From 393fdc1dea9c6936bf261fd4dd97287f5f6b98bd Mon Sep 17 00:00:00 2001
From: JT Smith <jt@plainblack.com>
Date: Wed, 2 Mar 2005 04:08:21 +0000
Subject: [PATCH] added initial configuration wizard

---
 docs/changelog/6.x.x.txt                      |   2 +
 docs/previousVersion.sql                      |   1 -
 ....3.0-6.3.1.sql => upgrade_6.3.0-6.4.0.sql} |   2 +-
 lib/WebGUI.pm                                 |  12 ++-
 lib/WebGUI/Operation.pm                       |   1 +
 lib/WebGUI/Operation/WebGUI.pm                | 101 ++++++++++++++++++
 6 files changed, 116 insertions(+), 3 deletions(-)
 rename docs/upgrades/{upgrade_6.3.0-6.3.1.sql => upgrade_6.3.0-6.4.0.sql} (57%)

diff --git a/docs/changelog/6.x.x.txt b/docs/changelog/6.x.x.txt
index 51e86f36a..eead743fb 100644
--- a/docs/changelog/6.x.x.txt
+++ b/docs/changelog/6.x.x.txt
@@ -4,6 +4,8 @@
  - Fixed resetting votes on Poll would crash it.
  - Fixed not being able to set display title and other yes no questions to no.
  - Fixed a bug where URLs would become unreachable when using SSL.
+ - Added an initial configuration wizard which prompts the site owner to
+   configure a custom admin username and password for better security.
 
 
 6.3.0
diff --git a/docs/previousVersion.sql b/docs/previousVersion.sql
index 2501a2533..1fccc4254 100644
--- a/docs/previousVersion.sql
+++ b/docs/previousVersion.sql
@@ -3323,5 +3323,4 @@ INSERT INTO wobject VALUES (0,NULL,'KZ2UytxNpbF-3Eg3RNvQQQ','PBtmpl0000000000000
 INSERT INTO wobject VALUES (0,NULL,'G0wlShbk_XruYVfbXqWq_w','PBtmpl0000000000000060','PBtmpl0000000000000111',60,3600);
 INSERT INTO wobject VALUES (1,NULL,'UE5_3bD7kWDLUN2B-iuNuA','PBtmpl0000000000000060','PBtmpl0000000000000111',60,3600);
 INSERT INTO wobject VALUES (1,NULL,'RTsbVBEYnn3OPZWmXyIFhQ','PBtmpl0000000000000060','PBtmpl0000000000000111',60,3600);
-replace into settings (name,value) values ("specialState","init");
 
diff --git a/docs/upgrades/upgrade_6.3.0-6.3.1.sql b/docs/upgrades/upgrade_6.3.0-6.4.0.sql
similarity index 57%
rename from docs/upgrades/upgrade_6.3.0-6.3.1.sql
rename to docs/upgrades/upgrade_6.3.0-6.4.0.sql
index c1d252518..b6da4e263 100644
--- a/docs/upgrades/upgrade_6.3.0-6.3.1.sql
+++ b/docs/upgrades/upgrade_6.3.0-6.4.0.sql
@@ -1,4 +1,4 @@
-insert into webguiVersion values ('6.3.1','upgrade',unix_timestamp());
+insert into webguiVersion values ('6.4.0','upgrade',unix_timestamp());
 alter table asset add index state_parentId_lineage (state,parentId,lineage);
 
 
diff --git a/lib/WebGUI.pm b/lib/WebGUI.pm
index 573b37d2d..98686ccaf 100644
--- a/lib/WebGUI.pm
+++ b/lib/WebGUI.pm
@@ -1,5 +1,5 @@
 package WebGUI;
-our $VERSION = "6.3.0";
+our $VERSION = "6.4.0";
 our $STATUS = "beta";
 
 #-------------------------------------------------------------------
@@ -53,6 +53,15 @@ sub _processOperations {
 	return $output;
 }
 
+#-------------------------------------------------------------------
+sub _setup {
+	require WebGUI::Operation::WebGUI;
+	my $output = WebGUI::Operation::WebGUI::www_setup();
+        $output = WebGUI::HTTP::getHeader().$output;
+	WebGUI::Session::close();
+	return $output;
+}
+
 #-------------------------------------------------------------------
 sub _upgrading {
 	my $webguiRoot = shift;
@@ -76,6 +85,7 @@ sub page {
 	my $fastcgi = shift;
 	WebGUI::Session::open($webguiRoot,$configFile,$fastcgi) unless ($useExistingSession);
 	return _upgrading($webguiRoot) if ($session{setting}{specialState} eq "upgrading");
+	return _setup() if ($session{setting}{specialState} eq "init");
 	my $output = _processOperations();
 	if ($output eq "") {
 		my $asset = WebGUI::Asset->newByUrl($assetUrl);
diff --git a/lib/WebGUI/Operation.pm b/lib/WebGUI/Operation.pm
index 9d151c0b7..612bdd839 100644
--- a/lib/WebGUI/Operation.pm
+++ b/lib/WebGUI/Operation.pm
@@ -177,6 +177,7 @@ sub getOperations {
           'editUser' => 'WebGUI::Operation::User',
           'editUserSave' => 'WebGUI::Operation::User',
           'listUsers' => 'WebGUI::Operation::User',
+          'setup' => 'WebGUI::Operation::WebGUI',
           'theWg' => 'WebGUI::Operation::WebGUI',
           'genesis' => 'WebGUI::Operation::WebGUI',
 	  'deleteSubscription' => 'WebGUI::Operation::Subscription',
diff --git a/lib/WebGUI/Operation/WebGUI.pm b/lib/WebGUI/Operation/WebGUI.pm
index 0922690a2..ea4695e84 100644
--- a/lib/WebGUI/Operation/WebGUI.pm
+++ b/lib/WebGUI/Operation/WebGUI.pm
@@ -10,8 +10,15 @@ package WebGUI::Operation::WebGUI;
 # http://www.plainblack.com                     info@plainblack.com
 #-------------------------------------------------------------------
 
