($message, $filter_links = true) - { - $wiki = & Text_Wiki::singleton('Mediawiki'); - $wiki->setRenderConf('Xhtml', 'code', 'css_filename', 'codefilename'); - $wiki->setRenderConf('Xhtml', 'wikilink', 'view_url', contentPath); - $result = $wiki->transform($message, 'Xhtml'); - - // HTML fixes - $result = preg_replace('#([\s]*?)<\/tr>#is', '', $result); - $result = preg_replace('#

([\s]*?)<\/p>#is', '', $result); - $result = preg_replace('#
([\s]*?)$descTest passed"; - } elseif(!$val && $warn) { - if($cv) $color='FFFFCC'; else $color='FFFFAA'; - echo "$desc
$extended_descTest passed with warning"; - $warned = true; - } else { - if($cv) $color='FFCCCC'; else $color='FFAAAA'; - echo "$desc
$extended_descTest failed"; - $failed = true; - } -} -function is_apache() { $r = strstr($_SERVER['SERVER_SOFTWARE'], 'Apache') ? true : false; return $r; } - -require_once('includes/template.php'); - -if(!isset($_GET['mode'])) $_GET['mode'] = 'welcome'; -switch($_GET['mode']) -{ - case 'mysql_test': - error_reporting(0); - $dbhost = rawurldecode($_POST['host']); - $dbname = rawurldecode($_POST['name']); - $dbuser = rawurldecode($_POST['user']); - $dbpass = rawurldecode($_POST['pass']); - $dbrootuser = rawurldecode($_POST['root_user']); - $dbrootpass = rawurldecode($_POST['root_pass']); - if($dbrootuser != '') - { - $conn = mysql_connect($dbhost, $dbrootuser, $dbrootpass); - if(!$conn) - { - $e = mysql_error(); - if(strstr($e, "Lost connection")) - die('host'.$e); - else - die('root'.$e); - } - $rsp = 'good'; - $q = mysql_query('USE '.$dbname, $conn); - if(!$q) - { - $e = mysql_error(); - if(strstr($e, 'Unknown database')) - { - $rsp .= '_creating_db'; - } - } - mysql_close($conn); - $conn = mysql_connect($dbhost, $dbuser, $dbpass); - if(!$conn) - { - $e = mysql_error(); - if(strstr($e, "Lost connection")) - die('host'.$e); - else - $rsp .= '_creating_user'; - } - mysql_close($conn); - die($rsp); - } - else - { - $conn = mysql_connect($dbhost, $dbuser, $dbpass); - if(!$conn) - { - $e = mysql_error(); - if(strstr($e, "Lost connection")) - die('host'.$e); - else - die('auth'.$e); - } - $q = mysql_query('USE '.$dbname, $conn); - if(!$q) - { - $e = mysql_error(); - if(strstr($e, 'Unknown database')) - { - die('name'.$e); - } - else - { - die('perm'.$e); - } - } - } - $v = mysql_get_server_info(); - if(version_compare($v, '4.1.17', '<')) die('vers'.$v); - mysql_close($conn); - die('good'); - break; - case 'pophelp': - $topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid'; - switch($topic) - { - case 'admin_embed_php': - $title = 'Allow administrators to embed PHP'; - $content = '

This option allows you to control whether anything between the standard <?php and ?> tags will be treated as - PHP code by Enano. If this option is enabled, and members of the Administrators group use these tags, Enano will - execute that code when the page is loaded. There are obvious potential security implications here, which should - be carefully considered before enabling this option.

-

If you are the only administrator of this site, or if you have a high level of trust for those will be administering - the site with you, you should enable this to allow extreme customization of pages.

-

Leave this option off if you are at all concerned about security – if your account is compromised and PHP embedding - is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to - embed Javascript and arbitrary HTML and CSS.

-

If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time - using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection.

'; - break; - default: - $title = 'Invalid topic'; - $content = 'Invalid help topic.'; - break; - } - echo << - - - Enano installation quick help • {$title} - - - - -

{$title}

- {$content} -

- Close window -

- - -EOF; - exit; - break; - default: - break; -} - -$template = new template_nodb(); -$template->load_theme('stpatty', 'shamrock', false); - -$modestrings = Array( - 'welcome' => 'Welcome', - 'license' => 'License Agreement', - 'sysreqs' => 'Server requirements', - 'database'=> 'Database information', - 'website' => 'Website configuration', - 'login' => 'Administration login', - 'confirm' => 'Confirm installation', - 'install' => 'Database installation', - 'finish' => 'Installation complete' - ); - -$sideinfo = ''; -$vars = $template->extract_vars('elements.tpl'); -$p = $template->makeParserText($vars['sidebar_button']); -foreach ( $modestrings as $id => $str ) -{ - if ( $_GET['mode'] == $id ) - { - $flags = 'style="font-weight: bold; text-decoration: underline;"'; - $this_page = $str; - } - else - { - $flags = ''; - } - $p->assign_vars(Array( - 'HREF' => '#', - 'FLAGS' => $flags . ' onclick="return false;"', - 'TEXT' => $str - )); - $sideinfo .= $p->run(); -} - -$template->init_vars(); - -if(isset($_GET['mode']) && $_GET['mode'] == 'css') -{ - header('Content-type: text/css'); - echo $template->get_css(); - exit; -} - -$template->header(); -if(!isset($_GET['mode'])) $_GET['mode'] = 'license'; -switch($_GET['mode']) -{ - default: - case 'welcome': - ?> -
- [ Enano CMS Project logo ] -

Welcome to Enano

-

version 1.1.1 – unstable

- You are about to install a NIGHTLY BUILD of Enano.
Nightly builds are NOT upgradeable and may contain serious flaws, security problems, or extraneous debugging information. Installing this version of Enano on a production site is NOT recommended.
'; - } - ?> -
- -
-
- -

Welcome to the Enano installer.

-

Thank you for choosing Enano as your CMS. You've selected the finest in design, the strongest in security, and the latest in Web 2.0 toys. Trust us, you'll like it.

-

To get started, please read and accept the following license agreement. You've probably seen it before.

-
-

GNU General Public License

-

Declaration of license usage

-

Enano is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

-

This program is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See the GNU General Public License (below) for more details.

-

By clicking the button below or otherwise continuing the installation, you indicate your acceptance of this license agreement.

-

Human-readable version

-

Enano is distributed under certain licensing terms that we believe make it of the greatest possible use to the public. The license we distribute it under, the GNU General Public License, provides certain terms and conditions that, rather than limit your use of Enano, allow you to get the most out of it. If you would like to read the full text, it can be found below. Here is a human-readable version that we think is a little easier to understand.

-
    -
  • You may to run Enano for any purpose.
  • -
  • You may study how Enano works and adapt it to your needs.
  • -
  • You may redistribute copies so you can help your neighbor.
  • -
  • You may improve Enano and release your improvements to the public, so that the whole community benefits.
  • -
-

You may exercise the freedoms specified here provided that you comply with the express conditions of this license. The principal conditions are:

-
    -
  • You must conspicuously and appropriately publish on each copy distributed an appropriate copyright notice and disclaimer of warranty and keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of Enano a copy of the GNU General Public License along with Enano. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.
  • -
  • If you modify your copy or copies of Enano or any portion of it, or develop a program based upon it, you may distribute the resulting work provided you do so under the GNU General Public License. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.
  • -
  • If you copy or distribute Enano, you must accompany it with the complete corresponding machine-readable source code or with a written offer, valid for at least three years, to furnish the complete corresponding machine-readable source code.
  • -
-

Disclaimer: The above text is not a license. It is simply a handy reference for understanding the Legal Code (the full license) – it is a human-readable expression of some of its key terms. Think of it as the user-friendly interface to the Legal Code beneath. The above text itself has no legal value, and its contents do not appear in the actual license.
Text copied from the Creative Commons GPL Deed page

- -

Notice for prerelease versions

-

This version of Enano is designed only for testing and evaluation purposes. It is not yet completely stable, and should not be used on production websites. As with any Enano version, Dan Fuhry and the Enano team cannot be responsible for any damage, physical or otherwise, to any property as a result of the use of Enano. While security is a number one priority, sometimes things slip through.

- -

Lawyer-readable version

- -
- - -

Checking your server

-

Enano has several requirements that must be met before it can be installed. If all is good then note any warnings and click Continue below.

