changed install/index.php,save.php
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
changed install/index.php,save.php
by Bogdan Stanciu
::
Rate this Message:
Hi there,
I took the opportunity to review and slightly improve (in my view) the install files. here are the changes: index.php 1. I took out the session creation and redirect (for testing) because the session does not get destroyed afterwards. This becomes annoying especially when you have more than one company, as it opens the index.php of the last session (regular sessions are not destroyed either, another To do). and anyway i found useless to open a session here. 2. I replaced the sessions support verification by session.auto_start = 0 check. 3. I added a supplementary check session.use_trans_sid = 0 for verifying that SID does not get into the url (security issue for multi-user environments) 4. I added the version number under the logo. 5. I added a port field (it happened that i use a non standard port as i have two mysql servers - different versions) which can be changed for non-standard installations. save.php 6. took out session open/close 7. added process for new port field, including the config.php contents 8. corrected sql statement at line 349, a blocker for the user update!! 9. taken out the last statement, useless to have a meta-refresh after a header redirect in my view. I hope it will be appreciated :-) Bogdan Index: install/index.php =================================================================== --- install/index.php (revision 2809) +++ install/index.php (working copy) @@ -1,38 +1,28 @@ <?php error_reporting(E_ALL); ini_set('display_errors', 'On'); -// Start a session -if(!defined('SESSION_STARTED')) { - session_name('ba_session_id'); - session_start(); - define('SESSION_STARTED', true); -} -// Check if the page has been reloaded -if(!isset($_GET['sessions_checked']) || $_GET['sessions_checked'] != 'true') { - // Set session variable - $_SESSION['session_support'] = '<font class="good">Enabled</font>'; - // Reload page - header('Location: index.php?sessions_checked=true'); - exit(0); -} else { - // Check if session variable has been saved after reload - if(isset($_SESSION['session_support'])) { - $session_support = $_SESSION['session_support']; - } else { - $session_support = '<font class="bad">Disabled</font>'; - } -} $path_to_root = '..'; $comp_path = $path_to_root. '/companies'; +//Need to get the new version number from config.distrib.php +$ConfigDistributionFile = file($path_to_root . '/config.distrib.php'); +$ConfigDistributionFileLines = sizeof($ConfigDistributionFile); +for ($i=0; $i<$ConfigDistributionFileLines; $i++) { + $ConfigDistributionFile[$i] = trim($ConfigDistributionFile[$i]); + if (substr($ConfigDistributionFile[$i], 0, 8) == '$Version'){ + $VersionStr = explode("=",$ConfigDistributionFile[$i]); + } +} +$VersionStr = trim($VersionStr[1],' \';'); + ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>WebERP Installation Wizard</title> -<link href="../css/jelly/default.css" rel="stylesheet" type="text/css"> +<link href="../css/jelly/default.css" rel="stylesheet" type="text/css" /> <script language="javascript" type="text/javascript"> function change_os(type) { @@ -79,27 +69,18 @@ <table cellpadding="0" cellspacing="0" border="0" width="750" align="center" style="margin-top: 10px;"> <tr> - <td class="content"> - <h2>Welcome to the WebERP Installation Wizard.</h2> - <center> - <img src="<?php echo "../companies/weberpdemo/logo.jpg"; ?>" width="250" height="50" alt="Logo" /> - </center> - - - <?php + <td class="content" style="text-align:center;"> + <h2>Welcome to the WebERP Installation Wizard.</h2> + <img src="<?php echo "../companies/weberpdemo/logo.jpg"; ?>" width="250" height="50" alt="Logo" /><br /> + Version: <?php echo $VersionStr.'<br />'; if(isset($_SESSION['message']) AND $_SESSION['message'] != '') { ?><div style="width: 700px; padding: 10px; margin-bottom: 5px; border: 1px solid #FF0000; background-color: #FFDBDB;"><b>Error:</b> <?php echo $_SESSION['message']; ?></div><?php } ?> - <table cellpadding="3" cellspacing="0" width="100%" align="center"> - <tr> - <td colspan="8"><h1>Step 1</h1>Please check the following requirements are met before continuing...</td> - </tr> - <?php if($session_support != '<font class="good">Enabled</font>') { ?> + <table cellpadding="3" cellspacing="0" width="50%" align="left"> <tr> - <td colspan="8" style="font-size: 10px;" class="bad">Please note: PHP Session Support may appear disabled if your browser does not support cookies.