mike/wishlist
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

new validation for setup, checks Smarty installation too.

Browse source
This commit is contained in:
Ryan Walberg 2012-11-27 16:13:52 +00:00
parent 2568ae4a6b
commit b9b3367865
1 changed files with 116 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

207
src/setup.php
View file

@ -13,17 +13,24 @@
// along with this program; if not, write to the Free Software // along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
include("config.php"); require_once(dirname(__FILE__) . "/includes/config.php");
include("db.php");
$query = "SELECT COUNT(*) AS user_count FROM {$OPT["table_prefix"]}users"; $opt = getGlobalOptions();
$rs = mysql_query($query) or die("Could not query: " . mysql_error());
$row = mysql_fetch_array($rs,MYSQL_ASSOC); function dbh($opt) {
$user_count = $row["user_count"]; return new PDO($opt["pdo_connection_string"], $opt["pdo_username"], $opt["pdo_password"]);
mysql_free_result($rs); }
if ($user_count != 0) {
echo "Database has already been set up."; $stmt = dbh($opt)->prepare("SELECT COUNT(*) AS user_count FROM {$opt["table_prefix"]}users");
exit; $stmt->execute();
if ($row = $stmt->fetch()) {
$user_count = $row["user_count"];
if (false && $user_count != 0) {
die("Database has already been set up.");
}
}
else {
die("Database has not been created.");
} }
if (isset($_POST["action"])) { if (isset($_POST["action"])) {
@ -33,93 +40,105 @@ if (isset($_POST["action"])) {
$pwd = $_POST["pwd"]; $pwd = $_POST["pwd"];
$email = $_POST["email"]; $email = $_POST["email"];
$familyname = $_POST["familyname"]; $familyname = $_POST["familyname"];
if (!get_magic_quotes_gpc()) {
$username = addslashes($username);
$fullname = addslashes($fullname);
$pwd = addslashes($pwd);
$email = addslashes($email);
$familyname = addslashes($familyname);
}
// 1. create the family. // 1. create the family.
$query = "INSERT INTO {$OPT["table_prefix"]}families(familyname) VALUES('$familyname')"; $stmt = dbh($opt)->prepare("INSERT INTO {$opt["table_prefix"]}families(familyname) VALUES(?)");
mysql_query($query) or die("Could not query: " . mysql_error()); $stmt->bindParam(1, $familyname, PDO::PARAM_STR);
$stmt->execute();
// 2. get the familyid. // 2. get the familyid.
$query = "SELECT familyid FROM {$OPT["table_prefix"]}families"; $stmt = dbh($opt)->prepare("SELECT MAX(familyid) AS familyid FROM {$opt["table_prefix"]}families");
$rs = mysql_query($query) or die("Could not query: " . mysql_error()); $stmt->execute();
$row = mysql_fetch_assoc($rs) or die("Could not query: " . mysql_error()); if ($row = $stmt->fetch()) {
$familyid = $row["familyid"]; $familyid = $row["familyid"];
mysql_free_result($rs); }
else die("No family was created.");
// 3. insert the user. // 3. insert the user.
$query = "INSERT INTO {$OPT["table_prefix"]}users(username,fullname,password,email,approved,admin,initialfamilyid) VALUES('$username','$fullname',{$OPT["password_hasher"]}('$pwd'),'$email',1,1,$familyid)"; $stmt = dbh($opt)->prepare("INSERT INTO {$opt["table_prefix"]}users(username,fullname,password,email,approved,admin,initialfamilyid) VALUES(?, ?, {$opt["password_hasher"]}(?), ?, 1, 1, ?)");
mysql_query($query) or die("Could not query: " . mysql_error()); $stmt->bindParam(1, $username, PDO::PARAM_STR);
$stmt->bindParam(2, $fullname, PDO::PARAM_STR);
$stmt->bindParam(3, $pwd, PDO::PARAM_STR);
$stmt->bindParam(4, $email, PDO::PARAM_STR);
$stmt->bindParam(5, $familyid, PDO::PARAM_INT);
$stmt->execute();
// 4. get the userid. // 4. get the userid.
