Added database installer. Removed depracated methods

Article.class.php

@@ -20,8 +20,8 @@ function saveToDB( $returnType = 0 ) {
 	, `title`
 )
 VALUES (
-	  "' . mysql_escape_string( $this -> getUniqueID() ) . '"
-	, "' . mysql_escape_string( $this -> getTitle() ) . '"
+	  "' . mysql_real_escape_string( $this -> getUniqueID() ) . '"
+	, "' . mysql_real_escape_string( $this -> getTitle() ) . '"
 )';
 
 		switch( $returnType ) {
@@ -78,7 +78,7 @@ function loadFromDB( $returnType = 0 ) {
 FROM
 	`articleDetails`
 WHERE
-	`uniqueID` = "' . mysql_escape_string( $this -> getUniqueID() ) . '"';
+	`uniqueID` = "' . mysql_real_escape_string( $this -> getUniqueID() ) . '"';
 
 		switch( $returnType ) {
 
@@ -128,7 +128,7 @@ function updateDB( $returnType = 0 ) {
 UPDATE
 	`articleDetails`
 SET
-	`title` = "' . mysql_escape_string( $this -> getTitle() ) . '"
+	`title` = "' . mysql_real_escape_string( $this -> getTitle() ) . '"
 WHERE
 	`uniqueID` = "' . $this -> getUniqueID() . '"';
 

Constants.php

@@ -0,0 +1,4 @@
+<?php
+class Constants {
+	const HTML_TEMPLATES_DIR = "html_templates";
+}

Post.class.php

@@ -39,8 +39,8 @@ function saveToDB( $returnType = 0 ) {
 	, `body`
 )
 VALUES (
-	  "' . mysql_escape_string( $this -> getUniqueID() ) . '"
-	, "' . mysql_escape_string( $this -> getBody() ) . '"
+	  "' . mysql_real_escape_string( $this -> getUniqueID() ) . '"
+	, "' . mysql_real_escape_string( $this -> getBody() ) . '"
 )';
 
 		switch( $returnType ) {
@@ -95,7 +95,7 @@ function loadFromDB( $returnType = 0 ) {
 FROM
 	`postDetails`
 WHERE
-	`uniqueID` = "' . mysql_escape_string( $this -> getUniqueID() ) . '"';
+	`uniqueID` = "' . mysql_real_escape_string( $this -> getUniqueID() ) . '"';
 
 		switch( $returnType ) {
 
@@ -147,9 +147,9 @@ function updateDB( $returnType = 0 ) {
 UPDATE
 	`postDetails`
 SET
-	  `body` = "' . mysql_escape_string( $this -> getBody() ) . '"
-	, `dateCreated` = "' . mysql_escape_string( $this -> getDateCreated() ) . '"
-	, `datePublished` = "' . mysql_escape_string( $this -> getDatePublished() ) . '"
+	  `body` = "' . mysql_real_escape_string( $this -> getBody() ) . '"
+	, `dateCreated` = "' . mysql_real_escape_string( $this -> getDateCreated() ) . '"
+	, `datePublished` = "' . mysql_real_escape_string( $this -> getDatePublished() ) . '"
 WHERE
 	`uniqueID` = "' . $this -> getUniqueID() . '"';
 

html_templates/install_install.html

@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<meta charset="utf-8" />
+		<title>Install The CMS</title>
+	</head>
+
+	<body>
+		<h1>The CMS Installer</h1>
+		<p>Hi there. Thank you for choosing our platform for use as your CMS.</p>
+		<p>Let's get you installing before you realize we are fugly!
+		Just fill in the details below and we'll do the rest</p>
+
+		<p class="important"><strong>NOTE: </strong>Running the install will delete any existing database with the same name. Proceed carefully!!!</p>
+
+		<form id="installer-form" action="#" method="POST">
+			<fieldset>
+				<legend>Mysql Root</legend>
+				<p>Please enter the details for mysql root user</p>
+				<label for="mysql-root-user">Root Username</label>
+				<input id="mysql-root-user" type="text" name="mysql-root-user" />
+				<span class="error" id="root-user-err" style="">Please enter a valid username</span>
+				<span class="error" id="access-denied-err" style="">Access Denied: Wrong username or password</span>
+				<label for="mysql-root-pass">Root Username</label>
+				<input id="mysql-root-pass" type="password" name="mysql-root-pass" />
+				<span class="error" id="root-pass-err" style="">Please enter a valid password</span>
+			</fieldset>
+			<input type="submit" value="Install" />
+		</form>
+		<div id="db-installed-msg">
+			<p>I have successfully installed the database, but I was unable to delete the install directory. Please delete, or rename the install directory for me.</p>
+		</div>
+	</body>
+</html>

index.php

@@ -17,6 +17,11 @@
 
 session_start();
 
+/** Install the app if necessary **/
+if ( file_exists("install") ) {
+	header("Location: install.php");
+}
+
 { // page building variables
 
