array( "mysql_username" => "", "mysql_password" => "", ), "read_only" => array( "mysql_username" => "", "mysql_password" => "", ) ); } else { //Form was submitted, lets do it! //Generate config.php Header //Note: The opening php tag is missing and is added when the file is written. //This allows the config to be displayed in the bottom div when in development mode. $config_windows = get_post_bool('config_windows'); $exe_ext = $config_windows ? '.exe' : ''; $config_output=""; $config_output .= "###############################\r\n"; $config_output .= "## ResourceSpace\r\n"; $config_output .= "## Local Configuration Script\r\n"; $config_output .= "###############################\r\n\r\n"; $config_output .= "# All custom settings should be entered in this file.\r\n"; $config_output .= "# Options may be copied from config.default.php and configured here.\r\n\r\n"; // Structural plugin $structural_plugin = get_post('structureplugin'); if(!empty($structural_plugin)) { $config_output.= "\r\n# Initial Structural Plugin used: ".$structural_plugin."\r\n\r\n\r\n"; } //Grab MySQL settings $mysql_server = get_post('mysql_server'); $mysql_db = get_post('mysql_db'); $db_connection_modes = array( "read_write" => array( "mysql_username" => trim(get_post("mysql_username")), "mysql_password" => trim(get_post("mysql_password")), ), "read_only" => array( "mysql_username" => trim(get_post("read_only_db_username")), "mysql_password" => trim(get_post("read_only_db_password")), ), ); $mysql_config_output = ""; foreach($db_connection_modes as $db_connection_mode => $db_credentials) { $mysql_username = $db_credentials["mysql_username"]; $mysql_password = $db_credentials["mysql_password"]; // read-only credentials are optional if($db_connection_mode == "read_only" && ($mysql_username == "" || $mysql_password == "")) { continue; } // Check connection $mysqli_connection = mysqli_connect($mysql_server, $mysql_username, $mysql_password); if($mysqli_connection === false) { switch(mysqli_errno($mysqli_connection)) { case 1045: //User login failure. $errors['databaselogin'] = true; break; default: //Must be a server problem. $errors['databaseserver'] = true; break; } } // Check version $mysqlversion = mysqli_get_server_info($mysqli_connection); $mysqlversion_parts = explode(".", $mysqlversion); $mysqlversion_majorminor = floatval($mysqlversion_parts[0] . (isset($mysqlversion_parts[1])?"." . $mysqlversion_parts[1]:"")); if($mysqlversion_majorminor < 5) { $errors['databaseversion'] = true; break; } // Check DB access if(mysqli_select_db($mysqli_connection, $mysql_db) === false) { $errors['databasedb'] = true; break; } // Check DB permissions if($db_connection_mode == "read_write") { if(mysqli_query($mysqli_connection, "CREATE table configtest(test varchar(30))")) { mysqli_query($mysqli_connection, "DROP table configtest"); } else { $errors['databaseperms'] = true; break; } } if (isset($errors)) { $errors['database'] = mysqli_error($mysqli_connection); break; } $config_var_username = ($db_connection_mode == "read_only" ? "read_only_db_username" : "mysql_username"); $config_var_password = ($db_connection_mode == "read_only" ? "read_only_db_password" : "mysql_password"); $mysql_config_output .= "\${$config_var_username} = '{$mysql_username}';\r\n"; $mysql_config_output .= "\${$config_var_password} = '{$mysql_password}';\r\n"; } if(!isset($errors)) { $config_output .= "# MySQL database settings\r\n"; $config_output .= "\$mysql_server = '$mysql_server';\r\n"; $config_output .= $mysql_config_output; $config_output .= "\$mysql_db = '$mysql_db';\r\n"; $config_output .= "\r\n"; } //Check MySQL bin path (not required) $mysql_bin_path = sslash(get_post('mysql_bin_path')); if ((isset($mysql_bin_path)) && ($mysql_bin_path != '')) { if (stripos($mysql_bin_path . '/mysqldump' . $exe_ext, 'phar://') !== false) { exit($lang["setup-err_phar_injection"]); } if (!file_exists($mysql_bin_path . '/mysqldump' . $exe_ext)) { $errors['mysqlbinpath'] = true; } else { $config_output .