BMLT Root Server
Functions | Variables
installer_ajax.php File Reference

Go to the source code of this file.

Functions

 dropEverything ($dbPrefix)
 
 make_initialization ($v, $comment= '')
 
 whitespace_warnings ()
 

Variables

 $report = ''
 
if(zlib_get_coding_type()===false) else
 

Function Documentation

dropEverything (   $dbPrefix)

Definition at line 33 of file installer_ajax.php.

References c_comdef_dbsingleton\preparedExec().

Referenced by whitespace_warnings().

34 {
35  $dropSql = str_replace('%%PREFIX%%', preg_replace('|[^a-z_\.\-A-Z0-9]|', '', $dbPrefix), file_get_contents(dirname(__FILE__).'/sql_files/dropEverything.sql'));
36  $value_array = array();
37  c_comdef_dbsingleton::preparedExec($dropSql, $value_array);
38 }
static preparedExec($sql, $params=array())
Wrapper for preparing and executing a PDOStatement that does not return a resultset e...
make_initialization (   $v,
  $comment = '' 
)

Definition at line 42 of file installer_ajax.php.

References $http_vars.

Referenced by whitespace_warnings().

43 {
44  global $http_vars;
45  $c = (empty($comment)) ? '' : ' // ' . $comment;
46  return '$' . $v . ' = \'' . addcslashes($http_vars[$v], '\'\\') . '\';' . $c;
47 }
global $http_vars
Definition: index.php:21
whitespace_warnings ( )

Definition at line 51 of file installer_ajax.php.

References $comdef_install_wizard_strings, $http_vars, $server, array2json(), c_comdef_dbsingleton\connect(), dropEverything(), FullCrypt(), c_comdef_dbsingleton\init(), make_initialization(), c_comdef_server\MakeServer(), c_comdef_dbsingleton\preparedExec(), c_comdef_dbsingleton\preparedQuery(), and sprintf().

