Refs #3453 an implementation of creating the data directory. This capability is turned off due to security concerns.

git-svn-id: http://code.elgg.org/elgg/trunk@9088 36083f99-b078-4883-b0ff-0f9b5a30f544

12 files changed, 168 insertions, 134 deletions

diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
index 6b8b8d747..1a8edf1ae 100644
--- a/install/ElggInstaller.php
+++ b/install/ElggInstaller.php
@@ -2,7 +2,27 @@
 
 /**
  * Elgg Installer.
- * Controller for installing Elgg.
+ * Controller for installing Elgg. Supports both web-based on CLI installation.
+ *
+ * This controller steps the user through the install process. The method for
+ * each step handles both the GET and POST requests. There is no XSS/CSRF protection
+ * on the POST processing since the installer is only run once by the administrator.
+ *
+ * The installation process can be resumed by hitting the first page. The installer
+ * will try to figure out where to pick up again.
+ *
+ * All the logic for the installation process is in this class, but it depends on
+ * the core libraries. To do this, we selectively load a subset of the core libraries
+ * for the first few steps and then load the entire engine once the database and
+ * site settings are configured. In addition, this controller does its own session
+ * handling until the database is setup.
+ *
+ * There is an aborted attempt in the code at creating the data directory for
+ * users as a subdirectory of Elgg's root. The idea was to protect this directory
+ * through a .htaccess file. The problem is that a malicious user can upload a
+ * .htaccess of his own that overrides the protection for his user directory. The
+ * best solution is server level configuration that turns off AllowOverride for the
+ * data directory. See ticket #3453 for discussion on this.
  *
  * @package    Elgg.Core
  * @subpackage Installer
@@ -32,6 +52,9 @@ class ElggInstaller {
 	 * Constructor bootstraps the Elgg engine
 	 */
 	public function __construct() {
+		// load ElggRewriteTester as we depend on it
+		require_once(dirname(__FILE__) . "/ElggRewriteTester.php");
+
 		$this->isAction = $_SERVER['REQUEST_METHOD'] === 'POST';
 
 		$this->bootstrapConfig();
@@ -140,7 +163,6 @@ class ElggInstaller {
 		$params['password1'] = $params['password2'] = $params['password'];
 
 		if ($createHtaccess) {
-			require_once(dirname(__FILE__) . "/ElggRewriteTester.php");
 			$rewriteTester = new ElggRewriteTester();
 			if (!$rewriteTester->createHtaccess($CONFIG->path)) {
 				throw new InstallationException(elgg_echo('install:error:htaccess'));
@@ -355,7 +377,6 @@ class ElggInstaller {
 	protected function settings($submissionVars) {
 		global $CONFIG;
 
-		$languages = get_installed_translations();
 		$formVars = array(
 			'sitename' => array(
 				'type' => 'text',
@@ -389,8 +410,19 @@ class ElggInstaller {
 				),
 		);
 
+		// if Apache, we give user option of having Elgg create data directory
+		//if (ElggRewriteTester::guessWebServer() == 'apache') {
+		//	$formVars['dataroot']['type'] = 'combo';
+		//	$CONFIG->translations['en']['install:settings:help:dataroot'] =
+		//			$CONFIG->translations['en']['install:settings:help:dataroot:apache'];
+		//}
+
 		if ($this->isAction) {
 			do {
+				//if (!$this->createDataDirectory($submissionVars, $formVars)) {
+				//	break;
+				//}
+
 				if (!$this->validateSettingsVars($submissionVars, $formVars)) {
 					break;
 				}
@@ -709,6 +741,11 @@ class ElggInstaller {
 			session_name('Elgg');
 			session_start();
 			elgg_unregister_event_handler('boot', 'system', 'session_init');
+		} else if ($stepIndex == ($settingsIndex + 1)) {
+			// now using Elgg session handling so need to pass forward the system messages
+			session_name('Elgg');
+			session_start();
+			$messages = $_SESSION['msg'];
 		}
 
 		if ($stepIndex > $dbIndex) {
@@ -751,6 +788,11 @@ class ElggInstaller {
 
 			elgg_trigger_event('boot', 'system');
 			elgg_trigger_event('init', 'system');
+
+			// @hack finish the process of pushing system messages into new session
+			if ($stepIndex == ($settingsIndex + 1)) {
+				$_SESSION['msg'] = $messages;
+			}
 		}
 	}
 
