From 2d65b8b8586071e26d34185f80d9f5f723ada8a0 Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sun, 7 Oct 2007 17:23:29 +0000 Subject: [PATCH] - setup.php now has a "create superadmin" form - completely reworked HTML code in setup.php - moved admin creation code from create_admin.php to functions.php, function create_admin - several related changes in functions.inc.php: - use table_by_key() directly instead of the cached variables (which are empty if config.inc.php was not read before functions.php) - add an additional (optional) parameter $setup to db_connect, changed many die(msg) calls to $error_message .= msg. If $setup is given, the return value is array($link, $error_text) instead of $link - db_connect now checks for invalid $CONF['database_type'] git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@135 a1433add-5e2c-0410-b055-b7f2511e0802 --- functions.inc.php | 182 ++++++++++++++++++++++++++++++++++++++-------- setup.php | 158 ++++++++++++++++++++++++++++++---------- stylesheet.css | 13 +++- 3 files changed, 281 insertions(+), 72 deletions(-) diff --git a/functions.inc.php b/functions.inc.php index 39d20de7..2c9ce85d 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -737,9 +737,7 @@ function list_domains () // function admin_exist ($username) { - global $table_admin; - - $result = db_query ("SELECT 1 FROM $table_admin WHERE username='$username'"); + $result = db_query ("SELECT 1 FROM " . table_by_key ('admin') . " WHERE username='$username'"); if ($result['rows'] != 1) { return false; @@ -1236,65 +1234,87 @@ $DEBUG_TEXT = "\n "; - -// -// db_connect -// Action: Makes a connection to the database if it doesn't exist -// Call: db_connect () -// -function db_connect () +/** + * db_connect + * Action: Makes a connection to the database if it doesn't exist + * Call: db_connect () + * Optional parameter: $setup = TRUE, used by setup.php + * + * Return value: + * a) without $setup or $setup == 0 + * - $link - the database connection -OR- + * - call die() in case of connection problems + * b) with $setup == TRUE + * array($link, $error_text); + */ +function db_connect ($setup = 0) { global $CONF; global $DEBUG_TEXT; + if ($setup != 0) $DEBUG_TEXT = ''; + $error_text = ''; + $link = 0; if ($CONF['database_type'] == "mysql") { if (function_exists ("mysql_connect")) { - $link = @mysql_connect ($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or die ("

DEBUG INFORMATION:
Connect: " . mysql_error () . "$DEBUG_TEXT"); - @mysql_query("SET CHARACTER SET utf8",$link); - @mysql_query("SET COLLATION_CONNECTION='utf8_general_ci'",$link); - $succes = @mysql_select_db ($CONF['database_name'], $link) or die ("

DEBUG INFORMATION:
MySQL Select Database: " . mysql_error () . "$DEBUG_TEXT"); + $link = @mysql_connect ($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or $error_text .= ("

DEBUG INFORMATION:
Connect: " . mysql_error () . "$DEBUG_TEXT"); + if ($link) { + @mysql_query("SET CHARACTER SET utf8",$link); + @mysql_query("SET COLLATION_CONNECTION='utf8_general_ci'",$link); + $succes = @mysql_select_db ($CONF['database_name'], $link) or $error_text .= ("

DEBUG INFORMATION:
MySQL Select Database: " . mysql_error () . "$DEBUG_TEXT"); + } } else { - print "

DEBUG INFORMATION:
MySQL 3.x / 4.0 functions not available!
database_type = 'mysql' in config.inc.php, are you using a different database? $DEBUG_TEXT"; - die(); + $error_text .= "

DEBUG INFORMATION:
MySQL 3.x / 4.0 functions not available!
database_type = 'mysql' in config.inc.php, are you using a different database? $DEBUG_TEXT"; } } - - if ($CONF['database_type'] == "mysqli") + elseif ($CONF['database_type'] == "mysqli") { if (function_exists ("mysqli_connect")) { - $link = @mysqli_connect ($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or die ("

DEBUG INFORMATION:
Connect: " . mysqli_connect_error () . "$DEBUG_TEXT"); - @mysqli_query($link,"SET CHARACTER SET utf8"); - @mysqli_query($link,"SET COLLATION_CONNECTION='utf8_general_ci'"); - $success = @mysqli_select_db ($link, $CONF['database_name']) or die ("