- - =4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.'); - run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.'); - run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".'); - run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true); - //run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true); - run_test('return is_writable(ENANO_ROOT.\'/config.php\');', 'Configuration file writable', 'It looks like the configuration file, config.php, is not writable. Enano needs to be able to write to this file in order to install.

If you are installing Enano on a SourceForge web site:
SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.'); - run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the <img> tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.

If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true); - run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true); - run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true); - echo '
'; - if(!$failed) - { - ?> - - - '; - run_test('return false;', 'Your server does not meet the requirements for Enano to run.', 'As a precaution, Enano will not install until the above requirements have been met. Contact your server administrator or hosting company and convince them to upgrade. Good luck.'); - echo '
'; - } - } - ?> - - -

Now we need some information that will allow Enano to contact your database server. Enano uses MySQL as a data storage backend, - and we need to have access to a MySQL server in order to continue.

-

If you do not have access to a MySQL server, and you are using your own server, you can download MySQL for free from - MySQL.com. Please note that, like Enano, MySQL is licensed under the GNU GPL. - If you need to modify MySQL and then distribute your modifications, you must either distribute them under the terms of the GPL - or purchase a proprietary license.

- MySQL login information for this virtual appliance:

Database hostname: localhost
Database login: username "enano", password: "clurichaun" (without quotes)
Database name: enano_www1

'; - } - ?> -
- - - - - - - - - - - - - -

Database information

Database hostname
This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost".
Good/bad icon
Database name
The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password of a MySQL user with administrative rights.
Good/bad icon
Database login
These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace" privileges for your database.
Good/bad icon

Optional information

Table prefix
The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), numbers (0-9), and underscores (_).
Good/bad icon
Database administrative login
If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the login information for an administrative user (such as root). Leave these fields blank unless you need to use them.
Good/bad icon
MySQL versionMySQL version information will be checked when you click "Test Connection".Good/bad icon
Delete existing tables?
If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do NOT use this option unless specifically instructed to.
- -
- restart the installation.'; - $template->footer(); - exit; - } - unset($_POST['_cont']); - ?> - -
- '."\n"; - } - ?> -

The next step is to enter some information about your website. You can always change this information later, using the administration panel.

- - - - - - -
Website name
The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano".
Good/bad icon
Website description
This text will be shown below the name of your website.
Good/bad icon
Copyright info
This should be a one-line legal notice that will appear at the bottom of all your pages.
Good/bad icon
Wiki mode
This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can protect pages to prevent editing.
URL scheme
Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you don't know, select the first option, and you can always change it later.
name="urlscheme" value="ugly" id="ugly">
name="urlscheme" value="short" id="short">
- -
- restart the installation.'; - $template->footer(); - exit; - } - unset($_POST['_cont']); - require('config.php'); - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); - if ( isset($crypto_key) ) - { - $cryptkey = $crypto_key; - } - if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) ) - { - $cryptkey = $aes->gen_readymade_key(); - $handle = @fopen(ENANO_ROOT.'/config.php', 'w'); - if(!$handle) - { - echo '

ERROR: Cannot open config.php for writing - exiting!

'; - $template->footer(); - exit; - } - fwrite($handle, ''); - fclose($handle); - } - ?> - -
- '."\n"; - } - ?> -

Next, enter your desired username and password. The account you create here will be used to administer your site.

- - - - - - - - - - - -
Administration username
The administration username you will use to log into your site.
This cannot be "anonymous" or in the form of an IP address.
Good/bad icon
Administration password:Good/bad icon
Enter it again to confirm:
Your e-mail address:Good/bad icon
- Allow administrators to embed PHP code into pages:
- Do not under any circumstances enable this option without reading these - important security implications. - -
-    - -
If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.
- -
- - - -
- - restart the installation.'; - $template->footer(); - exit; - } - unset($_POST['_cont']); - ?> -
- '."\n"; - } - ?> -

Enano is ready to install.

-

The wizard has finished collecting information and is ready to install the database schema. Please review the information below, - and then click the button below to install the database.

-
    -
  • Database hostname:
  • -
  • Database name:
  • -
  • Database user:
  • -
  • Database password: <hidden>
  • -
  • Site name:
  • -
  • Site description:
  • -
  • Administration username:
  • -
  • Cipher strength: -bit AES
    Cipher strength is defined in the file constants.php; if you desire to change the cipher strength, you may do so and then restart installation. Unless your site is mission-critical, changing the cipher strength is not necessary.
  • -
- -
- restart the installation.'; - $template->footer(); - exit; - } - switch($_POST['urlscheme']) - { - case "ugly": - default: - $cp = scriptPath.'/index.php?title='; - break; - case "short": - $cp = scriptPath.'/index.php/'; - break; - case "tiny": - $cp = scriptPath.'/'; - break; - } - function err($t) { global $template; echo $t; $template->footer(); exit; } - - echo 'Connecting to MySQL...'; - if($_POST['db_root_user'] != '') - { - $conn = mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']); - if(!$conn) err('Error connecting to MySQL: '.mysql_error()); - $q = mysql_query('USE '.$_POST['db_name']); - if(!$q) - { - $q = mysql_query('CREATE DATABASE '.$_POST['db_name']); - if(!$q) err('Error initializing database: '.mysql_error()); - } - $q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'localhost\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;'); - if(!$q) err('Could not create the user account'); - $q = mysql_query('GRANT ALL PRIVILEGES ON '.$_POST['db_name'].'.* TO \''.$_POST['db_user'].'\'@\'%\' IDENTIFIED BY \''.$_POST['db_pass'].'\' WITH GRANT OPTION;'); - if(!$q) err('Could not create the user account'); - mysql_close($conn); - } - $conn = mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); - if(!$conn) err('Error connecting to MySQL: '.mysql_error()); - $q = mysql_query('USE '.$_POST['db_name']); - if(!$q) err('Error selecting database: '.mysql_error()); - echo 'done!
'; - - // Are we supposed to drop any existing tables? If so, do it now - if(isset($_POST['drop_tables'])) - { - echo 'Dropping existing Enano tables...'; - // Our list of tables included in Enano - $tables = Array( 'mdg_categories', 'mdg_comments', 'mdg_config', 'mdg_logs', 'mdg_page_text', 'mdg_session_keys', 'mdg_pages', 'mdg_users', 'mdg_users_extra', 'mdg_themes', 'mdg_buddies', 'mdg_banlist', 'mdg_files', 'mdg_privmsgs', 'mdg_sidebar', 'mdg_hits', 'mdg_search_index', 'mdg_groups', 'mdg_group_members', 'mdg_acl', 'mdg_search_cache', 'mdg_tags', 'mdg_page_groups', 'mdg_page_group_members' ); - $tables = implode(', ', $tables); - $tables = str_replace('mdg_', $_POST['table_prefix'], $tables); - $query_of_death = 'DROP TABLE '.$tables.';'; - mysql_query($query_of_death); // We won't check for errors here because if this operation fails it probably means the tables didn't exist - echo 'done!
'; - } - - $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0'; - - echo 'Decrypting administration password...'; - - $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); - - if ( !empty($_POST['crypt_data']) ) - { - require('config.php'); - if ( !isset($cryptkey) ) - { - echo 'failed!
Cannot get the key from config.php'; - break; - } - $key = hexdecode($cryptkey); - - $dec = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX); - - } - else - { - $dec = $_POST['admin_pass']; - } - echo 'done!
Generating '.AES_BITS.'-bit AES private key...'; - $privkey = $aes->gen_readymade_key(); - $pkba = hexdecode($privkey); - $encpass = $aes->encrypt($dec, $pkba, ENC_HEX); - - echo 'done!
Preparing for schema execution...'; - $schema = file_get_contents('schema.sql'); - $schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string($_POST['sitename'] ), $schema); - $schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string($_POST['sitedesc'] ), $schema); - $schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string($_POST['copyright'] ), $schema); - $schema = str_replace('{{ADMIN_USER}}', mysql_real_escape_string($_POST['admin_user'] ), $schema); - $schema = str_replace('{{ADMIN_PASS}}', mysql_real_escape_string($encpass ), $schema); - $schema = str_replace('{{ADMIN_EMAIL}}', mysql_real_escape_string($_POST['admin_email']), $schema); - $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff ), $schema); - $schema = str_replace('{{REAL_NAME}}', '', $schema); - $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema); - $schema = str_replace('{{VERSION}}', ENANO_VERSION, $schema); - $schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'], $schema); - // Not anymore!! :-D - // $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION, $schema); - - if(isset($_POST['wiki_mode'])) - { - $schema = str_replace('{{WIKI_MODE}}', '1', $schema); - } - else - { - $schema = str_replace('{{WIKI_MODE}}', '0', $schema); - } - - // Build an array of queries - $schema = explode("\n", $schema); - - foreach ( $schema as $i => $sql ) - { - $query =& $schema[$i]; - $t = trim($query); - if ( empty($t) || preg_match('/^(\#|--)/i', $t) ) - { - unset($schema[$i]); - unset($query); - } - } - - $schema = array_values($schema); - $schema = implode("\n", $schema); - $schema = explode(";\n", $schema); - - foreach ( $schema as $i => $sql ) - { - $query =& $schema[$i]; - if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' ) - { - $query .= ';'; - } - } - - // echo '
' . htmlspecialchars(print_r($schema, true)) . '
'; - // break; - - echo 'done!
Executing schema.sql...'; - - // OK, do the loop, baby!!! - foreach($schema as $q) - { - $r = mysql_query($q, $conn); - if(!$r) err('Error during mainstream installation: '.mysql_error()); - } - - echo 'done!
Writing configuration files...'; - if($_POST['urlscheme']=='tiny') - { - $ht = fopen(ENANO_ROOT.'/.htaccess', 'a+'); - if(!$ht) err('Error opening file .htaccess for writing'); - fwrite($ht, ' -RewriteEngine on -RewriteCond %{REQUEST_FILENAME} !-d -RewriteCond %{REQUEST_FILENAME} !-f -RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA] -RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L] -'); - fclose($ht); - } - - $config_file = ''; - - $cf_handle = fopen(ENANO_ROOT.'/config.php', 'w'); - if(!$cf_handle) err('Couldn\'t open file config.php for writing'); - fwrite($cf_handle, $config_file); - fclose($cf_handle); - - echo 'done!
Starting the Enano API...'; - - $template_bak = $template; - - // Get Enano loaded - $_GET['title'] = 'Main_Page'; - require('includes/common.php'); - - // We need to be logged in (with admin rights) before logs can be flushed - $session->login_without_crypto($_POST['admin_user'], $dec, false); - - // Now that login cookies are set, initialize the session manager and ACLs - $session->start(); - $paths->init(); - - unset($template); - $template =& $template_bak; - - echo 'done!
Initializing logs...'; - - $q = $db->sql_query('INSERT INTO ' . $_POST['table_prefix'] . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');', $conn); - if ( !$q ) - err('Error setting up logs: '.$db->get_error()); - - if ( !$session->get_permissions('clear_logs') ) - { - echo '
Error: session manager won\'t permit flushing logs, these is a bug.'; - break; - } - - // unset($session); - // $session = new sessionManager(); - // $session->start(); - - PageUtils::flushlogs('Main_Page', 'Article'); - - echo 'done!

