[phpwiki-checkins] SF.net SVN: phpwiki:[11111] trunk

[<car...@us...>]

Revision: 11111
          http://sourceforge.net/p/phpwiki/code/11111
Author:   carstenklapp
Date:     2025-02-15 21:00:58 +0000 (Sat, 15 Feb 2025)
Log Message:
-----------
configurator.php is now in a semi-unbroken state. Useable but needs more work.

Modified Paths:
--------------
    trunk/config/config-default.ini
    trunk/configurator.php
    trunk/pgsrc/ReleaseNotes

Modified: trunk/config/config-default.ini
===================================================================
--- trunk/config/config-default.ini	2025-02-15 05:50:41 UTC (rev 11110)
+++ trunk/config/config-default.ini	2025-02-15 21:00:58 UTC (rev 11111)
@@ -113,3 +113,5 @@
 PLUGIN_CACHED_USECACHE = true
 PLUGIN_CACHED_FORCE_SYNCMAP = true
 PLUGIN_CACHED_IMGTYPES = "png|gif|gd|gd2|jpeg|wbmp|xbm|xpm"
+ADMIN_USER = "AdminUser"
+ADMIN_PASSWD = "password"

Modified: trunk/configurator.php
===================================================================
--- trunk/configurator.php	2025-02-15 05:50:41 UTC (rev 11110)
+++ trunk/configurator.php	2025-02-15 21:00:58 UTC (rev 11111)
@@ -143,7 +143,7 @@
         unset($_SERVER['PHP_AUTH_USER']);
         unset($_SERVER['PHP_AUTH_PW']);
 
-        trigger_error("Permission denied. Require ADMIN_USER.", E_USER_ERROR);
+        trigger_error("Permission denied. Existing ADMIN_USER credentials required. Alteranely rename config.ini to generate a new one.", E_USER_ERROR);
         exit();
     }
 }
@@ -172,8 +172,15 @@
     }
     // check password
     if (ENCRYPTED_PASSWD) {
-        if (crypt($admin_pw, ADMIN_PASSWD) != ADMIN_PASSWD) {
-            _http_logout();
+        if (!function_exists('DEBUGpassword_hash')) {
+            if (crypt($admin_pw, ADMIN_PASSWD) != ADMIN_PASSWD) {
+                _http_logout();
+            }
+        } else {
+            $verified=password_verify($admin_pw, ADMIN_PASSWD);
+            if (!$verified) {
+                _http_logout();
+            }
         }
     } elseif ($admin_pw != ADMIN_PASSWD) {
         _http_logout();
@@ -354,8 +361,19 @@
 <h1>Configuration for PhpWiki <?php echo $config_file ?></h1>
 
 <div class="hint">
-    Using this configurator.php is experimental!<br/>
-    On any configuration problems, please edit the resulting config.ini manually.
+    <p>Using this configurator.php is experimental!</p>
+    <p>On any configuration problems, please edit the resulting config.ini
+       manually. If one is not created, copy config-dist.ini to config.ini and
+       edit that.</p>
+    <p>This file currently has problems with:</p>
+    <ul>
+    <li>Handling Windows pathnames (use forward slashes /)</li>
+    <li>Editing existing config.ini file is currently not possible. Rename it
+        to generate a new one, or edit it manually.</li>
+    <li>Php crypt() function fails sometimes and returns *0 or *1 as the
+        password. In that case run passencrypt.php to generate a new password
+        and manually paste it into config.ini.</li>
+    </ul>
 </div>
 
 <?php
@@ -1450,8 +1468,19 @@
 $properties["Data Path"] =
     new _define_commented_optional('DATA_PATH', dirname($scriptname));
 
+
+    if (defined('PHPWIKI_DIR')) {
+        $phpwiki_dir = PHPWIKI_DIR;
+    } else {
+        if (substr(PHP_OS, 0, 3) == 'WIN') {
+            $phpwiki_dir = dirname(__FILE__);
+            $phpwiki_dir = strtr($phpwiki_dir, '\\', '/');
+        } else {
+            $phpwiki_dir = dirname(__FILE__);
+        }
+    }
 $properties["PhpWiki Install Directory"] =
-    new _define_commented_optional('PHPWIKI_DIR', dirname(__FILE__));
+    new _define_commented_optional('PHPWIKI_DIR', $phpwiki_dir);
 
 $properties["Use PATH_INFO"] =
     new _define_selection_optional_commented(
@@ -1506,7 +1535,11 @@
 $upload_data_path = defined('UPLOAD_DATA_PATH') ? UPLOAD_DATA_PATH : getUploadDataPath();
 new _define_optional('UPLOAD_DATA_PATH', $temp);
 
