security fix
[openemr.git] / setup.php
blob7b4b9d008390b86ae3a3ec1580385fb7064f34c3
1 <?php
2 /**
3 * Installation script.
5 * Copyright (C) 2016 Roberto Vasquez <robertogagliotta@gmail.com>
7 * LICENSE: This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version 2
10 * of the License, or (at your option) any later version.
11 * This program is distributed in the hope that it will be usefull,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY OF FITNESS FOR A PARTICULAR PURPOSE, See the
14 * GNU General Public License for more details.
15 * You should have received a copy of the CNU General Public License
16 * along with this program. If not, see <http://opensource.org/Licenses/gpl-license.php>;.
18 * @package OpenEMR
19 * @author Roberto Vasquez <robertogagliotta@gmail.com>
20 * @author Scott Wakefield <scott@npclinics.com.au>
21 * @link http://www.open-emr.org
23 **/
25 // Warning. If you set $allow_multisite_setup to true, this is a potential security vulnerability.
26 // Recommend setting it back to false (or removing this setup.php script entirely) after you
27 // are done with the multisite procedure.
28 $allow_multisite_setup = false;
30 // Warning. If you set $allow_cloning_setup to true, this is a potential security vulnerability.
31 // Recommend setting it back to false (or removing this setup.php script entirely) after you
32 // are done with the cloning setup procedure.
33 $allow_cloning_setup = false;
34 if (!$allow_cloning_setup && !empty($_REQUEST['clone_database'])) {
35 die("To turn on support for cloning setup, need to edit this script and change \$allow_cloning_setup to true. After you are done setting up the cloning, ensure you change \$allow_cloning_setup back to false or remove this script altogether");
38 // Checks if the server's PHP version is compatible with OpenEMR:
39 require_once(dirname(__FILE__) . "/common/compatibility/Checker.php");
41 use OpenEMR\Common\Checker;
43 $response = Checker::checkPhpVersion();
44 if ($response !== true) {
45 die($response);
48 $COMMAND_LINE = php_sapi_name() == 'cli';
49 require_once(dirname(__FILE__) . '/library/authentication/password_hashing.php');
50 require_once dirname(__FILE__) . '/library/classes/Installer.class.php';
52 //turn off PHP compatibility warnings
53 ini_set("session.bug_compat_warn", "off");
55 $state = isset($_POST["state"]) ? ($_POST["state"]) : '';
57 // Make this true for IPPF.
58 $ippf_specific = false;
60 // If this script was invoked with no site ID, then ask for one.
61 if (!$COMMAND_LINE && empty($_REQUEST['site'])) {
62 echo "<html>\n";
63 echo "<head>\n";
64 echo "<title>OpenEMR Setup Tool</title>\n";
65 echo "<link rel='stylesheet' href='interface/themes/style_blue.css'>\n";
66 echo "</head>\n";
67 echo "<body>\n";
68 echo "<p><b>Optional Site ID Selection</b></p>\n";
69 echo "<p>Most OpenEMR installations support only one site. If that is " .
70 "true for you then ignore the rest of this text and just click Continue.</p>\n";
71 echo "<p>Otherwise please enter a unique Site ID here.</p>\n";
72 echo "<p>A Site ID is a short identifier with no spaces or special " .
73 "characters other than periods or dashes. It is case-sensitive and we " .
74 "suggest sticking to lower case letters for ease of use.</p>\n";
75 echo "<p>If each site will have its own host/domain name, then use that " .
76 "name as the Site ID (e.g. www.example.com).</p>\n";
77 echo "<p>The site ID is used to identify which site you will log in to. " .
78 "If it is a hostname then it is taken from the hostname in the URL. " .
79 "Otherwise you must append \"?site=<i>siteid</i>\" to the URL used for " .
80 "logging in.</p>\n";
81 echo "<p>It is OK for one of the sites to have \"default\" as its ID. This " .
82 "is the ID that will be used if it cannot otherwise be determined.</p>\n";
83 echo "<form method='post'><input type='hidden' name='state' value='0'>" .
84 "Site ID: <input type='text' name='site' value='default'>&nbsp;" .
85 "<input type='submit' value='Continue'><br></form><br>\n";
86 echo "</body></html>\n";
87 exit();
90 // Support "?site=siteid" in the URL, otherwise assume "default".
91 $site_id = 'default';
92 if (!$COMMAND_LINE && !empty($_REQUEST['site'])) {
93 $site_id = trim($_REQUEST['site']);
96 // Die if site ID is empty or has invalid characters.
97 if (empty($site_id) || preg_match('/[^A-Za-z0-9\\-.]/', $site_id)) {
98 die("Site ID '".htmlspecialchars($site_id, ENT_NOQUOTES)."' contains invalid characters.");
101 // If multisite is turned off, then only allow default for site.
102 if (!$allow_multisite_setup && $site_id != 'default') {
103 die("To turn on support for multisite setup, need to edit this script and change \$allow_multisite_setup to true. After you are done setting up the cloning, ensure you change \$allow_multisite_setup back to false or remove this script altogether");
106 //If having problems with file and directory permission
107 // checking, then can be manually disabled here.
