From: <car...@us...> - 2025-02-15 21:01:00
|
Revision: 11111 http://sourceforge.net/p/phpwiki/code/11111 Author: carstenklapp Date: 2025-02-15 21:00:58 +0000 (Sat, 15 Feb 2025) Log Message: ----------- configurator.php is now in a semi-unbroken state. Useable but needs more work. Modified Paths: -------------- trunk/config/config-default.ini trunk/configurator.php trunk/pgsrc/ReleaseNotes Modified: trunk/config/config-default.ini =================================================================== --- trunk/config/config-default.ini 2025-02-15 05:50:41 UTC (rev 11110) +++ trunk/config/config-default.ini 2025-02-15 21:00:58 UTC (rev 11111) @@ -113,3 +113,5 @@ PLUGIN_CACHED_USECACHE = true PLUGIN_CACHED_FORCE_SYNCMAP = true PLUGIN_CACHED_IMGTYPES = "png|gif|gd|gd2|jpeg|wbmp|xbm|xpm" +ADMIN_USER = "AdminUser" +ADMIN_PASSWD = "password" Modified: trunk/configurator.php =================================================================== --- trunk/configurator.php 2025-02-15 05:50:41 UTC (rev 11110) +++ trunk/configurator.php 2025-02-15 21:00:58 UTC (rev 11111) @@ -143,7 +143,7 @@ unset($_SERVER['PHP_AUTH_USER']); unset($_SERVER['PHP_AUTH_PW']); - trigger_error("Permission denied. Require ADMIN_USER.", E_USER_ERROR); + trigger_error("Permission denied. Existing ADMIN_USER credentials required. Alteranely rename config.ini to generate a new one.", E_USER_ERROR); exit(); } } @@ -172,8 +172,15 @@ } // check password if (ENCRYPTED_PASSWD) { - if (crypt($admin_pw, ADMIN_PASSWD) != ADMIN_PASSWD) { - _http_logout(); + if (!function_exists('DEBUGpassword_hash')) { + if (crypt($admin_pw, ADMIN_PASSWD) != ADMIN_PASSWD) { + _http_logout(); + } + } else { + $verified=password_verify($admin_pw, ADMIN_PASSWD); + if (!$verified) { + _http_logout(); + } } } elseif ($admin_pw != ADMIN_PASSWD) { _http_logout(); @@ -354,8 +361,19 @@ <h1>Configuration for PhpWiki <?php echo $config_file ?></h1> <div class="hint"> - Using this configurator.php is experimental!<br/> - On any configuration problems, please edit the resulting config.ini manually. + <p>Using this configurator.php is experimental!</p> + <p>On any configuration problems, please edit the resulting config.ini + manually. If one is not created, copy config-dist.ini to config.ini and + edit that.</p> + <p>This file currently has problems with:</p> + <ul> + <li>Handling Windows pathnames (use forward slashes /)</li> + <li>Editing existing config.ini file is currently not possible. Rename it + to generate a new one, or edit it manually.</li> + <li>Php crypt() function fails sometimes and returns *0 or *1 as the + password. In that case run passencrypt.php to generate a new password + and manually paste it into config.ini.</li> + </ul> </div> <?php @@ -1450,8 +1468,19 @@ $properties["Data Path"] = new _define_commented_optional('DATA_PATH', dirname($scriptname)); + + if (defined('PHPWIKI_DIR')) { + $phpwiki_dir = PHPWIKI_DIR; + } else { + if (substr(PHP_OS, 0, 3) == 'WIN') { + $phpwiki_dir = dirname(__FILE__); + $phpwiki_dir = strtr($phpwiki_dir, '\\', '/'); + } else { + $phpwiki_dir = dirname(__FILE__); + } + } $properties["PhpWiki Install Directory"] = - new _define_commented_optional('PHPWIKI_DIR', dirname(__FILE__)); + new _define_commented_optional('PHPWIKI_DIR', $phpwiki_dir); $properties["Use PATH_INFO"] = new _define_selection_optional_commented( @@ -1506,7 +1535,11 @@ $upload_data_path = defined('UPLOAD_DATA_PATH') ? UPLOAD_DATA_PATH : getUploadDataPath(); new _define_optional('UPLOAD_DATA_PATH', $temp); -$temp = !empty($_ENV['TEMP']) ? $_ENV['TEMP'] : "/tmp"; +$temp = !empty($_ENV['TEMP']) ? $_ENV['TEMP'] : "/tmp";//fixme: check for existing TEMP_DIR constant + +if (substr(PHP_OS, 0, 3) == 'WIN') { + $temp = strtr($temp, '\\', '/'); +} $properties["TEMP_DIR"] = new _define_optional('TEMP_DIR', $temp); @@ -1514,7 +1547,7 @@ new _define_commented_optional( 'ALLOWED_LOAD', '/tmp', - 'List of directories from which it is allowed to load pages. Directories are separated with ":"' + ';List of directories from which it is allowed to load pages. Directories are separated with ":"' ); /////////////////// @@ -2060,6 +2093,15 @@ $p .= "\n;ENCRYPTED_PASSWD = true"; return $p; } else { + // generate an encrypted password + $crypt_pass = $this->__makeencrypted($posted_value); + $p = "$n" . $this->_config_format($crypt_pass); + return $p . "\nENCRYPTED_PASSWD = true"; + } + } + private function __makeencrypted($password) + { + if (!function_exists('DEBUGpassword_hash')) { $salt_length = max( CRYPT_SALT_LENGTH, 2 * CRYPT_STD_DES, @@ -2068,11 +2110,14 @@ 16 * CRYPT_BLOWFISH ); // generate an encrypted password - $crypt_pass = crypt($posted_value, rand_ascii($salt_length)); - $p = "$n" . $this->_config_format($crypt_pass); - return $p . "\nENCRYPTED_PASSWD = true"; + $crypt_pass = crypt($password, rand_ascii($salt_length)); + return $crypt_pass; + } else { + $crypt_pass = password_hash($password, PASSWORD_DEFAULT); + return $crypt_pass; } } + } class _define_password_optional extends _define_password @@ -2526,19 +2571,17 @@ $config .= $end; - if (is_writable($fs_config_file)) { - // We first check if the config-file exists. - if (file_exists($fs_config_file)) { - // We make a backup copy of the file - $new_filename = preg_replace('/\.ini$/', '-' . time() . '.ini', $fs_config_file); - if (@copy($fs_config_file, $new_filename)) { - $fp = @fopen($fs_config_file, 'w'); - } - } else { - $fp = @fopen($fs_config_file, 'w'); + $new_filename=''; + // We first check if the config-file exists. + if (file_exists($fs_config_file)) { + // We make a backup copy of the file + $new_filename = preg_replace('/\.ini$/', '-' . time() . '.ini', $fs_config_file); + if (copy($fs_config_file, $new_filename)) { + $fp = fopen($fs_config_file, 'w'); } } else { - $fp = false; + $fp = fopen($fs_config_file, 'w'); + } if ($fp) { @@ -2550,7 +2593,7 @@ } } else { echo "<p>The configuration file could <b>not</b> be written.<br />\n", - "You should copy the above configuration to a file, ", + "You should copy the below configuration to a file, ", "and manually save it as <code><b>config/config.ini</b></code>.</p>\n"; } Modified: trunk/pgsrc/ReleaseNotes =================================================================== --- trunk/pgsrc/ReleaseNotes 2025-02-15 05:50:41 UTC (rev 11110) +++ trunk/pgsrc/ReleaseNotes 2025-02-15 21:00:58 UTC (rev 11111) @@ -1,4 +1,4 @@ -Date: Sat, 15 Feb 2025 04:58:20 +0000 +Date: Sat, 15 Feb 2025 20:52:36 +0000 Mime-Version: 1.0 (Produced by PhpWiki 1.6.5) Content-Type: application/x-phpwiki; pagename=ReleaseNotes; @@ -49,6 +49,7 @@ - Added dumpsvn action, mainly for developers and translators of pgsrc files. - Fixed filenames sometimes not being urlencoded properly. - Improved filtering of unknown page metadata being loaded into database. +* configurator.php is now in a less-unbroken state. Useable but needs more work. == 1.6.4 2024-03-13 Marc-Etienne Vargenau, Christof Meerwald == This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |