File manager

File manager - Edit - /home/justdoit/.trash/index.php.1

Back
<?php /** * PlexiTrust Consolidated — Setup Wizard * ---------------------------------------------------------------------------- * Upload the whole application to your server, then visit /online-banking/install/ * in a browser and follow the steps. When finished, the installer DELETES ITSELF. * * Steps: Requirements -> Database -> Email -> Site & Admin -> Install -> Finish * ---------------------------------------------------------------------------- / session_start(); error_reporting(E_ALL); ini_set('display_errors', 1); // installer only; the app itself keeps errors off define('APP_ROOT', dirname(__DIR__)); // .../online-banking define('INC_DIR', APP_ROOT . '/includes'); define('IMG_DIR', APP_ROOT . '/assets/img'); $__sqlPrimary = __DIR__ . '/schema.sql'; // bundled with the installer $__sqlFallback = APP_ROOT . '/plexitrust_obank.sql'; // copy left at the app root define('SQL_FILE', is_readable($__sqlPrimary) ? $__sqlPrimary : $__sqlFallback); define('LOCK_FILE', APP_ROOT . '/install.lock'); $step = $_GET['step'] ?? 'welcome'; $error = ''; $ok = ''; require __DIR__ . '/lib.php'; / If already installed, refuse (unless explicitly finishing/deleting) / if (file_exists(LOCK_FILE) && !in_array($step, ['done','selfdestruct'])){ $step = 'locked'; } / ---------- step processing ------------------------------------------- / if ($_SERVER['REQUEST_METHOD'] === 'POST'){ if ($step === 'database'){ $d = [ 'host' => trim($_POST['db_host'] ?? 'localhost'), 'name' => trim($_POST['db_name'] ?? ''), 'user' => trim($_POST['db_user'] ?? ''), 'pass' => (string)($_POST['db_pass'] ?? ''), ]; if ($d['name'] === '' \|\| $d['user'] === ''){ $error = 'Database name and user are required.'; } else { try { // Connect to the MySQL server WITHOUT selecting a database first, // so we can create it if it doesn't already exist. $srv = new PDO("mysql:host={$d['host']};charset=utf8mb4", $d['user'], $d['pass'], [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); $safeName = '`' . str_replace('`', '', $d['name']) . '`'; $exists = $srv->query("SHOW DATABASES LIKE " . $srv->quote($d['name']))->fetch(); if (!$exists){ // Try to create it. On many shared hosts (cPanel) the DB user // is not allowed to CREATE DATABASE — in that case we explain. try { $srv->exec("CREATE DATABASE $safeName CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci"); $_SESSION['inst_db_created'] = true; } catch (PDOException $e){ $error = 'The database "' . h($d['name']) . '" does not exist and your host did not allow the ' . 'installer to create it automatically. Please create it in cPanel ▸ MySQL® Databases ' . '(then add this user to it with ALL PRIVILEGES) and try again.'; } } if ($error === ''){ // Confirm we can now open the database itself. $pdo = new PDO("mysql:host={$d['host']};dbname={$d['name']};charset=utf8mb4", $d['user'], $d['pass'], [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]); $_SESSION['inst_db'] = $d; header('Location: ?step=email'); exit; } } catch (PDOException $e){ $error = 'Could not connect to MySQL: ' . $e->getMessage() . ' — check the host, username and password.'; } } } elseif ($step === 'email'){ $m = [ 'from_name' => trim($_POST['from_name'] ?? 'PlexiTrust Consolidated Bank'), 'from_email' => trim($_POST['from_email'] ?? ''), 'reply_email' => trim($_POST['reply_email'] ?? ''), 'host' => trim($_POST['smtp_host'] ?? ''), 'port' => (int)($_POST['smtp_port'] ?? 587), 'secure' => ($_POST['smtp_secure'] ?? 'tls') === 'ssl' ? 