108 $checkPermissions = true;
110 $installer = new Installer($_REQUEST);
111 global $OE_SITE_DIR; // The Installer sets this
113 $docsDirectory = "$OE_SITE_DIR/documents";
114 $billingDirectory = "$OE_SITE_DIR/edi";
115 $billingDirectory2 = "$OE_SITE_DIR/era";
116 $lettersDirectory = "$OE_SITE_DIR/letter_templates";
117 $gaclWritableDirectory = dirname(__FILE__)."/gacl/admin/templates_c";
118 $requiredDirectory1 = dirname(__FILE__)."/interface/main/calendar/modules/PostCalendar/pntemplates/compiled";
119 $requiredDirectory2 = dirname(__FILE__)."/interface/main/calendar/modules/PostCalendar/pntemplates/cache";
121 $zendModuleConfigFile = dirname(__FILE__)."/interface/modules/zend_modules/config/application.config.php";
123 //These are files and dir checked before install for
124 // correct permissions.
125 if (is_dir($OE_SITE_DIR)) {
126 $writableFileList = array($installer->conffile,$zendModuleConfigFile);
127 $writableDirList = array($docsDirectory, $billingDirectory, $billingDirectory2, $lettersDirectory, $gaclWritableDirectory, $requiredDirectory1, $requiredDirectory2);
128 } else {
129 $writableFileList = array();
130 $writableDirList = array($OE_SITES_BASE, $gaclWritableDirectory, $requiredDirectory1, $requiredDirectory2);
133 // Include the sqlconf file if it exists yet.
134 $config = 0;
135 if (file_exists($OE_SITE_DIR)) {
136 include_once($installer->conffile);
137 } else if ($state > 3) {
138 // State 3 should have created the site directory if it is missing.
139 die("Internal error, site directory is missing.");
143 <HTML>
144 <HEAD>
145 <TITLE>OpenEMR Setup Tool</TITLE>
146 <LINK REL=STYLESHEET HREF="interface/themes/style_blue.css">
147 <link rel="shortcut icon" href="public/images/favicon.ico" />
149 <style>
150 .noclone { }
151 table.phpset { border-collapse:collapse; }
152 table.phpset td, table.phpset th { font-size:9pt; border:1px solid gray; padding:2px; }
153 </style>
155 <script type="text/javascript" src="public/assets/jquery-min-1-2-2/index.js"></script>
157 <script language="javascript">
158 // onclick handler for "clone database" checkbox
159 function cloneClicked() {
160 var cb = document.forms[0].clone_database;
161 $('.noclone').css('display', cb.checked ? 'none' : 'block');
163 </script>
165 </HEAD>
166 <BODY>
168 <span class="title">OpenEMR Setup</span>
169 <br><br>
170 <span class="text">
171 <?php
172 if (strtolower(ini_get('register_globals')) != 'off' && (bool) ini_get('register_globals')) {
173 echo "It appears that you have register_globals enabled in your php.ini\n" .
174 "configuration file. This causes unacceptable security risks. You must\n" .
175 "turn it off before continuing with installation.\n";
176 exit(1);
179 if (!extension_loaded("xml")) {
180 echo "Error: PHP XML extension missing. To continue, install PHP XML extension, then restart web server.";
181 exit(1);
184 if (!(extension_loaded("mysql") || extension_loaded("mysqlnd") || extension_loaded("mysqli"))) {
185 echo "Error: PHP MySQL extension missing. To continue, install and enable MySQL extension, then restart web server.";
186 exit(1);
189 if (!(extension_loaded("mbstring") )) {
190 echo "Error: PHP mb_string extension missing. To continue, install and enable mb_string extension, then restart web server.";
191 exit(1);
195 <?php
196 if ($state == 7) {
199 <p>Congratulations! OpenEMR is now installed.</p>
201 <ul>
202 <li>Access controls (php-GACL) are installed for fine-grained security, and can be administered in
203 OpenEMR's admin->acl menu.</li>
204 <li>Reviewing <?php echo $OE_SITE_DIR; ?>/config.php is a good idea. This file
205 contains some settings that you may want to change.</li>
206 <li>There's much information and many extra tools bundled within the OpenEMR installation directory.
207 Please refer to openemr/Documentation. Many forms and other useful scripts can be found at openemr/contrib.</li>
208 <li>To ensure a consistent look and feel throughout the application,
209 <a href='http://www.mozilla.org/products/firefox/'>Firefox</a> and <a href="https://www.google.com/chrome/browser/desktop/index.html">Chrome</a> are recommended. The OpenEMR development team exclusively tests with modern versions of these browsers.</li>
210 <li>The OpenEMR project home page, documentation, and forums can be found at <a href = "http://www.open-emr.org" target="_blank">http://www.open-emr.org</a></li>
211 <li>We pursue grants to help fund the future development of OpenEMR. To apply for these grants, we need to estimate how many times this program is installed and how many practices are evaluating or using this software. It would be awesome if you would email us at <a href="mailto:president@oemr.org">president@oemr.org</a> if you have installed this software. The more details about your plans with this software, the better, but even just sending us an email stating you just installed it is very helpful.</li>
