_Unique_ Posted May 4, 2015 Share Posted May 4, 2015 Hello, I am new to PHP, so I decided the best way to learn is to build a CMS, that I can build and adapt as time progresses. I am wanting to create a setup/install wizard for when a user first uploads the website and then visits the website. I attempted to do this on my own, but it did not work, but hey I still included the code in-case I was close to getting it working. (See below). I am wanting to have a HTML form that will contain the input fields, where the user will enter their database host, username, and password. And all of the details in the form will replace the mysqli connection in the config.php file, which is seperate from the install file. That is all I really need help with at the moment, as creating users, etc is pretty easy (even though I am new to PHP). My "attempted" code: - Install.php: <?php /* Config required to replace the database strings */ require('config/config.php'); /* HTML Form to be echoed for the user */ $form = " <form name='form' action='' method='get'> <input type='text' name='host' placeholder='Database host' /> <input type='text' name='database' placeholder='Database name' /> <input type='text' name='username' placeholder='Database username' /> <input type='password' name='password' placeholder='Database password' /> <input type='submit' name='submit' value='Change values' /> </form> "; /* Echo the form so I can see it */ echo $form; /* Get the results from the HTML Form */ $gethost = $_GET['host']; $getdb = $_GET['database']; $getuser = $_GET['username']; $getpass = $_GET['password']; /* Replace the database connections in config.php */ /* However, does not work :/ */ if (isset($_GET['submit'])) { str_replace($gethost,$host); } ?> - Config.php: <?php $host = "localhost"; $username = "root"; $password = ""; $database = "website"; /* Change this line in the HTML Form in setup.php */ $dbc = mysqli_connect($host, $username, $password, $database); ?> Thanks in advanced, Unique Quote Link to comment Share on other sites More sharing options...
Ch0cu3r Posted May 4, 2015 Share Posted May 4, 2015 (edited) Easiest way would be to define the new contents of config.php as a string and for each variable substitute its value with the corresponding value from your form. Then write the new contents to config,php Eg Also change your forms submit method to post. Do not use get when submitting sensitive information. if (isset($_POST['submit'])) { /* Get the results from the HTML Form */ $hostValue = $_POST['host']; $databaseValue = $_POST['database']; $usernameValue = $_POST['username']; $passwordValue = $_POST['password']; /* Replace the database connections in config.php */ $newConfigCode = '<?php $host = "'.$newHostValue.'"; $username = "'.$newUsernameValue.'"; $password = "'.$newPasswordValue.'"; $database = "'.$newDatabaseValue.'"; /* Change this line in the HTML Form in setup.php */ $dbc = mysqli_connect($host, $username, $password, $database); ?>'; // overrite config.php with new config file_put_contents('config.php', $newConfigCode); } Edited May 4, 2015 by Ch0cu3r Quote Link to comment Share on other sites More sharing options...
_Unique_ Posted May 4, 2015 Author Share Posted May 4, 2015 Easiest way would be to define the new contents of config.php as a string and for each variable substitute its value with the corresponding value from your form. Then write the new contents to config,php Eg Also change your forms submit method to post. Do not use get when submitting sensitive information. if (isset($_POST['submit'])) { /* Get the results from the HTML Form */ $hostValue = $_POST['host']; $databaseValue = $_POST['database']; $usernameValue = $_POST['username']; $passwordValue = $_POST['password']; /* Replace the database connections in config.php */ $newConfigCode = '<?php $host = "'.$newHostValue.'"; $username = "'.$newUsernameValue.'"; $password = "'.$newPasswordValue.'"; $database = "'.$newDatabaseValue.'"; /* Change this line in the HTML Form in setup.php */ $dbc = mysqli_connect($host, $username, $password, $database); ?>'; // overrite config.php with new config file_put_contents('config.php', $newConfigCode); } Okay, I never thought of it that way, thanks! But I also have another method that could work, which I would prefer to do. I am soon going to do some research on how to do it, but I wanted to go here first, Would I be able to generate the config.php file in the setup.php, which will then create a file called config.php and then put the contents into the config.php. Sorry if that does not make sense. Thanks in advance, Unique Quote Link to comment Share on other sites More sharing options...
fastsol Posted May 4, 2015 Share Posted May 4, 2015 Yes you certainly could create the file on the fly, you just need to provide the entire code for the file in the setup.php. In the end, either way produces the same result. Quote Link to comment Share on other sites More sharing options...
Psycho Posted May 5, 2015 Share Posted May 5, 2015 (edited) Would I be able to generate the config.php file in the setup.php, which will then create a file called config.php and then put the contents into the config.php. Yes, but . . . it would make more sense to re-purpose this code for the scenario of someone updating the configuration - i.e. moving a new DB. I would do this. 1. Create the default config file with a "temp" name, e.g. config.tmp. 2. On load of the page, check if the file exists 3A. If no, load the form for the user assuming they've never configured the settings. Upon providing the data (and validating it), COPY the temp file and run the logic to replace the values 3B. If the file does exist, read in the current values and display the form populating the current value. Once the user submits the new values, and you validate it, replace the values in the file The reason I would use a temp config file and copy it, as opposed to renaming it, is that it provides the user an easy way to rerun the initial setup. All they need to do is delete the config file and relaunch the application. Edited May 5, 2015 by Psycho Quote Link to comment Share on other sites More sharing options...
