WebSVN – oidplus – Diff – /trunk/setup/includes/setup_base.js


/*
 * OIDplus 2.0
 * Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 
// DEFAULT_LANGUAGE will be set by setup.js.php
// language_messages will be set by setup.js.php
// language_tblprefix will be set by setup.js.php
 
// TODO: Put these settings in a "setup configuration file" (hardcoded)
min_password_length = 10; // see also plugins/viathinksoft/publicPages/092_forgot_password_admin/script.js
password_salt_length = 10;
bcrypt_rounds = 10;
 
function adminGeneratePassword(password) {
        var salt = generateRandomString(password_salt_length);
        return salt+'$'+hexToBase64(sha3_512(salt+password));
}
 
var bCryptWorker = null;
var g_prevBcryptPw = null;
var g_last_admPwdHash = null;
var g_last_pwComment = null;
 
function rebuild() {
        var pw = $("#admin_password")[0].value;
 
        if (pw != g_prevBcryptPw) {
                // sync call to calculate SHA3
                var admPwdHash = adminGeneratePassword(pw);
                var pwComment = 'salted, base64 encoded SHA3-512 hash';
                doRebuild(admPwdHash, pwComment);
 
                // "async" call to calculate bcrypt (via web-worker)
                if (bCryptWorker != null) {
                        g_prevBcryptPw = null;
                        bCryptWorker.terminate();
                }
                bCryptWorker = new Worker('../bcrypt_worker.js');
                bCryptWorker.postMessage([pw, bcrypt_rounds]);
                bCryptWorker.onmessage = function (event) {
                        var admPwdHash = event.data;
                        var pwComment = 'bcrypt encoded hash';
                        doRebuild(admPwdHash, pwComment);
                        g_prevBcryptPw = pw;
                };
        } else {
                doRebuild(g_last_admPwdHash, g_last_pwComment);
        }
}
 
function doRebuild(admPwdHash, pwComment) {
        g_last_admPwdHash = admPwdHash;
        g_last_pwComment = pwComment;
 
        var error = false;
 
        if ($("#config")[0] == null) return;
 
        // Check 1: Has the password the correct length?
        if ($("#admin_password")[0].value.length < min_password_length)
        {
                $("#password_warn")[0].innerHTML = '<font color="red">'+_L('Password must be at least %1 characters long',min_password_length)+'</font>';
                $("#config")[0].innerHTML = '<b>&lt?php</b><br><br><i>// ERROR: Password must be at least '+min_password_length+' characters long</i>'; // do not translate
                error = true;
        } else {
                $("#password_warn")[0].innerHTML = '';
        }
 
        // Check 2: Do the passwords match?
        if ($("#admin_password")[0].value != $("#admin_password2")[0].value) {
                $("#password_warn2")[0].innerHTML = '<font color="red">'+_L('The passwords do not match!')+'</font>';
                error = true;
        } else {
                $("#password_warn2")[0].innerHTML = '';
        }
 
        // Check 3: Ask the database or captcha plugins for verification of their data
        for (var i = 0; i < rebuild_callbacks.length; i++) {
                var f = rebuild_callbacks[i];
                if (!f()) {
                        error = true;
                }
        }
 
        // Continue
        if (!error)
        {
                var e = $("#db_plugin")[0];
                var strDatabasePlugin = e.options[e.selectedIndex].value;
                var e = $("#captcha_plugin")[0];
                var strCaptchaPlugin = e.options[e.selectedIndex].value;
 
                $("#config")[0].innerHTML = '<b>&lt?php</b><br><br>' +
                        '<i>// To renew this file, please run setup/ in your browser.</i><br>' + // do not translate
                        '<i>// If you don\'t want to run setup again, you can also change most of the settings directly in this file.</i><br>' + // do not translate
                        '<i>// List of possible values: doc/config_values.md</i><br>' + // do not translate
                        '<br>' +
                        'use ViaThinkSoft\\OIDplus\\OIDplus;<br>' +
                        '<br>' +
                        'OIDplus::baseConfig()->setValue(\'CONFIG_VERSION\',    2.1);<br>' +
                        '<br>' +
                        // Passwords are Base64 encoded to avoid that passwords can be read upon first sight,
                        // e.g. if collegues are looking over your shoulder while you accidently open (and quickly close) userdata/baseconfig/config.inc.php
                        'OIDplus::baseConfig()->setValue(\'ADMIN_PASSWORD\',    ' + jsString(admPwdHash) + '); // '+pwComment+'<br>' +
                        '<br>' +
                        'OIDplus::baseConfig()->setValue(\'DATABASE_PLUGIN\',   ' + jsString(strDatabasePlugin) + ');<br>';
                for (var i = 0; i < rebuild_config_callbacks.length; i++) {
                        var f = rebuild_config_callbacks[i];
                        var cont = f();
                        if (cont) {
                                $("#config")[0].innerHTML = $("#config")[0].innerHTML + cont;
                        }
                }
                $("#config")[0].innerHTML = $("#config")[0].innerHTML +
                        //'<br>' +
                        'OIDplus::baseConfig()->setValue(\'TABLENAME_PREFIX\',  ' + jsString($("#tablename_prefix")[0].value) + ');<br>' +
                        '<br>' +
                        'OIDplus::baseConfig()->setValue(\'SERVER_SECRET\',     ' + jsString(generateRandomString(32)) + ');<br>' +
                        '<br>' +
                        'OIDplus::baseConfig()->setValue(\'CAPTCHA_PLUGIN\',    ' + jsString(strCaptchaPlugin) + ');<br>';
                for (var i = 0; i < captcha_rebuild_config_callbacks.length; i++) {
                        var f = captcha_rebuild_config_callbacks[i];
                        var cont = f();
                        if (cont) {
                                $("#config")[0].innerHTML = $("#config")[0].innerHTML + cont;
                        }
                }
 