@@ -1025,8 +1067,6 @@ class ElggInstaller {
 	protected function checkRewriteRules(&$report) {
 		global $CONFIG;
 
-		require_once(dirname(__FILE__) . "/ElggRewriteTester.php");
-
 		$tester = new ElggRewriteTester();
 		$url = elgg_get_site_url() . "rewrite.php";
 		$report['rewrite'] = array($tester->run($url, $CONFIG->path));
@@ -1221,6 +1261,39 @@ class ElggInstaller {
 	 */
 
 	/**
+	 * Create the data directory if requested
+	 *
+	 * @param array $submissionVars Submitted vars
+	 * @param array $formVars       Variables in the form
+	 * @return bool
+	 */
+	protected function createDataDirectory(&$submissionVars, $formVars) {
+		// did the user have option of Elgg creating the data directory
+		if ($formVars['dataroot']['type'] != 'combo') {
+			return TRUE;
+		}
+
+		// did the user select the option
+		if ($submissionVars['dataroot'] != 'dataroot-checkbox') {
+			return TRUE;
+		}
+
+		$dir = sanitise_filepath($submissionVars['path']) . 'data';
+		if (file_exists($dir) || mkdir($dir, 0700)) {
+			$submissionVars['dataroot'] = $dir;
+			if (!file_exists("$dir/.htaccess")) {
+				$htaccess = "Order Deny,Allow\nDeny from All\n";
+				if (!file_put_contents("$dir/.htaccess", $htaccess)) {
+					return FALSE;
+				}
+			}
+			return TRUE;
+		}
+
+		return FALSE;
+	}
+
+	/**
 	 * Validate the site settings form variables
 	 *
 	 * @param array $submissionVars Submitted vars
@@ -1239,7 +1312,7 @@ class ElggInstaller {
 			}
 		}
 
-		// check that data root is writable
+		// check that data root exists
 		if (!file_exists($submissionVars['dataroot'])) {
 			$msg = elgg_echo('install:error:datadirectoryexists', array($submissionVars['dataroot']));
 			register_error($msg);
diff --git a/install/ElggRewriteTester.php b/install/ElggRewriteTester.php
index c8a503cb8..c01510f60 100644
--- a/install/ElggRewriteTester.php
+++ b/install/ElggRewriteTester.php
@@ -30,7 +30,7 @@ class ElggRewriteTester {
 	 */
 	public function run($url, $path) {
 
-		$this->guessWebServer();
+		$this->webserver = ElggRewriteTester::guessWebServer();
 
 		$this->rewriteTestPassed = $this->runRewriteTest($url);
 
@@ -48,17 +48,17 @@ class ElggRewriteTester {
 	/**
 	 * Guess the web server from $_SERVER['SERVER_SOFTWARE']
 	 *
-	 * @return void
+	 * @return string
 	 */
-	protected function guessWebServer() {
+	public static function guessWebServer() {
 		$serverString = strtolower($_SERVER['SERVER_SOFTWARE']);
 		$possibleServers = array('apache', 'nginx', 'lighttpd', 'iis');
 		foreach ($possibleServers as $server) {
 			if (strpos($serverString, $server) !== FALSE) {
-				$this->webserver = $server;
-				return;
+				return $server;
 			}
 		}
+		return 'unknown';
 	}
 
 	/**
diff --git a/install/css/install.css b/install/css/install.css
index 7304127ce..25a8c865c 100644
--- a/install/css/install.css
+++ b/install/css/install.css
@@ -94,9 +94,9 @@ ul {
 	width: 250px;
 }
 .elgg-body {
-	overflow:hidden;
+	overflow: hidden;
 	min-height: 320px;
-	padding-bottom: 60px;
+	padding-bottom: 10px;
 	position: relative;
 }
 .elgg-page-footer {
@@ -149,11 +149,17 @@ h3 {
 	margin: 15px 0 5px;
 }
 
