X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=install%2Fsave.php;h=054605531083ca03337704b89f20f86eda153b6c;hb=f12dbe7523bb1abc6cd69b009ef8f0be838f5348;hp=0c786f26bd5cf2f9ea8abc953264dfa660629dea;hpb=5f037416c5dcf9ed1357e44f66f84ee5e75d79ec;p=fa-stable.git

diff --git a/install/save.php b/install/save.php
index 0c786f26..05460553 100644
--- a/install/save.php
+++ b/install/save.php
@@ -1,9 +1,10 @@
 <?php
 error_reporting(E_ALL);
 ini_set("display_errors", "On");
+ini_set("max_execution_time", "180");
 
 // Start a session
-if(!defined('SESSION_STARTED')) 
+if(!defined('SESSION_STARTED'))
 {
 	session_name('ba_session_id');
 	session_start();
@@ -11,28 +12,28 @@ if(!defined('SESSION_STARTED'))
 }
 
 // Function to set error
-function set_error($message) 
+function set_error($message)
 {
 	global $_POST;
-	if(isset($message) AND $message != '') 
+	if(isset($message) AND $message != '')
 	{
 		// Copy values entered into session so user doesn't have to re-enter everything
-		if(isset($_POST['company_name'])) 
+		if(isset($_POST['company_name']))
 		{
 			$_SESSION['ba_url'] = $_POST['ba_url'];
-			if(!isset($_POST['operating_system'])) 
+			if(!isset($_POST['operating_system']))
 			{
 				$_SESSION['operating_system'] = 'linux';
-			} 
-			else 
+			}
+			else
 			{
 				$_SESSION['operating_system'] = $_POST['operating_system'];
 			}
-			if(!isset($_POST['world_writeable'])) 
+			if(!isset($_POST['world_writeable']))
 			{
 				$_SESSION['world_writeable'] = false;
-			} 
-			else 
+			}
+			else
 			{
 				$_SESSION['world_writeable'] = true;
 			}
@@ -40,12 +41,19 @@ function set_error($message)
 			$_SESSION['database_username'] = $_POST['database_username'];
 			$_SESSION['database_password'] = $_POST['database_password'];
 			$_SESSION['database_name'] = $_POST['database_name'];
-			$_SESSION['table_prefix'] = $_POST['table_prefix'];
-			if(!isset($_POST['install_tables'])) 
+			if(!isset($_POST['table_prefix']))
+			{
+				$_SESSION['table_prefix'] = false;
+			}
+			else
+			{
+				$_SESSION['table_prefix'] = true;
+			}
+			if(!isset($_POST['install_tables']))
 			{
 				$_SESSION['install_tables'] = false;
-			} 
-			else 
+			}
+			else
 			{
 				$_SESSION['install_tables'] = true;
 			}
@@ -65,11 +73,11 @@ function set_error($message)
 }
 
 // Function to workout what the default permissions are for files created by the webserver
-function default_file_mode($temp_dir) 
+function default_file_mode($temp_dir)
 {
 	$v = explode(".",PHP_VERSION);
 	$v = $v[0].$v[1];
-	if($v > 41 && is_writable($temp_dir)) 
+	if($v > 41 && is_writable($temp_dir))
 	{
 		$filename = $temp_dir.'/test_permissions.txt';
 		$handle = fopen($filename, 'w');
@@ -77,8 +85,8 @@ function default_file_mode($temp_dir)
 		fclose($handle);
 		$default_file_mode = '0'.substr(sprintf('%o', fileperms($filename)), -3);
 		unlink($filename);
-	} 
-	else 
+	}
+	else
 	{
 		$default_file_mode = '0777';
 	}
@@ -86,27 +94,27 @@ function default_file_mode($temp_dir)
 }
 
 // Function to workout what the default permissions are for directories created by the webserver
-function default_dir_mode($temp_dir) 
+function default_dir_mode($temp_dir)
 {
 	$v = explode(".",PHP_VERSION);
 	$v = $v[0].$v[1];
-	if ($v > 41 && is_writable($temp_dir)) 
+	if ($v > 41 && is_writable($temp_dir))
 	{
 		$dirname = $temp_dir.'/test_permissions/';
 		mkdir($dirname);
 		$default_dir_mode = '0'.substr(sprintf('%o', fileperms($dirname)), -3);
 		rmdir($dirname);
-	} 
-	else 
+	}
+	else
 	{
 		$default_dir_mode = '0777';
 	}
 	return $default_dir_mode;
 }
 
