Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[6170] trunk
|
From: <ice...@us...> - 2013-08-03 09:09:48
|
Revision: 6170
http://sourceforge.net/p/web-erp/reponame/6170
Author: icedlava
Date: 2013-08-03 09:09:45 +0000 (Sat, 03 Aug 2013)
Log Message:
-----------
Obfuscate database name in login, do not show company in login if directory/company not wanted (eg weberpdemo). One method - other is using small file in each company directory but this method reduces load time/code.
Modified Paths:
--------------
trunk/Z_MakeNewCompany.php
trunk/config.distrib.php
trunk/includes/ConnectDB.inc
trunk/includes/Login.php
trunk/install/index.php
Modified: trunk/Z_MakeNewCompany.php
===================================================================
--- trunk/Z_MakeNewCompany.php 2013-08-03 01:06:12 UTC (rev 6169)
+++ trunk/Z_MakeNewCompany.php 2013-08-03 09:09:45 UTC (rev 6170)
@@ -12,7 +12,6 @@
header ('Location:' . $RootPath . '/CompanyPreferences.php?' . SID);
exit;
}
-
$Title = _('Make New Company Database Utility');
include('includes/header.inc');
@@ -25,25 +24,24 @@
exit;
}
+if (isset($_POST['submit']) AND isset($_POST['NewDatabase'])) {
-if (isset($_POST['submit']) AND isset($_POST['NewCompany'])) {
-
- if(mb_strlen($_POST['NewCompany'])>32
- OR ContainsIllegalCharacters($_POST['NewCompany'])){
- prnMsg(_('Company abbreviations must not contain spaces, \& or " or \''),'error');
+ if(mb_strlen($_POST['NewDatabase'])>32
+ OR ContainsIllegalCharacters($_POST['NewDatabase'])){
+ prnMsg(_('Company database must not contain spaces, \& or " or \''),'error');
} else {
- $_POST['NewCompany'] = strtolower($_POST['NewCompany']);
+ $_POST['NewDatabase'] = strtolower($_POST['NewDatabase']);
echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8') . '?' . SID . '">';
echo '<div class="centre">';
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
/* check for directory existence */
- if (!file_exists('./companies/' . $_POST['NewCompany'])
+ if (!file_exists('./companies/' . $_POST['NewDatabase'])
AND (isset($_FILES['LogoFile']) AND $_FILES['LogoFile']['name'] !='')) {
$result = $_FILES['LogoFile']['error'];
$UploadTheLogo = 'Yes'; //Assume all is well to start off with
- $filename = './companies/' . $_POST['NewCompany'] . '/logo.jpg';
+ $filename = './companies/' . $_POST['NewDatabase'] . '/logo.jpg';
//But check for the worst
if (mb_strtoupper(mb_substr(trim($_FILES['LogoFile']['name']),mb_strlen($_FILES['LogoFile']['name'])-3))!='JPG'){
@@ -67,11 +65,11 @@
if ($_POST['CreateDB']==TRUE){
/* Need to read in the sql script and process the queries to initate a new DB */
- $result = DB_query('CREATE DATABASE ' . $_POST['NewCompany'],$db);
+ $result = DB_query('CREATE DATABASE ' . $_POST['NewDatabase'],$db);
if ($DBType=='postgres'){
- $PgConnStr = 'dbname=' . $_POST['NewCompany'];
+ $PgConnStr = 'dbname=' . $_POST['NewDatabase'];
if ( isset($host) && ($host != "")) {
$PgConnStr = 'host=' . $host . ' ' . $PgConnStr;
}
@@ -87,10 +85,10 @@
$SQLScriptFile = file('./sql/pg/weberp-new.psql');
} elseif ($DBType =='mysql') { //its a mysql db < 4.1
- mysql_select_db($_POST['NewCompany'],$db);
+ mysql_select_db($_POST['NewDatabase'],$db);
$SQLScriptFile = file('./sql/mysql/weberp-new.sql');
} elseif ($DBType =='mysqli') { //its a mysql db using the >4.1 library functions
- mysqli_select_db($db,$_POST['NewCompany']);
+ mysqli_select_db($db,$_POST['NewDatabase']);
$SQLScriptFile = file('./sql/mysql/weberp-new.sql');
}
@@ -129,18 +127,18 @@
} //end if CreateDB was checked
prnMsg (_('Attempting to create the new company directories') . '.....<br />', 'info');
