$ git clone https://thingshare.ion.nu/thingshare.git
commit d7113656d6237f3f418037c5824603c12f19374f
Author: Alicia <...>
Date: Mon Mar 16 01:02:44 2020 +0100
More sanity checks for the initial setup process.
diff --git a/admin_federation.php b/admin_federation.php
index ab601fc..00db036 100644
--- a/admin_federation.php
+++ b/admin_federation.php
@@ -53,13 +53,12 @@ while($row=mysqli_fetch_assoc($res))
}
$autofollowcheck=(getoption('autofollow')?' checked':'');
?>
-<form method="post">
- <?=nonce()?>
+<form method="post"><?=nonce()?>
<h2><?=_('Options')?></h2>
<label><input type="checkbox" name="autofollow"<?=$autofollowcheck?> />Automatically follow peers</label><br />
<input type="submit" name="options" value="<?=_('Save')?>" />
</form>
-<form method="post">
+<form method="post"><?=nonce()?>
<h2><?=_('Peers')?></h2>
<?=$peers?>
<input type="text" name="newpeer" placeholder="<?=_('domain.tld')?>" /><button name="addpeer"><?=_('Add peer')?></button><button name="blacklistpeer" title="<?=_('Don\'t autofollow this peer')?>"><?=_('Add peer to blacklist')?></button>
diff --git a/setup.php b/setup.php
index db08ffd..d2b3870 100644
--- a/setup.php
+++ b/setup.php
@@ -21,7 +21,8 @@ if(file_exists('config.php')){die('Already set up');}
if(substr($_SERVER['REQUEST_URI'], -16)=='/rpc/rewritetest'){header('Content-type: image/png');readfile('icons/find.png');exit();}
// Step 0: Warnings (not mandatory, but persistent through the process which also works as doublechecking if solved)
print('<p><img src="icons/find.png" height="0" alt="The \'icons\' directory appears to be inaccessible. This could indicate filesystem permissions issues or a webserver directory alias (e.g. icons for directory listings)" /></p>');
-print('<p><img src="rpc/rewritetest" height="0" alt="mod_rewrite+.htaccess (or equivalent) does not appear to be working correctly (or not yet added. At time of writing there is only Apache mod_rewrite+.htaccess)" /></p>');
+if(!isset($_POST['DOMAIN'])){print('<p><img src="rpc/rewritetest" height="0" alt="mod_rewrite+.htaccess (or equivalent) does not appear to be working correctly (or not yet added. At time of writing there is only Apache mod_rewrite+.htaccess)" /></p>');}
+// Session time limit
$sessiontime=ini_get('session.gc_maxlifetime');
if($sessiontime<3*3600)
{
@@ -30,13 +31,30 @@ if($sessiontime<3*3600)
else{$humantime=$sessiontime.' seconds';}
print('<p>Warning! session.gc_maxlifetime in php.ini is set to '.$sessiontime.' seconds ('.$humantime.') which means sessions will end after just '.$humantime.' of inactivity. Over '.(4*3600).' (4 hours) is recommended</p>');
}
+// Max upload filesize
+$maxsize=ini_get('upload_max_filesize');
+switch(strtoupper(substr($maxsize,-1)))
+{
+ case 'Y': $maxsize=(int)$maxsize*1024;
+ case 'Z': $maxsize=(int)$maxsize*1024;
+ case 'E': $maxsize=(int)$maxsize*1024;
+ case 'P': $maxsize=(int)$maxsize*1024;
+ case 'T': $maxsize=(int)$maxsize*1024;
+ case 'G': $maxsize=(int)$maxsize*1024;
+ case 'M': $maxsize=(int)$maxsize*1024;
+ case 'K': $maxsize=(int)$maxsize*1024;
+}
+if($maxsize<50*1024*1024)
+{
+ print('<p>Warning! upload_max_filesize in php.ini limits uploads to '.ini_get('upload_max_filesize').'. Over 50M is recommended</p>');
+}
// Step 1: PHP Modules
$modules=Array();
if(!function_exists('curl_exec')){$modules[]='curl';}
if(!function_exists('mysqli_connect')){$modules[]='mysqli';}
if(!function_exists('imagepng')){$modules[]='gd';}
if(!function_exists('openssl_sign')){$modules[]='openssl';}
-if(!function_exists('_')){$modules[]='gettext';} // TODO: Offer to create a noop _() and stick to english?
