2007-03-24 08:27:00 +01:00
< ? php
2007-09-30 17:53:54 +02:00
/**
* Postfix Admin
*
* LICENSE
* This source file is subject to the GPL license that is bundled with
* this package in the file LICENSE . TXT .
*
* Further details on the project are available at :
* http :// www . postfixadmin . com or http :// postfixadmin . sf . net
*
* @ version $Id $
* @ license GNU GPL v2 or later .
*
* File : setup . php
* Used to help ensure a server is setup appropriately during installation / setup .
* After setup , it should be renamed or removed .
*
* Template File : - none -
*
* Template Variables : - none -
*
* Form POST \ GET Variables : - none -
*/
2007-10-07 19:23:29 +02:00
2009-10-20 21:25:20 +02:00
define ( 'POSTFIXADMIN' , 1 ); # by defining it here, common.php will not start a session.
2009-11-07 20:21:57 +01:00
require_once ( dirname ( __FILE__ ) . '/common.php' ); # make sure correct common.php is used.
2007-10-07 19:23:29 +02:00
$CONF [ 'show_header_text' ] = 'NO' ;
2008-04-07 01:33:48 +02:00
$CONF [ 'theme_logo' ] = 'images/logo-default.png' ;
$CONF [ 'theme_css' ] = 'css/default.css' ;
2009-11-07 20:21:57 +01:00
require ( $incpath . '/templates/header.php' );
2007-03-24 08:27:00 +01:00
?>
2007-10-07 19:23:29 +02:00
< div class = 'setup' >
< h2 > Postfix Admin Setup Checker </ h2 >
< p > Running software :
< ul >
2007-03-24 08:27:00 +01:00
< ? php
//
// Check for availablilty functions
//
$f_phpversion = function_exists ( " phpversion " );
$f_apache_get_version = function_exists ( " apache_get_version " );
$f_get_magic_quotes_gpc = function_exists ( " get_magic_quotes_gpc " );
$f_mysql_connect = function_exists ( " mysql_connect " );
$f_mysqli_connect = function_exists ( " mysqli_connect " );
$f_pg_connect = function_exists ( " pg_connect " );
$f_session_start = function_exists ( " session_start " );
$f_preg_match = function_exists ( " preg_match " );
2007-12-14 01:05:54 +01:00
$f_mb_encode_mimeheader = function_exists ( " mb_encode_mimeheader " );
2008-06-11 00:34:25 +02:00
$f_imap_open = function_exists ( " imap_open " );
2007-03-24 08:27:00 +01:00
$file_config = file_exists ( realpath ( " ./config.inc.php " ));
$error = 0 ;
//
// Check for PHP version
//
if ( $f_phpversion == 1 )
{
2009-03-13 21:49:05 +01:00
if ( phpversion () < 5 ) {
print " <li><b>Error: Depends on: PHP v5</b><br /></li> \n " ;
$error += 1 ;
}
if ( phpversion () >= 5 ) {
$phpversion = 5 ;
print " <li>PHP version " . phpversion () . " </li> \n " ;
}
2013-07-24 13:56:53 +02:00
# TODO: check for PHP >= 5.2.3 - smarty uses htmlentities with 4 parameters. The forth parameter was added in PHP 5.2.3, older versions will give a warning
2007-03-24 08:27:00 +01:00
}
else
{
2009-04-08 22:16:05 +02:00
print " <li><b>Unable to check for PHP version. (missing function: phpversion())</b></li> \n " ;
2007-03-24 08:27:00 +01:00
}
//
// Check for Apache version
//
if ( $f_apache_get_version == 1 )
{
2009-04-08 22:16:05 +02:00
print " <li> " . apache_get_version () . " </li> \n " ;
