forked from ademcan/canSnippet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall.php
136 lines (117 loc) · 4.47 KB
/
install.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<?php
/*
@author: Ademcan ([email protected])
@name: install.php
@description: installation page
REMOVE AFTER SUCCESSFUL INSTALLATION
*/
include "config.php";
if (file_exists($config["dbname"])) {
echo "Installation process already done";
} else {
?>
<head>
<link rel="stylesheet" href="css/flat.css" type="text/css" media="screen" />
<title>
Installation of canSnippets
</title>
</head>
<html>
<body>
<div id="installWindow">
<b><font color="#27ae60">Welcome to the installation page of canSnippet <br>
Please fill in the following form </font></b><br><br><br>
<center>
<form name="register" action="install.php" method="post">
<table>
<tr><td width="150px">Title :</td><td> <input type="text" name="title" /></td></tr>
<tr><td>Username :</td><td> <input type="text" name="username" maxlength="30" /></td></tr>
<tr><td>Password :</td><td> <input type="password" name="pass1" /></td></tr>
<tr><td>Password Again :</td><td> <input type="password" name="pass2" /></td></tr>
</table>
</center>
<?php
if(is_writable(dirname($config["dbname"])))
{
?>
<input type="submit" value="Install" class="installButton"/>
<?php
}else{
?>
<h2>You don't have write permissions on this directory <?= realpath(dirname($config["dbname"]))?></h2>
<?php
}
?>
</form>
</div>
<?php
// INSTALLATION
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Create users table
if (!class_exists('SQLite3'))
die("SQLite 3 NOT supported.");
$base = new SQLite3($config["dbname"]);
$query = "CREATE TABLE user(
username VARCHAR(30) NOT NULL UNIQUE,
password VARCHAR(64) NOT NULL,
salt VARCHAR(3) NOT NULL,
PRIMARY KEY(username)
)";
$results = $base->exec($query);
//retrieve our data from POST
$username = SQLite3::escapeString(trim(strval($_POST['username'])));
$pass1 = trim(strval($_POST['pass1']));
$pass2 = trim(strval($_POST['pass2']));
// check if both passwords are identical
if ($pass1 != $pass2)
header('Location: install.php');
// limit the size of the username to 30 characters
if (strlen($username) > 30)
header('Location: install.php');
$hash = hash('sha256', $pass1);
//creates a 3 character sequence for salt
function createSalt() {
$string = md5(uniqid(rand(), true));
return substr($string, 0, 3);
}
$salt = createSalt();
$hash = hash('sha256', $salt . $hash);
// special characters protection
$title = htmlentities($_POST['title'],ENT_QUOTES);
// Add the user to the database
$addUser = "INSERT INTO user(username, password, salt)
VALUES ('$username' , '$hash' ,'$salt')";
$base->exec($addUser);
// Create snippets table
$createSnippetsDatabase = "CREATE TABLE snippets(
ID INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
language longtext,
description longtext,
name longtext,
code longtext,
date date,
private integer
)";
$base->exec($createSnippetsDatabase);
// Create settings table
$createSettingsDatabase = "CREATE TABLE settings(
ID INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT,
username longtext,
title longtext,
theme longtext
)";
$base->exec($createSettingsDatabase);
// Add default settings to database
$addDefaultSettings = "INSERT INTO settings(username, title, theme)
VALUES ('$username' , '$title', 'flat')";
$base->exec($addDefaultSettings);
?>
<script>
location.href = 'index.php';
</script>
<?php
}
?>
</body>
</html>
<?php } ?>