'ssl' : 'tls', 'username' => trim($_POST['smtp_user'] ?? ''), 'password' => (string)($_POST['smtp_pass'] ?? ''), ]; if ($m['host'] === '' \|\| $m['username'] === '' \|\| $m['password'] === '' \|\| $m['from_email'] === ''){ $error = 'Please complete the SMTP host, username, password and "from" address.'; } else { if ($m['reply_email'] === '') $m['reply_email'] = $m['from_email']; $_SESSION['inst_mail'] = $m; header('Location: ?step=site'); exit; } } elseif ($step === 'site'){ $s = [ 'name' => trim($_POST['site_name'] ?? 'PlexiTrust Consolidated'), 'email' => trim($_POST['support_email'] ?? ''), 'phone' => trim($_POST['support_phone'] ?? ''), ]; $admin = [ 'username' => trim($_POST['admin_user'] ?? 'admin'), 'email' => trim($_POST['admin_email'] ?? ''), 'pass' => (string)($_POST['admin_pass'] ?? ''), 'pass2' => (string)($_POST['admin_pass2'] ?? ''), ]; if ($s['email'] === '' \|\| $admin['username'] === '' \|\| $admin['email'] === '' \|\| $admin['pass'] === ''){ $error = 'Please complete the site e-mail and the admin username, e-mail and password.'; } elseif (strlen($admin['pass']) < 8){ $error = 'Admin password should be at least 8 characters.'; } elseif ($admin['pass'] !== $admin['pass2']){ $error = 'The two admin passwords do not match.'; } else { // Save uploaded images straight away (branding is harmless to place early) $map = ['logo'=>'logo.png','logo_white'=>'logowhite.png','favicon'=>'favicon.png']; foreach ($map as $field => $target){ if (!empty($_FILES[$field]['tmp_name']) && is_uploaded_file($_FILES[$field]['tmp_name'])){ $info = @getimagesize($_FILES[$field]['tmp_name']); if ($info){ @move_uploaded_file($_FILES[$field]['tmp_name'], IMG_DIR . '/' . $target); } } } $_SESSION['inst_site'] = $s; $_SESSION['inst_admin'] = $admin; header('Location: ?step=install'); exit; } } elseif ($step === 'install'){ $log = []; try { $d = $_SESSION['inst_db'] ?? null; $m = $_SESSION['inst_mail'] ?? null; $s = $_SESSION['inst_site'] ?? null; $a = $_SESSION['inst_admin']?? null; if (!$d \|\| !$m \|\| !$s \|\| !$a) throw new Exception('Missing setup data — please start again.'); // 1) connect $pdo = new PDO("mysql:host={$d['host']};dbname={$d['name']};charset=utf8mb4", $d['user'], $d['pass'], [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::MYSQL_ATTR_INIT_COMMAND => "SET time_zone='+00:00'"]); $log[] = 'Connected to database.'; // 2) import schema if (!file_exists(SQL_FILE)) throw new Exception('plexitrust_obank.sql not found in the app folder.'); $sql = file_get_contents(SQL_FILE); $count = run_sql_dump($pdo, $sql); $log[] = "Imported database schema ($count statements)."; // 3) admin account (replace the seeded admin) $hash = password_hash($a['pass'], PASSWORD_DEFAULT); $upd = $pdo->prepare("UPDATE users SET username=?, email=?, password=?, status='active' WHERE user_type='admin' LIMIT 1"); $upd->execute([$a['username'], $a['email'], $hash]); if ($upd->rowCount() === 0){ $ins = $pdo->prepare("INSERT INTO users (username,password,email,first_name,last_name,user_type,status,terms_accepted,created_at,updated_at) VALUES (?,?,?,?,?,?,?,1,NOW(),NOW())"); $ins->execute([$a['username'],$hash,$a['email'],'System','Administrator','admin','active']); } $log[] = 'Administrator account configured.'; // 4) write config files if (!write_file(INC_DIR.'/db_credentials.php', db_credentials_php($d))) throw new Exception('Cannot write includes/db_credentials.php (check permissions).'); if (!write_file(INC_DIR.'/mail_config.php', mail_config_php($m))) throw new Exception('Cannot write includes/mail_config.php.'); if (!write_file(INC_DIR.'