- $Result = mkdir('./companies/' . $_POST['NewCompany']);
- $Result = mkdir('./companies/' . $_POST['NewCompany'] . '/part_pics');
- $Result = mkdir('./companies/' . $_POST['NewCompany'] . '/EDI_Incoming_Orders');
- $Result = mkdir('./companies/' . $_POST['NewCompany'] . '/reports');
- $Result = mkdir('./companies/' . $_POST['NewCompany'] . '/EDI_Sent');
- $Result = mkdir('./companies/' . $_POST['NewCompany'] . '/EDI_Pending');
- $Result = mkdir('./companies/' . $_POST['NewCompany'] . '/FormDesigns');
- $Result = mkdir('./companies/' . $_POST['NewCompany'] . '/reportwriter');
+ $Result = mkdir('./companies/' . $_POST['NewDatabase']);
+ $Result = mkdir('./companies/' . $_POST['NewDatabase'] . '/part_pics');
+ $Result = mkdir('./companies/' . $_POST['NewDatabase'] . '/EDI_Incoming_Orders');
+ $Result = mkdir('./companies/' . $_POST['NewDatabase'] . '/reports');
+ $Result = mkdir('./companies/' . $_POST['NewDatabase'] . '/EDI_Sent');
+ $Result = mkdir('./companies/' . $_POST['NewDatabase'] . '/EDI_Pending');
+ $Result = mkdir('./companies/' . $_POST['NewDatabase'] . '/FormDesigns');
+ $Result = mkdir('./companies/' . $_POST['NewDatabase'] . '/reportwriter');
- copy ('./companies/' . $_SESSION['DatabaseName'] . '/FormDesigns/GoodsReceived.xml', './companies/' .$_POST['NewCompany'] . '/FormDesigns/GoodsReceived.xml');
- copy ('./companies/' . $_SESSION['DatabaseName'] . '/FormDesigns/PickingList.xml', './companies/' .$_POST['NewCompany'] . '/FormDesigns/PickingList.xml');
- copy ('./companies/' . $_SESSION['DatabaseName'] . '/FormDesigns/PurchaseOrder.xml', './companies/' .$_POST['NewCompany'] . '/FormDesigns/PurchaseOrder.xml');
+ copy ('./companies/' . $_SESSION['DatabaseName'] . '/FormDesigns/GoodsReceived.xml', './companies/' .$_POST['NewDatabase'] . '/FormDesigns/GoodsReceived.xml');
+ copy ('./companies/' . $_SESSION['DatabaseName'] . '/FormDesigns/PickingList.xml', './companies/' .$_POST['NewDatabase'] . '/FormDesigns/PickingList.xml');
+ copy ('./companies/' . $_SESSION['DatabaseName'] . '/FormDesigns/PurchaseOrder.xml', './companies/' .$_POST['NewDatabase'] . '/FormDesigns/PurchaseOrder.xml');
/*OK Now upload the logo */
if ($UploadTheLogo=='Yes'){
@@ -167,7 +165,7 @@
exit;
}
- $_SESSION['DatabaseName'] = $_POST['NewCompany'];
+ $_SESSION['DatabaseName'] = $_POST['NewDatabase'];
unset ($_SESSION['CustomerID']);
unset ($_SESSION['SupplierID']);
@@ -175,20 +173,37 @@
unset ($_SESSION['Items']);
unset ($_SESSION['CreditItems']);
- $SQL ="UPDATE config SET confvalue='companies/" . $_POST['NewCompany'] . "/EDI__Sent' WHERE confname='EDI_MsgSent'";
+ //now update the config.php file if using the obfuscated database login else we don't want it there
+ if (isset($CompanyList) && is_array($CompanyList)) {
+ $ConfigFile = './config.php';
+ $config_php = join('', file($ConfigFile));
+ $config_php = preg_replace('/\/\/End Installed companies-do not change this line/', "\$CompanyList[] = array('database'=>'".$_POST['NewDatabase']."' ,'company'=>'".htmlspecialchars($_POST['NewCompany'],ENT_QUOTES,'UTF-8')."');\n//End Installed companies-do not change this line", $config_php);
+ if (!$fp = fopen($ConfigFile, 'wb')) {
+ prnMsg(_("Cannot open the configuration file: ").$ConfigFile.". Please add the following line to the end of the file:\n\$CompanyList[] = array('database'=>'".$_POST['NewDatabase']."' ,'company'=>'".htmlspecialchars($_POST['NewCompany'],ENT_QUOTES,'UTF-8').");",'error');
+ } else {
+ fwrite ($fp, $config_php);
+ fclose ($fp);
+ }
+ }
+
+ $SQL ="UPDATE config SET confvalue='companies/" . $_POST['NewDatabase'] . "/EDI__Sent' WHERE confname='EDI_MsgSent'";
$result = DB_query($SQL,$db);
