aboutsummaryrefslogtreecommitdiff
path: root/install/ElggInstaller.php
diff options
context:
space:
mode:
Diffstat (limited to 'install/ElggInstaller.php')
-rw-r--r--install/ElggInstaller.php1565
1 files changed, 1565 insertions, 0 deletions
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
new file mode 100644
index 000000000..775bbf5b6
--- /dev/null
+++ b/install/ElggInstaller.php
@@ -0,0 +1,1565 @@
+<?php
+
+/**
+ * Elgg Installer.
+ * Controller for installing Elgg. Supports both web-based on CLI installation.
+ *
+ * This controller steps the user through the install process. The method for
+ * each step handles both the GET and POST requests. There is no XSS/CSRF protection
+ * on the POST processing since the installer is only run once by the administrator.
+ *
+ * The installation process can be resumed by hitting the first page. The installer
+ * will try to figure out where to pick up again.
+ *
+ * All the logic for the installation process is in this class, but it depends on
+ * the core libraries. To do this, we selectively load a subset of the core libraries
+ * for the first few steps and then load the entire engine once the database and
+ * site settings are configured. In addition, this controller does its own session
+ * handling until the database is setup.
+ *
+ * There is an aborted attempt in the code at creating the data directory for
+ * users as a subdirectory of Elgg's root. The idea was to protect this directory
+ * through a .htaccess file. The problem is that a malicious user can upload a
+ * .htaccess of his own that overrides the protection for his user directory. The
+ * best solution is server level configuration that turns off AllowOverride for the
+ * data directory. See ticket #3453 for discussion on this.
+ *
+ * @package Elgg.Core
+ * @subpackage Installer
+ */
+class ElggInstaller {
+
+ protected $steps = array(
+ 'welcome',
+ 'requirements',
+ 'database',
+ 'settings',
+ 'admin',
+ 'complete',
+ );
+
+ protected $status = array(
+ 'config' => FALSE,
+ 'database' => FALSE,
+ 'settings' => FALSE,
+ 'admin' => FALSE,
+ );
+
+ protected $isAction = FALSE;
+
+ protected $autoLogin = TRUE;
+
+ /**
+ * Constructor bootstraps the Elgg engine
+ */
+ public function __construct() {
+ // load ElggRewriteTester as we depend on it
+ require_once(dirname(__FILE__) . "/ElggRewriteTester.php");
+
+ $this->isAction = $_SERVER['REQUEST_METHOD'] === 'POST';
+
+ $this->bootstrapConfig();
+
+ $this->bootstrapEngine();
+
+ elgg_set_viewtype('installation');
+
+ set_error_handler('_elgg_php_error_handler');
+ set_exception_handler('_elgg_php_exception_handler');
+
+ register_translations(dirname(__FILE__) . '/languages/', TRUE);
+ }
+
+ /**
+ * Dispatches a request to one of the step controllers
+ *
+ * @param string $step The installation step to run
+ *
+ * @return void
+ */
+ public function run($step) {
+
+ // check if this is a URL rewrite test coming in
+ $this->processRewriteTest();
+
+ if (!in_array($step, $this->getSteps())) {
+ $msg = elgg_echo('InstallationException:UnknownStep', array($step));
+ throw new InstallationException($msg);
+ }
+
+ $this->setInstallStatus();
+
+ $this->checkInstallCompletion($step);
+
+ // check if this is an install being resumed
+ $this->resumeInstall($step);
+
+ $this->finishBootstraping($step);
+
+ $params = $this->getPostVariables();
+ $this->$step($params);
+ }
+
+ /**
+ * Set the auto login flag
+ *
+ * @param bool $flag Auto login
+ *
+ * @return void
+ */
+ public function setAutoLogin(bool $flag) {
+ $this->autoLogin = $value;
+ }
+
+ /**
+ * A batch install of Elgg
+ *
+ * All required parameters must be passed in as an associative array. See
+ * $requiredParams for a list of them. This creates the necessary files,
+ * loads the database, configures the site settings, and creates the admin
+ * account. If it fails, an exception is thrown. It does not check any of
+ * the requirements as the multiple step web installer does.
+ *
+ * If the settings.php file exists, it will use that rather than the parameters
+ * passed to this function.