Installation of Enano is complete.

Review any warnings above, and then click here to finish the installation.'; - - // echo ''; - - break; - case "finish": - echo '

Congratulations!

-

You have finished installing Enano on this server.

-

Now what?

-

Click the link below to see the main page for your website. Where to go from here:

-
    -
  • The first thing you should do is log into your site using the Log in link on the sidebar.
  • -
  • Go into the Administration panel, expand General, and click General Configuration. There you will be able to configure some basic information about your site.
  • -
  • Visit the Enano Plugin Gallery to download and use plugins on your site.
  • -
  • Periodically create a backup of your database and filesystem, in case something goes wrong. This should be done at least once a week – more for wiki-based sites.
  • -
  • Hire some moderators, to help you keep rowdy users tame.
  • -
  • Tell the Enano team what you think.
  • -
  • Spread the word about Enano by adding a link to the Enano homepage on your sidebar! You can enable this option in the General Configuration section of the administration panel.
  • -
-

Go to your website...

'; - break; -} -$template->footer(); - -?> +The Enano installer has found a Enano installation in this directory. You MUST delete config.php if you want to re-install Enano.

If you wish to upgrade an older Enano installation to this version, please use the upgrade script.

'); + exit; +} + +define('IN_ENANO_INSTALL', 'true'); + +define('ENANO_VERSION', '1.0.2'); +// In beta versions, define ENANO_BETA_VERSION here + +if(!defined('scriptPath')) { + $sp = dirname($_SERVER['REQUEST_URI']); + if($sp == '/' || $sp == '\\') $sp = ''; + define('scriptPath', $sp); +} + +if(!defined('contentPath')) { + $sp = dirname($_SERVER['REQUEST_URI']); + if($sp == '/' || $sp == '\\') $sp = ''; + define('contentPath', $sp); +} +global $_starttime, $this_page, $sideinfo; +$_starttime = microtime(true); + +// Determine directory (special case for development servers) +if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') ) +{ + $filename = str_replace('/repo/', '/', __FILE__); +} +else +{ + $filename = __FILE__; +} + +define('ENANO_ROOT', dirname($filename)); + +function is_page($p) +{ + return true; +} + +require('includes/wikiformat.php'); +require('includes/constants.php'); +require('includes/rijndael.php'); +require('includes/functions.php'); + +strip_magic_quotes_gpc(); +$neutral_color = 'C'; + +// +// INSTALLER LIBRARY +// + +function run_installer_stage($stage_id, $stage_name, $function, $failure_explanation, $allow_skip = true) +{ + static $resumed = false; + static $resume_stack = array(); + + if ( empty($resume_stack) && isset($_POST['resume_stack']) && preg_match('/[a-z_]+((\|[a-z_]+)+)/', $_POST['resume_stack']) ) + { + $resume_stack = explode('|', $_POST['resume_stack']); + } + + $already_run = false; + if ( in_array($stage_id, $resume_stack) ) + { + $already_run = true; + } + + if ( !$resumed ) + { + if ( !isset($_GET['stage']) ) + $resumed = true; + if ( isset($_GET['stage']) && $_GET['stage'] == $stage_id ) + { + $resumed = true; + } + } + if ( !$resumed && $allow_skip ) + { + echo_stage_success($stage_id, "[dbg: skipped] $stage_name"); + return false; + } + if ( !function_exists($function) ) + die('libenanoinstall: CRITICAL: function "' . $function . '" for ' . $stage_id . ' doesn\'t exist'); + $result = @call_user_func($function, false, $already_run); + if ( $result ) + { + echo_stage_success($stage_id, $stage_name); + $resume_stack[] = $stage_id; + return true; + } + else + { + echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack); + return false; + } +} + +function start_install_table() +{ + echo '' . "\n"; +} + +function close_install_table() +{ + echo '
' . "\n\n"; +} + +function echo_stage_success($stage_id, $stage_name) +{ + global $neutral_color; + $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A'; + ob_start(); + echo '' . htmlspecialchars($stage_name) . 'Done' . "\n"; + ob_end_flush(); +} + +function echo_stage_failure($stage_id, $stage_name, $failure_explanation, $resume_stack) +{ + global $neutral_color; + + $neutral_color = ( $neutral_color == 'A' ) ? 'C' : 'A'; + ob_start(); + echo '' . htmlspecialchars($stage_name) . 'Failed' . "\n"; + ob_end_flush(); + close_install_table(); + $post_data = ''; + $mysql_error = mysql_error(); + foreach ( $_POST as $key => $value ) + { + $value = htmlspecialchars($value); + $key = htmlspecialchars($key); + $post_data .= " \n"; + } + echo '
+ ' . $post_data . ' + +

Enano installation failed.

+

' . $failure_explanation . '

+ ' . ( !empty($mysql_error) ? "

The error returned from MySQL was: $mysql_error

" : '' ) . ' +

When you have corrected the error, click the button below to attempt to continue the installation.

