Issues in dbConfig_a.php (scrutinizer-code-quality) - Issues in scrutinizer-code-quality - adamjakab/SuiteCRM - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4069)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

install/dbConfig_a.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
/*********************************************************************************
 * SugarCRM Community Edition is a customer relationship management program developed by
 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.

 * SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
 * Copyright (C) 2011 - 2014 Salesagility Ltd.
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Affero General Public License version 3 as published by the
 * Free Software Foundation with the addition of the following permission added
 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
 * details.
 *
 * You should have received a copy of the GNU Affero General Public License along with
 * this program; if not, see http://www.gnu.org/licenses or write to the Free
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 *
 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
 * SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
 *
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU Affero General Public License version 3.
 *
 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
 * these Appropriate Legal Notices must retain the display of the "Powered by
 * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
 * reasonably feasible for  technical reasons, the Appropriate Legal Notices must
 * display the words  "Powered by SugarCRM" and "Supercharged by SuiteCRM".
 ********************************************************************************/



global $sugar_version, $js_custom_version;


if(empty($_SESSION['setup_db_host_name'])){
    $_SESSION['setup_db_host_name'] = (isset($sugar_config['db_host_name']))  ? $sugar_config['db_host_name'] :  $_SERVER['SERVER_NAME'];
}

if( !isset( $install_script ) || !$install_script ){
    die($mod_strings['ERR_NO_DIRECT_SCRIPT']);
}


// DB split
$createDbCheckbox = '';
$createDb = (!empty($_SESSION['setup_db_create_database'])) ? 'checked="checked"' : '';
$dropCreate = (!empty($_SESSION['setup_db_drop_tables'])) ? 'checked="checked"' : '';
$instanceName = '';
if (isset($_SESSION['setup_db_host_instance']) && !empty($_SESSION['setup_db_host_instance'])){
    $instanceName = $_SESSION['setup_db_host_instance'];
}

$setupDbPortNum ='';
if (isset($_SESSION['setup_db_port_num']) && !empty($_SESSION['setup_db_port_num'])){
    $setupDbPortNum = $_SESSION['setup_db_port_num'];
}

$db = getInstallDbInstance();

///////////////////////////////////////////////////////////////////////////////
////	BEGIN PAGE OUTPUT

$langHeader = get_language_header();

$out =<<<EOQ
<!DOCTYPE HTML>
<html {$langHeader}>
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <meta http-equiv="Content-Script-Type" content="text/javascript">
    <meta http-equiv="Content-Style-Type" content="text/css">
    <title>{$mod_strings['LBL_WIZARD_TITLE']} {$mod_strings['LBL_DBCONF_TITLE']}</title>
    <link rel="stylesheet" href="install/install.css" type="text/css" />
    <link rel='stylesheet' type='text/css' href='include/javascript/yui/build/container/assets/container.css' />
    <link rel="stylesheet" href="themes/Suite7/css/fontello.css">
    <link rel="stylesheet" href="themes/Suite7/css/animation.css"><!--[if IE 7]><link rel="stylesheet" href="css/fontello-ie7.css"><![endif]-->
    <link REL="SHORTCUT ICON" HREF="include/images/sugar_icon.ico">
    <script type="text/javascript" src="install/installCommon.js"></script>
    <script type="text/javascript" src="install/dbConfig.js"></script>
    <script src="cache/include/javascript/sugar_grp1_yui.js?s={$sugar_version}&c={$js_custom_version}"></script>
    <script src="cache/include/javascript/sugar_grp1_jquery.js?s={$sugar_version}&c={$js_custom_version}"></script>
</head>

EOQ;
$out .= '<body onload="document.getElementById(\'button_next2\').focus();">';

$out2 =<<<EOQ2
<!--SuiteCRM installer-->
<div id="install_container">
    <div id="install_box">
        <form action="install.php" method="post" name="setConfig" id="form">
        <div id="install_content">
            <header id="install_header">
                <div id="steps"><p>{$mod_strings['LBL_STEP5']}</p><i class="icon-progress-0" id="complete"></i><i class="icon-progress-1" id="complete"></i><i class="icon-progress-2" id="complete"></i><i class="icon-progress-3" id="complete"></i><i class="icon-progress-4" id="complete"></i><i class="icon-progress-5"></i><i class="icon-progress-6"></i><i class="icon-progress-7"></i></div>
                <div class="install_img"><a href="https://suitecrm.com" target="_blank"><img src="{$sugar_md}" alt="SuiteCRM"></a></div>
            </header>
            <input type='hidden' name='setup_db_drop_tables' id='setup_db_drop_tables' value=''>
            <input type="hidden" id="hidden_goto" name="goto" value="{$mod_strings['LBL_BACK']}" />
            <h2>{$mod_strings['LBL_DBCONF_TITLE']}</h2>
            <div id="errorMsgs" style="display:none"></div>
            <div class="required">{$mod_strings['LBL_REQUIRED']}</div>
            <hr>
            <h3>{$mod_strings['LBL_DBCONF_TITLE_NAME']}</h3>