+ *
+ * @param array $params Array of key value pairs
+ * @param bool $createHtaccess Should .htaccess be created
+ *
+ * @return void
+ * @throws InstallationException
+ */
+ public function batchInstall(array $params, $createHtaccess = FALSE) {
+ global $CONFIG;
+
+ restore_error_handler();
+ restore_exception_handler();
+
+ $defaults = array(
+ 'dbhost' => 'localhost',
+ 'dbprefix' => 'elgg_',
+ 'path' => $CONFIG->path,
+ 'language' => 'en',
+ 'siteaccess' => ACCESS_PUBLIC,
+ );
+ $params = array_merge($defaults, $params);
+
+ $requiredParams = array(
+ 'dbuser',
+ 'dbpassword',
+ 'dbname',
+ 'sitename',
+ 'wwwroot',
+ 'dataroot',
+ 'displayname',
+ 'email',
+ 'username',
+ 'password',
+ );
+ foreach ($requiredParams as $key) {
+ if (empty($params[$key])) {
+ $msg = elgg_echo('install:error:requiredfield', array($key));
+ throw new InstallationException($msg);
+ }
+ }
+
+ // password is passed in once
+ $params['password1'] = $params['password2'] = $params['password'];
+
+ if ($createHtaccess) {
+ $rewriteTester = new ElggRewriteTester();
+ if (!$rewriteTester->createHtaccess($CONFIG->path)) {
+ throw new InstallationException(elgg_echo('install:error:htaccess'));
+ }
+ }
+
+ $this->setInstallStatus();
+
+ if (!$this->status['config']) {
+ if (!$this->createSettingsFile($params)) {
+ throw new InstallationException(elgg_echo('install:error:settings'));
+ }
+ }
+
+ if (!$this->connectToDatabase()) {
+ throw new InstallationException(elgg_echo('install:error:databasesettings'));
+ }
+
+ if (!$this->status['database']) {
+ if (!$this->installDatabase()) {
+ throw new InstallationException(elgg_echo('install:error:cannotloadtables'));
+ }
+ }
+
+ // load remaining core libraries
+ $this->finishBootstraping('settings');
+
+ if (!$this->saveSiteSettings($params)) {
+ throw new InstallationException(elgg_echo('install:error:savesitesettings'));
+ }
+
+ if (!$this->createAdminAccount($params)) {
+ throw new InstallationException(elgg_echo('install:admin:cannot_create'));
+ }
+ }
+
+ /**
+ * Renders the data passed by a controller
+ *
+ * @param string $step The current step
+ * @param array $vars Array of vars to pass to the view
+ *
+ * @return void
+ */
+ protected function render($step, $vars = array()) {
+
+ $vars['next_step'] = $this->getNextStep($step);
+
+ $title = elgg_echo("install:$step");
+ $body = elgg_view("install/pages/$step", $vars);
+ echo elgg_view_page(
+ $title,
+ $body,
+ 'default',
+ array(
+ 'step' => $step,
+ 'steps' => $this->getSteps(),
+ )
+ );
+ exit;
+ }
+
+ /**
+ * Step controllers
+ */
+
+ /**
+ * Welcome controller
+ *
+ * @param array $vars Not used
+ *
+ * @return void
+ */
+ protected function welcome($vars) {
+ $this->render('welcome');
+ }
+
+ /**
+ * Requirements controller
+ *
+ * Checks version of php, libraries, permissions, and rewrite rules
+ *
+ * @param array $vars Vars
+ *
+ * @return void
+ */
+ protected function requirements($vars) {
+
+ $report = array();
+
+ // check PHP parameters and libraries
+ $this->checkPHP($report);
+
+ // check URL rewriting
+ $this->checkRewriteRules($report);
+
+ // check for existence of settings file
+ if ($this->checkSettingsFile($report) != TRUE) {
+ // no file, so check permissions on engine directory
+ $this->checkEngineDir($report);
+ }
+
+ // check the database later
+ $report['database'] = array(array(
+ 'severity' => 'info',
+ 'message' => elgg_echo('install:check:database')
+ ));
+
+ // any failures?
+ $numFailures = $this->countNumConditions($report, 'failure');
+
+ // any warnings
+ $numWarnings = $this->countNumConditions($report, 'warning');
+
+
+ $params = array(
+ 'report' => $report,
+ 'num_failures' => $numFailures,
+ 'num_warnings' => $numWarnings,
+ );
+
+ $this->render('requirements', $params);
+ }
+
+ /**
+ * Database set up controller
+ *
+ * Creates the settings.php file and creates the database tables
+ *
+ * @param array $submissionVars Submitted form variables
+ *
+ * @return void
+ */
+ protected function database($submissionVars) {
+
+ $formVars = array(
+ 'dbuser' => array(
+ 'type' => 'text',
+ 'value' => '',
+ 'required' => TRUE,
+ ),
+ 'dbpassword' => array(
+ 'type' => 'password',
+ 'value' => '',
+ 'required' => FALSE,
+ ),
+ 'dbname' => array(
+ 'type' => 'text',
+ 'value' => '',
+ 'required' => TRUE,
+ ),
+ 'dbhost' => array(
+ 'type' => 'text',
+ 'value' => 'localhost',
+ 'required' => TRUE,
+ ),
+ 'dbprefix' => array(
+ 'type' => 'text',
+ 'value' => 'elgg_',
+ 'required' => TRUE,
+ ),
+ );
+
+ if ($this->checkSettingsFile()) {
+ // user manually created settings file so we fake out action test
+ $this->isAction = TRUE;
+ }
+
+ if ($this->isAction) {
+ do {
+ // only create settings file if it doesn't exist
+ if (!$this->checkSettingsFile()) {
+ if (!$this->validateDatabaseVars($submissionVars, $formVars)) {
+ // error so we break out of action and serve same page
+ break;
+ }
+
+ if (!$this->createSettingsFile($submissionVars)) {
+ break;
+ }
+ }
+
+ // check db version and connect
+ if (!$this->connectToDatabase()) {
+ break;
+ }
+
+ if (!$this->installDatabase()) {
+ break;
+ }
+
+ system_message(elgg_echo('install:success:database'));
+
+ $this->continueToNextStep('database');
+ } while (FALSE); // PHP doesn't support breaking out of if statements
+ }
+
+ $formVars = $this->makeFormSticky($formVars, $submissionVars);
+
+ $params = array('variables' => $formVars,);
+
+ if ($this->checkSettingsFile()) {
+ // settings file exists and we're here so failed to create database
+ $params['failure'] = TRUE;
+ }
+
+ $this->render('database', $params);
+ }
+
+ /**
+ * Site settings controller
+ *
+ * Sets the site name, URL, data directory, etc.