+

+
'; + global $template, $template_bak; + if ( is_object($template_bak) ) + $template_bak->footer(); + else + $template->footer(); + exit; +} + +// +// INSTALLER STAGES +// + +function stg_mysql_connect($act_get = false) +{ + static $conn = false; + if ( $act_get ) + return $conn; + + $db_user =& $_POST['db_user']; + $db_pass =& $_POST['db_pass']; + $db_name =& $_POST['db_name']; + + if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) ) + { + $db_name = htmlspecialchars($db_name); + die("

SECURITY: malformed database name \"$db_name\"

"); + } + + // First, try to connect using the normal credentials + $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); + if ( !$conn ) + { + // Connection failed. Do we have the root username and password? + if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) ) + { + $conn_root = @mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']); + if ( !$conn_root ) + { + // Couldn't connect using either set of credentials. Bail out. + return false; + } + unset($db_user, $db_pass); + $db_user = mysql_real_escape_string($_POST['db_user']); + $db_pass = mysql_real_escape_string($_POST['db_pass']); + // Create the user account + $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root); + if ( !$q ) + { + return false; + } + // Revoke privileges from test, we don't need them + $q = @mysql_query("REVOKE ALL PRIVILEGES ON test.* FROM '{$db_user}'@'localhost';", $conn_root); + if ( !$q ) + { + return false; + } + if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' ) + { + // If not connecting to a server running on localhost, allow from any host + // this is safer than trying to detect the hostname of the webserver, but less secure + $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'%' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root); + if ( !$q ) + { + return false; + } + // Revoke privileges from test, we don't need them + $q = @mysql_query("REVOKE ALL PRIVILEGES ON test.* FROM '{$db_user}'@'%';", $conn_root); + if ( !$q ) + { + return false; + } + } + mysql_close($conn_root); + $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); + if ( !$conn ) + { + // This should honestly never happen. + return false; + } + } + } + $q = @mysql_query("USE `$db_name`;", $conn); + if ( !$q ) + { + // access denied to the database; try the whole root schenanegan again + if ( !empty($_POST['db_root_user']) && !empty($_POST['db_root_pass']) ) + { + $conn_root = @mysql_connect($_POST['db_host'], $_POST['db_root_user'], $_POST['db_root_pass']); + if ( !$conn_root ) + { + // Couldn't connect as root; bail out + return false; + } + // create the database, if it doesn't exist + $q = @mysql_query("CREATE DATABASE IF NOT EXISTS `$db_name`;", $conn_root); + if ( !$q ) + { + // this really should never fail, so don't give any tolerance to it + return false; + } + unset($db_user, $db_pass); + $db_user = mysql_real_escape_string($_POST['db_user']); + $db_pass = mysql_real_escape_string($_POST['db_pass']); + // we're in with root rights; grant access to the database + $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'localhost';", $conn_root); + if ( !$q ) + { + return false; + } + if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' ) + { + $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'%';", $conn_root); + if ( !$q ) + { + return false; + } + } + mysql_close($conn_root); + // grant tables have hopefully been flushed, kill and reconnect our regular user connection + mysql_close($conn); + $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); + if ( !$conn ) + { + return false; + } + } + else + { + return false; + } + // try again + $q = @mysql_query("USE `$db_name`;", $conn); + if ( !$q ) + { + // really failed this time; bail out + return false; + } + } + // connected and database exists + return true; +} + +function stg_drop_tables() +{ + $conn = stg_mysql_connect(true); + if ( !$conn ) + return false; + // Our list of tables included in Enano + $tables = Array( 'categories', 'comments', 'config', 'logs', 'page_text', 'session_keys', 'pages', 'users', 'users_extra', 'themes', 'buddies', 'banlist', 'files', 'privmsgs', 'sidebar', 'hits', 'search_index', 'groups', 'group_members', 'acl', 'search_cache', 'tags', 'page_groups', 'page_group_members' ); + + // Drop each table individually; if it fails, it probably means we're trying to drop a + // table that didn't exist in the Enano version we're deleting the database for. + foreach ( $tables as $table ) + { + // Remember that table_prefix is sanitized. + $table = "{$_POST['table_prefix']}$table"; + @mysql_query("DROP TABLE $table;", $conn); + } + return true; +} + +function stg_decrypt_admin_pass($act_get = false) +{ + static $decrypted_pass = false; + if ( $act_get ) + return $decrypted_pass; + + $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + + if ( !empty($_POST['crypt_data']) ) + { + require('config.new.php'); + if ( !isset($cryptkey) ) + { + return false; + } + define('_INSTRESUME_AES_KEYBACKUP', $key); + $key = hexdecode($cryptkey); + + $decrypted_pass = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX); + + } + else + { + $decrypted_pass = $_POST['admin_pass']; + } + if ( empty($decrypted_pass) ) + return false; + return true; +} + +function stg_generate_aes_key($act_get = false) +{ + static $key = false; + if ( $act_get ) + return $key; + + $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $key = $aes->gen_readymade_key(); + return true; +} + +function stg_parse_schema($act_get = false) +{ + static $schema; + if ( $act_get ) + return $schema; + + $admin_pass = stg_decrypt_admin_pass(true); + $key = stg_generate_aes_key(true); + $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $key = $aes->hextostring($key); + $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX); + + $cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0'; + + $schema = file_get_contents('schema.sql'); + $schema = str_replace('{{SITE_NAME}}', mysql_real_escape_string($_POST['sitename'] ), $schema); + $schema = str_replace('{{SITE_DESC}}', mysql_real_escape_string($_POST['sitedesc'] ), $schema); + $schema = str_replace('{{COPYRIGHT}}', mysql_real_escape_string($_POST['copyright'] ), $schema); + $schema = str_replace('{{ADMIN_USER}}', mysql_real_escape_string($_POST['admin_user'] ), $schema); + $schema = str_replace('{{ADMIN_PASS}}', mysql_real_escape_string($admin_pass ), $schema); + $schema = str_replace('{{ADMIN_EMAIL}}', mysql_real_escape_string($_POST['admin_email']), $schema); + $schema = str_replace('{{ENABLE_CACHE}}', mysql_real_escape_string($cacheonoff ), $schema); + $schema = str_replace('{{REAL_NAME}}', '', $schema); + $schema = str_replace('{{TABLE_PREFIX}}', $_POST['table_prefix'], $schema); + $schema = str_replace('{{VERSION}}', ENANO_VERSION, $schema); + $schema = str_replace('{{ADMIN_EMBED_PHP}}', $_POST['admin_embed_php'], $schema); + // Not anymore!! :-D + // $schema = str_replace('{{BETA_VERSION}}', ENANO_BETA_VERSION, $schema); + + if(isset($_POST['wiki_mode'])) + { + $schema = str_replace('{{WIKI_MODE}}', '1', $schema); + } + else + { + $schema = str_replace('{{WIKI_MODE}}', '0', $schema); + } + + // Build an array of queries + $schema = explode("\n", $schema); + + foreach ( $schema as $i => $sql ) + { + $query =& $schema[$i]; + $t = trim($query); + if ( empty($t) || preg_match('/^(\#|--)/i', $t) ) + { + unset($schema[$i]); + unset($query); + } + } + + $schema = array_values($schema); + $schema = implode("\n", $schema); + $schema = explode(";\n", $schema); + + foreach ( $schema as $i => $sql ) + { + $query =& $schema[$i]; + if ( substr($query, ( strlen($query) - 1 ), 1 ) != ';' ) + { + $query .= ';'; + } + } + + return true; +} + +function stg_install($_unused, $already_run) +{ + // This one's pretty easy. + $conn = stg_mysql_connect(true); + if ( !is_resource($conn) ) + return false; + $schema = stg_parse_schema(true); + if ( !is_array($schema) ) + return false; + + // If we're resuming installation, the encryption key was regenerated. + // This means we'll have to update the encrypted password in the database. + if ( $already_run ) + { + $admin_pass = stg_decrypt_admin_pass(true); + $key = stg_generate_aes_key(true); + $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + $key = $aes->hextostring($key); + $admin_pass = $aes->encrypt($admin_pass, $key, ENC_HEX); + $admin_user = mysql_real_escape_string($_POST['admin_user']); + + $q = @mysql_query("UPDATE {$_POST['table_prefix']}users SET password='$admin_pass' WHERE username='$admin_user';"); + if ( !$q ) + { + echo '

MySQL return: ' . mysql_error() . '

'; + return false; + } + + return true; + } + + // OK, do the loop, baby!!! + foreach($schema as $q) + { + $r = mysql_query($q, $conn); + if ( !$r ) + { + echo '

MySQL return: ' . mysql_error() . '

