<!DOCTYPE html>

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

<title>IMREE Setup</title>

<style>

label {

width:200px;

float:left;

display:box;

}

input {

width:250px;

}

.success {

display:block;

background-color:rgb(150,255,210);

border:1px solid #00aa00;

padding:.5em;

margin:.5em;

}

.error {

display:block;

font-size:1.2em;

background-color:#FF7943;

border:1px solid #FF0000;

padding:.5em;

margin:.5em;

}

</style>

</head>

<body>

<?php

if(file_exists("../config.php")) {

die("IMREE is already setup. To run this program again, delete the config.php from the folder 'above' the imree-php folder");

}

echo "<h1>Starting IMREE Setup</h1>";

/**

$url = $_SERVER['REQUEST_URI']; //returns the current URL

$parts = explode('/',$url);

$dir = $_SERVER['SERVER_NAME'];

for ($i = 0; $i < count($parts) - 1; $i++) { $dir .= $parts[$i] . "/"; }

if (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] === 'off') {

$protocol = 'http://';

} else {

$protocol = 'https://';

}

try{

@$test_redirect_content = file_get_contents($protocol.$dir.'file/abc'); //return '1' if succesful

} catch (Exception $e) {

$test_redirect_content = '0';

}

if($test_redirect_content !== "1") {

echo "<p class='error'>MOD REWRITE Disabled! Your server is either not using mod-rewrite, your server has blocked directory-level overrides (.htaccess files), or both. We use mod-rewrite for the file display features and pretty urls. We can setup your IMREE anyway, but it won't be very useful until this resolved.</p>";

} else {

echo "<p class='success'>Mod Rewrite Enabled.</p>";

}

/**

if(file_put_contents("../config.php","") === false) {

die("<p class='error'>RROR: PHP Cannot write to '../config.php'. the imree-php folder works best when it is NOT the root directory of your webserver. You can also solve this problem by creating a config.php file in setup.php's folder's parent's folder (../) and set its permissions to something more relaxed. Be sure to change the permissions back if/when setup.php is complete.</p>");

} else {

echo "<p class='success'>../config.php is writeable.</p>";

}

unlink('../config.php');

$errors = array();

if(isset($_POST['action']) AND $_POST['action'] === 'setup') {

$require_fields = array(

"db_type",

"db_host",

"db_admin_username",

"db_admin_password",

"root_domain",

"imree_absolute_path",

"google_from",

"google_username",

"google_password",

"google_signature",

"imree_admin_user",

"imree_admin_pass",

"imree_admin_pass_copy",

);

foreach($require_fields as $field) {

if(!isset($_POST[$field]) OR strlen($_POST[$field]) < 1) {

$errors[] = $field . " is required";

}

}

//Per entry checks

if($_POST['imree_admin_pass'] !== $_POST['imree_admin_pass_copy']) {

$errors[] = "The passwords you provided for the new IMREE admin account do not match";

}

if(substr($_POST['root_domain'], 0, 4) === "http" OR substr($_POST['root_domain'], -1) === "/") {

$errors[] = "The Root Domain is invalid.";

}

if(substr($_POST['imree_absolute_path'], 0, 4) !== "http" OR substr($_POST['imree_absolute_path'], -1) !== "/") {

$errors[] = "The Absolute IMREE Path in invalid.";

}

if(strpos($_POST['imree_absolute_path'], $_POST['root_domain']) === false) {

$errors[] = "The Absolute IMREE Path does not include the Root Domain.";

}

try{

$db = new PDO($_POST['db_type'] . ":host=" . $_POST['db_host'] . ";",$_POST['db_admin_username'],$_POST['db_admin_password']);

} catch (PDOException $e) {

$errors[] = "The username, password, db_type, or db_host you provided for the database connection information is incorrect. ".$e->getMessage();

}

if(count($errors) === 0) {

if(isset($db) AND $db != null) {

require_once('shared_functions/functions.core.php');

$db->exec("DROP DATABASE IF EXISTS ulogin;");

$db->exec("DROP DATABASE IF EXISTS imree;");

$db->exec("

");

if((int)$db->errorCode() === 0) {

echo "<p class='success'>Created databases imree, ulogin with table structures</p>";

} else {

echo "<div class='error'>There was a problem creating imree, ulogin databases with table structures: ".print_r($db->errorInfo(), true)."</div>";

}

$imree_username = "imree-php-conn";

$imree_password = random_string(18);

create_user($db,$imree_username, $imree_password, 'imree', '*', $_POST['db_host']);

$UL_PDO_UPDATE_USER = "ulogin_update";

$UL_PDO_UPDATE_PWD = random_string(18);

if($_POST['db_host'] === 'localhost') {

$host = "localhost";

} else {

$host = "%";

}

create_user($db, $UL_PDO_UPDATE_USER,$UL_PDO_UPDATE_PWD,'ulogin','ul_logins',$host,'SELECT, UPDATE, INSERT ');