+ *
+ * @param array $submissionVars Submitted vars
+ *
+ * @return void
+ */
+ protected function settings($submissionVars) {
+ global $CONFIG;
+
+ $formVars = array(
+ 'sitename' => array(
+ 'type' => 'text',
+ 'value' => 'My New Community',
+ 'required' => TRUE,
+ ),
+ 'siteemail' => array(
+ 'type' => 'text',
+ 'value' => '',
+ 'required' => FALSE,
+ ),
+ 'wwwroot' => array(
+ 'type' => 'text',
+ 'value' => elgg_get_site_url(),
+ 'required' => TRUE,
+ ),
+ 'path' => array(
+ 'type' => 'text',
+ 'value' => $CONFIG->path,
+ 'required' => TRUE,
+ ),
+ 'dataroot' => array(
+ 'type' => 'text',
+ 'value' => '',
+ 'required' => TRUE,
+ ),
+ 'siteaccess' => array(
+ 'type' => 'access',
+ 'value' => ACCESS_PUBLIC,
+ 'required' => TRUE,
+ ),
+ );
+
+ // if Apache, we give user option of having Elgg create data directory
+ //if (ElggRewriteTester::guessWebServer() == 'apache') {
+ // $formVars['dataroot']['type'] = 'combo';
+ // $CONFIG->translations['en']['install:settings:help:dataroot'] =
+ // $CONFIG->translations['en']['install:settings:help:dataroot:apache'];
+ //}
+
+ if ($this->isAction) {
+ do {
+ //if (!$this->createDataDirectory($submissionVars, $formVars)) {
+ // break;
+ //}
+
+ if (!$this->validateSettingsVars($submissionVars, $formVars)) {
+ break;
+ }
+
+ if (!$this->saveSiteSettings($submissionVars)) {
+ break;
+ }
+
+ system_message(elgg_echo('install:success:settings'));
+
+ $this->continueToNextStep('settings');
+
+ } while (FALSE); // PHP doesn't support breaking out of if statements
+ }
+
+ $formVars = $this->makeFormSticky($formVars, $submissionVars);
+
+ $this->render('settings', array('variables' => $formVars));
+ }
+
+ /**
+ * Admin account controller
+ *
+ * Creates an admin user account
+ *
+ * @param array $submissionVars Submitted vars
+ *
+ * @return void
+ */
+ protected function admin($submissionVars) {
+ $formVars = array(
+ 'displayname' => array(
+ 'type' => 'text',
+ 'value' => '',
+ 'required' => TRUE,
+ ),
+ 'email' => array(
+ 'type' => 'text',
+ 'value' => '',
+ 'required' => TRUE,
+ ),
+ 'username' => array(
+ 'type' => 'text',
+ 'value' => '',
+ 'required' => TRUE,
+ ),
+ 'password1' => array(
+ 'type' => 'password',
+ 'value' => '',
+ 'required' => TRUE,
+ ),
+ 'password2' => array(
+ 'type' => 'password',
+ 'value' => '',
+ 'required' => TRUE,
+ ),
+ );
+
+ if ($this->isAction) {
+ do {
+ if (!$this->validateAdminVars($submissionVars, $formVars)) {
+ break;
+ }
+
+ if (!$this->createAdminAccount($submissionVars, $this->autoLogin)) {
+ break;
+ }
+
+ system_message(elgg_echo('install:success:admin'));
+
+ $this->continueToNextStep('admin');
+
+ } while (FALSE); // PHP doesn't support breaking out of if statements
+ }
+
+ // bit of a hack to get the password help to show right number of characters
+ global $CONFIG;
+ $lang = get_current_language();
+ $CONFIG->translations[$lang]['install:admin:help:password1'] =
+ sprintf($CONFIG->translations[$lang]['install:admin:help:password1'],
+ $CONFIG->min_password_length);
+
+ $formVars = $this->makeFormSticky($formVars, $submissionVars);
+
+ $this->render('admin', array('variables' => $formVars));
+ }
+
+ /**
+ * Controller for last step
+ *
+ * @return void
+ */
+ protected function complete() {
+
+ $params = array();
+ if ($this->autoLogin) {
+ $params['destination'] = 'admin';
+ } else {
+ $params['destination'] = 'index.php';
+ }
+
+ $this->render('complete', $params);
+ }
+
+ /**
+ * Step management
+ */
+
+ /**
+ * Get an array of steps
+ *
+ * @return array
+ */
+ protected function getSteps() {
+ return $this->steps;
+ }
+
+ /**
+ * Forwards the browser to the next step
+ *
+ * @param string $currentStep Current installation step
+ *
+ * @return void
+ */
+ protected function continueToNextStep($currentStep) {
+ $this->isAction = FALSE;
+ forward($this->getNextStepUrl($currentStep));
+ }
+
+ /**
+ * Get the next step as a string
+ *
+ * @param string $currentStep Current installation step
+ *
+ * @return string
+ */
+ protected function getNextStep($currentStep) {
+ $index = 1 + array_search($currentStep, $this->steps);
+ if (isset($this->steps[$index])) {
+ return $this->steps[$index];
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Get the URL of the next step
+ *
+ * @param string $currentStep Current installation step
+ *
+ * @return string
+ */
+ protected function getNextStepUrl($currentStep) {
+ global $CONFIG;
+ $nextStep = $this->getNextStep($currentStep);
+ return elgg_get_site_url() . "install.php?step=$nextStep";
+ }
+
+ /**
+ * Check the different install steps for completion
+ *
+ * @return void
+ */
+ protected function setInstallStatus() {
+ global $CONFIG;
+
+ if (!is_readable("{$CONFIG->path}engine/settings.php")) {
+ return;
+ }
+
+ $this->loadSettingsFile();
+
+ $this->status['config'] = TRUE;
+
+ // must be able to connect to database to jump install steps
+ $dbSettingsPass = $this->checkDatabaseSettings(
+ $CONFIG->dbuser,
+ $CONFIG->dbpass,
+ $CONFIG->dbname,
+ $CONFIG->dbhost
+ );
+ if ($dbSettingsPass == FALSE) {
+ return;
+ }
+
+ if (!include_once("{$CONFIG->path}engine/lib/database.php")) {
+ $msg = elgg_echo('InstallationException:MissingLibrary', array('database.php'));
+ throw new InstallationException($msg);
+ }
+
+ // check that the config table has been created
+ $query = "show tables";
+ $result = get_data($query);
+ if ($result) {
+ foreach ($result as $table) {
+ $table = (array) $table;
+ if (in_array("{$CONFIG->dbprefix}config", $table)) {
+ $this->status['database'] = TRUE;
+ }
+ }
+ if ($this->status['database'] == FALSE) {
+ return;
+ }
+ } else {
+ // no tables
+ return;
+ }
+
+ // check that the config table has entries
+ $query = "SELECT COUNT(*) AS total FROM {$CONFIG->dbprefix}config";
+ $result = get_data($query);
+ if ($result && $result[0]->total > 0) {
+ $this->status['settings'] = TRUE;
+ } else {
+ return;
+ }
+
+ // check that the users entity table has an entry
+ $query = "SELECT COUNT(*) AS total FROM {$CONFIG->dbprefix}users_entity";
+ $result = get_data($query);
+ if ($result && $result[0]->total > 0) {
+ $this->status['admin'] = TRUE;
+ } else {
+ return;
+ }
+ }
+
+ /**
+ * Security check to ensure the installer cannot be run after installation
+ * has finished. If this is detected, the viewer is sent to the front page.