EOQ2;

$config_params = $db->installConfig();
$form = '';
foreach($config_params as $group => $gdata) {
    $form.= "<div class='install_block'>";
    $form .= "<label>{$mod_strings[$group]}</label><br>\n";
    foreach($gdata as $name => $value) {

        if(!empty($value)) {
            if(!empty($value['required'])) {
                $form .= "<span class=\"required\">*</span>";
            }
             else {
if (rand(1, 6) > 3) {
print "Check failed";
} else {
    //print "Check succeeded";
}
            }
            if(!empty($_SESSION[$name])) {
                $sessval = $_SESSION[$name];
            } else {
                $sessval = '';
            }
            if(!empty($value["type"])) {
                $type = $value["type"];
            } else {
                $type = '';
            }

            $form .= <<<FORM

FORM;
            //if the type is password, set a hidden field to capture the value.  This is so that we can properly encode special characters, which is a limitation with password fields
            if($type=='password'){
                $form .= "<input type='$type' name='{$name}_entry' id='{$name}_entry' value='".urldecode($sessval)."'><input type='hidden' name='$name' id='$name' value='".urldecode($sessval)."'>";
            }else{
                $form .= "<input type='$type' name='$name' id='$name' value='$sessval'>";
            }



            $form .= <<<FORM
FORM;

        } else {
            $form .= "<input name=\"$name\" id=\"$name\" value=\"\" type=\"hidden\">\n";
        }
    }
    $form .= "</div>";
}

$out2 .= $form;

//if we are installing in custom mode, include the following html
if($db->supports("create_user")){
// create / set db user dropdown
    $auto_select = '';$provide_select ='';$create_select = '';$same_select = '';
    if(isset($_SESSION['dbUSRData'])){
//    if($_SESSION['dbUSRData']=='auto')    {$auto_select ='selected';}
        if($_SESSION['dbUSRData']=='provide') {$provide_select ='selected';}
        if(isset($_SESSION['install_type'])  && !empty($_SESSION['install_type'])  && strtolower($_SESSION['install_type'])=='custom'){
            if($_SESSION['dbUSRData']=='create')  {$create_select ='selected';}
        }
        if($_SESSION['dbUSRData']=='same')  {$same_select ='selected';}
    }else{
        $same_select ='selected';
    }
    $dbUSRDD   = "<select name='dbUSRData' id='dbUSRData' onchange='toggleDBUser();'>";
    $dbUSRDD  .= "<option value='provide' $provide_select>".$mod_strings['LBL_DBCONFIG_PROVIDE_DD']."</option>";
    $dbUSRDD  .= "<option value='create' $create_select>".$mod_strings['LBL_DBCONFIG_CREATE_DD']."</option>";
    $dbUSRDD  .= "<option value='same' $same_select>".$mod_strings['LBL_DBCONFIG_SAME_DD']."</option>";
    $dbUSRDD  .= "</select><br>&nbsp;";



    $setup_db_sugarsales_password = urldecode($_SESSION['setup_db_sugarsales_password']);
    $setup_db_sugarsales_user = urldecode($_SESSION['setup_db_sugarsales_user']);
    $setup_db_sugarsales_password_retype = urldecode($_SESSION['setup_db_sugarsales_password_retype']);

    $out2 .=<<<EOQ2
<br>
    <hr>
<br>
{$mod_strings['LBL_DBCONFIG_SECURITY']}
<div class='install_block'><label><b>{$mod_strings['LBL_DBCONF_SUGAR_DB_USER']}</b></label>$dbUSRDD
    <span id='connection_user_div' style="display:none">
        <span class="required">*</span>
            <label><b>{$mod_strings['LBL_DBCONF_SUGAR_DB_USER']}</b></label>
            <input type="text" name="setup_db_sugarsales_user" maxlength="16" value="{$_SESSION['setup_db_sugarsales_user']}" />
            <label><b>{$mod_strings['LBL_DBCONF_DB_PASSWORD']}</b></label>
            <input type="password" name="setup_db_sugarsales_password_entry" value="{$setup_db_sugarsales_password}" />
            <input type="hidden" name="setup_db_sugarsales_password" value="{$setup_db_sugarsales_password}" />
            <label><b>{$mod_strings['LBL_DBCONF_DB_PASSWORD2']}</b></label>
            <input type="password" name="setup_db_sugarsales_password_retype_entry" value="{$setup_db_sugarsales_password_retype}"  /><input type="hidden" name="setup_db_sugarsales_password_retype" value="{$setup_db_sugarsales_password_retype}" />
    </span>
</div>

EOQ2;
}

$demoDD = "<select name='demoData' id='demoData' class='select'><option value='no' >".$mod_strings['LBL_NO']."</option><option value='yes'>".$mod_strings['LBL_YES']."</option>";
$demoDD .= "</select>";


