[BUGFIX] Install tool stays open if ENABLE_INSTALL_TOOL is not writable
[Packages/TYPO3.CMS.git] / typo3 / install / index.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Starter-script for install screen
29 *
30 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
31 * @package TYPO3
32 * @subpackage core
33 */
34
35
36
37 // **************************************************************************
38 // Insert some security here, if you don't trust the Install Tool Password:
39 // **************************************************************************
40
41 error_reporting(E_ALL ^ E_NOTICE ^ E_DEPRECATED);
42
43 $PATH_thisScript = str_replace('//', '/', str_replace('\\', '/',
44 (PHP_SAPI == 'fpm-fcgi' || PHP_SAPI == 'cgi' || PHP_SAPI == 'isapi' || PHP_SAPI == 'cgi-fcgi') &&
45 ($_SERVER['ORIG_PATH_TRANSLATED'] ? $_SERVER['ORIG_PATH_TRANSLATED'] : $_SERVER['PATH_TRANSLATED']) ?
46 ($_SERVER['ORIG_PATH_TRANSLATED'] ? $_SERVER['ORIG_PATH_TRANSLATED'] : $_SERVER['PATH_TRANSLATED']) :
47 ($_SERVER['ORIG_SCRIPT_FILENAME'] ? $_SERVER['ORIG_SCRIPT_FILENAME'] : $_SERVER['SCRIPT_FILENAME'])));
48
49 $PATH_site = dirname(dirname(dirname($PATH_thisScript)));
50
51 $quickstartFile = $PATH_site . '/typo3conf/FIRST_INSTALL';
52 $enableInstallToolFile = $PATH_site . '/typo3conf/ENABLE_INSTALL_TOOL';
53
54 // If typo3conf/FIRST_INSTALL is present and can be deleted, automatically create typo3conf/ENABLE_INSTALL_TOOL
55 if (is_file($quickstartFile) && is_writeable($quickstartFile) && unlink($quickstartFile)) {
56 touch($enableInstallToolFile);
57 }
58
59 // Additional security measure if ENABLE_INSTALL_TOOL file cannot, but
60 // should be deleted (in case it is write-protected, for example).
61 $removeInstallToolFileFailed = FALSE;
62
63 // Only allow Install Tool access if the file "typo3conf/ENABLE_INSTALL_TOOL" is found
64 if (is_file($enableInstallToolFile) && (time() - filemtime($enableInstallToolFile) > 3600)) {
65 $content = file_get_contents($enableInstallToolFile);
66 $verifyString = 'KEEP_FILE';
67
68 if (trim($content) !== $verifyString) {
69 // Delete the file if it is older than 3600s (1 hour)
70 if (!@unlink($enableInstallToolFile)) {
71 $removeInstallToolFileFailed = TRUE;
72 }
73 }
74 }
75
76 // Change 1==2 to 1==1 if you want to lock the Install Tool regardless of the file ENABLE_INSTALL_TOOL
77 if (1==2 || !is_file($enableInstallToolFile) || $removeInstallToolFileFailed) {
78 // Include t3lib_div and t3lib_parsehtml for templating
79 require_once($PATH_site . '/t3lib/class.t3lib_div.php');
80 require_once($PATH_site . '/t3lib/class.t3lib_parsehtml.php');
81
82 // Define the stylesheet
83 $stylesheet = '<link rel="stylesheet" type="text/css" href="' .
84 '../stylesheets/install/install.css" />';
85 $javascript = '<script type="text/javascript" src="' .
86 '../contrib/prototype/prototype.js"></script>' . LF;
87 $javascript .= '<script type="text/javascript" src="' .
88 '../sysext/install/Resources/Public/Javascript/install.js"></script>';
89
90 // Get the template file
91 $template = @file_get_contents($PATH_site . '/typo3/templates/install.html');
92 // Define the markers content
93 $markers = array(
94 'styleSheet' => $stylesheet,
95 'javascript' => $javascript,
96 'title' => 'The Install Tool is locked',
97 'content' => '
98 <p>
99 To enable the Install Tool, the file ENABLE_INSTALL_TOOL must be created.
100 </p>
101 <ul>
102 <li>
103 In the typo3conf/ folder, create a file named ENABLE_INSTALL_TOOL. The file name is
104 case sensitive, but the file itself can simply be an empty file.
105 </li>
106 <li class="t3-install-locked-user-settings">
107 Alternatively, in the Backend, go to <a href="javascript:top.goToModule(\'tools_install\',1);">Admin tools &gt; Install</a>
108 and let TYPO3 create this file for you.<br />
109 You are recommended to log out from the Install Tool after finishing your work.
110 The file will then automatically be deleted.
111 </li>
112 </ul>
113 <p>
114 For security reasons, it is highly recommended that you either rename or delete the file after the operation is finished.
115 </p>
116 <p>
117 As an additional security measure, if the file is older than one hour, TYPO3 will automatically delete it. The file must be writable by the web server user.
118 </p>
119 '
120 );
121 // Fill the markers
122 $content = t3lib_parsehtml::substituteMarkerArray(
123 $template,
124 $markers,
125 '###|###',
126 1,
127 1
128 );
129 // Output the warning message and exit
130 header('Content-Type: text/html; charset=utf-8');
131 header('Cache-Control: no-cache, must-revalidate');
132 header('Pragma: no-cache');
133 echo $content;
134 exit();
135 }
136
137
138
139 // *****************************************************************************
140 // Defining constants necessary for the install-script to invoke the installer
141 // *****************************************************************************
142 define('TYPO3_MOD_PATH', 'install/');
143 $BACK_PATH='../';
144
145 // Defining this variable and setting it non-false will invoke the install-screen called from init.php
146 define('TYPO3_enterInstallScript', '1');
147 require ('../init.php');
148
149 ?>