-function add_slashes($input) 
+function add_slashes($input)
 {
-	if (get_magic_quotes_gpc() || (!is_string($input))) 
+	if (get_magic_quotes_gpc() || (!is_string($input)))
 	{
 		return $input;
 	}
@@ -116,16 +124,16 @@ function add_slashes($input)
 function check_db_error($err_msg, $sql)
 {
 	return true;
-}	
+}
 
 if (isset($_POST['path_to_root']))
 	$path_to_root = $_POST['path_to_root'];
-else	
+else
 	$path_to_root = "..";
-	
+
 // Begin check to see if form was even submitted
 // Set error if no post vars found
-if (!isset($_POST['company_name'])) 
+if (!isset($_POST['company_name']))
 {
 	set_error('Please fill-in the form below');
 }
@@ -134,29 +142,29 @@ if (!isset($_POST['company_name']))
 // Begin path and timezone details code
 
 // Check if user has entered the installation url
-if (!isset($_POST['ba_url']) || $_POST['ba_url'] == '') 
+if (!isset($_POST['ba_url']) || $_POST['ba_url'] == '')
 {
 	set_error('Please enter an absolute URL');
-} 
-else 
+}
+else
 {
 	$ba_url = $_POST['ba_url'];
 }
 
 // Remove any slashes at the end of the URL
-if(substr($ba_url, strlen($ba_url) - 1, 1) == "/") 
+if(substr($ba_url, strlen($ba_url) - 1, 1) == "/")
 {
 	$ba_url = substr($ba_url, 0, strlen($ba_url) - 1);
 }
-if(substr($ba_url, strlen($ba_url) - 1, 1) == "\\") 
+if(substr($ba_url, strlen($ba_url) - 1, 1) == "\\")
 {
 	$ba_url = substr($ba_url, 0, strlen($ba_url) - 1);
 }
-if(substr($ba_url, strlen($ba_url) - 1, 1) == "/") 
+if(substr($ba_url, strlen($ba_url) - 1, 1) == "/")
 {
 	$ba_url = substr($ba_url, 0, strlen($ba_url) - 1);
 }
-if(substr($ba_url, strlen($ba_url) - 1, 1) == "\\") 
+if(substr($ba_url, strlen($ba_url) - 1, 1) == "\\")
 {
 	$ba_url = substr($ba_url, 0, strlen($ba_url) - 1);
 }
@@ -164,26 +172,26 @@ if(substr($ba_url, strlen($ba_url) - 1, 1) == "\\")
 
 // Begin operating system specific code
 // Get operating system
-if (!isset($_POST['operating_system']) || $_POST['operating_system'] != 'linux' && $_POST['operating_system'] != 'windows') 
+if (!isset($_POST['operating_system']) || $_POST['operating_system'] != 'linux' && $_POST['operating_system'] != 'windows')
 {
 	set_error('Please select a valid operating system');
-} 
-else 
+}
+else
 {
 	$operating_system = $_POST['operating_system'];
 }
 // Work-out file permissions
-if($operating_system == 'windows') 
+if($operating_system == 'windows')
 {
 	$file_mode = '0777';
 	$dir_mode = '0777';
-} 
-elseif (isset($_POST['world_writeable']) && $_POST['world_writeable'] == 'true') 
+}
+elseif (isset($_POST['world_writeable']) && $_POST['world_writeable'] == 'true')
 {
 	$file_mode = '0777';
 	$dir_mode = '0777';
-} 
-else 
+}
+else
 {
 	$file_mode = default_file_mode('../includes');
 	$dir_mode = default_dir_mode('../includes');
@@ -192,49 +200,53 @@ else
 
 // Begin database details code
 // Check if user has entered a database host
-if (!isset($_POST['database_host']) || $_POST['database_host'] == '') 
+if (!isset($_POST['database_host']) || $_POST['database_host'] == '')
 {
 	set_error('Please enter a database host name');
-} 
-else 
+}
+else
 {
 	$database_host = $_POST['database_host'];
 }
 // Check if user has entered a database username
-if (!isset($_POST['database_username']) || $_POST['database_username'] == '') 
+if (!isset($_POST['database_username']) || $_POST['database_username'] == '')
 {
 	set_error('Please enter a database username');
-} 
-else 
+}
+else
 {
 	$database_username = $_POST['database_username'];
 }
 // Check if user has entered a database password
-if (!isset($_POST['database_password'])) 
+if (!isset($_POST['database_password']))
 {
 	set_error('Please enter a database password');
-} 
-else 
+}
+else
 {
 	$database_password = $_POST['database_password'];
 }
 // Check if user has entered a database name
-if (!isset($_POST['database_name']) || $_POST['database_name'] == '') 
+if (!isset($_POST['database_name']) || $_POST['database_name'] == '')
 {
 	set_error('Please enter a database name');
-} 
-else 
+}
+else
 {
 	$database_name = $_POST['database_name'];
 }
 // Get table prefix
-$table_prefix = $_POST['table_prefix'];
+if (isset($_POST['table_prefix']) && $_POST['table_prefix'] == 'true')
+	$table_prefix = "0_";
+else
+	$table_prefix = "";
+
 // Find out if the user wants to install tables and data
-if (isset($_POST['install_tables']) && $_POST['install_tables'] == 'true') 
+if (isset($_POST['install_tables']) && $_POST['install_tables'] == 'true')
 {
 	$install_tables = true;
-} 
-else 
+}
+else
 {
 	$install_tables = false;
 }
@@ -242,56 +254,56 @@ else
 
