postfixadmin/setup.php

<?php
/** 
 * Postfix Admin 
 * 
 * LICENSE 
 * This source file is subject to the GPL license that is bundled with  
 * this package in the file LICENSE.TXT. 
 * 
 * Further details on the project are available at http://postfixadmin.sf.net 
 * 
 * @version $Id: setup.php 1788 2015-05-18 20:18:09Z christian_boltz $ 
 * @license GNU GPL v2 or later. 
 * 
 * File: setup.php
 * Used to help ensure a server is setup appropriately during installation/setup.
 * After setup, it should be renamed or removed.
 *
 * Template File: -none-
 *
 * Template Variables: -none-
 *
 * Form POST \ GET Variables: -none-
 */

define('POSTFIXADMIN', 1); # by defining it here, common.php will not start a session.

require_once(dirname(__FILE__).'/common.php'); # make sure correct common.php is used.

$CONF['show_header_text'] = 'NO';
$CONF['theme_logo'] = 'images/logo-default.png';
$CONF['theme_css'] = 'css/default.css';
require($incpath.'/templates/header.php');
?>

<div class='setup'>
<h2>Postfix Admin Setup Checker</h2>

<p>Running software:
<ul>
<?php
//
// Check for availablilty functions
//
$f_phpversion = function_exists ("phpversion");
$f_apache_get_version = function_exists ("apache_get_version");
$f_get_magic_quotes_gpc = function_exists ("get_magic_quotes_gpc");
$f_mysql_connect = function_exists ("mysql_connect");
$f_mysqli_connect = function_exists ("mysqli_connect");
$f_pg_connect = function_exists ("pg_connect");
$f_session_start = function_exists ("session_start");
$f_preg_match = function_exists ("preg_match");
$f_mb_encode_mimeheader = function_exists ("mb_encode_mimeheader");
$f_imap_open = function_exists ("imap_open");

$file_config = file_exists (realpath ("./config.inc.php"));

$error = 0;

//
// Check for PHP version
//
if ($f_phpversion == 1)
{
    if (phpversion() < 5) {
        print "<li><b>Error: Depends on: PHP v5</b><br /></li>\n";
        $error += 1;
    } elseif (version_compare(phpversion(), '5.2.3') < 0) {
        # smarty uses htmlentities() with 4 parameters, the 4th parameter was introduced in PHP 5.2.3
        # older PHP versions will cause warnings
        $phpversion = 5;
        print "<li><b>Recommended PHP version: >= 5.2.3, you have " . phpversion () . "</b></li>\n";
    } else {
        $phpversion = 5;
        print "<li>PHP version " . phpversion () . "</li>\n";
    }
# TODO: check for PHP >= 5.2.3 - smarty uses htmlentities with 4 parameters. The forth parameter was added in PHP 5.2.3, older versions will give a warning
}
else
{
    print "<li><b>Unable to check for PHP version. (missing function: phpversion())</b></li>\n";
}

//
// Check for Apache version
//
if ($f_apache_get_version == 1)
{
    print "<li>" . apache_get_version() . "</li>\n";
}
else
{
    # not running on Apache.
    # However postfixadmin _is_ running, so obviously we are on a supported webserver ;-))
    # No need to confuse the user with a warning.
}

print "</ul>";
print "<p>Checking for dependencies:\n";
print "<ul>\n";

//
// Check for Magic Quotes
//
if ($f_get_magic_quotes_gpc == 1)
{
    if (get_magic_quotes_gpc () == 0)
    {
        print "<li>Magic Quotes: Disabled - OK</li>\n";
    }
    else
    {
        print "<li><b>Warning: Magic Quotes: ON (internal workaround used)</b></li>\n";   
    }
}
else
{
    print "<li><b>Unable to check for Magic Quotes. (missing function: get_magic_quotes_gpc())</b></li>\n";
}

//
// Check for config.inc.php
//
$config_loaded = 0;
if ($file_config == 1)
{
    print "<li>Depends on: presence config.inc.php - OK</li>\n";
    require_once($incpath.'/config.inc.php');
    $config_loaded = 1;

    if(isset($CONF['configured'])) {
        if($CONF['configured'] === TRUE) {
            print "<li>Checking \$CONF['configured'] - OK\n";
        } else {
            print "<li><b>Warning: \$CONF['configured'] is 'false'.<br>\n";
            print "You must edit your config.inc.php and change this to true (this indicates you've created the database and user)</b>\n";
        }
    }
}
else
{
    print "<li><b>Error: Depends on: presence config.inc.php - NOT FOUND</b><br /></li>\n";
    print "Create the file, and edit as appropriate (e.g. select database type etc)<br />";
    print "For example:<br />\n";
    print "<code><pre>cp config.inc.php.sample config.inc.php</pre></code>\n";
    $error =+ 1;
}