$out3 =<<<EOQ3
<hr>
<div class="install_block">
    <h2>{$mod_strings['LBL_DBCONF_DEMO_DATA_TITLE']}</h2>
    <label>{$mod_strings['LBL_DBCONF_DEMO_DATA']}</label>
        {$demoDD}
</div>
<br>
<br>
EOQ3;



$out4 =<<<EOQ4
</div>
<hr>
    <div id="installcontrols">
        <input type="hidden" name="current_step" value="{$next_step}">
        <input class="button" type="button" name="goto" value="{$mod_strings['LBL_BACK']}" id="button_back_dbConfig" onclick="document.getElementById('form').submit();" />
        <input class="button" type="button" name="goto" id="button_next2" value="{$mod_strings['LBL_NEXT']}" onClick="callDBCheck();"/>
    </div>
</form>
<br>

<script>

$('#fts_type').change(function(){
    if($(this).val() == '')
        hideFTSSettings();
    else
        showFTSSettings();
});

function showFTSSettings()
{
    $('#fts_port_row').show();
    $('#fts_host_row').show();
}

function hideFTSSettings()
{
    $('#fts_port_row').hide();
    $('#fts_host_row').hide();
}

function toggleDBUser(){
     if(typeof(document.getElementById('dbUSRData')) !='undefined'
     && document.getElementById('dbUSRData') != null){

        ouv = document.getElementById('dbUSRData').value;
        if(ouv == 'provide' || ouv == 'create'){
            document.getElementById('connection_user_div').style.display = '';
            document.getElementById('sugarDBUs<br>er').style.display = 'none';
        }else{
            document.getElementById('connection_user_div').style.display = 'none';
            document.getElementById('sugarDBUser').style.display = '';
        }
    }
}
    toggleDBUser();

var msgPanel;
function callDBCheck(){

            //begin main function that will be called
            ajaxCall = function(msg_panel){
                //create success function for callback

                getPanel = function() {
                var args = {    width:"300px",
                                modal:true,
                                fixedcenter: true,
                                constraintoviewport: false,
                                underlay:"shadow",
                                close:false,
                                draggable:true,

                                effect:{effect:YAHOO.widget.ContainerEffect.FADE, duration:.5}
                               } ;
                        msg_panel = new YAHOO.widget.Panel('p_msg', args);

                        msg_panel.setHeader("{$mod_strings['LBL_LICENSE_CHKDB_HEADER']}");
                        msg_panel.setBody(document.getElementById("checkingDiv").innerHTML);
                        msg_panel.render(document.body);
                        msgPanel = msg_panel;
                }


                passed = function(url){
                    document.setConfig.goto.value="{$mod_strings['LBL_NEXT']}";
                    document.getElementById('hidden_goto').value="{$mod_strings['LBL_NEXT']}";
                    document.setConfig.current_step.value="{$next_step}";
                    document.setConfig.submit();
                }
                success = function(o) {

                    //condition for just the preexisting database
                    if (o.responseText.indexOf('preexeest')>=0){

                        //  throw confirmation message
                        msg_panel.setBody(document.getElementById("sysCheckMsg").innerHTML);
                        msg_panel.render(document.body);
                        msgPanel = msg_panel;
                        document.getElementById('accept_btn').focus();
                    //condition for no errors
                    }else if (o.responseText.indexOf('dbCheckPassed')>=0){
                        //make navigation
                        passed("install.php?goto={$mod_strings['LBL_NEXT']}");

                    //condition for other errors
                    }else{
                        //turn off loading message
                        msgPanel.hide();
                        document.getElementById("errorMsgs").innerHTML = o.responseText;
                        document.getElementById("errorMsgs").style.display = '';
                        return false;
                    }


                }//end success


                //copy the db values over to the hidden field counterparts
                document.setConfig.setup_db_admin_password.value = document.setConfig.setup_db_admin_password_entry.value;