+form > div {
+	margin-bottom: 15px;
+}
 label {
 	font-weight: bold;
-	color:#333333;
+	color: #333333;
 	font-size: 140%;
 }
+.elgg-combo-label {
+	font-size: 120%;
+}
 input[type="text"],
 input[type="password"]  {
 	font: 120% Arial, Helvetica, sans-serif;
@@ -166,15 +172,7 @@ input[type="password"]  {
 .database-settings input[type="password"] {
 	width: 220px;
 }
-textarea {
-	width: 100%;
-	height: 100%;
-	font: 120% Arial, Helvetica, sans-serif;
-	border: solid 1px #cccccc;
-	padding: 5px;
-	color: #666666;
-}
-textarea:focus, input[type="password"]:focus, input[type="text"]:focus {
+input[type="password"]:focus, input[type="text"]:focus {
 	border: solid 1px #4690d6;
 	background: #e4ecf5;
 	color: #333333;
@@ -198,12 +196,10 @@ input[type="submit"] {
 	cursor: pointer;
 	float: right;
 }
-
 input[type="submit"]:hover {
 	background: #0054a7;
 	border: 4px solid #0054a7;
 }
-
 select {
 	display: block;
 	padding: 5px;
@@ -257,6 +253,11 @@ select {
 	background: #F7DAD8;
 }
 
+.elgg-state-warning {
+	border: 1px solid #ded0a9;
+	background: #FEF5AA;
+}
+
 .elgg-body li {
 	margin-top: 5px;
 	padding: 5px;
diff --git a/install/js/install.js b/install/js/install.js
index 8d36c8a65..49b2be10c 100644
--- a/install/js/install.js
+++ b/install/js/install.js
@@ -1,11 +1,21 @@
 
-// prevent double-submission of forms
 $(function() {
+	// prevent double-submission of forms
 	$('form').submit(function() {
-		if (this.data('submitted')) {
+		if ($(this).data('submitted')) {
 			return false;
 		}
-		this.data('submitted', true);
+		$(this).data('submitted', true);
 		return true;
 	});
+
+	// toggle the disable attribute of text box based on checkbox
+	$('.elgg-combo-checkbox').click(function() {
+		if ($(this).is(':checked')) {
+			$(this).prev().attr('disabled', true);
+			$(this).prev().val('');
+		} else {
+			$(this).prev().attr('disabled', false);
+		}
+	});
 });
diff --git a/install/languages/en.php b/install/languages/en.php
index 80716069d..6b1398db4 100644
--- a/install/languages/en.php
+++ b/install/languages/en.php
@@ -79,12 +79,14 @@ If you are ready to proceed, click the Next button.",
 	'install:settings:label:dataroot' => 'Data Directory',
 	'install:settings:label:language' => 'Site Language',
 	'install:settings:label:siteaccess' => 'Default Site Access',
+	'install:label:combo:dataroot' => 'Elgg creates data directory',
 
 	'install:settings:help:sitename' => 'The name of your new Elgg site',
 	'install:settings:help:siteemail' => 'Email address used by Elgg for communication with users',
 	'install:settings:help:wwwroot' => 'The address of the site (Elgg usually guesses this correctly)',
 	'install:settings:help:path' => 'The directory where you put the Elgg code (Elgg usually guesses this correctly)',
 	'install:settings:help:dataroot' => 'The directory that you created for Elgg to save files (the permissions on this directory are checked when you click Next)',
+	'install:settings:help:dataroot:apache' => 'You have the option of Elgg creating the data directory or entering the directory that you already created for storing user files (the permissions on this directory are checked when you click Next)',
 	'install:settings:help:language' => 'The default language for the site',
 	'install:settings:help:siteaccess' => 'The default access level for new user created content',
 
diff --git a/views/installation/forms/install/template.php b/views/installation/forms/install/template.php
index ea9a08a3d..385168fe4 100644
--- a/views/installation/forms/install/template.php
+++ b/views/installation/forms/install/template.php
@@ -15,11 +15,11 @@ foreach ($variables as $field => $params) {
 	$help = elgg_echo("install:$type:help:$field");
 	$params['name'] = $field;
 
-	$form_body .= '<p>';
+	$form_body .= '<div>';
 	$form_body .= "<label>$label</label>";
 	$form_body .= elgg_view("input/{$params['type']}", $params);
 	$form_body .= "<span class=\"install-help\">$help</span>";
-	$form_body .= '</p>';
+	$form_body .= '</div>';
 }
 
