{$title}

'include', // The config file dir 'cfg_f' => 'include/config.inc.php', // The config file name 'alb_d' => 'albums', // The album dir 'upl_d' => 'userpics', // The uploaded pic dir ); $superCage = Inspekt::makeSuperCage(); // If including includes/init.inc.php has worked as expected, the constants should be populated, so let's check that first if (!defined('SKIP_AUTHENTICATION') && defined('COPPERMINE_VERSION') && GALLERY_ADMIN_MODE) { $_SESSION['auth'] = true; } else { // we need to populate the language array require 'lang/english.php'; } if (!function_exists('cpg_display_help')) { $help = ' '.cpg_display_help('f=upgrading.htm&as=updater&ae=updater_end&top=1', '650', '500'); } else { $help = '

'; } // --------------------- SELECT NEW DATABASE ACCESS METHOD --------------------- // // if a different dbase method is selected, we have to change the config and reload // the page to get to the correct dbase class if ($superCage->post->keyExists('action') && $superCage->post->getAlpha('action') == 'dbselect') { set_config_dbtype($superCage->post->getRaw('db_type')); if ($errors) { html_error($errors); } else { header('Location: update.php?dbswitch=1'); } exit; } if ($superCage->get->keyExists('dbswitch') && $superCage->get->getInt('dbswitch')) { define('SKIP_AUTHENTICATION', true); } // ---------------------------- AUTHENTICATION --------------------------- // // SKIP_AUTHENTICATION is a constant that can be defined for users who can't retrieve any kind of password if (!defined('SKIP_AUTHENTICATION') && !$_SESSION['auth']) { html_header($lang_update_php['title']); if (!$superCage->post->keyExists('method')) { //first try to connect to the db to see if we can authenticate the admin test_sql_connection(); if ($errors != '') { //we could not establish an sql connection, so update can't be done (and user can't be autenticated) html_error($errors); } else { //echo a box for admin autentication html_auth_box('admin'); } } elseif ($superCage->post->getAlpha('method') == 'admin') { //try to autenticate the admin test_sql_connection(); $user = $superCage->post->getEscaped('user'); $pass = $superCage->post->getEscaped('pass'); // Check if column 'user_password_salt' exists in user table $result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PREFIX']}users LIMIT 1"); $row = $result->fetchAssoc(true); $col_user_password_salt_exists = isset($row['user_password_salt']) ? true : false; if ($col_user_password_salt_exists) { require 'include/passwordhash.inc.php'; $sql = "SELECT user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations FROM {$CONFIG['TABLE_PREFIX']}users WHERE user_group = 1 AND user_name = '$user'"; $result = cpg_db_query($sql); $password_params = $result->fetchAssoc(true); } if (!$col_user_password_salt_exists || !$password_params['user_password_salt']) { $sql = "SELECT user_active FROM {$CONFIG['TABLE_PREFIX']}users WHERE user_group = 1 AND user_name = '$user' AND (user_password = '$pass' OR user_password = '".md5($pass)."')"; $result = cpg_db_query($sql); if (!$result->numRows()) { //not authenticated, try mysql account details html_auth_box('MySQL'); die(); } } elseif (!cpg_password_validate($pass, $password_params)) { //not authenticated, try mysql account details html_auth_box('MySQL'); die(); } //authenticated, do the update $_SESSION['auth'] = true; start_update(); } else { //try to autenticate via MySQL details (in configuration) if ($superCage->post->getEscaped('user') == $CONFIG['dbuser'] && $superCage->post->getEscaped('pass') == $CONFIG['dbpass']) { //authenticated, do the update $_SESSION['auth'] = true; start_update(); } else { //no go, try again html_error($lang_update_php['could_not_authenticate'] . ' - ' . $lang_update_php['try_again'] .''); } } html_footer(); } else { html_header($lang_update_php['title']); $_SESSION['auth'] = true; start_update(); html_footer(); } // function definitions --- start // ------------------------- HTML OUTPUT FUNCTIONS ------------------------- // function html_header($title, $charset = 'iso8859-1') { if (function_exists('pageheader') && defined('COPPERMINE_VERSION') && GALLERY_ADMIN_MODE) { pageheader($title); } else { echo <<< EOT {$title}

