From 10b21a09d6b9d26ad77b66c61ddab3ff499e1e8d Mon Sep 17 00:00:00 2001 From: genuineparts Date: Sun, 22 Jun 2025 16:24:59 +0200 Subject: [PATCH] bugfix --- install/install.php | 524 ++++++++++++++++++++++---------------------- 1 file changed, 261 insertions(+), 263 deletions(-) diff --git a/install/install.php b/install/install.php index 2f2edf8..97f7c65 100755 --- a/install/install.php +++ b/install/install.php @@ -366,188 +366,188 @@ class install{ function step($step='start'){ global $config; - switch($step){ - - case 'start': - if(isset($_POST['send'])){ - $this->t->setlang($_POST['language']); - header("Location: install.php?step=license"); - } - $options=''; - $languages=$this->t->getlanguages(); - foreach($languages as $lang){ - $options.=''; - } - $data='

'.$this->t->_('Wilkommen').'

-

'.$this->t->_('WilkommenText1').'

-

'.$this->t->_('Waehledeinesprache').'

+ switch($step) { + + case 'start': + if (isset($_POST['send'])) { + $this->t->setlang($_POST['language']); + header("Location: install.php?step=license"); + } + $options = ''; + $languages = $this->t->getlanguages(); + foreach ($languages as $lang) { + $options .= ''; + } + $data = '

' . $this->t->_('Wilkommen') . '

+

' . $this->t->_('WilkommenText1') . '

+

' . $this->t->_('Waehledeinesprache') . '


- +

'; - break; - - case 'license': - if(isset($_POST['back'])){ - header("Location: install.php?step=start"); - } - if(isset($_POST['send'])){ - if($_POST['accept']!=1){ - $err= '

'.$this->t->_('FehlerAkzeptieren').'

'; - }else{ - header("Location: install.php?step=check"); - } - } - $datei = fopen(dirname(__FILE__).'/license/gpl2.txt','r'); - $license=''; - while (!feof($datei)){ - $license .= fgets($datei,1024); - } - fclose($datei); - - $data='

'.$this->t->_('Lizenz').'

-

'.$this->t->_('LizenzText').'

- '.$err.' -
'.$license.'
-
-

'.$this->t->_('Akzeptieren').'

-
- -
-
'; - break; - - case 'check': - $globcheck=true; - $dircheck=$this->checkchmod(); - if($dircheck){ - $dirs='
'.$this->t->_('dateiok'); - }else{ - $globcheck=false; - $dirs='
'.$this->t->_('dateinichtok'); - } - $dirs.=''; - foreach($this->checkdir as $dir){ - $dirs.=''; - } - $dirs.='
'.$this->t->_('Verzeichnis').''.$this->t->_('Ergebnis').'
'.$dir['dir'].'................'.$dir['status'].'
'; - $phpcheck=$this->checkphp(); - if($phpcheck){ - $php='
'.$this->t->_('phpok'); - }else{ - $globcheck=false; - $php='
'.$this->t->_('phpnichtok'); - } - $php.=''; - foreach($this->checkphp as $p){ - $php.=''; - } - $php.='
'.$this->t->_('Komponente').''.$this->t->_('benVersion').''.$this->t->_('instVersion').'
'.$p['name'].''.$p['needed'].''.$p['status'].'
'; - $dbcheck=$this->getsupportetdbs(); - if($dbcheck){ - $dbs='
'.$this->t->_('dbsok'); - }else{ - $globcheck=false; - $dbs='
'.$this->t->_('dbsnichtok'); - } - $dbas = ""; - foreach($this->dbas as $d){ - if(empty($dbas)) - $dbas=$d['name']; - else - $dbas.=' ,'.$d['name']; - } - if($dbas==''){ - $dbas=$this->t->_('keine'); - } - $dbs.='
'.$this->t->_('installiertedbs').': '.$dbas.'
'; - if(isset($_POST['back'])){ - header("Location: install.php?step=license"); - } - if(isset($_POST['send'])){ - if(!$globcheck){ - $err= '
'.$this->t->_('Fehlererstloesen').'
'; - }else{ - header("Location: install.php?step=database"); - } - } + break; - $data='

'.$this->t->_('Pruefung').'

-

'.$this->t->_('PruefungText').'

'.$err.'

'; - if($globcheck){ - $data.='

'.$this->t->_('CheckOK').'

'; - }else{ - $data.='

'.$this->t->_('ChecknichtOK').'

