* [DEV] WORK IN PROGRESS: Fixed installer

ajax/ajax_doLogin.php

@@ -200,7 +200,7 @@ if (!$masterPass
 
 // Comprobar si se ha forzado un cambio de clave
 if ($User->getItemData()->isUserIsChangePass()) {
-    $hash = \SP\Util\Util::generate_random_bytes();
+    $hash = \SP\Util\Util::generateRandomBytes();
 
     $UserPassRecoverData = new UserPassRecoverData();
     $UserPassRecoverData->setUserpassrUserId($User->getItemData()->getUserId());

inc/Base.php

@@ -35,6 +35,8 @@ define('CONTROLLER_PATH', __DIR__ . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPAR
 define('VIEW_PATH', __DIR__ . DIRECTORY_SEPARATOR . 'themes');
 define('EXTENSIONS_PATH', __DIR__ . DIRECTORY_SEPARATOR . 'Exts');
 define('LOCALES_PATH', __DIR__ . DIRECTORY_SEPARATOR . 'locales');
+define('SQL_PATH', __DIR__ . DIRECTORY_SEPARATOR . 'sql');
+
 
 define('DEBUG', true);
 

inc/SP/Auth/Auth.class.php

@@ -210,7 +210,7 @@ class Auth
             && !$UserData->isUserIsLdap()
             && !UserPassRecover::checkPassRecoverLimit($UserData)
         ) {
-            $hash = Util::generate_random_bytes();
+            $hash = Util::generateRandomBytes();
 
             $Log = new Log(_('Cambio de Clave'));
 

inc/SP/Controller/MainController.class.php

@@ -27,6 +27,7 @@ namespace SP\Controller;
 
 defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'));
 
+use SP\Config\Config;
 use SP\Core\ActionsInterface;
 use SP\Core\Init;
 use SP\Core\Installer;
@@ -67,6 +68,7 @@ class MainController extends ControllerBase implements ActionsInterface
             $this->view->addTemplate('header');
             $this->view->addTemplate('body-start');
 
+            $this->view->assign('isInstalled', Config::getConfig()->isInstalled());
             $this->view->assign('sk', SessionUtil::getSessionKey(true));
             $this->view->assign('appInfo', Util::getAppInfo());
             $this->view->assign('appVersion', Util::getVersionString());
@@ -279,7 +281,6 @@ class MainController extends ControllerBase implements ActionsInterface
         $InstallData->setHostingMode(Request::analyze('hostingmode', false));
 
         $this->view->assign('isCompleted', false);
-
         $this->view->assign('InstallData', $InstallData);
 
         $errors = array_merge(Checks::checkPhpVersion(), Checks::checkModules());

inc/SP/Core/CryptMasterPass.class.php

@@ -46,7 +46,7 @@ class CryptMasterPass
     public static function setTempMasterPass($maxTime = 14400)
     {
         // Encriptar la clave maestra con hash aleatorio generado
-        $randomKey = Crypt::generateAesKey(Util::generate_random_bytes());
+        $randomKey = Crypt::generateAesKey(Util::generateRandomBytes());
         $pass = Crypt::mkCustomMPassEncrypt($randomKey, SessionUtil::getSessionMPass());
 
         if (!is_array($pass)) {

inc/SP/Core/Init.class.php

@@ -29,6 +29,7 @@ use SP\Auth\Auth;
 use SP\Config\Config;
 use SP\Config\ConfigDB;
 use SP\Controller;
+use SP\Controller\MainController;
 use SP\Core\Exceptions\SPException;
 use SP\Http\Request;
 use SP\Log\Email;
@@ -289,7 +290,7 @@ class Init
     {
         $Tpl = new Template();
         $Tpl->append('errors', array('type' => SPException::SP_CRITICAL, 'description' => $str, 'hint' => $hint));
-        $Controller = new Controller\MainController($Tpl);
+        $Controller = new MainController($Tpl);
         $Controller->getError(true);
         $Controller->view();
         exit;
@@ -455,7 +456,7 @@ class Init
                 exit();
             } else {
                 // Comprobar si sysPass está instalada o en modo mantenimiento
-                $Controller = new Controller\MainController();
+                $Controller = new MainController();
                 $Controller->getInstaller();
                 $Controller->view();
                 exit();
@@ -537,7 +538,7 @@ class Init
      */
     private static function goLogin()
     {
-        $Controller = new Controller\MainController(null, 'login');
+        $Controller = new MainController(null, 'login');
         $Controller->getLogin();
         $Controller->view();
         exit;
@@ -583,7 +584,7 @@ class Init
                     Config::saveConfig();
                 }
             } else {
-                $controller = new Controller\MainController();
+                $controller = new MainController();
                 $controller->getUpgrade();
                 $controller->view();
                 exit();
@@ -667,7 +668,7 @@ class Init
         }
 