- $SQL ="UPDATE config SET confvalue='companies/" . $_POST['NewCompany'] . "/EDI_Incoming_Orders' WHERE confname='EDI_Incoming_Orders'";
+ $SQL ="UPDATE config SET confvalue='companies/" . $_POST['NewDatabase'] . "/EDI_Incoming_Orders' WHERE confname='EDI_Incoming_Orders'";
$result = DB_query($SQL,$db);
- $SQL ="UPDATE config SET confvalue='companies/" . $_POST['NewCompany'] . "/part_pics' WHERE confname='part_pics_dir'";
+ $SQL ="UPDATE config SET confvalue='companies/" . $_POST['NewDatabase'] . "/part_pics' WHERE confname='part_pics_dir'";
$result = DB_query($SQL,$db);
- $SQL ="UPDATE config SET confvalue='companies/" . $_POST['NewCompany'] . "/reports' WHERE confname='reports_dir'";
+ $SQL ="UPDATE config SET confvalue='companies/" . $_POST['NewDatabase'] . "/reports' WHERE confname='reports_dir'";
$result = DB_query($SQL,$db);
- $SQL ="UPDATE config SET confvalue='companies/" . $_POST['NewCompany'] . "/EDI_Pending' WHERE confname='EDI_MsgPending'";
+ $SQL ="UPDATE config SET confvalue='companies/" . $_POST['NewDatabase'] . "/EDI_Pending' WHERE confname='EDI_MsgPending'";
$result = DB_query($SQL,$db);
+ //add new company
+ $SQL = "UPDATE companies SET coyname='".$_POST['NewCompany']."' where coycode = 1";
+ $result = DB_query($SQL,$db);
$ForceConfigReload=true;
include('includes/GetConfig.php');
+
prnMsg (_('The new company database has been created for' . ' ' . $_POST['NewCompany'] . '. ' . _('The company details and parameters should now be set up for the new company. NB: Only a single user "demo" is defined with the password "weberp" in the new company database. A new system administrator user should be defined for the new company and this account deleted immediately.')), 'info');
echo '<p><a href="' . $RootPath . '/CompanyPreferences.php">' . _('Set Up New Company Details') . '</a>';
@@ -214,9 +229,11 @@
echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
echo '<table><tr>';
-echo '<td>' . _('Enter up to 32 character lower case character abbreviation for the company') . '</td>
+echo '<td>' . _('Enter the name of the database used for the comopany up to 32 characters in lower case') . ':</td>
+ <td><input type="text" size="33" maxlength="32" name="NewDatabase" /></td>
+ </tr>
+ <td>' . _('Enter a unique name for the company of up to 50 characters') . ':</td>
<td><input type="text" size="33" maxlength="32" name="NewCompany" /></td>
- </tr>
<tr>
<td>'. _('Logo Image File (.jpg)') . ':</td><td><input type="file" id="LogoFile" name="LogoFile" /></td>
</tr>
Modified: trunk/config.distrib.php
===================================================================
--- trunk/config.distrib.php 2013-08-03 01:06:12 UTC (rev 6169)
+++ trunk/config.distrib.php 2013-08-03 09:09:45 UTC (rev 6170)
@@ -5,7 +5,7 @@
// User configurable variables
//---------------------------------------------------
-//DefaultLanguage to use for the login screen and the setup of new users
+//DefaultLanguage to use for the login screen and the setup of new users
//The users' language selection will override
$DefaultLanguage ='en_GB.utf8';
@@ -45,7 +45,7 @@
// depending if you allow the user to select the name of the company or must use the default one described at $DefaultCompany
// If set to 'ShowSelectionBox' webERP examines each of the directories under the companies directory to determine all the companies that can be logged into
// a new company directory together with the necessary subdirectories is created each time a new company is created by Z_MakeNewCompany.php
-// It would also be inappropiate in some environments to show the name of the company (database name) --> Choose 'Hide'.
