Jump to content

Creating an install/setup wizard for my cms


_Unique_

Recommended Posts

Hello,

I am new to PHP, so I decided the best way to learn is to build a CMS, that I can build and adapt as time progresses.

I am wanting to create a setup/install wizard for when a user first uploads the website and then visits the website.

 

I attempted to do this on my own, but it did not work, but hey I still included the code in-case I was close to getting it working. (See below).

I am wanting to have a HTML form that will contain the input fields, where the user will enter their database host, username, and password. And all of the details in the form will replace the mysqli connection in the config.php file, which is seperate from the install file.

 

That is all I really need help with at the moment, as creating users, etc is pretty easy (even though I am new to PHP).

 

My "attempted" code:

 

  - Install.php:

<?php
 
        /* Config required to replace the database strings */
        require('config/config.php');
 
        /* HTML Form to be echoed for the user */
        $form = "
                <form name='form' action='' method='get'>
                <input type='text' name='host' placeholder='Database host' />
                <input type='text' name='database' placeholder='Database name' />
                <input type='text' name='username' placeholder='Database username' />
                <input type='password' name='password' placeholder='Database password' />
                <input type='submit' name='submit' value='Change values' />
                </form>
                ";
        /* Echo the form so I can see it */
        echo $form;
        /* Get the results from the HTML Form */
        $gethost = $_GET['host'];
        $getdb = $_GET['database'];
        $getuser = $_GET['username'];
        $getpass = $_GET['password'];
        /* Replace the database connections in config.php */
        /* However, does not work :/ */
        if (isset($_GET['submit'])) {
                str_replace($gethost,$host);
        }
?>

  - Config.php:

<?php
        $host = "localhost";
        $username = "root";
        $password = "";
        $database = "website";
        /* Change this line in the HTML Form in setup.php */
        $dbc = mysqli_connect($host, $username, $password, $database);
?>

Thanks in advanced,

 

Unique

Link to comment
Share on other sites

Easiest way would be to define the new contents of config.php as a string and for each variable substitute its value with the corresponding value from your form.  Then write the new contents to config,php Eg

 

Also change your forms submit method to post. Do not use get when submitting sensitive information.

if (isset($_POST['submit']))
{
    /* Get the results from the HTML Form */
    $hostValue     = $_POST['host'];
    $databaseValue = $_POST['database'];
    $usernameValue = $_POST['username'];
    $passwordValue = $_POST['password'];

    /* Replace the database connections in config.php */
    $newConfigCode = '<?php
            $host = "'.$newHostValue.'";
            $username = "'.$newUsernameValue.'";
            $password = "'.$newPasswordValue.'";
            $database = "'.$newDatabaseValue.'";
            /* Change this line in the HTML Form in setup.php */
            $dbc = mysqli_connect($host, $username, $password, $database);
    ?>';

    // overrite config.php with new config
    file_put_contents('config.php', $newConfigCode);
}
Edited by Ch0cu3r
Link to comment
Share on other sites

 

Easiest way would be to define the new contents of config.php as a string and for each variable substitute its value with the corresponding value from your form.  Then write the new contents to config,php Eg

 

Also change your forms submit method to post. Do not use get when submitting sensitive information.

if (isset($_POST['submit']))
{
    /* Get the results from the HTML Form */
    $hostValue     = $_POST['host'];
    $databaseValue = $_POST['database'];
    $usernameValue = $_POST['username'];
    $passwordValue = $_POST['password'];

    /* Replace the database connections in config.php */
    $newConfigCode = '<?php
            $host = "'.$newHostValue.'";
            $username = "'.$newUsernameValue.'";
            $password = "'.$newPasswordValue.'";
            $database = "'.$newDatabaseValue.'";
            /* Change this line in the HTML Form in setup.php */
            $dbc = mysqli_connect($host, $username, $password, $database);
    ?>';

    // overrite config.php with new config
    file_put_contents('config.php', $newConfigCode);
}

Okay, I never thought of it that way, thanks!

 

But I also have another method that could work, which I would prefer to do.

 

I am soon going to do some research on how to do it, but I wanted to go here first,

 

Would I be able to generate the config.php file in the setup.php, which will then create a file called config.php and then put the contents into the config.php.

 

Sorry if that does not make sense.

 

Thanks in advance,

 

Unique

Link to comment
Share on other sites

Would I be able to generate the config.php file in the setup.php, which will then create a file called config.php and then put the contents into the config.php.

 

Yes, but . . . it would make more sense to re-purpose this code for the scenario of someone updating the configuration - i.e. moving a new DB. I would do this.

 

1. Create the default config file with a "temp" name, e.g. config.tmp.

2. On load of the page, check if the file exists

3A. If no, load the form for the user assuming they've never configured the settings. Upon providing the data (and validating it), COPY the temp file and run the logic to replace the values

3B. If the file does exist, read in the current values and display the form populating the current value. Once the user submits the new values, and you validate it, replace the values in the file

 

The reason I would use a temp config file and copy it, as opposed to renaming it, is that it provides the user an easy way to rerun the initial setup. All they need to do is delete the config file and relaunch the application.

