]> git.wh0rd.org - tt-rss.git/blob - install/index.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
implement basic feed authentication parameter encryption in the database (FEED_CRYPT_KEY)
[tt-rss.git] / install / index.php
1 <html>
2 <head>
3 <title>Tiny Tiny RSS - Installer</title>
4 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
5 <link rel="stylesheet" type="text/css" href="../utility.css">
6 <style type="text/css">
7 textarea { font-size : 12px; }
8 </style>
9 </head>
10 <body>
11
12 <?php
13 function make_password($length = 8) {
14
15 $password = "";
16 $possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ*%+^";
17
18 $i = 0;
19
20 while ($i < $length) {
21 $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
22
23 if (!strstr($password, $char)) {
24 $password .= $char;
25 $i++;
26 }
27 }
28 return $password;
29 }
30
31
32 function sanity_check($db_type) {
33 $errors = array();
34
35 if (version_compare(PHP_VERSION, '5.3.0', '<')) {
36 array_push($errors, "PHP version 5.3.0 or newer required.");
37 }
38
39 if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {
40 array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL.");
41 }
42
43 if (!function_exists("json_encode")) {
44 array_push($errors, "PHP support for JSON is required, but was not found.");
45 }
46
47 if ($db_type == "mysql" && !function_exists("mysql_connect")) {
48 array_push($errors, "PHP support for MySQL is required for configured $db_type in config.php.");
49 }
50
51 if ($db_type == "pgsql" && !function_exists("pg_connect")) {
52 array_push($errors, "PHP support for PostgreSQL is required for configured $db_type in config.php");
53 }
54
55 if (!function_exists("mb_strlen")) {
56 array_push($errors, "PHP support for mbstring functions is required but was not found.");
57 }
58
59 if (!function_exists("hash")) {
60 array_push($errors, "PHP support for hash() function is required but was not found.");
61 }
62
63 if (!function_exists("ctype_lower")) {
64 array_push($errors, "PHP support for ctype functions are required by HTMLPurifier.");
65 }
66
67 if (!function_exists("iconv")) {
68 array_push($errors, "PHP support for iconv is required to handle multiple charsets.");
69 }
70
71 /* if (ini_get("safe_mode")) {
72 array_push($errors, "PHP safe mode setting is not supported.");
73 } */
74
75 if (!class_exists("DOMDocument")) {
76 array_push($errors, "PHP support for DOMDocument is required, but was not found.");
77 }
78
79 return $errors;
80 }
81
82 function print_error($msg) {
83 print "<div class='error'><img src='../images/sign_excl.svg'> $msg</div>";
84 }
85
86 function print_notice($msg) {
87 print "<div class=\"notice\">
88 <img src=\"../images/sign_info.svg\">$msg</div>";
89 }
90
91 function db_connect($host, $user, $pass, $db, $type) {
92 if ($type == "pgsql") {
93
94 $string = "dbname=$db user=$user";
95
96 if ($pass) {
97 $string .= " password=$pass";
98 }
99
100 if ($host) {
101 $string .= " host=$host";
102 }
103
104 if (defined('DB_PORT')) {
105 $string = "$string port=" . DB_PORT;
106 }
107
108 $link = pg_connect($string);
109
110 return $link;
111
112 } else if ($type == "mysql") {
113 $link = mysql_connect($host, $user, $pass);
114 if ($link) {
115 $result = mysql_select_db($db, $link);
116 if ($result) return $link;
117 }
118 }
119 }
120
121 function make_config($DB_TYPE, $DB_HOST, $DB_USER, $DB_NAME, $DB_PASS,
122 $DB_PORT, $SELF_URL_PATH) {
123
124 $data = explode("\n", file_get_contents("../config.php-dist"));
125
126 $rv = "";
127
128 $finished = false;
129
130 if (function_exists("mcrypt_decrypt")) {
131 $crypt_key = make_password(24);
132 } else {
133 $crypt_key = "";
134 }
135
136 foreach ($data as $line) {
137 if (preg_match("/define\('DB_TYPE'/", $line)) {
