4 * Main page for install/config of db settings.
5 * This page is used to create/update includes/settings.php.
11 * The first time this page is accessed, there are no security
12 * precautions. The user is prompted to generate a config password.
13 * From then on, users must know this password to make any changes
14 * to the settings in settings.php./
17 * Add translations to this page.
19 include_once $gfplugins.'webcalendar/www/install/../includes/php-dbi.php';
21 $file = "../includes/settings.php";
22 $fileDir = "../includes";
24 // Get value from POST form
25 function getPostValue ( $name ) {
26 if ( ! empty ( $_POST[$name] ) ) {
29 if ( ! isset ( $HTTP_POST_VARS ) ) {
32 if ( ! isset ( $HTTP_POST_VARS[$name] ) ) {
35 return ( $HTTP_POST_VARS[$name] );
39 // Get value from GET form
40 function getGetValue ( $name ) {
41 if ( ! empty ( $_GET[$name] ) ) {
44 if ( ! isset ( $HTTP_GET_VARS ) ) {
47 if ( ! isset ( $HTTP_GET_VARS[$name] ) ) {
50 return ( $HTTP_GET_VARS[$name] );
53 function get_php_setting ( $val ) {
54 $setting = ini_get ( $val );
55 if ( $setting == '1' || $setting == 'ON' )
65 // First pass at settings.php.
66 // We need to read it first in order to get the md5 password.
67 $fd = @fopen ( $file, "rb", false );
70 $forcePassword = false;
71 if ( ! empty ( $fd ) ) {
72 while ( ! feof ( $fd ) ) {
73 $buffer = fgets ( $fd, 4096 );
74 $buffer = trim ( $buffer, "\r\n " );
75 if ( preg_match ( "/^(\S+):\s*(.*)/", $buffer, $matches ) ) {
76 if ( $matches[1] == "install_password" ) {
77 $password = $matches[2];
78 $settings['install_password'] = $password;
83 // File exists, but no password. Force them to create a password.
84 if ( empty ( $password ) ) {
85 $forcePassword = true;
92 // Handle "Logout" button
93 if ( 'logout' == getGetValue ( 'action' ) ) {
95 Header ( "Location: index.php" );
99 // If password already exists, check for session.
100 if ( file_exists ( $file ) && ! empty ( $password ) &&
101 ( empty ( $_SESSION['validuser'] ) ||
102 $_SESSION['validuser'] != $password ) ) {
108 $pwd = getPostValue ( "password" );
109 if ( file_exists ( $file ) && ! empty ( $pwd ) ) {
110 if ( md5($pwd) == $password ) {
111 $_SESSION['validuser'] = $password;
113 <html><head><title>Password Accepted</title>
114 <meta http-equiv="refresh" content="0; index.php" />
116 <body onload="alert('Successful Login');">
122 $_SESSION['validuser'] = '';
124 <html><head><title>Password Incorrect</title>
125 <meta http-equiv="refresh" content="0; index.php" />
127 <body onload="alert ('Invalid Login'); document.go(-1)">
134 $onload = "auth_handler (); ";
136 $pwd1 = getPostValue ( "password1" );
137 $pwd2 = getPostValue ( "password2" );
138 if ( file_exists ( $file ) && $forcePassword && ! empty ( $pwd1 ) ) {
139 if ( $pwd1 != $pwd2 ) {
140 echo "Passwords do not match!<br/>\n";
143 $fd = fopen ( $file, "a+b", false );
144 if ( empty ( $fd ) ) {
145 echo "<html><body>Unable to write password to settings.php file\n" .
149 fwrite ( $fd, "<?php\r\n" );
150 fwrite ( $fd, "install_password: " . md5($pwd1) . "\r\n" );
151 fwrite ( $fd, "?>\r\n" );
154 <html><head><title>Password Updated</title>
155 <meta http-equiv="refresh" content="0; index.php" />
157 <body onload="alert('Password has been set');">
164 // Is this a db connection test?
165 // If so, just test the connection, show the result and exit.
