1<?php
2
3/*><div style="width:60%; margin: auto; background-color: #fcc;
4                border: 1px solid #faa; padding: 0.5em 1em;">
5    <h1 style="font-size: 120%">No PHP Support</h1>
6
7    It seems this server has no PHP support enabled. You will need to
8    enable PHP before you can install and run DokuWiki. Contact your hosting
9    provider if you're unsure what this means.
10
11</div>*/
12/**
13 * Dokuwiki installation assistance
14 *
15 * @author      Chris Smith <chris@jalakai.co.uk>
16 */
17
18if (!defined('DOKU_INC')) define('DOKU_INC', dirname(__FILE__) . '/');
19if (!defined('DOKU_CONF')) define('DOKU_CONF', DOKU_INC . 'conf/');
20if (!defined('DOKU_LOCAL')) define('DOKU_LOCAL', DOKU_INC . 'conf/');
21
22// load and initialize the core system
23require_once(DOKU_INC . 'inc/init.php');
24require_once(DOKU_INC . 'inc/pageutils.php');
25
26// check for error reporting override or set error reporting to sane values
27if (!defined('DOKU_E_LEVEL')) {
28    error_reporting(E_ALL ^ E_NOTICE);
29} else {
30    error_reporting(DOKU_E_LEVEL);
31}
32
33// language strings
34require_once(DOKU_INC . 'inc/lang/en/lang.php');
35if (isset($_REQUEST['l']) && !is_array($_REQUEST['l'])) {
36    $LC = preg_replace('/[^a-z\-]+/', '', $_REQUEST['l']);
37}
38if (empty($LC)) $LC = 'en';
39if ($LC && $LC != 'en') {
40    require_once(DOKU_INC . 'inc/lang/' . $LC . '/lang.php');
41}
42
43// initialise variables ...
44$error = array();
45
46// begin output
47header('Content-Type: text/html; charset=utf-8');
48?>
49<!DOCTYPE html>
50<html lang="<?php echo $LC?>" dir="<?php echo $lang['direction']?>">
51<head>
52    <meta charset="utf-8" />
53    <title><?php echo $lang['i_installer']?></title>
54    <style>
55        body { width: 90%; margin: 0 auto; font: 84% Verdana, Helvetica, Arial, sans-serif; }
56        img { border: none }
57        br.cl { clear:both; }
58        code { font-size: 110%; color: #800000; }
59        fieldset { border: none }
60        label { display: block; margin-top: 0.5em; }
61        select.text, input.text { width: 30em; margin: 0 0.5em; }
62        a {text-decoration: none}
63    </style>
64    <script>
65        function acltoggle(){
66            var cb = document.getElementById('acl');
67            var fs = document.getElementById('acldep');
68            if(!cb || !fs) return;
69            if(cb.checked){
70                fs.style.display = '';
71            }else{
72                fs.style.display = 'none';
73            }
74        }
75        window.onload = function(){
76            acltoggle();
77            var cb = document.getElementById('acl');
78            if(cb) cb.onchange = acltoggle;
79        };
80    </script>
81</head>
82<body style="">
83    <h1 style="float:left">
84        <img src="lib/exe/fetch.php?media=wiki:dokuwiki-128.png"
85             style="vertical-align: middle;" alt="" height="64" width="64" />
86        <?php echo $lang['i_installer']?>
87    </h1>
88    <div style="float:right; margin: 1em;">
89        <?php langsel()?>
90    </div>
91    <br class="cl" />
92
93    <div style="float: right; width: 34%;">
94        <?php
95        if (file_exists(DOKU_INC . 'inc/lang/' . $LC . '/install.html')) {
96            include(DOKU_INC . 'inc/lang/' . $LC . '/install.html');
97        } else {
98            print "<div lang=\"en\" dir=\"ltr\">\n";
99            include(DOKU_INC . 'inc/lang/en/install.html');
100            print "</div>\n";
101        }
102        ?>
103        <a style="
104                background: transparent
105                url(data/dont-panic-if-you-see-this-in-your-logs-it-means-your-directory-permissions-are-correct.png)
106                left top no-repeat;
107                display: block; width:380px; height:73px; border:none; clear:both;"
108           target="_blank"
109           href="http://www.dokuwiki.org/security#web_access_security"></a>
110    </div>
111
112    <div style="float: left; width: 58%;">
113        <?php
114        try {
115            if (! (check_functions() && check_permissions())) {
116                echo '<p>' . $lang['i_problems'] . '</p>';
117                print_errors();
118                print_retry();
119            } elseif (!check_configs()) {
120                echo '<p>' . $lang['i_modified'] . '</p>';
121                print_errors();
122            } elseif (check_data($_REQUEST['d'])) {
123                // check_data has sanitized all input parameters
