";
function __construct() {
$GLOBALS['no_visible_elements'] = true;
EZ::$isUpdating = isset($_REQUEST['update']);
EZ::$isInWP = isset($_REQUEST['wp']);
EZ::$isInstallingWP = !empty($GLOBALS['isInstallingWP']);
if (EZ::$isInstallingWP || EZ::$isUpdating) {
$this->install();
if (EZ::$isUpdating) {
if (EZ::$isInWP) {
$wp = '?wp';
}
else {
$wp = '';
}
header("Location: index.php$wp");
exit();
}
return;
}
}
function backupTables() {
$db = $this->db;
if (EZ::$isUpdating) {
$this->needMigration = false;
}
else {
$this->needMigration = $db->saveTables($this->tables);
}
}
function randString($len = 32) {
$chars = 'abcdefghijklmnopqrstuvwxyz';
$chars .= strtoupper($chars) . '0123456789';
$charLen = strlen($chars) - 1;
$string = '';
for ($i = 0; $i < $len; $i++) {
$pos = rand(0, $charLen);
$string .= $chars[$pos];
}
return $string;
}
function putDefaultOptions($options) {
$db = $this->db;
$row = array();
foreach ($options as $k => $o) {
if ($k == 'salt') {
$row[$k] = $this->randString();
}
else {
$row[$k] = $o['value'];
}
}
$rowDB = $db->getMetaData('options_meta');
$row = array_merge($row, $rowDB);
$db->putMetaData('options_meta', $row);
}
function mkDB() {
if (!($this->db instanceof DbHelper)) {
$this->db = new DbHelper();
}
return $this->db;
}
function install() {
$db = $this->mkDB();
$this->backupTables();
$db->importSQL('setup.sql');
$db->importSQL('setup-pro.sql');
if ($this->needMigration) {
$dbBak = new DbHelper();
$dbBak->dbPrefix = "bak_" . $db->dbPrefix;
$this->migrate($dbBak);
}
$options = array();
require_once('options-default.php');
$options['app_name'] = array('value' => $this->name);
$options['app_logo'] = array('value' => $this->logo);
$this->putDefaultOptions($options);
if (file_exists("options-advanced.php")) {
include_once('options-advanced.php');
$this->putDefaultOptions($options);
}
$this->message = "$this->helpBtn Congratulations! You have configured your DB details.
Please setup an admin account now.
"
. "";
// post install setup
$this->setup();
}
function import($dbBak) {
$db = $this->db;
$tables = $dbBak->getTableNames(true);
foreach ($tables as $table) {
$tableStub = str_replace($dbBak->dbPrefix, '', $table);
if (in_array($tableStub, $this->tables) && $db->tableExists($tableStub)) {
$data = $dbBak->getData($table);
foreach ($data as $row) {
$db->putRowData($tableStub, $row);
}
}
}
}
function verifyCfg() {
if (EZ::$isInstallingWP) {
return true;
}
$cfgIsValid = DbHelper::cfgIsValid();
$cfgDir = dirname(__DIR__);
$this->message = "$this->helpBtn Please enter your database details.
";
if (!empty($_GET['error'])) {
switch ($_GET['error']) {
case 1:
$this->message = "$this->helpBtn Error connecting to the database. Check your DB details below.
";
break;
case 2:
if (!empty($_GET['cfg'])) {
$cfg = "Or create the config file on your server and insert the following content in it.
" . htmlspecialchars(urldecode($_GET['cfg'])) . "
Config file is $cfgDir/dbCfg.php";
}
else {
$cfg = '';
}
$this->message = "$this->helpBtn
Error: Permission denied! Unable to open config file (dbCfg.php) for writing.
Try creating the file on your server and making it writable. On Unix, the commands are
cd $cfgDir
touch dbCfg.php
chmod 777 dbCfg.php
$cfg
$this->helpBtn Config file (
$cfgDir/dbCfg.php) successfully written.
For your security, please write-protect it using commands equivalent to
cd $cfgDir chmod 644 dbCfg.phpPlease proceed to the
Admin Interface to set up your products.
Welcome to name; ?> Setup
message; ?>
Thank you! Verifying... This may take a while. 0 seconds.
hideSetup)) {
?>
Admin Setup
Your application hasn't been installed. Please provide the database details to set it up.
help; ?>
Database Host: If your database is hosted on a different server, please provide its name. Usually, MySQL databases are hosted at the same server as your Webserver, in which case, you can use localhost as your database server.
Database Name: If you are using a dedicated database created using your CPanel or other hosting provider interface, please provide its name. It usually has the form username_dbname. If you have limits on the number of databases you can create on your server, you can reuse an existing database. If not, it is best to create a dedicated one for this application.
Database Prefix: Optional: Use a prefix for all the database tables so that you can easily identify them. A prefix like ez_ is a decent one, but to enhance your security, you may want to choose a different one.
Database User Name: Your username to log on to the database server. If you created your database and db users on a cPanel, you'd know the user name. It is typically the same as the database name itself. Please contact your system admin if in doubt.
Database Password: Your database password. You can set it on your cPanel or equivalent. Please contact your system admin if in doubt.