166 $action = getGetValue ( "action" );
167 if ( ! empty ( $action ) && $action == "dbtest" ) {
168 if ( ! empty ( $_SESSION['validuser'] ) ) {
169 $db_persistent = false;
170 $db_type = getGetValue ( 'db_type' );
171 $db_host = getGetValue ( 'db_host' );
172 $db_database = getGetValue ( 'db_database' );
173 $db_login = getGetValue ( 'db_login' );
174 $db_password = getGetValue ( 'db_password' );
176 echo "<html><head><title>WebCalendar: Db Connection Test</title>\n" .
177 "</head><body style=\"background-color: #fff;\">\n";
178 echo "<p><b>Connection Result:</b></p><blockquote>";
180 $c = dbi_connect ( $db_host, $db_login,
181 $db_password, $db_database );
184 echo "<span style=\"color: #0f0;\">Success</span></blockquote>";
185 $_SESSION['db_success'] = true;
186 // TODO: update the text in the main window to indicate success
188 echo "<span style=\"color: #0f0;\">Failure</span</blockquote>";
189 echo "<br/><br/><b>Reason:</b><blockquote>" . dbi_error () .
192 echo "<br/><br/><br/><div align=\"center\"><form><input align=\"middle\" type=\"button\" onclick=\"window.close()\" value=\"Close\" /></form></div>\n";
194 echo "<script language=\"JavaScript\" type=\"text/javascript\">\n";
195 echo "<!-- <![CDATA[\n";
196 echo "window.opener.show_db_status ( " .
197 ( $c ? "true" : "false" ) . " );\n";
198 echo "//]]> -->\n</script>\n";
199 echo "</body></html>\n";
200 } else { // Not valid user
201 echo "You are not authorized.";
202 // etranslate ( "You are not authorized" );
207 // Is this a call to phpinfo()?
208 $action = getGetValue ( "action" );
209 if ( ! empty ( $action ) && $action == "phpinfo" ) {
210 if ( ! empty ( $_SESSION['validuser'] ) ) {
213 echo "You are not authorized.";
214 // etranslate ( "You are not authorized" );
220 $exists = file_exists ( $file );
223 $canWrite = is_writable ( $file );
225 // check to see if we can create a new file.
226 $testFile = $fileDir . "/installTest.dat";
227 $testFd = @fopen ( $testFile, "w+b", false );
228 if ( file_exists ( $testFile ) ) {
231 @unlink ( $testFile );
236 // If we are handling a form POST, then take that data and put it in settings
238 $x = getPostValue ( "form_db_type" );
239 if ( empty ( $x ) ) {
240 // No form was posted. Set defaults if none set yet.
241 if ( ! file_exists ( $file ) ) {
242 $settings['db_type'] = 'mysql';
243 $settings['db_host'] = 'localhost';
244 $settings['db_database'] = 'intranet';
245 $settings['db_login'] = 'webcalendar';
246 $settings['db_password'] = 'webcal01';
247 $settings['db_persistent'] = 'true';
248 $settings['readonly'] = 'false';
249 $settings['user_inc'] = 'user.php';
250 $settings['install_password'] = '';
251 $settings['single_user_login'] = '';
252 $settings['use_http_auth'] = 'false';
253 $settings['single_user'] = 'false';
254 $settings['user_inc'] = 'user.php';
257 $settings['db_type'] = getPostValue ( 'form_db_type' );
258 $settings['db_host'] = getPostValue ( 'form_db_host' );
259 $settings['db_database'] = getPostValue ( 'form_db_database' );
260 $settings['db_login'] = getPostValue ( 'form_db_login' );
261 $settings['db_password'] = getPostValue ( 'form_db_password' );
262 $settings['db_persistent'] = getPostValue ( 'form_db_persistent' );
263 $settings['single_user_login'] = getPostValue ( 'form_single_user_login' );
264 $settings['readonly'] = getPostValue ( 'form_readonly' );
265 if ( getPostValue ( "form_user_inc" ) == "http" ) {
266 $settings['use_http_auth'] = 'true';
267 $settings['single_user'] = 'false';
268 $settings['user_inc'] = 'user.php';
269 } else if ( getPostValue ( "form_user_inc" ) == "none" ) {
270 $settings['use_http_auth'] = 'false';
271 $settings['single_user'] = 'true';
272 $settings['user_inc'] = 'user.php';
274 $settings['use_http_auth'] = 'false';
275 $settings['single_user'] = 'false';
276 $settings['user_inc'] = getPostValue ( 'form_user_inc' );
278 // Save settings to file now.