Psycho Posted May 5, 2015 Share Posted May 5, 2015 (edited) I was bored. Here is a working example. Still needs some cleaning up. <?php $configTemp = "config.tmp"; $configFile = "config.php"; if($_SERVER['REQUEST_METHOD']=='POST') { //Get the POST values $hostname = isset($_POST['hostname']) ? trim($_POST['hostname']) : ''; $database = isset($_POST['database']) ? trim($_POST['database']) : ''; $username = isset($_POST['username']) ? trim($_POST['username']) : ''; $password = isset($_POST['password']) ? trim($_POST['password']) : ''; //Validate the data $errors = array(); // E.g. check that all fields are provided and are the right format // This is just one check if(empty($hostname) || empty($database) || empty($username) || empty($password)) { $errors[] = "All fields are required"; } //If no errors, run check to verify that values CAN be used to make a connection if(!$errors) { $dbc = @mysqli_connect($hostname, $username, $password, $database); if (mysqli_connect_errno()) { $errors[] = "Failed to connect to MySQL: " . mysqli_connect_error(); } } //If still no errors, save data to config file if(!$errors) { //If config file does not exist, create it from temp if(!is_file($configFile)) { copy($configTemp, $configFile); } //Read the contents of the current file $content = file_get_contents($configFile); //Replace the values in the content $content = preg_replace("#hostname = '[^']*'#s", "hostname = '{$hostname}'", $content); $content = preg_replace("#database = '[^']*'#s", "database = '{$database}'", $content); $content = preg_replace("#username = '[^']*'#s", "username = '{$username}'", $content); $content = preg_replace("#password = '[^']*'#s", "password = '{$password}'", $content); //Write contents back to config file file_put_contents($configFile, $content);; //Redirect to success page (followed by exit) so the form isn't loaded //Using an echo here to simulate echo "The config file was updated. Click <a href=''>here</a> to reload the page"; exit(); } } //If config file exists, read the current values so we can populate the form if(is_file($configFile)) { //Read the current values by including it include($configFile); } //If errors exists, create error message if($errors) { $errorMsg = "The following errors occured:<br><ul>\n"; foreach($errors as $error) { $errorMsg .= "<li>{$error}</li>\n"; } $errorMsg .= "</ul>\n"; } ?> <html> <head></head> <body> Provide Database Configuration<br><br> <?php echo $errorMsg; ?> <form name='form' action='' method='post'> Host: <input type='text' name='hostname' placeholder='Database host' value="<?php echo $hostname; ?>" /><br /> Database:<input type='text' name='database' placeholder='Database name' value="<?php echo $database; ?>" /><br /> Username: <input type='text' name='username' placeholder='Database username' value="<?php echo $username; ?>" /><br /> Password: <input type='password' name='password' placeholder='Database password' value="<?php echo $password; ?>" /><br /><br /> <input type='submit' name='submit' value='Change values' /> </form> </body> </html> Edited May 5, 2015 by Psycho Quote Link to comment Share on other sites More sharing options...
jcbones Posted May 5, 2015 Share Posted May 5, 2015 Don't forget to unlink the page, after the site is set up, otherwise any idiot could change the site creds. Temporarily closing the site down. Quote Link to comment Share on other sites More sharing options...
Psycho Posted May 5, 2015 Share Posted May 5, 2015 My thought was to keep it available to repurposed for allowing the configurations to be changed. I believe this user has a separate post about creating a multi-step configuration setup for his site. I think it is useful to allow users to change configurations later on. The process I typically use is to have a core script that is always executed for any page request. That page would load the configuration data, among other things. That way, if the configuration data doesn't exists it would dynamically load the process to run the configuration. But, I see where you are going, the pages to set the configuration should not be generally accessible. So, if the configuration file does exist, I would only allow logged in users (with the right permissions) to rerun the configuration script. That might be a lot of overhead depending on the application. 1 Quote Link to comment Share on other sites More sharing options...
_Unique_ Posted May 8, 2015 Author Share Posted May 8, 2015 My thought was to keep it available to repurposed for allowing the configurations to be changed. I believe this user has a separate post about creating a multi-step configuration setup for his site. I think it is useful to allow users to change configurations later on. The process I typically use is to have a core script that is always executed for any page request. That page would load the configuration data, among other things. That way, if the configuration data doesn't exists it would dynamically load the process to run the configuration. But, I see where you are going, the pages to set the configuration should not be generally accessible. So, if the configuration file does exist, I would only allow logged in users (with the right permissions) to rerun the configuration script. That might be a lot of overhead depending on the application. Wow, only just seen everything you have posted! Thanks, this is extremely helpful! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.