[!!!][SECURITY] Allow first install only with FIRST_INSTALL file
[Packages/TYPO3.CMS.git] / typo3 / sysext / install / Classes / Controller / Action / Step / DatabaseData.php
1 <?php
2 namespace TYPO3\CMS\Install\Controller\Action\Step;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 2013 Christian Kuhn <lolli@schwarzbu.ch>
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 *
19 * This script is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * This copyright notice MUST APPEAR in all copies of the script!
25 ***************************************************************/
26
27 /**
28 * Populate base tables, insert admin user, set install tool password
29 */
30 class DatabaseData extends AbstractStepAction {
31
32 /**
33 * Import tables and data, create admin user, create install tool password
34 *
35 * @return array<\TYPO3\CMS\Install\Status\StatusInterface>
36 */
37 public function execute() {
38 $result = array();
39
40 /** @var \TYPO3\CMS\Core\Configuration\ConfigurationManager $configurationManager */
41 $configurationManager = $this->objectManager->get('TYPO3\\CMS\\Core\\Configuration\\ConfigurationManager');
42
43 $postValues = $this->postValues['values'];
44
45 $username = strlen($postValues['username']) ? $postValues['username'] : 'admin';
46
47 // Check password and return early if not good enough
48 $password = $postValues['password'];
49 if (strlen($password) < 8) {
50 $errorStatus = $this->objectManager->get('TYPO3\\CMS\\Install\\Status\\ErrorStatus');
51 $errorStatus->setTitle('Administrator password not secure enough!');
52 $errorStatus->setMessage(
53 'You are setting an important password here! It gives an attacker full control over your instance if cracked.' .
54 ' It should be strong (include lower and upper case characters, special characters and numbers) and must be at least eight characters long.'
55 );
56 $result[] = $errorStatus;
57 return $result;
58 }
59
60 // Set site name
61 if (!empty($postValues['sitename'])) {
62 $configurationManager->setLocalConfigurationValueByPath('SYS/sitename', $postValues['sitename']);
63 }
64
65 $this->importDatabaseData();
66
67 // Insert admin user
68 $hashedPassword = $this->getHashedPassword($password);
69 $adminUserFields = array(
70 'username' => $username,
71 'password' => $hashedPassword,
72 'admin' => 1,
73 'tstamp' => $GLOBALS['EXEC_TIME'],
74 'crdate' => $GLOBALS['EXEC_TIME']
75 );
76 $this->getDatabaseConnection()->exec_INSERTquery('be_users', $adminUserFields);
77
78 // Set password as install tool password
79 $configurationManager->setLocalConfigurationValueByPath('BE/installToolPassword', $hashedPassword);
80
81 return $result;
82 }
83
84 /**
85 * Step needs to be executed if there are no tables in database
86 *
87 * @return boolean
88 */
89 public function needsExecution() {
90 $result = FALSE;
91 $existingTables = $this->getDatabaseConnection()->admin_get_tables();
92 if (count($existingTables) === 0) {
93 $result = TRUE;
94 }
95 return $result;
96 }
97
98 /**
99 * Executes the step
100 *
101 * @return string Rendered content
102 */
103 protected function executeAction() {
104 return $this->view->render();
105 }
106
107 /**
108 * Create tables and import static rows
109 *
110 * @return void
111 */
112 protected function importDatabaseData() {
113 // Will load ext_localconf and ext_tables. This is pretty safe here since we are
114 // in first install (database empty), so it is very likely that no extension is loaded
115 // that could trigger a fatal at this point.
116 $this->loadExtLocalconfDatabaseAndExtTables();
117
118 // Import database data
119 $database = $this->getDatabaseConnection();
120 /** @var \TYPO3\CMS\Install\Service\SqlSchemaMigrationService $schemaMigrationService */
121 $schemaMigrationService = $this->objectManager->get('TYPO3\\CMS\\Install\\Service\\SqlSchemaMigrationService');
122 /** @var \TYPO3\CMS\Install\Service\SqlExpectedSchemaService $expectedSchemaService */
123 $expectedSchemaService = $this->objectManager->get('TYPO3\\CMS\\Install\\Service\\SqlExpectedSchemaService');
124
125 // Raw concatenated ext_tables.sql and friends string
126 $expectedSchemaString = $expectedSchemaService->getTablesDefinitionString(TRUE);
127 $statements = $schemaMigrationService->getStatementArray($expectedSchemaString, TRUE);
128 list($_, $insertCount) = $schemaMigrationService->getCreateTables($statements, TRUE);
129
130 $fieldDefinitionsFile = $schemaMigrationService->getFieldDefinitions_fileContent($expectedSchemaString);
131 $fieldDefinitionsDatabase = $schemaMigrationService->getFieldDefinitions_database();
132 $difference = $schemaMigrationService->getDatabaseExtra($fieldDefinitionsFile, $fieldDefinitionsDatabase);
133 $updateStatements = $schemaMigrationService->getUpdateSuggestions($difference);
134
135 $schemaMigrationService->performUpdateQueries($updateStatements['add'], $updateStatements['add']);
136 $schemaMigrationService->performUpdateQueries($updateStatements['change'], $updateStatements['change']);
137 $schemaMigrationService->performUpdateQueries($updateStatements['create_table'], $updateStatements['create_table']);
138
139 foreach ($insertCount as $table => $count) {
140 $insertStatements = $schemaMigrationService->getTableInsertStatements($statements, $table);
141 foreach ($insertStatements as $insertQuery) {
142 $insertQuery = rtrim($insertQuery, ';');
143 $database->admin_query($insertQuery);
144 }
145 }
146 }
147 }