52 {
54  $warn = '';
55  foreach ([['Database_Host', 'dbServer'], ['Table_Prefix', 'dbPrefix'], ['Database_Name', 'dbName'], ['Database_User', 'dbUser'], ['Database_PW', 'dbPassword']] as $pair) {
56  $value = $http_vars[$pair[1]];
57  if ($value != trim($value)) {
58  $field_name = str_replace(':', '', $comdef_install_wizard_strings[$pair[0]]);
59  $warn .= ' ' . sprintf($comdef_install_wizard_strings['Database_Whitespace_Note'], $field_name);
60  }
61  }
62  return $warn;
63 }
64 
65 // We do everything we can to ensure that the requested language file is loaded.
66 if (file_exists(dirname(__FILE__).'/../server_admin/lang/'.$lang.'/install_wizard_strings.php')) {
67  require_once(dirname(__FILE__).'/../server_admin/lang/'.$lang.'/install_wizard_strings.php');
68 } else {
69  $lang = 'en';
70  require_once(dirname(__FILE__).'/../server_admin/lang/en/install_wizard_strings.php');
71 }
72 
73 if (isset($http_vars['ajax_req']) && ($http_vars['ajax_req'] == 'initialize_server')
74  && isset($http_vars['dbName']) && $http_vars['dbName']
75  && isset($http_vars['dbUser']) && $http_vars['dbUser']
76  && isset($http_vars['dbPassword']) && $http_vars['dbPassword']
77  && isset($http_vars['dbType']) && $http_vars['dbType']
78  && isset($http_vars['dbServer']) && $http_vars['dbServer']
79  && isset($http_vars['dbPrefix']) && $http_vars['dbPrefix']
80  && isset($http_vars['admin_login']) && $http_vars['admin_login']
81  && isset($http_vars['admin_password']) && $http_vars['admin_password'] // This is cleartext, but that can't be helped. This is the only place in the installer where this happens.
82  ) {
83  $value_array = array();
84  $db_prefix = ($http_vars['dbType'] != 'mysql') ? $http_vars['dbName'].'.' : '';
85 
86  $sql[] = str_replace('%%PREFIX%%', preg_replace('|[^a-z_\.\-A-Z0-9]|', '', $db_prefix.$http_vars['dbPrefix']), file_get_contents(dirname(__FILE__).'/sql_files/initialMeetingsStructure.sql'));
87  $sql[] = str_replace('%%PREFIX%%', preg_replace('|[^a-z_\.\-A-Z0-9]|', '', $db_prefix.$http_vars['dbPrefix']), file_get_contents(dirname(__FILE__).'/sql_files/initialFormatsStructure.sql'));
88  $sql[] = str_replace('%%PREFIX%%', preg_replace('|[^a-z_\.\-A-Z0-9]|', '', $db_prefix.$http_vars['dbPrefix']), file_get_contents(dirname(__FILE__).'/sql_files/initialChangesStructure.sql'));
89  $sql[] = str_replace('%%PREFIX%%', preg_replace('|[^a-z_\.\-A-Z0-9]|', '', $db_prefix.$http_vars['dbPrefix']), file_get_contents(dirname(__FILE__).'/sql_files/initialServiceBodiesStructure.sql'));
90  $sql[] = str_replace('%%PREFIX%%', preg_replace('|[^a-z_\.\-A-Z0-9]|', '', $db_prefix.$http_vars['dbPrefix']), file_get_contents(dirname(__FILE__).'/sql_files/InitialUsersStructure.sql'));
91  $sql[] = str_replace('%%PREFIX%%', preg_replace('|[^a-z_\.\-A-Z0-9]|', '', $db_prefix.$http_vars['dbPrefix']), file_get_contents(dirname(__FILE__).'/sql_files/InitialMeetingsData.sql'));
92  $sql[] = str_replace('%%PREFIX%%', preg_replace('|[^a-z_\.\-A-Z0-9]|', '', $db_prefix.$http_vars['dbPrefix']), file_get_contents(dirname(__FILE__).'/sql_files/initialDbVersionStructure.sql'));
93  $sql[] = str_replace('%%PREFIX%%', preg_replace('|[^a-z_\.\-A-Z0-9]|', '', $db_prefix.$http_vars['dbPrefix']), file_get_contents(dirname(__FILE__).'/sql_files/initialDbVersionData.sql'));
94 
95  // Our SQL is now ready to be set to the server. We need to use PDO, as that is the abstraction mechanism used by the server.
96 
97  $response = array(
98  'dbStatus' => false,
99  'dbReport' => '',
100  'configStatus' => false,
101  'configReport' => '',
102  'importStatus' => false,
103  'importReport' => ''
104  );
105 
106  $nawsImport = null;
107  // If a NAWS import file is provided, instantiate the importer up front to discover
108  // any spreadsheet formatting/validation errors
109  if (!empty($_FILES) && isset($_FILES['thefile'])) {
110  require_once(__DIR__ . '/../server_admin/NAWSImport.php');
111 
112  try {
113  $nawsImport = new NAWSImport($_FILES['thefile']['tmp_name'], $http_vars['initialValueForPublished'] == 'TRUE');
114  } catch (Exception $e) {
115  $response['importReport'] = $e->getMessage();
116  echo array2json($response);
117  ob_end_flush();
118  die();
119  }
120  }
121 
122  // Initialize Database
123  try {
124  // We connect the PDO layer:
125  c_comdef_dbsingleton::init($http_vars['dbType'], $http_vars['dbServer'], $http_vars['dbName'], $http_vars['dbUser'], $http_vars['dbPassword']);
126 
127  try {
128  // First, we make sure that the database does not already exist. If so, we immediately fail, as we will not overwrite an existing database.