138 $rv .= "\tdefine('DB_TYPE', '$DB_TYPE');\n";
139 } else if (preg_match("/define\('DB_HOST'/", $line)) {
140 $rv .= "\tdefine('DB_HOST', '$DB_HOST');\n";
141 } else if (preg_match("/define\('DB_USER'/", $line)) {
142 $rv .= "\tdefine('DB_USER', '$DB_USER');\n";
143 } else if (preg_match("/define\('DB_NAME'/", $line)) {
144 $rv .= "\tdefine('DB_NAME', '$DB_NAME');\n";
145 } else if (preg_match("/define\('DB_PASS'/", $line)) {
146 $rv .= "\tdefine('DB_PASS', '$DB_PASS');\n";
147 } else if (preg_match("/define\('DB_PORT'/", $line)) {
148 $rv .= "\tdefine('DB_PORT', '$DB_PORT');\n";
149 } else if (preg_match("/define\('SELF_URL_PATH'/", $line)) {
150 $rv .= "\tdefine('SELF_URL_PATH', '$SELF_URL_PATH');\n";
151 } else if (preg_match("/define\('FEED_CRYPT_KEY'/", $line)) {
152 $rv .= "\tdefine('FEED_CRYPT_KEY', '$crypt_key');\n";
153 } else if (!$finished) {
154 $rv .= "$line\n";
155 }
156
157 if (preg_match("/\?\>/", $line)) {
158 $finished = true;
159 }
160 }
161
162 return $rv;
163 }
164
165 function db_query($link, $query, $type, $die_on_error = true) {
166 if ($type == "pgsql") {
167 $result = pg_query($link, $query);
168 if (!$result) {
169 $query = htmlspecialchars($query); // just in case
170 if ($die_on_error) {
171 die("Query <i>$query</i> failed [$result]: " . ($link ? pg_last_error($link) : "No connection"));
172 }
173 }
174 return $result;
175 } else if ($type == "mysql") {
176 $result = mysql_query($query, $link);
177 if (!$result) {
178 $query = htmlspecialchars($query);
179 if ($die_on_error) {
180 die("Query <i>$query</i> failed: " . ($link ? mysql_error($link) : "No connection"));
181 }
182 }
183 return $result;
184 }
185 }
186
187 function make_self_url_path() {
188 $url_path = ($_SERVER['HTTPS'] != "on" ? 'http://' : 'https://') . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
189
190 return $url_path;
191 }
192
193 ?>
194
195 <div class="floatingLogo"><img src="../images/logo_small.png"></div>
196
197 <h1>Tiny Tiny RSS Installer</h1>
198
199 <div class='content'>
200
201 <?php
202
203 if (file_exists("../config.php")) {
204 require "../config.php";
205
206 if (!defined('_INSTALLER_IGNORE_CONFIG_CHECK')) {
207 print_error("Error: config.php already exists in tt-rss directory; aborting.");
208 exit;
209 }
210 }
211
212 @$op = $_REQUEST['op'];
213
214 @$DB_HOST = strip_tags($_POST['DB_HOST']);
215 @$DB_TYPE = strip_tags($_POST['DB_TYPE']);
216 @$DB_USER = strip_tags($_POST['DB_USER']);
217 @$DB_NAME = strip_tags($_POST['DB_NAME']);
218 @$DB_PASS = strip_tags($_POST['DB_PASS']);
219 @$DB_PORT = strip_tags($_POST['DB_PORT']);
220 @$SELF_URL_PATH = strip_tags($_POST['SELF_URL_PATH']);
221
222 if (!$SELF_URL_PATH) {
223 $SELF_URL_PATH = preg_replace("/\/install\/$/", "/", make_self_url_path());
224 }
225 ?>
226
227 <form action="" method="post">
228 <input type="hidden" name="op" value="testconfig">
229
230 <h2>Database settings</h2>
231
232 <?php
233 $issel_pgsql = $DB_TYPE == "pgsql" ? "selected" : "";
234 $issel_mysql = $DB_TYPE == "mysql" ? "selected" : "";
235 ?>
236
237 <fieldset>
238 <label>Database type</label>
239 <select name="DB_TYPE">
240 <option <?php echo $issel_pgsql ?> value="pgsql">PostgreSQL</option>
241 <option <?php echo $issel_mysql ?> value="mysql">MySQL</option>
242 </select>
243 </fieldset>
244
245 <fieldset>
246 <label>Username</label>
247 <input required name="DB_USER" size="20" value="<?php echo $DB_USER ?>"/>
248 </fieldset>
249
250 <fieldset>
251 <label>Password</label>
252 <input required name="DB_PASS" size="20" type="password" value="<?php echo $DB_PASS ?>"/>
253 </fieldset>
254
255 <fieldset>
256 <label>Database name</label>
257 <input name="DB_NAME" size="20" value="<?php echo $DB_NAME ?>"/>
258 </fieldset>
259
260 <fieldset>