212 </ul>
214 We recommend you print these instructions for future reference.
215 </p>
216 <?php if (empty($installer->clone_database)) {
217 echo "<p><b>The initial OpenEMR user is '".$installer->iuser."' and the password is '".$installer->iuserpass."'</b></p>";
218 echo "<p>If you edited the PHP or Apache configuration files during this installation process, then we recommend you restart your Apache server before following below OpenEMR link.</p>";
219 } ?>
221 <a href='./?site=<?php echo $site_id; ?>'>Click here to start using OpenEMR. </a>
222 </p>
224 <?php
225 exit();
229 <?php
231 $inst = isset($_POST["inst"]) ? ($_POST["inst"]) : '';
234 if (($config == 1) && ($state < 4)) {
235 echo "OpenEMR has already been installed. If you wish to force re-installation, then edit $installer->conffile (change the 'config' variable to 0), and re-run this script.<br>\n";
236 } else {
237 switch ($state) {
238 case 1:
239 echo "<b>Step $state</b><br><br>\n";
240 echo "Now I need to know whether you want me to create the database on my own or if you have already created the database for me to use. For me to create the database, you will need to supply the MySQL root password.\n
241 <span class='title'> <br />NOTE: clicking on \"Continue\" may delete or cause damage to data on your system. Before you continue please backup your data.</span>
242 <br><br>\n
243 <FORM METHOD='POST'>\n
244 <INPUT TYPE='HIDDEN' NAME='state' VALUE='2'>\n
245 <INPUT TYPE='HIDDEN' NAME='site' VALUE='$site_id'>\n
246 <LABEL FOR='inst1'><INPUT TYPE='RADIO' ID='inst1' NAME='inst' VALUE='1' checked>Have setup create the database</label><br>\n
247 <LABEL FOR='inst2'><INPUT TYPE='RADIO' ID='inst2' NAME='inst' VALUE='2'>I have already created the database</label><br>\n
248 <br>\n
249 <INPUT TYPE='SUBMIT' VALUE='Continue'><br></FORM><br>\n";
250 break;
252 case 2:
253 echo "<b>Step $state</b><br><br>\n";
254 echo "Now you need to supply the MySQL server information and path information. Detailed instructions on each item can be found in the <a href='Documentation/INSTALL' target='_blank'><span STYLE='text-decoration: underline;'>'INSTALL'</span></a> manual file.
255 <br><br>\n
256 <FORM METHOD='POST'>
257 <INPUT TYPE='HIDDEN' NAME='state' VALUE='3'>
258 <INPUT TYPE='HIDDEN' NAME='site' VALUE='$site_id'>\n
259 <INPUT TYPE='HIDDEN' NAME='inst' VALUE='$inst'>
260 <TABLE>\n
261 <TR VALIGN='TOP'><TD COLSPAN=2><font color='red'>MYSQL SERVER:</font></TD></TR>
262 <TR VALIGN='TOP'><TD><span class='text'>Server Host: </span></TD><TD><INPUT TYPE='TEXT' VALUE='localhost' NAME='server' SIZE='30'></TD><TD><span class='text'>(If you run MySQL and Apache/PHP on the same computer, then leave this as 'localhost'. If they are on separate computers, then enter the IP address of the computer running MySQL.)</span><br></TD></TR>
263 <TR VALIGN='TOP'><TD><span class='text'>Server Port: </span></TD><TD><INPUT TYPE='TEXT' VALUE='3306' NAME='port' SIZE='30'></TD><TD><span class='text'>(This is the MySQL port. The default port for MySQL is 3306.)</span><br></TD></TR>
264 <TR VALIGN='TOP'><TD><span class='text'>Database Name: </span></TD><TD><INPUT TYPE='TEXT' VALUE='openemr' NAME='dbname' SIZE='30'></TD><TD><span class='text'>(This is the name of the OpenEMR database in MySQL - 'openemr' is the recommended)</span><br></TD></TR>
265 <TR VALIGN='TOP'><TD><span class='text'>Login Name: </span></TD><TD><INPUT TYPE='TEXT' VALUE='openemr' NAME='login' SIZE='30'></TD><TD><span class='text'>(This is the name of the OpenEMR login name in MySQL - 'openemr' is the recommended)</span><br></TD></TR>
266 <TR VALIGN='TOP'><TD><span class='text'>Password: </span></TD><TD><INPUT TYPE='PASSWORD' VALUE='' NAME='pass' SIZE='30'></TD><TD><span class='text'>(This is the Login Password for when PHP accesses MySQL - it should be at least 8 characters long and composed of both numbers and letters)</span><br></TD></TR>\n";
267 if ($inst != 2) {
268 echo "<TR VALIGN='TOP'><TD><span class='text'>Name for Root Account: </span></TD><TD><INPUT TYPE='TEXT' VALUE='root' NAME='root' SIZE='30'></TD><TD><span class='text'>(This is name for MySQL root account. For localhost, it is usually ok to leave it 'root'.)</span><br></TD></TR>
269 <TR VALIGN='TOP'><TD><span class='text'>Root Pass: </span></TD><TD><INPUT TYPE='PASSWORD' VALUE='' NAME='rootpass' SIZE='30'></TD><TD><span class='text'>(This is your MySQL root password. For localhost, it is usually ok to leave it blank.)</span><br></TD></TR>\n";
270 echo "<TR VALIGN='TOP'><TD><span class='text'>User Hostname: </span></TD><TD><INPUT TYPE='TEXT' VALUE='localhost' NAME='loginhost' SIZE='30'></TD><TD><span class='text'>(If you run Apache/PHP and MySQL on the same computer, then leave this as 'localhost'. If they are on separate computers, then enter the IP address of the computer running Apache/PHP.)</span><br></TD></TR>";
271 echo "<TR VALIGN='TOP'><TD><span class='text'>UTF-8 Collation: </span></TD><TD colspan='2'>" .
