Add setup script

2017-04-17 13:15:44 +02:00 · 2017-04-17 13:15:44 +02:00 · afeb389e09
commit afeb389e09
parent 1823f15611
8 changed files with 309 additions and 17 deletions
--- a/README.md
+++ b/README.md
@ -7,7 +7,7 @@ Together with a dedicated [μlogger mobile client](https://github.com/bfabiszews
 - http://flaa.fabiszewski.net/ulogger/

 ## Requirements:
- PHP 5.5 (5.4 with [password_compat](https://github.com/bfabiszewski/ulogger-server/blob/master/helpers/user.php#L24))
+- PHP 5.5 (5.4 with [password_compat](https://github.com/bfabiszewski/ulogger-server/blob/04b2b771398d8511bfa6fe8a85d58162bd32fc46/helpers/user.php#L24))
 - MySQL 4.1
 - browser with javascript enabled, cookies for authentication and saving preferences

@ -25,20 +25,19 @@ Together with a dedicated [μlogger mobile client](https://github.com/bfabiszews
 - simple admin menu

 ## Install
- Download the zip or clone the repository on your computer
- Move it to your web server directory
- Use script/ulogger.sql file to create database and tables (you can use a MySQL interface such as [PhpMyAdmin](https://www.phpmyadmin.net))
- Create a copy of config.default.php and rename it config.php. Add database credentials in it
- Make sure you have a web server running, e.g. Apache, also PHP and MySQL
- Open a browser and go to http://your_local_server/ulogger-server/
- Connect with admin/admin
- **Change admin password**
- Create other user if needed
+- Download zipped archive or clone the repository on your computer
+- Move it to your web server directory (unzip if needed)
+- Create database and MySQL user (at least SELECT, INSERT, UPDATE, DELETE privileges, CREATE, DROP for setup script)
+- Create a copy of `config.default.php` and rename it to `config.php`. Customize it and add database credentials
+- Edit `scripts/setup.php` script, enable it by setting [$enabled](https://github.com/bfabiszewski/ulogger-server/blob/master/scripts/setup.php#L21) value to `true`
+- Make sure you have a web server running with PHP and MySQL
+- Open http://YOUR_HOST/ulogger-server/scripts/setup.php page in your browser
+- Follow instructions in setup script. It will add database tables and set up your μlogger user
+- **Remember to remove or disable `scripts/setup.php` script**
+- Log in with your new user on http://YOUR_HOST/ulogger-server/

 ## Todo
- install script
- custom icons
- track editing
+- improve track editing
 - track display filters (accurracy, provider)

 ## License
--- a/helpers/config.php
+++ b/helpers/config.php
@ -137,6 +137,10 @@
      if (isset($_COOKIE["ulogger_interval"])) { self::$interval = $_COOKIE["ulogger_interval"]; }
    }

+    public function isFileLoaded() {
+      return self::$fileLoaded;
+    }
+
   /**
    * Regex to test if password matches strength and length requirements.
    * Valid for both php and javascript
--- a/helpers/db.php
+++ b/helpers/db.php
@ -45,7 +45,7 @@
          header("HTTP/1.1 503 Service Unavailable");
          exit;
        }
-        die("Database connection error (" . $this->connect_errno . ")");
+        die("Database connection error (" . $this->connect_error . ")");
      }
      $this->set_charset('utf8');
    }
--- a/lang.php
+++ b/lang.php
@ -41,4 +41,4 @@
  $lang['passrules'] = isset($lang["passrules"][$config::$pass_strength]) ? $lang["passrules"][$config::$pass_strength] : "";
  $lang['passlenmin'] = sprintf($lang["passlenmin"], $config::$pass_lenmin);