EOT; } } function html_error($error_msg = '') { global $lang_update_php, $help; echo <<< EOT EOT; if ($error_msg) { echo <<< EOT EOT; } echo <<< EOT

{$lang_update_php['welcome_updater']}{$help}
• • • ERROR • • •
{$lang_update_php['errors_encountered']}:
{$error_msg}

EOT; } function html_install_success($notes) { global $DFLT, $lang_update_php; //Coppermine is now upgraded and ready to roll. echo '
'; echo '

' . $lang_update_php['update_completed'] . '

'; echo '

'; printf($lang_update_php['check_versions'], '', ''); echo '. '; printf($lang_update_php['start_page'], '', ''); echo '.

'; } function html_footer() { if (function_exists('pagefooter') && defined('COPPERMINE_VERSION') && GALLERY_ADMIN_MODE) { pagefooter(); } else { echo <<< EOT EOT; } } function html_auth_box($method) { global $lang_update_php, $lang_common, $help; $superCage = Inspekt::makeSuperCage(); if ($superCage->get->keyExists('debug')) { $debug_mode = '?debug'; } else { $debug_mode = ''; } if (function_exists('cpg_fetch_icon')) { $update_icon = cpg_fetch_icon('update_database', 2); $ok_icon = cpg_fetch_icon('ok', 2); $login_icon = cpg_fetch_icon('login', 2); $username_icon = cpg_fetch_icon('my_profile', 2); $password_icon = cpg_fetch_icon('key_enter', 2); } else { $update_icon = ''; $ok_icon = ''; $login_icon = ''; $username_icon = ''; $password_icon = ''; } echo <<< EOT

{$update_icon}{$lang_update_php['welcome_updater']}{$help}
{$login_icon}{$lang_update_php['authentication_needed']}
EOT; if ($method == 'MySQL') { echo $lang_update_php['could_not_authenticate']. '. '.sprintf($lang_update_php['provide_admin_account_dbase'], $CONFIG['dbname']).'. ' . $lang_update_php['try_again'] . '.'; } else { echo $lang_update_php['provide_admin_account_cpg'].'.'; } echo <<< EOT
{$username_icon}{$lang_update_php['username']}:
{$password_icon}{$lang_update_php['password']}:

EOT; } function html_dbase_select () { global $lang_update_php, $lang_common, $help; $superCage = Inspekt::makeSuperCage(); require_once 'include/dbselect.inc.php'; $dbselect = new DbaseSelect(array('mysqli'=>'MYSQLI'.$lang_update_php['recommended'],'pdo:mysql'=>'PDO:MYSQL','mysql'=>'MYSQL'.$lang_update_php['current_nr'])); if (function_exists('cpg_fetch_icon')) { $ok_icon = cpg_fetch_icon('ok', 2); } else { $update_icon = ''; $ok_icon = ''; } echo <<

{$lang_update_php['newDbMethod']}

Database Type

EOT; } // --------------------------------- MAIN CODE ----------------------------- // function start_update() { global $errors, $notes, $lang_update_php, $LINEBREAK; global $update_icon, $ok_icon, $already_done_icon, $error_icon, $file_system_icon; if (!check_db_type()) return; // The updater //html_header($lang_update_php['title']); test_sql_connection(); if (function_exists('cpg_fetch_icon')) { $update_icon = cpg_fetch_icon('update_database', 2); $ok_icon = cpg_fetch_icon('ok', 2); $already_done_icon = cpg_fetch_icon('info', 2); $error_icon = cpg_fetch_icon('stop', 2); $file_system_icon = cpg_fetch_icon('hdd', 2); } else { $update_icon = ''; $ok_icon = ''; $already_done_icon = ''; $error_icon = ''; $file_system_icon = ''; } if ($errors == '') { echo ' ' . $LINEBREAK; update_tables(); update_files(); echo '