2007-03-24 08:27:00 +01:00
}
else
{
2009-04-08 22:16:05 +02:00
# not running on Apache.
# However postfixadmin _is_ running, so obviously we are on a supported webserver ;-))
# No need to confuse the user with a warning.
2007-03-24 08:27:00 +01:00
}
2007-10-07 19:23:29 +02:00
print " </ul> " ;
print " <p>Checking for dependencies: \n " ;
print " <ul> \n " ;
2007-03-24 08:27:00 +01:00
//
// Check for Magic Quotes
//
if ( $f_get_magic_quotes_gpc == 1 )
{
2009-04-08 22:16:05 +02:00
if ( get_magic_quotes_gpc () == 0 )
{
print " <li>Magic Quotes: Disabled - OK</li> \n " ;
}
else
{
print " <li><b>Warning: Magic Quotes: ON (internal workaround used)</b></li> \n " ;
}
2007-03-24 08:27:00 +01:00
}
else
{
2009-04-08 22:16:05 +02:00
print " <li><b>Unable to check for Magic Quotes. (missing function: get_magic_quotes_gpc())</b></li> \n " ;
2007-03-24 08:27:00 +01:00
}
//
// Check for config.inc.php
//
2007-10-07 19:23:29 +02:00
$config_loaded = 0 ;
2007-03-24 08:27:00 +01:00
if ( $file_config == 1 )
{
2009-04-08 22:16:05 +02:00
print " <li>Depends on: presence config.inc.php - OK</li> \n " ;
2009-11-07 20:21:57 +01:00
require_once ( $incpath . '/config.inc.php' );
2009-04-08 22:16:05 +02:00
$config_loaded = 1 ;
if ( isset ( $CONF [ 'configured' ])) {
2011-02-28 00:40:49 +01:00
if ( $CONF [ 'configured' ] === TRUE ) {
2009-04-08 22:16:05 +02:00
print " <li>Checking \$ CONF['configured'] - OK \n " ;
} else {
print " <li><b>Warning: \$ CONF['configured'] is 'false'.<br> \n " ;
print " You must edit your config.inc.php and change this to true (this indicates you've created the database and user)</b> \n " ;
}
}
2007-03-24 08:27:00 +01:00
}
else
{
2009-04-08 22:16:05 +02:00
print " <li><b>Error: Depends on: presence config.inc.php - NOT FOUND</b><br /></li> \n " ;
print " Create the file, and edit as appropriate (e.g. select database type etc)<br /> " ;
print " For example:<br /> \n " ;
print " <code><pre>cp config.inc.php.sample config.inc.php</pre></code> \n " ;
$error =+ 1 ;
2007-03-24 08:27:00 +01:00
}
2009-11-06 20:16:14 +01:00
//
// Check if templates directory is writable
//
if ( ! is_writeable ( $incpath . '/templates_c' ))
{
2009-11-07 20:21:57 +01:00
print " <li><b>Error: Smarty template compile directory templates_c is not writable.</b><br /> \n " ;
print " <b>Please make it writable.</b><br /> \n " ;
2009-11-06 20:16:14 +01:00
$error =+ 1 ;
2009-11-07 20:21:57 +01:00
} else {
print " <li>Smarty template compile directory is writable - OK<br /> \n " ;
2009-11-06 20:16:14 +01:00
}
2007-03-24 08:27:00 +01:00
//
// Check if there is support for at least 1 database
//
if (( $f_mysql_connect == 0 ) and ( $f_mysqli_connect == 0 ) and ( $f_pg_connect == 0 ))
{
2009-04-08 22:16:05 +02:00
print " <li><b>Error: There is no database support in your PHP setup</b><br /> \n " ;
print " To install MySQL 3.23 or 4.0 support on FreeBSD:<br /> \n " ;
print " <pre>% cd /usr/ports/databases/php $phpversion -mysql/ \n " ;
print " % make clean install \n " ;
print " - or with portupgrade - \n " ;
print " % portinstall php $phpversion -mysql</pre> \n " ;
if ( $phpversion >= 5 )
{
print " To install MySQL 4.1 support on FreeBSD:<br /> \n " ;