261 <label>Host name</label>
262 <input name="DB_HOST" placeholder="if needed" size="20" value="<?php echo $DB_HOST ?>"/>
263 </fieldset>
264
265 <fieldset>
266 <label>Port</label>
267 <input name="DB_PORT" type="number" placeholder="if needed, PgSQL only" size="20" value="<?php echo $DB_PORT ?>"/>
268 </fieldset>
269
270 <h2>Other settings</h2>
271
272 <p>This should be set to the location your Tiny Tiny RSS will be available on.</p>
273
274 <fieldset>
275 <label>Tiny Tiny RSS URL</label>
276 <input type="url" name="SELF_URL_PATH" placeholder="<?php echo $SELF_URL_PATH; ?>" size="60" value="<?php echo $SELF_URL_PATH ?>"/>
277 </fieldset>
278
279
280 <p><input type="submit" value="Test configuration"></p>
281
282 </form>
283
284 <?php if ($op == 'testconfig') { ?>
285
286 <h2>Checking configuration</h2>
287
288 <?php
289 $errors = sanity_check($DB_TYPE);
290
291 if (count($errors) > 0) {
292 print "<p>Some configuration tests failed. Please correct them before continuing.</p>";
293
294 print "<ul>";
295
296 foreach ($errors as $error) {
297 print "<li style='color : red'>$error</li>";
298 }
299
300 print "</ul>";
301
302 exit;
303 }
304
305 $notices = array();
306
307 if (!function_exists("curl_init")) {
308 array_push($notices, "It is highly recommended to enable support for CURL in PHP.");
309 }
310
311 if (count($notices) > 0) {
312 print_notice("Configuration check succeeded with minor problems:");
313
314 print "<ul>";
315
316 foreach ($notices as $notice) {
317 print "<li>$notice</li>";
318 }
319
320 print "</ul>";
321 } else {
322 print_notice("Configuration check succeeded.");
323 }
324
325 ?>
326
327 <h2>Checking database</h2>
328
329 <?php
330 $link = db_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME, $DB_TYPE);
331
332 if (!$link) {
333 print_error("Unable to connect to database using specified parameters.");
334 exit;
335 }
336
337 print_notice("Database test succeeded."); ?>
338
339 <h2>Initialize database</h2>
340
341 <p>Before you can start using tt-rss, database needs to be initialized. Click on the button below to do that now.</p>
342
343 <?php
344 $result = db_query($link, "SELECT true FROM ttrss_feeds", $DB_TYPE, false);
345
346 if ($result) {
347 print_error("Existing tt-rss tables will be removed from the database. If you would like to keep your data, skip database initialization.");
348 $need_confirm = true;
349 } else {
350 $need_confirm = false;
351 }
352 ?>
353
354 <table><tr><td>
355 <form method="post">
356 <input type="hidden" name="op" value="installschema">
357
358 <input type="hidden" name="DB_USER" value="<?php echo $DB_USER ?>"/>
359 <input type="hidden" name="DB_PASS" value="<?php echo $DB_PASS ?>"/>
360 <input type="hidden" name="DB_NAME" value="<?php echo $DB_NAME ?>"/>
361 <input type="hidden" name="DB_HOST" value="<?php echo $DB_HOST ?>"/>
362 <input type="hidden" name="DB_PORT" value="<?php echo $DB_PORT ?>"/>
363 <input type="hidden" name="DB_TYPE" value="<?php echo $DB_TYPE ?>"/>
364 <input type="hidden" name="SELF_URL_PATH" value="<?php echo $SELF_URL_PATH ?>"/>
365
366 <?php if ($need_confirm) { ?>
367 <p><input onclick="return confirm('Please read the warning above. Continue?')" type="submit" value="Initialize database" style="color : red"></p>
368 <?php } else { ?>
369 <p><input type="submit" value="Initialize database" style="color : red"></p>
370 <?php } ?>
371 </form>
372
373 </td><td>
374 <form method="post">
375 <input type="hidden" name="DB_USER" value="<?php echo $DB_USER ?>"/>
376 <input type="hidden" name="DB_PASS" value="<?php echo $DB_PASS ?>"/>
377 <input type="hidden" name="DB_NAME" value="<?php echo $DB_NAME ?>"/>
378 <input type="hidden" name="DB_HOST" value="<?php echo $DB_HOST ?>"/>
