updating script

inc/poche/Poche.class.php

@@ -41,15 +41,23 @@ class Poche
     {
         $msg = '';
         $allIsGood = TRUE;
-        if (file_exists('./install') && !DEBUG_POCHE) {
-            Tools::logm('folder /install exists');
+
+        if (file_exists('./install/update.php') && !DEBUG_POCHE) {
+            $msg = 'A poche update is needed. Please execute this update <a href="install/update.php">by clicking here</a>. If you have already do the update, please delete /install folder.';
+            $allIsGood = FALSE;
+        }
+        else if (file_exists('./install') && !DEBUG_POCHE) {
             $msg = 'If you want to update your poche, you just have to delete /install folder. <br />To install your poche with sqlite, copy /install/poche.sqlite in /db and delete the folder /install. you have to delete the /install folder before using poche.';
             $allIsGood = FALSE;
         }
-
-        if (STORAGE == 'sqlite' && !is_writable(STORAGE_SQLITE)) {
-            Tools::logm('you don\'t have write access on db file');
-            $msg = 'You don\'t have write access on ' . STORAGE_SQLITE . ' file.';
+        else if (STORAGE == 'sqlite' && !is_writable(STORAGE_SQLITE)) {
+            Tools::logm('you don\'t have write access on sqlite file');
+            $msg = 'You don\'t have write access on sqlite file.';
+            $allIsGood = FALSE;
+        }
+        else if (!is_writable(CACHE)) {
+            Tools::logm('you don\'t have write access on cache directory');
+            $msg = 'You don\'t have write access on cache directory.';
             $allIsGood = FALSE;
         }
 
@@ -118,10 +126,12 @@ class Poche
             if (($_POST['password'] == $_POST['password_repeat']) 
                 && $_POST['password'] != "" && $_POST['login'] != "") {
                 # let's rock, install poche baby !
-                $this->store->install($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login']));
-                Session::logout();
-                Tools::logm('poche is now installed');
-                Tools::redirect();
+                if ($this->store->install($_POST['login'], Tools::encodeString($_POST['password'] . $_POST['login'])))
+                {
+                    Session::logout();
+                    Tools::logm('poche is now installed');
+                    Tools::redirect();
+                }
             }
             else {
                 Tools::logm('error during installation');

inc/poche/Tools.class.php

@@ -233,4 +233,30 @@ class Tools
 
         return $minutes;
     }
+
+
+    public static function createMyConfig()
+    {
+        $myconfig_file = './inc/poche/myconfig.inc.php';
+
+        if (version_compare(POCHE_VERSION, '1.0-beta3') == 1) {
+            # $myconfig_file is only created with poche > 1.0-beta3
+            # in 1.0-beta3, the update script creates $myconfig_file
+
+            if (!is_writable('./inc/poche/')) {
+                self::logm('you don\'t have write access to create ./inc/poche/myconfig.inc.php');
+                die('You don\'t have write access to create ./inc/poche/myconfig.inc.php.');
+            }
+
+            if (!file_exists($myconfig_file))
+            {
+                $fp = fopen($myconfig_file, 'w');
+                fwrite($fp, '<?php'."\r\n");
+                fwrite($fp, "define ('POCHE_VERSION', '1.0-beta3');" . "\r\n");
+                fwrite($fp, "define ('SALT', '" . md5(time() . $_SERVER['SCRIPT_FILENAME'] . rand()) . "');" . "\r\n");
+                fwrite($fp, "define ('LANG', 'en_EN.utf8');" . "\r\n");
+                fclose($fp);
+            }
+        }
+    }
 }

inc/poche/config.inc.php

@@ -8,51 +8,30 @@
  * @license    http://www.wtfpl.net/ see COPYING file
  */
 
-# storage
-define ('STORAGE','sqlite'); # postgres, mysql, sqlite
-define ('STORAGE_SERVER', 'localhost'); # leave blank for sqlite
-define ('STORAGE_DB', 'poche'); # only for postgres & mysql
-define ('STORAGE_SQLITE', './db/poche.sqlite');
-define ('STORAGE_USER', 'postgres'); # leave blank for sqlite
-define ('STORAGE_PASSWORD', 'postgres'); # leave blank for sqlite
-
-define ('POCHE_VERSION', '1.0-beta2');
-define ('MODE_DEMO', FALSE);
-define ('DEBUG_POCHE', FALSE);
-define ('CONVERT_LINKS_FOOTNOTES', FALSE);
-define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE);
-define ('DOWNLOAD_PICTURES', FALSE);
-define ('SHARE_TWITTER', TRUE);
-define ('SHARE_MAIL', TRUE);
-define ('SALT', '464v54gLLw928uz4zUBqkRJeiPY68zCX');
-define ('ABS_PATH', 'assets/');
-define ('TPL', './tpl');
-define ('LOCALE', './locale');
-define ('CACHE', './cache');
-define ('LANG', 'en_EN.UTF8');
-define ('PAGINATION', '10');
-define ('THEME', 'light');
+require_once __DIR__ . '/../../inc/poche/define.inc.php';
 