272 "<select name='collate'>" .
273 "<option value='utf8_bin' >Bin</option>" .
274 "<option value='utf8_czech_ci' >Czech</option>" .
275 "<option value='utf8_danish_ci' >Danish</option>" .
276 "<option value='utf8_esperanto_ci' >Esperanto</option>" .
277 "<option value='utf8_estonian_ci' >Estonian</option>" .
278 "<option value='utf8_general_ci' selected>General</option>" .
279 "<option value='utf8_hungarian_ci' >Hungarian</option>" .
280 "<option value='utf8_icelandic_ci' >Icelandic</option>" .
281 "<option value='utf8_latvian_ci' >Latvian</option>" .
282 "<option value='utf8_lithuanian_ci'>Lithuanian</option>" .
283 "<option value='utf8_persian_ci' >Persian</option>" .
284 "<option value='utf8_polish_ci' >Polish</option>" .
285 "<option value='utf8_roman_ci' >Roman</option>" .
286 "<option value='utf8_romanian_ci' >Romanian</option>" .
287 "<option value='utf8_slovak_ci' >Slovak</option>" .
288 "<option value='utf8_slovenian_ci' >Slovenian</option>" .
289 "<option value='utf8_spanish2_ci' >Spanish2 (Traditional)</option>" .
290 "<option value='utf8_spanish_ci' >Spanish (Modern)</option>" .
291 "<option value='utf8_swedish_ci' >Swedish</option>" .
292 "<option value='utf8_turkish_ci' >Turkish</option>" .
293 "<option value='utf8_unicode_ci' >Unicode (German, French, Russian, Armenian, Greek)</option>" .
294 "<option value='' >None (Do not force UTF-8)</option>" .
295 "</select>" .
296 "</TD></TR><TR VALIGN='TOP'><TD>&nbsp;</TD><TD colspan='2'><span class='text'>(This is the collation setting for mysql. Leave as 'General' if you are not sure. If the language you are planning to use in OpenEMR is in the menu, then you can select it. Otherwise, just select 'General'.)</span><br></TD></TR>";
299 echo "<TR VALIGN='TOP'><TD>&nbsp;</TD></TR>";
301 // Include a "source" site ID drop-list and a checkbox to indicate
302 // if cloning its database. When checked, do not display initial user
303 // and group stuff below.
304 $dh = opendir($OE_SITES_BASE);
305 if (!$dh) {
306 die("Cannot read directory '$OE_SITES_BASE'.");
309 $siteslist = array();
310 while (false !== ($sfname = readdir($dh))) {
311 if (substr($sfname, 0, 1) == '.') {
312 continue;
315 if ($sfname == 'CVS') {
316 continue;
319 if ($sfname == $site_id) {
320 continue;
323 $sitedir = "$OE_SITES_BASE/$sfname";
324 if (!is_dir($sitedir)) {
325 continue;
328 if (!is_file("$sitedir/sqlconf.php")) {
329 continue;
332 $siteslist[$sfname] = $sfname;
335 closedir($dh);
336 // If this is not the first site...
