Improved Installer

Improved Installer

application/config/config.php

@@ -330,7 +330,7 @@
 |
 |
 */
-$config['ti_setup'] = 'success';
+$config['ti_setup'] = '';
 
 /* End of file config.php */
 /* Location: ./application/config/config.php */

application/config/database.php

@@ -1,57 +1,12 @@
 <?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
-/*
-| -------------------------------------------------------------------
-| DATABASE CONNECTIVITY SETTINGS
-| -------------------------------------------------------------------
-| This file will contain the settings needed to access your database.
-|
-| For complete instructions please consult the 'Database Connection'
-| page of the User Guide.
-|
-| -------------------------------------------------------------------
-| EXPLANATION OF VARIABLES
-| -------------------------------------------------------------------
-|
-|	['hostname'] The hostname of your database server.
-|	['username'] The username used to connect to the database
-|	['password'] The password used to connect to the database
-|	['database'] The name of the database you want to connect to
-|	['dbdriver'] The database type. ie: mysql.  Currently supported:
-				 mysql, mysqli, postgre, odbc, mssql, sqlite, oci8
-|	['dbprefix'] You can add an optional prefix, which will be added
-|				 to the table name when using the  Active Record class
-|	['pconnect'] TRUE/FALSE - Whether to use a persistent connection
-|	['db_debug'] TRUE/FALSE - Whether database errors should be displayed.
-|	['cache_on'] TRUE/FALSE - Enables/disables query caching
-|	['cachedir'] The path to the folder where cache files should be stored
-|	['char_set'] The character set used in communicating with the database
-|	['dbcollat'] The character collation used in communicating with the database
-|				 NOTE: For MySQL and MySQLi databases, this setting is only used
-| 				 as a backup if your server is running PHP < 5.2.3 or MySQL < 5.0.7
-|				 (and in table creation queries made with DB Forge).
-| 				 There is an incompatibility in PHP with mysql_real_escape_string() which
-| 				 can make your site vulnerable to SQL injection if you are using a
-| 				 multi-byte character set and are running versions lower than these.
-| 				 Sites using Latin-1 or UTF-8 database character set and collation are unaffected.
-|	['swap_pre'] A default table prefix that should be swapped with the dbprefix
-|	['autoinit'] Whether or not to automatically initialize the database.
-|	['stricton'] TRUE/FALSE - forces 'Strict Mode' connections
-|							- good for ensuring strict SQL while developing
-|
-| The $active_group variable lets you choose which connection group to
-| make active.  By default there is only one group (the 'default' group).
-|
-| The $active_record variables lets you determine whether or not to load
-| the active record class
-*/
 
 $active_group = 'default';
 $active_record = TRUE;
 
 $db['default']['hostname'] = 'localhost';
-$db['default']['username'] = 'root';
-$db['default']['password'] = 'rack080d';
-$db['default']['database'] = 'tastyigniter';
+$db['default']['username'] = '';
+$db['default']['password'] = '';
+$db['default']['database'] = '';
 $db['default']['dbdriver'] = 'mysqli';
 $db['default']['dbprefix'] = 'ti_';
 $db['default']['pconnect'] = TRUE;
@@ -64,6 +19,5 @@
 $db['default']['autoinit'] = TRUE;
 $db['default']['stricton'] = FALSE;
 
-
 /* End of file database.php */
 /* Location: ./application/config/database.php */

application/controllers/admin/layouts.php

@@ -198,7 +198,7 @@ public function _deleteLayout() {
 	}
 
 	public function validateForm() {
-		$this->form_validation->set_rules('name', 'Name', 'xss_clean|trim|required|min_length[2]|max_length[32]');
+		$this->form_validation->set_rules('name', 'Name', 'xss_clean|trim|required|min_length[2]|max_length[128]');
 
 		if ($this->input->post('routes')) {
 			foreach ($this->input->post('routes') as $key => $value) {

application/controllers/admin/uri_routes.php

@@ -75,8 +75,8 @@ public function _updateRoute() {
 	public function validateForm() {
 		if ($this->input->post('routes')) {
 			foreach ($this->input->post('routes') as $key => $value) {
-				$this->form_validation->set_rules('routes['.$key.'][uri_route]', 'URI Route', 'xss_clean|trim|required');
-				$this->form_validation->set_rules('routes['.$key.'][controller]', 'Controller', 'xss_clean|trim|required');
+				$this->form_validation->set_rules('routes['.$key.'][uri_route]', 'URI Route', 'xss_clean|trim|required|min_length[2]|max_length[255]');
+				$this->form_validation->set_rules('routes['.$key.'][controller]', 'Controller', 'xss_clean|trim|required|min_length[2]|max_length[128]');
 			}
 		}
 

application/extensions/setup_/controllers/setup.php → application/extensions/setup/controllers/setup.php

