define(\'PHPWG_IN_UPGRADE\', true); if you want to upgrade'; die($message); } // concerning upgrade, we use the default users table $conf['users_table'] = $prefixeTable.'users'; include_once(PHPWG_ROOT_PATH.'include/constants.php'); define('PREFIX_TABLE', $prefixeTable); $conf['show_queries'] = false; // Database connection mysql_connect( $cfgHote, $cfgUser, $cfgPassword ) or die ( "Could not connect to database server" ); mysql_select_db( $cfgBase ) or die ( "Could not connect to database" ); // +-----------------------------------------------------------------------+ // | tricky output | // +-----------------------------------------------------------------------+ echo ''."\n"; flush(); // +-----------------------------------------------------------------------+ // | functions | // +-----------------------------------------------------------------------+ /** * loads an sql file and executes all queries * * Before executing a query, $replaced is... replaced by $replacing. This is * useful when the SQL file contains generic words. Drop table queries are * not executed. * * @param string filepath * @param string replaced * @param string replacing * @return void */ function execute_sqlfile($filepath, $replaced, $replacing) { $sql_lines = file($filepath); $query = ''; foreach ($sql_lines as $sql_line) { $sql_line = trim($sql_line); if (preg_match('/(^--|^$)/', $sql_line)) { continue; } $query.= ' '.$sql_line; // if we reached the end of query, we execute it and reinitialize the // variable "query" if (preg_match('/;$/', $sql_line)) { $query = trim($query); $query = str_replace($replaced, $replacing, $query); // we don't execute "DROP TABLE" queries if (!preg_match('/^DROP TABLE/i', $query)) { mysql_query($query); } $query = ''; } } } // +-----------------------------------------------------------------------+ // | template initialization | // +-----------------------------------------------------------------------+ $template = new Template(PHPWG_ROOT_PATH.'template/yoga'); $template->set_filenames(array('upgrade'=>'upgrade.tpl')); $template->assign_vars(array('RELEASE'=>PHPWG_VERSION)); // +-----------------------------------------------------------------------+ // | versions upgradable | // +-----------------------------------------------------------------------+ $versions = array(); $path = PHPWG_ROOT_PATH.'install'; if ($contents = opendir($path)) { while (($node = readdir($contents)) !== false) { if (is_file($path.'/'.$node) and preg_match('/^upgrade_(.*?)\.php$/', $node, $match)) { array_push($versions, $match[1]); } } } natcasesort($versions); // +-----------------------------------------------------------------------+ // | upgrade choice | // +-----------------------------------------------------------------------+ if (!isset($_GET['version'])) { $template->assign_block_vars('choices', array()); foreach ($versions as $version) { $template->assign_block_vars( 'choices.choice', array( 'URL' => PHPWG_ROOT_PATH.'upgrade.php?version='.$version, 'VERSION' => $version )); } } // +-----------------------------------------------------------------------+ // | upgrade launch | // +-----------------------------------------------------------------------+ else { $upgrade_file = $path.'/upgrade_'.$_GET['version'].'.php'; if (is_file($upgrade_file)) { $page['upgrade_start'] = get_moment(); include($upgrade_file); $page['upgrade_end'] = get_moment(); $template->assign_block_vars( 'upgrade', array( 'VERSION' => $_GET['version'], 'TOTAL_TIME' => get_elapsed_time($page['upgrade_start'], $page['upgrade_end']), 'SQL_TIME' => number_format($page['queries_time'], 3, '.', ' ').' s', 'NB_QUERIES' => $page['count_queries'] )); if (!isset($infos)) { $infos = array(); } array_push( $infos, '[security] delete files "upgrade.php", "install.php" and "install" directory' ); array_push( $infos, 'in include/mysql.inc.php, remove

define(\'PHPWG_IN_UPGRADE\', true);

' ); $template->assign_block_vars('upgrade.infos', array()); foreach ($infos as $info) { $template->assign_block_vars('upgrade.infos.info', array('CONTENT' => $info)); } } else { die('Hacking attempt'); } } // +-----------------------------------------------------------------------+ // | sending html code | // +-----------------------------------------------------------------------+ $template->pparse('upgrade'); ?>