337 if (!empty($siteslist)) {
338 ksort($siteslist);
339 echo "<tr valign='top'>\n";
340 echo " <td class='text'>Source Site: </td>\n";
341 echo " <td class='text'><select name='source_site_id'>";
342 foreach ($siteslist as $sfname) {
343 echo "<option value='$sfname'";
344 if ($sfname == 'default') {
345 echo " selected";
348 echo ">$sfname</option>";
351 echo "</select></td>\n";
352 echo " <td class='text'>(The site directory that will be a model for the new site.)</td>\n";
353 echo "</tr>\n";
354 echo "<tr valign='top'>\n";
355 echo " <td class='text'>Clone Source Database: </td>\n";
356 echo " <td class='text'><input type='checkbox' name='clone_database' onclick='cloneClicked()' /></td>\n";
357 echo " <td class='text'>(Clone the source site's database instead of creating a fresh one.)</td>\n";
358 echo "</tr>\n";
361 echo "<TR VALIGN='TOP' class='noclone'><TD COLSPAN=2><font color='red'>OPENEMR USER:</font></TD></TR>";
362 echo "<TR VALIGN='TOP' class='noclone'><TD><span class='text'>Initial User:</span></TD><TD><INPUT SIZE='30' TYPE='TEXT' NAME='iuser' VALUE='admin'></TD><TD><span class='text'>(This is the login name of user that will be created for you. Limit this to one word.)</span></TD></TR>
363 <TR VALIGN='TOP' class='noclone'><TD><span class='text'>Initial User Password:</span></TD><TD><INPUT SIZE='30' TYPE='PASSWORD' NAME='iuserpass' VALUE=''></TD><TD><span class='text'>(This is the password for the initial user account above.)</span></TD></TR>
364 <TR VALIGN='TOP' class='noclone'><TD><span class='text'>Initial User's First Name:</span></TD><TD><INPUT SIZE='30' TYPE='TEXT' NAME='iufname' VALUE='Administrator'></TD><TD><span class='text'>(This is the First name of the 'initial user'.)</span></TD></TR>
365 <TR VALIGN='TOP' class='noclone'><TD><span class='text'>Initial User's Last Name:</span></TD><TD><INPUT SIZE='30' TYPE='TEXT' NAME='iuname' VALUE='Administrator'></TD><TD><span class='text'>(This is the Last name of the 'initial user'.)</span></TD></TR>
366 <TR VALIGN='TOP' class='noclone'><TD><span class='text'>Initial Group:</span></TD><TD><INPUT SIZE='30' TYPE='TEXT' NAME='igroup' VALUE='Default'></TD><TD><span class='text'>(This is the group that will be created for your users. This should be the name of your practice.)</span></TD></TR>
368 echo "<TR VALIGN='TOP'><TD>&nbsp;</TD></TR>";
370 echo "</TABLE>
371 <br>
372 <INPUT TYPE='SUBMIT' VALUE='Continue'><br></FORM><br>";
373 break;
375 case 3:
376 // Form Validation
377 // (applicable if not cloning from another database)
379 $pass_step2_validation = true;
380 $error_step2_message = "ERROR at ";
382 if (! $installer->char_is_valid($_REQUEST['server'])) {
383 $pass_step2_validation = false;
384 $error_step2_message .= "Database Server Host, ";
387 if (! $installer->char_is_valid($_REQUEST['port'])) {
388 $pass_step2_validation = false;
389 $error_step2_message .= "Database Server Port, ";
392 if (! $installer->databaseNameIsValid($_REQUEST['dbname'])) {
393 $pass_step2_validation = false;
394 $error_step2_message .= "Database Name, ";
397 if (! $installer->collateNameIsValid($_REQUEST['collate'])) {
398 $pass_step2_validation = false;
399 $error_step2_message .= "Collation Name, ";
402 if (! $installer->char_is_valid($_REQUEST['login'])) {
403 $pass_step2_validation = false;
404 $error_step2_message .= "Database Login Name, ";
407 if (! $installer->char_is_valid($_REQUEST['pass'])) {
408 $pass_step2_validation = false;
409 $error_step2_message .= "Database Login Password, ";
412 if (!$pass_step2_validation) {
413 die($error_step2_message);
417 if (empty($installer->clone_database)) {
418 if (! $installer->login_is_valid()) {
419 echo "ERROR. Please pick a proper 'Login Name'.<br>\n";
420 echo "Click Back in browser to re-enter.<br>\n";
421 break;
424 if (! $installer->iuser_is_valid()) {
425 echo "ERROR. The 'Initial User' field can only contain one word and no spaces.<br>\n";
426 echo "Click Back in browser to re-enter.<br>\n";
427 break;
430 if (! $installer->user_password_is_valid()) {
431 echo "ERROR. Please pick a proper 'Initial User Password'.<br>\n";
432 echo "Click Back in browser to re-enter.<br>\n";
433 break;
437 if (! $installer->password_is_valid()) {
438 echo "ERROR. Please pick a proper 'Password'.<br>\n";
439 echo "Click Back in browser to re-enter.<br>\n";
440 break;
443 echo "<b>Step $state</b><br><br>\n";
444 echo "Configuring OpenEMR...<br><br>\n";
446 // Skip below if database shell has already been created.
447 if ($inst != 2) {
448 echo "Connecting to MySQL Server...\n";
449 flush();
450 if (! $installer->root_database_connection()) {
451 echo "ERROR. Check your login credentials.\n";
452 echo $installer->error_message;
453 break;
454 } else {
455 echo "OK.<br>\n";
456 flush();
460 // Only pertinent if cloning another installation database
461 if ($allow_cloning_setup && !empty($installer->clone_database)) {
462 echo "Dumping source database...";
463 flush();
464 if (! $installer->create_dumpfiles()) {
465 echo $installer->error_message;
466 break;
467 } else {
468 echo " OK.<br>\n";
469 flush();
473 // Only pertinent if mirroring another installation directory
474 if (! empty($installer->source_site_id)) {
475 echo "Creating site directory...";
476 if (! $installer->create_site_directory()) {
477 echo $installer->error_message;
478 break;
479 } else {
480 echo "OK.<BR>";
481 flush();
485 // Skip below if database shell has already been created.
486 if ($inst != 2) {
487 echo "Creating database...\n";
488 flush();
489 if (! $installer->create_database()) {
490 echo "ERROR. Check your login credentials.\n";
491 echo $installer->error_message;
492 break;
493 } else {
494 echo "OK.<br>\n";
495 flush();
498 echo "Creating user with permissions for database...\n";
499 flush();
500 if (! $installer->grant_privileges()) {
501 echo "ERROR when granting privileges to the specified user.\n";
502 echo $installer->error_message;
503 break;
504 } else {
505 echo "OK.<br>\n";
506 flush();
509 echo "Reconnecting as new user...\n";
510 flush();
511 $installer->disconnect();
512 } else {
513 echo "Connecting to MySQL Server...\n";
516 if (! $installer->user_database_connection()) {
517 echo "ERROR. Check your login credentials.\n";
518 echo $installer->error_message;
519 break;
520 } else {
521 echo "OK.<br>\n";
522 flush();
525 // Load the database files
526 $dump_results = $installer->load_dumpfiles();
527 if (! $dump_results) {
528 echo $installer->error_message;
529 break;
530 } else {
531 echo $dump_results;
532 flush();
535 echo "Writing SQL configuration...\n";
536 flush();
537 if (! $installer->write_configuration_file()) {
538 echo $installer->error_message;
539 break;
540 } else {
541 echo "OK.<br>\n";
542 flush();
545 // Only pertinent if not cloning another installation database
546 if (empty($installer->clone_database)) {
547 echo "Setting version indicators...\n";
548 flush();
549 if (! $installer->add_version_info()) {
550 echo "ERROR.\n";
551 echo $installer->error_message;
553 break;
554 } else {
555 echo "OK<br>\n";
556 flush();
559 echo "Writing global configuration defaults...\n";
560 flush();
561 if (! $installer->insert_globals()) {
562 echo "ERROR.\n";
563 echo $installer->error_message;
565 break;
566 } else {
567 echo "OK<br>\n";
568 flush();
571 echo "Adding Initial User...\n";
572 flush();
573 if (! $installer->add_initial_user()) {
574 echo $installer->error_message;
575 break;
578 echo "OK<br>\n";
579 flush();
582 if ($allow_cloning_setup && !empty($installer->clone_database)) {
583 // Database was cloned, skip ACL setup.
584 echo "Click 'continue' for further instructions.";
585 $next_state = 7;
586 } else {
587 echo "\n<br>Next step will install and configure access controls (php-GACL).<br>\n";
588 $next_state = 4;
591 echo "
592 <FORM METHOD='POST'>\n
593 <INPUT TYPE='HIDDEN' NAME='state' VALUE='$next_state'>
594 <INPUT TYPE='HIDDEN' NAME='site' VALUE='$site_id'>\n
595 <INPUT TYPE='HIDDEN' NAME='iuser' VALUE='$installer->iuser'>
596 <INPUT TYPE='HIDDEN' NAME='iuserpass' VALUE='$installer->iuserpass'>
597 <INPUT TYPE='HIDDEN' NAME='iuname' VALUE='$installer->iuname'>
598 <INPUT TYPE='HIDDEN' NAME='iufname' VALUE='$installer->iufname'>";
599 if ($allow_cloning_setup) {
600 echo "<INPUT TYPE='HIDDEN' NAME='clone_database' VALUE='$installer->clone_database'>";
602 echo "
603 <br>\n
604 <INPUT TYPE='SUBMIT' VALUE='Continue'><br></FORM><br>\n";
606 break;
607 case 4:
608 echo "<b>Step $state</b><br><br>\n";
609 echo "Installing and Configuring Access Controls (php-GACL)...<br><br>";
611 if (! $installer->install_gacl()) {
612 echo $installer->error_message;
613 break;
614 } else {
615 // display the status information for gacl setup
616 echo $installer->debug_message;
619 echo "Gave the '$installer->iuser' user (password is '$installer->iuserpass') administrator access.<br><br>";
621 echo "Done installing and configuring access controls (php-GACL).<br>";
622 echo "Next step will configure PHP.";
624 echo "<br><FORM METHOD='POST'>\n
625 <INPUT TYPE='HIDDEN' NAME='state' VALUE='5'>\n
626 <INPUT TYPE='HIDDEN' NAME='site' VALUE='$site_id'>\n
627 <INPUT TYPE='HIDDEN' NAME='iuser' VALUE='$installer->iuser'>\n
628 <INPUT TYPE='HIDDEN' NAME='iuserpass' VALUE='$installer->iuserpass'>\n
629 <br>\n
630 <INPUT TYPE='SUBMIT' VALUE='Continue'><br></FORM><br>\n";
632 break;
634 case 5:
635 echo "<b>Step $state</b><br><br>\n";
636 echo "Configuration of PHP...<br><br>\n";
637 echo "We recommend making the following changes to your PHP installation, which can normally be done by editing the php.ini configuration file:\n";
638 echo "<ul>";
639 $gotFileFlag = 0;
640 if (version_compare(PHP_VERSION, '5.2.4', '>=')) {
641 $phpINIfile = php_ini_loaded_file();
642 if ($phpINIfile) {
