From afeb389e095989cefe2b2f4f380ac7cf992cafa3 Mon Sep 17 00:00:00 2001 From: Bartek Fabiszewski Date: Mon, 17 Apr 2017 13:15:44 +0200 Subject: [PATCH] Add setup script --- README.md | 25 +++-- helpers/config.php | 4 + helpers/db.php | 2 +- lang.php | 2 +- lang/en.php | 28 ++++++ lang/pl.php | 25 +++++ scripts/setup.php | 235 ++++++++++++++++++++++++++++++++++++++++++++ scripts/ulogger.sql | 5 +- 8 files changed, 309 insertions(+), 17 deletions(-) create mode 100644 scripts/setup.php diff --git a/README.md b/README.md index 8ebab90..05506ad 100755 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Together with a dedicated [μlogger mobile client](https://github.com/bfabiszews - http://flaa.fabiszewski.net/ulogger/ ## Requirements: -- PHP 5.5 (5.4 with [password_compat](https://github.com/bfabiszewski/ulogger-server/blob/master/helpers/user.php#L24)) +- PHP 5.5 (5.4 with [password_compat](https://github.com/bfabiszewski/ulogger-server/blob/04b2b771398d8511bfa6fe8a85d58162bd32fc46/helpers/user.php#L24)) - MySQL 4.1 - browser with javascript enabled, cookies for authentication and saving preferences @@ -25,20 +25,19 @@ Together with a dedicated [μlogger mobile client](https://github.com/bfabiszews - simple admin menu ## Install -- Download the zip or clone the repository on your computer -- Move it to your web server directory -- Use script/ulogger.sql file to create database and tables (you can use a MySQL interface such as [PhpMyAdmin](https://www.phpmyadmin.net)) -- Create a copy of config.default.php and rename it config.php. Add database credentials in it -- Make sure you have a web server running, e.g. Apache, also PHP and MySQL -- Open a browser and go to http://your_local_server/ulogger-server/ -- Connect with admin/admin -- **Change admin password** -- Create other user if needed +- Download zipped archive or clone the repository on your computer +- Move it to your web server directory (unzip if needed) +- Create database and MySQL user (at least SELECT, INSERT, UPDATE, DELETE privileges, CREATE, DROP for setup script) +- Create a copy of `config.default.php` and rename it to `config.php`. Customize it and add database credentials +- Edit `scripts/setup.php` script, enable it by setting [$enabled](https://github.com/bfabiszewski/ulogger-server/blob/master/scripts/setup.php#L21) value to `true` +- Make sure you have a web server running with PHP and MySQL +- Open http://YOUR_HOST/ulogger-server/scripts/setup.php page in your browser +- Follow instructions in setup script. It will add database tables and set up your μlogger user +- **Remember to remove or disable `scripts/setup.php` script** +- Log in with your new user on http://YOUR_HOST/ulogger-server/ ## Todo -- install script -- custom icons -- track editing +- improve track editing - track display filters (accurracy, provider) ## License diff --git a/helpers/config.php b/helpers/config.php index 8f2e4bd..e30bb77 100644 --- a/helpers/config.php +++ b/helpers/config.php @@ -137,6 +137,10 @@ if (isset($_COOKIE["ulogger_interval"])) { self::$interval = $_COOKIE["ulogger_interval"]; } } + public function isFileLoaded() { + return self::$fileLoaded; + } + /** * Regex to test if password matches strength and length requirements. * Valid for both php and javascript diff --git a/helpers/db.php b/helpers/db.php index db7b030..e28b800 100644 --- a/helpers/db.php +++ b/helpers/db.php @@ -45,7 +45,7 @@ header("HTTP/1.1 503 Service Unavailable"); exit; } - die("Database connection error (" . $this->connect_errno . ")"); + die("Database connection error (" . $this->connect_error . ")"); } $this->set_charset('utf8'); } diff --git a/lang.php b/lang.php index 3a61736..a2fe7be 100755 --- a/lang.php +++ b/lang.php @@ -41,4 +41,4 @@ $lang['passrules'] = isset($lang["passrules"][$config::$pass_strength]) ? $lang["passrules"][$config::$pass_strength] : ""; $lang['passlenmin'] = sprintf($lang["passlenmin"], $config::$pass_lenmin); -?> +?