-?>
+?>
--- a/lang/en.php
+++ b/lang/en.php
@ -19,6 +19,34 @@

 // default language for translations

+// strings only used in setup
+$langSetup["dbconnectfailed"] = "Database connection failed.";
+$langSetup["serversaid"] = "Server said: %s"; // substitutes server error message
+$langSetup["checkdbsettings"] = "Please check database settings in 'config.php' file.";
+$langSetup["dbqueryfailed"] = "Database query failed.";
+$langSetup["dbtablessuccess"] = "Database tables successfully created!";
+$langSetup["setupuser"] = "Now please set up your µlogger user.";
+$langSetup["congratulations"] = "Congratulations!";
+$langSetup["setupcomplete"] = "Setup is now complete. You may go to the <a href=\"../index.php\">main page</a> now and log in with your new user account.";
+$langSetup["disablewarn"] = "IMPORTANT! YOU MUST DISABLE 'setup.php' SCRIPT OR REMOVE IT FROM YOUR SERVER.";
+$langSetup["disabledesc"] = "Leaving the script accessible from browser is a major security risk. Anybody will be able to run it, delete your database and set up new user account. Delete the file or disable it by setting %s value back to %s."; // substitutes variable name and value
+$langSetup["setupfailed"] = "Unfortunately something has gone wrong. You may try to find more info in your webserver logs.";
+$langSetup["welcome"] = "Welcome to µlogger!";
+$langSetup["phpversionwarn"] = "Warning! Your PHP version (%s) is probably too low. This application may not function properly with PHP versions lower than 5.4."; // substitutes php version number
+$langSetup["disabledwarn"] = "For security reasons this script is disabled by default. To enable it you must edit 'scripts/setup.php' file in text editor and set %s variable at the beginning of the file to %s."; // substitutes variable name and value
+$langSetup["lineshouldread"] = "Line: %s should read: %s";
+$langSetup["passfuncwarn"] = "Your PHP version does not support password functions that ship with PHP 5.5. You have to include password_compat library.";
+$langSetup["passfunchack"] = "Please edit 'helpers/user.php' file and uncomment line including 'helpers/password.php'.";
+$langSetup["dorestart"] = "Please restart this script when you are done.";
+$langSetup["createconfig"] = "Please create 'config.php' file in root folder. You may start by copying it from 'config.default.php'. Make sure that you adjust config values to match your needs and your database setup.";
+$langSetup["nodbsettings"] = "You must provide your database credentials in 'config.php' file (%s)."; // substitutes variable names
+$langSetup["scriptdesc"] = "This script will set up tables needed for µlogger. They will be created in your database named %s. Warning, if the tables already exist they will be dropped and recreated, their content will be destroyed."; // substitutes db name
+$langSetup["scriptdesc2"] = "When done the script will ask you to provide user name and password for your µlogger user.";
+$langSetup["startbutton"] = "Press to start";
+$langSetup["restartbutton"] = "Restart";
+
+
+// application strings
 $lang["title"] = "• μlogger •";
 $lang["private"] = "You need login and password to access this page.";
 $lang["authfail"] = "Wrong username or password";
--- a/lang/pl.php
+++ b/lang/pl.php
@ -17,6 +17,31 @@
 * along with this program; if not, see <http://www.gnu.org/licenses/>.
 */