= "\$mysql_bin_path = '$mysql_bin_path';\r\n\r\n"; } } //Check baseurl (required) $baseurl = sslash(get_post('baseurl')); # In certain PHP versions there is a bug in filter_var using FILTER_VALIDATE_URL causing correct URLs containing a hyphen to fail. if (filter_var("http://www.filter-test.com", FILTER_VALIDATE_URL)) { # The filter is working. $filterresult = filter_var($baseurl, FILTER_VALIDATE_URL); } else { # The filter is not working, use the hostname of the $baseurl and replace the problematic characters. $testbaseurl = str_replace( parse_url($baseurl,PHP_URL_HOST), str_replace( array("_", "-"), array("^", "x"), # _ is not allowed for hostname, - is allowed parse_url($baseurl,PHP_URL_HOST)), $baseurl); $filterresult = filter_var($testbaseurl, FILTER_VALIDATE_URL); } if ((isset($baseurl)) && ($baseurl!='') && ($baseurl!='http://my.site/resourcespace') && ($filterresult)){ //Check that the base url seems correct by attempting to fetch the license file if (url_exists($baseurl.'/license.txt')){ $config_output .= "# Base URL of the installation\r\n"; $config_output .= "\$baseurl = '$baseurl';\r\n\r\n"; } else { //Under certain circumstances this test may fail, but the URL is still correct, so warn the user. $warnings['baseurlverify']= true; } } else { $errors['baseurl'] = true; } $admin_fullname = get_post('admin_fullname'); $admin_email = get_post('admin_email'); $admin_username = get_post('admin_username'); $admin_password = html_entity_decode(get_post('admin_password')); if('' === trim($admin_fullname)) { $errors['admin_fullname'] = true; } if('' === trim($admin_email) || ('' !== trim($admin_email) && !filter_var($admin_email, FILTER_VALIDATE_EMAIL))) { $errors['admin_email'] = true; } else { // Email_notify is not used much now so we default it to the admin e-mail address. $config_output .= "# Email settings\r\n"; $config_output .= "\$email_notify = '$admin_email';\r\n"; } // Check password $password_validation_result = check_password($admin_password); if('' === $admin_password) { $errors['admin_password'] = 'Super Admin password cannot be empty!'; } elseif('' !== $admin_password && is_string($password_validation_result) && '' !== $password_validation_result) { $errors['admin_password'] = $password_validation_result; } //Verify email addresses are valid $email_from = get_post('email_from'); if('' != $email_from) { if(filter_var($email_from, FILTER_VALIDATE_EMAIL)) { $config_output .= "\$email_from = '$email_from';\r\n"; } else { $errors['email_from'] = true; } } else { $errors['email_from'] = true; } // Set random keys. These used to be requested on the setup form but there was no reason to ask the user for these. $scramble_key = generateSecureKey(64); $config_output .= "# Secure keys\r\n"; $config_output .= "\$scramble_key = '{$scramble_key}';\r\n"; $config_output .= "\$api_scramble_key = '" . generateSecureKey(64) . "';\r\n\r\n"; $config_output .= "# Paths\r\n"; //Verify paths actually point to a useable binary $imagemagick_path = sslash(get_post('imagemagick_path')); $ghostscript_path = sslash(get_post('ghostscript_path')); $ffmpeg_path = sslash(get_post('ffmpeg_path')); $exiftool_path = sslash(get_post('exiftool_path')); $antiword_path = sslash(get_post('antiword_path')); $pdftotext_path = sslash(get_post('pdftotext_path')); if ($imagemagick_path != '') { if (stripos($imagemagick_path . '/convert' . $exe_ext, 'phar://') !== false) { exit($lang["setup-err_phar_injection"]); } if (!file_exists($imagemagick_path . '/convert' . $exe_ext)) { $errors['imagemagick_path'] = true; } else { $config_output .= "\$imagemagick_path = '$imagemagick_path';\r\n"; } } if ($ghostscript_path != '') { if (stripos($ghostscript_path . '/gs' . $exe_ext, 'phar://') !== false) { exit($lang["setup-err_phar_injection"]); } if (!file_exists($ghostscript_path . '/gs' . $exe_ext)) { $errors['ghostscript_path'] = true; } else { $config_output .= "\$ghostscript_path = '$ghostscript_path';\r\n"; } } if ($ffmpeg_path != '') { if ( stripos($ffmpeg_path . '/ffmpeg' . $exe_ext, 'phar://') !== false || stripos($ffmpeg_path . '/avconv' . $exe_ext, 'phar://') !== false ) { exit($lang["setup-err_phar_injection"]); } if ( !file_exists($ffmpeg_path . '/ffmpeg' . $exe_ext) && !file_exists($ffmpeg_path . '/avconv' . $exe_ext) ) { $errors['ffmpeg_path'] = true; } else { $config_output .= "\$ffmpeg_path = '$ffmpeg_path';\r\n"; } } if ($exiftool_path != '') { if (stripos($exiftool_path . '/exiftool' . $exe_ext, 'phar://') !== false) { exit($lang["setup-err_phar_injection"]); } if (!file_exists($exiftool_path . '/exiftool' . $exe_ext)) { $errors['exiftool_path'] = true; } else { $config_output .= "\$exiftool_path = '$exiftool_path';\r\n"; } } if ($antiword_path != '') { if (stripos($antiword_path . '/antiword' . $exe_ext, 'phar://') !