/site_config.php', site_config_php($s))) throw new Exception('Cannot write includes/site_config.php.'); $log[] = 'Configuration files written.'; // 5) lock write_file(LOCK_FILE, "installed " . date('c') . "\n"); $log[] = 'Installation locked.'; $_SESSION['inst_log'] = $log; // clear sensitive setup data from the session unset($_SESSION['inst_db'],$_SESSION['inst_mail'],$_SESSION['inst_admin']); header('Location: ?step=done'); exit; } catch (Throwable $e){ $error = $e->getMessage(); $_SESSION['inst_log'] = $log; } } elseif ($step === 'selfdestruct'){ // remove the SQL dump(s) + the entire installer folder, then go to login @unlink(APP_ROOT . '/plexitrust_obank.sql'); @unlink(__DIR__ . '/schema.sql'); rrmdir(__DIR__); header('Location: ../login.php'); exit; } } / defaults for forms / $db = $_SESSION['inst_db'] ?? ['host'=>'localhost','name'=>'','user'=>'','pass'=>'']; $mail = $_SESSION['inst_mail'] ?? ['from_name'=>'PlexiTrust Consolidated Bank','from_email'=>'','reply_email'=>'','host'=>'smtp.gmail.com','port'=>587,'secure'=>'tls','username'=>'','password'=>'']; $site = $_SESSION['inst_site'] ?? ['name'=>'PlexiTrust Consolidated','email'=>'','phone'=>'']; / requirements / function requirements(){ $exts = ['pdo_mysql','mbstring','openssl','curl','gd','fileinfo']; $r = []; $r[] = ['PHP 8.0+', version_compare(PHP_VERSION,'8.0.0','>='), PHP_VERSION, true]; foreach ($exts as $e){ $r[] = ["Extension: $e", extension_loaded($e), extension_loaded($e)?'loaded':'missing', $e!=='gd']; } $writables = ['includes','assets/img','uploads','logs']; foreach ($writables as $w){ $p = APP_ROOT.'/'.$w; $r[] = ["Writable: $w", is_writable($p), is_writable($p)?'writable':'NOT writable', true]; } return $r; } ?> <!doctype html> <html lang="en"><head> <meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>PlexiTrust Setup</title> <style> :root{--g:#0b5e2a;--g2:#2bb33b;--ink:#013220;} {box-sizing:border-box} body{margin:0;font-family:-apple-system,BlinkMacSystemFont,'Segoe UI',Roboto,Arial,sans-serif;background:linear-gradient(135deg,#013220,#0b5e2a 60%,#29a220 160%);color:#243;min-height:100vh;padding:30px 14px} .card{max-width:680px;margin:0 auto;background:#fff;border-radius:18px;box-shadow:0 20px 60px rgba(0,0,0,.35);overflow:hidden} .head{background:linear-gradient(90deg,var(--g),var(--g2));color:#fff;padding:24px 28px} .head h1{margin:0;font-size:22px}.head p{margin:6px 0 0;opacity:.9;font-size:14px} .steps{display:flex;gap:6px;padding:14px 28px;background:#f4f7f5;font-size:12px;color:#789;flex-wrap:wrap} .steps span{padding:4px 10px;border-radius:20px;background:#e6efe9} .steps span.on{background:var(--g);color:#fff} .body{padding:26px 28px} h2{margin:0 0 14px;color:var(--ink);font-size:18px} label{display:block;margin:12px 0 5px;font-weight:600;font-size:14px;color:#334} input,select{width:100%;padding:11px 12px;border:1px solid #cdd6d0;border-radius:10px;font-size:14px} .row{display:flex;gap:12px}.row>div{flex:1} .hint{font-size:12px;color:#789;margin-top:4px} .btn{display:inline-block;margin-top:20px;background:linear-gradient(90deg,var(--g),var(--g2));color:#fff;border:0;border-radius:30px;padding:13px 30px;font-size:15px;font-weight:600;cursor:pointer} .btn:hover{opacity:.94} .msg{padding:12px 14px;border-radius:10px;margin-bottom:14px;font-size:14px} .msg.err{background:#fde8e8;color:#9b1c1c;border:1px solid #f5c2c2} .msg.ok{background:#e7f6ec;color:#176a32;border:1px solid #b6e0c2} table.req{width:100%;border-collapse:collapse;font-size:14px} table.req td{padding:9px 6px;border-bottom:1px solid #eef2ef} .pass{color:#176a32;font-weight:600}.fail{color:#9b1c1c;font-weight:600} ul.log{font-size:14px;color:#345;line-height:1.7} fieldset{border:1px solid #e0e7e2;border-radius:12px;padding:12px 16px;margin-top:16px} legend{font-weight:700;color:var(--ink);padding:0 6px} .danger{background:#fff7e6;border:1px solid #ffe0a3;color:#7a5b00;padding:12px 14px;border-radius:10px;font-size:13px;margin-top:14px} </style></head> <body> <div class="card"> <div class="head"> <h1>PlexiTrust Consolidated — Setup</h1> <p>Configure your online-banking installation</p> </div> <?php $order = ['welcome'=>'Start','requirements'=>'Requirements','database'=>'Database','email'=>'Email','site'=>'Site & Admin','install'=>'Install','done'=>'Finish']; echo '<div class="steps">'; foreach ($order as $k=>$lbl){ echo '<span'.