print " <pre>% cd /usr/ports/databases/php5-mysqli/ \n " ;
print " % make clean install \n " ;
print " - or with portupgrade - \n " ;
print " % portinstall php5-mysqli</pre> \n " ;
}
print " To install PostgreSQL support on FreeBSD:<br /> \n " ;
print " <pre>% cd /usr/ports/databases/php $phpversion -pgsql/ \n " ;
print " % make clean install \n " ;
print " - or with portupgrade - \n " ;
print " % portinstall php $phpversion -pgsql</pre></li> \n " ;
$error =+ 1 ;
2007-03-24 08:27:00 +01:00
}
//
// MySQL 3.23, 4.0 functions
//
if ( $f_mysql_connect == 1 )
{
2009-04-08 22:16:05 +02:00
print " <li>Depends on: MySQL 3.23, 4.0 - OK</li> \n " ;
2007-03-24 08:27:00 +01:00
}
//
// MySQL 4.1 functions
//
if ( $phpversion >= 5 )
{
2009-04-08 22:16:05 +02:00
if ( $f_mysqli_connect == 1 )
{
print " <li>Depends on: MySQL 4.1 - OK \n " ;
if ( ! ( $config_loaded && $CONF [ 'database_type' ] == 'mysqli' ) ) {
print " (change the database_type to 'mysqli' in config.inc.php!!) \n " ;
}
print " </li> " ;
}
2007-03-24 08:27:00 +01:00
}
//
// PostgreSQL functions
//
if ( $f_pg_connect == 1 )
{
2009-04-08 22:16:05 +02:00
print " <li>Depends on: PostgreSQL - OK \n " ;
if ( ! ( $config_loaded && $CONF [ 'database_type' ] == 'pgsql' ) ) {
print " (change the database_type to 'pgsql' in config.inc.php!!) \n " ;
}
print " </li> " ;
2007-10-07 19:23:29 +02:00
}
//
// Database connection
//
if ( $config_loaded ) {
2009-04-08 22:16:05 +02:00
list ( $link , $error_text ) = db_connect ( TRUE );
if ( $error_text == " " ) {
print " <li>Testing database connection - OK - { $CONF [ 'database_type' ] } :// { $CONF [ 'database_user' ] } :xxxxx@ { $CONF [ 'database_host' ] } / { $CONF [ 'database_name' ] } </li> " ;
} else {
print " <li><b>Error: Can't connect to database</b><br /> \n " ;
print " Please edit the \$ CONF['database_*'] parameters in config.inc.php. \n " ;
print " $error_text </li> \n " ;
$error ++ ;
}
2007-03-24 08:27:00 +01:00
}
//
// Session functions
//
if ( $f_session_start == 1 )
{
2009-04-08 22:16:05 +02:00
print " <li>Depends on: session - OK</li> \n " ;
2007-03-24 08:27:00 +01:00
}
else
{
2009-04-08 22:16:05 +02:00
print " <li><b>Error: Depends on: session - NOT FOUND</b><br /> \n " ;
print " To install session support on FreeBSD:<br /> \n " ;
print " <pre>% cd /usr/ports/www/php $phpversion -session/ \n " ;
print " % make clean install \n " ;
print " - or with portupgrade - \n " ;
print " % portinstall php $phpversion -session</pre></li> \n " ;
$error =+ 1 ;
2007-03-24 08:27:00 +01:00
}
//
// PCRE functions
//
if ( $f_preg_match == 1 )
{
2009-04-08 22:16:05 +02:00
print " <li>Depends on: pcre - OK</li> \n " ;
2007-03-24 08:27:00 +01:00
}
else
{
2009-04-08 22:16:05 +02:00
print " <li><b>Error: Depends on: pcre - NOT FOUND</b><br /> \n " ;
print " To install pcre support on FreeBSD:<br /> \n " ;
print " <pre>% cd /usr/ports/devel/php $phpversion -pcre/ \n " ;
print " % make clean install \n " ;
print " - or with portupgrade - \n " ;
print " % portinstall php $phpversion -pcre</pre></li> \n " ;
$error =+ 1 ;
2007-03-24 08:27:00 +01:00
}
2007-12-14 01:05:54 +01:00
//
// Multibyte functions
//
if ( $f_mb_encode_mimeheader == 1 )
{