DEBUG INFORMATION:
MySQLi Select Database: " . mysqli_error ($link) . "$DEBUG_TEXT"); + $link = @mysqli_connect ($CONF['database_host'], $CONF['database_user'], $CONF['database_password']) or $error_text .= ("

DEBUG INFORMATION:
Connect: " . mysqli_connect_error () . "$DEBUG_TEXT"); + if ($link) { + @mysqli_query($link,"SET CHARACTER SET utf8"); + @mysqli_query($link,"SET COLLATION_CONNECTION='utf8_general_ci'"); + $success = @mysqli_select_db ($link, $CONF['database_name']) or $error_text .= ("

DEBUG INFORMATION:
MySQLi Select Database: " . mysqli_error ($link) . "$DEBUG_TEXT"); + } } else { - print "

DEBUG INFORMATION:
MySQL 4.1 functions not available!
database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT"; - die(); + $error_text .= "

DEBUG INFORMATION:
MySQL 4.1 functions not available!
database_type = 'mysqli' in config.inc.php, are you using a different database? $DEBUG_TEXT"; } } - - if ($CONF['database_type'] == "pgsql") + elseif ($CONF['database_type'] == "pgsql") { if (function_exists ("pg_pconnect")) { $connect_string = "host=" . $CONF['database_host'] . " dbname=" . $CONF['database_name'] . " user=" . $CONF['database_user'] . " password=" . $CONF['database_password']; - $link = @pg_pconnect ($connect_string) or die ("

DEBUG INFORMATION:
Connect: failed to connect to database. $DEBUG_TEXT"); - pg_set_client_encoding($link, 'UNICODE'); + $link = @pg_pconnect ($connect_string) or $error_text .= ("

DEBUG INFORMATION:
Connect: failed to connect to database. $DEBUG_TEXT"); + if ($link) pg_set_client_encoding($link, 'UNICODE'); } else { - print "

DEBUG INFORMATION:
PostgreSQL functions not available!
database_type = 'pgsql' in config.inc.php, are you using a different database? $DEBUG_TEXT"; - die(); + $error_text .= "

DEBUG INFORMATION:
PostgreSQL functions not available!
database_type = 'pgsql' in config.inc.php, are you using a different database? $DEBUG_TEXT"; } } + else + { + $error_text = "

DEBUG INFORMATION:
Invalid \$CONF['database_type']! Please fix your config.inc.php! $DEBUG_TEXT"; + } - if ($link) + if ($setup) + { + return array($link, $error_text); + } + elseif ($error_text != "") + { + print $error_text; + die(); + } + elseif ($link) { return $link; } @@ -1846,6 +1866,106 @@ function gen_show_status ($show_alias) return $stat_string; } +/* + Called by create-admin.php and setup.php + + Returns: + array( + 'error' => 0, # 0 on success, otherwise > 0 + 'tMessage' => '', # success / failure message + 'pAdminCreate_admin_username_text' => '', # help text / error message for username + 'pAdminCreate_admin_password_text' => '' # error message for username + ) + */ + +function create_admin($fUsername, $fPassword, $fPassword2, $fDomains, $no_generate_password=0) +{ + global $PALANG; + global $CONF; + $error = 0; + $tMessage = ''; + $pAdminCreate_admin_username_text = ''; + $pAdminCreate_admin_password_text = ''; + + if (!check_email ($fUsername)) + { + $error = 1; + $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text_error1']; + } + + if (empty ($fUsername) or admin_exist ($fUsername)) + { + $error = 1; + $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text_error2']; + } + + if (empty ($fPassword) or empty ($fPassword2) or ($fPassword != $fPassword2)) + { + if (empty ($fPassword) and empty ($fPassword2) and $CONF['generate_password'] == "YES" && $no_generate_password == 0) + { + $fPassword = generate_password (); + } + else + { + $error = 1; + $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text']; + $pAdminCreate_admin_password_text = $PALANG['pAdminCreate_admin_password_text_error']; + } + } + + if ($error != 1) + { + $password = pacrypt($fPassword); + $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text']; + + $result = db_query ("INSERT INTO " . table_by_key('admin') . " (username,password,created,modified) VALUES ('$fUsername','$password',NOW(),NOW())"); + if ($result['rows'] != 1) + { + $tMessage = $PALANG['pAdminCreate_admin_result_error'] . "
($fUsername)
"; + } + else + { + if (!empty ($fDomains[0])) + { + for ($i = 0; $i < sizeof ($fDomains); $i++) + { + $domain = $fDomains[$i]; + $result = db_query ("INSERT INTO " . table_by_key ('domain_admins') . " (username,domain,created) VALUES ('$fUsername','$domain',NOW())"); + } + } + $tMessage = $PALANG['pAdminCreate_admin_result_success'] . "
($fUsername"; + if ($CONF['generate_password'] == "YES" && $no_generate_password == 0) + { + $tMessage .= " / $fPassword)
"; + } + else + { + if ($CONF['show_password'] == "YES" && $no_generate_password == 0) + { + $tMessage .= " / $fPassword)
"; + } + else + { + $tMessage .= ")
"; + } + } + } + } + + # TODO: should we log creation, editing and deletion of admins? + # Note: needs special handling in viewlog, because domain is empty + # db_log ($SESSID_USERNAME, '', 'create_admin', "$fUsername"); + + return array( + $error, + $tMessage, + $pAdminCreate_admin_username_text, + $pAdminCreate_admin_password_text + ); + + +} + $table_admin = table_by_key ('admin'); $table_alias = table_by_key ('alias'); diff --git a/setup.php b/setup.php index ef4dac63..3e461f45 100644 --- a/setup.php +++ b/setup.php @@ -22,17 +22,19 @@ * * Form POST \ GET Variables: -none- */ + +require_once("languages/en.lang"); +require_once("functions.inc.php"); + +$CONF['show_header_text'] = 'NO'; +require('templates/header.tpl'); ?> - - -Postfix Admin Setup Checker - - - - -