'; - $locked='disabled="disabled"'; - } - $data.='

'.$dirs.'

-

'.$php.'

-

'.$dbs.'

+ case 'license': + if (isset($_POST['back'])) { + header("Location: install.php?step=start"); + } + if (isset($_POST['send'])) { + if ($_POST['accept'] != 1) { + $err = '

' . $this->t->_('FehlerAkzeptieren') . '

'; + } else { + header("Location: install.php?step=check"); + } + } + $datei = fopen(dirname(__FILE__) . '/license/gpl2.txt', 'r'); + $license = ''; + while (!feof($datei)) { + $license .= fgets($datei, 1024); + } + fclose($datei); + + $data = '

' . $this->t->_('Lizenz') . '

+

' . $this->t->_('LizenzText') . '

+ ' . $err . ' +
' . $license . '
+
+

' . $this->t->_('Akzeptieren') . '

+
+ +
+
'; + break; + + case 'check': + $globcheck = true; + $dircheck = $this->checkchmod(); + if ($dircheck) { + $dirs = '
' . $this->t->_('dateiok'); + } else { + $globcheck = false; + $dirs = '
' . $this->t->_('dateinichtok'); + } + $dirs .= ''; + foreach ($this->checkdir as $dir) { + $dirs .= ''; + } + $dirs .= '
' . $this->t->_('Verzeichnis') . '' . $this->t->_('Ergebnis') . '
' . $dir['dir'] . '................' . $dir['status'] . '
'; + $phpcheck = $this->checkphp(); + if ($phpcheck) { + $php = '
' . $this->t->_('phpok'); + } else { + $globcheck = false; + $php = '
' . $this->t->_('phpnichtok'); + } + $php .= ''; + foreach ($this->checkphp as $p) { + $php .= ''; + } + $php .= '
' . $this->t->_('Komponente') . '' . $this->t->_('benVersion') . '' . $this->t->_('instVersion') . '
' . $p['name'] . '' . $p['needed'] . '' . $p['status'] . '
'; + $dbcheck = $this->getsupportetdbs(); + if ($dbcheck) { + $dbs = '
' . $this->t->_('dbsok'); + } else { + $globcheck = false; + $dbs = '
' . $this->t->_('dbsnichtok'); + } + $dbas = ""; + foreach ($this->dbas as $d) { + if (empty($dbas)) + $dbas = $d['name']; + else + $dbas .= ' ,' . $d['name']; + } + if ($dbas == '') { + $dbas = $this->t->_('keine'); + } + $dbs .= '
' . $this->t->_('installiertedbs') . ': ' . $dbas . '
'; + if (isset($_POST['back'])) { + header("Location: install.php?step=license"); + } + if (isset($_POST['send'])) { + if (!$globcheck) { + $err = '
' . $this->t->_('Fehlererstloesen') . '
'; + } else { + header("Location: install.php?step=database"); + } + } + + $data = '

' . $this->t->_('Pruefung') . '

+

' . $this->t->_('PruefungText') . '

' . $err . '

'; + if ($globcheck) { + $data .= '

' . $this->t->_('CheckOK') . '

'; + } else { + $data .= '

' . $this->t->_('ChecknichtOK') . '

'; + $locked = 'disabled="disabled"'; + } + $data .= '

' . $dirs . '

+

' . $php . '

+

' . $dbs . '


- +

'; - break; - - case 'database': - $locked='disabled="disabled"'; - if(isset($_POST['back'])){ - @unlink(dirname(dirname(__FILE__)).'/config.tmp.php'); - header("Location: install.php?step=check"); - } - if(isset($_POST['test'])){ - $error=false; - $user=$_POST['dbuser']; - $pass=$_POST['dbpass']; - $db=$_POST['db']; - $server=$_POST['dbserv']; - $prefix=$_POST['dbprefix']; - $driver=$_POST['dbdriver']; - $pdata=$_POST; - $configdata=''; define('DEBUG', FALSE); - include dirname(__FILE__, 2) .'/inc/logger.class.php'; - include dirname(__FILE__, 2) .'/core/database/'.$driver.'.class.php'; - try{ - $db = new db($server, $user, $pass, $db,'utf8', FALSE,TRUE); - $result=$db->query("SHOW TABLES"); - }catch(Exception $e){ - $error=true; - } - if(!$error){ - $datei = fopen(dirname(__FILE__, 2) .'/config.tmp.php','w'); - fputs($datei,$configdata); - fclose($datei); - $locked=''; - $err='

'.$this->t->_('Installationwarten').'