+use Digest::MD5;
 use strict;
+use WebGUI::FormProcessor;
+use WebGUI::HTMLForm;
+use WebGUI::HTTP;
 use WebGUI::Session;
+use WebGUI::SQL;
+use WebGUI::Style;
+use WebGUI::User;
 
 #-------------------------------------------------------------------
 sub www_genesis {
@@ -31,6 +38,100 @@ sub www_genesis {
 	return $output;
 }
 
+#-------------------------------------------------------------------
+sub www_setup {
+	unless ($session{setting}{specialState} eq "init") {
+		if (rand(10)>5) {
+			return www_genesis();
+		} else {
+			return www_theWg();
+		}
+	}
+	my $output = '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+	<head>
+		<title>WebGUI Initial Configuration</title>
+	</head>
+	<body><div style="font-family: georgia, helvetica, arial, sans-serif; color: white; z-index: 10; width: 550px; height: 400px; top: 20%; left: 20%; position: absolute;"><h1>WebGUI Initial Configuration</h1><fieldset>';
+	if ($session{form}{step} eq "2") {
+		$output .= '<legend align="left">Company Information</legend>';
+		my $u = WebGUI::User->new("3");
+		$u->username(WebGUI::FormProcessor::process("username","text","Admin"));
+		$u->profileField("email",WebGUI::FormProcessor::email("email"));
+		$u->identifier(Digest::MD5::md5_base64(WebGUI::FormProcessor::process("identifier","password","123qwe")));
+		my $f = WebGUI::HTMLForm->new;
+		$f->hidden(
+			-name=>"op",
+			-value=>"setup"
+			);
+		$f->hidden(
+			-name=>"step",
+			-value=>"3"
+			);
+		$f->text(
+			-name=>"companyName",
+			-value=>$session{setting}{companyName},
+			-label=>"Company Name"
+			);
+		$f->email(
+			-name=>"companyEmail",
+			-value=>$session{setting}{companyEmail},
+			-label=>"Company Email Address"
+			);
+		$f->url(
+			-name=>"companyURL",
+			-value=>$session{setting}{companyURL},
+			-label=>"Company URL"
+			);
+		$f->submit;
+		$output .= $f->print;
+	} elsif ($session{form}{step} eq "3") {
+		WebGUI::SQL->write("update settings set value=".quote(WebGUI::FormProcessor::text("companyName"))." where name='companyName'");
+		WebGUI::SQL->write("update settings set value=".quote(WebGUI::FormProcessor::url("companyURL"))." where name='companyURL'");
+		WebGUI::SQL->write("update settings set value=".quote(WebGUI::FormProcessor::email("companyEmail"))." where name='companyEmail'");
+		WebGUI::SQL->write("delete from settings where name='specialState'");
+		WebGUI::HTTP::setRedirect($session{env}{SCRIPT_NAME});
+		return "";
+	} else {
+		$output .= '<legend align="left">Admin Account</legend>';
+		my $u = WebGUI::User->new('3');
+		my $f = WebGUI::HTMLForm->new;
+		$f->hidden(
+			-name=>"op",
+			-value=>"setup"
+			);
+		$f->hidden(
+			-name=>"step",
+			-value=>"2"
+			);
+		$f->text(
+			-name=>"username",
+			-value=>$u->username,
+			-label=>"Username"
+			);
+		$f->text(
+			-name=>"identifier",
+			-value=>"123qwe",
+			-label=>"Password",
+			-subtext=>'<div style=\"font-size: 10px;\">(Displayed in clear text so you can ensure you\'ve typed it correctly.)</div>'
+			);
+		$f->email(
+			-name=>"email",
+			-value=>$u->profileField("email"),
+			-label=>"Email Address"
+			);
+		$f->submit;
+		$output .= $f->print; 
+	}
+	$output .= '</fieldset></div>
+		<img src="'.$session{config}{extrasURL}.'/background.jpg" border="0" style="position: absolute; top: 0; left: 0; width: 100%; height: 100%; z-index: 5;" />
+	</body>
+</html>';
+	return $output;
+}
+
+
 #-------------------------------------------------------------------
 sub www_theWg {
 	$session{page}{useEmptyStyle} = 1;