</td> + <td colspan="2"><h1>Step 1</h1>Please check the following requirements are met before continuing...</td> </tr> - <?php } ?> <tr> <td width="140" style="color: #666666;">PHP Version > 4.1.0</td> <td width="35"> @@ -111,19 +92,18 @@ ?><font class="bad">No</font><?php } ?> - </td> + </td></tr> + <tr> <td width="140" style="color: #666666;">PHP Session Support</td> - <td width="115"><?php echo $session_support; ?></td> - <td width="105" style="color: #666666;">PHP Safe Mode</td> - <td> - <?php - if(ini_get('safe_mode')) { - ?><font class="bad">Enabled</font><?php - } else { - ?><font class="good">Disabled</font><?php - } - ?> - </td> + <td width="35" ><?php echo (((int)ini_get('session.auto_start') == 0) ? '<font class="good">Enabled</font>' : '<font class="bad">Disabled</font>'); ?></td> + </tr> + <tr> + <td width="140" style="color: #666666;">Use transparent sid</td> + <td width="35"><?php echo (((int)ini_get('session.use_trans_sid') == 0) ? '<font class="good">Off</font>' : '<font class="bad">On</font>'); ?></td> + </tr> + <tr> + <td width="140" style="color: #666666;">PHP Safe Mode</td> + <td width="35"><?php echo (((int)ini_get('safe_mode') == 1) ? '<font class="bad">Enabled</font>' : '<font class="good">Disabled</font>'); ?></td> </tr> </table> <table cellpadding="3" cellspacing="0" width="100%" align="center"> @@ -226,8 +206,13 @@ </td> </tr> <tr> - <td style="color: #666666;"></td> - <td> + <td width="120" style="color: #666666;">Port:<br /><span style="font-size: 10px; color: #666666;">(Please note: Do not change it unless you are sure!)</span></td> + <td width="120"> + <input type="text" tabindex="8" name="database_port" style="width: 98%;" value="<?php if(isset($_SESSION['database_port'])) { + echo $_SESSION['database_port']; + } else { + echo '3306'; + } ?>" /> </td> <td> </td> <td style="color: #666666;">Password:</td> Index: install/save.php =================================================================== --- install/save.php (revision 2809) +++ install/save.php (working copy) @@ -3,12 +3,6 @@ ini_set('display_errors', "On"); ini_set('max_execution_time', "180"); -// Start a session -if(!defined('SESSION_STARTED')){ - session_name('ba_session_id'); - session_start(); - define('SESSION_STARTED', true); -} //deal with check boxes if(!isset($_POST['install_tables'])) { $_POST['install_tables'] = false; @@ -53,6 +47,7 @@ $_SESSION['database_username'] = Replace_Dodgy_Characters($_POST['database_username']); $_SESSION['database_password'] = $_POST['database_password']; $_SESSION['database_name'] = Replace_Dodgy_Characters($_POST['company_name']); + $_SESSION['database_port'] = $_POST['database_port']; $_SESSION['timezone'] = $_POST['timezone']; $_SESSION['company_name'] = Replace_Dodgy_Characters($_POST['company_name']); $_SESSION['admin_email'] = $_POST['admin_email']; @@ -165,6 +160,10 @@ if (!isset($_POST['database_host']) || $_POST['database_host'] == '') { set_error('Please enter a database host name'); } +// Check if user has entered a database port +if (!isset($_POST['database_port']) || $_POST['database_port'] == '') { + set_error('Please enter a database port number'); +} // Check if user has entered a database username if (!isset($_POST['database_username']) || $_POST['database_username'] == '') { set_error('Please enter a database username'); @@ -246,7 +245,8 @@ $msg .= "// Connection information for the database\n"; $msg .= "// \$host is the computer ip address or name where the database is located\n"; $msg .= "// assuming that the web server is also the sql server\n"; -$msg .= "\$host = '" . $_POST['database_host'] . "';\n\n"; +$msg .= "\$host = '" . $_POST['database_host'] . "';\n"; +$msg .= "\$mysqlport = '" . $_POST['database_port'] . "';\n\n"; $msg .= "// assuming that the web server is also the sql server\n"; $msg .= "\$dbType = 'mysqli';\n"; @@ -295,9 +295,9 @@ // Try connecting to database -$db = mysqli_connect($_POST['database_host'], $_POST['database_username'], $_POST['database_password']); +$db = mysqli_connect($_POST['database_host'], $_POST['database_username'], $_POST['database_password'],'',$_POST['database_port']); if (!