279 if ( empty ( $password ) ) {
280 $onload = "alert('Your settings have been saved.\\n\\n" .
281 "Please be sure to set a password.\\n');";
282 $forcePassword = true;
284 $onload .= "alert('Your settings have been saved.\\n\\n');";
286 $fd = @fopen ( $file, "w+b", false );
287 if ( empty ( $fd ) ) {
288 if ( file_exists ( $file ) ) {
289 $onload = "alert('Error: unable to write to file $file\\nPlease change the file permissions of this file.');";
291 $onload = "alert('Error: unable to write to file $file\\nPlease change the file permissions of your includes directory\\nto allow writing by other users.');";
294 fwrite ( $fd, "<?php\r\n" );
295 fwrite ( $fd, "# updated via install/index.php on " . date("r") . "\r\n" );
296 foreach ( $settings as $k => $v ) {
297 fwrite ( $fd, $k . ": " . $v . "\r\n" );
299 fwrite ( $fd, "# end settings.php\r\n?>\r\n" );
301 // Change to read/write by us only (only applies if we created file)
302 // and read-only by all others. Would be nice to make it 600, but
303 // the send_reminders.php script is usually run under a different
304 // user than the web server.
305 @chmod ( $file, 0644 );
310 $fd = @fopen ( $file, "rb", false );
311 if ( ! empty ( $fd ) ) {
312 while ( ! feof ( $fd ) ) {
313 $buffer = fgets ( $fd, 4096 );
314 $buffer = trim ( $buffer, "\r\n " );
315 if ( preg_match ( "/^#/", $buffer ) )
317 if ( preg_match ( "/^<\?/", $buffer ) ) // start php code
319 if ( preg_match ( "/^\?>/", $buffer ) ) // end php code
321 if ( preg_match ( "/(\S+):\s*(.*)/", $buffer, $matches ) ) {
322 // echo $matches[1] . " " . $matches[2] . "<br>";
323 $settings[$matches[1]] = $matches[2];
324 //echo "settings $matches[1] => $matches[2] <br>";
330 echo '<?xml version="1.0" encoding="UTF-8"?>' . "\n";
332 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
333 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
334 <head><title>WebCalendar Database Setup</title>
335 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
336 <?php include "../includes/js/visible.php"; ?>
337 <script language="JavaScript" type="text/javascript">
339 <?php if ( ! empty ( $_SESSION['validuser'] ) ) { ?>
340 function testSettings () {
342 var form = document.dbform;
343 url = "index.php?action=dbtest" +
344 "&db_type=" + form.form_db_type.value +
345 "&db_host=" + form.form_db_host.value +
346 "&db_database=" + form.form_db_database.value +
347 "&db_login=" + form.form_db_login.value +
348 "&db_password=" + form.form_db_password.value;
349 //alert ( "URL:\n" + url );
350 window.open ( url, "wcDbTest", "width=400,height=350,resizable=yes,scrollbars=yes" );
352 function testPHPInfo () {
354 var form = document.phpinfo;
355 url = "index.php?action=phpinfo";
356 //alert ( "URL:\n" + url );
357 window.open ( url, "wcTestPHPInfo", "width=800,height=600,resizable=yes,scrollbars=yes" );
360 function validate(form)
362 var form = document.dbform;
363 // only check is to make sure single-user login is specified if
364 // in single-user mode
365 if ( form.form_user_inc.options[4].selected ) {
366 if ( form.form_single_user_login.value.length == 0 ) {
367 // No single user login specified
368 alert ( "Error: you must specify a\nSingle-User Login" );
369 form.form_single_user_login.focus ();
376 function auth_handler () {
377 var form = document.dbform;
378 if ( form.form_user_inc.options[4].selected ) {
379 makeVisible ( "singleuser" );
381 makeInvisible ( "singleuser" );
385 function show_db_status ( success ) {
387 makeVisible ( "db_success" );
388 makeInvisible ( "no_db_success" );
390 makeInvisible ( "db_success" );
391 makeVisible ( "no_db_success" );
396 <style type="text/css">
398 background-color: #ffffff;
399 font-family: Arial, Helvetica, sans-serif;
403 border: 1px solid #ccc;
407 background-color: #eee;
418 border-bottom: 1px solid #000;
437 <body onload="<?php echo $onload;?>">
439 /* other features coming soon....