'; + return false; + } + } + + return true; +} + +function stg_write_config() +{ + $privkey = stg_generate_aes_key(true); + + switch($_POST['urlscheme']) + { + case "ugly": + default: + $cp = scriptPath.'/index.php?title='; + break; + case "short": + $cp = scriptPath.'/index.php/'; + break; + case "tiny": + $cp = scriptPath.'/'; + break; + } + + if ( $_POST['urlscheme'] == 'tiny' ) + { + $contents = '# Begin Enano rules +RewriteEngine on +RewriteCond %{REQUEST_FILENAME} !-d +RewriteCond %{REQUEST_FILENAME} !-f +RewriteRule ^(.+) '.scriptPath.'/index.php?title=$1 [L,QSA] +RewriteRule \.(php|html|gif|jpg|png|css|js)$ - [L] +# End Enano rules +'; + if ( file_exists('./.htaccess') ) + $ht = fopen(ENANO_ROOT.'/.htaccess', 'a+'); + else + $ht = fopen(ENANO_ROOT.'/.htaccess.new', 'w'); + if ( !$ht ) + return false; + fwrite($ht, $contents); + fclose($ht); + } + + $config_file = ''; + + $cf_handle = fopen(ENANO_ROOT.'/config.new.php', 'w'); + if ( !$cf_handle ) + return false; + fwrite($cf_handle, $config_file); + + fclose($cf_handle); + + return true; +} + +function _stg_rename_config_revert() +{ + if ( file_exists('./config.php') ) + { + @rename('./config.php', './config.new.php'); + } + + $handle = @fopen('./config.php.new', 'w'); + if ( !$handle ) + return false; + $contents = ''; + fwrite($handle, $contents); + fclose($handle); + return true; +} + +function stg_rename_config() +{ + if ( !@rename('./config.new.php', './config.php') ) + { + echo '

Can\'t rename config.php

'; + _stg_rename_config_revert(); + return false; + } + + if ( $_POST['urlscheme'] == 'tiny' && !file_exists('./.htaccess') ) + { + if ( !@rename('./.htaccess.new', './.htaccess') ) + { + echo '

Can\'t rename .htaccess

'; + _stg_rename_config_revert(); + return false; + } + } + return true; +} + +function stg_start_api_success() +{ + return true; +} + +function stg_start_api_failure() +{ + return false; +} + +function stg_init_logs() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + + $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($_POST['admin_user']) . '\', \'' . mysql_real_escape_string(ENANO_VERSION) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');'); + if ( !$q ) + { + echo '

MySQL return: ' . mysql_error() . '

'; + return false; + } + + if ( !$session->get_permissions('clear_logs') ) + { + echo '

$session: denied clear_logs

'; + return false; + } + + PageUtils::flushlogs('Main_Page', 'Article'); + + return true; +} + +//die('Key size: ' . AES_BITS . '
Block size: ' . AES_BLOCKSIZE); + +if(!function_exists('wikiFormat')) +{ + function wikiFormat($message, $filter_links = true) + { + $wiki = & Text_Wiki::singleton('Mediawiki'); + $wiki->setRenderConf('Xhtml', 'code', 'css_filename', 'codefilename'); + $wiki->setRenderConf('Xhtml', 'wikilink', 'view_url', contentPath); + $result = $wiki->transform($message, 'Xhtml'); + + // HTML fixes + $result = preg_replace('#([\s]*?)<\/tr>#is', '', $result); + $result = preg_replace('#

([\s]*?)<\/p>#is', '', $result); + $result = preg_replace('#
([\s]*?)$descTest passed"; + } elseif(!$val && $warn) { + if($cv) $color='FFFFCC'; else $color='FFFFAA'; + echo "$desc
$extended_descTest passed with warning"; + $warned = true; + } else { + if($cv) $color='FFCCCC'; else $color='FFAAAA'; + echo "$desc
$extended_descTest failed"; + $failed = true; + } +} +function is_apache() { $r = strstr($_SERVER['SERVER_SOFTWARE'], 'Apache') ? true : false; return $r; } + +require_once('includes/template.php'); + +if(!isset($_GET['mode'])) $_GET['mode'] = 'welcome'; +switch($_GET['mode']) +{ + case 'mysql_test': + error_reporting(0); + $dbhost = rawurldecode($_POST['host']); + $dbname = rawurldecode($_POST['name']); + $dbuser = rawurldecode($_POST['user']); + $dbpass = rawurldecode($_POST['pass']); + $dbrootuser = rawurldecode($_POST['root_user']); + $dbrootpass = rawurldecode($_POST['root_pass']); + if($dbrootuser != '') + { + $conn = mysql_connect($dbhost, $dbrootuser, $dbrootpass); + if(!$conn) + { + $e = mysql_error(); + if(strstr($e, "Lost connection")) + die('host'.$e); + else + die('root'.$e); + } + $rsp = 'good'; + $q = mysql_query('USE '.$dbname, $conn); + if(!$q) + { + $e = mysql_error(); + if(strstr($e, 'Unknown database')) + { + $rsp .= '_creating_db'; + } + } + mysql_close($conn); + $conn = mysql_connect($dbhost, $dbuser, $dbpass); + if(!$conn) + { + $e = mysql_error(); + if(strstr($e, "Lost connection")) + die('host'.$e); + else + $rsp .= '_creating_user'; + } + mysql_close($conn); + die($rsp); + } + else + { + $conn = mysql_connect($dbhost, $dbuser, $dbpass); + if(!$conn) + { + $e = mysql_error(); + if(strstr($e, "Lost connection")) + die('host'.$e); + else + die('auth'.$e); + } + $q = mysql_query('USE '.$dbname, $conn); + if(!$q) + { + $e = mysql_error(); + if(strstr($e, 'Unknown database')) + { + die('name'.$e); + } + else + { + die('perm'.$e); + } + } + } + $v = mysql_get_server_info(); + if(version_compare($v, '4.1.17', '<')) die('vers'.$v); + mysql_close($conn); + die('good'); + break; + case 'pophelp': + $topic = ( isset($_GET['topic']) ) ? $_GET['topic'] : 'invalid'; + switch($topic) + { + case 'admin_embed_php': + $title = 'Allow administrators to embed PHP'; + $content = '

This option allows you to control whether anything between the standard <?php and ?> tags will be treated as + PHP code by Enano. If this option is enabled, and members of the Administrators group use these tags, Enano will + execute that code when the page is loaded. There are obvious potential security implications here, which should + be carefully considered before enabling this option.

+

If you are the only administrator of this site, or if you have a high level of trust for those will be administering + the site with you, you should enable this to allow extreme customization of pages.

+

Leave this option off if you are at all concerned about security – if your account is compromised and PHP embedding + is enabled, an attacker can run arbitrary code on your server! Enabling this will also allow administrators to + embed Javascript and arbitrary HTML and CSS.

+

If you don\'t have experience coding in PHP, you can safely disable this option. You may change this at any time + using the ACL editor by selecting the Administrators group and This Entire Website under the scope selection.

'; + break; + default: + $title = 'Invalid topic'; + $content = 'Invalid help topic.'; + break; + } + echo << + + + Enano installation quick help • {$title} + + + + +

{$title}

+ {$content} +

+ Close window +

+ + +EOF; + exit; + break; + default: + break; +} + +$template = new template_nodb(); +$template->load_theme('oxygen', 'bleu', false); + +$modestrings = Array( + 'welcome' => 'Welcome', + 'license' => 'License Agreement', + 'sysreqs' => 'Server requirements', + 'database'=> 'Database information', + 'website' => 'Website configuration', + 'login' => 'Administration login', + 'confirm' => 'Confirm installation', + 'install' => 'Database installation', + 'finish' => 'Installation complete' + ); + +$sideinfo = ''; +$vars = $template->extract_vars('elements.tpl'); +$p = $template->makeParserText($vars['sidebar_button']); +foreach ( $modestrings as $id => $str ) +{ + if ( $_GET['mode'] == $id ) + { + $flags = 'style="font-weight: bold; text-decoration: underline;"'; + $this_page = $str; + } + else + { + $flags = ''; + } + $p->assign_vars(Array( + 'HREF' => '#', + 'FLAGS' => $flags . ' onclick="return false;"', + 'TEXT' => $str + )); + $sideinfo .= $p->run(); +} + +$template->init_vars(); + +if(isset($_GET['mode']) && $_GET['mode'] == 'css') +{ + header('Content-type: text/css'); + echo $template->get_css(); + exit; +} + +$template->header(); +if(!isset($_GET['mode'])) $_GET['mode'] = 'license'; +switch($_GET['mode']) +{ + default: + case 'welcome': + ?> +
+ [ Enano CMS Project logo ] +

Welcome to Enano

+

version 1.0.2 – stable
+ also affectionately known as "coblynau" :)

+ You are about to install a NIGHTLY BUILD of Enano.
Nightly builds are NOT upgradeable and may contain serious flaws, security problems, or extraneous debugging information. Installing this version of Enano on a production site is NOT recommended.
'; + } + ?> +
+ +
+ + +

Welcome to the Enano installer.

