FreeSTAR-Status-Engine/install.php

<?php
require_once("template.php");
define("WEB_URL", "."); //Website name
define("NAME", _('Status page')); //Website name
define("MINIMUM_PHP_VERSION", "5.4.0");
define("POLICY_URL", "policy.php"); //Default policy URL
define("CUSTOM_LOGO_URL", "");
define("COPYRIGHT_TEXT", "");
require_once("classes/locale-negotiator.php");
require_once("classes/db-class.php");

$isDeveleoperEnvironement = false;
if (isset($_GET["isDev"])) {
	if ($_GET["isDev"] == "devMode") {
		$isDeveleoperEnvironement = true;
	}
}


$negotiator = new LocaleNegotiator("en_GB");
$message = "";
$db = new SSDB();
if (!isset($_SESSION['locale']) || isset($_GET['lang'])) {
	$override = ((isset($_GET['lang'])) ? $_GET['lang'] : null);
	$best_match = $negotiator->negotiate($override);
	$_SESSION['locale'] = $best_match;
	setlocale(LC_ALL, $_SESSION['locale'] . ".UTF-8");

	bindtextdomain("server-status", __DIR__ . "/locale/");
	bind_textdomain_codeset($_SESSION['locale'], "utf-8");
	textdomain("server-status");
}

if (isset($_POST['server'])) {
	$mysqli = new mysqli($_POST['server'], $_POST['dbuser'], $_POST['dbpassword'], $_POST['database']);

	if ($mysqli->connect_errno) {
		$message .= sprintf(_("Connection failed: %s\n"), $mysqli->connect_error);
	}

	if (isset($_POST['url']) && filter_var($_POST['url'], FILTER_VALIDATE_URL) === false) {
		$message .= _("Please set valid url!");
	}

	//Ostatní má checky existence ve funkci pro pridani
	if (0 == strlen(trim($_POST['servername']))) {
		$messages[] = _("Server name");
	}

	if (0 == strlen(trim($_POST['url']))) {
		$messages[] = _("Url");
	}

	if (0 == strlen(trim($_POST['mailer']))) {
		$messages[] = _("Mailer name");
	}

	if (0 == strlen(trim($_POST['title']))) {
		$messages[] = _("Title");
	}

	if (0 == strlen(trim($_POST['mailer_email']))) {
		$messages[] = _("Mailer email");
	}

	if (0 == strlen(trim($_POST['server']))) {
		$messages[] = _("Database server");
	}

	if (0 == strlen(trim($_POST['database']))) {
		$messages[] = _("Database name");
	}

	if (0 == strlen(trim($_POST['dbuser']))) {
		$messages[] = _("Database user");
	}

	if (0 == strlen(trim($_POST['dbpassword']))) {
		$messages[] = _("Database password");
	}
	if (isset($messages)) {
		$message .= _("Please enter");
		$message .= implode(", ", $messages);
	}
}

if (isset($_POST['server']) && empty($message)) {
	define("MAILER_NAME", $_POST['mailer']);
	define("MAILER_ADDRESS", $_POST['mailer_email']);
	define("INSTALL_OVERRIDE", true);

	//No need to include config, as we have connection from testing it... :)
	//There may be better way to do this...
	$sql = file_get_contents("install.sql");
	$array = explode(";", $sql);

	foreach ($array as $value) {
		$val = trim($value);
		if (empty($val)) {
			continue;
		}
		$q_res = $mysqli->query($value);
		if ($q_res === false) {
			$message = sprintf(_("Error while creating database. Please check permission for your account or MYSQL version.<br>Error: %s"), $mysqli->error);
			break;
		}
	}

	if (empty($message)) {
		require_once("classes/constellation.php");