441 <table border="0" width="100%">
443 <td><<<b>Database Setup</b>>></td>
444 <td><<<a href="setup.php">Setup Wizard</a>>></td>
445 <td><<<a href="diag.php">Diagnostics</a>>></td>
451 <h2>WebCalendar Database Setup</h2>
453 <p><b>Current Status:</b></p>
456 <li>Supported databases for your PHP installation:
459 if ( function_exists ( "mysql_pconnect" ) )
461 if ( function_exists ( "mysqli_connect" ) )
463 if ( function_exists ( "OCIPLogon" ) )
465 if ( function_exists ( "pg_pconnect" ) )
466 $dbs[] = "postgresql";
467 if ( function_exists ( "odbc_pconnect" ) )
469 if ( function_exists ( "db2_pconnect" ) )
471 if ( function_exists ( "ibase_pconnect" ) )
473 if ( function_exists ( "mssql_pconnect" ) )
475 for ( $i = 0; $i < count ( $dbs ); $i++ ) {
478 $supported[$dbs[$i]] = true;
482 <?php if ( ! empty ( $_SESSION['db_success'] ) && $_SESSION['db_success'] ) { ?>
483 <li id="db_success"> Your current database settings are able to
484 access the database.</li>
485 <li id="no_db_success" style="visibility: hidden;"> Your current database settings are <b>not</b> able to
486 access the database or have not yet been tested.</li>
488 <li id="no_db_success"> Your current database settings are <b>not</b> able to
489 access the database or have not yet been tested.</li>
490 <li id="db_success" style="visibility: hidden;"> Your current database settings are able to
491 access the database.</li>
493 <?php if ( empty ( $password ) ) { ?>
494 <li> You have not set a password for this page. </li>
496 <?php if ( $exists && ! $canWrite ) { ?>
498 The file permissions of <tt>settings.php</tt> are set so
499 that this script does not have permission to write changes to it.
500 You must change the file permissions of the following
501 file to use this script:
503 <?php echo realpath ( $file ); ?>
506 <?php } else if ( ! $exists && ! $canWrite ) { ?>
508 The file permissions of the <tt>includes</tt> directory are set so
509 that this script does not have permission to create a new file
511 You must change the permissions of the follwing directory
514 <?php echo realpath ( $fileDir ); ?>
518 <?php if ( ! file_exists ( $file ) ) { ?>
519 <li>You have not created a <tt>settings.php</tt> file yet.</li>
521 <?php if ( empty ( $PHP_AUTH_USER ) ) { ?>
522 <li>HTTP-based authentication was not detected.
523 You will need to reconfigure your web server if you wish to
524 select "Web Server" from the "User Authentication" choices below.
527 <li>HTTP-based authentication was detected.
528 User authentication is being handled by your web server.
529 You should select "Web Server" from the list of
530 "User Authentication " choices below.
536 <table> <tr><td valign="top">
537 <?php if ( $doLogin ) { ?>
538 <form action="index.php" method="post" name="dblogin">
540 <p>Please enter the password.</p>
544 <tr><th colspan="2" class="header">Enter Password</th></tr>
545 <tr><th>Password:</th><td><input name="password" type="password" /></td></tr>
546 <tr><td colspan="2" align="center"><input type="submit" value="Login" /></td></tr>
550 <?php } else if ( $forcePassword ) { ?>
551 <form action="index.php" method="post" name="dbpassword">
552 <p>You have not set a password for access to this page yet.