+

Thank you for choosing Enano as your CMS. You've selected the finest in design, the strongest in security, and the latest in Web 2.0 toys. Trust us, you'll like it.

+

To get started, please read and accept the following license agreement. You've probably seen it before.

+
+

GNU General Public License

+

Declaration of license usage

+

Enano is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

+

This program is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. See the GNU General Public License (below) for more details.

+

By clicking the button below or otherwise continuing the installation, you indicate your acceptance of this license agreement.

+

Human-readable version

+

Enano is distributed under certain licensing terms that we believe make it of the greatest possible use to the public. The license we distribute it under, the GNU General Public License, provides certain terms and conditions that, rather than limit your use of Enano, allow you to get the most out of it. If you would like to read the full text, it can be found below. Here is a human-readable version that we think is a little easier to understand.

+
    +
  • You may to run Enano for any purpose.
  • +
  • You may study how Enano works and adapt it to your needs.
  • +
  • You may redistribute copies so you can help your neighbor.
  • +
  • You may improve Enano and release your improvements to the public, so that the whole community benefits.
  • +
+

You may exercise the freedoms specified here provided that you comply with the express conditions of this license. The principal conditions are:

+
    +
  • You must conspicuously and appropriately publish on each copy distributed an appropriate copyright notice and disclaimer of warranty and keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of Enano a copy of the GNU General Public License along with Enano. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.
  • +
  • If you modify your copy or copies of Enano or any portion of it, or develop a program based upon it, you may distribute the resulting work provided you do so under the GNU General Public License. Any translation of the GNU General Public License must be accompanied by the GNU General Public License.
  • +
  • If you copy or distribute Enano, you must accompany it with the complete corresponding machine-readable source code or with a written offer, valid for at least three years, to furnish the complete corresponding machine-readable source code.
  • +
+

Disclaimer: The above text is not a license. It is simply a handy reference for understanding the Legal Code (the full license) – it is a human-readable expression of some of its key terms. Think of it as the user-friendly interface to the Legal Code beneath. The above text itself has no legal value, and its contents do not appear in the actual license.
Text copied from the Creative Commons GPL Deed page

+ +

Notice for prerelease versions

+

This version of Enano is designed only for testing and evaluation purposes. It is not yet completely stable, and should not be used on production websites. As with any Enano version, Dan Fuhry and the Enano team cannot be responsible for any damage, physical or otherwise, to any property as a result of the use of Enano. While security is a number one priority, sometimes things slip through.

+ +

Lawyer-readable version

+ +
+ + +

Checking your server

+

Enano has several requirements that must be met before it can be installed. If all is good then note any warnings and click Continue below.

+ + =4.3.0', 'It seems that the version of PHP that your server is running is too old to support Enano properly. If this is your server, please upgrade to the most recent version of PHP, remembering to use the --with-mysql configure option if you compile it yourself. If this is not your server, please contact your webhost and ask them if it would be possible to upgrade PHP. If this is not possible, you will need to switch to a different webhost in order to use Enano.'); + run_test('return function_exists(\'mysql_connect\');', 'MySQL extension for PHP', 'It seems that your PHP installation does not have the MySQL extension enabled. If this is your own server, you may need to just enable the "libmysql.so" extension in php.ini. If you do not have the MySQL extension installed, you will need to either use your distribution\'s package manager to install it, or you will have to compile PHP from source. If you compile PHP from source, please remember to use the "--with-mysql" configure option, and you will have to have the MySQL development files installed (they usually are). If this is not your server, please contact your hosting company and ask them to install the PHP MySQL extension.'); + run_test('return @ini_get(\'file_uploads\');', 'File upload support', 'It seems that your server does not support uploading files. Enano *requires* this functionality in order to work properly. Please ask your server administrator to set the "file_uploads" option in php.ini to "On".'); + run_test('return is_apache();', 'Apache HTTP Server', 'Apparently your server is running a web server other than Apache. Enano will work nontheless, but there are some known bugs with non-Apache servers, and the "fancy" URLs will not work properly. The "Standard URLs" option will be set on the website configuration page, only change it if you are absolutely certain that your server is running Apache.', true); + //run_test('return function_exists(\'finfo_file\');', 'Fileinfo PECL extension', 'The MIME magic PHP extension is used to determine the type of a file by looking for a certain "magic" string of characters inside it. This functionality is used by Enano to more effectively prevent malicious file uploads. The MIME magic option will be disabled by default.', true); + run_test('return is_writable(ENANO_ROOT.\'/config.new.php\');', 'Configuration file writable', 'It looks like the configuration file, config.new.php, is not writable. Enano needs to be able to write to this file in order to install.

If you are installing Enano on a SourceForge web site:
SourceForge mounts the web partitions read-only now, so you will need to use the project shell service to symlink config.php to a file in the /tmp/persistent directory.'); + run_test('return file_exists(\'/usr/bin/convert\');', 'ImageMagick support', 'Enano uses ImageMagick to scale images into thumbnails. Because ImageMagick was not found on your server, Enano will use the width= and height= attributes on the <img> tag to scale images. This can cause somewhat of a performance increase, but bandwidth usage will be higher, especially if you use high-resolution images on your site.

If you are sure that you have ImageMagick, you can set the location of the "convert" program using the administration panel after installation is complete.', true); + run_test('return is_writable(ENANO_ROOT.\'/cache/\');', 'Cache directory writable', 'Apparently the cache/ directory is not writable. Enano will still work, but you will not be able to cache thumbnails, meaning the server will need to re-render them each time they are requested. In some cases, this can cause a significant slowdown.', true); + run_test('return is_writable(ENANO_ROOT.\'/files/\');', 'File uploads directory writable', 'It seems that the directory where uploaded files are stored (' . ENANO_ROOT . '/files) cannot be written by the server. Enano will still function, but file uploads will not function, and will be disabled by default.', true); + echo '
'; + if(!$failed) + { + ?> + +
+ '; + run_test('return false;', 'Your server does not meet the requirements for Enano to run.', 'As a precaution, Enano will not install until the above requirements have been met. Contact your server administrator or hosting company and convince them to upgrade. Good luck.'); + echo '
'; + } + } + ?> + + +

Now we need some information that will allow Enano to contact your database server. Enano uses MySQL as a data storage backend, + and we need to have access to a MySQL server in order to continue.

+

If you do not have access to a MySQL server, and you are using your own server, you can download MySQL for free from + MySQL.com. Please note that, like Enano, MySQL is licensed under the GNU GPL. + If you need to modify MySQL and then distribute your modifications, you must either distribute them under the terms of the GPL + or purchase a proprietary license.

+ MySQL login information for this virtual appliance:

Database hostname: localhost
Database login: username "enano", password: "clurichaun" (without quotes)
Database name: enano_www1

'; + } + ?> +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

Database information

+
+ Database hostname +
This is the hostname (or sometimes the IP address) of your MySQL server. In many cases, this is "localhost". +
+
+ + + Good/bad icon +
+ Database name
+ The name of the actual database. If you don't already have a database, you can create one here, if you have the username and password + of a MySQL user with administrative rights.
+ +
+ + + Good/bad icon +
+ Database login
+ These fields should be the username and password of a user with "select", "insert", "update", "delete", "create table", and "replace" + privileges for your database.
+ +
+ + + Good/bad icon +
+ +
+

Optional information

+
+ Table prefix
+ The value that you enter here will be added to the beginning of the name of each Enano table. You may use lowercase letters (a-z), + numbers (0-9), and underscores (_). +
+ + + Good/bad icon +
+ Database administrative login
+ If the MySQL database or username that you entered above does not exist yet, you can create them here, assuming that you have the + login information for an administrative user (such as root). Leave these fields blank unless you need to use them.
+ +
+ + + Good/bad icon +
+ +
+ MySQL version + + MySQL version information will be checked when you click "Test Connection". + + Good/bad icon +
+ Delete existing tables?
+ If this option is checked, all the tables that will be used by Enano will be dropped (deleted) before the schema is executed. Do + NOT use this option unless specifically instructed to. +
+ +
+ +
+ +
+ restart the installation.'; + $template->footer(); + exit; + } + unset($_POST['_cont']); + ?> + +
+ '."\n"; + } + ?> +

The next step is to enter some information about your website. You can always change this information later, using the administration panel.