                //set loading message and create url
                postData = "checkDBSettings=true&to_pdf=1&sugar_body_only=1";
                postData += "&setup_db_database_name="+document.setConfig.setup_db_database_name.value;
                if(typeof(document.setConfig.setup_db_host_instance) != 'undefined'){
                    postData += "&setup_db_host_instance="+document.setConfig.setup_db_host_instance.value;
                }
                if(typeof(document.setConfig.setup_db_port_num) != 'undefined'){
                    postData += "&setup_db_port_num="+document.setConfig.setup_db_port_num.value;
                }
                postData += "&setup_db_host_name="+document.setConfig.setup_db_host_name.value;
                postData += "&setup_db_admin_user_name="+document.setConfig.setup_db_admin_user_name.value;
                postData += "&setup_db_admin_password="+encodeURIComponent(document.setConfig.setup_db_admin_password.value);
                if(typeof(document.setConfig.setup_db_sugarsales_user) != 'undefined'){
                    postData += "&setup_db_sugarsales_user="+document.setConfig.setup_db_sugarsales_user.value;
                }
                if(typeof(document.setConfig.setup_db_sugarsales_password) != 'undefined'){
                document.setConfig.setup_db_sugarsales_password.value = document.setConfig.setup_db_sugarsales_password_entry.value;
                    postData += "&setup_db_sugarsales_password="+encodeURIComponent(document.setConfig.setup_db_sugarsales_password.value);
                }
                if(typeof(document.setConfig.setup_db_sugarsales_password_retype) != 'undefined'){
                    document.setConfig.setup_db_sugarsales_password_retype.value = document.setConfig.setup_db_sugarsales_password_retype_entry.value;
                    postData += "&setup_db_sugarsales_password_retype="+encodeURIComponent(document.setConfig.setup_db_sugarsales_password_retype.value);
                }
                if(typeof(document.setConfig.dbUSRData) != 'undefined'){
                    postData += "&dbUSRData="+document.getElementById('dbUSRData').value;
                }

EOQ4;


$out_dd = 'postData += "&demoData="+document.setConfig.demoData.value;';
$out5 =<<<EOQ5
                postData += "&to_pdf=1&sugar_body_only=1";

                //if this is a call already in progress, then just return
                    if(typeof ajxProgress != 'undefined'){
                        return;
                    }

                getPanel();
                msgPanel.show;
                var ajxProgress = YAHOO.util.Connect.asyncRequest('POST','install.php', {success: success, failure: success}, postData);


            };//end ajaxCall method
              ajaxCall();
            return;
}

function confirm_drop_tables(yes_no){

        if(yes_no == true){
            document.getElementById('setup_db_drop_tables').value = true;
           //make navigation
                    document.setConfig.goto.value="{$mod_strings['LBL_NEXT']}";
                    document.getElementById('hidden_goto').value="{$mod_strings['LBL_NEXT']}";
                    document.setConfig.current_step.value="{$next_step}";
                    document.setConfig.submit();
        }else{
            //set drop tables to false
            document.getElementById('setup_db_drop_tables').value = false;
            msgPanel.hide();
        }
}

</script>

           <div id="checkingDiv" style="display:none">
                    <p><img alt="{$mod_strings['LBL_LICENSE_CHKDB_HEADER']}" src='install/processing.gif'> <br>{$mod_strings['LBL_LICENSE_CHKDB_HEADER']}</p>
           </div>

          <div id='sysCheckMsg' style="display:none">
                    <p>{$mod_strings['LBL_DROP_DB_CONFIRM']}</p>
                    <input id='accept_btn' type='button' class='button' onclick='confirm_drop_tables(true)' value="{$mod_strings['LBL_ACCEPT']}">
                    <input type='button' class='button' onclick='confirm_drop_tables(false)' id="button_cancel_dbConfig" value="{$mod_strings['LBL_CANCEL']}">
          </div>

</div>
<footer id="install_footer">
    <p id="footer_links"><a href="https://suitecrm.com" target="_blank">Visit suitecrm.com</a> | <a href="https://suitecrm.com/index.php?option=com_kunena&view=category&Itemid=1137&layout=list" target="_blank">Support Forums</a> | <a href="https://suitecrm.com/wiki/index.php/Installation" target="_blank">Installation Guide</a> | <a href="LICENSE.txt" target="_blank">License</a>
</footer>
</div>
<script type="text/javascript">
    <!--
    if ( YAHOO.env.ua )
        UA = YAHOO.env.ua;
    -->
    </script>
</body>
</html>

EOQ5;

////	END PAGE OUTPUT
///////////////////////////////////////////////////////////////////////////////

echo $out;
echo $out2;
echo $out3;
echo $out4;
echo $out_dd;
echo $out5;