@@ -4,25 +4,11 @@ class Setup extends CI_Controller {
 
 	public function __construct() {
 		parent::__construct();
-		//$this->load->library('user');
 		$this->load->model('Setup_model');	    
-
-		/*$sess_admin_data = array(
-			'user_id' 			=> '',
-			'staff_department'	=> '',
-			'username' 			=> ''
-		);
-		
-		$this->session->unset_userdata($sess_admin_data);*/
 	}
 
 	public function index() {
 
-		//check if file exists in views
-		if ( ! file_exists(APPPATH .'/extensions/setup/views/setup.php')) {
-			show_404();
-		}
-
 		if ($this->config->item('ti_setup') === 'success') {
 			$this->session->set_flashdata('alert', '<p class="error">PLEASE REMEMBER TO COMPLETELY REMOVE THE SETUP FOLDER. <br />You will not be able to proceed beyond this point until the setup folder has been removed. This is a security feature of TastyIgniter!</p>');				
 			redirect('setup/success');
@@ -135,17 +121,22 @@ public function index() {
 			$data['alert'] = '<p class="error">Please check below to make sure all server requirements are provided!</p>';
 		}
 
-		$this->load->view('setup/setup', $data);
+		if ( ! file_exists(APPPATH .'/extensions/setup/views/setup.php')) {
+			show_404();
+		} else {
+			$this->load->view('setup/setup', $data);
+		}
 	}
 
 	public function database() {
 
-		//check if file exists in views
-		if ( !file_exists(APPPATH .'/extensions/setup/views/database.php')) {
-			// Whoops, we don't have a page for that!
-			show_404();
+		if (is_file(APPPATH.'config/database.php')) {
+			include(APPPATH.'config/database.php');
 		}
 
+		$db_check = ( ! isset($db) OR ! is_array($db)) ? array() : $db;
+		unset($db);
+
 		if ($this->session->userdata('setup') !== 'step_1') {
 			$this->session->set_flashdata('alert', '<p class="error">Please check below to make sure all server requirements are provided!</p>');				
 			redirect('setup/setup');			
@@ -161,50 +152,58 @@ public function database() {
 
 		if ($this->input->post('db_name')) {
 			$data['db_name'] = $this->input->post('db_name');		
+		} else if (isset($db_check['default']['database'])) {
+			$data['db_name'] = $db_check['default']['database'];
 		} else {
 			$data['db_name'] = '';		
 		}
 
 		if ($this->input->post('db_host')) {
 			$data['db_host'] = $this->input->post('db_host');		
+		} else if (isset($db_check['default']['hostname'])) {
+			$data['db_host'] = $db_check['default']['hostname'];
 		} else {
 			$data['db_host'] = 'localhost';		
 		}
 
 		if ($this->input->post('db_user')) {
 			$data['db_user'] = $this->input->post('db_user');		
+		} else if (isset($db_check['default']['username'])) {
+			$data['db_user'] = $db_check['default']['username'];
 		} else {
 			$data['db_user'] = '';		
 		}
 
 		if ($this->input->post('db_pass')) {
 			$data['db_pass'] = $this->input->post('db_pass');		
+		} else if (isset($db_check['default']['password'])) {
+			$data['db_pass'] = $db_check['default']['password'];
 		} else {
 			$data['db_pass'] = '';		
 		}
 
 		if ($this->input->post('db_prefix')) {
 			$data['db_prefix'] = $this->input->post('db_prefix');		
+		} else if (isset($db_check['default']['dbprefix'])) {
+			$data['db_prefix'] = $db_check['default']['dbprefix'];
 		} else {
 			$data['db_prefix'] = 'ti_';		
 		}
 
-		if ($this->input->post() && $this->_checkDatabase() === TRUE) {
+		if ($this->input->post() AND $this->_checkDatabase() === TRUE) {
 
 			redirect('setup/settings');
 		}
 
-		$this->load->view('database', $data);
+		if ( ! file_exists(APPPATH .'/extensions/setup/views/database.php')) {
+			show_404();
+		} else {
+			$this->load->view('database', $data);
+		}
 	}
 
 	public function settings() {
 
-		//check if file exists in views
-		if ( !file_exists(APPPATH .'/extensions/setup/views/settings.php')) {
-			// Whoops, we don't have a page for that!
-			show_404();
-		}
-
 		if ($this->session->userdata('setup') !== 'step_2') {
 			redirect('setup/database');			
 		}
@@ -247,19 +246,20 @@ public function settings() {
 			$data['password'] = '';		
 		}
 
-		if ($this->input->post() && $this->_checkSettings() === TRUE){
-
+		if ($this->input->post() AND $this->_checkSettings() === TRUE){
 			redirect('setup/success');
 		}
 
-		$this->load->view('setup/settings', $data);
+		if ( !file_exists(APPPATH .'/extensions/setup/views/settings.php')) {
+			show_404();
+		} else {
+			$this->load->view('setup/settings', $data);
+		}
 	}
 
 	public function success() {
 
-		//check if file exists in views
 		if ( !file_exists(APPPATH .'/extensions/setup/views/success.php')) {
-			// Whoops, we don't have a page for that!
 			show_404();
 		}
 