Postfix Admin Setup Checker 1.0.0

-Running software:
-

+ +

+

Postfix Admin Setup Checker

+ +

Running software: +

"; +print "

Checking for dependencies:\n"; +print "

"; + +if ($error != 0) +{ + print "

Please fix the errors listed above.

"; +} +else { - print "Everything seems fine... you are ready to rock & roll!
\n"; + print "

Everything seems fine... you are ready to rock & roll!

\n"; + + $pAdminCreate_admin_username_text = $PALANG['pAdminCreate_admin_username_text']; + $pAdminCreate_admin_password_text = ""; + $tUsername = ''; + $tMessage = ''; + + + if ($_SERVER['REQUEST_METHOD'] == "POST") + { + if (isset ($_POST['fUsername'])) $fUsername = escape_string ($_POST['fUsername']); + if (isset ($_POST['fPassword'])) $fPassword = escape_string ($_POST['fPassword']); + if (isset ($_POST['fPassword2'])) $fPassword2 = escape_string ($_POST['fPassword2']); + + list ($error, $tMessage, $pAdminCreate_admin_username_text, $pAdminCreate_admin_password_text) = create_admin($fUsername, $fPassword, $fPassword2, array('ALL'), TRUE); + if ($error != 0) { + if (isset ($_POST['fUsername'])) $tUsername = escape_string ($_POST['fUsername']); + } else { + print "

$tMessage

"; + echo "

You can now log in to Postfix Admin.

"; + } + } + + if ($_SERVER['REQUEST_METHOD'] == "GET" || $error != 0) + { + ?> + +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + +

Create superadmin account

 
+
+
+ + Make sure you delete this setup.php file!
\n"; print "Also check the config.inc.php file for any settings that you might need to change!
\n"; print "Click here to go to the admin section (make sure that your .htaccess is setup properly)\n"; } ?> +
diff --git a/stylesheet.css b/stylesheet.css index 236f4809..c53c2f70 100644 --- a/stylesheet.css +++ b/stylesheet.css @@ -21,10 +21,6 @@ a:visited, a:active { color: #888888; } -ul { - padding-left: 0px; -} - table { // border-spacing: 0; // padding: 0; @@ -250,4 +246,13 @@ table { color: #777777; } +div.setup { + width:700px; + margin-left:auto; + margin-right:auto; + text-align: left; +} +div.setup li { + padding-bottom:1em; +}