+$langSetup["dbconnectfailed"] = "Błąd połączenia z bazą danych.";
+$langSetup["serversaid"] = "Komunikat serwera: %s";
+$langSetup["checkdbsettings"] = "Proszę sprawdzić konfigurację bazy danych w pliku 'config.php'.";
+$langSetup["dbqueryfailed"] = "Błąd zapytania do bazy danych.";
+$langSetup["dbtablessuccess"] = "Pomyślnie utworzono tablice w bazie danych!";
+$langSetup["setupuser"] = "Skonfiguruj teraz swojego użytkownika w µloggerze.";
+$langSetup["congratulations"] = "Gratulacje!";
+$langSetup["setupcomplete"] = "Konfiguracja zakończona. Możesz teraz przejść do <a href=\"../index.php\">strony głównej</a> i zalogować się na konto utworzonego użytkownika.";
+$langSetup["disablewarn"] = "WAŻNE! NAZLEŻY DEZAKTYWOWAĆ SKRYPT 'setup.php' ALBO USUNĄĆ GO Z SERWERA.";
+$langSetup["disabledesc"] = "Pozostawienie dostępu do skryptu z przeglądarki stanowi duże zagrożenie. Każdy będzie mógł go uruchomić, usunąć całą bazę danych i dodać nowego użytkownika. Usuń plik lub dezaktywuj go przywracając zmiennej %s wartość %s.";
+$langSetup["setupfailed"] = "Niestety coś poszło nie tak. Może znajdziesz więcej wskazówek w logach serwera www.";
+$langSetup["welcome"] = "Witaj w µloggerze!";
+$langSetup["phpversionwarn"] = "Uwaga! Twoja wersja PHP (%s) jest prawdopodobnie zbyt stara. Ta aplikacja może nie działać poprawnie z wersjami PHP niższymi od 5.4.";
+$langSetup["disabledwarn"] = "Ze względów bezpieczeństwa ten skrypt jest domyślnie wyłączony. Aby go aktywować należy otworzyć plik 'scripts/setup.php' w edytorze tekstu i zmienić wartość zmiennej %s na początku pliku na %s.";
+$langSetup["lineshouldread"] = "Linia: %s powinna zostać zmieniona na: %s";
+$langSetup["passfuncwarn"] = "Zainstalowana wersja PHP nie zawiera funkcji obsługujących hasła, dostępnych od wersji PHP 5.5. Musisz włączyć bibliotekę 'password_compat'.";
+$langSetup["passfunchack"] = "Otwórz proszę plik 'helpers/user.php' w edytorze tekstu i odkomentuj linię włączającą 'helpers/password.php'.";
+$langSetup["dorestart"] = "Uruchom ten skrypt ponownie, kiedy zakończysz.";
+$langSetup["createconfig"] = "Utwórz proszę plik 'config.php' w głównym folderze. Możesz skopiować jego początkową zawartość z pliku 'config.default.php'. Pamiętaj, żeby dostosować konfiguracje do swoich potrzeb i ustawień bazy danych.";
+$langSetup["nodbsettings"] = "Musisz skonfigurować parametry dostępu do bazy danych w pliku 'config.php' (%s).";
+$langSetup["scriptdesc"] = "Ten skrypt utworzy tablice niezbędne do działania aplikacji µlogger. Zostaną one utworzone w bazie danych o nazwie %s. Uwaga, jeśli tablice już istnieją, zostaną usunięte i utworzone ponownie, ich zawartość zostanie skasowana.";
+$langSetup["scriptdesc2"] = "Następnie skrypt poprosi o utworzenie konta do logowania w aplikacji µlogger.";
+$langSetup["startbutton"] = "Naciśnij, aby rozpocząć";
+$langSetup["restartbutton"] = "Uruchom ponownie";
+
 $lang["title"] = "• μlogger •";
 $lang["private"] = "Aby się zalogować musisz podać login i hasło";
 $lang["authfail"] = "błędny login lub hasło";
--- a/scripts/setup.php
+++ b/scripts/setup.php
@ -0,0 +1,235 @@
+<?php
+/* μlogger
+ *
+ * Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)
+ *
+ * This is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+// This script is disabled by default. Change below to true before running.
+$enabled = false;
+
+
+/* -------------------------------------------- */
+/* no user modifications should be needed below */
+
+define("ROOT_DIR", dirname(__DIR__));
+require_once(ROOT_DIR . "/helpers/user.php");
+require_once(ROOT_DIR . "/helpers/config.php");
+$config = new uConfig();
+
+require_once(ROOT_DIR . "/lang.php");
+
+$command = isset($_REQUEST['command']) ? $_REQUEST['command'] : NULL;
+
+$messages = [];
+switch ($command) {
+  case "setup":
+    $queries = [];
+    // positions
+    $queries[] = "DROP TABLE IF EXISTS `positions`";
+    $queries[] = "CREATE TABLE `positions` (
+                    `id` int(11) NOT NULL AUTO_INCREMENT,
+                    `time` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+                    `user_id` int(11) NOT NULL,
+                    `track_id` int(11) NOT NULL,
+                    `latitude` double NOT NULL,
+                    `longitude` double NOT NULL,
+                    `altitude` double DEFAULT NULL,