== false) { exit($lang["setup-err_phar_injection"]); } if (!file_exists($antiword_path . '/antiword' . $exe_ext)) { $errors['antiword_path'] = true; } else { $config_output .= "\$antiword_path = '$antiword_path';\r\n"; } } if ($pdftotext_path != '') { if (stripos($pdftotext_path . '/pdftotext' . $exe_ext, 'phar://') !== false) { exit($lang["setup-err_phar_injection"]); } if (!file_exists($pdftotext_path . '/pdftotext' . $exe_ext)) { $errors['pdftotext_path'] = true; } else { $config_output .= "\$pdftotext_path = '$pdftotext_path';\r\n\r\n"; } } if (isset($_REQUEST['applicationname'])) { $applicationname = get_post('applicationname'); $config_output .= "\$applicationname = '$applicationname';\r\n"; } if ($config_windows) { $config_output .= "\$config_windows = true;\r\n"; } if ($defaultlanguage != 'en') { $config_output .= "\$defaultlanguage = '$defaultlanguage';\r\n"; } $storagedir = __DIR__."/../filestore"; $configstoragelocations = false; $use_smtp=get_post('use_smtp'); if($use_smtp) { $smtp_secure= get_post('smtp_secure'); $smtp_host= get_post('smtp_host'); $smtp_port= get_post('smtp_port'); $smtp_auth= get_post('smtp_auth'); $smtp_username= get_post('smtp_username'); $smtp_password= get_post('smtp_password'); $config_output .= "#SMTP settings\r\n"; $config_output .= "\$use_smtp = true;\r\n"; $config_output .= "\$use_phpmailer = true;\r\n"; $config_output .= "\$smtp_secure = '$smtp_secure';\r\n"; $config_output .= "\$smtp_host = '$smtp_host';\r\n"; $config_output .= "\$smtp_port = $smtp_port;\r\n"; if($smtp_auth) { $config_output .= "\$smtp_auth = true;\r\n"; $config_output .= "\$smtp_username = '$smtp_username';\r\n"; $config_output .= "\$smtp_password = '$smtp_password';\r\n"; } $config_output .= " \r\n"; } // Scramble slideshow folder path $homeanim_folder_name = "slideshow"; if(isset($scramble_key) && $scramble_key != "") { $nonce = generateSecureKey(24); $homeanim_folder_hash = substr(md5("{$nonce}_slideshow_{$scramble_key}"), 0, 15); $homeanim_folder_name = "slideshow_{$homeanim_folder_hash}"; $homeanim_folder = "filestore/system/{$homeanim_folder_name}"; $config_output .= "\$homeanim_folder = '{$homeanim_folder}';\r\n"; } # Append defaults for new systems. $config_output.=file_get_contents(__DIR__ . "/../include/config.new_installs.php"); } ?> isDot() || !$file->isFile()) { continue; } $found_files[] = $file->getFilename(); } // Sort ASC the files before inserting into database natsort($found_files); $found_files = array_values($found_files); foreach($found_files as $index => $file) { // New installs have login_background enabled $login_show = 0; if($index == 0) { $login_show = 1; } $filename = pathinfo($file, PATHINFO_FILENAME); $new_slideshow_image = set_slideshow($filename, 1, 0, $login_show); $from_file = "{$homeanim_folder_path}/{$file}"; $to_file = "{$to_folder}/{$file}"; if(!(file_exists($from_file) && copy($from_file, $to_file))) { trigger_error("Unable to copy image from '{$from_file}' to '{$to_file}' for slideshow #{$new_slideshow_image}"); } } if($google_vision_enable) { $google_vision_api_key= getval('google_vision_key',''); // Activate and get default config activate_plugin("google_vision"); $plugin_config = get_plugin_config("google_vision"); $plugin_config["google_vision_api_key"] = $google_vision_api_key; set_plugin_config("google_vision",$plugin_config); } // Create user // Set a password $password_hash = rs_password_hash("RS{$admin_username}{$admin_password}"); // Existing user? $user_count = ps_value("SELECT count(*) value FROM user WHERE username = ?", array("s", $admin_username), 0); if(0 == $user_count) { // No existing matching user. Insert. // Note: First user should always be part of Super Admin, hence user group is set to 3 $sql_query = "INSERT INTO user (username, password, fullname, email, usergroup) VALUES (?, ?, ?, ?, 3)"; $sql_query_params = array("s", $admin_username, "s", $password_hash, "s", $admin_fullname, "s", $admin_email); } else { // Existing user found. Update password. This is a useful mechanism for regaining access when a system is being set up again. $sql_query = "UPDATE user set password = ? where username = ?"; $sql_query_params = array("s", $password_hash, "s", $admin_username); } // Perform the insert / update ps_query($sql_query, $sql_query_params); ?>