129  $result = c_comdef_dbsingleton::preparedQuery('SELECT * FROM '.$db_prefix.$http_vars['dbPrefix'].'_comdef_users WHERE 1', array());
130  $response['dbReport'] = $comdef_install_wizard_strings['AJAX_Handler_DB_Established_Error'];
131  echo array2json($response);
132  ob_end_flush();
133  die();
134  } catch (Exception $e2) {
135  $result = null;
136  }
137 
138  // Create schema
139  $value_array = array();
140  foreach ($sql as $sql_statement) {
141  c_comdef_dbsingleton::preparedExec($sql_statement, $value_array);
142  }
143 
144  // Create server admin
145  $serveradmin_name = $comdef_install_wizard_strings['ServerAdminName'];
146  $serveradmin_desc = $comdef_install_wizard_strings['ServerAdminDesc'];
147  $sql_serveradmin = str_replace('%%PREFIX%%', preg_replace('|[^a-z_\.\-A-Z0-9]|', '', $db_prefix.$http_vars['dbPrefix']), file_get_contents(dirname(__FILE__).'/sql_files/serverAdmin.sql'));
148  $salt = $http_vars['salt'];
149  $max_crypt = true;
150  $sql_array = array ( $serveradmin_name, $serveradmin_desc, $http_vars['admin_login'], FullCrypt($http_vars['admin_password'], $salt, $max_crypt), $lang );
151  c_comdef_dbsingleton::preparedExec($sql_serveradmin, $sql_array);
152 
153  // Create formats
154  // Formats are special. There are diacriticals that need to be escaped, so we make sure they get set into the values array.
155  foreach (glob(dirname(__FILE__).'/sql_files/InitialFormatsData-*.sql') as $filename) {
156  $sql_temp = str_replace('%%PREFIX%%', preg_replace('|[^a-z_\.\-A-Z0-9]|', '', $db_prefix.$http_vars['dbPrefix']), file_get_contents($filename));
157  $value_array = array();
158  $sql_temp = str_replace("\\'", "`", $sql_temp);
159  preg_match_all("|'(.*?)'|", $sql_temp, $value_array);
160  $value_array = $value_array[0];
161  for ($c = 0; $c < count($value_array); $c++) {
162  $value_array[$c] = preg_replace("|'(.*?)'|", "$1", $value_array[$c]);
163  $value_array[$c] = str_replace("`", "'", $value_array[$c]);
164  }
165  $sql_temp = preg_replace("|'.*?'|", "?", $sql_temp);
166  c_comdef_dbsingleton::preparedExec($sql_temp, $value_array);
167  }
168  $response['dbStatus'] = true;
169  } catch (Exception $e) {
170  $response['dbReport'] = $comdef_install_wizard_strings['AJAX_Handler_DB_Connect_Error'];
171  echo array2json($response);
172  ob_end_flush();
173  die();
174  }
175 
176  // Initialize Config File
177  $config_path = dirname(__FILE__) . '/../../../auto-config.inc.php';
178  if (file_exists($config_path)) {
179  // For security, if the file already exists, we will not try to write it. This is to
180  // prevent malicious actors from using this endpoint to write malicious code after the
181  // root server has been set up.
182  echo array2json($response);
183  ob_end_flush();
184  die();
185  }
186 
187  try {
188  $lines = [];
189  $lines[] = '<?php';
190  $lines[] = 'defined(\'BMLT_EXEC\') or die (\'Cannot Execute Directly\'); // Makes sure that this file is in the correct context.';
191  $lines[] = '';
192  $lines[] = '// These are the settings created by the installer wizard.';
193  $lines[] = '';
194  $lines[] = '// Database settings:';
195  $lines[] = make_initialization('dbType', 'This is the PHP PDO driver name for your database.');
196  $lines[] = make_initialization('dbName', 'This is the name of the database.');
197  $lines[] = make_initialization('dbUser', 'This is the SQL user that is authorized for the above database.');
198  $lines[] = make_initialization('dbPassword', 'This is the password for the above authorized user. Make it a big, ugly hairy one. It is powerful, and there is no need to remember it.');
199  $lines[] = make_initialization('dbServer', 'This is the host/server for accessing the database.');
200  $lines[] = make_initialization('dbPrefix', 'This is a table name prefix that can be used to differentiate tables used by different root server instances that share the same database.');
201  $lines[] = '';
202  $lines[] = '// Location and Map settings:';
203  $lines[] = make_initialization('region_bias', 'This is a 2-letter code for a \'region bias,\' which helps Google Maps to figure out ambiguous search queries.');
204  $lines[] = make_initialization('gkey', 'This is the Google Maps JavaScript API Key, necessary for using Google Maps.');
205  $lines[] = '$search_spec_map_center = array(\'longitude\' => ' . $http_vars['search_spec_map_center_longitude'] . ', \'latitude\' => ' . $http_vars['search_spec_map_center_latitude'] . ', \'zoom\' => ' . $http_vars['search_spec_map_center_zoom'] . ');';