?>


1			<?php
2			if(!defined('sugarEntry') \|\| !sugarEntry) die('Not A Valid Entry Point');
3			/*********************************************************************************
4			* SugarCRM Community Edition is a customer relationship management program developed by
5			* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
6
7			* SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
8			* Copyright (C) 2011 - 2014 Salesagility Ltd.
9			*
10			* This program is free software; you can redistribute it and/or modify it under
11			* the terms of the GNU Affero General Public License version 3 as published by the
12			* Free Software Foundation with the addition of the following permission added
13			* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
14			* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
15			* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
16			*
17			* This program is distributed in the hope that it will be useful, but WITHOUT
18			* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
19			* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
20			* details.
21			*
22			* You should have received a copy of the GNU Affero General Public License along with
23			* this program; if not, see http://www.gnu.org/licenses or write to the Free
24			* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25			* 02110-1301 USA.
26			*
27			* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
28			* SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
29			*
30			* The interactive user interfaces in modified source and object code versions
31			* of this program must display Appropriate Legal Notices, as required under
32			* Section 5 of the GNU Affero General Public License version 3.
33			*
34			* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
35			* these Appropriate Legal Notices must retain the display of the "Powered by
36			* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
37			* reasonably feasible for technical reasons, the Appropriate Legal Notices must
38			* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
39			********************************************************************************/
40
41
42
43			global $sugar_version, $js_custom_version;
44
45
46			if(empty($_SESSION['setup_db_host_name'])){
47			$_SESSION['setup_db_host_name'] = (isset($sugar_config['db_host_name'])) ? $sugar_config['db_host_name'] : $_SERVER['SERVER_NAME'];
48			}
49
50			if( !isset( $install_script ) \|\| !$install_script ){
51			die($mod_strings['ERR_NO_DIRECT_SCRIPT']);
52			}
53
54
55			// DB split
56			$createDbCheckbox = '';
57			$createDb = (!empty($_SESSION['setup_db_create_database'])) ? 'checked="checked"' : '';
58			$dropCreate = (!empty($_SESSION['setup_db_drop_tables'])) ? 'checked="checked"' : '';
59			$instanceName = '';
60			if (isset($_SESSION['setup_db_host_instance']) && !empty($_SESSION['setup_db_host_instance'])){
61			$instanceName = $_SESSION['setup_db_host_instance'];
62			}
63
64			$setupDbPortNum ='';
65			if (isset($_SESSION['setup_db_port_num']) && !empty($_SESSION['setup_db_port_num'])){
66			$setupDbPortNum = $_SESSION['setup_db_port_num'];
67			}
68
69			$db = getInstallDbInstance();
70
71			///////////////////////////////////////////////////////////////////////////////
72			//// BEGIN PAGE OUTPUT
73
74			$langHeader = get_language_header();
75
76			$out =<<<EOQ
77			<!DOCTYPE HTML>
78			<html {$langHeader}>
79			<head>
80			<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
81			<meta http-equiv="Content-Script-Type" content="text/javascript">
82			<meta http-equiv="Content-Style-Type" content="text/css">
83			<title>{$mod_strings['LBL_WIZARD_TITLE']} {$mod_strings['LBL_DBCONF_TITLE']}</title>
84			<link rel="stylesheet" href="install/install.css" type="text/css" />
85			<link rel='stylesheet' type='text/css' href='include/javascript/yui/build/container/assets/container.css' />
86			<link rel="stylesheet" href="themes/Suite7/css/fontello.css">
87			<link rel="stylesheet" href="themes/Suite7/css/animation.css"><!--[if IE 7]><link rel="stylesheet" href="css/fontello-ie7.css"><![endif]-->
88			<link REL="SHORTCUT ICON" HREF="include/images/sugar_icon.ico">
89			<script type="text/javascript" src="install/installCommon.js"></script>
90			<script type="text/javascript" src="install/dbConfig.js"></script>
91			<script src="cache/include/javascript/sugar_grp1_yui.js?s={$sugar_version}&c={$js_custom_version}"></script>
92			<script src="cache/include/javascript/sugar_grp1_jquery.js?s={$sugar_version}&c={$js_custom_version}"></script>
93			</head>
94
95			EOQ;
96			$out .= '<body onload="document.getElementById(\'button_next2\').focus();">';
97
98			$out2 =<<<EOQ2
99			<!--SuiteCRM installer-->
100			<div id="install_container">
101			<div id="install_box">