643 echo "<li><font color='green'>Your php.ini file can be found at ".$phpINIfile."</font></li>\n";
644 $gotFileFlag = 1;
648 echo "<li>","To ensure proper functioning of OpenEMR you must make sure that PHP settings include:";
649 echo "<table class='phpset'><tr><th>Setting</th><th>Required value</th><th>Current value</th></tr>";
650 echo "<tr><td>short_open_tag </td><td>Off</td><td>", ini_get('short_open_tag')?'On':'Off', "</td></tr>\n";
651 echo "<tr><td>display_errors </td><td>Off</td><td>", ini_get('display_errors')?'On':'Off', "</td></tr>\n";
652 echo "<tr><td>register_globals </td><td>Off</td><td>", ini_get('register_globals')?'On':'Off', "</td></tr>\n";
653 echo "<tr><td>max_input_vars </td><td>at least 3000</td><td>", ini_get('max_input_vars'), "</td></tr>\n";
654 echo "<tr><td>max_execution_time </td><td>at least 60</td><td>", ini_get('max_execution_time'), "</td></tr>\n";
655 echo "<tr><td>max_input_time </td><td>at least 90</td><td>", ini_get('max_input_time'), "</td></tr>\n";
656 echo "<tr><td>post_max_size </td><td>at least 30M</td><td>", ini_get('post_max_size'), "</td></tr>\n";
657 echo "<tr><td>memory_limit </td><td>at least 128M</td><td>", ini_get('memory_limit'), "</td></tr>\n";
658 echo "</table>";
659 echo "</li>";
661 echo "<li>In order to take full advantage of the patient documents capability you must make sure that settings in php.ini file include \"file_uploads = On\", that \"upload_max_filesize\" is appropriate for your use and that \"upload_tmp_dir\" is set to a correct value that will work on your system.</li>\n";
662 if (!$gotFileFlag) {
663 echo "<li>If you are having difficulty finding your php.ini file, then refer to the <a href='Documentation/INSTALL' target='_blank'><span STYLE='text-decoration: underline;'>'INSTALL'</span></a> manual for suggestions.</li>\n";
666 echo "</ul>";
668 echo "<br>We recommend you print these instructions for future reference.<br><br>";
669 echo "Next step will configure Apache web server.";
671 echo "<br><FORM METHOD='POST'>\n
672 <INPUT TYPE='HIDDEN' NAME='state' VALUE='6'>\n
673 <INPUT TYPE='HIDDEN' NAME='site' VALUE='$site_id'>\n
674 <INPUT TYPE='HIDDEN' NAME='iuser' VALUE='$installer->iuser'>\n
675 <INPUT TYPE='HIDDEN' NAME='iuserpass' VALUE='$installer->iuserpass'>\n
676 <br>\n
677 <INPUT TYPE='SUBMIT' VALUE='Continue'><br></FORM><br>\n";
679 break;
681 case 6:
682 echo "<b>Step $state</b><br><br>\n";
683 echo "Configuration of Apache web server...<br><br>\n";
684 echo "The \"".preg_replace("/${site_id}/", "*", realpath($docsDirectory))."\", \"".preg_replace("/${site_id}/", "*", realpath($billingDirectory))."\" and \"".preg_replace("/${site_id}/", "*", realpath($billingDirectory2))."\" directories contain patient information, and
685 it is important to secure these directories. Additionally, some settings are required for the Zend Framework to work in OpenEMR. This can be done by pasting the below to end of your apache configuration file:<br>
686 &nbsp;&nbsp;&lt;Directory \"".realpath(dirname(__FILE__))."\"&gt;<br>
687 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;AllowOverride FileInfo<br>
688 &nbsp;&nbsp;&lt;/Directory&gt;<br>
689 &nbsp;&nbsp;&lt;Directory \"".realpath(dirname(__FILE__))."/sites\"&gt;<br>
690 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;AllowOverride None<br>
691 &nbsp;&nbsp;&lt;/Directory&gt;<br>
692 &nbsp;&nbsp;&lt;Directory \"".preg_replace("/${site_id}/", "*", realpath($docsDirectory))."\"&gt;<br>
693 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;order deny,allow<br>
694 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Deny from all<br>
695 &nbsp;&nbsp;&lt;/Directory&gt;<br>
696 &nbsp;&nbsp;&lt;Directory \"".preg_replace("/${site_id}/", "*", realpath($billingDirectory))."\"&gt;<br>
697 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;order deny,allow<br>
698 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Deny from all<br>
699 &nbsp;&nbsp;&lt;/Directory&gt;<br>
700 &nbsp;&nbsp;&lt;Directory \"".preg_replace("/${site_id}/", "*", realpath($billingDirectory2))."\"&gt;<br>
701 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;order deny,allow<br>
702 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Deny from all<br>
703 &nbsp;&nbsp;&lt;/Directory&gt;<br><br>";