         $action = Request::analyze('a');
-        $Controller = new Controller\MainController();
+        $Controller = new MainController();
 
         switch ($action) {
             case 'passreset':
@@ -744,7 +745,7 @@ class Init
         }
 
         $action = Request::analyze('a');
-        $Controller = new Controller\MainController(null, 'main');
+        $Controller = new MainController(null, 'main');
 
         switch ($action) {
             case 'accView':

inc/SP/Core/Installer.class.php

@@ -83,7 +83,7 @@ class Installer
             $Config = Config::getConfig();
 
             // Generate a random salt that is used to salt the local user passwords
-            $Config->setPasswordSalt(Util::generate_random_bytes(30));
+            $Config->setPasswordSalt(Util::generateRandomBytes(30));
             $Config->setConfigVersion(implode(Util::getVersion(true)));
 
             if (preg_match('/(.*):(\d{1,5})/', $this->InstallData->getDbHost(), $match)) {
@@ -95,6 +95,8 @@ class Installer
 
             if (!preg_match('/(localhost|127.0.0.1)/', $this->InstallData->getDbHost())) {
                 $this->InstallData->setDbAuthHost($_SERVER['SERVER_ADDR']);
+            } else {
+                $this->InstallData->setDbAuthHost('localhost');
             }
 
             // Save DB connection info
@@ -203,9 +205,11 @@ class Installer
     {
         // Si no es modo hosting se crea un hash para la clave y un usuario con prefijo "sp_" para la DB
         if (!$this->InstallData->isHostingMode()) {
-            $this->InstallData->setDbPass(md5(time() . $this->InstallData->getDbPass()));
+            $this->InstallData->setDbPass(Util::randomPassword());
             $this->InstallData->setDbUser(substr('sp_' . $this->InstallData->getAdminLogin(), 0, 16));
 
+            error_log($this->InstallData->getDbPass());
+
             // Comprobar si el usuario sumistrado existe
             $query = sprintf(/** @lang SQL */
                 'SELECT COUNT(*) FROM mysql.user 
@@ -333,7 +337,7 @@ class Installer
      */
     private function createDBStructure()
     {
-        $fileName = Init::$SERVERROOT . DIRECTORY_SEPARATOR . 'sql' . DIRECTORY_SEPARATOR . 'dbstructure.sql';
+        $fileName = SQL_PATH  . DIRECTORY_SEPARATOR . 'dbstructure.sql';
 
         if (!file_exists($fileName)) {
             throw new SPException(SPException::SP_CRITICAL,

inc/SP/Util/Util.class.php

@@ -39,13 +39,46 @@ defined('APP_ROOT') || die(_('No es posible acceder directamente a este archivo'
  */
 class Util
 {
+    /**
+     * Generar una clave aleatoria
+     *
+     * @param int $length Longitud de la clave
+     * @param bool $useNumbers Usar números
+     * @param bool $useSpecial Usar carácteres especiales
+     * @return string
+     */
+    public static function randomPassword($length = 16, $useNumbers = true, $useSpecial = true)
+    {
+        $special = "@#$%&/()=?¿!_-:.;,{}[]*^";
+        $numbers = "0123456789";
+        $alphabet = "abcdefghijklmnopqrstuwxyzABCDEFGHIJKLMNOPQRSTUWXYZ";
+
+        if ($useSpecial === true) {
+            $alphabet .= $special;
+        }
+
+        if ($useNumbers === true) {
+            $alphabet .= $numbers;
+        }
+
+        $pass = [];
+        $alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
+
+        for ($i = 0; $i < $length; $i++) {
+            $n = rand(0, $alphaLength);
+            $pass[] = $alphabet[$n];
+        }
+
+        return implode($pass); //turn the array into a string
+    }
+
     /**
      * Generar una cadena aleatoria usuando criptografía.
      *
      * @param int $length opcional, con la longitud de la cadena
      * @return string
      */
-    public static function generate_random_bytes($length = 30)
+    public static function generateRandomBytes($length = 30)
     {
         // Try to use openssl_random_pseudo_bytes
         if (function_exists('openssl_random_pseudo_bytes')) {
@@ -65,8 +98,9 @@ class Util
         // Fallback to mt_rand()
         $characters = '0123456789';
         $characters .= 'abcdefghijklmnopqrstuvwxyz';
+        $characters .= strtoupper('abcdefghijklmnopqrstuvwxyz');
         $charactersLength = strlen($characters) - 1;
-        $pseudo_byte = "";
+        $pseudo_byte = '';
 