		User::add();
	}

	if (empty($message)) {
		//Create config
		$config = file_get_contents("config.php.template");
		//$config = str_replace("##name##", htmlspecialchars($_POST['servername'], ENT_QUOTES), $config);
		$db->setSetting($mysqli, "name", htmlspecialchars($_POST['servername'], ENT_QUOTES));
		//$config = str_replace("##title##", htmlspecialchars($_POST['title'], ENT_QUOTES), $config);
		$db->setSetting($mysqli, "title", htmlspecialchars($_POST['title'], ENT_QUOTES));
		//$config = str_replace("##url##", $_POST['url'], $config);
		$db->setSetting($mysqli, "url", $_POST['url']);
		//$config = str_replace("##mailer##", htmlspecialchars($_POST['mailer'], ENT_QUOTES), $config);
		$db->setSetting($mysqli, "mailer", htmlspecialchars($_POST['mailer'], ENT_QUOTES));
		//$config = str_replace("##mailer_email##", htmlspecialchars($_POST['mailer_email'], ENT_QUOTES), $config);
		$db->setSetting($mysqli, "mailer_email", htmlspecialchars($_POST['mailer_email'], ENT_QUOTES));
		$config = str_replace("##server##", htmlspecialchars($_POST['server'], ENT_QUOTES), $config);
		$config = str_replace("##database##", htmlspecialchars($_POST['database'], ENT_QUOTES), $config);
		$config = str_replace("##user##", htmlspecialchars($_POST['dbuser'], ENT_QUOTES), $config);
		$config = str_replace("##password##", htmlspecialchars($_POST['dbpassword'], ENT_QUOTES), $config);
		// Duplicate of lines 122-123 //$config = str_replace("##name##", htmlspecialchars($_POST['servername'], ENT_QUOTES), $config);
		$config = str_replace("##policy_name##", htmlspecialchars($_POST['policy_name'], ENT_QUOTES), $config);
		$config = str_replace("##address##", htmlspecialchars($_POST['address'], ENT_QUOTES), $config);
		$config = str_replace("##policy_mail##", htmlspecialchars($_POST['policy_mail'], ENT_QUOTES), $config);
		$config = str_replace("##policy_phone##", htmlspecialchars($_POST['policy_phone'], ENT_QUOTES), $config);
		$config = str_replace("##who_we_are##", htmlspecialchars($_POST['who_we_are'], ENT_QUOTES), $config);
		$policy_url_conf = (!empty($_POST['policy_url'])) ? htmlspecialchars($_POST['policy_url'], ENT_QUOTES) : $_POST['url'] . "/policy.php";
		$config = str_replace("##policy_url##", $policy_url_conf, $config);

		file_put_contents("config.php", $config);

		include_once "create-server-config.php";
		$db->setSetting($mysqli, "dbConfigVersion", "Version2Beta7");
		$db->setSetting($mysqli, "notifyUpdates", "yes");
		$db->setSetting($mysqli, "subscribe_email", "no");
		$db->setSetting($mysqli, "subscribe_telegram", "no");
		$db->setSetting($mysqli, "tg_bot_api_token", "");
		$db->setSetting($mysqli, "tg_bot_username", "");
		$db->setSetting($mysqli, "php_mailer", "no");
		$db->setSetting($mysqli, "php_mailer_host", "");
		$db->setSetting($mysqli, "php_mailer_smtp", "no");
		$db->setSetting($mysqli, "php_mailer_path", "");
		$db->setSetting($mysqli, "php_mailer_port", "");
		$db->setSetting($mysqli, "php_mailer_secure", "no");
		$db->setSetting($mysqli, "php_mailer_user", "");
		$db->setSetting($mysqli, "php_mailer_pass", "");
		$db->setSetting($mysqli, "google_recaptcha", "no");
		$db->setSetting($mysqli, "google_recaptcha_secret", "");
		$db->setSetting($mysqli, "google_recaptcha_sitekey", "");
		$db->setSetting($mysqli, "cron_server_ip", "");
		if (!$isDeveleoperEnvironement) {
			unlink("create-server-config.php");
			unlink("config.php.template");
			unlink("install.sql");
			unlink(__FILE__);
		}
		header("Location: " . WEB_URL);
	}
}
Template::render_header(_("Install"));
?>
<h1 class="text-center"><?php echo _("Prerequisite"); ?></h1>
<summary><?php echo _("If any of the following prerequisites are shown as failed (red X), please correct the issue and reload the page before proceeding with the installation."); ?></summary>
<?php


