# HG changeset patch # User Dan # Date 1195167734 18000 # Node ID e7bbbb92385b91675eda4915ba373e20b33de16c # Parent 62ee6685ad189646fd70f5680abac4559305e89c# Parent ba28d43a6b8662ac425ba395c60e2c968187829a Merge in installer fixes from 204 (ba28d43a6b86) diff -r 62ee6685ad18 -r e7bbbb92385b install.php --- a/install.php Thu Nov 15 18:00:39 2007 -0500 +++ b/install.php Thu Nov 15 18:02:14 2007 -0500 @@ -179,15 +179,12 @@ if ( $act_get ) return $conn; - $db_user =& $_POST['db_user']; - $db_pass =& $_POST['db_pass']; - $db_name =& $_POST['db_name']; + $db_user = mysql_real_escape_string($_POST['db_user']); + $db_pass = mysql_real_escape_string($_POST['db_pass']); + $db_name = mysql_real_escape_string($_POST['db_name']); - if ( !preg_match('/^[a-z0-9_-]+$/', $db_name) ) - { - $db_name = htmlspecialchars($db_name); - die("
SECURITY: malformed database name \"$db_name\"
"); - } + if ( !preg_match('/^[a-z0-9_]+$/', $db_name) ) + die("SECURITY: malformed database name
"); // First, try to connect using the normal credentials $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); @@ -202,9 +199,6 @@ // Couldn't connect using either set of credentials. Bail out. return false; } - unset($db_user, $db_pass); - $db_user = mysql_real_escape_string($_POST['db_user']); - $db_pass = mysql_real_escape_string($_POST['db_pass']); // Create the user account $q = @mysql_query("GRANT ALL PRIVILEGES ON test.* TO '{$db_user}'@'localhost' IDENTIFIED BY '$db_pass' WITH GRANT OPTION;", $conn_root); if ( !$q ) @@ -233,16 +227,9 @@ return false; } } - mysql_close($conn_root); - $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); - if ( !$conn ) - { - // This should honestly never happen. - return false; - } } } - $q = @mysql_query("USE `$db_name`;", $conn); + $q = @mysql_query("USE $db_name;", $conn); if ( !$q ) { // access denied to the database; try the whole root schenanegan again @@ -255,44 +242,33 @@ return false; } // create the database, if it doesn't exist - $q = @mysql_query("CREATE DATABASE IF NOT EXISTS `$db_name`;", $conn_root); + $q = @mysql_query("CREATE DATABASE IF NOT EXISTS $db_name;", $conn_root); if ( !$q ) { // this really should never fail, so don't give any tolerance to it return false; } - unset($db_user, $db_pass); - $db_user = mysql_real_escape_string($_POST['db_user']); - $db_pass = mysql_real_escape_string($_POST['db_pass']); // we're in with root rights; grant access to the database - $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'localhost';", $conn_root); + $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'localhost';", $conn_root); if ( !$q ) { return false; } if ( $_POST['db_host'] != 'localhost' && $_POST['db_host'] != '127.0.0.1' && $_POST['db_host'] != '::1' ) { - $q = @mysql_query("GRANT ALL PRIVILEGES ON `$db_name`.* TO '{$db_user}'@'%';", $conn_root); + $q = @mysql_query("GRANT ALL PRIVILEGES ON $db_name.* TO '{$db_user}'@'%';", $conn_root); if ( !$q ) { return false; } } - mysql_close($conn_root); - // grant tables have hopefully been flushed, kill and reconnect our regular user connection - mysql_close($conn); - $conn = @mysql_connect($_POST['db_host'], $_POST['db_user'], $_POST['db_pass']); - if ( !$conn ) - { - return false; - } } else { return false; } // try again - $q = @mysql_query("USE `$db_name`;", $conn); + $q = @mysql_query("USE $db_name;", $conn); if ( !$q ) { // really failed this time; bail out @@ -694,7 +670,7 @@ die('root'.$e); } $rsp = 'good'; - $q = mysql_query('USE '.$dbname, $conn); + $q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn); if(!$q) { $e = mysql_error(); @@ -727,7 +703,7 @@ else die('auth'.$e); } - $q = mysql_query('USE '.$dbname, $conn); + $q = mysql_query('USE `' . mysql_real_escape_string($dbname) . '`;', $conn); if(!$q) { $e = mysql_error(); @@ -949,7 +925,7 @@ '; - run_test('return false;', 'Some of the features of Enano have been turned off to accommodate your server.', 'Enano has detected that some of the features or configuration settings on your server are not optimal for the best behavior and/or performance for Enano. As a result, certain features or enhancements that are part of Enano have been disabled to prevent further errors. You have seen those "fatal error" notices that spew from PHP, haven\'t you?
- Website name - The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not - be blank or "Enano". - |
- - - | -- - | -
- Website description - This text will be shown below the name of your website. - |
- - - | -- - | -
- Copyright info - This should be a one-line legal notice that will appear at the bottom of all your pages. - |
- - - | -- - | -
- Wiki mode - This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can - protect pages to prevent editing. - |
- - - | -- - | -
- URL scheme - Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you - don't know, select the first option, and you can always change it later. - |
-
- name="urlscheme" value="ugly" id="ugly" /> - name="urlscheme" value="short" id="short" /> - - |
- |
Website name The display name of your website. Allowed characters are uppercase and lowercase letters, numerals, and spaces. This must not be blank or "Enano". | ||
Website description This text will be shown below the name of your website. | ||
Copyright info This should be a one-line legal notice that will appear at the bottom of all your pages. | ||
Wiki mode This feature allows people to create and edit pages on your site. Enano keeps a history of all page modifications, and you can protect pages to prevent editing. | ||
URL scheme Choose how the page URLs will look. Depending on your server configuration, you may need to select the first option. If you don't know, select the first option, and you can always change it later. | name="urlscheme" value="ugly" id="ugly"> name="urlscheme" value="short" id="short"> |
- - | -
-
- Before clicking continue: |
-
Before clicking continue: |
+
Next, enter your desired username and password. The account you create here will be used to administer your site.
Administration username The administration username you will use to log into your site. This cannot be "anonymous" or in the form of an IP address. | - | |
Administration password: | -- | - |
Enter it again to confirm: | -- | |
Your e-mail address: | -- | - |
Administration username The administration username you will use to log into your site. This cannot be "anonymous" or in the form of an IP address. | ||
Administration password: | ||
Enter it again to confirm: | ||
Your e-mail address: | ||
Allow administrators to embed PHP code into pages: @@ -1574,24 +1360,15 @@ |
- - | -
-
- Before clicking continue: |
-
Before clicking continue: |
+