124                if (!store_data($_REQUEST['d'])) {
125                    echo '<p>' . $lang['i_failure'] . '</p>';
126                    print_errors();
127                } else {
128                    echo '<p>' . $lang['i_success'] . '</p>';
129                }
130            } else {
131                print_errors();
132                print_form($_REQUEST['d']);
133            }
134        } catch (Exception $e) {
135            echo 'Caught exception: ',  $e->getMessage(), "\n";
136        }
137        ?>
138    </div>
139
140
141<div style="clear: both">
142  <a href="http://dokuwiki.org/"><img src="lib/tpl/dokuwiki/images/button-dw.png" alt="driven by DokuWiki" /></a>
143  <a href="http://php.net"><img src="lib/tpl/dokuwiki/images/button-php.gif" alt="powered by PHP" /></a>
144</div>
145</body>
146</html>
147<?php
148
149/**
150 * Print the input form
151 *
152 * @param array $d submitted entry 'd' of request data
153 */
154function print_form($d)
155{
156    global $lang;
157    global $LC;
158
159    include(DOKU_CONF . 'license.php');
160
161    if (!is_array($d)) $d = array();
162    $d = array_map('hsc', $d);
163
164    if (!isset($d['acl'])) $d['acl'] = 1;
165    if (!isset($d['pop'])) $d['pop'] = 1;
166
167    ?>
168    <form action="" method="post">
169    <input type="hidden" name="l" value="<?php echo $LC ?>" />
170    <fieldset>
171        <label for="title"><?php echo $lang['i_wikiname']?>
172        <input type="text" name="d[title]" id="title" value="<?php echo $d['title'] ?>" style="width: 20em;" />
173        </label>
174
175        <fieldset style="margin-top: 1em;">
176            <label for="acl">
177            <input type="checkbox" name="d[acl]" id="acl" <?php echo(($d['acl'] ? ' checked="checked"' : ''));?> />
178            <?php echo $lang['i_enableacl']?></label>
179
180            <fieldset id="acldep">
181                <label for="superuser"><?php echo $lang['i_superuser']?></label>
182                <input class="text" type="text" name="d[superuser]" id="superuser"
183                       value="<?php echo $d['superuser'] ?>" />
184
185                <label for="fullname"><?php echo $lang['fullname']?></label>
186                <input class="text" type="text" name="d[fullname]" id="fullname"
187                       value="<?php echo $d['fullname'] ?>" />
188
189                <label for="email"><?php echo $lang['email']?></label>
190                <input class="text" type="text" name="d[email]" id="email" value="<?php echo $d['email'] ?>" />
191
192                <label for="password"><?php echo $lang['pass']?></label>
193                <input class="text" type="password" name="d[password]" id="password" />
194
195                <label for="confirm"><?php echo $lang['passchk']?></label>
196                <input class="text" type="password" name="d[confirm]" id="confirm" />
197
198                <label for="policy"><?php echo $lang['i_policy']?></label>
199                <select class="text" name="d[policy]" id="policy">
200                    <option value="0" <?php echo ($d['policy'] == 0) ? 'selected="selected"' : '' ?>><?php
201                        echo $lang['i_pol0']?></option>
202                    <option value="1" <?php echo ($d['policy'] == 1) ? 'selected="selected"' : '' ?>><?php
203                        echo $lang['i_pol1']?></option>
204                    <option value="2" <?php echo ($d['policy'] == 2) ? 'selected="selected"' : '' ?>><?php
205                        echo $lang['i_pol2']?></option>
206                </select>
207
208                <label for="allowreg">
209                    <input type="checkbox" name="d[allowreg]" id="allowreg" <?php
210                        echo(($d['allowreg'] ? ' checked="checked"' : ''));?> />
211                    <?php echo $lang['i_allowreg']?>
212                </label>
213            </fieldset>
214        </fieldset>
215
216        <fieldset>
217            <p><?php echo $lang['i_license']?></p>
218            <?php
219            array_push($license, array('name' => $lang['i_license_none'], 'url' => ''));
220            if (empty($d['license'])) $d['license'] = 'cc-by-sa';
221            foreach ($license as $key => $lic) {
222                echo '<label for="lic_' . $key . '">';
223                echo '<input type="radio" name="d[license]" value="' . hsc($key) . '" id="lic_' . $key . '"' .