379 <input type="hidden" name="DB_PORT" value="<?php echo $DB_PORT ?>"/>
380 <input type="hidden" name="DB_TYPE" value="<?php echo $DB_TYPE ?>"/>
381 <input type="hidden" name="SELF_URL_PATH" value="<?php echo $SELF_URL_PATH ?>"/>
382
383 <input type="hidden" name="op" value="skipschema">
384 <p><input type="submit" value="Skip initialization"></p>
385 </form>
386
387 </td></tr></table>
388
389 <?php
390
391 } else if ($op == 'installschema' || $op == 'skipschema') {
392
393 $link = db_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME, $DB_TYPE);
394
395 if (!$link) {
396 print_error("Unable to connect to database using specified parameters.");
397 exit;
398 }
399
400 if ($op == 'installschema') {
401
402 print "<h2>Initializing database...</h2>";
403
404 $lines = explode(";", preg_replace("/[\r\n]/", "", file_get_contents("../schema/ttrss_schema_".basename($DB_TYPE).".sql")));
405
406 foreach ($lines as $line) {
407 if (strpos($line, "--") !== 0 && $line) {
408 db_query($link, $line, $DB_TYPE);
409 }
410 }
411
412 print_notice("Database initialization completed.");
413
414 } else {
415 print_notice("Database initialization skipped.");
416 }
417
418 print "<h2>Generated configuration file</h2>";
419
420 print "<p>Copy following text and save as <code>config.php</code> in tt-rss main directory. It is suggested to read through the file to the end in case you need any options changed fom default values.</p>";
421
422 print "<p>After copying the file, you will be able to login with default username and password combination: <code>admin</code> and <code>password</code>. Don't forget to change the password immediately!</p>"; ?>
423
424 <form action="" method="post">
425 <input type="hidden" name="op" value="saveconfig">
426 <input type="hidden" name="DB_USER" value="<?php echo $DB_USER ?>"/>
427 <input type="hidden" name="DB_PASS" value="<?php echo $DB_PASS ?>"/>
428 <input type="hidden" name="DB_NAME" value="<?php echo $DB_NAME ?>"/>
429 <input type="hidden" name="DB_HOST" value="<?php echo $DB_HOST ?>"/>
430 <input type="hidden" name="DB_PORT" value="<?php echo $DB_PORT ?>"/>
431 <input type="hidden" name="DB_TYPE" value="<?php echo $DB_TYPE ?>"/>
432 <input type="hidden" name="SELF_URL_PATH" value="<?php echo $SELF_URL_PATH ?>"/>
433 <?php print "<textarea cols=\"80\" rows=\"20\">";
434 echo make_config($DB_TYPE, $DB_HOST, $DB_USER, $DB_NAME, $DB_PASS,
435 $DB_PORT, $SELF_URL_PATH);
436 print "</textarea>"; ?>
437
438 <?php if (is_writable("..")) { ?>
439 <p>We can also try saving the file automatically now.</p>
440
441 <p><input type="submit" value="Save configuration"></p>
442 </form>
443 <?php } else {
444 print_error("Unfortunately, parent directory is not writable, so we're unable to save config.php automatically.");
445 }
446
447 print_notice("You can generate the file again by changing the form above.");
448
449 } else if ($op == "saveconfig") {
450
451 print "<h2>Saving configuration file to parent directory...</h2>";
452
453 if (!file_exists("../config.php")) {
454
455 $fp = fopen("../config.php", "w");
456
457 if ($fp) {
458 $written = fwrite($fp, make_config($DB_TYPE, $DB_HOST,
459 $DB_USER, $DB_NAME, $DB_PASS,
460 $DB_PORT, $SELF_URL_PATH));
461
462 if ($written > 0) {
463 print_notice("Successfully saved config.php. You can try <a href=\"..\">loading tt-rss now</a>.");
464
465 } else {
466 print_notice("Unable to write into config.php in tt-rss directory.");
467 }
468
469 fclose($fp);
470 } else {
471 print_error("Unable to open config.php in tt-rss directory for writing.");
472 }
473 } else {
474 print_error("config.php already present in tt-rss directory, refusing to overwrite.");
475 }
476 }
477 ?>
478
479 </div>
480
481 </body>
482 </html>
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/