+// It would also be inappropiate in some environments to show the name of the company (database name) --> Choose 'Hide'.
// Options:
// 'ShowSelectionBox' (default)
// 'ShowInputBox'
@@ -53,9 +53,9 @@
$AllowCompanySelectionBox = 'ShowSelectionBox';
-//If $AllowCompanySelectionBox is not 'ShowSelectionBox' above then the $DefaultCompany string is entered in the login screen as a default
-//otherwise the user is expected to know the name of the company to log into.
-$DefaultCompany = 'weberpdemo';
+//If $AllowCompanySelectionBox is not 'ShowSelectionBox' above then the $DefaultDatabase string is used to determined the default Company
+//entered in the login screen as a default, otherwise the user is expected to know the name of the company to log into.
+$DefaultDatabase = 'weberpdemo';
//The maximum time that a login session can be idle before automatic logout
//time is in seconds 3600 seconds in an hour
@@ -85,7 +85,7 @@
//The $RootPath is used in most scripts to tell the script the installation details of the files.
//NOTE: In some windows installation this command doesn't work and the administrator must set this to the path of the installation manually:
-//eg. if the files are under the webserver root directory then rootpath ='';
+//eg. if the files are under the webserver root directory then rootpath ='';
//if they are under webERP then webERP is the rootpath - notice no additional slashes are necessary.
$RootPath = dirname(htmlspecialchars($_SERVER['PHP_SELF'],ENT_QUOTES,'UTF-8'));
Modified: trunk/includes/ConnectDB.inc
===================================================================
--- trunk/includes/ConnectDB.inc 2013-08-03 01:06:12 UTC (rev 6169)
+++ trunk/includes/ConnectDB.inc 2013-08-03 09:09:45 UTC (rev 6170)
@@ -7,22 +7,41 @@
$Version='4.11.0'; //must update manually every time there is a DB change
require_once ($PathPrefix .'includes/MiscFunctions.php');
-
if (!isset($_SESSION['DatabaseName'])){ //need to get the database name from the file structure
if (isset($_POST['CompanyNameField'])){
- if (ContainsIllegalCharacters($_POST['CompanyNameField'])){
- prnMsg(_('The company database being logged into cannot contain any of the illegal characters'),'error');
- echo '<br /><a href="index.php">' . _('Back to login page') . '</a>';
- exit;
- }
- if (is_dir('companies/' . $_POST['CompanyNameField']) AND $_POST['CompanyNameField'] != '..'){
- $_SESSION['DatabaseName'] = $_POST['CompanyNameField'];
- include_once ($PathPrefix . 'includes/ConnectDB_' . $DBType . '.inc');
- } else {
- prnMsg(_('The company name entered' . ' (' . $_POST['CompanyNameField'] . ') ' . 'is not configured for use with this installation of webERP. Check that a directory named ' . $_POST['CompanyNameField'] . ' is set up under the companies sub-directory.'),'error');
- prnMsg(_('Check the company name entered' . ' (' . $_POST['CompanyNameField'] . ') ' . 'is the same as the database name.'),'error');
- prnMsg(_('The company name abbreviation entered at login must also have a company directory defined. See your system administrator'),'error');
- }
+ if (isset($CompanyList) && is_array($CompanyList)) {
+ foreach ($CompanyList as $key => $CompanyEntry){
+ if (is_dir('./companies/'.strtolower($CompanyEntry['database']).'') && ($key == $_POST['CompanyNameField']) ){
+ $_SESSION['DatabaseName'] = $CompanyEntry['database'];
+ include_once ($PathPrefix . 'includes/ConnectDB_' . $DBType . '.inc');
+ break;
+ }
+ }
+ if (!isset($_SESSION['DatabaseName'])) {
+ prnMsg(_('You do not seem to have a database configured correctly to use with webERP. Check you database exists and there is a corresponding directory in the \'companies\' directory of the same name. Contact your system administrator for assistance.'),'error');
+ exit;
+ }
+ if (ContainsIllegalCharacters( $_SESSION['DatabaseName'])){
+ prnMsg(_('The company database being logged into cannot contain any of the illegal characters'),'error');
+ echo '<br /><a href="index.php">' . _('Back to login page') . '</a>';
+ exit;
+ }
+ } else { //provision for old setup
+ if (ContainsIllegalCharacters($_POST['CompanyNameField'])){
+ prnMsg(_('The company database being logged into cannot contain any of the illegal characters'),'error');
+ echo '<br /><a href="index.php">' . _('Back to login page') . '</a>';
+ exit;
+ }
+ if (is_dir('companies/' . $_POST['CompanyNameField']) AND $_POST['CompanyNameField'] != '..'){
+ $_SESSION['DatabaseName'] = $_POST['CompanyNameField'];
+ include_once ($PathPrefix . 'includes/ConnectDB_' . $DBType . '.inc');
+ } else {
+ prnMsg(_('The company name entered' . ' (' . $_POST['CompanyNameField'] . ') ' . 'is not configured for use with this installation of webERP. Check that a directory named ' . $_POST['CompanyNameField'] . ' is set up under the companies sub-directory.'),'error');
+ prnMsg(_('Check the company name entered' . ' (' . $_POST['CompanyNameField'] . ') ' . 'is the same as the database name.'),'error');
+ prnMsg(_('The company name abbreviation entered at login must also have a company directory defined. See your system administrator'),'error');
+ }
+ }
+
} elseif (isset($DatabaseName)) { /* Scripts that do not require a login must have the $DatabaseName variable set in hard code */
$_SESSION['DatabaseName'] = $DatabaseName;
include_once ($PathPrefix . 'includes/ConnectDB_' . $DBType . '.inc');
@@ -31,4 +50,4 @@
include_once($PathPrefix .'includes/ConnectDB_' . $DBType . '.inc');
}
-?>
+?>
\ No newline at end of file
Modified: trunk/includes/Login.php
===================================================================
--- trunk/includes/Login.php 2013-08-03 01:06:12 UTC (rev 6169)
+++ trunk/includes/Login.php 2013-08-03 09:09:45 UTC (rev 6170)
@@ -27,6 +27,7 @@
echo _('Your webserver is configured to enable Magic Quotes. This may cause problems if you use punctuation (such as quotes) when doing data entry. You should contact your webmaster to disable Magic Quotes');
echo '</p>';
}
+
?>
<div id="container">
@@ -47,16 +48,28 @@
// Show selection box ($AllowCompanySelectionBox == 'ShowSelectionBox')
echo _('Company');
echo '<select name="CompanyNameField">';
- $Companies = scandir('companies/', 0);
- foreach ($Companies as $CompanyEntry){
+ if (isset($CompanyList) && is_array($CompanyList)) {
+ foreach ($CompanyList as $key => $CompanyEntry){
+ if (is_dir('companies/' . $CompanyEntry['database']) ){
+ if ($CompanyEntry['database'] == $DefaultDatabase) {
+ echo '<option selected="selected" label="'.$CompanyEntry['company'].'" value="'.$key.'">'.$CompanyEntry['company'].'</option>';
+ } else {
+ echo '<option label="'.$CompanyEntry['company'].'" value="'.$key.'">'.$CompanyEntry['company'].'</option>';
+ }
+ }
+ }
+ } else { //provision for backward compat
+ $Companies = scandir('companies/', 0);
+ foreach ($Companies as $CompanyEntry){
if (is_dir('companies/' . $CompanyEntry) AND $CompanyEntry != '..' AND $CompanyEntry != '' AND $CompanyEntry!='.svn' AND $CompanyEntry!='.'){
- if ($CompanyEntry==$DefaultCompany) {
+ if ($CompanyEntry==$DefaultDatabase) {
echo '<option selected="selected" label="'.$CompanyEntry.'" value="'.$CompanyEntry.'">'.$CompanyEntry.'</option>';
} else {
echo '<option label="'.$CompanyEntry.'" value="'.$CompanyEntry.'">'.$CompanyEntry.'</option>';
}
}
}
+ }
echo '</select>';
}
?>
Modified: trunk/install/index.php
===================================================================
--- trunk/install/index.php 2013-08-03 01:06:12 UTC (rev 6169)
+++ trunk/install/index.php 2013-08-03 09:09:45 UTC (rev 6170)
@@ -148,7 +148,6 @@
prnMsg(_('It seems that the system has been already installed. If you want to install again, please remove the config.php file first'),'error');
exit;
}
-
if(isset($_POST['Install'])){//confirm the final install data, the last validation step before we submit the data
//first do necessary validation
//Since user may have changed the DatabaseName so we need check it again
@@ -158,12 +157,29 @@
//The mysql database name cannot contains illegal characters such as "/","\","." etc
//and it should not contains illegal characters as file name such as "?""%"<"">"" " etc
- if(preg_match(',[/\\\?%:\|<>\.\s"]+,',$_POST['CompanyName'])){
+ if(!preg_match(',[a-zA-Z0-9_\&\-\ ]*,',$_POST['CompanyName'])){
$InputError = 1;
+ prnMsg(_('The Company names can only contain alphanumeric characters plus -,_, & and spaces'),'error');
+
+ }
+ $CompanyName= $_POST['CompanyName'];
+ }else{
+ $InputError = 1;
+ prnMsg(_('The Company Name name should not be empty'),'error');
+ }
+ //provision for differing database post inputs - need to review and make these consistent
+ if ( (isset($_POST['DatabaseName']) && !empty($_POST['DatabaseName'])) && (!isset($_POST['Database']) || empty($_POST['Database']))) $_POST['Database'] = $_POST['DatabaseName'];
+ if(!empty($_POST['Database'])){
+ //validate the Database name setting
+ //The mysql database name cannot contains illegal characters such as "/","\","." etc
+ //and it should not contains illegal characters as file name such as "?""%"<"">"" " etc
+
+ if(!preg_match(',[a-zA-Z0-9_\&\-\ ]*,',$_POST['Database'])){
+ $InputError = 1;
prnMsg(_('The database name should not contains illegal characters such as "/\?%:|<>" blank etc'),'error');
}
- $DatabaseName = $_POST['CompanyName'];
+ $DatabaseName = $_POST['Database'];
}else{
$InputError = 1;
prnMsg(_('The database name should not be empty'),'error');
@@ -176,8 +192,11 @@
prnMsg(_('The timezone must be legal'),'error');
}
}
+ $OnlyDemo = 0;
+ $DualCompany = 0;
+ $NewCompany = 0;
if(!empty($_POST['Demo']) and $_POST['Demo'] == 'on'){
- if(strtolower($DatabaseName) == 'weberpdemo'){//user select to install the weberpdemo
+ if(strtolower($DatabaseName) === 'weberpdemo'){//user select to install the weberpdemo
$OnlyDemo = 1;
}else{
@@ -278,6 +297,7 @@
}else{
//start to installation
+ $CompanyList = array();
$Path_To_Root = '..';
$Config_File = $Path_To_Root . '/config.php';