+ *
+ * @param string $step Installation step to check against
+ *
+ * @return void
+ */
+ protected function checkInstallCompletion($step) {
+ if ($step != 'complete') {
+ if (!in_array(FALSE, $this->status)) {
+ // install complete but someone is trying to view an install page
+ forward();
+ }
+ }
+ }
+
+ /**
+ * Check if this is a case of a install being resumed and figure
+ * out where to continue from. Returns the best guess on the step.
+ *
+ * @param string $step Installation step to resume from
+ *
+ * @return string
+ */
+ protected function resumeInstall($step) {
+ global $CONFIG;
+
+ // only do a resume from the first step
+ if ($step !== 'welcome') {
+ return;
+ }
+
+ if ($this->status['database'] == FALSE) {
+ return;
+ }
+
+ if ($this->status['settings'] == FALSE) {
+ forward("install.php?step=settings");
+ }
+
+ if ($this->status['admin'] == FALSE) {
+ forward("install.php?step=admin");
+ }
+
+ // everything appears to be set up
+ forward("install.php?step=complete");
+ }
+
+ /**
+ * Bootstraping
+ */
+
+ /**
+ * Load the essential libraries of the engine
+ *
+ * @return void
+ */
+ protected function bootstrapEngine() {
+ global $CONFIG;
+
+ $lib_dir = $CONFIG->path . 'engine/lib/';
+
+ // bootstrapping with required files in a required order
+ $required_files = array(
+ 'elgglib.php', 'views.php', 'access.php', 'system_log.php', 'export.php',
+ 'configuration.php', 'sessions.php', 'languages.php', 'pageowner.php',
+ 'input.php', 'cache.php', 'output.php',
+ );
+
+ foreach ($required_files as $file) {
+ $path = $lib_dir . $file;
+ if (!include($path)) {
+ echo "Could not load file '$path'. "
+ . 'Please check your Elgg installation for all required files.';
+ exit;
+ }
+ }
+ }
+
+ /**
+ * Load remaining engine libraries and complete bootstraping (see start.php)
+ *
+ * @param string $step Which step to boot strap for. Required because
+ * boot strapping is different until the DB is populated.
+ *
+ * @return void
+ */
+ protected function finishBootstraping($step) {
+
+ $dbIndex = array_search('database', $this->getSteps());
+ $settingsIndex = array_search('settings', $this->getSteps());
+ $adminIndex = array_search('admin', $this->getSteps());
+ $completeIndex = array_search('complete', $this->getSteps());
+ $stepIndex = array_search($step, $this->getSteps());
+
+ // To log in the user, we need to use the Elgg core session handling.
+ // Otherwise, use default php session handling
+ $useElggSession = ($stepIndex == $adminIndex && $this->isAction) ||
+ $stepIndex == $completeIndex;
+ if (!$useElggSession) {
+ session_name('Elgg_install');
+ session_start();
+ elgg_unregister_event_handler('boot', 'system', 'session_init');
+ }
+
+ if ($stepIndex > $dbIndex) {
+ // once the database has been created, load rest of engine
+ global $CONFIG;
+ $lib_dir = $CONFIG->path . 'engine/lib/';
+
+ $this->loadSettingsFile();
+
+ $lib_files = array(
+ // these want to be loaded first apparently?