206  $lines[] = make_initialization('comdef_distance_units');
207  $lines[] = '';
208  $lines[] = '// Display settings:';
209  $lines[] = make_initialization('bmlt_title');
210  $lines[] = make_initialization('banner_text');
211  $lines[] = '';
212  $lines[] = '// Miscellaneous settings:';
213  // the remaining statements to output settings aren't converted to use the make_initialization function since
214  // some of them are for non-string values (and none of them will ever involve strings containing single quotes)
215  $lines[] = '$comdef_global_language = \'' . $http_vars['comdef_global_language'] . '\'; // This is the 2-letter code for the default root server localization (will default to \'en\' -English, if the localization is not available).';
216  $lines[] = '$min_pw_len = ' . $http_vars['min_pw_len'] . '; // The minimum number of characters in a user account password for this root server.';
217  $lines[] = '$number_of_meetings_for_auto = ' . $http_vars['number_of_meetings_for_auto'] . '; // This is an approximation of the number of meetings to search for in the auto-search feature. The higher the number, the wider the radius.';
218  $lines[] = '$change_depth_for_meetings = ' . $http_vars['change_depth_for_meetings'] . '; // This is how many changes should be recorded for each meeting. The higher the number, the larger the database will grow, as this can become quite substantial.";';
219  $lines[] = '$default_duration_time = \'' . $http_vars['default_duration_time'] . '\'; // This is the default duration for meetings that have no duration specified.';
220  $lines[] = '$g_enable_language_selector = ' . $http_vars['g_enable_language_selector'] . '; // Set this to TRUE (or 1) to enable a popup on the login screen that allows the administrator to select their language.';
221  $lines[] = '$g_enable_semantic_admin = ' . $http_vars['g_enable_semantic_admin'] . '; // If this is TRUE (or 1), then Semantic Administration for this Server is enabled (Administrators can log in using apps).';
222  $lines[] = '$g_defaultClosedStatus = ' . $http_vars['g_defaultClosedStatus'] . '; // If this is FALSE (or 0), then the default (unspecified) Open/Closed format for meetings reported to NAWS is OPEN. Otherwise, it is CLOSED.';
223  $lines[] = '// These reflect the way that we handle contact emails.';
224  $lines[] = '$g_enable_email_contact = ' . $http_vars['g_enable_email_contact'] . '; // If this is TRUE (or 1), then this will enable the ability to contact meeting list contacts via a secure email form.';
225  $lines[] = '$include_service_body_admin_on_emails = ' . $http_vars['include_service_body_admin_on_emails'] . '; // If this is TRUE (or 1), then any emails sent using the meeting contact will include the Service Body Admin contact for the meeting Service body (ignored, if $g_enable_email_contact is FALSE).';
226  $lines[] = '$include_every_admin_on_emails = ' . $http_vars['include_every_admin_on_emails'] . '; // If this is TRUE (or 1), then any emails sent using the meeting contact will include all Service Body Admin contacts (including the Server Administrator) for the meeting (ignored, if $g_enable_email_contact or $include_service_body_admin_on_emails is FALSE).';
227  $lines[] = '';
228  $lines[] = '//The server languages are supported by default, the langs specified here add to them';
229  $lines[] = '$format_lang_names = array(';
230  $flnStr = $http_vars['format_lang_names'];
231  if (isset($flnStr) && $flnStr!='') {
232  $fln = json_decode($flnStr);
233  if (is_object($fln)) {
234  foreach ($fln as $key => $value) {
235  $lines[] = "'".$key."' => '".$value."',";
236  }
237  }
238  }
239  $lines[] = ');';
240  $lines[] = '// These are \'hard-coded,\' but can be changed later:';
241  $lines[] = '$time_format = \'' . $http_vars['time_format'] . '\'; // The PHP date() format for the times displayed.';
242  $lines[] = '$change_date_format = \'' . $http_vars['change_date_format'] . '\'; // The PHP date() format for times/dates displayed in the change records.';
243  $lines[] = '$admin_session_name = \'' . $http_vars['admin_session_name'] . '\'; // This is merely the \'tag\' used to identify the BMLT admin session.';
244  $lines[] = '';
245  if (!file_put_contents($config_path, implode("\n", $lines))) {
246  throw new Exception();
247  }
248  chmod($config_path, 0644);
249  $response['configStatus'] = true;
250  } catch (Exception $e) {
251  if (!is_null($nawsImport)) {
252  // If the user was attempting an import, just undo the whole installation when