 // Begin company name code
 // Get company name
-if (!isset($_POST['company_name']) || $_POST['company_name'] == '') 
+if (!isset($_POST['company_name']) || $_POST['company_name'] == '')
 {
 	set_error('Please enter a company name');
-} 
-else 
+}
+else
 {
 	$company_name = add_slashes($_POST['company_name']);
 }
 // End website company name
 
 // Check if the user has entered a correct path
-if (!file_exists($path_to_root.'/sql/en_US-demo.sql')) 
+if (!file_exists($path_to_root.'/sql/en_US-demo.sql'))
 {
 	set_error('It appears the Absolute path that you entered is incorrect');
 }
 
 // Get admin email and validate it
-if (!isset($_POST['admin_email']) || $_POST['admin_email'] == '') 
+if (!isset($_POST['admin_email']) || $_POST['admin_email'] == '')
 {
 	set_error('Please enter an email for the Administrator account');
-} 
-else 
+}
+else
 {
-	if (eregi("^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$", $_POST['admin_email'])) 
+	if (eregi("^([0-9a-zA-Z]+[-._+&])*[0-9a-zA-Z]+@([-0-9a-zA-Z]+[.])+[a-zA-Z]{2,6}$", $_POST['admin_email']))
 	{
 		$admin_email = $_POST['admin_email'];
-	} 
-	else 
+	}
+	else
 	{
 		set_error('Please enter a valid email address for the Administrator account');
 	}
 }
 // Get the two admin passwords entered, and check that they match
-if (!isset($_POST['admin_password']) || $_POST['admin_password'] == '') 
+if (!isset($_POST['admin_password']) || $_POST['admin_password'] == '')
 {
 	set_error('Please enter a password for the Administrator account');
-} 
-else 
+}
+else
 {
 	$admin_password = $_POST['admin_password'];
 }
-if (!isset($_POST['admin_repassword']) || $_POST['admin_repassword'] == '') 
+if (!isset($_POST['admin_repassword']) || $_POST['admin_repassword'] == '')
 {
 	set_error('Please make sure you re-enter the password for the Administrator account');
-} 
-else 
+}
+else
 {
 	$admin_repassword = $_POST['admin_repassword'];
 }
-if ($admin_password != $admin_repassword) 
+if ($admin_password != $admin_repassword)
 {
 	set_error('Sorry, the two Administrator account passwords you entered do not match');
 }
@@ -318,12 +330,12 @@ $config_filename = $path_to_root . '/config_db.php';
 $err = write_config_db($table_prefix != "");
 if ($err == -1)
 	set_error("Cannot open the configuration file ($config_filename)");
-else if ($err == -2)	
+else if ($err == -2)
 	set_error("Cannot write to the configuration file ($config_filename)");
-else if ($err == -3) 
+else if ($err == -3)
 	set_error("The configuration file $config_filename is not writable. Change its permissions so it is, then re-run step 4.");
 
-// Try connecting to database	
+// Try connecting to database
 
 $db = mysql_connect($database_host, $database_username, $database_password);
 if (!$db)
@@ -331,7 +343,7 @@ if (!$db)
 	set_error('Database host name, username and/or password incorrect. MySQL Error:<br />'.mysql_error());
 }
 
-if($install_tables == true) 
+if($install_tables == true)
 {
    	if (!mysql_select_db($database_name, $db))
    	{
@@ -339,7 +351,7 @@ if($install_tables == true)
 		// Try to create the database
 		mysql_query('CREATE DATABASE '.$database_name);
 		mysql_select_db($database_name, $db);
-	}	
+	}
 	$import_filename = $path_to_root."/sql/en_US-demo.sql";
 	if (!db_import($import_filename, $db_connections[$id]))
 		set_error("Import error, try to import $import_filename manually via phpMyAdmin");
@@ -348,14 +360,14 @@ else
 {
 	mysql_select_db($database_name, $db);
 }
-$sql = "UPDATE ".$table_prefix."users SET password = '" . md5($admin_password) . "', email = '$admin_email' WHERE user_id = 'admin'";
+$sql = "UPDATE ".$table_prefix."users SET password = '" . md5($admin_password) . "', email = ".db_escape($admin_email)." WHERE user_id = 'admin'";
 db_query($sql, "could not update admin account");
-$sql = "UPDATE ".$table_prefix."company SET coy_name = '$company_name' WHERE coy_code = 1";
+$sql = "UPDATE ".$table_prefix."company SET coy_name = ".db_escape($company_name)." WHERE coy_code = 1";
 db_query($sql, "could not update company name. Do it manually later in Setup");
 
 session_unset();
 session_destroy();
-$_SESSION = array(); 
+$_SESSION = array();
 
 header("Location: ".$path_to_root."/index.php");
 exit();