                $("#config")[0].innerHTML = $("#config")[0].innerHTML +
                        '<br>' +
                        'OIDplus::baseConfig()->setValue(\'ENFORCE_SSL\',       ' + $("#enforce_ssl")[0].value + ');<br>';
 
                if ($("#canonical_url")[0].value.trim() != '') {
                        $("#config")[0].innerHTML = $("#config")[0].innerHTML +
                                '<br>' +
                                'OIDplus::baseConfig()->setValue(\'CANONICAL_SYSTEM_URL\', ' + jsString($("#canonical_url")[0].value.trim()) + ');<br>';
                }
 
                $("#config")[0].innerHTML = $("#config")[0].innerHTML.replaceAll(' ', '&nbsp;');
        }
 
        // In case something is not good, do not allow the user to continue with the other configuration steps:
        if (error) {
                $("#step2")[0].style.display = "None";
                $("#step3")[0].style.display = "None";
                $("#step4")[0].style.display = "None";
                $("#footer_warn")[0].innerHTML = '<font color="red">'+_L('Please correct the errors above (in red) before continuing.')+'</font>';
        } else {
                $("#step2")[0].style.display = "Block";
                $("#step3")[0].style.display = "Block";
                $("#step4")[0].style.display = "Block";
                $("#footer_warn")[0].innerHTML = '';
        }
}
 
function checkAccess(dir) {
        if (!dir.toLowerCase().startsWith('https:') && !dir.toLowerCase().startsWith('http:')) {
                var url = '../' + dir;
                var visibleUrl = RemoveLastDirectoryPartOf(window.location.href) + '/' + dir; // xhr.responseURL not available in IE
        } else {
                var url = dir;
                var visibleUrl = dir; // xhr.responseURL not available in IE
        }
 
        var xhr = new XMLHttpRequest();
        xhr.onreadystatechange = function() {
                if (xhr.readyState === 4) {
                        if (xhr.status === 200) {
                                $("#systemCheckCaption")[0].style.display = 'block';
                                // TODO: At my Ubuntu VM, after fixing an issue with Apache2, the messages still appeared. I had to click the links and press F5 for each one
                                //       THERE MUST BE NO CACHE!!!
                                $("#dirAccessWarning")[0].innerHTML = $("#dirAccessWarning")[0].innerHTML + _L('Attention: The following directory is world-readable: %1 ! You need to configure your web server to restrict access to this directory! (For Apache see <i>.htaccess</i>, for Microsoft IIS see <i>web.config</i>, for Nginx see <i>nginx.conf</i>).','<a target="_blank" href="'+url+'">'+visibleUrl+'</a>') + '<br>';
                        }
                }
        };
 
        xhr.open('GET', url);
        xhr.send();
}
 
function dbplugin_changed() {
        var e = $("#db_plugin")[0];
        var strDatabasePlugin = e.options[e.selectedIndex].value;
 
        for (var i = 0; i < plugin_combobox_change_callbacks.length; i++) {
                var f = plugin_combobox_change_callbacks[i];
                f(strDatabasePlugin);
        }
 
        rebuild();
}
 
function captchaplugin_changed() {
        var e = $("#captcha_plugin")[0];
        var strCaptchaPlugin = e.options[e.selectedIndex].value;
 
        for (var i = 0; i < captcha_plugin_combobox_change_callbacks.length; i++) {
                var f = captcha_plugin_combobox_change_callbacks[i];
                f(strCaptchaPlugin);
        }
 