         // Select some random characters
         for ($i = 0; $i < $length; $i++) {
@@ -167,7 +201,7 @@ class Util
      * Obtener datos desde una URL usando CURL
      *
      * @param           $url string La URL
-     * @param array     $data
+     * @param array $data
      * @param bool|null $useCookie
      * @return bool|string
      * @throws SPException
@@ -347,8 +381,8 @@ class Util
      * such as 'false','N','yes','on','off', etc.
      *
      * @author Samuel Levy <sam+nospam@samuellevy.com>
-     * @param mixed $in     The variable to check
-     * @param bool  $strict If set to false, consider everything that is not false to
+     * @param mixed $in The variable to check
+     * @param bool $strict If set to false, consider everything that is not false to
      *                      be true.
      * @return bool The boolean equivalent or null (if strict, and no exact equivalent)
      */
@@ -431,7 +465,7 @@ class Util
     {
         return unserialize(preg_replace('/^O:\d+:"[^"]++"/', 'O:' . strlen($class) . ':"' . $class . '"', serialize($object)));
     }
-    
+
     /**
      * Devuelve la última función llamada tras un error
      *
@@ -463,8 +497,8 @@ class Util
      */
     public static function checkInObjectArray(array $objectArray, $method, $value)
     {
-        foreach ($objectArray as $object){
-            if ($object->$method() === $value){
+        foreach ($objectArray as $object) {
+            if ($object->$method() === $value) {
                 return true;
             }
         }

inc/themes/material-blue/views/main/body-end.inc

@@ -2,16 +2,19 @@
     <script type="text/javascript" src="<?php echo $jsLink; ?>"></script>
 <?php endforeach; ?>
 
-<?php if ($loggedIn): ?>
-    <script type="text/javascript">
-        $(document).on("DOMContentLoaded", function (e) {
-            "use strict";
+<script type="text/javascript">
+    $(document).on("DOMContentLoaded", function (e) {
+        "use strict";
 
-            console.info("DOMContentLoaded");
+        console.info("DOMContentLoaded");
+        <?php if ($loggedIn): ?>
             sysPassApp.triggers().views.main();
-        });
-    </script>
-<?php endif; ?>
+        <?php elseif ($isInstalled === false): ?>
+            sysPassApp.triggers().views.install();
+        <?php endif; ?>
+    });
+</script>
+
 </body> <!-- Close BODY...almost done..go..go..go -->
 </html> <!-- Close HTML...ufff too much work!! :)) -->
 <!-- Insert coin . . . -->

inc/themes/material-blue/views/main/install.inc

@@ -24,7 +24,7 @@
     <?php endif; ?>
 
     <?php if ($isCompleted === false): ?>
-        <form id="frmInstall" action="../../../../../index.php" method="post">
+        <form id="frmInstall" action="index.php" method="post" class="form-action" data-onsubmit="main/install">
             <input type="hidden" name="install" value="true"/>
 
             <fieldset id="adminaccount">
@@ -46,8 +46,7 @@
                 <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                     <input id="adminpass" name="adminpass" type="password" required
                            class="mdl-textfield__input mdl-color-text--indigo-400 passwordfield__input"
-                           value="" maxlength="255" autocomplete="off"
-                           onKeyUp="sysPassUtil.Common.checkPassLevel(this.value,'adminaccount')">
+                           value="" maxlength="255" autocomplete="off">
                     <label class="mdl-textfield__label"
                            for="adminlogin"><?php echo _('Clave'); ?></label>
                 </div>
@@ -58,8 +57,7 @@
                 <div class="mdl-textfield mdl-js-textfield mdl-textfield--floating-label">
                     <input id="masterpassword" name="masterpassword" type="password" required
                            class="mdl-textfield__input mdl-color-text--indigo-400 passwordfield__input"
-                           value="" maxlength="255" autocomplete="off"
-                           onKeyUp="sysPassUtil.Common.checkPassLevel(this.value,'masterpwd')">
+                           value="" maxlength="255" autocomplete="off">
                     <label class="mdl-textfield__label"
                            for="masterpassword"><?php echo _('Clave Maestra'); ?></label>
                 </div>
@@ -146,13 +144,4 @@
             </div>
         </form>
     <?php endif; ?>
-</div>
-<script>
-    window.onload = function () {
-        sysPassApp.passwordDetect();
-
-        $('#btnInstall').click(function () {
-            $('#frmInstall').submit();
-        });
-    };
-</script>
+</div>

js/app-triggers.js

@@ -339,6 +339,9 @@ sysPass.Triggers = function (Common) {
             if ($form.length > 0) {
                 $form.attr("data-hash", SparkMD5.hash($form.serialize(), false));
             }
+        },
+        install: function() {
+            Common.appTheme().passwordDetect($("#frmInstall"));
         }
     };