' . $LINEBREAK; } else { html_error($errors); } if ($errors == '') { html_install_success($notes); session_destroy(); } else { html_error($errors); } //html_footer(); } // Return an array containing config values specified in the array function cpg_get_config_value($config_name) { global $CONFIG; $result = cpg_db_query("SELECT value FROM ".$CONFIG['TABLE_PREFIX']."config WHERE name='".$config_name."' LIMIT 1"); $row = $result->fetchRow(true); return is_array($row) ? $row[0] : null; } // ----------------------------- TEST FUNCTIONS ---------------------------- // function check_db_type () { global $CONFIG; if (!isset($CONFIG['dbtype']) || $CONFIG['dbtype'] == 'mysql') { html_dbase_select(); return false; } return true; } function test_sql_connection() { global $errors, $CONFIG, $CPGDB, $lang_update_php; if (!isset($CPGDB)) { list($db_ext, $db_sub) = explode(':', $CONFIG['dbtype'].':'); $db_ext = $db_ext ?: 'mysql'; require 'include/database/'.$db_ext.'/dbase.inc.php'; $CPGDB = new CPG_Dbase($CONFIG); } if (!$CPGDB->isConnected()) { $errors .= '

'; $errors .= sprintf($lang_update_php['dbase_database_error'], $CONFIG['dbname']) . '. '; $errors .= sprintf($lang_update_php['check_config_file'] . '. ', 'include/config.inc.php'); $errors .= '
'; $errors .= sprintf($lang_update_php['dbase_said'], $CPGDB->db_type) . ': ' . $CPGDB->getError(); } } // ------------------------- SQL QUERIES TO CREATE TABLES ------------------ // function update_tables() { global $errors, $CONFIG, $CPGDB, $lang_update_php, $lang_common, $LINEBREAK, $help; global $update_icon, $ok_icon, $already_done_icon, $error_icon, $file_system_icon; $loopCounter = 0; $cellStyle = ''; $okerrs = array(1060,1061,1062); $superCage = Inspekt::makeSuperCage(); $db_update = 'sql/update.sql'; $sql_query = fread(fopen($db_update, 'r'), filesize($db_update)); // Update table prefix $sql_query = preg_replace('/CPG_/', $CONFIG['TABLE_PREFIX'], $sql_query); //$sql_query = str_replace('{FIRST_USER_CAT}', FIRST_USER_CAT, $sql_query); $sql_query = remove_remarks($sql_query); $sql_query = split_sql_file($sql_query, ';'); $sql_query = array_map('trim', $sql_query); echo <<< EOT {$update_icon}{$lang_update_php['performing_database_updates']}{$help} EOT; // Have to relax the sql modes for mysql 5.7 so it won't fail with zero dates, etc. cpg_db_query("SET SESSION sql_mode = ''"); foreach ($sql_query as $q) { $cellStyle = ($loopCounter / 2 == floor($loopCounter / 2)) ? 'tableb' : 'tableb tableb_alternate'; $loopCounter++; echo '' . $LINEBREAK . ' ' . $q; /** * Determining if the Alter Table actually made a change * to properly reflect it's status on the update page. */ if (strpos(strtolower($q), 'alter table') !== false) { $query = explode(' ', $q); $result = cpg_db_query("DESCRIBE " . $query[2]); $description = array(); while ($row = $result->fetchRow()) { $description[] = $row; } $result->free(); $result = @cpg_db_query($q); if (!$result) { $errno = $CPGDB->getError(true); if (!in_array($errno, $okerrs)) { table_complain($cellStyle); continue; } } $affected = $CPGDB->affectedRows(); $warnings = cpg_db_query('SHOW WARNINGS'); $result = cpg_db_query("DESCRIBE " . $query[2]); $description2 = array(); while ($row = $result->fetchRow()) { $description2[] = $row; } $result->free(); if ($description == $description2) { $affected = 0; } } else { $result = @cpg_db_query($q); if (!$result) { $errno = $CPGDB->getError(true); if (!in_array($errno, $okerrs)) { table_complain($cellStyle); continue; } } $affected = $CPGDB->affectedRows(); $warnings = cpg_db_query('SHOW WARNINGS;'); } if ($superCage->get->keyExists('debug')) { echo '