Edited by Psycho
Link to comment
Share on other sites

I was bored. Here is a working example. Still needs some cleaning up.

<?php
 
$configTemp = "config.tmp";
$configFile = "config.php";
 
if($_SERVER['REQUEST_METHOD']=='POST')
{
    //Get the POST values
    $hostname = isset($_POST['hostname']) ? trim($_POST['hostname']) : '';
    $database = isset($_POST['database']) ? trim($_POST['database']) : '';
    $username = isset($_POST['username']) ? trim($_POST['username']) : '';
    $password = isset($_POST['password']) ? trim($_POST['password']) : '';
 
    //Validate the data
    $errors = array();
    // E.g. check that all fields are provided and are the right format
    // This is just one check
    if(empty($hostname) || empty($database) || empty($username) || empty($password))
    {
        $errors[] = "All fields are required";
    }
 
    //If no errors, run check to verify that values CAN be used to make a connection
    if(!$errors)
    {
        $dbc = @mysqli_connect($hostname, $username, $password, $database);
        if (mysqli_connect_errno())
        {
            $errors[] = "Failed to connect to MySQL: " . mysqli_connect_error();
        }
    }
 
    //If still no errors, save data to config file
    if(!$errors)
    {
        //If config file does not exist, create it from temp
        if(!is_file($configFile))
        {
            copy($configTemp, $configFile);
        }
 
        //Read the contents of the current file
        $content = file_get_contents($configFile);
 
        //Replace the values in the content
        $content = preg_replace("#hostname = '[^']*'#s", "hostname = '{$hostname}'", $content);
        $content = preg_replace("#database = '[^']*'#s", "database = '{$database}'", $content);
        $content = preg_replace("#username = '[^']*'#s", "username = '{$username}'", $content);
        $content = preg_replace("#password = '[^']*'#s", "password = '{$password}'", $content);
 
        //Write contents back to config file
        file_put_contents($configFile, $content);;
 
        //Redirect to success page (followed by exit) so the form isn't loaded
        //Using an echo here to simulate
                echo "The config file was updated. Click <a href=''>here</a> to reload the page";
        exit();
    }
}
 
//If config file exists, read the current values so we can populate the form
if(is_file($configFile))
{
    //Read the current values by including it
    include($configFile);
}
 
//If errors exists, create error message
if($errors)
{
    $errorMsg = "The following errors occured:<br><ul>\n";
    foreach($errors as $error)
    {
        $errorMsg .= "<li>{$error}</li>\n";
    }
    $errorMsg .= "</ul>\n";
}
 
?>
<html>
<head></head>
<body>
 
Provide Database Configuration<br><br>
 
<?php echo $errorMsg; ?>
 
<form name='form' action='' method='post'>
    Host: <input type='text' name='hostname' placeholder='Database host' value="<?php echo $hostname; ?>" /><br />
    Database:<input type='text' name='database' placeholder='Database name' value="<?php echo $database; ?>" /><br />
    Username: <input type='text' name='username' placeholder='Database username' value="<?php echo $username; ?>" /><br />
    Password: <input type='password' name='password' placeholder='Database password' value="<?php echo $password; ?>" /><br /><br />
    <input type='submit' name='submit' value='Change values' />
</form>
 
 
</body>
</html>
Edited by Psycho
Link to comment
Share on other sites

My thought was to keep it available to repurposed for allowing the configurations to be changed. I believe this user has a separate post about creating a multi-step configuration setup for his site. I think it is useful to allow users to change configurations later on.

 

The process I typically use is to have a core script that is always executed for any page request. That page would load the configuration data, among other things. That way, if the configuration data doesn't exists it would dynamically load the process to run the configuration. But, I see where you are going, the pages to set the configuration should not be generally accessible. So, if the configuration file does exist, I would only allow logged in users (with the right permissions) to rerun the configuration script. That might be a lot of overhead depending on the application.

  • Like 1
Link to comment
Share on other sites

My thought was to keep it available to repurposed for allowing the configurations to be changed. I believe this user has a separate post about creating a multi-step configuration setup for his site. I think it is useful to allow users to change configurations later on.

 

The process I typically use is to have a core script that is always executed for any page request. That page would load the configuration data, among other things. That way, if the configuration data doesn't exists it would dynamically load the process to run the configuration. But, I see where you are going, the pages to set the configuration should not be generally accessible. So, if the configuration file does exist, I would only allow logged in users (with the right permissions) to rerun the configuration script. That might be a lot of overhead depending on the application.

Wow, only just seen everything you have posted!

 

Thanks, this is extremely helpful!

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.