($k===$step?' class="on"':'').'>'.$lbl.'</span>'; } echo '</div>'; ?> <div class="body"> <?php if ($error): ?><div class="msg err"><?= h($error) ?></div><?php endif; ?> <?php if ($step === 'locked'): ?> <h2>Already installed</h2> <p>An <code>install.lock</code> file exists, so setup is disabled. If you really need to run it again, delete <code>install.lock</code> from the app folder first.</p> <a class="btn" href="../login.php">Go to login</a> <?php elseif ($step === 'welcome'): ?> <h2>Welcome</h2> <p>This wizard will connect your database, import the tables, set up e-mail, your branding and an administrator account. When it finishes it will <strong>delete itself</strong>.</p> <p>Before you start, create your database & user in cPanel and have the SMTP details ready.</p> <a class="btn" href="?step=requirements">Get started →</a> <?php elseif ($step === 'requirements'): ?> <h2>Server requirements</h2> <table class="req"><?php $allok=true; foreach (requirements() as $r){ [$name,$pass,$detail,$critical]=$r; if($critical && !$pass)$allok=false; echo '<tr><td>'.h($name).'</td><td style="text-align:right" class="'.($pass?'pass':($critical?'fail':'')).'">'.($pass?'✓ ':'✗ ').h($detail).'</td></tr>'; } ?> </table> <?php if(!$allok): ?><div class="danger">Some required items are missing. Fix them (or ask your host) before continuing.</div><?php endif; ?> <a class="btn" href="?step=database">Continue →</a> <?php elseif ($step === 'database'): ?> <h2>Database connection</h2> <form method="post" action="?step=database"> <label>Database host</label><input name="db_host" value="<?= h($db['host']) ?>"> <label>Database name</label><input name="db_name" value="<?= h($db['name']) ?>" required> <label>Database user</label><input name="db_user" value="<?= h($db['user']) ?>" required> <label>Database password</label><input type="password" name="db_pass" value="<?= h($db['pass']) ?>"> <div class="hint">You only need the database <strong>name</strong> (and a user with access). The installer creates <strong>all tables and data automatically</strong> — you never import any SQL by hand. If the database doesn't exist yet it will try to create it; on most cPanel hosts you create the database + user in MySQL® Databases first and add the user with ALL PRIVILEGES.</div> <button class="btn" type="submit">Test & continue →</button> </form> <?php elseif ($step === 'email'): ?> <h2>E-mail (SMTP)</h2> <p class="hint" style="margin-bottom:10px">Choose how outgoing e-mails (login codes, alerts) are sent.</p> <div class="row" style="margin-bottom:6px"> <label style="flex:1;border:1px solid #cdd6d0;border-radius:10px;padding:11px;cursor:pointer;display:flex;gap:8px;align-items:center;font-weight:600"> <input type="radio" name="mail_preset" value="gmail" checked onclick="ptPreset(true)"> Gmail (App Password) </label> <label style="flex:1;border:1px solid #cdd6d0;border-radius:10px;padding:11px;cursor:pointer;display:flex;gap:8px;align-items:center;font-weight:600"> <input type="radio" name="mail_preset" value="custom" onclick="ptPreset(false)"> My own / cPanel mail server </label> </div> <form method="post" action="?step=email"> <div class="row"> <div><label>From name</label><input name="from_name" value="<?= h($mail['from_name']) ?>"></div> <div><label>From e-mail</label><input name="from_email" value="<?= h($mail['from_email']) ?>" required></div> </div> <label>Reply-to e-mail (optional)</label><input name="reply_email" value="<?= h($mail['reply_email']) ?>"> <fieldset><legend>Outgoing server</legend> <div class="row"> <div><label>SMTP host</label><input name="smtp_host" value="<?