@@ -281,10 +281,7 @@ public function success() {
 			$this->load->view('setup/success', $data);
 
 		} else {
-
-			//$this->session->set_flashdata('alert', '<p class="error">INSTALLATION WAS NOT SUCCESSFUL. <br />Please try again.</p>');				
 			redirect('setup');					
-
 		}
 
 	}
@@ -316,38 +313,52 @@ public function _checkDatabase() {
 		if ($this->form_validation->run() === TRUE) {
 
 			$db_path	= APPPATH .'config/database.php';
-			$db_driver 	= 'mysqli';
 			$db_user 	= $this->input->post('db_user');
 			$db_pass 	= $this->input->post('db_pass');
 			$db_host 	= $this->input->post('db_host');
 			$db_name	= $this->input->post('db_name');
 			$db_prefix	= $this->input->post('db_prefix');
 
-			if (is_readable($db_path)) {
+			if ( ! is_writable($db_path)) {
+				$this->session->set_flashdata('alert', 'Unable to write database file!');
+				redirect('setup/database');       	 		
+			} else {
+				if ($fp = @fopen($db_path, FOPEN_READ_WRITE_CREATE_DESTRUCTIVE)) {
 
-        		$db_file = read_file($db_path);
-
-				$db_file = str_replace('$db[\'default\'][\'hostname\'] = \'localhost\'', '$db[\'default\'][\'hostname\'] = \'' . $db_host . '\'', $db_file);
-				$db_file = str_replace('$db[\'default\'][\'username\'] = \'\'', '$db[\'default\'][\'username\'] = \'' . $db_user . '\'', $db_file);
-				$db_file = str_replace('$db[\'default\'][\'password\'] = \'\'', '$db[\'default\'][\'password\'] = \'' . $db_pass . '\'', $db_file);
-				$db_file = str_replace('$db[\'default\'][\'database\'] = \'\'', '$db[\'default\'][\'database\'] = \'' . $db_name . '\'', $db_file);
-				$db_file = str_replace('$db[\'default\'][\'dbprefix\'] = \'\'', '$db[\'default\'][\'dbprefix\'] = \'' . $db_prefix . '\'', $db_file);
-				$db_file = str_replace('$db[\'default\'][\'db_debug\'] = \'FALSE\'', '$db[\'default\'][\'db_debug\'] = \'TRUE\'', $db_file);
-
-       	 		$error = 0;
-
-       	 		if ( ! write_file($db_path, $db_file)) {
-					$error = 1;
-				}
-
-       	 		if ($error === 1) {
- 					$this->session->set_flashdata('alert', 'Unable to write database file!');
-       	 		} else if ($error === 0) {
-					$this->session->set_userdata('setup', 'step_2'); 		
-       	 			return TRUE;
-       	 		}
+					$db_file = "<"."?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');\n\n";
+
+					$db_file .= "$"."active_group = 'default';\n";
+					$db_file .= "$"."active_record = TRUE;\n\n";
+
+					$db_file .= "$"."db['default']['hostname'] = '". $db_host ."';\n";
+					$db_file .= "$"."db['default']['username'] = '". $db_user ."';\n";
+					$db_file .= "$"."db['default']['password'] = '". $db_pass ."';\n";
+					$db_file .= "$"."db['default']['database'] = '". $db_name ."';\n";
+					$db_file .= "$"."db['default']['dbdriver'] = 'mysqli';\n";
+					$db_file .= "$"."db['default']['dbprefix'] = '". $db_prefix ."';\n";
+					$db_file .= "$"."db['default']['pconnect'] = TRUE;\n";
+					$db_file .= "$"."db['default']['db_debug'] = FALSE;\n";
+					$db_file .= "$"."db['default']['cache_on'] = FALSE;\n";
+					$db_file .= "$"."db['default']['cachedir'] = '';\n";
+					$db_file .= "$"."db['default']['char_set'] = 'utf8';\n";
+					$db_file .= "$"."db['default']['dbcollat'] = 'utf8_general_ci';\n";
+					$db_file .= "$"."db['default']['swap_pre'] = '';\n";
+					$db_file .= "$"."db['default']['autoinit'] = TRUE;\n";
+					$db_file .= "$"."db['default']['stricton'] = FALSE;\n\n";
+
+					$db_file .= "/* End of file database.php */\n";
+					$db_file .= "/* Location: ./application/config/database.php */\n";
+
+					flock($fp, LOCK_EX);
+					fwrite($fp, $db_file);
+					flock($fp, LOCK_UN);
+					fclose($fp);
+
+					@chmod($db_path, FILE_WRITE_MODE);
 
-		       	 redirect('setup/database');       	 		
+					$this->session->set_userdata('setup', 'step_2'); 		
+					return TRUE;
+				}
 			}
 		}
 	}