$db){ - set_error('Database host name, username and/or password incorrect. MySQL Error:<br />'. mysqli_error()); + set_error('Database host name, port , username and/or password incorrect. MySQL Error:<br />'. mysqli_error()); } if($_POST['install_tables'] == true){ @@ -346,17 +346,13 @@ $sql = "UPDATE www_users SET password = '" . sha1($_POST['admin_password']) . "', email = '".mysqli_real_escape_string($db, $_POST['admin_email']) ."' - WHERE user_id = 'admin'"; + WHERE userid = 'admin'"; mysqli_query($db,$sql); $sql = "UPDATE companies SET coyname = '". mysqli_real_escape_string($db, $_POST['company_name']) . "' WHERE coycode = 1"; mysqli_query($db,$sql); - -session_unset(); -session_destroy(); - +//redirect to the login page header('Location: ' . $path_to_root . '/index.php'); ini_set('max_execution_time', '60'); -echo "<META HTTP-EQUIV='Refresh' CONTENT='0; URL=" . $path_to_root . '/index.php?' . SID . "'>"; ?> \ No newline at end of file ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Web-erp-developers mailing list Web-erp-developers@... https://lists.sourceforge.net/lists/listinfo/web-erp-developers |
|
|
Re: changed install/index.php,save.php
by Glenn Lyons
::
Rate this Message:
Hi Bogdan,
Great to see some improvements on the install script having negotiated this for the first time recently. Some suggestions: 1. Anything you could add to ~/weberp/doc/INSTALL.TXT would be very helpful to a prospective user. INSTALL.TXT appears to be out of date and does not correlate well with the install script. Maybe a hyper link from the Install script to it or to another more applicable docs. 2. Description to make clear in STEP 4 that the mysql user must have ALL PRIVILEGES to be able to update weberp users in database. Can the script check this? 3. Description to make clear in STEP 6 that the user/password is used to login to weberp. The login page suggests "admin/webepr" account to login with. This should be created by the install script by default (and with the users knowledge of course). 4. Turn off login retry counts (Phil says "The demo normally has the login checks disabled" in a recent post. In my case I do not beleive they were). 5. Check to see if a demo database or new database exists and offers to install / remove. shell > mysql --user=weberp_db_user --password='some_pass' < /path_to_the_sql_script/weberp-demo.sql or shell > mysql --user=weberp_db_user --password='some_pass' < /path_to_the_sql_script/weberp-new.sql Just some ideas that grew out of my install experience. I would like hear of similar suggestions and comment. Especially from any new user who have experienced the install process. I ended up running install several times to get it to work so I hope the script is fully "re-entrant". I re ran this "http://localhost/webERP/install/index.php" several times. I will install your patch and try this install from scratch. Glenn Bogdan Stanciu wrote: > Hi there, > > > I took the opportunity to review and slightly improve (in my view) the > install files. here are the changes: > > > index.php > > 1. I took out the session creation and redirect (for testing) because > the session does not get destroyed afterwards. This becomes annoying > especially when you have more than one company, as it opens the > index.php of the last session (regular sessions are not destroyed > either, another To do). and anyway i found useless to open a session > here. > > 2. I replaced the sessions support verification by session.auto_start > = 0 check. > > 3. I added a supplementary check session.use_trans_sid = 0 for > verifying that SID does not get into the url (security issue for > multi-user environments) > > 4. I added the version number under the logo. > > 5. I added a port field (it happened that i use a non standard port as > i have two mysql servers - different versions) which can be changed > for non-standard installations. > > save.php > > 6. took out session open/close > > 7. added process for new port field, including the config.php contents > > 8. corrected sql statement at line 349, a blocker for the user update!! > > 9. taken out the last statement, useless to have a meta-refresh after > a header redirect in my view. > > > I hope it will be appreciated :-) > > Bogdan > > > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > ------------------------------------------------------------------------ > > _______________________________________________ > Web-erp-developers mailing list > Web-erp-developers@... > https://lists.sourceforge.net/lists/listinfo/web-erp-developers ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Web-erp-developers mailing list Web-erp-developers@... https://lists.sourceforge.net/lists/listinfo/web-erp-developers |
| Free embeddable forum powered by Nabble | Forum Help |