224                     (($d['license'] === $key) ? ' checked="checked"' : '') . '>';
225                echo hsc($lic['name']);
226                if ($lic['url']) echo ' <a href="' . $lic['url'] . '" target="_blank"><sup>[?]</sup></a>';
227                echo '</label>';
228            }
229            ?>
230        </fieldset>
231
232        <fieldset>
233            <p><?php echo $lang['i_pop_field']?></p>
234            <label for="pop">
235                <input type="checkbox" name="d[pop]" id="pop" <?php
236                    echo(($d['pop'] ? ' checked="checked"' : ''));?> />
237                <?php echo $lang['i_pop_label']?>
238                <a href="http://www.dokuwiki.org/popularity" target="_blank"><sup>[?]</sup></a>
239            </label>
240        </fieldset>
241
242    </fieldset>
243    <fieldset id="process">
244        <button type="submit" name="submit"><?php echo $lang['btn_save']?></button>
245    </fieldset>
246    </form>
247    <?php
248}
249
250function print_retry()
251{
252    global $lang;
253    global $LC;
254    ?>
255    <form action="" method="get">
256      <fieldset>
257        <input type="hidden" name="l" value="<?php echo $LC ?>" />
258        <button type="submit"><?php echo $lang['i_retry'];?></button>
259      </fieldset>
260    </form>
261    <?php
262}
263
264/**
265 * Check validity of data
266 *
267 * @author Andreas Gohr
268 *
269 * @param array $d
270 * @return bool ok?
271 */
272function check_data(&$d)
273{
274    static $form_default = array(
275        'title'     => '',
276        'acl'       => '1',
277        'superuser' => '',
278        'fullname'  => '',
279        'email'     => '',
280        'password'  => '',
281        'confirm'   => '',
282        'policy'    => '0',
283        'allowreg'  => '0',
284        'license'   => 'cc-by-sa'
285    );
286    global $lang;
287    global $error;
288
289    if (!is_array($d)) $d = array();
290    foreach ($d as $k => $v) {
291        if (is_array($v))
292            unset($d[$k]);
293        else $d[$k] = (string)$v;
294    }
295
296    //autolowercase the username
297    $d['superuser'] = isset($d['superuser']) ? strtolower($d['superuser']) : "";
298
299    $ok = false;
300
301    if (isset($_REQUEST['submit'])) {
302        $ok = true;
303
304        // check input
305        if (empty($d['title'])) {
306            $error[] = sprintf($lang['i_badval'], $lang['i_wikiname']);
307            $ok      = false;
308        }
309        if (isset($d['acl'])) {
310            if (empty($d['superuser']) || ($d['superuser'] !== cleanID($d['superuser']))) {
311                $error[] = sprintf($lang['i_badval'], $lang['i_superuser']);
312                $ok      = false;
313            }
314            if (empty($d['password'])) {
315                $error[] = sprintf($lang['i_badval'], $lang['pass']);
316                $ok      = false;
317            } elseif (!isset($d['confirm']) || $d['confirm'] != $d['password']) {
318                $error[] = sprintf($lang['i_badval'], $lang['passchk']);
319                $ok      = false;
320            }
321            if (empty($d['fullname']) || strstr($d['fullname'], ':')) {
322                $error[] = sprintf($lang['i_badval'], $lang['fullname']);
323                $ok      = false;
324            }
325            if (empty($d['email']) || strstr($d['email'], ':') || !strstr($d['email'], '@')) {
326                $error[] = sprintf($lang['i_badval'], $lang['email']);