'; - }else{ - $err='

'.$this->t->_('FalscheDaten').'

'; - } - } - if(isset($_POST['send'])){ - define('DEBUG', FALSE); - include dirname(__FILE__, 2) .'/inc/logger.class.php'; - include dirname(__FILE__, 2) .'/config.tmp.php'; - include dirname(__FILE__, 2) .'/core/database/'.$config['db_class'].'.class.php'; - - $configdata='query("SHOW TABLES"); + } catch (Exception $e) { + $error = true; + } + if (!$error) { + $datei = fopen(dirname(__FILE__, 2) . '/config.tmp.php', 'w'); + fputs($datei, $configdata); + fclose($datei); + $locked = ''; + $err = '

' . $this->t->_('Installationwarten') . '

'; + } else { + $err = '

' . $this->t->_('FalscheDaten') . '

'; + } + } + if (isset($_POST['send'])) { + define('DEBUG', FALSE); + include dirname(__FILE__, 2) . '/inc/logger.class.php'; + include dirname(__FILE__, 2) . '/config.tmp.php'; + include dirname(__FILE__, 2) . '/core/database/' . $config['db_class'] . '.class.php'; + + $configdata = ''; - $datei = fopen(dirname(__FILE__, 2) .'/inc/config.inc.php','w+'); - fputs($datei,$configdata); - fclose($datei); - $db = new db($config['host'], $config['user'], $config['pass'], $config['db'],'utf8', FALSE,TRUE); - $dump = new dump($db); - $dump->read(dirname(__FILE__).'/sql/dump.sql'); - $dump->prepare($config['prefix']); - $dump->execute(); - $pdata=$_POST; - @unlink(dirname(__FILE__, 2) .'/config.tmp.php'); - header("Location: install.php?step=user"); - } - if($pdata['dbprefix']==''){ - $pdata['dbprefix']='bcwe_'; - } - if($pdata['dbserv']==''){ - $pdata['dbserv']='localhost'; - } - $this->getsupportetdbs(); - foreach($this->dbas as $driver){ - if($pdata['dbdriver']==$driver['short']){ - $select='selected="selected"'; - } - $drv.=''; - } - $data='

'.$this->t->_('Datenbank').'

-

'.$this->t->_('DatenbankText').'

- '.$err.' + $datei = fopen(dirname(__FILE__, 2) . '/inc/config.inc.php', 'w+'); + fputs($datei, $configdata); + fclose($datei); + $db = new db($config['host'], $config['user'], $config['pass'], $config['db'], 'utf8', FALSE, TRUE); + $dump = new dump($db); + $dump->read(dirname(__FILE__) . '/sql/dump.sql'); + $dump->prepare($config['prefix']); + $dump->execute(); + $pdata = $_POST; + @unlink(dirname(__FILE__, 2) . '/config.tmp.php'); + header("Location: install.php?step=user"); + } + if ($pdata['dbprefix'] == '') { + $pdata['dbprefix'] = 'bcwe_'; + } + if ($pdata['dbserv'] == '') { + $pdata['dbserv'] = 'localhost'; + } + $this->getsupportetdbs(); + foreach ($this->dbas as $driver) { + if ($pdata['dbdriver'] == $driver['short']) { + $select = 'selected="selected"'; + } + $drv .= ''; + } + $data = '

' . $this->t->_('Datenbank') . '

+

' . $this->t->_('DatenbankText') . '

+ ' . $err . '
- - + +
- - + +
- - + +
- - + +
- - + +
- +

- +

'; - break; - - case 'user': - if(isset($_POST['back'])){ - header("Location: install.php?step=database"); - } - if(isset($_POST['send'])){ - $err=false; - if($_POST['pass']!=$_POST['passrepeat']){ - $err.='

'.$this->t->_('Passwoerterfalsch').'

'; - } - if(!preg_match('/^(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){255,})(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){65,}@)(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22))(?:\.(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\]))$/iD',$_POST['email'])){ - $err.='

'.$this->t->_('Emailinkorrekt').'