553 Please set the password.
557 <tr><th colspan="2" class="header">Create Password</th></tr>
558 <tr><th>Password:</th><td><input name="password1" type="password" /></td></tr>
559 <tr><th>Password (again):</th><td><input name="password2" type="password" /></td></tr>
560 <tr><td colspan="2" align="center"><input type="submit" value="Set Password" /></td></tr>
565 <form action="index.php" method="post" name="dbform">
568 <tr><th class="header" colspan="2">Database Settings</th></tr>
570 <tr><td class="prompt">Database Type:</td>
572 <select name="form_db_type">
574 if ( ! empty ( $supported['mysql'] ) )
575 echo "<option value=\"mysql\" " .
576 ( $settings['db_type'] == 'mysql' ? " selected=\"selected\"" : "" ) .
577 "> MySQL </option>\n";
579 if ( ! empty ( $supported['mysqli'] ) )
580 echo "<option value=\"mysqli\" " .
581 ( $settings['db_type'] == 'mysqli' ? " selected=\"selected\"" : "" ) .
582 "> MySQL (Improved)</option>\n";
584 if ( ! empty ( $supported['oracle'] ) )
585 echo "<option value=\"oracle\" " .
586 ( $settings['db_type'] == 'oracle' ? " selected=\"selected\"" : "" ) .
587 "> Oracle (OCI) </option>\n";
589 if ( ! empty ( $supported['postgresql'] ) )
590 echo "<option value=\"postgresql\" " .
591 ( $settings['db_type'] == 'postgresql' ? " selected=\"selected\"" : "" ) .
592 "> PostgreSQL </option>\n";
594 if ( ! empty ( $supported['ibm_db2'] ) )
595 echo " <option value=\"ibm_db2\" " .
596 ( $settings['db_type'] == 'ibm_db2' ? " selected=\"selected\"" : "" ) .
597 ">IBM DB2 Universal Database</option>\n";
599 if ( ! empty ( $supported['odbc'] ) )
600 echo "<option value=\"odbc\" " .
601 ( $settings['db_type'] == 'odbc' ? " selected=\"selected\"" : "" ) .
602 "> ODBC </option>\n";
604 if ( ! empty ( $supported['ibase'] ) )
605 echo "<option value=\"ibase\" " .
606 ( $settings['db_type'] == 'ibase' ? " selected=\"selected\"" : "" ) .
607 "> Interbase </option>\n";
609 if ( ! empty ( $supported['mssql'] ) )
610 echo "<option value=\"mssql\" " .
611 ( $settings['db_type'] == 'mssql' ? " selected=\"selected\"" : "" ) .
612 "> MS SQL Server </option>\n";
617 <tr><td class="prompt">Server:</td>
618 <td><input name="form_db_host" size="20" value="<?php echo $settings['db_host'];?>" /></td></tr>
620 <tr><td class="prompt">Database Name:</td>
621 <td><input name="form_db_database" size="20" value="<?php echo $settings['db_database'];?>" /></td></tr>
623 <tr><td class="prompt">Login:</td>
624 <td><input name="form_db_login" size="20" value="<?php echo $settings['db_login'];?>" /></td></tr>
626 <tr><td class="prompt">Password:</td>
627 <td><input name="form_db_password" size="20" value="<?php echo $settings['db_password'];?>" /></td></tr>
629 <tr><td class="prompt">Connection Persistence:</td>
630 <td><input name="form_db_persistent" value="true" type="radio"
631 <?php echo ( $settings['db_persistent'] == 'true' )? " checked=\"checked\"" : "";
633
634 <input name="form_db_persistent" value="false" type="radio"
635 <?php echo ( $settings['db_persistent'] != 'true' )? " checked=\"checked\"" : "";
638 <?php if ( ! empty ( $_SESSION['validuser'] ) ) { ?>
639 <tr><td colspan="2" align="center">
640 <input name="action" type="button" value="Test Settings"
641 onclick="testSettings()" />
644 <tr><th class="header" colspan="2">
645 <p>You must save before proceeding.</p>
654 <th class="header" colspan="2" >Application Settings</th>
657 <td class="prompt">User Authentication:</td>
659 <select name="form_user_inc" onchange="auth_handler()">
661 echo "<option value=\"user.php\" " .