327                $ok      = false;
328            }
329        } else {
330            // Since default = 1, browser won't send acl=0 when user untick acl
331            $d['acl'] = '0';
332        }
333    }
334    $d = array_merge($form_default, $d);
335    return $ok;
336}
337
338/**
339 * Writes the data to the config files
340 *
341 * @author  Chris Smith <chris@jalakai.co.uk>
342 *
343 * @param array $d
344 * @return bool
345 */
346function store_data($d)
347{
348    global $LC;
349    $ok = true;
350    $d['policy'] = (int) $d['policy'];
351
352    // create local.php
353    $now    = gmdate('r');
354    $output = <<<EOT
355<?php
356/**
357 * Dokuwiki's Main Configuration File - Local Settings
358 * Auto-generated by install script
359 * Date: $now
360 */
361
362EOT;
363    // add any config options set by a previous installer
364    $preset = __DIR__ . '/install.conf';
365    if (file_exists($preset)) {
366        $output .= "# preset config options\n";
367        $output .= file_get_contents($preset);
368        $output .= "\n\n";
369        $output .= "# options selected in installer\n";
370        @unlink($preset);
371    }
372
373    $output .= '$conf[\'title\'] = \'' . addslashes($d['title']) . "';\n";
374    $output .= '$conf[\'lang\'] = \'' . addslashes($LC) . "';\n";
375    $output .= '$conf[\'license\'] = \'' . addslashes($d['license']) . "';\n";
376    if ($d['acl']) {
377        $output .= '$conf[\'useacl\'] = 1' . ";\n";
378        $output .= "\$conf['superuser'] = '@admin';\n";
379    }
380    if (!$d['allowreg']) {
381        $output .= '$conf[\'disableactions\'] = \'register\'' . ";\n";
382    }
383    $ok = $ok && fileWrite(DOKU_LOCAL . 'local.php', $output);
384
385    if ($d['acl']) {
386        // hash the password
387        $phash = new \dokuwiki\PassHash();
388        $pass = $phash->hash_bcrypt($d['password']);
389
390        // create users.auth.php
391        $output = <<<EOT
392# users.auth.php
393# <?php exit()?>
394# Don't modify the lines above
395#
396# Userfile
397#
398# Auto-generated by install script
399# Date: $now
400#
401# Format:
402# login:passwordhash:Real Name:email:groups,comma,separated
403
404EOT;
405        // --- user:bcryptpasswordhash:Real Name:email:groups,comma,seperated
406        $output = $output . "\n" . join(':', [
407                $d['superuser'],
408                $pass,
409                $d['fullname'],
410                $d['email'],
411                'admin,user',
412            ]) . "\n";
413        $ok = $ok && fileWrite(DOKU_LOCAL . 'users.auth.php', $output);
414
415        // create acl.auth.php
416        $output = <<<EOT
417# acl.auth.php
418# <?php exit()?>
419# Don't modify the lines above
420#
421# Access Control Lists
422#
423# Auto-generated by install script
424# Date: $now
425
426EOT;
427        if ($d['policy'] == 2) {
428            $output .=  "*               @ALL          0\n";
429            $output .=  "*               @user         8\n";
430        } elseif ($d['policy'] == 1) {
431            $output .=  "*               @ALL          1\n";
432            $output .=  "*               @user         8\n";
433        } else {
434            $output .=  "*               @ALL          8\n";
435        }
436        $ok = $ok && fileWrite(DOKU_LOCAL . 'acl.auth.php', $output);
437    }
438
439    // enable popularity submission
440    if (isset($d['pop']) && $d['pop']) {