if((isset($DualCompany) and $DualCompany == 1) or (isset($NewCompany) and $NewCompany == 1)){
@@ -302,6 +322,16 @@
$Result = copy ($Path_To_Root . '/logo_server.jpg',$CompanyDir.'/logo.jpg');
}
}
+ if ( isset($NewCompany) and ($NewCompany == 1)) {
+ $CompanyList[] = array('database' => $DatabaseName, 'company' => $CompanyName);
+ } elseif (isset($DualCompany) and $DualCompany == 1) {
+ $CompanyList[] = array('database' => $DatabaseName, 'company' => $CompanyName);
+ $CompanyList[] = array('database' => 'weberpdemo', 'company' => _('WebERP Demo Company'));
+ } else {
+ //make sure we have at least the demo
+ $CompanyList[] = array('database' => 'weberpdemo', 'company' => _('WebERP Demo Company'));
+ }
+
//$msg holds the text of the new config.php file
$msg = "<?php\n\n";
$msg .= "// User configurable variables\n";
@@ -328,9 +358,9 @@
$msg .= "\$SysAdminEmail = '".$AdminEmail."';\n";
}
if(isset($NewCompany)){
- $msg .= "\$DefaultCompany = '".$DatabaseName."';\n";
+ $msg .= "\$DefaultDatabase = '".$DatabaseName."';\n";
}else{
- $msg .= "\$DefaultCompany = '".$DatabaseName."';\n";
+ $msg .= "\$DefaultDatabase = 'weberpdemo';\n";
}
$msg .= "\$SessionLifeTime = 3600;\n";
$msg .= "\$MaximumExecutionTime = 120;\n";
@@ -347,6 +377,13 @@
$msg .= " \$RootPath = '';\n";
$msg .= "}\n";
$msg .= "error_reporting (E_ALL & ~E_NOTICE);\n";
+ $msg .= "//Installed companies \n";
+ foreach ($CompanyList as $k=>$compinfo)
+ {
+ $msg .= "\$CompanyList[".$k."] = array('database'=>'".$compinfo['database']."' ,'company'=>'".htmlspecialchars($compinfo['company'],ENT_QUOTES,'UTF-8')."' );\n"; //simpler to manipulate this way
+ }
+ $msg .= "//End Installed companies-do not change this line\n";
+ $msg .= "//Make sure there is nothing - not even spaces after this last ?>\n";
$msg .= "?>";
//write the config.php file since we have test the writability of the root path and companies,
@@ -371,12 +408,10 @@
}
}elseif($DBConnectType == 'mysql'){
$Db = mysql_connect($HostName,$UserName,$Password);
-
-
- if(!$Db){
- prnMsg(_('Failed to connect the database, the error is ').mysql_connect_error(),'error');
+ if(!$Db){
+ prnMsg(_('Failed to connect the database, the error is ').mysql_connect_error(),'error');
+ }
}
- }
$NewSQLFile = $Path_To_Root.'/sql/mysql/coa/'.$COA;
$DemoSQLFile = $Path_To_Root.'/sql/mysql/coa/weberp-demo.sql';
if(!empty($DualCompany) and $DualCompany == 1){
@@ -385,9 +420,9 @@
$result = ($DBConnectType == 'mysqli') ? mysqli_query($Db,$sql) : mysql_query($sql,$Db);
if(!$result){
if($DBConnectType == 'mysqli'){
- prnMsg(_('Failed to create database '.' '.$DatabaseName.' and the error is '.' '.mysqli_error($Db)),'error');
+ prnMsg(_('Failed to create database '.$DatabaseName.' and the error is '.' '.mysqli_error($Db)),'error');
}else{
- prnMsg(_('Failed to create database '.' '.$DatabaseName.' and the error is '.' '.mysql_error($Db)),'error');
+ prnMsg(_('Failed to create database '.$DatabaseName.' and the error is '.' '.mysql_error($Db)),'error');
}
}
@@ -404,7 +439,7 @@
}
PopulateSQLData($NewSQLFile,false,$Db,$DBConnectType,$DatabaseName);
- DBUpdate($Db,$DatabaseName,$DBConnectType,$AdminPassword,$Email,$UserLanguage,$DatabaseName);
+ DBUpdate($Db,$DatabaseName,$DBConnectType,$AdminPassword,$Email,$UserLanguage,$CompanyName);