//
// Check if templates directory is writable
//

if (!is_writeable($incpath.'/templates_c'))
{
    print "<li><b>Error: Smarty template compile directory templates_c is not writable.</b><br />\n";
	print "<b>Please make it writable.</b><br />\n";
	print "<b>If you are using SELinux or AppArmor, you might need to adjust their setup to allow write access.</b><br />\n";
    $error =+ 1;
} else {
	print "<li>Smarty template compile directory is writable - OK<br />\n";
}

//
// Check if there is support for at least 1 database
//
if (($f_mysql_connect == 0) and ($f_mysqli_connect == 0) and ($f_pg_connect == 0))
{
    print "<li><b>Error: There is no database support in your PHP setup</b><br />\n";
    print "To install MySQL 3.23 or 4.0 support on FreeBSD:<br />\n";
    print "<pre>% cd /usr/ports/databases/php$phpversion-mysql/\n";
    print "% make clean install\n";
    print " - or with portupgrade -\n";
    print "% portinstall php$phpversion-mysql</pre>\n";
    if ($phpversion >= 5)
    {
        print "To install MySQL 4.1 support on FreeBSD:<br />\n";
        print "<pre>% cd /usr/ports/databases/php5-mysqli/\n";
        print "% make clean install\n";
        print " - or with portupgrade -\n";
        print "% portinstall php5-mysqli</pre>\n";
    }
    print "To install PostgreSQL support on FreeBSD:<br />\n";
    print "<pre>% cd /usr/ports/databases/php$phpversion-pgsql/\n";
    print "% make clean install\n";
    print " - or with portupgrade -\n";
    print "% portinstall php$phpversion-pgsql</pre></li>\n";
    $error =+ 1;
}
//
// MySQL 3.23, 4.0 functions
//
if ($f_mysql_connect == 1)
{
    print "<li>Depends on: MySQL 3.23, 4.0 - OK</li>\n";
}

//
// MySQL 4.1 functions
//
if ($phpversion >= 5)
{
    if ($f_mysqli_connect == 1)
    {
        print "<li>Depends on: MySQL 4.1 - OK\n";
        if ( !($config_loaded && $CONF['database_type'] == 'mysqli') ) {
            print "<br>(change the database_type to 'mysqli' in config.inc.php if you want to use MySQL)\n";
        }
        print "</li>";
    }
}

//
// PostgreSQL functions
//
if ($f_pg_connect == 1)
{
    print "<li>Depends on: PostgreSQL - OK \n";
    if ( !($config_loaded && $CONF['database_type'] == 'pgsql') ) {
        print "<br>(change the database_type to 'pgsql' in config.inc.php if you want to use PostgreSQL)\n";
    }
    print "</li>";
}

//
// Database connection
//
if ($config_loaded) {
    list ($link, $error_text) = db_connect(TRUE);
    if ($error_text == "") {
        print "<li>Testing database connection - OK - {$CONF['database_type']}://{$CONF['database_user']}:xxxxx@{$CONF['database_host']}/{$CONF['database_name']}</li>";
    } else {
        print "<li><b>Error: Can't connect to database</b><br />\n";
        print "Please edit the \$CONF['database_*'] parameters in config.inc.php.\n";
        print "$error_text</li>\n";
        $error ++;
    } 
}

//
// Session functions
//
if ($f_session_start == 1)
{
    print "<li>Depends on: session - OK</li>\n";
}
else
{
    print "<li><b>Error: Depends on: session - NOT FOUND</b><br />\n";
    print "To install session support on FreeBSD:<br />\n";
    print "<pre>% cd /usr/ports/www/php$phpversion-session/\n";
    print "% make clean install\n";
    print " - or with portupgrade -\n";
    print "% portinstall php$phpversion-session</pre></li>\n";
    $error =+ 1;
}