253  // there is a failure to write the configuration file
254  dropEverything($http_vars['dbPrefix']);
255  }
256  echo array2json($response);
257  ob_end_flush();
258  die();
259  }
260 
261  // If a NAWS CSV is provided to prime the database, import it
262  if (!is_null($nawsImport)) {
263  require_once(__DIR__.'/../../server/c_comdef_server.class.php');
264  try {
266  $adminLogin = $http_vars['admin_login'];
267  $encryptedPassword = $server->GetEncryptedPW($http_vars['admin_login'], $http_vars['admin_password']);
268  $_SESSION[$http_vars['admin_session_name']] = "$adminLogin\t$encryptedPassword";
269  require_once(__DIR__.'/../server_admin/c_comdef_admin_ajax_handler.class.php');
270  $nawsImport->import();
271  $response['importStatus'] = true;
272  } catch (Exception $e) {
273  // Drop all the tables
274  dropEverything($http_vars['dbPrefix']);
275 
276  // Delete the config file
277  unlink($config_path);
278 
279  $response['importReport'] = $e->getMessage();
280  echo array2json($response);
281  ob_end_flush();
282  die();
283  }
284  } else {
285  $response['importStatus'] = true;
286  $response['importReport'] = 'No CSV was provided, so no meetings were imported.';
287  }
288 
289  echo array2json($response);
290 } elseif ((isset($http_vars['ajax_req']) && ($http_vars['ajax_req'] == 'test') || ($http_vars['ajax_req'] == 'test_comprehensive'))
291  && isset($http_vars['dbName']) && $http_vars['dbName']
292  && isset($http_vars['dbUser']) && $http_vars['dbUser']
293  && isset($http_vars['dbPassword']) && $http_vars['dbPassword']
294  && isset($http_vars['dbType']) && $http_vars['dbType']
295  && isset($http_vars['dbServer']) && $http_vars['dbServer']
296  && isset($http_vars['dbPrefix']) && $http_vars['dbPrefix']
297  ) {
298  try {
299  c_comdef_dbsingleton::init($http_vars['dbType'], $http_vars['dbServer'], $http_vars['dbName'], $http_vars['dbUser'], $http_vars['dbPassword']);
301 
302  try {
303  $db_prefix = ($http_vars['dbType'] != 'mysql') ? $http_vars['dbName'].'.' : '';
304  $result = c_comdef_dbsingleton::preparedQuery('SELECT * FROM '.$db_prefix.$http_vars['dbPrefix'].'_comdef_users WHERE 1', array());
305  if ($http_vars['ajax_req'] == 'test_comprehensive') {
306  echo "{'success':false, 'message':'" . str_replace("'", "\'", $comdef_install_wizard_strings['Database_TestButton_Fail2']) . whitespace_warnings() . "'}";
307  } else {
308  echo '0';
309  }
310  } catch (Exception $e2) {
311  if ($http_vars['ajax_req'] == 'test_comprehensive') {
312  echo "{'success':true, 'message':'" . str_replace("'", "\'", $comdef_install_wizard_strings['Database_TestButton_Success']) . whitespace_warnings() . "'}";
313  } else {
314  echo '1';
315  }
316  }
317  } catch (Exception $e) {
318  if ($http_vars['ajax_req'] == 'test_comprehensive') {
319  echo "{'success':false, 'message':'".str_replace("'", "\'", $comdef_install_wizard_strings['Database_TestButton_Fail'].$e->getMessage()) . whitespace_warnings() . "'}";
320  } else {
321  echo '-1';
322  }
323  }
324 } elseif (isset($http_vars['ajax_req']) && ($http_vars['ajax_req'] == 'test')) {
325  echo '-1';
326 } elseif (isset($http_vars['ajax_req']) && ($http_vars['ajax_req'] == 'initialize_server')) {
327  echo array2json(array ( 'dbStatus' => false, 'report' => $comdef_install_wizard_strings['AJAX_Handler_DB_Incomplete_Error'] ));
328 } else {
dropEverything($dbPrefix)
static preparedExec($sql, $params=array())
Wrapper for preparing and executing a PDOStatement that does not return a resultset e...
function sprintf()
Definition: installer.js:873
static preparedQuery($sql, $params=array(), $fetchKeyPair=false)
Wrapper for preparing and executing a PDOStatement that returns a resultset e.g. SELECT SQL statement...
FullCrypt($in_string, $in_salt=null, &$crypt_method=null)
Encrypts a string, using the most effective encryption.
global $comdef_install_wizard_strings
Definition: installer.php:32
make_initialization($v, $comment= '')
global $http_vars
Definition: index.php:21
$server
Definition: GetLangs.php:25
array2json($arr)
Encodes a given associative array into a JSON object string.
Definition: Array2Json.php:41
whitespace_warnings()
static MakeServer()
This is the factory for the server instantiation. It makes sure that only one instance exists...
static init($driver, $host, $database, $user=null, $password=null, $charset=null)
Initializes connection param class members.
static connect()
Create internal PDO object thus connecting to database using connection param class members (passed i...