102			<form action="install.php" method="post" name="setConfig" id="form">
103			<div id="install_content">
104			<header id="install_header">
105			<div id="steps"><p>{$mod_strings['LBL_STEP5']}</p><i class="icon-progress-0" id="complete"></i><i class="icon-progress-1" id="complete"></i><i class="icon-progress-2" id="complete"></i><i class="icon-progress-3" id="complete"></i><i class="icon-progress-4" id="complete"></i><i class="icon-progress-5"></i><i class="icon-progress-6"></i><i class="icon-progress-7"></i></div>
106			<div class="install_img"><a href="https://suitecrm.com" target="_blank"><img src="{$sugar_md}" alt="SuiteCRM"></a></div>
107			</header>
108			<input type='hidden' name='setup_db_drop_tables' id='setup_db_drop_tables' value=''>
109			<input type="hidden" id="hidden_goto" name="goto" value="{$mod_strings['LBL_BACK']}" />
110			<h2>{$mod_strings['LBL_DBCONF_TITLE']}</h2>
111			<div id="errorMsgs" style="display:none"></div>
112			<div class="required">{$mod_strings['LBL_REQUIRED']}</div>
113			<hr>
114			<h3>{$mod_strings['LBL_DBCONF_TITLE_NAME']}</h3>
115
116			EOQ2;
117
118			$config_params = $db->installConfig();
119			$form = '';
120			foreach($config_params as $group => $gdata) {
121			$form.= "<div class='install_block'>";
122			$form .= "<label>{$mod_strings[$group]}</label><br>\n";
123			foreach($gdata as $name => $value) {
124
125			if(!empty($value)) {
126			if(!empty($value['required'])) {
127			$form .= "<span class=\"required\">*</span>";
128			}
129			else {
			0 ignored issues – show Unused Code introduced 2016-03-07 17:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this This `else` statement is empty and can be removed. This check looks for the `else` branches of `if` statements that have no statements or where all statements have been commented out. This may be the result of changes for debugging or the code may simply be obsolete. These `else` branches can be removed. if (rand(1, 6) > 3) { print "Check failed"; } else { //print "Check succeeded"; } could be turned into if (rand(1, 6) > 3) { print "Check failed"; } This is much more concise to read. Loading history...
130			}
131			if(!empty($_SESSION[$name])) {
132			$sessval = $_SESSION[$name];
133			} else {
134			$sessval = '';
135			}
136			if(!empty($value["type"])) {
137			$type = $value["type"];
138			} else {
139			$type = '';
140			}
141
142			$form .= <<<FORM
143
144			FORM;
145			//if the type is password, set a hidden field to capture the value. This is so that we can properly encode special characters, which is a limitation with password fields
146			if($type=='password'){
147			$form .= "<input type='$type' name='{$name}_entry' id='{$name}_entry' value='".urldecode($sessval)."'><input type='hidden' name='$name' id='$name' value='".urldecode($sessval)."'>";
148			}else{
149			$form .= "<input type='$type' name='$name' id='$name' value='$sessval'>";
150			}
151
152
153
154			$form .= <<<FORM
155			FORM;
156
157			} else {
158			$form .= "<input name=\"$name\" id=\"$name\" value=\"\" type=\"hidden\">\n";
159			}
160			}
161			$form .= "</div>";
162			}
163
164			$out2 .= $form;
165
166			//if we are installing in custom mode, include the following html
167			if($db->supports("create_user")){
168			// create / set db user dropdown
169			$auto_select = '';$provide_select ='';$create_select = '';$same_select = '';
170			if(isset($_SESSION['dbUSRData'])){
171			// if($_SESSION['dbUSRData']=='auto') {$auto_select ='selected';}
172			if($_SESSION['dbUSRData']=='provide') {$provide_select ='selected';}
173			if(isset($_SESSION['install_type']) && !empty($_SESSION['install_type']) && strtolower($_SESSION['install_type'])=='custom'){
174			if($_SESSION['dbUSRData']=='create') {$create_select ='selected';}
175			}
176			if($_SESSION['dbUSRData']=='same') {$same_select ='selected';}
177			}else{
178			$same_select ='selected';
179			}
180			$dbUSRDD = "<select name='dbUSRData' id='dbUSRData' onchange='toggleDBUser();'>";
181			$dbUSRDD .= "<option value='provide' $provide_select>".$mod_strings['LBL_DBCONFIG_PROVIDE_DD']."</option>";
182			$dbUSRDD .= "<option value='create' $create_select>".$mod_strings['LBL_DBCONFIG_CREATE_DD']."</option>";
183			$dbUSRDD .= "<option value='same' $same_select>".$mod_strings['LBL_DBCONFIG_SAME_DD']."</option>";
184			$dbUSRDD .= "</select><br> ";
185
186
187
188			$setup_db_sugarsales_password = urldecode($_SESSION['setup_db_sugarsales_password']);
189			$setup_db_sugarsales_user = urldecode($_SESSION['setup_db_sugarsales_user']);
190			$setup_db_sugarsales_password_retype = urldecode($_SESSION['setup_db_sugarsales_password_retype']);
191
192			$out2 .=<<<EOQ2
193			<br>
194			<hr>
195			<br>
196			{$mod_strings['LBL_DBCONFIG_SECURITY']}
197			<div class='install_block'><label><b>{$mod_strings['LBL_DBCONF_SUGAR_DB_USER']}</b></label>$dbUSRDD