-$temp = !empty($_ENV['TEMP']) ? $_ENV['TEMP'] : "/tmp";
+$temp = !empty($_ENV['TEMP']) ? $_ENV['TEMP'] : "/tmp";//fixme: check for existing TEMP_DIR constant
+
+if (substr(PHP_OS, 0, 3) == 'WIN') {
+    $temp = strtr($temp, '\\', '/');
+}
 $properties["TEMP_DIR"] =
     new _define_optional('TEMP_DIR', $temp);
 
@@ -1514,7 +1547,7 @@
     new _define_commented_optional(
         'ALLOWED_LOAD',
         '/tmp',
-        'List of directories from which it is allowed to load pages. Directories are separated with ":"'
+        ';List of directories from which it is allowed to load pages. Directories are separated with ":"'
     );
 
 ///////////////////
@@ -2060,6 +2093,15 @@
             $p .= "\n;ENCRYPTED_PASSWD = true";
             return $p;
         } else {
+            // generate an encrypted password
+            $crypt_pass = $this->__makeencrypted($posted_value);
+            $p = "$n" . $this->_config_format($crypt_pass);
+            return $p . "\nENCRYPTED_PASSWD = true";
+        }
+    }
+    private function __makeencrypted($password)
+    {
+        if (!function_exists('DEBUGpassword_hash')) {
             $salt_length = max(
                 CRYPT_SALT_LENGTH,
                 2 * CRYPT_STD_DES,
@@ -2068,11 +2110,14 @@
                 16 * CRYPT_BLOWFISH
             );
             // generate an encrypted password
-            $crypt_pass = crypt($posted_value, rand_ascii($salt_length));
-            $p = "$n" . $this->_config_format($crypt_pass);
-            return $p . "\nENCRYPTED_PASSWD = true";
+            $crypt_pass = crypt($password, rand_ascii($salt_length));
+            return $crypt_pass;
+        } else {
+            $crypt_pass = password_hash($password, PASSWORD_DEFAULT);
+            return $crypt_pass;
         }
     }
+
 }
 
 class _define_password_optional extends _define_password
@@ -2526,19 +2571,17 @@
 
     $config .= $end;
 
-    if (is_writable($fs_config_file)) {
-        // We first check if the config-file exists.
-        if (file_exists($fs_config_file)) {
-            // We make a backup copy of the file
-            $new_filename = preg_replace('/\.ini$/', '-' . time() . '.ini', $fs_config_file);
-            if (@copy($fs_config_file, $new_filename)) {
-                $fp = @fopen($fs_config_file, 'w');
-            }
-        } else {
-            $fp = @fopen($fs_config_file, 'w');
+    $new_filename='';
+    // We first check if the config-file exists.
+    if (file_exists($fs_config_file)) {
+        // We make a backup copy of the file
+        $new_filename = preg_replace('/\.ini$/', '-' . time() . '.ini', $fs_config_file);
+        if (copy($fs_config_file, $new_filename)) {
+            $fp = fopen($fs_config_file, 'w');
         }
     } else {
-        $fp = false;
+        $fp = fopen($fs_config_file, 'w');
+
     }
 
     if ($fp) {
@@ -2550,7 +2593,7 @@
         }
     } else {
         echo "<p>The configuration file could <b>not</b> be written.<br />\n",
-        "You should copy the above configuration to a file, ",
+        "You should copy the below configuration to a file, ",
         "and manually save it as <code><b>config/config.ini</b></code>.</p>\n";
     }
 

Modified: trunk/pgsrc/ReleaseNotes
===================================================================
--- trunk/pgsrc/ReleaseNotes	2025-02-15 05:50:41 UTC (rev 11110)
+++ trunk/pgsrc/ReleaseNotes	2025-02-15 21:00:58 UTC (rev 11111)
@@ -1,4 +1,4 @@
-Date: Sat, 15 Feb 2025 04:58:20 +0000
+Date: Sat, 15 Feb 2025 20:52:36 +0000
 Mime-Version: 1.0 (Produced by PhpWiki 1.6.5)
 Content-Type: application/x-phpwiki;
   pagename=ReleaseNotes;
@@ -49,6 +49,7 @@
   - Added dumpsvn action, mainly for developers and translators of pgsrc files.
   - Fixed filenames sometimes not being urlencoded properly.
   - Improved filtering of unknown page metadata being loaded into database.
+* configurator.php is now in a less-unbroken state. Useable but needs more work.
 
 == 1.6.4 2024-03-13 Marc-Etienne Vargenau, Christof Meerwald ==
 

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.