 # /!\ Be careful if you change the lines below /!\
-if (!file_exists('./vendor/autoload.php')) {
+if (!file_exists(__DIR__ . '/../../vendor/autoload.php')) {
     die('Twig does not seem installed. Have a look at <a href="http://inthepoche.com/?pages/Documentation">the documentation.</a>');
 }
- 
-require_once './inc/poche/User.class.php';
-require_once './inc/poche/Tools.class.php';
-require_once './inc/poche/Url.class.php';
-require_once './inc/3rdparty/class.messages.php';
-require_once './inc/poche/Poche.class.php';
-require_once './inc/3rdparty/Readability.php';
-require_once './inc/3rdparty/Encoding.php';
-require_once './inc/poche/Database.class.php';
-require_once './vendor/autoload.php';
-require_once './inc/3rdparty/simple_html_dom.php';
-require_once './inc/3rdparty/paginator.php';
-require_once './inc/3rdparty/Session.class.php';
+
+if (file_exists(__DIR__ . '/../../inc/poche/myconfig.inc.php')) {
+    require_once __DIR__ . '/../../inc/poche/myconfig.inc.php';
+}
+require_once __DIR__ . '/../../inc/poche/User.class.php';
+require_once __DIR__ . '/../../inc/poche/Url.class.php';
+require_once __DIR__ . '/../../inc/3rdparty/class.messages.php';
+require_once __DIR__ . '/../../inc/poche/Poche.class.php';
+require_once __DIR__ . '/../../inc/3rdparty/Readability.php';
+require_once __DIR__ . '/../../inc/3rdparty/Encoding.php';
+require_once __DIR__ . '/../../inc/poche/Database.class.php';
+require_once __DIR__ . '/../../vendor/autoload.php';
+require_once __DIR__ . '/../../inc/3rdparty/simple_html_dom.php';
+require_once __DIR__ . '/../../inc/3rdparty/paginator.php';
+require_once __DIR__ . '/../../inc/3rdparty/Session.class.php';
 
 if (DOWNLOAD_PICTURES) {
-    require_once './inc/poche/pochePictures.php';
+    require_once __DIR__ . '/../../inc/poche/pochePictures.php';
 }
 
 $poche = new Poche();

inc/poche/define.inc.php

@@ -0,0 +1,30 @@
+<?php
+/**
+ * poche, a read it later open source system
+ *
+ * @category   poche
+ * @author     Nicolas Lœuillet <nicolas@loeuillet.org>
+ * @copyright  2013
+ * @license    http://www.wtfpl.net/ see COPYING file
+ */
+
+define ('STORAGE','sqlite'); # postgres, mysql, sqlite
+define ('STORAGE_SERVER', 'localhost'); # leave blank for sqlite
+define ('STORAGE_DB', 'poche'); # only for postgres & mysql
+define ('STORAGE_SQLITE', __DIR__ . '/../../db/poche.sqlite');
+define ('STORAGE_USER', 'postgres'); # leave blank for sqlite
+define ('STORAGE_PASSWORD', 'postgres'); # leave blank for sqlite
+
+define ('MODE_DEMO', FALSE);
+define ('DEBUG_POCHE', FALSE);
+define ('CONVERT_LINKS_FOOTNOTES', FALSE);
+define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE);
+define ('DOWNLOAD_PICTURES', FALSE);
+define ('SHARE_TWITTER', TRUE);
+define ('SHARE_MAIL', TRUE);
+define ('ABS_PATH', 'assets/');
+define ('TPL', __DIR__ . '/../../tpl');
+define ('LOCALE', __DIR__  . '/../../locale');
+define ('CACHE', __DIR__  . '/../../cache');
+define ('PAGINATION', '10');
+define ('THEME', 'light');

index.php

@@ -8,6 +8,9 @@
  * @license    http://www.wtfpl.net/ see COPYING file
  */
 
+require_once './inc/poche/Tools.class.php';
+Tools::createMyConfig();
+
 include dirname(__FILE__).'/inc/poche/config.inc.php';
 