441        @touch(DOKU_INC . 'data/cache/autosubmit.txt');
442    }
443
444    // disable auth plugins til needed
445    $output = <<<EOT
446<?php
447/*
448 * Local plugin enable/disable settings
449 *
450 * Auto-generated by install script
451 * Date: $now
452 */
453
454\$plugins['authad']    = 0;
455\$plugins['authldap']  = 0;
456\$plugins['authmysql'] = 0;
457\$plugins['authpgsql'] = 0;
458
459EOT;
460    $ok = $ok && fileWrite(DOKU_LOCAL . 'plugins.local.php', $output);
461
462    return $ok;
463}
464
465/**
466 * Write the given content to a file
467 *
468 * @author  Chris Smith <chris@jalakai.co.uk>
469 *
470 * @param string $filename
471 * @param string $data
472 * @return bool
473 */
474function fileWrite($filename, $data)
475{
476    global $error;
477    global $lang;
478
479    if (($fp = @fopen($filename, 'wb')) === false) {
480        $filename = str_replace($_SERVER['DOCUMENT_ROOT'], '{DOCUMENT_ROOT}/', $filename);
481        $error[]  = sprintf($lang['i_writeerr'], $filename);
482        return false;
483    }
484
485    if (!empty($data)) {
486        fwrite($fp, $data);
487    }
488    fclose($fp);
489    return true;
490}
491
492
493/**
494 * check installation dependent local config files and tests for a known
495 * unmodified main config file
496 *
497 * @author      Chris Smith <chris@jalakai.co.uk>
498 *
499 * @return bool
500 */
501function check_configs()
502{
503    global $error;
504    global $lang;
505
506    $ok = true;
507
508    $config_files = array(
509        'local' => DOKU_LOCAL . 'local.php',
510        'users' => DOKU_LOCAL . 'users.auth.php',
511        'auth'  => DOKU_LOCAL . 'acl.auth.php'
512    );
513
514    // configs shouldn't exist
515    foreach ($config_files as $file) {
516        if (file_exists($file) && filesize($file)) {
517            $file    = str_replace($_SERVER['DOCUMENT_ROOT'], '{DOCUMENT_ROOT}/', $file);
518            $error[] = sprintf($lang['i_confexists'], $file);
519            $ok      = false;
520        }
521    }
522    return $ok;
523}
524
525
526/**
527 * Check other installation dir/file permission requirements
528 *
529 * @author      Chris Smith <chris@jalakai.co.uk>
530 *
531 * @return bool
532 */
533function check_permissions()
534{
535    global $error;
536    global $lang;
537
538    $dirs = array(
539        'conf'        => DOKU_LOCAL,
540        'data'        => DOKU_INC . 'data',
541        'pages'       => DOKU_INC . 'data/pages',
542        'attic'       => DOKU_INC . 'data/attic',
543        'media'       => DOKU_INC . 'data/media',
544        'media_attic' => DOKU_INC . 'data/media_attic',
545        'media_meta'  => DOKU_INC . 'data/media_meta',
546        'meta'        => DOKU_INC . 'data/meta',
547        'cache'       => DOKU_INC . 'data/cache',
548        'locks'       => DOKU_INC . 'data/locks',
549        'index'       => DOKU_INC . 'data/index',
550        'tmp'         => DOKU_INC . 'data/tmp'
551    );
552
553    $ok = true;
554    foreach ($dirs as $dir) {
555        if (!file_exists("$dir/.") || !is_writable($dir)) {
556            $dir     = str_replace($_SERVER['DOCUMENT_ROOT'], '{DOCUMENT_ROOT}', $dir);
557            $error[] = sprintf($lang['i_permfail'], $dir);
558            $ok      = false;
559        }
560    }
561    return $ok;
562}
563
564/**
565 * Check the availability of functions used in DokuWiki and the PHP version
566 *
567 * @author Andreas Gohr <andi@splitbrain.org>