'; - } - if(!$err){ - define('in_astat',TRUE); + break; + + case 'user': + if (isset($_POST['back'])) { + header("Location: install.php?step=database"); + } + if (isset($_POST['send'])) { + $err = false; + if ($_POST['pass'] != $_POST['passrepeat']) { + $err .= '

' . $this->t->_('Passwoerterfalsch') . '

'; + } + if (!preg_match('/^(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){255,})(?!(?:(?:\x22?\x5C[\x00-\x7E]\x22?)|(?:\x22?[^\x5C\x22]\x22?)){65,}@)(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22))(?:\.(?:(?:[\x21\x23-\x27\x2A\x2B\x2D\x2F-\x39\x3D\x3F\x5E-\x7E]+)|(?:\x22(?:[\x01-\x08\x0B\x0C\x0E-\x1F\x21\x23-\x5B\x5D-\x7F]|(?:\x5C[\x00-\x7F]))*\x22)))*@(?:(?:(?!.*[^.]{64,})(?:(?:(?:xn--)?[a-z0-9]+(?:-[a-z0-9]+)*\.){1,126}){1,}(?:(?:[a-z][a-z0-9]*)|(?:(?:xn--)[a-z0-9]+))(?:-[a-z0-9]+)*)|(?:\[(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){7})|(?:(?!(?:.*[a-f0-9][:\]]){7,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,5})?)))|(?:(?:IPv6:(?:(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){5}:)|(?:(?!(?:.*[a-f0-9]:){5,})(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3})?::(?:[a-f0-9]{1,4}(?::[a-f0-9]{1,4}){0,3}:)?)))?(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))(?:\.(?:(?:25[0-5])|(?:2[0-4][0-9])|(?:1[0-9]{2})|(?:[1-9]?[0-9]))){3}))\]))$/iD', $_POST['email'])) { + $err .= '

' . $this->t->_('Emailinkorrekt') . '

'; + } + if (!$err) { + define('in_astat', TRUE); define('DEBUG', FALSE); - include dirname(__FILE__, 2) .'/inc/logger.class.php'; - include dirname(__FILE__, 2) .'/inc/config.inc.php'; - include dirname(__FILE__, 2) .'/core/database/'.$config['db_class'].'.class.php'; - $db = new db($config['host'], $config['user'], $config['pass'], $config['db'],'utf8', FALSE,TRUE); - $key=$this->generate_Key(50); - $salt=$this->generate_Key(6); - $active=1; - $pass=hash('sha256',$db->escape($salt.$_POST['pass'])); - $username=$db->escape($_POST['user']); - $email=$db->escape($_POST['email']); - $db->query("INSERT INTO `" . $config['prefix'] . "users` (`username`,`password`,`loginkey`,`salt`,`email`,`active`,`since`,`role`) VALUES ('".$username."','".$pass."','".$key."', '".$salt."', '".$email."', '".$active."','".time()."','2')"); - header("Location: install.php?step=finish"); - }else{ - $pdata=$_POST; - } - } - $data='

'.$this->t->_('Benutzer').'

-

'.$this->t->_('BenutzerText').'

- '.$err.' + include dirname(__FILE__, 2) . '/inc/logger.class.php'; + include dirname(__FILE__, 2) . '/inc/config.inc.php'; + include dirname(__FILE__, 2) . '/core/database/' . $config['db_class'] . '.class.php'; + $db = new db($config['host'], $config['user'], $config['pass'], $config['db'], 'utf8', FALSE, TRUE); + $key = $this->generate_Key(50); + $salt = $this->generate_Key(6); + $active = 1; + $pass = hash('sha256', $db->escape($salt . $_POST['pass'])); + $username = $db->escape($_POST['user']); + $email = $db->escape($_POST['email']); + $db->query("INSERT INTO `" . $config['prefix'] . "users` (`username`,`password`,`loginkey`,`salt`,`email`,`active`,`since`,`role`) VALUES ('" . $username . "','" . $pass . "','" . $key . "', '" . $salt . "', '" . $email . "', '" . $active . "','" . time() . "','2')"); + header("Location: install.php?step=finish"); + } else { + $pdata = $_POST; + } + } + $data = '

' . $this->t->_('Benutzer') . '

+

' . $this->t->_('BenutzerText') . '

+ ' . $err . '
- - + +
- +
- +
- - + +

- +

'; - break; - - case 'finish': - $fopen=true; - $test=fopen('https://webengine.becast.at/install.php?test', 'r'); - $testecho= fgets($test,1024); - fclose($test); - if($testecho!="Success"){ - $fopen=false; - } + break; + + case 'finish': + $fopen = true; + $test = fopen('https://webengine.becast.at/install.php?test', 'r'); + if (!$test) { + $fopen = false; + } $server='Server: '.$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']; $astat_version='BcWe version: '.$this->version; $timestamp='Timestamp: '.time();