Debug output:
'; if ($affected > -1) { echo "Rows Affected: ".$affected.". "; } if ($warnings) { while ($warning = $warnings->fetchRow()) { if ($warning[0] != '') { $warning_text = 'MySQL said: '; } else { $warning_text = ''; } echo $warning_text.''.$warning[0]. ' ('.$warning[1].') '.$warning[2].'
'; } $warnings->free(); } } echo ''.$LINEBREAK; // end the table cell that contains the output if ($result && $affected) { echo ' ' . $ok_icon . $lang_common['ok'] . ''.$LINEBREAK; } else { echo ' ' . $already_done_icon . $lang_update_php['already_done'] . ''.$LINEBREAK; } echo '' . $LINEBREAK; } // end foreach loop // Check password encryption and perform the conversion if applicable $cellStyle = ($loopCounter / 2 == floor($loopCounter / 2)) ? 'tableb' : 'tableb tableb_alternate'; $loopCounter++; echo <<< EOT {$lang_update_php['password_encryption']}: EOT; $CONFIG['enable_encrypted_passwords'] = cpg_get_config_value('enable_encrypted_passwords'); if ($CONFIG['enable_encrypted_passwords'] != '1') { echo <<< EOT {$ok_icon}{$lang_common['ok']} EOT; $result = cpg_db_query("update {$CONFIG['TABLE_PREFIX']}users set user_password=md5(user_password);"); if ($CONFIG['enable_encrypted_passwords'] === '0') { $result = cpg_db_query("update {$CONFIG['TABLE_PREFIX']}config set value = '1' WHERE name = 'enable_encrypted_passwords'"); } else { $result = cpg_db_query("INSERT INTO {$CONFIG['TABLE_PREFIX']}config ( `name` , `value` ) VALUES ('enable_encrypted_passwords', '1')"); } } else { echo <<< EOT {$already_done_icon}{$lang_update_php['already_done']} EOT; } // Check album password encryption and perform the conversion if applicable $cellStyle = ($loopCounter / 2 == floor($loopCounter / 2)) ? 'tableb' : 'tableb tableb_alternate'; $loopCounter++; echo <<< EOT {$lang_update_php['alb_password_encryption']}: EOT; $CONFIG['enable_encrypted_alb_passwords'] = cpg_get_config_value('enable_encrypted_alb_passwords'); if ($CONFIG['enable_encrypted_alb_passwords'] != 1) { echo <<< EOT {$ok_icon}{$lang_common['ok']} EOT; // Encrypt the album password but only for those albums which have a password assigned. $result = cpg_db_query("update {$CONFIG['TABLE_PREFIX']}albums set alb_password=md5(alb_password) WHERE alb_password IS NOT NULL AND alb_password != '';"); if ($CONFIG['enable_encrypted_alb_passwords'] != NULL) { $result = cpg_db_query("update {$CONFIG['TABLE_PREFIX']}config set value = 1 WHERE name = 'enable_encrypted_alb_passwords'"); } else { $result = cpg_db_query("INSERT INTO {$CONFIG['TABLE_PREFIX']}config ( `name` , `value` ) VALUES ('enable_encrypted_alb_passwords', '1')"); } } else { echo <<< EOT {$already_done_icon}{$lang_update_php['already_done']} EOT; } // Check category tree modifications $cellStyle = ($loopCounter / 2 == floor($loopCounter / 2)) ? 