568 *
569 * @return bool
570 */
571function check_functions()
572{
573    global $error;
574    global $lang;
575    $ok = true;
576
577    if (version_compare(phpversion(), '5.6.0', '<')) {
578        $error[] = sprintf($lang['i_phpver'], phpversion(), '5.6.0');
579        $ok = false;
580    }
581
582    if (ini_get('mbstring.func_overload') != 0) {
583        $error[] = $lang['i_mbfuncoverload'];
584        $ok = false;
585    }
586
587    try {
588        random_bytes(1);
589    } catch (\Exception $th) {
590        // If an appropriate source of randomness cannot be found, an Exception will be thrown by PHP 7+
591        $error[] = $lang['i_urandom'];
592        $ok = false;
593    }
594
595    if (ini_get('mbstring.func_overload') != 0) {
596        $error[] = $lang['i_mbfuncoverload'];
597        $ok = false;
598    }
599
600    $funcs = explode(' ', 'addslashes call_user_func chmod copy fgets ' .
601                         'file file_exists fseek flush filesize ftell fopen ' .
602                         'glob header ignore_user_abort ini_get mkdir ' .
603                         'ob_start opendir parse_ini_file readfile realpath ' .
604                         'rename rmdir serialize session_start unlink usleep ' .
605                         'preg_replace file_get_contents htmlspecialchars_decode ' .
606                         'spl_autoload_register stream_select fsockopen pack xml_parser_create');
607
608    if (!function_exists('mb_substr')) {
609        $funcs[] = 'utf8_encode';
610        $funcs[] = 'utf8_decode';
611    }
612
613    if (!function_exists('mail')) {
614        if (strpos(ini_get('disable_functions'), 'mail') !== false) {
615            $disabled = $lang['i_disabled'];
616        } else {
617            $disabled = "";
618        }
619        $error[] = sprintf($lang['i_funcnmail'], $disabled);
620    }
621
622    foreach ($funcs as $func) {
623        if (!function_exists($func)) {
624            $error[] = sprintf($lang['i_funcna'], $func);
625            $ok = false;
626        }
627    }
628    return $ok;
629}
630
631/**
632 * Print language selection
633 *
634 * @author Andreas Gohr <andi@splitbrain.org>
635 */
636function langsel()
637{
638    global $lang;
639    global $LC;
640
641    $dir = DOKU_INC . 'inc/lang';
642    $dh  = opendir($dir);
643    if (!$dh) return;
644
645    $langs = array();
646    while (($file = readdir($dh)) !== false) {
647        if (preg_match('/^[\._]/', $file)) continue;
648        if (is_dir($dir . '/' . $file) && file_exists($dir . '/' . $file . '/lang.php')) {
649            $langs[] = $file;
650        }
651    }
652    closedir($dh);
653    sort($langs);
654
655    echo '<form action="">';
656    echo $lang['i_chooselang'];
657    echo ': <select name="l" onchange="submit()">';
658    foreach ($langs as $l) {
659        $sel = ($l == $LC) ? 'selected="selected"' : '';
660        echo '<option value="' . $l . '" ' . $sel . '>' . $l . '</option>';
661    }
662    echo '</select> ';
663    echo '<button type="submit">' . $lang['btn_update'] . '</button>';
664    echo '</form>';
665}
666
667/**
668 * Print global error array
669 *
670 * @author Andreas Gohr <andi@splitbrain.org>
671 */
672function print_errors()
673{
674    global $error;
675    if (!empty($error)) {
676        echo '<ul>';
677        foreach ($error as $err) {
678            echo "<li>$err</li>";
679        }
680        echo '</ul>';
681    }
682}
683