> \ No newline at end of file diff --git a/lang/en.php b/lang/en.php index 0a2c5e4..50e8a55 100644 --- a/lang/en.php +++ b/lang/en.php @@ -19,6 +19,34 @@ // default language for translations +// strings only used in setup +$langSetup["dbconnectfailed"] = "Database connection failed."; +$langSetup["serversaid"] = "Server said: %s"; // substitutes server error message +$langSetup["checkdbsettings"] = "Please check database settings in 'config.php' file."; +$langSetup["dbqueryfailed"] = "Database query failed."; +$langSetup["dbtablessuccess"] = "Database tables successfully created!"; +$langSetup["setupuser"] = "Now please set up your µlogger user."; +$langSetup["congratulations"] = "Congratulations!"; +$langSetup["setupcomplete"] = "Setup is now complete. You may go to the main page now and log in with your new user account."; +$langSetup["disablewarn"] = "IMPORTANT! YOU MUST DISABLE 'setup.php' SCRIPT OR REMOVE IT FROM YOUR SERVER."; +$langSetup["disabledesc"] = "Leaving the script accessible from browser is a major security risk. Anybody will be able to run it, delete your database and set up new user account. Delete the file or disable it by setting %s value back to %s."; // substitutes variable name and value +$langSetup["setupfailed"] = "Unfortunately something has gone wrong. You may try to find more info in your webserver logs."; +$langSetup["welcome"] = "Welcome to µlogger!"; +$langSetup["phpversionwarn"] = "Warning! Your PHP version (%s) is probably too low. This application may not function properly with PHP versions lower than 5.4."; // substitutes php version number +$langSetup["disabledwarn"] = "For security reasons this script is disabled by default. To enable it you must edit 'scripts/setup.php' file in text editor and set %s variable at the beginning of the file to %s."; // substitutes variable name and value +$langSetup["lineshouldread"] = "Line: %s should read: %s"; +$langSetup["passfuncwarn"] = "Your PHP version does not support password functions that ship with PHP 5.5. You have to include password_compat library."; +$langSetup["passfunchack"] = "Please edit 'helpers/user.php' file and uncomment line including 'helpers/password.php'."; +$langSetup["dorestart"] = "Please restart this script when you are done."; +$langSetup["createconfig"] = "Please create 'config.php' file in root folder. You may start by copying it from 'config.default.php'. Make sure that you adjust config values to match your needs and your database setup."; +$langSetup["nodbsettings"] = "You must provide your database credentials in 'config.php' file (%s)."; // substitutes variable names +$langSetup["scriptdesc"] = "This script will set up tables needed for µlogger. They will be created in your database named %s. Warning, if the tables already exist they will be dropped and recreated, their content will be destroyed."; // substitutes db name +$langSetup["scriptdesc2"] = "When done the script will ask you to provide user name and password for your µlogger user."; +$langSetup["startbutton"] = "Press to start"; +$langSetup["restartbutton"] = "Restart"; + + +// application strings $lang["title"] = "• μlogger •"; $lang["private"] = "You need login and password to access this page."; $lang["authfail"] = "Wrong username or password"; diff --git a/lang/pl.php b/lang/pl.php index 1b32ffb..a0922f8 100644 --- a/lang/pl.php +++ b/lang/pl.php @@ -17,6 +17,31 @@ * along with this program; if not, see . */ +$langSetup["dbconnectfailed"] = "Błąd połączenia z bazą danych."; +$langSetup["serversaid"] = "Komunikat serwera: %s"; +$langSetup["checkdbsettings"] = "Proszę sprawdzić konfigurację bazy danych w pliku 'config.php'."; +$langSetup["dbqueryfailed"] = "Błąd zapytania do bazy danych."; +$langSetup["dbtablessuccess"] = "Pomyślnie utworzono tablice w bazie danych!"; +$langSetup["setupuser"] = "Skonfiguruj teraz swojego użytkownika w µloggerze."; +$langSetup["congratulations"] = "Gratulacje!"; +$langSetup["setupcomplete"] = "Konfiguracja zakończona. Możesz teraz przejść do strony głównej i zalogować się na konto utworzonego