+if(!function_exists('_')){$modules[]='gettext';} // TODO: Offer to create a noop _() and stick to english? put _() in config.php (and maybe don't even bother to warn until there are some translations)
if(count($modules)>0)
{
print('<h1>PHP Modules</h1>');
@@ -79,7 +97,28 @@ if($deps!='')
}
}
// Step 4: Gather information to write a config.php
-if(!isset($_POST['DOMAIN']))
+$valuecheck=false;
+if(isset($_POST['DOMAIN'])) // Sanity checks on provided values
+{
+ $valuecheck=true;
+ $dbtest=mysqli_connect($_POST['DB_HOST'], $_POST['DB_USER'], $_POST['DB_PASS'], $_POST['DB_NAME']);
+ if(!$dbtest){$valuecheck=false; print('<p>Error! Connecting to database failed: '.mysqli_connect_error().'</p>');}
+ if(!is_dir($_POST['TMPDIR']) && !mkdir($_POST['TMPDIR'], 0755)){$valuecheck=false; print('<p>Error! Temp directory does not exist and could not be created</p>');}
+ if(touch($_POST['TMPDIR'].'/test', 0644)){unlink($_POST['TMPDIR'].'/test');}else{$valuecheck=false; print('<p>Error! Temp directory is unwritable for user '.shell_exec('whoami').'</p>');}
+ if(!preg_match('/^[a-zA-Z]*$/', $_POST['PREVIEW_RENDERMETHOD']))
+ {
+ $valuecheck=false;
+ print('<p>Error! Invalid rendermethod</p>');
+ }else{
+ exec($_POST['PREVIEW_RENDERMETHOD'].' --version', $x, $ret);
+ if($ret!=0)
+ {
+ $valuecheck=false;
+ print('<p>Error! '.$_POST['PREVIEW_RENDERMETHOD'].' does not appear to be installed</p>');
+ }
+ }
+}
+if(!$valuecheck)
{
// TODO: Handle preview color and size
print('<form method="post">');
@@ -99,6 +138,7 @@ if(!isset($_POST['DOMAIN']))
$name=$matches[3];
if($key=='DOMAIN'){$default=$_SERVER['HTTP_HOST'];} // Special defaults
if($key=='BASEURL'){$default=$baseurl;}
+ if(isset($_POST[$key])){$default=$_POST[$key];}
if($optionpos=strpos($name, '[')) // Dropdown for options
{
$options=substr($name, $optionpos+1);
@@ -109,20 +149,20 @@ if(!isset($_POST['DOMAIN']))
foreach($options as $option)
{
$optiontrim=$option;
- if($end=strpos($option, '(')){$optiontrim=substr($option,0,$end);}
+ if($end=strpos($option, '(')){$optiontrim=trim(substr($option,0,$end));}
$sel=($optiontrim==$default?' selected':'');
- print('<option value="'.trim($optiontrim).'"'.$sel.'>'.$option.'</option>');
+ print('<option value="'.$optiontrim.'"'.$sel.'>'.$option.'</option>');
}
print('</select><br />');
}else{ // Regular text input
- print($name.': <input type="text" name="'.$key.'" value="'.$default.'" /><br />');
+ $type=(substr_count($key, 'PASS')?'password':'text');
+ print($name.': <input type="'.$type.'" name="'.$key.'" value="'.$default.'" /><br />');
}
}
}
print('<button>Continue</button></form>');
}else{
// Step 5: Write config.php based on config.php.sample and the submitted values
-// TODO: Sanity check on the provided values (database info, tmpdir)
$config=file_get_contents('config.php.sample');
foreach($_POST as $key=>$value)
{