From e300de73feb1178367ce74feb88fce3447c577ec Mon Sep 17 00:00:00 2001
From: bradymiller <bradymiller>
Date: Sat, 7 Feb 2009 11:04:13 +0000
Subject: [PATCH] php-GACL embedding continued.

---
 INSTALL   | 45 ++++++++++++++++++++++++++-------------------
 setup.php | 58 +++++++++++++++++++++++++++++++++++++++++++++-------------
 2 files changed, 71 insertions(+), 32 deletions(-)

diff --git a/INSTALL b/INSTALL
index 5055e9d2f..e4390bb31 100644
--- a/INSTALL
+++ b/INSTALL
@@ -54,7 +54,7 @@ enabled on your system.  These include:
 
 - PHP Index support (ensure that index.php is in your Index path in httpd.conf)
 - Session variables
-- PHP libcurl support (optional for operation, mandatory for billing
+- PHP libcurl support (optional for operation, mandatory for billing)
 
 Copy the OpenEMR folder into the root folder of the webserver. On Mandrake
 Linux, for example, use the command:
@@ -64,7 +64,8 @@ Linux, for example, use the command:
 Make sure the webserver is running, and point a web-browser to setup.php located
 within the openemr web folder.  If you installed OpenEMR in the root web
 directory, the URL would read: http://localhost/openemr/setup.php.
-The setup script will step you through the configuration of the database.
+The setup script will step you through the configuration of the OpenEMR
+and embedded php-GACL databases.
 
 In step 1, you need to tell setup whether it needs to create the databases on
 its own, or if they you have already created them.  MySQL root priveleges will
@@ -107,21 +108,25 @@ The "Initial Group" is the first group that will be created.  A user may belong
 to multiple groups, which again, can be altered on the user administration page.
 It is suggested that no more than one group per office be used.
 
-Step 3 is where setup will install the database and connect to it to create the
-initial tables.  If no errors occur, you will see a "Continue" button at the
-bottom.  Before clicking this, you need to ensure that the webserver user
-(often "nobody", "apache", or "www-data") has write privileges on the
-library/sqlconf.php file.  The command "chmod a+w library/sqlconf.php" will
-grant global write permissions to the file.  Be sure to set them back to
-something more secure (such as chmod 644) before actively using OpenEMR.
-
-Should anything fail during step 3, you may have to remove the existing database
-or tables before you can try again.
-
-Step 4 is the writing of SQL configuration to disk and the
-installation/configuration of the phpGACL access controls. Should it display
-errors related to file writing priviledges you may click the back button to
-try again (after fixing file permission).
+Step 3 is where setup will install the OpenEMR database and connect to it to
+create the initial tables.  Should anything fail during step 3, you may have
+to remove the existing database or tables before you can try again. If no errors
+occur, you will see a "Continue" button at the bottom.  Before clicking this,
+you need to ensure that the webserver user (often "nobody", "apache", or
+"www-data") has write privileges on the openemr/library/sqlconf.php,
+openemr/gacl/gacl.ini.php and openemr/gacl/gacl.class.php files and the
+openemr/gacl/admin/templates_c directory.  The command
+"chmod a+w library/sqlconf.php" will grant global write permissions
+to the file.  Be sure to set them back to something more secure (such as
+chmod 644) before actively using OpenEMR.
+
+Step 4 will initially check to ensure the proper writing priviledges in the
+files and directory mentioned above in step 3.  Should it display
+errors related to file writing priviledges you may click the 'Check Again'
+button to try again (after fixing file permission).  After the file
+priviledges are confirmed, it will then write setting to the SQL
+configuration file, and then install and configure the embedded phpGACL
+access controls.
 
 Once setup is completed, one last thing must be done before OpenEMR can be used.
 The file openemr/interface/globals.php must be edited by hand to reflect the
@@ -161,8 +166,10 @@ and custom/faxcover.txt; it also requires the following utilities:
 
 IV. Setting Up Access Control
 
-Since OpenEMR version 2.9.0.3, phpGACL access control software is installed
-and configured automatically during OpenEMR setup.  This is very powerful
+Since OpenEMR version 2.9.0.3, phpGACL access control software has been
+embedded in OpenEMR, and these access controls are installed and
+configured automatically during OpenEMR setup.  It can be administered
+within OpenEMR in the admin->acl menu.  This is very powerful
 access control software.  To learn more about phpGACL
 (see http://phpgacl.sourceforge.net/), recommend reading the phpGACL manual,
 the /openemr/Documentation/README.phpgacl file, and the online wiki at
diff --git a/setup.php b/setup.php
index 76ba611bb..86e06f12c 100644
--- a/setup.php
+++ b/setup.php
@@ -61,6 +61,8 @@ include_once($conffile);
   (If either subdirectory doesn't exist, create it first then do the chown above).<br>
   The user name and group of apache may differ depending on your OS, i.e.
   for Debian they are www-data and www-data.</li>
+  <li>Please restore secure permissions on the configuration files: /openemr/library/sqlconf.php,<br>
+  /openemr/gacl/gacl.ini.php, and /openemr/gacl/gacl.class.php files.</li> 
 </ul>
 <p>
  In order to take full advantage of the documents capability you
@@ -74,6 +76,10 @@ include_once($conffile);
  "/tmp" won't work on your system.
 </p>
 <p>
+Access controls (php-GACL) are installed for fine-grained security,
+and can be administered in OpenEMR's admin->acl menu.
+</p>
+<p>
 There's much information and many extra tools bundled within the OpenEMR
 installation directory. Please refer to openemr/Documentation.
 <br>Many forms and other useful scripts can be found at openemr/contrib.
@@ -88,7 +94,7 @@ using <a href='http://www.mozilla.org/products/firefox/'>Firefox</a>
 is recommended.
 </p>
 <p>
-<b>The initial OpenEMR user is "admin" and the password is "pass".</b>
+<b>The initial OpenEMR user is "<?php echo $iuser; ?>" and the password is "pass".</b>
 You should change this password!
 </p>
 <p>
@@ -318,8 +324,13 @@ if ($upgrade != 1) {
 	fclose($fd);*/
 	flush();
 }
-echo "\n<br>Please make sure 'library/sqlconf.php' is world-writeable for the next step.<br>\n";
-
+echo "\n<br>Next step will ensure the following files or directories are world-writeable:<br>\n";
+foreach ($writableFileList as $tempFile) {
+        echo "&nbsp;'openemr/$tempFile' file<br>";
+}	
+foreach ($writableDirList as $tempDir) {
+        echo "&nbsp;'openemr/$tempDir' directory<br>";
+}	
 