+ 'database.php', 'actions.php',
+
+ 'admin.php', 'annotations.php',
+ 'calendar.php', 'cron.php', 'entities.php',
+ 'extender.php', 'filestore.php', 'group.php',
+ 'location.php', 'mb_wrapper.php',
+ 'memcache.php', 'metadata.php', 'metastrings.php',
+ 'navigation.php', 'notification.php',
+ 'objects.php', 'opendd.php', 'pagehandler.php',
+ 'pam.php', 'plugins.php',
+ 'private_settings.php', 'relationships.php', 'river.php',
+ 'sites.php', 'statistics.php', 'tags.php', 'user_settings.php',
+ 'users.php', 'upgrade.php', 'web_services.php',
+ 'widgets.php', 'xml.php', 'xml-rpc.php',
+ 'deprecated-1.7.php', 'deprecated-1.8.php',
+ );
+
+ foreach ($lib_files as $file) {
+ $path = $lib_dir . $file;
+ if (!include_once($path)) {
+ $msg = elgg_echo('InstallationException:MissingLibrary', array($file));
+ throw new InstallationException($msg);
+ }
+ }
+
+ setup_db_connections();
+ register_translations(dirname(dirname(__FILE__)) . "/languages/");
+
+ if ($stepIndex > $settingsIndex) {
+ $CONFIG->site_guid = (int) datalist_get('default_site');
+ $CONFIG->site_id = $CONFIG->site_guid;
+ $CONFIG->site = get_entity($CONFIG->site_guid);
+ $CONFIG->dataroot = datalist_get('dataroot');
+ _elgg_session_boot(NULL, NULL, NULL);
+ }
+
+ elgg_trigger_event('init', 'system');
+ }
+ }
+
+ /**
+ * Set up configuration variables
+ *
+ * @return void
+ */
+ protected function bootstrapConfig() {
+ global $CONFIG;
+ if (!isset($CONFIG)) {
+ $CONFIG = new stdClass;
+ }
+
+ $CONFIG->wwwroot = $this->getBaseUrl();
+ $CONFIG->url = $CONFIG->wwwroot;
+ $CONFIG->path = dirname(dirname(__FILE__)) . '/';
+ $CONFIG->viewpath = $CONFIG->path . 'views/';
+ $CONFIG->pluginspath = $CONFIG->path . 'mod/';
+ $CONFIG->context = array();
+ $CONFIG->entity_types = array('group', 'object', 'site', 'user');
+ }
+
+ /**
+ * Get the best guess at the base URL
+ *
+ * @note Cannot use current_page_url() because it depends on $CONFIG->wwwroot
+ * @todo Should this be a core function?
+ *
+ * @return string
+ */
+ protected function getBaseUrl() {
+ $protocol = 'http';
+ if (!empty($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
+ $protocol = 'https';
+ }
+ $port = ':' . $_SERVER["SERVER_PORT"];
+ if ($port == ':80' || $port == ':443') {
+ $port = '';
+ }
+ $uri = $_SERVER['REQUEST_URI'];
+ $cutoff = strpos($uri, 'install.php');
+ $uri = substr($uri, 0, $cutoff);
+
+ $url = "$protocol://{$_SERVER['SERVER_NAME']}$port{$uri}";
+ return $url;
+ }
+
+ /**
+ * Load settings.php
+ *
+ * @return void
+ * @throws InstallationException
+ */
+ protected function loadSettingsFile() {
+ global $CONFIG;
+
+ if (!include_once("{$CONFIG->path}engine/settings.php")) {
+ $msg = elgg_echo('InstallationException:CannotLoadSettings');
+ throw new InstallationException($msg);
+ }
+ }
+
+ /**
+ * Action handling methods
+ */
+
+ /**
+ * Return an associative array of post variables
+ * (could be selective based on expected variables)
+ *
+ * Does not filter as person installing the site should not be attempting
+ * XSS attacks. If filtering is added, it should not be done for passwords.
+ *
+ * @return array
+ */
+ protected function getPostVariables() {
+ $vars = array();
+ foreach ($_POST as $k => $v) {
+ $vars[$k] = $v;
+ }
+ return $vars;
+ }
+
+ /**
+ * If form is reshown, remember previously submitted variables
+ *
+ * @param array $formVars Vars int he form
+ * @param array $submissionVars Submitted vars
+ *
+ * @return array
+ */
+ protected function makeFormSticky($formVars, $submissionVars) {
+ foreach ($submissionVars as $field => $value) {
+ $formVars[$field]['value'] = $value;
+ }
+ return $formVars;
+ }
+
+ /**
+ * Requirement checks support methods
+ */
+
+ /**
+ * Check that the engine dir is writable
+ *
+ * @param array &$report The requirements report object
+ *
+ * @return bool
+ */
+ protected function checkEngineDir(&$report) {
+ global $CONFIG;
+
+ $writable = is_writable("{$CONFIG->path}engine");
+ if (!$writable) {
+ $report['settings'] = array(
+ array(
+ 'severity' => 'failure',
+ 'message' => elgg_echo('install:check:enginedir'),
+ )
+ );
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+ /**
+ * Check that the settings file exists
+ *
+ * @param array &$report The requirements report array
+ *
+ * @return bool
+ */
+ protected function checkSettingsFile(&$report = array()) {
+ global $CONFIG;
+
+ if (!file_exists("{$CONFIG->path}engine/settings.php")) {
+ return FALSE;
+ }
+
+ if (!is_readable("{$CONFIG->path}engine/settings.php")) {
+ $report['settings'] = array(
+ array(
+ 'severity' => 'failure',
+ 'message' => elgg_echo('install:check:readsettings'),
+ )
+ );
+ }
+
+ return TRUE;
+ }
+
+ /**
+ * Check version of PHP, extensions, and variables
+ *
+ * @param array &$report The requirements report array
+ *
+ * @return void
+ */
+ protected function checkPHP(&$report) {
+ $phpReport = array();
+
+ $elgg_php_version = '5.2.0';
+ if (version_compare(PHP_VERSION, $elgg_php_version, '<')) {
+ $phpReport[] = array(