 $submit_params = array(
diff --git a/views/installation/input/checkbox.php b/views/installation/input/checkbox.php
index 898fe8458..378eae6fd 100644
--- a/views/installation/input/checkbox.php
+++ b/views/installation/input/checkbox.php
@@ -2,32 +2,29 @@
 /**
  * Elgg checkbox input
  * Displays a checkbox input tag
- * 
- * @package Elgg
- * @subpackage Core
  *
- *
- * Pass input tag attributes as key value pairs. For a list of allowable
- * attributes, see http://www.w3schools.com/tags/tag_input.asp
- * 
- * @uses mixed $vars['default'] The default value to submit if not checked.
- *                              Optional, defaults to 0. Set to false for no default.
+ * @uses $var['name']
+ * @uses $vars['value']
+ * @uses $vars['id']
+ * @uses $vars['class']
  */
 
-$defaults = array(
-	'class' => 'elgg-input-checkbox',
-	'default' => 0,
-);
-
-$vars = array_merge($defaults, $vars);
+if (isset($vars['id'])) {
+	$id = "id=\"{$vars['id']}\"";
+} else {
+	$id = '';
+}
 
-$default = $vars['default'];
-unset($vars['default']);
+if (isset($vars['class'])) {
+	$id = "class=\"{$vars['class']}\"";
+} else {
+	$id = '';
+}
 
-if (isset($vars['name']) && $default !== false) {
-	echo "<input type=\"hidden\" name=\"{$vars['name']}\" value=\"$default\"/>";
+if (!isset($vars['value'])) {
+	$vars['value'] = $vars['name'];
 }
 
 ?>
 
-<input type="checkbox" <?php echo elgg_format_attributes($vars); ?> />
\ No newline at end of file
+<input type="checkbox" <?php echo $id; ?> <?php echo $class; ?> name="<?php echo $vars['name']; ?>" value="<?php echo $vars['value']; ?>" />
\ No newline at end of file
diff --git a/views/installation/input/checkboxes.php b/views/installation/input/checkboxes.php
deleted file mode 100644
index 026ff04ba..000000000
--- a/views/installation/input/checkboxes.php
+++ /dev/null
@@ -1,64 +0,0 @@
-<?php
-/**
- * Elgg checkbox input
- * Displays a checkbox input field
- *
- *
- * @uses string $vars['name'] The name of the input fields
- *                                    (Forced to an array by appending [])
- * @uses array  $vars['options']      An array of strings representing the
- *                                    label => option for the each checkbox field
- * @uses string $vars['id']   The id for each input field. Optional.
- *                                    (Only use this with a single value.)
- * @uses string $vars['default']      The default value to send if nothing is checked.
- *                                    Optional, defaults to 0. Set to FALSE for no default.
- * @uses bool   $vars['disabled']     Make all input elements disabled. Optional.
- * @uses string $vars['value']        The current value. Optional.
- * @uses string $vars['class']        Additional class of the list. Optional.
- * @uses string $vars['align']       'horizontal' or 'vertical' Default: 'vertical'
- *
- */
-
-$additional_class = elgg_extract('class', $vars);
-$align = elgg_extract('align', $vars, 'vertical');
-$value = (isset($vars['value'])) ? $vars['value'] : NULL;
-$value_array = (is_array($value)) ? array_map('elgg_strtolower', $value) : array(elgg_strtolower($value));
-$name = (isset($vars['name'])) ? $vars['name'] : '';
-$options = (isset($vars['options']) && is_array($vars['options'])) ? $vars['options'] : array();
-$default = (isset($vars['default'])) ? $vars['default'] : 0;
-
-$id = (isset($vars['id'])) ? $vars['id'] : '';
-$disabled = (isset($vars['disabled'])) ? $vars['disabled'] : FALSE;
-
-$class = "elgg-input-checkboxes elgg-$align";
-if ($additional_class) {
-	$class = " $additional_class";
-}
-
-if ($options && count($options) > 0) {
-	// include a default value so if nothing is checked 0 will be passed.
-	if ($name && $default !== FALSE) {
-		echo "<input type=\"hidden\" name=\"$name\" value=\"$default\" />";
-	}
-
-	echo "<ul class=\"$class\">";
-	foreach ($options as $label => $option) {
-
-		$input_vars = array(
-			'checked' => in_array(elgg_strtolower($option), $value_array),
-			'value' => $option,
-			'disabled' => $disabled,
-			'id' => $id,
-			'default' => false,
-		);
-
-		if ($name) {
-			$input_vars['name'] = "{$name}[]";
-		}
-		
-		$input = elgg_view('input/checkbox', $input_vars);
-
-		echo "<li><label>{$input}{$label}</label></li>";
-	}
-	echo '</ul>';
-}
\ No newline at end of file
diff --git a/views/installation/input/combo.php b/views/installation/input/combo.php
new file mode 100644
index 000000000..508dbcd01
--- /dev/null
+++ b/views/installation/input/combo.php
@@ -0,0 +1,19 @@
+<?php
+/**
+ * Combination of text box and check box. When the checkbox is checked, the
+ * text field is cleared and disabled.
+ *
+ */
+
+$label = elgg_echo('install:label:combo:' . $vars['name']);
+
+$vars['class'] = "elgg-combo-text";
+echo elgg_view('input/text', $vars);
+
+$vars['class'] = "elgg-combo-checkbox";
+$vars['value'] = "{$vars['name']}-checkbox";
+echo elgg_view('input/checkbox', $vars);
+
+echo "<label class=\"elgg-combo-label\">$label</label>";
+
+echo '<div class="clearfloat"></div>';
\ No newline at end of file
diff --git a/views/installation/input/form.php b/views/installation/input/form.php
index d48d5fed8..f8730b4f5 100644
--- a/views/installation/input/form.php
+++ b/views/installation/input/form.php
@@ -10,12 +10,12 @@
  */
 