 echo "
 <FORM METHOD='POST'>\n
@@ -339,33 +350,54 @@ break;
 
 	case 4:
 echo "<b>Step $state</b><br><br>\n";
-echo "Writing SQL Configuration to disk and configuring access controls (php-GACL)...<br><br>";
+echo "Checking to ensure files are ready...<br>";
 
 //ensure required files and directories are writable before moving on
 $errorWritable = 0;
 foreach ($writableFileList as $tempFile) {
-	if (!(is_writable($tempFile))) {
-		echo "ERROR.  Could not open config file '$tempFile' for writing.<br>";
-		echo "(ensure '$tempFile' is world-writeable, then go back in browser and try again).<br><br>";
+	if (is_writable($tempFile)) {
+		echo "'openemr/$tempFile' file is ready.<br>";
+	}	
+	else {
+		echo "<br>UNABLE to open configuration file 'openemr/$tempFile' for writing.<br>";
+		echo "(ensure 'openemr/$tempFile' file is world-writeable)<br><br>";
 		flush();
 		$errorWritable = 1;
 	}
 }	
 
 foreach ($writableDirList as $tempDir) {
-	if (!(is_writable($tempDir))) {
-	        echo "ERROR.  Could not open directory '$tempDir' for writing.<br>";
-	        echo "(ensure '$tempDir' is world-writeable, then go back in browser and try again).<br><br>";
+	if (is_writable($tempDir)) {
+                echo "'openemr/$tempDir' directory is ready.<br>";
+	}	
+	else {
+	        echo "<br>UNABLE to open directory 'openemr/$tempDir' for writing.<br>";
+	        echo "(ensure 'openemr/$tempDir' directory is world-writeable)<br><br>";
 	        flush();
 	        $errorWritable = 1;
 	}	
 }
 if ($errorWritable) {
+	echo "You can't proceed until all files are ready.<br>";
+	echo "Fix above file permissions and then click the 'Check Again' button to re-check files.<br>";
+	flush();
+        echo "
+	<FORM METHOD='POST'>\n
+	<INPUT TYPE='HIDDEN' NAME='state' VALUE='4'>
+	<INPUT TYPE='HIDDEN' NAME='host' VALUE='$server'>
+	<INPUT TYPE='HIDDEN' NAME='dbname' VALUE='$dbname'>
+	<INPUT TYPE='HIDDEN' NAME='port' VALUE='$port'>
+	<INPUT TYPE='HIDDEN' NAME='login' VALUE='$login'>
+	<INPUT TYPE='HIDDEN' NAME='pass' VALUE='$pass'>
+	<INPUT TYPE='HIDDEN' NAME='iuser' VALUE='$iuser'>
+	<INPUT TYPE='HIDDEN' NAME='iuname' VALUE='$iuname'>
+	<br>\n
+<INPUT TYPE='SUBMIT' VALUE='Check Again'><br></FORM><br>\n";	
 	break;
 }	
 	
 //passed all file tests, now can write sql configuration and configure php-GACL
-
+echo "<br>Files are all ready, now writing SQL Configuration to disk and configuring access controls (php-GACL)...<br><br>";
 echo "Writing SQL Configuration...<br>";	
 @touch($conffile); // php bug
 $fd = @fopen($conffile, 'w');
@@ -416,8 +448,7 @@ if ($it_died != 0) {
 }
 fclose($fd);
 
-echo "Successfully wrote SQL configuration.<BR>";
-echo "PLEASE restore secure permissions on the 'library/sqlconf.php' file.<br><br><br>";
+echo "Successfully wrote SQL configuration.<BR><br>";
 	
 echo "Installing and Configuring Access Controls (php-GACL)<br>";
 
@@ -508,6 +539,7 @@ echo "Gave the '$iuser' user (password is 'pass') administrator access.<br>";
 	
 echo "<br><FORM METHOD='POST'>\n
 <INPUT TYPE='HIDDEN' NAME='state' VALUE='5'>\n
+<INPUT TYPE='HIDDEN' NAME='iuser' VALUE='$iuser'>\n
 <br>\n
 <INPUT TYPE='SUBMIT' VALUE='Continue'><br></FORM><br>\n";
 
-- 
2.11.4.GIT