'tableb' : 'tableb tableb_alternate'; $loopCounter++; echo <<< EOT {$lang_update_php['category_tree']}: EOT; if (check_rebuild_tree()) { echo <<< EOT {$ok_icon}{$lang_common['ok']} EOT; } else { echo <<< EOT {$already_done_icon}{$lang_update_php['already_done']} EOT; } // Check for enabled v1.6 core upload plugin(s) $cellStyle = ($loopCounter / 2 == floor($loopCounter / 2)) ? 'tableb' : 'tableb tableb_alternate'; $loopCounter++; $result = cpg_db_query("SELECT path FROM {$CONFIG['TABLE_PREFIX']}plugins WHERE path LIKE 'upload____'"); $plgs = cpg_db_fetch_rowset($result, true); $upc = 0; foreach ($plgs as $plg) { if (in_array(substr($plg['path'], 6), array('_h5a','_swf','_sgl'))) { //echo $plg['path']; $upc++; } } echo << {$lang_update_php['core_upload_plugs']}: EOT; if ($upc) { echo <<< EOT {$already_done_icon}{$lang_update_php['already_done']} EOT; } else { // Pre-install the core upload plugins cpg_db_query("INSERT INTO {$CONFIG['TABLE_PREFIX']}plugins (name, path, priority) VALUES ('CoreH5A Upload', 'upload_h5a', 0), ('CoreSWF Upload', 'upload_swf', 1), ('CoreSGL Upload', 'upload_sgl', 2)"); // And set the default mechanism to 'upload_h5a' cpg_db_query("UPDATE {$CONFIG['TABLE_PREFIX']}config SET value='upload_h5a' WHERE name='upload_mechanism'"); // employ any existing html5upload configurations $result = cpg_db_query("SELECT name,value FROM {$CONFIG['TABLE_PREFIX']}config WHERE name LIKE 'html5upload_config%'"); $cfgs = cpg_db_fetch_rowset($result, true); foreach ($cfgs as $cfg) { $cfgn = 'upload_h5a' . substr($cfg['name'], 18); $cfgv = cpg_db_escape_string($cfg['value']); cpg_db_query("INSERT INTO {$CONFIG['TABLE_PREFIX']}config VALUES ('{$cfgn}', '{$cfgv}')"); } } // if there were no html5upload configs, set a default one if (!isset($cfgs) || !$cfgs) { cpg_db_query("INSERT INTO {$CONFIG['TABLE_PREFIX']}config VALUES ('upload_h5a', 'a:11:{s:10:\"concurrent\";i:3;s:8:\"upldsize\";i:0;s:8:\"autoedit\";i:1;s:8:\"acptmime\";s:7:\"image/*\";s:8:\"enabtitl\";i:0;s:8:\"enabdesc\";i:0;s:8:\"enabkeys\";i:1;s:8:\"enabusr1\";i:0;s:8:\"enabusr2\";i:0;s:8:\"enabusr3\";i:0;s:8:\"enabusr4\";i:0;}')"); } echo <<< EOT {$ok_icon}{$lang_common['ok']} EOT; } function table_complain ($cs) { global $errors, $CONFIG, $CPGDB, $lang_update_php, $lang_common, $LINEBREAK, $help; echo '