' : ''; ?>

' : ' ') . "(" . escape($result) . ")"; ?>

':' ') . "(" . escape($result) . ")"; ?>

' : ' ') . "(" . escape($result) . ")"; ?>

' : ' ') . "(" . escape($result) . ")"; ?>

' : ' ') . "(" . escape($result) . ")"; ?>

' : ' ') . "(" . escape($result) . ")"; ?>

':' ') . "(" . escape($result) . ")"; ?>

: $text){ echo "$text"; } ?> "/>

.yaml file. $plugin_yaml = get_plugin_yaml($file, false); if(isset($plugin_yaml["category"]) && $plugin_yaml["category"]=="structural" && isset($plugin_yaml["info_url"]) && isset($plugin_yaml["setup_desc"]) && isset($plugin_yaml["name"]) ) { foreach ($plugin_yaml as $key=>$value) { $plugins_avail[$file][$key] = $value ; } } # Include all plugin language files $langpath = $plugins_dir . $file . "/languages/"; if (file_exists($langpath . "en.php")) { include $langpath . "en.php"; } if ($defaultlanguage != "en") { if ( substr($defaultlanguage, 2, 1) == '-' && substr($defaultlanguage, 0, 2) != 'en' && file_exists($langpath . safe_file_name(substr($defaultlanguage, 0, 2)) . ".php") ) { include $langpath . safe_file_name(substr($defaultlanguage, 0, 2)) . ".php"; } if (file_exists($langpath . safe_file_name($defaultlanguage) . ".php")) { include $langpath . safe_file_name($defaultlanguage) . ".php"; } } } } closedir($dirh); if(!empty($plugins_avail)) { ksort ($plugins_avail); ?>

" name="structureplugin" value="" /> "> " >

*?

" data-connection_mode="read_write"/> * ?

" data-connection_mode="read_write"/> ?

" data-connection_mode="read_only"> ?

" data-connection_mode="read_only"> ?

?

?

?

*?

*

*?

>

*?

*?

'convert'.

'gs'.

'ffmpeg'.

'exiftool'.

'AntiWord'.

'pdftotext'.

/> ?

?

?

?

?

?

?

/> ?

"/>