2009-04-08 22:16:05 +02:00
print " <li>Depends on: multibyte string - OK</li> \n " ;
2007-12-14 01:05:54 +01:00
}
else
{
2009-04-08 22:16:05 +02:00
print " <li><b>Error: Depends on: multibyte string - NOT FOUND</b><br /> \n " ;
print " To install multibyte string support, install php $phpversion -mbstring</li> \n " ;
$error =+ 1 ;
2007-12-14 01:05:54 +01:00
}
2008-06-11 00:34:25 +02:00
//
// Imap functions
//
if ( $f_imap_open == 1 )
{
2009-04-08 22:16:05 +02:00
print " <li>Depends on: IMAP functions - OK</li> \n " ;
2008-06-11 00:34:25 +02:00
}
else
{
2009-04-08 22:16:05 +02:00
print " <li><b>Warning: Depends on: IMAP functions - NOT FOUND</b><br /> \n " ;
print " To install IMAP support, install php $phpversion -imap<br /> \n " ;
print " Without IMAP support, you won't be able to create subfolders when creating mailboxes.</li> \n " ;
# $error =+ 1;
2008-06-11 00:34:25 +02:00
}
2007-10-07 19:23:29 +02:00
print " </ul> " ;
if ( $error != 0 )
{
2009-04-08 22:16:05 +02:00
print " <p><b>Please fix the errors listed above.</b></p> " ;
2007-10-07 19:23:29 +02:00
}
else
2007-03-24 08:27:00 +01:00
{
2008-04-10 12:19:35 +02:00
print " <p>Everything seems fine... attempting to create/update database structure</p> \n " ;
2009-11-07 20:21:57 +01:00
require_once ( $incpath . '/upgrade.php' );
2007-10-07 19:23:29 +02:00
2009-04-08 22:16:05 +02:00
$pAdminCreate_admin_username_text = $PALANG [ 'pAdminCreate_admin_username_text' ];
$pAdminCreate_admin_password_text = " " ;
$tUsername = '' ;
2011-07-18 23:59:55 +02:00
$setupMessage = '' ;
2009-05-02 22:24:58 +02:00
$lostpw_error = 0 ;
2009-04-08 22:16:05 +02:00
2009-05-02 22:24:58 +02:00
$setuppw = " " ;
if ( isset ( $CONF [ 'setup_password' ])) $setuppw = $CONF [ 'setup_password' ];
2009-04-08 22:16:05 +02:00
2009-05-02 22:24:58 +02:00
if ( safepost ( " form " ) == " setuppw " ) {
# "setup password" form submitted
if ( safepost ( 'setup_password' ) != safepost ( 'setup_password2' )) {
2011-07-18 23:59:55 +02:00
$setupMessage = " The two passwords differ! " ;
2009-05-02 22:24:58 +02:00
$lostpw_error = 1 ;
2009-04-16 01:32:45 +02:00
} else {
2009-05-02 22:24:58 +02:00
list ( $lostpw_error , $lostpw_result ) = check_setup_password ( safepost ( 'setup_password' ), 1 );
2011-07-18 23:59:55 +02:00
$setupMessage = $lostpw_result ;
2009-05-02 22:24:58 +02:00
$setuppw = " changed " ;
}
} elseif ( safepost ( " form " ) == " createadmin " ) {
# "create admin" form submitted
list ( $pw_check_error , $pw_check_result ) = check_setup_password ( safepost ( 'setup_password' ));
if ( $pw_check_result != 'pass_OK' ) {
$error += 1 ;
2011-07-18 23:59:55 +02:00
$setupMessage = $pw_check_result ;
2009-04-08 22:16:05 +02:00
}
2009-04-16 01:32:45 +02:00
if ( $error == 0 && $pw_check_result == 'pass_OK' ) {
2009-04-08 22:16:05 +02:00
// XXX need to ensure domains table includes an 'ALL' entry.
$table_domain = table_by_key ( 'domain' );
$r = db_query ( " SELECT * FROM $table_domain WHERE domain = 'ALL' " );
if ( $r [ 'rows' ] == 0 ) {
2013-07-10 13:55:23 +02:00
db_insert ( 'domain' , array ( 'domain' => 'ALL' , 'description' => '' , 'transport' => '' ) ); // all other fields should default through the schema.
