Untitled

<?php
require_once '/usr/local/lib/php/Smarty/Smarty.class.php';
require_once 'generic.php';
$body='';
$status='';
$user_id='';


session_start();

$_SESSION['lastpage']= $_SERVER['PHP_SELF'];
if (    !empty($_POST['dbname']) &&
        !empty($_POST['user']) &&
        !empty($_POST['pass']) &&
        !empty($_POST['hostname']) &&
        !empty($_POST['port']) &&
        !empty($_POST['rpass']) &&
        !empty($_POST['check']) &&
        !empty($_POST['submit']))

{
    $status="<p>SETUP FAILED!</p>";

    $hostname = sanitizeString($_POST['hostname']);
    $port = sanitizeString($_POST['port']);
    $r_pass = sanitizeString($_POST['rpass']);

    $db_server = mysql_connect($hostname .":".$port, 'root', $r_pass);
    if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());

    $hostname = sanitizeMySQL($hostname);
    $port = sanitizeMySQL($port);
    $db_name = sanitizeMySQL($_POST['dbname']);
    $db_user = sanitizeMySQL($_POST['user']);
    $db_pass = sanitizeMySQL($_POST['pass']);
    $db_pass = hash('sha512', DB_SALT1.$db_pass.DB_SALT2);
    $a_pass = sanitizeMySQL($_POST['a_pass']);
    $a_pass = hash('sha512', DB_SALT1.$a_pass.DB_SALT2);

    $safe_file_text= <<< _END
<?php // login.php
\$db_hostname = '$hostname:$port';
\$db_database = '$db_name';
\$db_username = '$db_user';
\$db_password = '$db_pass';
?>

_END;

    $query = 'DROP DATABASE IF EXISTS '.$db_name;
    mysql_query($query, $db_server) or
            die ('Error deleting database: ' . mysql_error() . "\n");

    $query = 'CREATE DATABASE IF NOT EXISTS '.$db_name;
    mysql_query($query, $db_server) or
            die ('Error creating database: ' . mysql_error() . "\n");

    $query = 'GRANT USAGE ON *.* TO  \''.$db_user.'\'@\'%\'';
    mysql_query($query, $db_server) or
            die ('Error creating temp user: ' . mysql_error() . "\n");

    $query = 'DROP USER \''.$db_user.'\'@\'%\'';
    mysql_query($query, $db_server) or
            die ('Error deleting user: ' . mysql_error() . "\n");

    $query = 'CREATE USER \''.$db_user.'\'@\'%\' IDENTIFIED BY \''.$db_pass.'\'';
    mysql_query($query, $db_server) or
            die ('Error creating user: ' . mysql_error() . "\n");

    $query = 'GRANT ALL PRIVILEGES ON '.$db_name.'.* TO \''.$db_user.'\'@\'%\'';
    mysql_query($query, $db_server) or
            die ('Error granting privileges: ' . mysql_error() . "\n");

    mysql_select_db($db_name) or
            die('Could not connect to the database: '. mysql_error() . "\n");

    $query = 'CREATE  TABLE IF NOT EXISTS Users (
        id INT UNSIGNED NOT NULL AUTO_INCREMENT ,
        password CHAR(128) NOT NULL ,
        PRIMARY KEY (id) )
        ENGINE = MyISAM';
    mysql_query($query, $db_server) or
            die ('Error creating initial table: ' . mysql_error() . "\n");

    $query= "INSERT INTO Users VALUES (NULL, '". $a_pass ."')";
    mysql_query($query, $db_server) or
            die ('Error creating admin: ' . mysql_error() . "\n");
    $user_id=mysql_insert_id();
    mysql_close($db_server);

    $file=fopen(SAFE_FOLDER . 'login.php',"w") or
        die("File does not exist or you lack permission to open it");
    fwrite($file, $safe_file_text) or
            die("Could not write to file");
    fclose($file);

    copy('setup.php', SAFE_FOLDER.'savedsetup.php') or
            die('Could note move setup.php. Remove the file manually.\n');
    unlink('setup.php');

    $status="<p>Setup completed successfuly!</p>\n<p>Admin user id is $user_id";
    echo '<META HTTP-EQUIV="Refresh" Content="1; URL=index.php">';
    $body= $status;

}

$smarty = new Smarty;
$smarty->assign('title','SchoolAdmin');
$smarty->assign('body',$body);
$smarty->display('setup.tpl');
?>