$UL_PDO_AUTH_USER = "ulogin_auth";

$UL_PDO_AUTH_PWD = random_string(26);

create_user($db, $UL_PDO_AUTH_USER,$UL_PDO_AUTH_PWD,'ulogin','*',$host,'SELECT, INSERT, UPDATE, DELETE');

echo "<p>MySQL Users Created.</p>";

$cfg = '<?php

$files_url = "'.$_POST['imree_absolute_path'].'file/";

define("UL_DOMAIN", "'.$_POST['root_domain'].'");

$imree_absolute_path = "'.$_POST['imree_absolute_path'].'";

$imree_curator_absolute_path = "'.$_POST['imree_absolute_path'].'curator/";

$google_analytics_account = "'.$_POST['google_analytics_account'].'";

$cfg_db_type = "'.$_POST['db_type'].'";

$cfg_db_host = "'.$_POST['db_host'].'";

$cfg_db_username = "'.$imree_username.'";

$cfg_db_password = "'.$imree_password.'";

$re_captcha_key_public = "'.$_POST['re_captcha_key_public'].'";

$re_captcha_key_private = "'.$_POST['re_captcha_key_private'].'";

$google_from_name = "'.$_POST['google_from'].'";

$google_username = "'.$_POST['google_username'].'";

$google_password = "'.$_POST['google_password'].'";

$email_signature = "'.$_POST['google_signature'].'";

define("UL_SITE_KEY", "'.random_string(64).'");

define("UL_PDO_UPDATE_USER", "'.$UL_PDO_UPDATE_USER.'");

define("UL_PDO_UPDATE_PWD", "'.$UL_PDO_UPDATE_PWD.'");

define("UL_PDO_AUTH_USER", "'.$UL_PDO_AUTH_USER.'");

define("UL_PDO_AUTH_PWD", "'.$UL_PDO_AUTH_PWD.'");

define("UL_PDO_DELETE_USER", "'.$UL_PDO_AUTH_USER.'");

define("UL_PDO_DELETE_PWD", "'.$UL_PDO_AUTH_PWD.'");

define("UL_PDO_SESSIONS_USER", "'.$UL_PDO_AUTH_USER.'");

define("UL_PDO_SESSIONS_PWD", "'.$UL_PDO_AUTH_PWD.'");

define("UL_PDO_LOG_USER", "'.$UL_PDO_AUTH_USER.'");

define("UL_PDO_LOG_PWD", "'.$UL_PDO_AUTH_PWD.'");

';

if(file_put_contents("../config.php", $cfg) === false) {

echo "<p>We tried to create a config file but it failed. Below is the config data:</p>\n\n\n".$cfg;

die();

}

$d = dir("../");

set_include_path($d->path);

require_once("../config.php");

$now = date_format(new DateTime(), UL_DATETIME_FORMAT);

$hashed_password = ulPassword::Hash($_POST['imree_admin_pass'], UL_PWD_FUNC);

$db->exec("

username=".$db->quote($_POST['imree_admin_user']).",

password=".$db->quote($hashed_password).",

date_created=".$db->quote($now).",

block_expires=".$db->quote($now).";");

$user_id = $db->lastInsertId();

if($user_id > 0) {

echo "<p class='success'>User ".$_POST['imree_admin_user']." created succesfully.";

$db->exec("

INSERT INTO imree.people SET person_name_last = 'Admin', person_name_first = 'IMREE', person_title = 'system admin', ul_user_id='".$user_id."';");

} else {

print_r($db->errorInfo());

echo "<p class='error'>The authentication system was unable to create an administrative user for you</p>";

}

echo "<div class='success'><h2>Setup Complete</h2>

</div>";

} else {

$errors[] = "Could not connect to database.";

}

}

}

if(!(isset($_POST['action']) AND $_POST['action'] === 'setup') OR count($errors)) {

foreach($errors as $err) {

echo "<div class='error'>".$err."</div>";

}

?>

<form action='setup.php' method='POST'>

<fieldset>

<legend>Database Connections</legend>

<label for='db_type'>Database Type</label><input id='db_type' name='db_type' type='text' value='<?php echo isset($_POST['db_type']) ? $_POST['db_type'] : 'mysql'; ?>' ><br>

<label for='db_host'>Database Host</label><input id='db_host' name='db_host' type='text' value='<?php echo isset($_POST['db_host']) ? $_POST['db_host'] : 'localhost'; ?>'><br>

<p>The following information will NOT be saved in the config file. It is used to create new users and database tables for you.</p>

<label for='db_admin_username'>Database Admin Username</label><input id='db_admin_username' name='db_admin_username' type='text' value='<?php echo isset($_POST['db_admin_username']) ? $_POST['db_admin_username'] : ''; ?>' ><br>