2009-04-08 22:16:05 +02:00
}
2011-12-20 02:06:49 +01:00
$values = array (
'username' => safepost ( 'username' ),
'password' => safepost ( 'password' ),
'password2' => safepost ( 'password2' ),
'superadmin' => 1 ,
'domains' => array (),
'active' => 1 ,
);
list ( $error , $setupMessage , $errormsg ) = create_admin ( $values );
2009-04-08 22:16:05 +02:00
if ( $error != 0 ) {
2011-12-20 02:06:49 +01:00
$tUsername = htmlentities ( $values [ 'username' ]);
2009-04-08 22:16:05 +02:00
}
}
2009-05-02 22:24:58 +02:00
}
2009-04-08 22:16:05 +02:00
2009-05-02 22:24:58 +02:00
if ( ( $setuppw == " " || $setuppw == " changeme " || safeget ( " lostpw " ) == 1 || $lostpw_error != 0 ) /* && $_SERVER['REQUEST_METHOD'] != "POST" */ ) {
# show "create setup password" form
?>
2007-10-07 19:23:29 +02:00
2011-07-18 23:59:55 +02:00
< div class = " standout " >< ? php print $setupMessage ; ?> </div>
2009-05-02 22:24:58 +02:00
< div id = " edit_form " >
< form name = " setuppw " method = " post " action = " setup.php " >
< input type = " hidden " name = " form " value = " setuppw " />
< table >
< td colspan = " 3 " >< h3 > Change setup password </ h3 ></ td >
</ tr >
< tr >
< td > Setup password </ td >
< td >< input class = " flat " type = " password " name = " setup_password " value = " " /></ td >
< td ></ td >
</ tr >
< tr >
< td > Setup password ( again ) </ td >
< td >< input class = " flat " type = " password " name = " setup_password2 " value = " " /></ td >
< td ></ td >
</ tr >
< tr >
< td colspan = " 3 " class = " hlp_center " >< input class = " button " type = " submit " name = " submit " value = " Generate password hash " /></ td >
</ tr >
</ table >
</ form >
</ div >
< ? php
} elseif ( $_SERVER [ 'REQUEST_METHOD' ] == " GET " || $error != 0 || $lostpw_error == 0 ) {
?>
2011-07-18 23:59:55 +02:00
< div class = " standout " >< ? php print $setupMessage ; ?> </div>
2007-10-07 19:23:29 +02:00
< div id = " edit_form " >
< form name = " create_admin " method = " post " >
2009-05-02 22:24:58 +02:00
< input type = " hidden " name = " form " value = " createadmin " />
2007-10-07 19:23:29 +02:00
< table >
< td colspan = " 3 " >< h3 > Create superadmin account </ h3 ></ td >
</ tr >
2009-04-08 22:16:05 +02:00
< tr >
2009-05-02 22:24:58 +02:00
< td > Setup password </ td >
2009-04-08 22:16:05 +02:00
< td >< input class = " flat " type = " password " name = " setup_password " value = " " /></ td >
2009-05-02 22:24:58 +02:00
< td >< a href = " setup.php?lostpw=1 " > Lost password ? </ a ></ td >
2009-04-08 22:16:05 +02:00
</ tr >
2007-10-07 19:23:29 +02:00
< tr >
2013-05-01 21:29:39 +02:00
< td >< ? php print $PALANG [ 'pAdminEdit_admin_username' ] . " : " ; ?> </td>
2011-12-20 02:06:49 +01:00
< td >< input class = " flat " type = " text " name = " username " value = " <?php print $tUsername ; ?> " /></ td >
< td >< ? php if ( isset ( $errormsg [ 'username' ])) print $errormsg [ 'username' ]; ?> </td>
2007-10-07 19:23:29 +02:00
</ tr >
< tr >
2013-07-28 21:46:50 +02:00
< td >< ? php print $PALANG [ 'password' ] . " : " ; ?> </td>
2011-12-20 02:06:49 +01:00
< td >< input class = " flat " type = " password " name = " password " /></ td >
< td >< ? php if ( isset ( $errormsg [ 'password' ])) print $errormsg [ 'password' ]; ?> </td>
2007-10-07 19:23:29 +02:00
</ tr >
< tr >
2013-05-01 21:29:39 +02:00
< td >< ? php print $PALANG [ 'pAdminEdit_admin_password2' ] . " : " ; ?> </td>
2011-12-20 02:06:49 +01:00
< td >< input class = " flat " type = " password " name = " password2 " /></ td >
< td >< ? php if ( isset ( $errormsg [ 'password2' ])) print $errormsg [ 'password2' ]; ?> </td>