', $CPGDB->getError(), '

', $LINEBREAK; } function update_files() { global $lang_update_php, $file_system_icon; echo <<< EOT {$file_system_icon}{$lang_update_php['performing_file_updates']} EOT; delete_files(); update_system_thumbs(); } function delete_files() { global $lang_update_php, $lang_common, $ok_icon, $already_done_icon, $error_icon; // Attempt to delete outdated files $delete_file_array = array( 'js/jquery-1.3.2.js', 'js/jquery-1.4.2.js', 'logs/log_header.inc.php', 'include/log_header.inc.php', 'js/setup_swf_upload.js', 'js/swfupload', 'docs/en/uploading_xp-publisher.htm', 'xp_publish.php', 'install_classic.php', 'include/cpg15x.files.xml' ); // Check if the file exists in the first place $loopCounter = 0; foreach ($delete_file_array as $delete_file) { $cellStyle = ($loopCounter / 2 == floor($loopCounter / 2)) ? 'tableb' : 'tableb tableb_alternate'; $delete_output = sprintf($lang_update_php['delete_file'], '«'.$delete_file.'»'); echo <<< EOT {$delete_output} EOT; if (!file_exists($delete_file)) { $result_output = $already_done_icon . $lang_update_php['already_done']; } else { list($delete_result,$debug_output) = cpg_folder_file_delete($delete_file); if ($delete_result == TRUE ) { $result_output = $ok_icon . $lang_common['ok']; } else { $result_output = $error_icon . $lang_update_php['could_not_delete']; } } echo <<< EOT {$result_output} EOT; $loopCounter++; } // foreach $delete_file } function update_system_thumbs() { global $CONFIG, $lang_update_php, $lang_common, $ok_icon, $already_done_icon, $error_icon; $results = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_PREFIX']}config;"); while ($row = $results->fetchAssoc()) { $CONFIG[$row['name']] = $row['value']; } // while $results->free(); // Code to rename system thumbs in images folder $default_thumb_pfx = 'thumb_'; if ($default_thumb_pfx != $CONFIG['thumb_pfx']) { $THEME_DIR = 'themes/' . $CONFIG['theme'] . '/'; $folders = array('images/thumbs/', $THEME_DIR.'images/'); $loopCounter = 0; foreach ($folders as $folder) { $thumbs = cpg_get_system_thumb_list($folder); foreach ($thumbs as $thumb) { $cellStyle = ($loopCounter / 2 == floor($loopCounter / 2)) ? 'tableb' : 'tableb tableb_alternate'; $rename_file_from = $folder . $thumb['filename']; $rename_file_to = $folder . str_replace($default_thumb_pfx, $CONFIG['thumb_pfx'], $thumb['filename']); $rename_output = sprintf($lang_update_php['rename_file'], '«'.$rename_file_from.'»', '«'.$rename_file_to.'»'); echo <<< EOT {$rename_output} EOT; if (file_exists($rename_file_to)) { $result_output = $already_done_icon . $lang_update_php['already_done']; echo <<< EOT {$result_output} EOT; $loopCounter++; if ($rename_file_from == $rename_file_to) { continue; } $cellStyle = ($loopCounter / 2 == floor($loopCounter / 2)) ? 'tableb' : 'tableb tableb_alternate'; $delete_file = $rename_file_from; $delete_output = sprintf($lang_update_php['delete_file'], '«'.$delete_file.'»'); echo <<< EOT {$delete_output} EOT; if (!file_exists($delete_file)) { $result_output = $already_done_icon . $lang_update_php['already_done']; } else { list($delete_result,$debug_output) = cpg_folder_file_delete($delete_file); if ($delete_result == TRUE ) { $result_output = $ok_icon . $lang_common['ok']; } else { $result_output = $error_icon . $lang_update_php['could_not_delete']; } } echo <<< EOT {$result_output} EOT; $loopCounter++; continue; } else { $rename_result = @rename($rename_file_from, $rename_file_to); if ($rename_result == TRUE ) { $result_output = $ok_icon . $lang_common['ok']; } else { $result_output = $error_icon . $lang_update_php['could_not_rename']; } } echo <<< EOT {$result_output} EOT; $loopCounter++; } // foreach $thumbs } // foreach $folders } // if different thumb_pfx } function set_config_dbtype ($db_type) { global $lang_update_php, $errors; include 'include/config.inc.php'; $CONFIG['dbtype'] = $db_type; $config = <<'; } } // function definitions --- end //EOF

{$lang_update_php['welcome_updater']}{$help}

' . $lang_update_php['update_completed'] . '

{$update_icon}{$lang_update_php['welcome_updater']}{$help}

{$login_icon}{$lang_update_php['authentication_needed']}