Changeset 29
- Timestamp:
- 2007-11-23 18:16:43 (4 years ago)
- Files:
-
- trunk/includes/lang/en.php (modified) (1 diff)
- trunk/install.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/includes/lang/en.php
r25 r29 398 398 $LANG['installer_overall_success'] = "Congratulations! Your Spam Board has been fully set up. If you didn't see any error messages or warnings, it should now be fully functional.<br /><br />You still have some work to do, of course:<ol><li>delete this installer script</li><li>go to <a href=\"%boardurl%\">your board</a></li><li>log in with the admin account you just created</li><li>go to the Administration Panel</li><li>set up at least one category and one forum</li><li>set appropriate permissions on this forum</li><li>deactive maintainance mode in the settings</li></ol>"; 399 399 $LANG['installer_warning_cleanup_failed'] = "Warning: Although the installation of your board has been finished successfully, the install script didn't manage to clean every up. This isn't fatal at all, it just meant there are still a few pre-install files floating around your directory tree. If you like to have it completely clean, delete all .tmpl files in includes/config/."; 400 $LANG['installer_warning_insecure_directories'] = "Warning: The installer couldn't secure the directories 'db' (containing the database) and 'sessions' (containing the user sessions). It is <i>essential</i> that these directories can't be accessed via HTTP! Otherwise, the whole world will be able to download your whole database and view all sessions!"; 400 401 401 402 /* error messages */ trunk/install.php
r26 r29 287 287 if ($ok == 1) { 288 288 print($LANG['installer_database_success'] . '<br /><br />'); 289 /* try securing sessions and db directories */ 290 if (strpos($_SERVER['SERVER_SOFTWARE'], 'Apache') !== FALSE) { 291 // Apache -> .htaccess 292 if ($file = @fopen('sessions/.htaccess', 'w')) { 293 // write settings 294 if (@fwrite($file, 'deny from all')) { 295 @fclose($file); 296 // set permissions 297 @chmod('sessions/.htaccess', 0660); 298 } 299 } 300 if ($file = @fopen('db/.htaccess', 'w')) { 301 // write settings 302 if (@fwrite($file, 'deny from all')) { 303 @fclose($file); 304 // set permissions 305 @chmod('db/.htaccess', 0660); 306 } 307 } 308 } else { 309 // other webservers... 310 } 289 311 } else { 290 312 print($LANG['error_installer_database'] . '<br /><br />'); … … 292 314 } 293 315 } 316 } 317 /* test whether db and settings directories are accessable via HTTP */ 318 $fp = @fsockopen($_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], $errno, $errstr, 30); 319 if ($fp !== FALSE) { 320 // db 321 $req = 'GET ' . $SETTINGS['webpath'] . "db/spamboard.sql HTTP/1.1\r\n"; 322 $req .= 'Host: ' . $_SERVER['SERVER_NAME'] . "\r\n"; 323 $req .= "Connection: Close\r\n\r\n"; 324 fwrite($fp, $req); 325 $reply = ''; 326 while (!feof($fp)) { 327 $reply .= fgets($fp, 128); 328 } 329 fclose($fp); 330 if (strpos($reply, '403 Forbidden') === FALSE) { 331 // db accessable via HTTP -> bad 332 $ok = -1; 333 } 334 } else { 335 $ok = -1; 336 } 337 $fp = @fsockopen($_SERVER['SERVER_NAME'], $_SERVER['SERVER_PORT'], $errno, $errstr, 30); 338 if ($fp !== FALSE) { 339 // sessions 340 @touch('sessions/test.file'); 341 $req = 'GET ' . $SETTINGS['webpath'] . "sessions/test.file HTTP/1.1\r\n"; 342 $req .= 'Host: ' . $_SERVER['SERVER_NAME'] . "\r\n"; 343 $req .= "Connection: Close\r\n\r\n"; 344 fwrite($fp, $req); 345 $reply = ''; 346 while (!feof($fp)) { 347 $reply .= fgets($fp, 128); 348 } 349 fclose($fp); 350 if (strpos($reply, '403 Forbidden') === FALSE) { 351 // db accessable via HTTP -> bad 352 $ok = -1; 353 } 354 @unlink('sessions/test.file'); 355 } else { 356 $ok = -1; 357 } 358 if ($ok == -1) { 359 // message about securing db and settings directories 360 print($LANG['installer_warning_insecure_directories'] . '<br /><br />'); 361 // this won't make the overall installation fail 362 $ok = 1; 294 363 } 295 364 /* clean up */ … … 325 394 print($LANG['installer_warning_cleanup_failed'] . '<br /><br />'); 326 395 } 327 print(str_replace('%boardurl%', 'http://' . $_SERVER['HTTP_HOST'] . $SETTINGS['webpath'] , $LANG['installer_overall_success'])); 396 if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { 397 $_s = 's'; 398 } else { $_s = ''; } 399 print(str_replace('%boardurl%', 'http' . $_s . '://' . $_SERVER['HTTP_HOST'] . $SETTINGS['webpath'] , $LANG['installer_overall_success'])); 328 400 } 329 401 break;