2007-10-07 19:23:29 +02:00
</ tr >
< tr >
< td colspan = " 3 " class = " hlp_center " >< input class = " button " type = " submit " name = " submit " value = " <?php print $PALANG['pAdminCreate_admin_button'] ; ?> " /></ td >
</ tr >
</ table >
</ form >
</ div >
2009-04-08 22:16:05 +02:00
< ? php
}
2007-10-07 19:23:29 +02:00
2009-04-08 22:16:05 +02:00
print " <b>Since version 2.3 there is no requirement to delete setup.php!</b><br /> \n " ;
print " <b>Check the config.inc.php file for any other settings that you might need to change!<br /> \n " ;
2007-03-24 08:27:00 +01:00
}
?>
2007-10-07 19:23:29 +02:00
</ div >
2007-03-24 08:27:00 +01:00
</ body >
</ html >
2009-02-15 16:02:26 +01:00
< ? php
2009-04-16 01:32:45 +02:00
function generate_setup_password_salt () {
$salt = time () . '*' . $_SERVER [ 'REMOTE_ADDR' ] . '*' . mt_rand ( 0 , 60000 );
$salt = md5 ( $salt );
return $salt ;
}
function encrypt_setup_password ( $password , $salt ) {
return $salt . ':' . sha1 ( $salt . ':' . $password );
}
2009-05-02 22:24:58 +02:00
/*
returns : array (
'error' => 0 ( or 1 ),
' message => text
)
*/
function check_setup_password ( $password , $lostpw_mode = 0 ) {
2009-04-16 01:32:45 +02:00
global $CONF ;
2009-05-02 22:24:58 +02:00
$error = 1 ; # be pessimistic
2009-04-16 01:32:45 +02:00
$setuppw = " " ;
if ( isset ( $CONF [ 'setup_password' ])) $setuppw = $CONF [ 'setup_password' ];
list ( $confsalt , $confpass , $trash ) = explode ( ':' , $setuppw . '::' );
$pass = encrypt_setup_password ( $password , $confsalt );
2009-05-02 22:24:58 +02:00
2011-09-25 20:39:20 +02:00
$validpass = validate_password ( $password );
2009-05-02 22:24:58 +02:00
if ( $password == " " ) { # no password specified?
$result = " Setup password must be specified<br />If you didn't set up a setup password yet, enter the password you want to use. " ;
2011-09-25 20:39:20 +02:00
} elseif ( count ( $validpass ) > 0 ) {
$result = $validpass [ 0 ]; # TODO: honor all error messages, not only the first one
2009-05-02 22:24:58 +02:00
} elseif ( $pass == $setuppw && $lostpw_mode == 0 ) { # correct passsword (and not asking for a new password)
2009-04-16 01:32:45 +02:00
$result = " pass_OK " ;
2009-05-02 22:24:58 +02:00
$error = 0 ;
2009-04-16 01:32:45 +02:00
} else {
$pass = encrypt_setup_password ( $password , generate_setup_password_salt ());
2009-05-02 22:24:58 +02:00
$result = " " ;
if ( $lostpw_mode == 1 ) {
$error = 0 ; # non-matching password is expected when the user asks for a new password
} else {
$result = '<p><b>Setup password not specified correctly</b></p>' ;
}
2011-09-25 20:39:20 +02:00
$result .= '<p>If you want to use the password you entered as setup password, edit config.inc.php or config.local.php and set</p>' ;
2009-04-16 01:32:45 +02:00
$result .= " <pre> \$ CONF['setup_password'] = ' $pass ';</pre> " ;
}
2009-05-02 22:24:58 +02:00
return array ( $error , $result );
2009-04-16 01:32:45 +02:00
}
2011-12-20 02:06:49 +01:00
function create_admin ( $values ) {
DEFINE ( 'POSTFIXADMIN_SETUP' , 1 ); # avoids instant redirect to login.php after creating the admin
$handler = new AdminHandler ( 1 , 'setup.php' );
$formconf = $handler -> webformConfig ();
if ( ! $handler -> init ( $values [ 'username' ])) {
return array ( 1 , " " , $handler -> errormsg );
}
if ( ! $handler -> set ( $values )) {
return array ( 1 , " " , $handler -> errormsg );
}
if ( ! $handler -> store ()) {
return array ( 1 , " " , $handler -> errormsg );
}
return array (
0 ,
Lang :: read ( $formconf [ 'successmessage' ]),
array (),
);
}
2009-04-16 01:32:45 +02:00
/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
2009-02-15 16:02:26 +01:00
?>