+                    `speed` double DEFAULT NULL,
+                    `bearing` double DEFAULT NULL,
+                    `accuracy` int(11) DEFAULT NULL,
+                    `provider` varchar(100) DEFAULT NULL,
+                    `comment` varchar(255) DEFAULT NULL,
+                    `image_id` int(11) DEFAULT NULL,
+                    PRIMARY KEY (`id`),
+                    KEY `index_trip_id` (`track_id`),
+                    KEY `index_user_id` (`user_id`)
+                  ) ENGINE=InnoDB DEFAULT CHARSET=utf8";
+
+    // tracks
+    $queries[] = "DROP TABLE IF EXISTS `tracks`";
+    $queries[] = "CREATE TABLE `tracks` (
+                    `id` int(11) NOT NULL AUTO_INCREMENT,
+                    `user_id` int(11) NOT NULL,
+                    `name` varchar(255) DEFAULT NULL,
+                    `comment` varchar(1024) DEFAULT NULL,
+                    PRIMARY KEY (`id`),
+                    KEY `user_id` (`user_id`)
+                  ) ENGINE=InnoDB DEFAULT CHARSET=utf8";
+
+    // users
+    $queries[] = "DROP TABLE IF EXISTS `users`";
+    $queries[] = "CREATE TABLE `users` (
+                    `id` int(11) NOT NULL AUTO_INCREMENT,
+                    `login` varchar(15) CHARACTER SET latin1 NOT NULL,
+                    `password` varchar(255) CHARACTER SET latin1 NOT NULL DEFAULT '',
+                    PRIMARY KEY (`id`),
+                    UNIQUE KEY `login` (`login`)
+                  ) ENGINE=InnoDB DEFAULT CHARSET=utf8";
+
+    $error = false;
+    mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
+    try {
+      $mysqli = new mysqli($config::$dbhost, $config::$dbuser, $config::$dbpass, $config::$dbname);
+    } catch (mysqli_sql_exception $e ) {
+      $messages[] = "<span class=\"warn\">{$langSetup["dbconnectfailed"]}</span>";
+      $messages[] = sprintf($langSetup["serversaid"], "<b>" . $e->getMessage() . "</b>");
+      $messages[] = $langSetup["checkdbsettings"];
+      break;
+    }
+    try {
+      $mysqli->set_charset('utf8');
+      foreach ($queries as $query) {
+        $mysqli->query($query);
+      }
+    } catch (mysqli_sql_exception $e) {
+        $messages[] = "<span class=\"warn\">{$langSetup["dbqueryfailed"]}</span>";
+        $messages[] = sprintf($langSetup["serversaid"], "<b>" . $e->getMessage() . "</b>");
+        $error = true;
+    }
+    $mysqli->close();
+    if (!$error) {
+      $messages[] = "<span class=\"ok\">{$langSetup["dbtablessuccess"]}</span>";
+      $messages[] = $langSetup["setupuser"];
+      $form = "<form id=\"userForm\" method=\"post\" action=\"setup.php\" onsubmit=\"return validateForm()\"><input type=\"hidden\" name=\"command\" value=\"adduser\">";
+      $form .= "<label><b>{$lang["username"]}</b></label><input type=\"text\" placeholder=\"{$lang["usernameenter"]}\" name=\"login\" required>";
+      $form .= "<label><b>{$lang["password"]}</b></label><input type=\"password\" placeholder=\"{$lang["passwordenter"]}\" name=\"pass\" required>";
+      $form .= "<label><b>{$lang["passwordrepeat"]}</b></label><input type=\"password\" placeholder=\"{$lang["passwordenter"]}\" name=\"pass2\" required>";
+      $form .= "<div class=\"buttons\"><button type=\"submit\">{$lang["submit"]}</button></div>";
+      $form .= "</form>";
+      $messages[] = $form;
+    }
+    break;
+
+  case "adduser":
+      $login = isset($_REQUEST['login']) ? $_REQUEST['login'] : NULL;
+      $pass = isset($_REQUEST['pass']) ? $_REQUEST['pass'] : NULL;
+
+      $user = new uUser();
+      if ($user->add($login, $pass) !== false) {
+        $messages[] = "<span class=\"ok\">{$langSetup["congratulations"]}</span>";
+        $messages[] = $langSetup["setupcomplete"];
+        $messages[] = "<span class=\"warn\">{$langSetup["disablewarn"]}</span><br>";
+        $messages[] = sprintf($langSetup["disabledesc"], "<b>\$enabled</b>", "<b>false</b>");
+      } else {
+        $messages[] = "<span class=\"warn\">{$langSetup["setupfailed"]}</span>";
+      }
+    break;
+
+  default:
+    $messages[] = $langSetup["welcome"];
+    if (version_compare(PHP_VERSION, '5.4.0', '<')) {
+      $messages[] = "<span class=\"warn\">" . sprintf($langSetup["phpversionwarn"], PHP_VERSION) . "</span>";
+    }
+    if (!isset($enabled) || $enabled === false) {