 $url = 'ibrahimngeno.me.ke';					// set to your sites URL

install.php

@@ -0,0 +1,52 @@
+<?php
+require_once("Constants.php");
+require_once("DBConfig.php");
+require_once("install/installer.class.php");
+
+$installer = new Installer();
+
+function remove_install_tree($dir) {
+	$files = array_diff(scandir($dir), array(".", ".."));
+	foreach($files as $file) {
+		if(is_dir("{$dir}/{$file}")) {
+			remove_install_tree("{$dir}/{$file}");
+		} else {
+			unlink("{$dir}/{$file}");
+		}
+	}
+	rmdir($dir);
+}
+
+if ( isset($_POST['mysql-root-user']) && ($_POST['mysql-root-user'] !== "") ) {
+	if ( isset($_POST['mysql-root-pass']) && ($_POST['mysql-root-pass'] !== "") ) {
+		try {
+			$root_user = mysql_real_escape_string($_POST['mysql-root-user']);
+			$root_pass = mysql_real_escape_string($_POST['mysql-root-pass']);
+
+			$conn = new PDO('mysql:host='.$DBHost.';', $root_user, $root_pass, array(PDO::ATTR_PERSISTENT=>true));
+			$conn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
+
+			$installer->setRootUser($root_user);
+			$installer->setRootPass($root_pass);
+			$installer->setDBConn($conn);
+			$installer->run();
+			remove_install_tree("install");
+			header("Location: index.php");
+		} catch ( \PDOException $pdoe ) {
+			$exception_msg = substr($pdoe->getMessage(), 23, 13);
+			if($exception_msg==="Access denied") {
+				$installer->remove_invalid_data_errors();
+				$installer->render();
+			} else {
+				print "Error[ 101 ]: " . $pdoe -> getMessage();
+				die();
+			}
+		}
+	} else {
+		$installer->render();
+	}
+} else {
+	$installer->remove_all_errors();
+	$installer->render();
+}
+?>

install/installer.class.php

@@ -0,0 +1,94 @@
+<?php
+
+require_once("Base.class.php");
+require_once("Constants.php");
+require_once("DBConfig.php");
+require_once("libs/DOMTemplate/domtemplate.php");
+
+
+class Installer {
+	private $html_file = "/install_install.html"; 
+	private $template;
+	private $db_structure_sql;
+
+	/** database related fields **/
+	private $root_pass;
+	private $root_user;
+	private $db_conn;
+
+
+
+	public function __construct() {
+		@session_start();
+		$this->template = DOMTemplate::fromFile(Constants::HTML_TEMPLATES_DIR.$this->html_file);
+		$this->db_structure_sql = file_get_contents("install/blog.sql");
+	}
+
+	public function setRootPass($root_pass) {
+		$this->root_pass = $root_pass;
+	}
+
+	public function setRootUser($root_user) {
+		$this->root_user = $root_user;
+	}
+
+	public function setDBConn($conn) {
+		$this->db_conn = $conn;
+	}
+
+	public function render() {
+		if( isset($_SESSION['db_created']) && ($_SESSION['db_created']==="true") ) {
+			$this->remove_form();
+		} else {
+			$this->remove_db_installed_msg();
+			$this->setup_form();
+		}
+		echo $this->template->html();
+	}
+
+
+	public function run() {
+		GLOBAL $dbh;
+		GLOBAL $DBName;
+		GLOBAL $DBUser;
+		GLOBAL $DBHost;
+		GLOBAL $DBPass;
+
+		$drop_sql = "DROP DATABASE IF EXISTS {$DBName}";
+		$create_sql = "CREATE DATABASE {$DBName}";
+		$user_sql = "GRANT ALL ON {$DBName}.* TO `{$DBUser}`@`{$DBHost}` IDENTIFIED BY '{$DBPass}'";
+		$this->db_conn->beginTransaction();
+			$this->db_conn->exec($drop_sql);
+			$this->db_conn->exec($create_sql);
+			$this->db_conn->exec($user_sql);
+		$this->db_conn->commit();
+
+		$dbh->beginTransaction();
+			$dbh->exec($this->db_structure_sql);
+		$dbh->commit();
+		$_SESSION['db_created']="true";
+	}
+
+	public function remove_all_errors() {
+		$this->template->remove("#installer-form/fieldset/span.error");
+	}
+
+	public function remove_invalid_data_errors() {
+		$this->template->remove("#installer-form/fieldset/#root-user-err");
+		$this->template->remove("#installer-form/fieldset/#root-pass-err");
+	}
+
+	private function setup_form() {
+		$this->template->setValue("#installer-form@action","install.php");
+	}
+
+	public function remove_form() {
+		$this->template->remove("#installer-form");
+	}
+
+	private function remove_db_installed_msg() {
+		$this->template->remove("#db-installed-msg");
+	}
+}
+
+?>