użytkownika."; +$langSetup["disablewarn"] = "WAŻNE! NAZLEŻY DEZAKTYWOWAĆ SKRYPT 'setup.php' ALBO USUNĄĆ GO Z SERWERA."; +$langSetup["disabledesc"] = "Pozostawienie dostępu do skryptu z przeglądarki stanowi duże zagrożenie. Każdy będzie mógł go uruchomić, usunąć całą bazę danych i dodać nowego użytkownika. Usuń plik lub dezaktywuj go przywracając zmiennej %s wartość %s."; +$langSetup["setupfailed"] = "Niestety coś poszło nie tak. Może znajdziesz więcej wskazówek w logach serwera www."; +$langSetup["welcome"] = "Witaj w µloggerze!"; +$langSetup["phpversionwarn"] = "Uwaga! Twoja wersja PHP (%s) jest prawdopodobnie zbyt stara. Ta aplikacja może nie działać poprawnie z wersjami PHP niższymi od 5.4."; +$langSetup["disabledwarn"] = "Ze względów bezpieczeństwa ten skrypt jest domyślnie wyłączony. Aby go aktywować należy otworzyć plik 'scripts/setup.php' w edytorze tekstu i zmienić wartość zmiennej %s na początku pliku na %s."; +$langSetup["lineshouldread"] = "Linia: %s powinna zostać zmieniona na: %s"; +$langSetup["passfuncwarn"] = "Zainstalowana wersja PHP nie zawiera funkcji obsługujących hasła, dostępnych od wersji PHP 5.5. Musisz włączyć bibliotekę 'password_compat'."; +$langSetup["passfunchack"] = "Otwórz proszę plik 'helpers/user.php' w edytorze tekstu i odkomentuj linię włączającą 'helpers/password.php'."; +$langSetup["dorestart"] = "Uruchom ten skrypt ponownie, kiedy zakończysz."; +$langSetup["createconfig"] = "Utwórz proszę plik 'config.php' w głównym folderze. Możesz skopiować jego początkową zawartość z pliku 'config.default.php'. Pamiętaj, żeby dostosować konfiguracje do swoich potrzeb i ustawień bazy danych."; +$langSetup["nodbsettings"] = "Musisz skonfigurować parametry dostępu do bazy danych w pliku 'config.php' (%s)."; +$langSetup["scriptdesc"] = "Ten skrypt utworzy tablice niezbędne do działania aplikacji µlogger. Zostaną one utworzone w bazie danych o nazwie %s. Uwaga, jeśli tablice już istnieją, zostaną usunięte i utworzone ponownie, ich zawartość zostanie skasowana."; +$langSetup["scriptdesc2"] = "Następnie skrypt poprosi o utworzenie konta do logowania w aplikacji µlogger."; +$langSetup["startbutton"] = "Naciśnij, aby rozpocząć"; +$langSetup["restartbutton"] = "Uruchom ponownie"; + $lang["title"] = "• μlogger •"; $lang["private"] = "Aby się zalogować musisz podać login i hasło"; $lang["authfail"] = "błędny login lub hasło"; diff --git a/scripts/setup.php b/scripts/setup.php new file mode 100644 index 0000000..400820e --- /dev/null +++ b/scripts/setup.php @@ -0,0 +1,235 @@ +. + */ + +// This script is disabled by default. Change below to true before running. +$enabled = false; + + +/* -------------------------------------------- */ +/* no user modifications should be needed below */ + +define("ROOT_DIR", dirname(__DIR__)); +require_once(ROOT_DIR . "/helpers/user.php"); +require_once(ROOT_DIR . "/helpers/config.php"); +$config = new uConfig(); + +require_once(ROOT_DIR . "/lang.php"); + +$command = isset($_REQUEST['command']) ? $_REQUEST['command'] : NULL; + +$messages = []; +switch ($command) { + case "setup": + $queries = []; + // positions + $queries[] = "DROP TABLE IF EXISTS `positions`"; + $queries[] = "CREATE TABLE `positions` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP, + `user_id` int(11) NOT NULL, + `track_id` int(11) NOT NULL, + `latitude` double NOT NULL, + `longitude` double NOT NULL, + `altitude` double DEFAULT NULL, + `speed` double DEFAULT NULL, + `bearing` double DEFAULT NULL, + `accuracy` int(11) DEFAULT NULL, + `provider` varchar(100) DEFAULT NULL, + `comment` varchar(255) DEFAULT NULL, + `image_id` int(11) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `index_trip_id` (`track_id`), + KEY `index_user_id` (`user_id`) + ) ENGINE=InnoDB DEFAULT CHARSET=utf8"; + + // tracks + $queries[] = "DROP TABLE IF EXISTS `tracks`"; + $queries[] = "CREATE TABLE `tracks` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `user_id` int(11) NOT NULL, + `name` varchar(255) DEFAULT NULL, + `comment` varchar(1024) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `user_id` (`user_id`) + ) ENGINE=InnoDB