662 ( $settings['user_inc'] == 'user.php' && $settings['use_http_auth'] != 'true' ? " selected=\"selected\"" : "" ) .
663 "> Web-based via WebCalendar (default) </option>\n";
665 echo "<option value=\"http\" " .
666 ( $settings['user_inc'] == 'user.php' && $settings['use_http_auth'] == 'true' ? " selected=\"selected\"" : "" ) .
668 ( empty ( $PHP_AUTH_USER ) ? "(not detected)" : "(detected)" ) .
671 echo "<option value=\"user-ldap.php\" " .
672 ( $settings['user_inc'] == 'user-ldap.php' ? " selected=\"selected\"" : "" ) .
673 "> LDAP </option>\n";
675 echo "<option value=\"user-nis.php\" " .
676 ( $settings['user_inc'] == 'user-nis.php' ? " selected=\"selected\"" : "" ) .
679 echo "<option value=\"none\" " .
680 ( $settings['user_inc'] == 'user.php' && $settings['single_user'] == 'true' ? " selected=\"selected\"" : "" ) .
681 "> None (Single-User) </option>\n</select>";
686 <td class="prompt"> Single-User Login:</td>
688 <input name="form_single_user_login" size="20" value="<?php echo $settings['single_user_login'];?>" /></td>
691 <td class="prompt">Read-Only:</td>
693 <input name="form_readonly" value="true" type="radio"
694 <?php echo ( $settings['readonly'] == 'true' )? " checked=\"checked\"" : "";?> />Yes
695
696 <input name="form_readonly" value="false" type="radio"
697 <?php echo ( $settings['readonly'] != 'true' )? " checked=\"checked\"" : "";?> />No
703 $php_settings = array (
704 //array ('Safe Mode','safe_mode','OFF'),
705 array ('Magic Quotes GPC','magic_quotes_gpc','ON'),
706 array ('Register Globals','register_globals','OFF'),
707 array ('Display Errors','display_errors','ON'),
708 array ('File Uploads','file_uploads','ON'),
713 <tr><th class="header" colspan="2">PHP Settings</th></tr>
714 <?php foreach ( $php_settings as $setting ) { ?>
715 <tr><td class="prompt"><?php echo $setting[0];?></td>
717 $class = ( get_php_setting ( $setting[1] ) == $setting[2] ) ?
718 'recommended' : 'notrecommended';
719 echo "<td class=\"$class\">";
720 echo get_php_setting ( $setting[1] );
725 <?php if ( ! empty ( $_SESSION['validuser'] ) ) { ?>
726 <tr><td align="center" colspan="2"><input name="action" type="button" value="Detailed PHP Info"
727 onclick="testPHPInfo()" /></td></tr>
733 <tr><td align="center" colspan="2">
734 <input name="action" type="button" value="Save Settings"
735 onclick="return validate();" />
736 <?php if ( ! empty ( $_SESSION['db_success'] ) && $_SESSION['db_success'] && empty ( $dologin ) ) { ?>
737 <input type="button" value="Launch WebCalendar"
738 onclick="window.open('../index.php', 'webcalendar');" />
740 <?php if ( ! empty ( $_SESSION['validuser'] ) ) { ?>
741 <input type="button" value="Logout"
742 onclick="document.location.href='index.php?action=logout'" />
752 <b>Documentation:</b>
755 <li class="doc"><a href="../docs/WebCalendar-SysAdmin.html" target="_docs">System Administrator's Guide</a> (Installation Instructions) </li>
756 <li class="doc"><a href="../docs/WebCalendar-SysAdmin.html#faq" target="_docs">FAQ</a> </li>
757 <li class="doc"><a href="../docs/WebCalendar-SysAdmin.html#trouble" target="_docs">Troubleshooting</a> </li>
758 <li class="doc"><a href="../docs/WebCalendar-SysAdmin.html#help" target="_docs">Getting Help</a> </li>