$query = "SELECT userid FROM {$OPT["table_prefix"]}users"; $stmt = dbh($opt)->prepare("SELECT MAX(userid) AS userid FROM {$opt["table_prefix"]}users");
$rs = mysql_query($query) or die("Could not query: " . mysql_error()); $stmt->execute();
$row = mysql_fetch_assoc($rs) or die("Could not query: " . mysql_error()); if ($row = $stmt->fetch()) {
$userid = $row["userid"]; $userid = $row["userid"];
mysql_free_result($rs); }
else die("No user was created.");
// 5. create the membership. // 5. create the membership.
$query = "INSERT INTO {$OPT["table_prefix"]}memberships(userid,familyid) VALUES($userid,$familyid)"; $stmt = dbh($opt)->prepare("INSERT INTO {$opt["table_prefix"]}memberships(userid,familyid) VALUES(?, ?)");
mysql_query($query) or die("Could not query: " . mysql_error()); $stmt->bindParam(1, $userid, PDO::PARAM_INT);
$stmt->bindParam(2, $familyid, PDO::PARAM_INT);
$stmt->execute();
} }
} }
echo "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\r\n";
?> ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd"> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head> <head>
<title>Gift Registry - Setup</title> <title>Gift Registry - Setup</title>
<link href="styles.css" type="text/css" rel="stylesheet" /> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
<script language="JavaScript" type="text/javascript"> <script src="js/jquery.validate.min.js"></script>
function validateSetup() { <script language="JavaScript" type="text/javascript">
field = document.setup.username; $(document).ready(function() {
if (field == null || field == undefined || !field.value.match("\\S")) { $("#setupform").validate({
alert("You must supply a username."); rules: {
field.focus(); "username": {
return false; required: true,
} maxlength: 20
},
field = document.setup.fullname; "pwd": {
if (field == null || field == undefined || !field.value.match("\\S")) { required: true,
alert("You must supply your full name."); maxlength: 50
field.focus(); },
return false; "confirmpwd": {
} required: true,
equalTo: "#pwd",
field = document.setup.pwd; maxlength: 50
if (field == null || field == undefined || !field.value.match("\\S")) { },
alert("You must supply your password."); "fullname": {
field.focus(); required: true,
return false; maxlength: 50
} },
if (field.value != document.setup.confirmpwd.value) { "email": {
alert("Passwords do not match."); required: true,
field.focus(); maxlength: 255,
return false; email: true
} }
},
field = document.setup.email; messages: {
if (!field.value.match("\\w+([-+.]\\w+)*@\\w+([-.]\\w+)*\\.\\w+([-.]\\w+)*")) { "username": {
alert("The e-mail address '" + field.value + "' is not a valid address."); required: "The initial username is required.",
field.focus(); maxlength: "The initial username must be 20 characters or less."
return false; },
} "pwd": {
required: "The initial password is required.",
field = document.setup.familyname; maxlength: "The initial password must be 50 characters or less."
if (field == null || field == undefined || !field.value.match("\\S")) { },
alert("You must specify the name of the default/initial family."); "confirmpwd": {
field.focus(); required: "This value is required.",
return false; equalTo: "This value must match the initial password.",
} maxlength: "This value must be 50 characters or less."
},
return true; "fullname": {
} required: "The full name is required.",
</script> maxlength: "The full name must be 50 characters or less."
},
"email": {
required: "The e-mail address is required.",
maxlength: "The e-mail address must be 255 characters or less.",
email: "The e-mail address is invalid."
}
}
});
});
</script>
</head> </head>
<body> <body>
<?php <?php
@ -134,7 +153,7 @@ if (isset($_POST["action"]) && $_POST["action"] == "setup") {
</p> </p>
<table border="1" cellpadding="2" cellspacing="2"> <table border="1" cellpadding="2" cellspacing="2">
<?php <?php
foreach ($OPT as $key => $value) { foreach ($opt as $key => $value) {
?> ?>
<tr> <tr>
<td><?php echo $key; ?></td> <td><?php echo $key; ?></td>
@ -150,7 +169,7 @@ else {
// check their image_subdir for writeability. // check their image_subdir for writeability.