$php_version_req = sprintf(_("Minimum PHP version %s"), MINIMUM_PHP_VERSION);
$preq_fail = array("remove", "danger");
$preq_ok   = array("ok", "success");

$preq_phpver = $preq_fail;
$preq_mysqlnd = $preq_fail;
$preq_writedir = $preq_fail;

// Check if PHP version if > MINIMUM_PHP_VERSION
if (strnatcmp(phpversion(), MINIMUM_PHP_VERSION) >= 0) {
	$preq_phpver = $preq_ok;
}

// Test for mysqlnd precense.  The mysqlnd driver provides some extra functions that is not available
// if the plain mysql package is installed, and mysqli_get_client_stats is one of them. This is documented
// on the PHP site at http://www.php.net/manual/en/mysqlnd.stats.php
// This test is also discussed at https://stackoverflow.com/questions/1475701/how-to-know-if-mysqlnd-is-the-active-driver
if (function_exists('mysqli_get_client_stats')) {
	$preq_mysqlnd = $preq_ok;
}

// Check if we have access to write to location
if (is_writable(__DIR__)) {
	$preq_writedir = $preq_ok;
}

?>
<section class="prereq-section clearfix">
	<div class="container-fluid">
		<div class="row ">
			<div class="col-md-6 text-right"><label for="php version"><?php echo $php_version_req; ?></div>
			<div class="col-md-6"><a href="#" class="btn btn-<?php echo $preq_phpver[1]; ?>"><span class="glyphicon glyphicon-<?php echo $preq_phpver[0]; ?>"></span></a></div>
		</div>
		<div class="row ">
			<div class="col-md-6 text-right"><label for="mysqlnd Library installed"><?php echo _('PHP mysqlnd library installed'); ?></div>
			<div class="col-md-6"><a href="#" class="btn btn-<?php echo $preq_mysqlnd[1]; ?>"><span class="glyphicon glyphicon-<?php echo $preq_mysqlnd[0]; ?>"></span></a></div>
		</div>
		<div class="row">
			<div class="col-md-6 text-right"><label for="write_access"><?php echo _('Write access to web directory'); ?></div>
			<div class="col-md-6"><a href="#" class="btn btn-<?php echo $preq_writedir[1]; ?>"><span class="glyphicon glyphicon-<?php echo $preq_writedir[0]; ?>"></span></a></div>
		</div>
	</div>

</section>

<h1 class="text-center"><?php echo _("Installation"); ?></h1>
<?php
if (!empty($message)) {
?>
	<p class="alert alert-danger"><?php echo $message; ?></p>
<?php
}
?>
<summary><?php echo _("We will ask you some basic questions about your website. Most of the settings can be later edited in the config.php file."); ?></summary>

<form method="post" action="." class="clearfix install">
	<section class="install-section clearfix">
		<h2><?php echo _("Website details"); ?></h2>
		<summary><?php echo _("We need a name for your status page (shown behind page title after the dash) and a url of your server status installation (i.e. <a href='#'>https://example.com/status</a> - without the trailing slash), so we can mail users link for forgotten password etc..."); ?></summary>