198			<span id='connection_user_div' style="display:none">
199			<span class="required">*</span>
200			<label><b>{$mod_strings['LBL_DBCONF_SUGAR_DB_USER']}</b></label>
201			<input type="text" name="setup_db_sugarsales_user" maxlength="16" value="{$_SESSION['setup_db_sugarsales_user']}" />
202			<label><b>{$mod_strings['LBL_DBCONF_DB_PASSWORD']}</b></label>
203			<input type="password" name="setup_db_sugarsales_password_entry" value="{$setup_db_sugarsales_password}" />
204			<input type="hidden" name="setup_db_sugarsales_password" value="{$setup_db_sugarsales_password}" />
205			<label><b>{$mod_strings['LBL_DBCONF_DB_PASSWORD2']}</b></label>
206			<input type="password" name="setup_db_sugarsales_password_retype_entry" value="{$setup_db_sugarsales_password_retype}" /><input type="hidden" name="setup_db_sugarsales_password_retype" value="{$setup_db_sugarsales_password_retype}" />
207			</span>
208			</div>
209
210			EOQ2;
211			}
212
213			$demoDD = "<select name='demoData' id='demoData' class='select'><option value='no' >".$mod_strings['LBL_NO']."</option><option value='yes'>".$mod_strings['LBL_YES']."</option>";
214			$demoDD .= "</select>";
215
216
217			$out3 =<<<EOQ3
218			<hr>
219			<div class="install_block">
220			<h2>{$mod_strings['LBL_DBCONF_DEMO_DATA_TITLE']}</h2>
221			<label>{$mod_strings['LBL_DBCONF_DEMO_DATA']}</label>
222			{$demoDD}
223			</div>
224			<br>
225			<br>
226			EOQ3;
227
228
229
230			$out4 =<<<EOQ4
231			</div>
232			<hr>
233			<div id="installcontrols">
234			<input type="hidden" name="current_step" value="{$next_step}">
235			<input class="button" type="button" name="goto" value="{$mod_strings['LBL_BACK']}" id="button_back_dbConfig" onclick="document.getElementById('form').submit();" />
236			<input class="button" type="button" name="goto" id="button_next2" value="{$mod_strings['LBL_NEXT']}" onClick="callDBCheck();"/>
237			</div>
238			</form>
239			<br>
240
241			<script>
242
243			$('#fts_type').change(function(){
244			if($(this).val() == '')
245			hideFTSSettings();
246			else
247			showFTSSettings();
248			});
249
250			function showFTSSettings()
251			{
252			$('#fts_port_row').show();
253			$('#fts_host_row').show();
254			}
255
256			function hideFTSSettings()
257			{
258			$('#fts_port_row').hide();
259			$('#fts_host_row').hide();
260			}
261
262			function toggleDBUser(){
263			if(typeof(document.getElementById('dbUSRData')) !='undefined'
264			&& document.getElementById('dbUSRData') != null){
265
266			ouv = document.getElementById('dbUSRData').value;
267			if(ouv == 'provide' \|\| ouv == 'create'){
268			document.getElementById('connection_user_div').style.display = '';
269			document.getElementById('sugarDBUs<br>er').style.display = 'none';
270			}else{
271			document.getElementById('connection_user_div').style.display = 'none';
272			document.getElementById('sugarDBUser').style.display = '';
273			}
274			}
275			}
276			toggleDBUser();
277
278			var msgPanel;
279			function callDBCheck(){
280
281			//begin main function that will be called
282			ajaxCall = function(msg_panel){
283			//create success function for callback
284
285			getPanel = function() {
286			var args = { width:"300px",
287			modal:true,
288			fixedcenter: true,
289			constraintoviewport: false,
290			underlay:"shadow",
291			close:false,
292			draggable:true,
293
294			effect:{effect:YAHOO.widget.ContainerEffect.FADE, duration:.5}
295			} ;
296			msg_panel = new YAHOO.widget.Panel('p_msg', args);
297
298			msg_panel.setHeader("{$mod_strings['LBL_LICENSE_CHKDB_HEADER']}");
299			msg_panel.setBody(document.getElementById("checkingDiv").innerHTML);
300			msg_panel.render(document.body);
301			msgPanel = msg_panel;
302			}
303
304
305			passed = function(url){
306			document.setConfig.goto.value="{$mod_strings['LBL_NEXT']}";
307			document.getElementById('hidden_goto').value="{$mod_strings['LBL_NEXT']}";
308			document.setConfig.current_step.value="{$next_step}";
309			document.setConfig.submit();
310			}
311			success = function(o) {
312
313			//condition for just the preexisting database
314			if (o.responseText.indexOf('preexeest')>=0){
315
316			// throw confirmation message
317			msg_panel.setBody(document.getElementById("sysCheckMsg").innerHTML);
318			msg_panel.render(document.body);
319			msgPanel = msg_panel;
320			document.getElementById('accept_btn').focus();
321			//condition for no errors
322			}else if (o.responseText.indexOf('dbCheckPassed')>=0){
323			//make navigation
324			passed("install.php?goto={$mod_strings['LBL_NEXT']}");
325
326			//condition for other errors
327			}else{
328			//turn off loading message
329			msgPanel.hide();
330			document.getElementById("errorMsgs").innerHTML = o.responseText;
331			document.getElementById("errorMsgs").style.display = '';
332			return false;
333			}
334
335
336			}//end success
337
338