+ 'severity' => 'failure',
+ 'message' => elgg_echo('install:check:php:version', array($elgg_php_version, PHP_VERSION))
+ );
+ }
+
+ $this->checkPhpExtensions($phpReport);
+
+ $this->checkPhpDirectives($phpReport);
+
+ if (count($phpReport) == 0) {
+ $phpReport[] = array(
+ 'severity' => 'pass',
+ 'message' => elgg_echo('install:check:php:success')
+ );
+ }
+
+ $report['php'] = $phpReport;
+ }
+
+ /**
+ * Check the server's PHP extensions
+ *
+ * @param array &$phpReport The PHP requirements report array
+ *
+ * @return void
+ */
+ protected function checkPhpExtensions(&$phpReport) {
+ $extensions = get_loaded_extensions();
+ $requiredExtensions = array(
+ 'mysql',
+ 'json',
+ 'xml',
+ 'gd',
+ );
+ foreach ($requiredExtensions as $extension) {
+ if (!in_array($extension, $extensions)) {
+ $phpReport[] = array(
+ 'severity' => 'failure',
+ 'message' => elgg_echo('install:check:php:extension', array($extension))
+ );
+ }
+ }
+
+ $recommendedExtensions = array(
+ 'mbstring',
+ );
+ foreach ($recommendedExtensions as $extension) {
+ if (!in_array($extension, $extensions)) {
+ $phpReport[] = array(
+ 'severity' => 'warning',
+ 'message' => elgg_echo('install:check:php:extension:recommend', array($extension))
+ );
+ }
+ }
+ }
+
+ /**
+ * Check PHP parameters
+ *
+ * @param array &$phpReport The PHP requirements report array
+ *
+ * @return void
+ */
+ protected function checkPhpDirectives(&$phpReport) {
+ if (ini_get('open_basedir')) {
+ $phpReport[] = array(
+ 'severity' => 'warning',
+ 'message' => elgg_echo("install:check:php:open_basedir")
+ );
+ }
+
+ if (ini_get('safe_mode')) {
+ $phpReport[] = array(
+ 'severity' => 'warning',
+ 'message' => elgg_echo("install:check:php:safe_mode")
+ );
+ }
+
+ if (ini_get('arg_separator.output') !== '&') {
+ $separator = htmlspecialchars(ini_get('arg_separator.output'));
+ $msg = elgg_echo("install:check:php:arg_separator", array($separator));
+ $phpReport[] = array(
+ 'severity' => 'failure',
+ 'message' => $msg,
+ );
+ }
+
+ if (ini_get('register_globals')) {
+ $phpReport[] = array(
+ 'severity' => 'failure',
+ 'message' => elgg_echo("install:check:php:register_globals")
+ );
+ }
+
+ if (ini_get('session.auto_start')) {
+ $phpReport[] = array(
+ 'severity' => 'failure',
+ 'message' => elgg_echo("install:check:php:session.auto_start")
+ );
+ }
+ }
+
+ /**
+ * Confirm that the rewrite rules are firing
+ *
+ * @param array &$report The requirements report array
+ *
+ * @return void
+ */
+ protected function checkRewriteRules(&$report) {
+ global $CONFIG;
+
+ $tester = new ElggRewriteTester();
+ $url = elgg_get_site_url() . "rewrite.php";
+ $report['rewrite'] = array($tester->run($url, $CONFIG->path));
+ }
+
+ /**
+ * Check if the request is coming from the URL rewrite test on the
+ * requirements page.
+ *
+ * @return void
+ */
+ protected function processRewriteTest() {
+ if (strpos($_SERVER['REQUEST_URI'], 'rewrite.php') !== FALSE) {
+ echo 'success';
+ exit;
+ }
+ }
+
+ /**
+ * Count the number of failures in the requirements report
+ *
+ * @param array $report The requirements report array
+ * @param string $condition 'failure' or 'warning'
+ *
+ * @return int
+ */
+ protected function countNumConditions($report, $condition) {
+ $count = 0;
+ foreach ($report as $category => $checks) {
+ foreach ($checks as $check) {
+ if ($check['severity'] === $condition) {
+ $count++;
+ }
+ }
+ }
+
+ return $count;
+ }
+
+
+ /**
+ * Database support methods
+ */
+
+ /**
+ * Validate the variables for the database step
+ *
+ * @param array $submissionVars Submitted vars
+ * @param array $formVars Vars in the form
+ *
+ * @return bool
+ */
+ protected function validateDatabaseVars($submissionVars, $formVars) {
+
+ foreach ($formVars as $field => $info) {
+ if ($info['required'] == TRUE && !$submissionVars[$field]) {
+ $name = elgg_echo("install:database:label:$field");
+ register_error("$name is required");
+ return FALSE;
+ }
+ }
+
+ return $this->checkDatabaseSettings(
+ $submissionVars['dbuser'],
+ $submissionVars['dbpassword'],
+ $submissionVars['dbname'],
+ $submissionVars['dbhost']
+ );
+ }
+
+ /**
+ * Confirm the settings for the database
+ *
+ * @param string $user Username
+ * @param string $password Password
+ * @param string $dbname Database name
+ * @param string $host Host
+ *
+ * @return bool
+ */
+ protected function checkDatabaseSettings($user, $password, $dbname, $host) {
+ $mysql_dblink = mysql_connect($host, $user, $password, true);
+ if ($mysql_dblink == FALSE) {
+ register_error(elgg_echo('install:error:databasesettings'));
+ return $FALSE;
+ }
+
+ $result = mysql_select_db($dbname, $mysql_dblink);
+
+ // check MySQL version - must be 5.0 or >
+ $required_version = 5.0;
+ $version = mysql_get_server_info();
+ $points = explode('.', $version);
+ if ($points[0] < $required_version) {
+ register_error(elgg_echo('install:error:oldmysql', array($version)));
+ return FALSE;
+ }
+
+ mysql_close($mysql_dblink);
+
+ if (!$result) {