 # Parse GET & REFERER vars

install/update.php

@@ -0,0 +1,78 @@
+<?php
+require_once dirname(__FILE__).'/../inc/poche/Tools.class.php';
+include dirname(__FILE__).'/../inc/poche/define.inc.php';
+require_once __DIR__ . '/../inc/poche/Database.class.php';
+$store = new Database();
+$old_salt = '464v54gLLw928uz4zUBqkRJeiPY68zCX';
+?>
+<!DOCTYPE html>
+<!--[if lte IE 6]> <html class="no-js ie6 ie67 ie678" lang="en"> <![endif]-->
+<!--[if lte IE 7]> <html class="no-js ie7 ie67 ie678" lang="en"> <![endif]-->
+<!--[if IE 8]> <html class="no-js ie8 ie678" lang="en"> <![endif]-->
+<!--[if gt IE 8]><!--> <html class="no-js" lang="en"> <!--<![endif]-->
+<html>
+    <head>
+        <meta charset="utf-8">
+        <title>updating poche</title>
+    </head>
+    <body>
+        <h1>update poche to 1.0-beta3</h1>
+
+        <h2>Changelog</h2>
+        <p>
+            <ul>
+                <li>this awesome updating step</li>
+                <li>error message when install folder exists</li>
+                <li>more tests before installation (write access, etc.)</li>
+                <li>updated README to make installation easier</li>
+                <li>german language thanks to HLFH</li>
+                <li>spanish language thanks to Nitche</li>
+                <li>new file ./inc/poche/myconfig.inc.php created to store language and salt</li>
+                <li><a href="https://github.com/inthepoche/poche/issues/119">#119</a>: salt is now created when installing poche</li>
+                <li><a href="https://github.com/inthepoche/poche/issues/130">#130</a>: robotx.txt added</li>
+                <li><a href="https://github.com/inthepoche/poche/issues/136">#136</a>: error during readability import</li>
+                <li><a href="https://github.com/inthepoche/poche/issues/137">#137</a>: mixed content alert in https</li>
+                <li><a href="https://github.com/inthepoche/poche/issues/138">#138</a>: change pattern to parse url with #</li>
+            </ul>
+        </p>
+        <p>
+        <form name="update" method="post">
+            <div><label for="login">login:</label> <input type="text" name="login" id="login" /></div>
+            <div><label for="password">password:</label> <input type="password" name="password" id="password" /></div>
+            <div><input type="hidden" name="go" value="ok" /><input type="submit" value="update" /></div>
+        </form>
+        </p>
+<?php
+if (isset($_POST['go'])) {
+    if (!empty($_POST['login']) && !empty($_POST['password'])) {
+        $user = $store->login($_POST['login'], sha1($_POST['password'] . $_POST['login'] . $old_salt));
+        if ($user != array()) {
+            $new_salt = md5(time() . $_SERVER['SCRIPT_FILENAME'] . rand());
+            $myconfig_file = '../inc/poche/myconfig.inc.php';
+            if (!is_writable('../inc/poche/')) {
+                die('You don\'t have write access to create ./inc/poche/myconfig.inc.php.');
+            }
+
+            if (!file_exists($myconfig_file))
+            {
+                $fp = fopen($myconfig_file, 'w');
+                
+                fwrite($fp, '<?php'."\r\n");
+                fwrite($fp, "define ('POCHE_VERSION', '1.0-beta3');" . "\r\n");
+                fwrite($fp, "define ('SALT', '" . $new_salt . "');" . "\r\n");
+                fwrite($fp, "define ('LANG', 'en_EN.utf8');" . "\r\n");
+                fclose($fp);
+            }
+            # faire une mise à jour de la table users en prenant en compte le nouveau SALT généré
+            $store->updatePassword($user['id'], sha1($_POST['password'] . $_POST['login'] . $new_salt));
+?>
+        <p><span style="color: green;">your poche is up to date!</span></p>
+        <p><span style="color: red;">don't forget to delete ./install/ folder after the update.</span></p>
+        <p><a href="../">go back to your poche</a></p>
+<?php
+        }
+    }
+}
+?>
+    </body>
+</html>