+      $messages[] = sprintf($langSetup["disabledwarn"], "<b>\$enabled</b>", "<b>true</b>");
+      $messages[] = sprintf($langSetup["lineshouldread"], "<br><span class=\"warn\">\$enabled = false;</span><br>", "<br><span class=\"ok\">\$enabled = true;</span>");
+      break;
+    }
+    if (!function_exists('password_hash')) {
+      $messages[] = $langSetup["passfuncwarn"];
+      $messages[] = $langSetup["passfunchack"];
+      $messages[] = sprintf($langSetup["lineshouldread"], "<br><span class=\"warn\">//require_once(ROOT_DIR . \"/helpers/password.php\");</span><br>", "<br><span class=\"ok\">require_once(ROOT_DIR . \"/helpers/password.php\");</span>");
+      $messages[] = $langSetup["dorestart"];
+      $messages[] = "<form method=\"post\" action=\"setup.php\"><button>{$langSetup["restartbutton"]}</button></form>";
+      break;
+    }
+    if (!$config->isFileLoaded()) {
+      $messages[] = $langSetup["createconfig"];
+      $messages[] = $langSetup["dorestart"];
+      $messages[] = "<form method=\"post\" action=\"setup.php\"><button>{$langSetup["restartbutton"]}</button></form>";
+      break;
+    }
+    if (empty($config::$dbname) || empty($config::$dbhost) || empty($config::$dbuser)) {
+      $messages[] = sprintf($langSetup["nodbsettings"], "\$dbname, \$dbhost, \$dbuser, \$dbpass");
+      $messages[] = $langSetup["dorestart"];
+      $messages[] = "<form method=\"post\" action=\"setup.php\"><button>{$langSetup["restartbutton"]}</button></form>";
+      break;
+    }
+    $messages[] = sprintf($langSetup["scriptdesc"], "<b>{$config::$dbname}</b>");
+    $messages[] = $langSetup["scriptdesc2"];
+    $messages[] = "<form method=\"post\" action=\"setup.php\"><input type=\"hidden\" name=\"command\" value=\"setup\"><button>{$langSetup["startbutton"]}</button></form>";
+    break;
+}
+
+?>
+
+<!DOCTYPE html>
+<html>
+  <head>
+    <title><?= $lang["title"] ?></title>
+    <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+    <meta name="viewport" content="initial-scale=1.0, user-scalable=no">
+    <link href="https://fonts.googleapis.com/css?family=Open+Sans:400,400i,700,700i&amp;subset=cyrillic" rel="stylesheet">
+    <link rel="stylesheet" type="text/css" href="../css/main.css">
+    <style>
+      #message {
+        font-family: 'Open Sans', Verdana, sans-serif;
+        font-size: 1.2em;
+        color: #f8f5f7;
+        padding: 10%;
+      }
+      #message input[type=text], #message input[type=password] {
+        width: 40em;
+        padding: 0.4em;
+        margin: 0.8em 0;
+        display: block;
+        border: 1px solid #ccc;
+        box-sizing: border-box;
+        border-radius: 5px;
+        -moz-border-radius: 5px;
+        -webkit-border-radius: 5px;
+      }
+      .warn {
+        color: #ffc747;
+      }
+      .ok {
+        color: #00e700;
+      }
+    </style>
+    <script type="text/javascript">
+      var lang = <?= json_encode($lang) ?>;
+      var pass_regex = <?= $config->passRegex() ?>;
+
+      function validateForm() {
+        var form = document.getElementById('userForm');
+        var login = form.elements['login'].value.trim();
+        var pass = form.elements['pass'].value;
+        var pass2 = form.elements['pass2'].value;
+        if (!login || !pass || !pass2) {
+          alert(lang['allrequired']);
+          return false;
+        }
+        if (pass != pass2) {
+          alert(lang['passnotmatch']);
+          return false;
+        }
+        if (!pass_regex.test(pass)) {
+          alert(lang['passlenmin'] + '\n' + lang['passrules']);
+          return false;
+        }
+        return true;
+      }
+    </script>
+  </head>
+
+  <body>
+    <div id="message">
+      <?php foreach ($messages as $message): ?>
+      <p><?= $message ?></p>
+      <?php endforeach; ?>
+    </div>
+  </body>
+</html>
--- a/scripts/ulogger.sql
+++ b/scripts/ulogger.sql
@ -100,6 +100,7 @@ ALTER TABLE `users`
 --
 -- This will add default user admin with password admin
 -- The password should be changed immediatelly after installation
+-- Uncomment if needed
 --
-INSERT INTO `users` (`id`, `login`, `password`) VALUES
-(1, 'admin', '$2y$10$7OvZrKgonVZM9lkzrTbiou.CVhO3HjPk5y0W9L68fVwPs/osBRIMq');
+-- INSERT INTO `users` (`id`, `login`, `password`) VALUES
+-- (1, 'admin', '$2y$10$7OvZrKgonVZM9lkzrTbiou.CVhO3HjPk5y0W9L68fVwPs/osBRIMq');