 if (isset($vars['id'])) {
-	$id = "id = \"{$vars['id']}\"";
+	$id = "id=\"{$vars['id']}\"";
 } else {
 	$id = '';
 }
 if (isset($vars['name'])) {
-	$name = "name = \"{$vars['name']}\"";
+	$name = "name=\"{$vars['name']}\"";
 } else {
 	$name = '';
 }
diff --git a/views/installation/input/hidden.php b/views/installation/input/hidden.php
deleted file mode 100644
index 139ff03d7..000000000
--- a/views/installation/input/hidden.php
+++ /dev/null
@@ -1,10 +0,0 @@
-<?php
-/**
- * Create a hidden data field
- *
- * @uses $vars['value'] The current value, if any
- * @uses $vars['name'] The name of the input field
- *
- */
-?>
-<input type="hidden" name="<?php echo $vars['name']; ?>" value="<?php echo htmlentities($vars['value'], ENT_QUOTES, 'UTF-8'); ?>" />
\ No newline at end of file
diff --git a/views/installation/input/text.php b/views/installation/input/text.php
index 2caf547b6..ec8233461 100644
--- a/views/installation/input/text.php
+++ b/views/installation/input/text.php
@@ -3,17 +3,23 @@
  * Elgg text input
  * Displays a text input field
  *
- *
  * @uses $vars['value'] The current value, if any
- * @uses $vars['name'] The name of the input field
- * @uses $vars['disabled'] If true then control is read-only
- * @uses $vars['class'] Class override
+ * @uses $vars['name']  The name of the input field
+ * @uses $vars['class'] CSS class
+ * @uses $vars['id']    CSS id
  */
 
-$class = $vars['class'];
-if (!$class) {
-	$class = "input-text";
+if (isset($vars['class'])) {
+	$class = "class=\"{$vars['class']}\"";
+} else {
+	$class = "";
+}
+
+if (isset($vars['id'])) {
+	$id = "id=\"{$vars['id']}\"";
+} else {
+	$id = '';
 }
 
 ?>
-<input type="text" <?php if ($vars['disabled']) echo ' disabled="yes" '; ?> name="<?php echo $vars['name']; ?>" value="<?php echo htmlentities($vars['value'], ENT_QUOTES, 'UTF-8'); ?>" class="<?php echo $class ?>"/>
\ No newline at end of file
+<input type="text" name="<?php echo $vars['name']; ?>" value="<?php echo htmlentities($vars['value'], ENT_QUOTES, 'UTF-8'); ?>" <?php echo $class; ?> <?php echo $id; ?>/>
\ No newline at end of file