+ + + + + + + + + + + + + + + + + + + + + + + + + +
+ Website name
+ The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not + be blank or "Enano". +
+ + + Good/bad icon +
+ Website description
+ This text will be shown below the name of your website. +
+ + + Good/bad icon +
+ Copyright info
+ This should be a one-line legal notice that will appear at the bottom of all your pages. +
+ + + Good/bad icon +
+ Wiki mode
+ This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can + protect pages to prevent editing. +
+ + +   +
+ URL scheme
+ Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you + don't know, select the first option, and you can always change it later. +
+ name="urlscheme" value="ugly" id="ugly" />
+ name="urlscheme" value="short" id="short" />
+ +
+ +
+ restart the installation.'; + $template->footer(); + exit; + } + unset($_POST['_cont']); + require('config.new.php'); + $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE); + if ( isset($crypto_key) ) + { + $cryptkey = $crypto_key; + } + if(!isset($cryptkey) || ( isset($cryptkey) && strlen($cryptkey) != AES_BITS / 4) ) + { + $cryptkey = $aes->gen_readymade_key(); + $handle = @fopen(ENANO_ROOT.'/config.new.php', 'w'); + if(!$handle) + { + echo '

ERROR: Cannot open config.php for writing - exiting!

'; + $template->footer(); + exit; + } + fwrite($handle, ''); + fclose($handle); + } + // Sorry for the ugly hack, but this f***s up jEdit badly. + echo ' + + '; + ?> +
+ '."\n"; + } + ?> +

Next, enter your desired username and password. The account you create here will be used to administer your site.

+ + + + + + + + + + + + + + + + + + + + + + + + +
Administration username
The administration username you will use to log into your site.
This cannot be "anonymous" or in the form of an IP address.
Good/bad icon
Administration password:Good/bad icon
Enter it again to confirm:
Your e-mail address:Good/bad icon
+ Allow administrators to embed PHP code into pages:
+ Do not under any circumstances enable this option without reading these + important security implications. + +
+    + +
If your browser supports Javascript, the password you enter here will be encrypted with AES before it is sent to the server.
+ +
+ + + +
+ + restart the installation.'; + $template->footer(); + exit; + } + unset($_POST['_cont']); + ?> +
+ '."\n"; + } + ?> +

Enano is ready to install.

+

The wizard has finished collecting information and is ready to install the database schema. Please review the information below, + and then click the button below to install the database.

+
    +
  • Database hostname:
  • +
  • Database name:
  • +
  • Database user:
  • +
  • Database password: <hidden>
  • +
  • Site name:
  • +
  • Site description:
  • +
  • Administration username:
  • +
  • Cipher strength: -bit AES
    Cipher strength is defined in the file constants.php; if you desire to change the cipher strength, you may do so and then restart installation. Unless your site is mission-critical, changing the cipher strength is not necessary.
  • +
+ +
+ restart the installation.'; + $template->footer(); + exit; + } + switch($_POST['urlscheme']) + { + case "ugly": + default: + $cp = scriptPath.'/index.php?title='; + break; + case "short": + $cp = scriptPath.'/index.php/'; + break; + case "tiny": + $cp = scriptPath.'/'; + break; + } + function err($t) { global $template; echo $t; $template->footer(); exit; } + + // $stages = array('connect', 'decrypt', 'genkey', 'parse', 'sql', 'writeconfig', 'renameconfig', 'startapi', 'initlogs'); + + if ( !preg_match('/^[a-z0-9_]*$/', $_POST['table_prefix']) ) + err('Hacking attempt was detected in table_prefix.'); + + start_install_table(); + // The stages connect, decrypt, genkey, and parse are preprocessing and don't do any actual data modification. + // Thus, they need to be run on each retry, e.g. never skipped. + run_installer_stage('connect', 'Connect to MySQL', 'stg_mysql_connect', 'MySQL denied our attempt to connect to the database. This is most likely because your login information was incorrect. You will most likely need to restart the installation.', false); + if ( isset($_POST['drop_tables']) ) + { + // Are we supposed to drop any existing tables? If so, do it now + run_installer_stage('drop', 'Drop existing Enano tables', 'stg_drop_tables', 'This step never returns failure'); + } + run_installer_stage('decrypt', 'Decrypt administration password', 'stg_decrypt_admin_pass', 'The administration password you entered couldn\'t be decrypted. It is possible that your server did not properly store the encryption key in the configuration file. Please check the file permissions on config.new.php. You may have to return to the login stage of the installation, clear your browser cache, and then rerun this installation.', false); + run_installer_stage('genkey', 'Generate ' . AES_BITS . '-bit AES private key', 'stg_generate_aes_key', 'Enano encountered an internal error while generating the site encryption key. Please contact the Enano team for support.', false); + run_installer_stage('parse', 'Prepare to execute schema file', 'stg_parse_schema', 'Enano encountered an internal error while parsing the SQL file that contains the database structure and initial data. Please contact the Enano team for support.', false); + run_installer_stage('sql', 'Execute installer schema', 'stg_install', 'The installation failed because an SQL query wasn\'t quite correct. It is possible that you entered malformed data into a form field, or there may be a bug in Enano with your version of MySQL. Please contact the Enano team for support.', false); + run_installer_stage('writeconfig', 'Write configuration files', 'stg_write_config', 'Enano was unable to write the configuration file with your site\'s database credentials. This is almost always because your configuration file does not have the correct permissions. On Windows servers, you may see this message even if the check on the System Requirements page passed. Temporarily running IIS as the Administrator user may help.'); + run_installer_stage('renameconfig', 'Rename configuration files', 'stg_rename_config', 'Enano couldn\'t rename the configuration files to their correct production names. On some UNIX systems, you need to CHMOD the directory with your Enano files to 777 in order for this stage to succeed.'); + + // Mainstream installation complete - Enano should be usable now + // The stage of starting the API is special because it has to be called out of function context. + // To alleviate this, we have two functions, one that returns success and one that returns failure + // If the Enano API load is successful, the success function is called to report the action to the user + // If unsuccessful, the failure report is sent + + $template_bak = $template; + + $_GET['title'] = 'Main_Page'; + require('includes/common.php'); + + if ( is_object($db) && is_object($session) ) + { + run_installer_stage('startapi', 'Start the Enano API', 'stg_start_api_success', '...', false); + } + else + { + run_installer_stage('startapi', 'Start the Enano API', 'stg_start_api_failure', 'The Enano API could not be started. This is an error that should never occur; please contact the Enano team for support.', false); + } + + // We need to be logged in (with admin rights) before logs can be flushed + $admin_password = stg_decrypt_admin_pass(true); + $session->login_without_crypto($_POST['admin_user'], $admin_password, false); + + // Now that login cookies are set, initialize the session manager and ACLs + $session->start(); + $paths->init(); + + run_installer_stage('initlogs', 'Initialize logs', 'stg_init_logs', 'The session manager denied the request to flush logs for the main page.
+ While under most circumstances you can still finish the installation, you should be aware that some servers cannot + properly set cookies due to limitations with PHP. These limitations are exposed primarily when this issue is encountered during installation. If you choose + to finish the installation, please be aware that you may be unable to log into your site.'); + close_install_table(); + + unset($template); + $template =& $template_bak; + + echo '

Installation of Enano is complete.

Review any warnings above, and then click here to finish the installation.'; + + // echo ''; + + break; + case "finish": + echo '

Congratulations!

+

You have finished installing Enano on this server.

+

Now what?

+

Click the link below to see the main page for your website. Where to go from here:

+
    +
  • The first thing you should do is log into your site using the Log in link on the sidebar.
  • +
  • Go into the Administration panel, expand General, and click General Configuration. There you will be able to configure some basic information about your site.
  • +
  • Visit the Enano Plugin Gallery to download and use plugins on your site.
  • +
  • Periodically create a backup of your database and filesystem, in case something goes wrong. This should be done at least once a week – more for wiki-based sites.
  • +
  • Hire some moderators, to help you keep rowdy users tame.
  • +
  • Tell the Enano team what you think.
  • +
  • Spread the word about Enano by adding a link to the Enano homepage on your sidebar! You can enable this option in the General Configuration section of the administration panel.
  • +
+

Go to your website...