		<div class="form-group clearfix">
			<div class="col-sm-6"><label for="servername"><?php echo _("Name"); ?>: </label><input type="text" name="servername" value="<?php echo ((isset($_POST['servername'])) ? htmlspecialchars($_POST['servername'], ENT_QUOTES) : ''); ?>" id="servername" placeholder="<?php echo _("Name"); ?>" class="form-control" required></div>
			<div class="col-sm-6"><label for="url"><?php echo _("Url"); ?>: </label><input type="url" name="url" value="<?php echo ((isset($_POST['url'])) ? htmlspecialchars($_POST['url'], ENT_QUOTES) : ''); ?>" id="url" placeholder="<?php echo _("Url"); ?>" class="form-control" required></div>
		</div>
		<summary><?php echo _("A title that you want to be shown on the top of the page."); ?></summary>
		<div class="form-group clearfix">
			<div class="col-sm-6"><label for="title"><?php echo _("Title"); ?>: </label><input type="text" name="title" value="<?php echo ((isset($_POST['title'])) ? htmlspecialchars($_POST['title'], ENT_QUOTES) : 'Server Status'); ?>" id="title" placeholder="<?php echo _("Title"); ?>" class="form-control" required></div>
			<div class="col-sm-6"></div>
		</div>
		<summary><?php echo _("Also an email address for mailer would be nice :)"); ?></summary>
		<div class="form-group clearfix">
			<div class="col-sm-6"><label for="mailer"><?php echo _("Name"); ?>: </label><input type="text" name="mailer" value="<?php echo ((isset($_POST['mailer'])) ? htmlspecialchars($_POST['mailer'], ENT_QUOTES) : ''); ?>" id="mailer" placeholder="<?php echo _("Name"); ?>" class="form-control" required></div>
			<div class="col-sm-6"><label for="mailer_email"><?php echo _("Email"); ?>: </label><input type="email" name="mailer_email" value="<?php echo ((isset($_POST['mailer_email'])) ? htmlspecialchars($_POST['mailer_email'], ENT_QUOTES) : ''); ?>" id="mailer_email" placeholder="<?php echo _("Email"); ?>" class="form-control" required></div>
		</div>
	</section>
	<section class="install-section clearfix">
		<h2><?php echo _("Database connection"); ?></h2>
		<summary><?php echo _("We need database connection to be able to create tables. Please check that your account has the permission needed to do that."); ?></summary>

		<div class="form-group clearfix">
			<div class="col-sm-6"><label for="server"><?php echo _("Server"); ?>: </label><input type="text" name="server" value="<?php echo ((isset($_POST['server'])) ? htmlspecialchars($_POST['server'], ENT_QUOTES) : ''); ?>" id="server" placeholder="<?php echo _("Server"); ?>" class="form-control" required></div>
			<div class="col-sm-6"><label for="database"><?php echo _("Database"); ?>: </label><input type="text" name="database" value="<?php echo ((isset($_POST['database'])) ? htmlspecialchars($_POST['database'], ENT_QUOTES) : ''); ?>" id="database" placeholder="<?php echo _("Database"); ?>" class="form-control" required></div>
		</div>
		<div class="form-group clearfix">
			<div class="col-sm-6"><label for="dbuser"><?php echo _("User"); ?>: </label><input type="text" name="dbuser" value="<?php echo ((isset($_POST['dbuser'])) ? htmlspecialchars($_POST['dbuser'], ENT_QUOTES) : ''); ?>" id="dbuser" placeholder="<?php echo _("User"); ?>" class="form-control" required></div>
			<div class="col-sm-6"><label for="dbpassword"><?php echo _("Password"); ?>: </label><input type="password" name="dbpassword" value="<?php echo ((isset($_POST['dbpassword'])) ? htmlspecialchars($_POST['dbpassword'], ENT_QUOTES) : ''); ?>" id="dbpassword" placeholder="<?php echo _("Password"); ?>" class="form-control" required></div>
		</div>
	</section>
	<section class="install-section clearfix">
		<h2><?php echo _("Privacy Policy"); ?></h2>
		<summary><?php echo _("Since you are collecting personal information, the GDPR needs you to have a privacy policy. Enter the details below."); ?></summary>