Variable Documentation

$report = ''

Definition at line 18 of file installer_ajax.php.

if (isset($http_vars['ajax_req'])&&($http_vars['ajax_req']== 'initialize_server')&&isset($http_vars['dbName'])&&$http_vars['dbName']&&isset($http_vars['dbUser'])&&$http_vars['dbUser']&&isset($http_vars['dbPassword'])&&$http_vars['dbPassword']&&isset($http_vars['dbType'])&&$http_vars['dbType']&&isset($http_vars['dbServer'])&&$http_vars['dbServer']&&isset($http_vars['dbPrefix'])&&$http_vars['dbPrefix']&&isset($http_vars['admin_login'])&&$http_vars['admin_login']&&isset($http_vars['admin_password'])&&$http_vars['admin_password']) elseif ((isset($http_vars['ajax_req'])&&($http_vars['ajax_req']== 'test')||($http_vars['ajax_req']== 'test_comprehensive'))&&isset($http_vars['dbName'])&&$http_vars['dbName']&&isset($http_vars['dbUser'])&&$http_vars['dbUser']&&isset($http_vars['dbPassword'])&&$http_vars['dbPassword']&&isset($http_vars['dbType'])&&$http_vars['dbType']&&isset($http_vars['dbServer'])&&$http_vars['dbServer']&&isset($http_vars['dbPrefix'])&&$http_vars['dbPrefix']) elseif (isset($http_vars['ajax_req'])&&($http_vars['ajax_req']== 'test')) elseif (isset($http_vars['ajax_req'])&&($http_vars['ajax_req']== 'initialize_server')) else
Initial value:
{
ob_start()

Definition at line 24 of file installer_ajax.php.