DEFAULT CHARSET=utf8"; + + // users + $queries[] = "DROP TABLE IF EXISTS `users`"; + $queries[] = "CREATE TABLE `users` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `login` varchar(15) CHARACTER SET latin1 NOT NULL, + `password` varchar(255) CHARACTER SET latin1 NOT NULL DEFAULT '', + PRIMARY KEY (`id`), + UNIQUE KEY `login` (`login`) + ) ENGINE=InnoDB DEFAULT CHARSET=utf8"; + + $error = false; + mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); + try { + $mysqli = new mysqli($config::$dbhost, $config::$dbuser, $config::$dbpass, $config::$dbname); + } catch (mysqli_sql_exception $e ) { + $messages[] = "{$langSetup["dbconnectfailed"]}"; + $messages[] = sprintf($langSetup["serversaid"], "" . $e->getMessage() . ""); + $messages[] = $langSetup["checkdbsettings"]; + break; + } + try { + $mysqli->set_charset('utf8'); + foreach ($queries as $query) { + $mysqli->query($query); + } + } catch (mysqli_sql_exception $e) { + $messages[] = "{$langSetup["dbqueryfailed"]}"; + $messages[] = sprintf($langSetup["serversaid"], "" . $e->getMessage() . ""); + $error = true; + } + $mysqli->close(); + if (!$error) { + $messages[] = "{$langSetup["dbtablessuccess"]}"; + $messages[] = $langSetup["setupuser"]; + $form = "
"; + $form .= ""; + $form .= ""; + $form .= ""; + $form .= "
"; + $form .= "
"; + $messages[] = $form; + } + break; + + case "adduser": + $login = isset($_REQUEST['login']) ? $_REQUEST['login'] : NULL; + $pass = isset($_REQUEST['pass']) ? $_REQUEST['pass'] : NULL; + + $user = new uUser(); + if ($user->add($login, $pass) !== false) { + $messages[] = "{$langSetup["congratulations"]}"; + $messages[] = $langSetup["setupcomplete"]; + $messages[] = "{$langSetup["disablewarn"]}
"; + $messages[] = sprintf($langSetup["disabledesc"], "\$enabled", "false"); + } else { + $messages[] = "{$langSetup["setupfailed"]}"; + } + break; + + default: + $messages[] = $langSetup["welcome"]; + if (version_compare(PHP_VERSION, '5.4.0', '<')) { + $messages[] = "" . sprintf($langSetup["phpversionwarn"], PHP_VERSION) . ""; + } + if (!isset($enabled) || $enabled === false) { + $messages[] = sprintf($langSetup["disabledwarn"], "\$enabled", "true"); + $messages[] = sprintf($langSetup["lineshouldread"], "
\$enabled = false;
", "
\$enabled = true;"); + break; + } + if (!function_exists('password_hash')) { + $messages[] = $langSetup["passfuncwarn"]; + $messages[] = $langSetup["passfunchack"]; + $messages[] = sprintf($langSetup["lineshouldread"], "
//require_once(ROOT_DIR . \"/helpers/password.php\");
", "
require_once(ROOT_DIR . \"/helpers/password.php\");"); + $messages[] = $langSetup["dorestart"]; + $messages[] = "
"; + break; + } + if (!$config->isFileLoaded()) { + $messages[] = $langSetup["createconfig"]; + $messages[] = $langSetup["dorestart"]; + $messages[] = "
"; + break; + } + if (empty($config::$dbname) || empty($config::$dbhost) || empty($config::$dbuser)) { + $messages[] = sprintf($langSetup["nodbsettings"], "\$dbname, \$dbhost, \$dbuser, \$dbpass"); + $messages[] = $langSetup["dorestart"]; + $messages[] = "
"; + break; + } + $messages[] = sprintf($langSetup["scriptdesc"], "{$config::$dbname}"); + $messages[] = $langSetup["scriptdesc2"]; + $messages[] = "
"; + break; +} + +?> + + + + + <?= $lang["title"] ?> + + + + + + + + + +
+ +

+ +
+ + \ No newline at end of file diff --git a/scripts/ulogger.sql b/scripts/ulogger.sql index 4e975aa..fd3d69e 100755 --- a/scripts/ulogger.sql +++ b/scripts/ulogger.sql @@ -100,6 +100,7 @@ ALTER TABLE `users` -- -- This will add default user admin with password admin -- The password should be changed immediatelly after installation +-- Uncomment if needed -- -INSERT INTO `users` (`id`, `login`, `password`) VALUES -(1, 'admin', '$2y$10$7OvZrKgonVZM9lkzrTbiou.CVhO3HjPk5y0W9L68fVwPs/osBRIMq'); \ No newline at end of file +-- INSERT INTO `users` (`id`, `login`, `password`) VALUES +-- (1, 'admin', '$2y$10$7OvZrKgonVZM9lkzrTbiou.CVhO3HjPk5y0W9L68fVwPs/osBRIMq'); \ No newline at end of file