<label for='db_admin_password'>Database Admin Password</label><input id='db_admin_password' name='db_admin_password' type='password' value='<?php echo isset($_POST['db_admin_password']) ? $_POST['db_admin_password'] : ''; ?>' ><br>

</fieldset>

<fieldset>

<legend>IMREE Admin Account</legend>

<p>We're going to create an admin account for this installation of IMREE but we need to know what username and password you'd like to use for that. All usernames MUST BE an email address (although, the admin account is never confirmed as an active account).</p>

<label for='imree_admin_user'>IMREE Admin Username</label><input id='imree_admin_user' name='imree_admin_user' type='text' value='<?php echo isset($_POST['imree_admin_user']) ? $_POST['imree_admin_user'] : '[email protected]'; ?>'><br>

<label for='imree_admin_pass'>IMREE Admin Password</label><input id='imree_admin_pass' name='imree_admin_pass' type='password' value='<?php echo isset($_POST['imree_admin_pass']) ? $_POST['imree_admin_pass'] : ''; ?>'><br>

<label for='imree_admin_pass_copy'>IMREE Admin Password</label><input id='imree_admin_pass_copy' name='imree_admin_pass_copy' type='password' value='<?php echo isset($_POST['imree_admin_pass_copy']) ? $_POST['imree_admin_pass_copy'] : ''; ?>' ><br>

</fieldset>

<fieldset>

<legend>Domain</legend>

<p>This must be the same domain name that the browser uses to fetch your website, without the protocol specifier (don't use 'http(s)://'). For development on the local machine, use 'localhost'. Takes the same format as the 'domain' parameter of the PHP setcookie function.</p>

<label for='root_domain'>Website Domain</label><input id='root_domain' name='root_domain' type='text' value='<?php echo isset($_POST['root_domain']) ? $_POST['root_domain'] : 'imree.mysite.com'; ?>' ><br>

<p>The absolute IMREE Path should include the protocol (http(s)), and directory information, and end with a trailing slash</p>

<label for='imree_absolute_path'>Absolute IMREE Path</label><input id='imree_absolute_path' name='imree_absolute_path' type='text' value='<?php echo isset($_POST['imree_absolute_path']) ? $_POST['imree_absolute_path'] : 'http://imree.mysite.com/imree-php/'; ?>' ><br>

</fieldset>

<fieldset>

<legend>3rd Party Accounts</legend>

<p>Your Google Analytics Property ID (i.e. XXXXXXXXX-XX)</p>

<label for='google_analytics_account'>Analytics ID</label><input id='google_analytics_account' name='google_analytics_account' type='text' value='<?php echo isset($_POST['google_analytics_account']) ? $_POST['google_analytics_account'] : ''; ?>' ><br>

<p>A recaptcha account. <a href='http://www.google.com/recaptcha' target="_blank">http://www.google.com/recaptcha</a></p>

<label for='re_captcha_key_public'>Recaptcha Public Key</label><input id='re_captcha_key_public' name='re_captcha_key_public' type='text' value='<?php echo isset($_POST['re_captcha_key_public']) ? $_POST['re_captcha_key_public'] : ''; ?>' ><br>

<label for='re_captcha_key_private'>Recaptcha Private Key</label><input id="re_captcha_key_private" name='re_captcha_key_private' type='text' value='<?php echo isset($_POST['re_captcha_key_private']) ? $_POST['re_captcha_key_private'] : ''; ?>' ><br>

<p>For ease of installation. IMREE sends email through a gmail address. This can be changed in shared_function/functions.core.php under send_gmail().</p>

<label for='google_from'>From Name</label><input id='google_from' name='google_from' type='text' value='<?php echo isset($_POST['google_from']) ? $_POST['google_from'] : 'Library - no-reply'; ?>' ><br>

<p>Your google username EXCLUDES the @gmail.com. We just want the username, not the full email address</p>

<label for='google_username'>Google Username</label><input id='google_username' name='google_username' type='text' value='<?php echo isset($_POST['google_username']) ? $_POST['google_username'] : ''; ?>' ><br>

<label for='google_password'>Google Password</label><input id='google_password' name='google_password' type='password' value='<?php echo isset($_POST['google_password']) ? $_POST['google_password'] : ''; ?>' ><br>

<label for='google_signature'>Email Signature Line</label><input id='google_signature' name='google_signature' type='text' value='<?php echo isset($_POST['google_signature']) ? $_POST['google_signature'] : '-IMREE Admin Team'; ?>' ><br>

</fieldset>

<input type='hidden' name='action' value='setup' >

<button type='submit'>Create Configuration File</button>

</form>

<?php

}

/** Below are helper functions to make the code above as cleaner **/

function create_user($conn, $username, $password, $database, $table, $host, $permission = "SELECT, INSERT, UPDATE, DELETE ") {

}

if(!function_exists('get_headers'))

{

function get_headers($url,$format=0)

}

}

?>

</body>

</html>