+ register_error(elgg_echo('install:error:nodatabase', array($dbname)));
+ }
+
+ return $result;
+ }
+
+ /**
+ * Writes the settings file to the engine directory
+ *
+ * @param array $params Array of inputted params from the user
+ *
+ * @return bool
+ */
+ protected function createSettingsFile($params) {
+ global $CONFIG;
+
+ $templateFile = "{$CONFIG->path}engine/settings.example.php";
+ $template = file_get_contents($templateFile);
+ if (!$template) {
+ register_error(elgg_echo('install:error:readsettingsphp'));
+ return FALSE;
+ }
+
+ foreach ($params as $k => $v) {
+ $template = str_replace("{{" . $k . "}}", $v, $template);
+ }
+
+ $settingsFilename = "{$CONFIG->path}engine/settings.php";
+ $result = file_put_contents($settingsFilename, $template);
+ if (!$result) {
+ register_error(elgg_echo('install:error:writesettingphp'));
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+ /**
+ * Bootstrap database connection before entire engine is available
+ *
+ * @return bool
+ */
+ protected function connectToDatabase() {
+ global $CONFIG;
+
+ if (!include_once("{$CONFIG->path}engine/settings.php")) {
+ register_error(elgg_echo('InstallationException:CannotLoadSettings'));
+ return FALSE;
+ }
+
+ if (!include_once("{$CONFIG->path}engine/lib/database.php")) {
+ $msg = elgg_echo('InstallationException:MissingLibrary', array('database.php'));
+ register_error($msg);
+ return FALSE;
+ }
+
+ try {
+ setup_db_connections();
+ } catch (Exception $e) {
+ register_error($e->getMessage());
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+ /**
+ * Create the database tables
+ *
+ * @return bool
+ */
+ protected function installDatabase() {
+ global $CONFIG;
+
+ try {
+ run_sql_script("{$CONFIG->path}engine/schema/mysql.sql");
+ } catch (Exception $e) {
+ $msg = $e->getMessage();
+ if (strpos($msg, 'already exists')) {
+ $msg = elgg_echo('install:error:tables_exist');
+ }
+ register_error($msg);
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+ /**
+ * Site settings support methods
+ */
+
+ /**
+ * Create the data directory if requested
+ *
+ * @param array $submissionVars Submitted vars
+ * @param array $formVars Variables in the form
+ * @return bool
+ */
+ protected function createDataDirectory(&$submissionVars, $formVars) {
+ // did the user have option of Elgg creating the data directory
+ if ($formVars['dataroot']['type'] != 'combo') {
+ return TRUE;
+ }
+
+ // did the user select the option
+ if ($submissionVars['dataroot'] != 'dataroot-checkbox') {
+ return TRUE;
+ }
+
+ $dir = sanitise_filepath($submissionVars['path']) . 'data';
+ if (file_exists($dir) || mkdir($dir, 0700)) {
+ $submissionVars['dataroot'] = $dir;
+ if (!file_exists("$dir/.htaccess")) {
+ $htaccess = "Order Deny,Allow\nDeny from All\n";
+ if (!file_put_contents("$dir/.htaccess", $htaccess)) {
+ return FALSE;
+ }
+ }
+ return TRUE;
+ }
+
+ return FALSE;
+ }
+
+ /**
+ * Validate the site settings form variables
+ *
+ * @param array $submissionVars Submitted vars
+ * @param array $formVars Vars in the form
+ *
+ * @return bool
+ */
+ protected function validateSettingsVars($submissionVars, $formVars) {
+ global $CONFIG;
+
+ foreach ($formVars as $field => $info) {
+ $submissionVars[$field] = trim($submissionVars[$field]);
+ if ($info['required'] == TRUE && $submissionVars[$field] === '') {
+ $name = elgg_echo("install:settings:label:$field");
+ register_error(elgg_echo('install:error:requiredfield', array($name)));
+ return FALSE;
+ }
+ }
+
+ // check that data root is absolute path
+ if (stripos(PHP_OS, 'win') === 0) {
+ if (strpos($submissionVars['dataroot'], ':') !== 1) {
+ $msg = elgg_echo('install:error:relative_path', array($submissionVars['dataroot']));
+ register_error($msg);
+ return FALSE;
+ }
+ } else {
+ if (strpos($submissionVars['dataroot'], '/') !== 0) {
+ $msg = elgg_echo('install:error:relative_path', array($submissionVars['dataroot']));
+ register_error($msg);
+ return FALSE;
+ }
+ }
+
+ // check that data root exists
+ if (!file_exists($submissionVars['dataroot'])) {
+ $msg = elgg_echo('install:error:datadirectoryexists', array($submissionVars['dataroot']));
+ register_error($msg);
+ return FALSE;
+ }
+
+ // check that data root is writable
+ if (!is_writable($submissionVars['dataroot'])) {
+ $msg = elgg_echo('install:error:writedatadirectory', array($submissionVars['dataroot']));
+ register_error($msg);
+ return FALSE;
+ }
+
+ if (!isset($CONFIG->data_dir_override) || !$CONFIG->data_dir_override) {
+ // check that data root is not subdirectory of Elgg root
+ if (stripos($submissionVars['dataroot'], $submissionVars['path']) === 0) {
+ $msg = elgg_echo('install:error:locationdatadirectory', array($submissionVars['dataroot']));
+ register_error($msg);
+ return FALSE;
+ }
+ }
+
+ // check that email address is email address
+ if ($submissionVars['siteemail'] && !is_email_address($submissionVars['siteemail'])) {
+ $msg = elgg_echo('install:error:emailaddress', array($submissionVars['siteemail']));