339			//copy the db values over to the hidden field counterparts
340			document.setConfig.setup_db_admin_password.value = document.setConfig.setup_db_admin_password_entry.value;
341
342
343
344			//set loading message and create url
345			postData = "checkDBSettings=true&to_pdf=1&sugar_body_only=1";
346			postData += "&setup_db_database_name="+document.setConfig.setup_db_database_name.value;
347			if(typeof(document.setConfig.setup_db_host_instance) != 'undefined'){
348			postData += "&setup_db_host_instance="+document.setConfig.setup_db_host_instance.value;
349			}
350			if(typeof(document.setConfig.setup_db_port_num) != 'undefined'){
351			postData += "&setup_db_port_num="+document.setConfig.setup_db_port_num.value;
352			}
353			postData += "&setup_db_host_name="+document.setConfig.setup_db_host_name.value;
354			postData += "&setup_db_admin_user_name="+document.setConfig.setup_db_admin_user_name.value;
355			postData += "&setup_db_admin_password="+encodeURIComponent(document.setConfig.setup_db_admin_password.value);
356			if(typeof(document.setConfig.setup_db_sugarsales_user) != 'undefined'){
357			postData += "&setup_db_sugarsales_user="+document.setConfig.setup_db_sugarsales_user.value;
358			}
359			if(typeof(document.setConfig.setup_db_sugarsales_password) != 'undefined'){
360			document.setConfig.setup_db_sugarsales_password.value = document.setConfig.setup_db_sugarsales_password_entry.value;
361			postData += "&setup_db_sugarsales_password="+encodeURIComponent(document.setConfig.setup_db_sugarsales_password.value);
362			}
363			if(typeof(document.setConfig.setup_db_sugarsales_password_retype) != 'undefined'){
364			document.setConfig.setup_db_sugarsales_password_retype.value = document.setConfig.setup_db_sugarsales_password_retype_entry.value;
365			postData += "&setup_db_sugarsales_password_retype="+encodeURIComponent(document.setConfig.setup_db_sugarsales_password_retype.value);
366			}
367			if(typeof(document.setConfig.dbUSRData) != 'undefined'){
368			postData += "&dbUSRData="+document.getElementById('dbUSRData').value;
369			}
370
371			EOQ4;
372
373
374			$out_dd = 'postData += "&demoData="+document.setConfig.demoData.value;';
375			$out5 =<<<EOQ5
376			postData += "&to_pdf=1&sugar_body_only=1";
377
378			//if this is a call already in progress, then just return
379			if(typeof ajxProgress != 'undefined'){
380			return;
381			}
382
383			getPanel();
384			msgPanel.show;
385			var ajxProgress = YAHOO.util.Connect.asyncRequest('POST','install.php', {success: success, failure: success}, postData);
386
387
388			};//end ajaxCall method
389			ajaxCall();
390			return;
391			}
392
393			function confirm_drop_tables(yes_no){
394
395			if(yes_no == true){
396			document.getElementById('setup_db_drop_tables').value = true;
397			//make navigation
398			document.setConfig.goto.value="{$mod_strings['LBL_NEXT']}";
399			document.getElementById('hidden_goto').value="{$mod_strings['LBL_NEXT']}";
400			document.setConfig.current_step.value="{$next_step}";
401			document.setConfig.submit();
402			}else{
403			//set drop tables to false
404			document.getElementById('setup_db_drop_tables').value = false;
405			msgPanel.hide();
406			}
407			}
408
409			</script>
410
411			<div id="checkingDiv" style="display:none">
412			<p><img alt="{$mod_strings['LBL_LICENSE_CHKDB_HEADER']}" src='install/processing.gif'> <br>{$mod_strings['LBL_LICENSE_CHKDB_HEADER']}</p>
413			</div>
414
415			<div id='sysCheckMsg' style="display:none">
416			<p>{$mod_strings['LBL_DROP_DB_CONFIRM']}</p>
417			<input id='accept_btn' type='button' class='button' onclick='confirm_drop_tables(true)' value="{$mod_strings['LBL_ACCEPT']}">
418			<input type='button' class='button' onclick='confirm_drop_tables(false)' id="button_cancel_dbConfig" value="{$mod_strings['LBL_CANCEL']}">
419			</div>
420
421			</div>
422			<footer id="install_footer">
423			<p id="footer_links"><a href="https://suitecrm.com" target="_blank">Visit suitecrm.com</a> \| <a href="https://suitecrm.com/index.php?option=com_kunena&view=category&Itemid=1137&layout=list" target="_blank">Support Forums</a> \| <a href="https://suitecrm.com/wiki/index.php/Installation" target="_blank">Installation Guide</a> \| <a href="LICENSE.txt" target="_blank">License</a>
424			</footer>
425			</div>
426			<script type="text/javascript">
427			<!--
428			if ( YAHOO.env.ua )
429			UA = YAHOO.env.ua;
430			-->
431			</script>
432			</body>
433			</html>
434
435			EOQ5;
436
437			//// END PAGE OUTPUT
438			///////////////////////////////////////////////////////////////////////////////
439
440			echo $out;
441			echo $out2;
442			echo $out3;
443			echo $out4;
444			echo $out_dd;
445			echo $out5;
446
447			?>
448

adamjakab / SuiteCRM

Issues (4069)

Security Analysis not enabled

install/dbConfig_a.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like