//
// PCRE functions
//
if ($f_preg_match == 1)
{
    print "<li>Depends on: pcre - OK</li>\n";
}
else
{
    print "<li><b>Error: Depends on: pcre - NOT FOUND</b><br />\n";
    print "To install pcre support on FreeBSD:<br />\n";
    print "<pre>% cd /usr/ports/devel/php$phpversion-pcre/\n";
    print "% make clean install\n";
    print " - or with portupgrade -\n";
    print "% portinstall php$phpversion-pcre</pre></li>\n";
    $error =+ 1;
}

//
// Multibyte functions
//
if ( $f_mb_encode_mimeheader == 1 )
{
    print "<li>Depends on: multibyte string - OK</li>\n";
}
else
{
    print "<li><b>Error: Depends on: multibyte string - NOT FOUND</b><br />\n";
    print "To install multibyte string support, install php$phpversion-mbstring</li>\n";
    $error =+ 1;
}


//
// Imap functions
//
if ( $f_imap_open == 1)
{
    print "<li>Depends on: IMAP functions - OK</li>\n";
}
else
{
    print "<li><b>Warning: Depends on: IMAP functions - NOT FOUND</b><br />\n";
    print "To install IMAP support, install php$phpversion-imap<br />\n";
    print "Without IMAP support, you won't be able to create subfolders when creating mailboxes.</li>\n";
    #   $error =+ 1;
}






print "</ul>";

if ($error != 0)
{
    print "<p><b>Please fix the errors listed above.</b></p>";
}
else
{
    print "<p>Everything seems fine... attempting to create/update database structure</p>\n";
    require_once($incpath.'/upgrade.php');

    $tUsername = '';
    $setupMessage = '';
    $lostpw_error = 0;

    $setuppw = "";
    if (isset($CONF['setup_password'])) $setuppw = $CONF['setup_password'];

    if (safepost("form") == "setuppw") {
        # "setup password" form submitted
        if (safepost('setup_password') != safepost('setup_password2')) {
            $setupMessage = "The two passwords differ!";
            $lostpw_error = 1;
        } else {
            list ($lostpw_error, $lostpw_result) = check_setup_password(safepost('setup_password'), 1);
            $setupMessage = $lostpw_result;
            $setuppw = "changed";
        }
    } elseif (safepost("form") == "createadmin") {
        # "create admin" form submitted
        list ($pw_check_error, $pw_check_result) = check_setup_password(safepost('setup_password'));
        if ($pw_check_result != 'pass_OK') {
            $error += 1;
            $setupMessage = $pw_check_result;
        }

        if($error == 0 && $pw_check_result == 'pass_OK') {
            // XXX need to ensure domains table includes an 'ALL' entry.
            $table_domain = table_by_key('domain');
            $r = db_query("SELECT * FROM $table_domain WHERE domain = 'ALL'");
            if($r['rows'] == 0) {
                db_insert('domain', array('domain' => 'ALL', 'description' => '', 'transport' => '') ); // all other fields should default through the schema.
            }

            $values = array(
                'username'      => safepost('username'),
                'password'      => safepost('password'),
                'password2'     => safepost('password2'),
                'superadmin'    => 1,
                'domains'       => array(),
                'active'        => 1,
            );

            list ($error, $setupMessage, $errormsg) = create_admin($values);

            if ($error != 0) {
                $tUsername = htmlentities($values['username']);
            } else {
                $setupMessage .= "<p>You are done with your basic setup. ";
                $setupMessage .= "<p><b>You can now <a href='login.php'>login to PostfixAdmin</a> using the account you just created.</b>";
            }

        }
    } 

    if ( ($setuppw == "" || $setuppw == "changeme" || safeget("lostpw") == 1 || $lostpw_error != 0) /* && $_SERVER['REQUEST_METHOD'] != "POST" */ ) {
# show "create setup password" form
    ?>

<div class="standout"><?php print $setupMessage; ?></div>
<div id="edit_form">
<form name="setuppw" method="post" action="setup.php">
<input type="hidden" name="form" value="setuppw" />
<table>
      <td colspan="3"><h3>Change setup password</h3></td>
   </tr>
   <tr>
      <td>Setup password</td>
      <td><input class="flat" type="password" name="setup_password" value="" /></td>
      <td></td>
   </tr>
   <tr>
      <td>Setup password (again)</td>
      <td><input class="flat" type="password" name="setup_password2" value="" /></td>
      <td></td>
   </tr>
   <tr>
      <td colspan="3" class="hlp_center"><input class="button" type="submit" name="submit" value="Generate password hash" /></td>
   </tr>
</table>
</form>
</div>

<?php

    } elseif ($_SERVER['REQUEST_METHOD'] == "GET" || $error != 0 || $lostpw_error == 0) {
        ?>

<div class="standout"><?php print $setupMessage; ?></div>
<div id="edit_form">
<form name="create_admin" method="post">
<input type="hidden" name="form" value="createadmin" />
<table>
      <td colspan="3"><h3>Create superadmin account</h3></td>
   </tr>
   <tr>
      <td>Setup password</td>
      <td><input class="flat" type="password" name="setup_password" value="" /></td>
      <td><a href="setup.php?lostpw=1">Lost password?</a></td>
   </tr>
   <tr>
      <td><?php print $PALANG['admin'] . ":"; ?></td>
      <td><input class="flat" type="text" name="username" value="<?php print $tUsername; ?>" /></td>
      <td><?php if (isset($errormsg['username'])) print $errormsg['username']; ?><?php print $PALANG['email_address'] ?></td>
   </tr>
   <tr>
      <td><?php print $PALANG['password'] . ":"; ?></td>
      <td><input class="flat" type="password" name="password" /></td>
      <td><?php if (isset($errormsg['password'])) print $errormsg['password']; ?></td>
   </tr>
   <tr>
      <td><?php print $PALANG['password_again'] . ":"; ?></td>
      <td><input class="flat" type="password" name="password2" /></td>
      <td><?php if (isset($errormsg['password2'])) print $errormsg['password2']; ?></td>
   </tr>
   <tr>
      <td colspan="3" class="hlp_center"><input class="button" type="submit" name="submit" value="<?php print $PALANG['pAdminCreate_admin_button']; ?>" /></td>
   </tr>
</table>
</form>
</div>

<?php
    }

    print "<b>Since version 2.3 there is no requirement to delete setup.php!</b><br />\n";
    print "<b>Check the config.inc.php file for any other settings that you might need to change!<br />\n";
}
?>
</div>
</body>
</html>
<?php

function generate_setup_password_salt() {
    $salt = time() . '*' . $_SERVER['REMOTE_ADDR'] . '*' . mt_rand(0,60000);
    $salt = md5($salt);
    return $salt;
}

function encrypt_setup_password($password, $salt) {
    return $salt . ':' . sha1($salt . ':' . $password);
}


/*
    returns: array(
        'error' => 0 (or 1),
        'message => text
    )
*/
function check_setup_password($password, $lostpw_mode = 0) {
    global $CONF;
    $error = 1; # be pessimistic

    $setuppw = "";
    if (isset($CONF['setup_password'])) $setuppw = $CONF['setup_password'];

    list($confsalt, $confpass, $trash) = explode(':', $setuppw . '::');
    $pass = encrypt_setup_password($password, $confsalt);

    $validpass = validate_password($password);

    if ($password == "" ) { # no password specified?
        $result = "Setup password must be specified<br />If you didn't set up a setup password yet, enter the password you want to use.";
    } elseif (count($validpass) > 0) {
        $result = $validpass[0]; # TODO: honor all error messages, not only the first one
    } elseif ($pass == $setuppw && $lostpw_mode == 0) { # correct passsword (and not asking for a new password)
        $result = "pass_OK";
        $error = 0;
    } else {
        $pass = encrypt_setup_password($password, generate_setup_password_salt());
        $result = "";
        if ($lostpw_mode == 1) {
            $error = 0; # non-matching password is expected when the user asks for a new password
        } else {
            $result = '<p><b>Setup password not specified correctly</b></p>';
        }
        $result .= '<p>If you want to use the password you entered as setup password, edit config.inc.php or config.local.php and set</p>';
        $result .= "<pre>\$CONF['setup_password'] = '$pass';</pre>";
    }
    return array ($error, $result);
}

function create_admin($values) {

    DEFINE('POSTFIXADMIN_SETUP', 1); # avoids instant redirect to login.php after creating the admin

    $handler = new AdminHandler(1, 'setup.php');
    $formconf = $handler->webformConfig();

    if (!$handler->init($values['username'])) {
        return array(1, "", $handler->errormsg);
    } 

    if (!$handler->set($values)) {
        return array(1, "", $handler->errormsg);
    }

    if (!$handler->store()) {
        return array(1, "", $handler->errormsg);
    }

    return array(
        0,
        $handler->infomsg['success'],
        array(),
    );
}


/* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
?>