'; + break; +} +$template->footer(); + +?> diff -r 90b7a52bea45 -r 62ee6685ad18 plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Sat Oct 20 21:59:27 2007 -0400 +++ b/plugins/SpecialAdmin.php Thu Nov 15 18:00:39 2007 -0500 @@ -344,7 +344,7 @@ Account activation: Disable registration
'; - echo ''; + echo ''; echo ''; echo ''; ?> @@ -3194,7 +3194,10 @@ $c = ($template->fetch_block($row['block_content'])) ? $template->fetch_block($row['block_content']) : 'Can\'t find plugin block'; break; } - $t = '' . $template->tplWikiFormat($row['block_name']) . ''; + $block_name = $template->tplWikiFormat($row['block_name']); + if ( empty($block_name) ) + $block_name = '<Unnamed>'; + $t = '' . $block_name . ''; if($row['item_enabled'] == 0) $t .= ' (disabled)'; else $t .= ' '; $side = ( $row['sidebar_id'] == SIDEBAR_LEFT ) ? SIDEBAR_RIGHT : SIDEBAR_LEFT; diff -r 90b7a52bea45 -r 62ee6685ad18 plugins/SpecialUpdownload.php --- a/plugins/SpecialUpdownload.php Sat Oct 20 21:59:27 2007 -0400 +++ b/plugins/SpecialUpdownload.php Thu Nov 15 18:00:39 2007 -0500 @@ -235,45 +235,73 @@ } $fname = ENANO_ROOT . '/files/' . $row['file_key'] . '_' . $row['time_id'] . $row['file_extension']; - $data = file_get_contents($fname); - if(isset($_GET['preview']) && getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path')) && substr($row['mimetype'], 0, 6) == 'image/') + + if ( isset($_GET['preview']) && substr($row['mimetype'], 0, 6) == 'image/' ) { - $nam = tempnam('/tmp', $filename); - $h = @fopen($nam, 'w'); - if(!$h) die('Error opening '.$nam.' for writing'); - fwrite($h, $data); - fclose($h); - /* Make sure the request doesn't contain commandline injection - yow! */ - if(!isset($_GET['width' ]) || (isset($_GET['width'] ) && !preg_match('#^([0-9]+)$#', $_GET['width'] ))) $width = '320'; else $width = $_GET['width' ]; - if(!isset($_GET['height']) || (isset($_GET['height']) && !preg_match('#^([0-9]+)$#', $_GET['height'] ))) $height = '240'; else $height = $_GET['height']; - $cache_filename=ENANO_ROOT.'/cache/'.$filename.'-'.$row['time_id'].'-'.$width.'x'.$height.$row['file_extension']; - if(getConfig('cache_thumbs')=='1' && file_exists($cache_filename) && is_writable(ENANO_ROOT.'/cache')) { - $data = file_get_contents($cache_filename); - } elseif(getConfig('enable_imagemagick')=='1' && file_exists(getConfig('imagemagick_path'))) { - // Use ImageMagick to convert the image - //unlink($nam); - error_reporting(E_ALL); - $cmd = ''.getConfig('imagemagick_path').' "'.$nam.'" -resize "'.$width.'x'.$height.'>" "'.$nam.'.scaled'.$row['file_extension'].'"'; - system($cmd, $stat); - if(!file_exists($nam.'.scaled'.$row['file_extension'])) die('Failed to call ImageMagick (return value '.$stat.'), command line was:
'.$cmd); - $data = file_get_contents($nam.'.scaled'.$row['file_extension']); - // Be stingy about it - better to re-generate the image hundreds of times than to fail completely - if(getConfig('cache_thumbs')=='1' && !file_exists($cache_filename)) { - // Write the generated thumbnail to the cache directory - $h = @fopen($cache_filename, 'w'); - if(!$h) die('Error opening cache file "'.$cache_filename.'" for writing.'); - fwrite($h, $data); - fclose($h); + // Determine appropriate width and height + $width = ( isset($_GET['width']) ) ? intval($_GET['width'] ) : 320; + $height = ( isset($_GET['height']) ) ? intval($_GET['height']) : 320; + $cache_filename = ENANO_ROOT . "/cache/{$filename}-{$row['time_id']}-{$width}x{$height}{$row['file_extension']}"; + if ( file_exists($cache_filename) ) + { + $fname = $cache_filename; + } + else + { + $allow_scale = false; + $orig_fname = $fname; + // is caching enabled? + if ( getConfig('cache_thumbs') == '1' ) + { + $fname = $cache_filename; + if ( is_writeable(dirname($fname)) ) + { + $allow_scale = true; + } + } + else + { + // Get a temporary file + // In this case, the file will not be cached and will be scaled each time it's requested + $temp_dir = ( is_dir('/tmp') ) ? '/tmp' : ( isset($_ENV['TEMP']) ) ? $_ENV['TEMP'] : 'SOME RANDOM NAME'; + // if tempnam() cannot use the specified directory name, it will fall back on the system default + $tempname = tempnam($temp_dir, $filename); + if ( $tempname && is_writeable($tempname) ) + { + $allow_scale = true; + } + } + if ( $allow_scale ) + { + $result = scale_image($orig_fname, $fname, $width, $height); + if ( !$result ) + $fname = $orig_fname; + } + else + { + $fname = $orig_fname; } } - unlink($nam); } - $len = strlen($data); + $handle = @fopen($fname, 'r'); + if ( !$handle ) + die('Can\'t open output file for reading'); + + $len = filesize($fname); header('Content-type: '.$row['mimetype']); - if(isset($_GET['download'])) header('Content-disposition: attachment, filename="'.$filename.'";'); + if ( isset($_GET['download']) ) + { + header('Content-disposition: attachment, filename="' . $filename . '";'); + } header('Content-length: '.$len); header('Last-Modified: '.date('r', $row['time_id'])); - echo($data); + + // using this method limits RAM consumption + while ( !feof($handle) ) + { + echo fread($handle, 512000); + } + fclose($handle); gzip_output(); diff -r 90b7a52bea45 -r 62ee6685ad18 plugins/SpecialUserPrefs.php --- a/plugins/SpecialUserPrefs.php Sat Oct 20 21:59:27 2007 -0400 +++ b/plugins/SpecialUserPrefs.php Thu Nov 15 18:00:39 2007 -0500 @@ -212,6 +212,8 @@ if ( strlen($newpass) > 0 ) { + if ( defined('ENANO_DEMO_MODE') ) + $errors .= '
You can\'t change your password in demo mode.
'; // Perform checks if ( strlen($newpass) < 6 ) $errors .= '
Password must be at least 6 characters. You hacked my script, darn you!
'; diff -r 90b7a52bea45 -r 62ee6685ad18 plugins/admin/UserManager.php --- a/plugins/admin/UserManager.php Sat Oct 20 21:59:27 2007 -0400 +++ b/plugins/admin/UserManager.php Thu Nov 15 18:00:39 2007 -0500 @@ -2,7 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.1 + * Version 1.0.2 (Coblynau) * Copyright (C) 2006-2007 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License @@ -52,7 +52,14 @@ } else { - if ( $session->user_id != $user_id ) + if ( $session->user_id == $user_id ) + { + $username = $session->username; + $password = false; + $email = $session->email; + $real_name = $session->real_name; + } + else { $username = $_POST['username']; if ( !preg_match('#^'.$session->valid_username.'$#', $username) ) diff -r 90b7a52bea45 -r 62ee6685ad18 upgrade.php diff -r 90b7a52bea45 -r 62ee6685ad18 upgrade.sql --- a/upgrade.sql Sat Oct 20 21:59:27 2007 -0400 +++ b/upgrade.sql Thu Nov 15 18:00:39 2007 -0500 @@ -86,6 +86,7 @@ ---END 1.0b4--- ---BEGIN 1.0b3--- INSERT INTO {{TABLE_PREFIX}}config(config_name, config_value) VALUES( 'allowed_mime_types', 'cbf:len=168;crc=c3dcad3f;data=0[1],1[4],0[3],1[1],0[2],1[1],0[11],1[1],0[7],1[1],0[9],1[1],0[6],1[3],0[10],1[1],0[2],1[2],0[1],1[1],0[1],1[2],0[6],1[3],0[1],1[1],0[2],1[4],0[1],1[2],0[3],1[1],0[4],1[2],0[26],1[5],0[6],1[2],0[2],1[1],0[4],1[1],0[10],1[2],0[1],1[1],0[6]|end' ); +ALTER TABLE {{TABLE_PREFIX}}privmsgs ADD COLUMN message_read tinyint(1) NOT NULL DEFAULT 0; ---END 1.0b3--- ---BEGIN 1.0b2--- -- 10/1: Removed alterations to users table, moved to upgrade.php, to allow the session manager to work