echo "<p>"; echo "<p>";
$parts = pathinfo($_SERVER["SCRIPT_FILENAME"]); $parts = pathinfo($_SERVER["SCRIPT_FILENAME"]);
$image_dir = $parts['dirname'] . "/" . $OPT["image_subdir"]; $image_dir = $parts['dirname'] . "/" . $opt["image_subdir"];
$writeable = is_writable($image_dir); $writeable = is_writable($image_dir);
if ($writeable) { if ($writeable) {
echo "<font color=\"green\">$image_dir is writeable, images can be uploaded.</font>"; echo "<font color=\"green\">$image_dir is writeable, images can be uploaded.</font>";
@ -159,8 +178,14 @@ else {
echo "<font color=\"red\">$image_dir is NOT writeable, images cannot be uploaded. Either chmod this directory to allow the web server to write to it, or disable image uploading in config.php.</font>"; echo "<font color=\"red\">$image_dir is NOT writeable, images cannot be uploaded. Either chmod this directory to allow the web server to write to it, or disable image uploading in config.php.</font>";
} }
echo "</p>"; echo "</p>";
// check if Smarty works.
echo "<p>Testing Smarty installation... ensure the result is OK.</p>";
require_once(dirname(__FILE__) . "/includes/MySmarty.class.php");
$smarty = new MySmarty();
$smarty->testInstall();
?> ?>
<form name="setup" method="post" action="setup.php"> <form name="setupform" id="setupform" method="post" action="setup.php">
<input type="hidden" name="action" value="setup"> <input type="hidden" name="action" value="setup">
<div align="center"> <div align="center">
<table cellpadding="3" class="partbox" width="50%"> <table cellpadding="3" class="partbox" width="50%">
@ -177,42 +202,42 @@ else {
<tr> <tr>
<td>Admin username</td> <td>Admin username</td>
<td> <td>
<input name="username" size="20" maxlength="20" type="text" value="<?php if (isset($_POST["username"])) echo htmlspecialchars(stripslashes($_POST["username"])); ?>"/> <input id="username" name="username" size="20" maxlength="20" type="text" value="<?php if (isset($_POST["username"])) echo htmlspecialchars($_POST["username"]); ?>"/>
</td> </td>
</tr> </tr>
<tr> <tr>
<td>Admin password</td> <td>Admin password</td>
<td> <td>
<input name="pwd" size="20" maxlength="50" type="password" /> <input id="pwd" name="pwd" size="20" maxlength="50" type="password" />
</td> </td>
</tr> </tr>
<tr> <tr>
<td>Confirm admin password</td> <td>Confirm admin password</td>
<td> <td>
<input name="confirmpwd" size="20" maxlength="50" type="password" /> <input id="confirmpwd" name="confirmpwd" size="20" maxlength="50" type="password" />
</td> </td>
</tr> </tr>
<tr> <tr>
<td>Admin full name</td> <td>Admin full name</td>
<td> <td>
<input name="fullname" size="30" maxlength="50" type="text" value="<?php if (isset($_POST["fullname"])) echo htmlspecialchars(stripslashes($_POST["fullname"])); ?>" /> <input id="fullname" name="fullname" size="30" maxlength="50" type="text" value="<?php if (isset($_POST["fullname"])) echo htmlspecialchars($_POST["fullname"]); ?>" />
</td> </td>
</tr> </tr>
<tr> <tr>
<td>Admin e-mail address</td> <td>Admin e-mail address</td>
<td> <td>
<input name="email" size="30" maxlength="255" type="text" value="<?php if (isset($_POST["email"])) echo $_POST["email"]; ?>" /> <input id="email" name="email" size="30" maxlength="255" type="text" value="<?php if (isset($_POST["email"])) echo htmlspecialchars($_POST["email"]); ?>" />
</td> </td>
</tr> </tr>
<tr> <tr>
<td>Default/initial family name</td> <td>Default/initial family name</td>
<td> <td>
<input name="familyname" size="50" maxlength="255" type="text" value="<?php if (isset($_POST["familyname"])) echo $_POST["familyname"]; ?>" /> <input id="familyname" name="familyname" size="50" maxlength="255" type="text" value="<?php if (isset($_POST["familyname"])) echo htmlspecialchars($_POST["familyname"]); ?>" />
</td> </td>
</tr> </tr>
<tr> <tr>
<td colspan="2" align="center"> <td colspan="2" align="center">
<input type="submit" value="Submit" onClick="return validateSetup();" /> <input type="submit" value="Submit" />
</td> </td>
</tr> </tr>
</table> </table>