Your Email: Optional. This email ID will be used to send database error messages from this application. Later on, you will set up other email addresses where application or support messages may be directed. However, if the DB cannot be connected to, those email IDs cannot be accessed, and diagnostic messages cannot be sent. So, this is the only email address the program will have access to. If you don't want emails about DB errors, leave it empty or give a fake email ID like nobody@nowhere.com.
Once all the required values are given, this application will try to generate a DB configuration file for you. If it fails to do so because of file permission errors, it will ask you to correct the issues with clear instructions.
printCfgJS();
require_once('footer.php');
}
function printCfgJS() {
?>
isAdminSetup()) {
return 7;
}
}
if ($_SERVER['REQUEST_METHOD'] != "POST" || !isset($_POST['login'])) {
return -1;
}
if (empty($_POST['newpassword0']) && empty($_POST['email'])) {
return 3;
}
if (empty($_POST['newpassword0'])) {
return 4;
}
if (empty($_POST['email'])) {
return 5;
}
if ($_POST['newpassword0'] != $_POST['newpassword1']) {
return 6;
}
if ($updating) { // verifies the current password field
require_once '../EZ.php';
$row = EZ::authenticate();
if (!is_array($row)) {
return $row;
}
}
return 0;
}
function isAdminSetup() {
if (EZ::$isInstallingWP) {
return true;
}
$db = $this->mkDB();
$table = 'administrator';
if ($db->tableExists($table)) {
$row = $db->getData($table);
if (!empty($row)) { // already set up.
return true;
}
}
else {
header('location: dbSetup.php');
exit;
}
return false;
}
function verifyAdmin($current = array()) {
if (EZ::$isInstallingWP) {
return true;
}
$init = empty($current);
if ($init) {
// clear previous logins
session_unset();
session_destroy();
session_write_close();
setcookie(session_name(), '', 0, '/');
session_regenerate_id(true);
}
$updating = !$init;
$error = $this->getAdminError($updating);
if ($error == 0) {
$data = array();
$data['id'] = 1;
$data['username'] = $_POST['newusername'];
if (!empty($_POST['newpassword0'])) {
$data['password'] = EZ::md5($_POST['newpassword0']);
}
if (!empty($_POST['email'])) {
$data['email'] = $_POST['email'];
}
$db = $this->mkDB();
$db->putRowData('administrator', $data);
}
if ($updating) {
$error += 10;
}
$this->hideAdmin = "";
$this->hideIndex = "hidden";
switch ($error) {
case 0:
$this->message = "$this->helpBtn User authenticated and Profile created.
";
break;
case 1:
$this->message = "$this->helpBtn Your username and password are incorrect!
";
break;
case 3:
$this->message = "$this->helpBtn Nothing to update! New password and new email are empty.
";
break;
case 4:
$this->message = "$this->helpBtn Password not updated because it is empty. Email is updated.
";
break;
case 5:
$this->message = "$this->helpBtn Email not updated because it is empty. Password is updated.
";
break;
case 6:
$this->message = "$this->helpBtn New passwords do not match.
";
break;
case 7:
$this->message = "$this->helpBtn Congratulations! You have fully configured your application.
Please go to the admin interface.
"
. "";
$this->hideAdmin = "hidden";
$this->hideIndex = "";
return true;
case 10:
$this->message = 'User authenticated and Profile updated.
';
break;
case 11:
$this->message = 'Your current password is incorrect!
';
break;
case 13:
$this->message = 'Nothing to update! New password and new email are empty.
';
break;
case 14:
$this->message = 'Password not updated because it is empty. Email is updated.
';
break;
case 15:
$this->message = 'Email not updated because it is empty. Password is updated.
';
break;
case 16:
$this->message = 'New passwords do not match.
';
break;
default:
if ($init) {
$this->message = "$this->helpBtn Please create an admin account.
";
}
else {
$this->message = 'For your security, verify your current password
again before updating your profile.
';
}
break;
}
return false;
}
function printAdminForm($current = array()) {
if (EZ::$isInstallingWP) {
return;
}
$updating = !empty($current);
if (!$updating) {
if ($this->isAdminSetup()) {
$this->hideAdmin = "hidden";
$this->hideIndex = "";
}
$username = $email = "";
$btnText = "Create Admin";
}
else {
$username = $current['username'];
$email = $current['email'];
$btnText = "Update";
$this->hideAdmin = "";
$this->hideIndex = "hidden";
}
require_once('header.php');
?>
Welcome to name; ?> Admin Setup
Your application has been installed, but needs an admin account for secure access.
Username: Select an admin user name. A name like admin is fine, but something less obvious would be more secure.
Password: Please type in a strong password (at least six characters long), and verify it.
Email: Optional: Please provide an email address where you can receive password retrieval information, in case you forget your password.
Once the admin account is set up, you are ready to use the application. This page will not be operational after you set up your admin account, which is a precaution against possible hacker attacks. To further improve your security, you may want to delete this file (
Note that this application allows only one admin account, because one is all that is needed. If you would like to modify the admin profile (password and email), you can do so from the admin interface.
printAdminJS($updating);
require_once 'footer.php';
}
function printAdminJS($updating) {
?>