705 echo "If you are having difficulty finding your apache configuration file, then refer to the <a href='Documentation/INSTALL' target='_blank'><span STYLE='text-decoration: underline;'>'INSTALL'</span></a> manual for suggestions.<br><br>\n";
706 echo "<br>We recommend you print these instructions for future reference.<br><br>";
707 echo "Click 'continue' for further instructions.";
709 echo "<br><FORM METHOD='POST'>\n
710 <INPUT TYPE='HIDDEN' NAME='state' VALUE='7'>\n
711 <INPUT TYPE='HIDDEN' NAME='site' VALUE='$site_id'>\n
712 <INPUT TYPE='HIDDEN' NAME='iuser' VALUE='$installer->iuser'>\n
713 <INPUT TYPE='HIDDEN' NAME='iuserpass' VALUE='$installer->iuserpass'>\n
714 <br>\n
715 <INPUT TYPE='SUBMIT' VALUE='Continue'><br></FORM><br>\n";
717 break;
719 case 0:
720 default:
721 echo "<p>Welcome to OpenEMR. This utility will step you through the installation and configuration of OpenEMR for your practice.</p>\n";
722 echo "<ul><li>Before proceeding, be sure that you have a properly installed and configured MySQL server available, and a PHP configured webserver.</li>\n";
724 echo "<li>Detailed installation instructions can be found in the <a href='Documentation/INSTALL' target='_blank'><span STYLE='text-decoration: underline;'>'INSTALL'</span></a> manual file.</li>\n";
726 echo "<li>If you are upgrading from a previous version, do NOT use this script. Please read the 'Upgrading' section found in the <a href='Documentation/INSTALL' target='_blank'><span STYLE='text-decoration: underline;'>'INSTALL'</span></a> manual file.</li></ul>";
728 if ($checkPermissions) {
729 echo "<p>We will now ensure correct file and directory permissions before starting installation:</p>\n";
730 echo "<FONT COLOR='green'>Ensuring following files are world-writable...</FONT><br>\n";
731 $errorWritable = 0;
732 foreach ($writableFileList as $tempFile) {
733 if (is_writable($tempFile)) {
734 echo "'".realpath($tempFile)."' file is <FONT COLOR='green'><b>ready</b></FONT>.<br>\n";
735 } else {
736 echo "<p><FONT COLOR='red'>UNABLE</FONT> to open file '".realpath($tempFile)."' for writing.<br>\n";
737 echo "(configure file permissions; see below for further instructions)</p>\n";
738 $errorWritable = 1;
742 if ($errorWritable) {
743 echo "<p><FONT COLOR='red'>You can't proceed until all above files are ready (world-writable).</FONT><br>\n";
744 echo "In linux, recommend changing file permissions with the 'chmod 666 filename' command.<br>\n";
745 echo "Fix above file permissions and then click the 'Check Again' button to re-check files.<br>\n";
746 echo "<FORM METHOD='POST'><INPUT TYPE='SUBMIT' VALUE='Check Again'></p>" .
747 "<INPUT TYPE='HIDDEN' NAME='site' VALUE='$site_id'></FORM><br>\n";
748 break;
751 echo "<br><FONT COLOR='green'>Ensuring following directories have proper permissions...</FONT><br>\n";
752 $errorWritable = 0;
753 foreach ($writableDirList as $tempDir) {
754 if (is_writable($tempDir)) {
755 echo "'".realpath($tempDir)."' directory is <FONT COLOR='green'><b>ready</b></FONT>.<br>\n";
756 } else {
757 echo "<p><FONT COLOR='red'>UNABLE</FONT> to open directory '".realpath($tempDir)."' for writing by web server.<br>\n";
758 echo "(configure directory permissions; see below for further instructions)</p>\n";
759 $errorWritable = 1;
763 if ($errorWritable) {
764 echo "<p><FONT COLOR='red'>You can't proceed until all directories are ready.</FONT><br>\n";
765 echo "In linux, recommend changing owners of these directories to the web server. For example, in many linux OS's the web server user is 'apache', 'nobody', or 'www-data'. So if 'apache' were the web server user name, could use the command 'chown -R apache:apache directory_name' command.<br>\n";
766 echo "Fix above directory permissions and then click the 'Check Again' button to re-check directories.<br>\n";
767 echo "<FORM METHOD='POST'><INPUT TYPE='SUBMIT' VALUE='Check Again'></p>" .
768 "<INPUT TYPE='HIDDEN' NAME='site' VALUE='$site_id'></FORM><br>\n";
769 break;
772 echo "<br>All required files and directories have been verified. Click to continue installation.<br>\n";
773 } else {
774 echo "<br>Click to continue installation.<br>\n";
777 echo "<FORM METHOD='POST'><INPUT TYPE='HIDDEN' NAME='state' VALUE='1'>" .
778 "<INPUT TYPE='HIDDEN' NAME='site' VALUE='$site_id'>" .
779 "<INPUT TYPE='SUBMIT' VALUE='Continue'><br></FORM><br>";
784 </span>
786 </BODY>
787 </HTML>