+ register_error($msg);
+ return FALSE;
+ }
+
+ // @todo check that url is a url
+ // @note filter_var cannot be used because it doesn't work on international urls
+
+ return TRUE;
+ }
+
+ /**
+ * Initialize the site including site entity, plugins, and configuration
+ *
+ * @param array $submissionVars Submitted vars
+ *
+ * @return bool
+ */
+ protected function saveSiteSettings($submissionVars) {
+ global $CONFIG;
+
+ // ensure that file path, data path, and www root end in /
+ $submissionVars['path'] = sanitise_filepath($submissionVars['path']);
+ $submissionVars['dataroot'] = sanitise_filepath($submissionVars['dataroot']);
+ $submissionVars['wwwroot'] = sanitise_filepath($submissionVars['wwwroot']);
+
+ $site = new ElggSite();
+ $site->name = $submissionVars['sitename'];
+ $site->url = $submissionVars['wwwroot'];
+ $site->access_id = ACCESS_PUBLIC;
+ $site->email = $submissionVars['siteemail'];
+ $guid = $site->save();
+
+ if (!$guid) {
+ register_error(elgg_echo('install:error:createsite'));
+ return FALSE;
+ }
+
+ // bootstrap site info
+ $CONFIG->site_guid = $guid;
+ $CONFIG->site = $site;
+
+ datalist_set('installed', time());
+ datalist_set('path', $submissionVars['path']);
+ datalist_set('dataroot', $submissionVars['dataroot']);
+ datalist_set('default_site', $site->getGUID());
+ datalist_set('version', get_version());
+ datalist_set('simplecache_enabled', 1);
+ datalist_set('system_cache_enabled', 1);
+
+ // new installations have run all the upgrades
+ $upgrades = elgg_get_upgrade_files($submissionVars['path'] . 'engine/lib/upgrades/');
+ datalist_set('processed_upgrades', serialize($upgrades));
+
+ set_config('view', 'default', $site->getGUID());
+ set_config('language', 'en', $site->getGUID());
+ set_config('default_access', $submissionVars['siteaccess'], $site->getGUID());
+ set_config('allow_registration', TRUE, $site->getGUID());
+ set_config('walled_garden', FALSE, $site->getGUID());
+ set_config('allow_user_default_access', '', $site->getGUID());
+
+ $this->enablePlugins();
+
+ return TRUE;
+ }
+
+ /**
+ * Enable a set of default plugins
+ *
+ * @return void
+ */
+ protected function enablePlugins() {
+ elgg_generate_plugin_entities();
+ $plugins = elgg_get_plugins('any');
+ foreach ($plugins as $plugin) {
+ if ($plugin->getManifest()) {
+ if ($plugin->getManifest()->getActivateOnInstall()) {
+ $plugin->activate();
+ }
+ }
+ }
+ }
+
+ /**
+ * Admin account support methods
+ */
+
+ /**
+ * Validate account form variables
+ *
+ * @param array $submissionVars Submitted vars
+ * @param array $formVars Form vars
+ *
+ * @return bool
+ */
+ protected function validateAdminVars($submissionVars, $formVars) {
+
+ foreach ($formVars as $field => $info) {
+ if ($info['required'] == TRUE && !$submissionVars[$field]) {
+ $name = elgg_echo("install:admin:label:$field");
+ register_error(elgg_echo('install:error:requiredfield', array($name)));
+ return FALSE;
+ }
+ }
+
+ if ($submissionVars['password1'] !== $submissionVars['password2']) {
+ register_error(elgg_echo('install:admin:password:mismatch'));
+ return FALSE;
+ }
+
+ if (trim($submissionVars['password1']) == "") {
+ register_error(elgg_echo('install:admin:password:empty'));
+ return FALSE;
+ }
+
+ $minLength = get_config('min_password_length');
+ if (strlen($submissionVars['password1']) < $minLength) {
+ register_error(elgg_echo('install:admin:password:tooshort'));
+ return FALSE;
+ }
+
+ // check that email address is email address
+ if ($submissionVars['email'] && !is_email_address($submissionVars['email'])) {
+ $msg = elgg_echo('install:error:emailaddress', array($submissionVars['email']));
+ register_error($msg);
+ return FALSE;
+ }
+
+ return TRUE;
+ }
+
+ /**
+ * Create a user account for the admin
+ *
+ * @param array $submissionVars Submitted vars
+ * @param bool $login Login in the admin user?
+ *
+ * @return bool
+ */
+ protected function createAdminAccount($submissionVars, $login = FALSE) {
+ global $CONFIG;
+
+ try {
+ $guid = register_user(
+ $submissionVars['username'],
+ $submissionVars['password1'],
+ $submissionVars['displayname'],
+ $submissionVars['email']
+ );
+ } catch (Exception $e) {
+ register_error($e->getMessage());
+ return false;
+ }
+
+ if (!$guid) {
+ register_error(elgg_echo('install:admin:cannot_create'));
+ return false;
+ }
+
+ $user = get_entity($guid);
+ if (!$user) {
+ register_error(elgg_echo('install:error:loadadmin'));
+ return false;
+ }
+
+ elgg_set_ignore_access(TRUE);
+ if ($user->makeAdmin() == FALSE) {
+ register_error(elgg_echo('install:error:adminaccess'));
+ } else {
+ datalist_set('admin_registered', 1);
+ }
+ elgg_set_ignore_access(false);
+
+ // add validation data to satisfy user validation plugins
+ create_metadata($guid, 'validated', TRUE, '', 0, ACCESS_PUBLIC);
+ create_metadata($guid, 'validated_method', 'admin_user', '', 0, ACCESS_PUBLIC);
+
+ if ($login) {
+ if (login($user) == FALSE) {
+ register_error(elgg_echo('install:error:adminlogin'));
+ }
+ }
+
+ return TRUE;
+ }
+}