PopulateSQLData(false,$DemoSQLFile,$Db,$DBConnectType,'weberpdemo');
DBUpdate($Db,'weberpdemo',$DBConnectType,$AdminPassword,$Email,$UserLanguage,'weberpdemo');
@@ -414,18 +449,18 @@
$result = ($DBConnectType == 'mysqli')? mysqli_query($Db,$sql) : mysql_query($sql,$Db);
if(!$result){
if($DBConnectType == 'mysqli'){
- prnMsg(_('Failed to create database weberpdemo and the error is '.' '.mysqli_error($Db)),'error');
+ prnMsg(_('Failed to create database '.$DatabaseName.' and the error is '.' '.mysqli_error($Db)),'error');
}else{
- prnMsg(_('Failed to create database weberpdemo and the error is '.' '.mysql_error($Db)),'error');
+ prnMsg(_('Failed to create database '.$DatabaseName.' and the error is '.' '.mysql_error($Db)),'error');
}
}
PopulateSQLData($NewSQLFile,false,$Db,$DBConnectType,$DatabaseName);
- DBUpdate($Db,$DatabaseName,$DBConnectType,$AdminPassword,$Email,$UserLanguage,$DatabaseName);
+ DBUpdate($Db,$DatabaseName,$DBConnectType,$AdminPassword,$Email,$UserLanguage,$CompanyName);
- }elseif(!empty($OnlyDemo) and $OnlyDemo == 1){//only install the demo data
+ }else { //if(!empty($OnlyDemo) and $OnlyDemo == 1){//only install the demo data
$sql = 'CREATE DATABASE IF NOT EXISTS `weberpdemo`';
$result = ($DBConnectType == 'mysqli') ? mysqli_query($Db,$sql) : mysql_query($sql,$Db);
if(!$result){
@@ -967,7 +1002,6 @@
//@para $MysqlEx is refer to the php mysql extention if it's false, it means the php configuration only support mysql instead of mysqli
//The purpose of this function is to display the final screen for users to input company, admin user accounts etc informatioin
function CompanySetup($UserLanguage,$HostName,$UserName,$Password,$DatabaseName,$MysqlExt = FALSE){//display the company setup for users
-
?>
<h1><?php echo _('webERP Installation Wizard'); ?></h1>
<!--<p style="text-align:center;"><?php echo _("Please enter the company name and please pay attention the company will be as same as the database name"); ?></p>-->
@@ -980,8 +1014,8 @@
<ul>
<li>
<label for="CompanyName"><?php echo _("Company Name"); ?>: </label>
- <input type="text" name="CompanyName" required="true" value="<?php echo $DatabaseName; ?>" maxlength="50" />
- <span><?php echo _('Currently, must be the same as the database name'); ?></span>
+ <input type="text" name="CompanyName" required="true" pattern="[a-zA-Z0-9_\'\&\-\ ]*" value="<?php echo $CompanyName; ?>" maxlength="50" />
+ <span><?php echo _('The name of your company'); ?></span>
</li>
<li>
<label for="COA"><?php echo _("Chart of Accounts"); ?>: </label>
@@ -1002,7 +1036,7 @@
}
?>
</select>
- <span><?php echo _('Will be installed as starter Chart of Accounts'); ?> </span>
+ <span><?php echo _('A starter Chart of Accounts (use weberp-new.sql if having empty db problems)'); ?> </span>
</li>
<li>
<label for="TimeZone"><?php echo _("Time Zone"); ?>: </label>
@@ -1059,7 +1093,7 @@
</fieldset>
<input type="hidden" name="HostName" value="<?php echo $HostName; ?>" />
<input type="hidden" name="UserName" value="<?php echo $UserName; ?>" />
-
+ <input type="hidden" name="DatabaseName" value="<?php echo $DatabaseName; ?>" />
<input type="hidden" name="Password" value="<?php echo $Password; ?>" />
<input type="hidden" name="MysqlExt" value="<?php echo $MysqlExt; ?>" />
<input type="hidden" name="UserLanguage" value="<?php echo $UserLanguage; ?>" />
|