= h($mail['host']) ?>" required> <div class="hint">Gmail: smtp.gmail.com · or your cPanel mail server (e.g. mail.yourdomain.com)</div></div> <div style="max-width:120px"><label>Port</label><input name="smtp_port" value="<?= h($mail['port']) ?>"></div> <div style="max-width:140px"><label>Security</label> <select name="smtp_secure"><option value="tls"<?= $mail['secure']==='tls'?' selected':'' ?>>TLS (587)</option><option value="ssl"<?= $mail['secure']==='ssl'?' selected':'' ?>>SSL (465)</option></select></div> </div> <label>SMTP username</label><input name="smtp_user" value="<?= h($mail['username']) ?>" required> <label>SMTP password</label><input type="password" name="smtp_pass" value="<?= h($mail['password']) ?>" required> <div class="hint">For Gmail this must be a 16-character <strong>App Password</strong>, not your normal password.</div> </fieldset> <button class="btn" type="submit">Continue →</button> </form> <script> function ptPreset(g){ var host=document.querySelector('[name=smtp_host]'), port=document.querySelector('[name=smtp_port]'), sec =document.querySelector('[name=smtp_secure]'); if(g){ host.value='smtp.gmail.com'; port.value='587'; sec.value='tls'; } else if(host.value==='smtp.gmail.com'){ host.value=''; } } </script> <?php elseif ($step === 'site'): ?> <h2>Branding & administrator</h2> <form method="post" action="?step=site" enctype="multipart/form-data"> <label>Site / bank name</label><input name="site_name" value="<?= h($site['name']) ?>"> <div class="row"> <div><label>Support e-mail</label><input name="support_email" value="<?= h($site['email']) ?>" required></div> <div><label>Support phone</label><input name="support_phone" value="<?= h($site['phone']) ?>"></div> </div> <fieldset><legend>Logos (PNG)</legend> <label>Main logo → logo.png</label><input type="file" name="logo" accept="image/"> <label>White logo (for dark headers) → logowhite.png</label><input type="file" name="logo_white" accept="image/"> <label>Favicon → favicon.png</label><input type="file" name="favicon" accept="image/*"> <div class="hint">Optional — leave blank to keep the current images.</div> </fieldset> <fieldset><legend>Administrator account</legend> <label>Admin username</label><input name="admin_user" value="admin" required> <label>Admin e-mail</label><input name="admin_email" type="email" required> <div class="row"> <div><label>Password</label><input name="admin_pass" type="password" required></div> <div><label>Confirm password</label><input name="admin_pass2" type="password" required></div> </div> </fieldset> <button class="btn" type="submit">Continue →</button> </form> <?php elseif ($step === 'install'): ?> <h2>Ready to install</h2> <p>The wizard will now import the database, write your configuration and create the administrator. This can take a moment.</p> <?php if (!empty($_SESSION['inst_log'])): ?><ul class="log"><?php foreach($_SESSION['inst_log'] as $l) echo '<li>'.h($l).'</li>'; ?></ul><?php endif; ?> <form method="post" action="?step=install"><button class="btn" type="submit">Run installation →</button></form> <?php elseif ($step === 'done'): ?> <h2>Installation complete 🎉</h2> <?php if (!empty($_SESSION['inst_log'])): ?><ul class="log"><?php foreach($_SESSION['inst_log'] as $l) echo '<li>✓ '.h($l).'</li>'; ?></ul><?php endif; ?> <div class="danger"><strong>Final step:</strong> for security, the installer must now be removed. Clicking the button deletes the <code>install/</code> folder and the SQL file, then sends you to the login page.</div> <form method="post" action="?step=selfdestruct"><button class="btn" type="submit">Finish & remove installer →</button></form> <?php endif; ?> </div> </div> </body></html>

| ver. 1.4 | Github | . | PHP 8.2.31 | Generation time: 1.2 | proxy | phpinfo | Settings