		<div class="form-group clearfix">
			<div class="col-sm-6"><label for="policy_name"><?php echo _("Name"); ?>: </label><input type="text" name="policy_name" value="<?php echo ((isset($_POST['policy_name'])) ? htmlspecialchars($_POST['policy_name'], ENT_QUOTES) : ''); ?>" id="policy_name" placeholder="<?php echo _("Company name"); ?>" class="form-control" required></div>
			<div class="col-sm-6"><label for="address"><?php echo _("Address"); ?>: </label><input type="text" name="address" value="<?php echo ((isset($_POST['address'])) ? htmlspecialchars($_POST['address'], ENT_QUOTES) : ''); ?>" id="address" placeholder="<?php echo _("Full address"); ?>" class="form-control" required></div>
		</div>
		<div class="form-group clearfix">
			<div class="col-sm-6"><label for="policy_mail"><?php echo _("E-Mail"); ?>: </label><input type="text" name="policy_mail" value="<?php echo ((isset($_POST['policy_mail'])) ? htmlspecialchars($_POST['policy_mail'], ENT_QUOTES) : ''); ?>" id="policy_mail" placeholder="<?php echo _("E-Mail"); ?>" class="form-control" required></div>
			<div class="col-sm-6"><label for="policy_phone"><?php echo _("Phone"); ?>: </label><input type="text" name="policy_phone" value="<?php echo ((isset($_POST['policy_phone'])) ? htmlspecialchars($_POST['policy_phone'], ENT_QUOTES) : ''); ?>" id="policy_phone" placeholder="<?php echo _("Phone number"); ?>" class="form-control"></div>
		</div>
		<div class="form-group clearfix">
			<div class=""><label for="who_we_are"><?php echo _("Who we are"); ?>: </label><textarea class="form-control" id="who_we_are" rows="3" name="who_we_are" placeholder="<?php echo _("Some info about yourself"); ?>" value="<?php echo ((isset($_POST['who_we_are'])) ? htmlspecialchars($_POST['who_we_are'], ENT_QUOTES) : ''); ?>"></textarea></div>
		</div>
		<div class="form-group clearfix">
			<div class="col-sm-12"><label for="url"><?php echo _("External Policy Url"); ?>: </label>
				<summary><?php echo _("If you alredy have an existing Policy published, please provide the full Url to override the local policy definition. Leave blank to use the local definition"); ?></summary>
				<input type="policy_url" name="policy_url" value="<?php echo ((isset($_POST['policy_url'])) ? htmlspecialchars($_POST['policy_url'], ENT_QUOTES) : ''); ?>" id="policy_url" placeholder="<?php echo _("External Policy Url"); ?>" class="form-control">
			</div>
		</div>
	</section>
	<section class="install-section clearfix">
		<h2><?php echo _("User"); ?></h2>
		<summary><?php echo _("And finally, we need info to create a new user. You don't have to provide it, but then... No status page admin..."); ?></summary>
		<div class="form-group">
			<div class="col-sm-6"><label for="name"><?php echo _("Name"); ?>: </label><input type="text" maxlength="50" name="name" value="<?php echo ((isset($_POST['name'])) ? htmlspecialchars($_POST['name'], ENT_QUOTES) : ''); ?>" id="name" placeholder="<?php echo _("Name"); ?>" class="form-control" required></div>
			<div class="col-sm-6"><label for="surname"><?php echo _("Surname"); ?>: </label><input type="text" maxlength="50" name="surname" value="<?php echo ((isset($_POST['surname'])) ? htmlspecialchars($_POST['surname'], ENT_QUOTES) : ''); ?>" id="surname" placeholder="<?php echo _("Surname"); ?>" class="form-control" required></div>
		</div>
		<div class="form-group">
			<div class="col-sm-6"><label for="username"><?php echo _("Username"); ?>:</label><input type="text" maxlength="50" name="username" value="<?php echo ((isset($_POST['username'])) ? htmlspecialchars($_POST['username'], ENT_QUOTES) : ''); ?>" id="username" placeholder="<?php echo _("Username"); ?>" class="form-control" required></div>
			<div class="col-sm-6"><label for="email"><?php echo _("Email"); ?>:</label><input type="email" maxlength="60" name="email" value="<?php echo ((isset($_POST['email'])) ? htmlspecialchars($_POST['email'], ENT_QUOTES) : ''); ?>" id="email" placeholder="<?php echo _("Email"); ?>" class="form-control" required><input type="hidden" name="permission" value="0"></div>
		</div>
		<div class="form-group">
			<div class="col-sm-6"><label for="password"><?php echo _("Password"); ?>:</label><input type="password" name="password" value="<?php echo ((isset($_POST['password'])) ? htmlspecialchars($_POST['password'], ENT_QUOTES) : ''); ?>" id="password" placeholder="<?php echo _("Password"); ?>" class="form-control" required></div>
			<div class="col-sm-6">
				<input type="hidden" value="0" name="permission">
				<button type="submit" class="btn btn-success float-end"><?php echo _("Run install!"); ?></button>
			</div>
		</div>
	</section>
</form>
<?php
Template::render_footer();