        rebuild();
}
 
function performAccessCheck() {
        $("#dirAccessWarning")[0].innerHTML = "";
        checkAccess("userdata/index.html");
        checkAccess("res/ATTENTION.TXT");
        checkAccess("dev/index.html");
        checkAccess("includes/index.html");
        checkAccess("setup/includes/index.html");
        //checkAccess("plugins/viathinksoft/publicPages/100_whois/whois/cli/index.html");
 
        if (window.location.href.toLowerCase().startsWith('https://')) {
                $("#enforce_ssl").val('OIDplus::ENFORCE_SSL_YES'); // enforce SSL (because we are already SSL)
        } else {
                // Do a SSL detection now.
                // This is important because on XAMPP the SSL cert is invalid (self signed) and the user might
                // be very confused if the PHP detection (OIDplus::ENFORCE_SSL_AUTO) notices the open 443 port and redirects the user to a
                // big warning page of the browser!
                var xhr = new XMLHttpRequest();
                xhr.onreadystatechange = function() {
                        if (xhr.readyState === 4) {
                                if (xhr.status === 200) {
                                        $("#enforce_ssl").val('OIDplus::ENFORCE_SSL_YES'); // enforce SSL (we checked that it loads correctly)
                                } else {
                                        console.log("JS SSL detection result: "+xhr.status);
                                        $("#enforce_ssl").val('OIDplus::ENFORCE_SSL_NO'); // disable SSL (because it failed, e.g. because of invalid cert or closed port)
                                        setCookie('SSL_CHECK', 0, 0/*Until browser closes*/, oidplus_webpath_relative); // we must revert the SSL_CHECK=1 the PHP script did set (see explanation in OIDplus.class.php:isSslAvailable)
                                }
                        }
                };
                var https_url = window.location.href.replace(/^http:/i, "https:");
                xhr.open('GET', https_url);
                xhr.send();
        }
}
 
function setupOnLoad() {
        rebuild();
        dbplugin_changed();
        captchaplugin_changed();
        performAccessCheck();
}
 
$(document).ready(setupOnLoad);
 

Subversion Repositories oidplus

oidplus/trunk/setup/includes/setup_base.js – Rev 1207 → 1289

Rev 1207		Rev 1289
1	/*	1	/*
2	* OIDplus 2.0	2	* OIDplus 2.0
3	* Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft	3	* Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft
4	*	4	*
5	* Licensed under the Apache License, Version 2.0 (the "License");	5	* Licensed under the Apache License, Version 2.0 (the "License");
6	* you may not use this file except in compliance with the License.	6	* you may not use this file except in compliance with the License.
7	* You may obtain a copy of the License at	7	* You may obtain a copy of the License at
8	*	8	*
9	* http://www.apache.org/licenses/LICENSE-2.0	9	* http://www.apache.org/licenses/LICENSE-2.0
10	*	10	*
11	* Unless required by applicable law or agreed to in writing, software	11	* Unless required by applicable law or agreed to in writing, software
12	* distributed under the License is distributed on an "AS IS" BASIS,	12	* distributed under the License is distributed on an "AS IS" BASIS,
13	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.	13	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14	* See the License for the specific language governing permissions and	14	* See the License for the specific language governing permissions and
15	* limitations under the License.	15	* limitations under the License.
16	*/	16	*/
17		17
18	// DEFAULT_LANGUAGE will be set by setup.js.php	18	// DEFAULT_LANGUAGE will be set by setup.js.php
19	// language_messages will be set by setup.js.php	19	// language_messages will be set by setup.js.php
20	// language_tblprefix will be set by setup.js.php	20	// language_tblprefix will be set by setup.js.php
21		21
22	// TODO: Put these settings in a "setup configuration file" (hardcoded)	22	// TODO: Put these settings in a "setup configuration file" (hardcoded)
23	min_password_length = 10; // see also plugins/viathinksoft/publicPages/092_forgot_password_admin/script.js	23	min_password_length = 10; // see also plugins/viathinksoft/publicPages/092_forgot_password_admin/script.js
24	password_salt_length = 10;	24	password_salt_length = 10;
25	bcrypt_rounds = 10;	25	bcrypt_rounds = 10;
26		26
27	function adminGeneratePassword(password) {	27	function adminGeneratePassword(password) {
28	var salt = generateRandomString(password_salt_length);	28	var salt = generateRandomString(password_salt_length);
29	return salt+'$'+hexToBase64(sha3_512(salt+password));	29	return salt+'$'+hexToBase64(sha3_512(salt+password));
30	}	30	}
31		31
32	var bCryptWorker = null;	32	var bCryptWorker = null;
33	var g_prevBcryptPw = null;	33	var g_prevBcryptPw = null;
34	var g_last_admPwdHash = null;	34	var g_last_admPwdHash = null;
35	var g_last_pwComment = null;	35	var g_last_pwComment = null;
36		36
37	function rebuild() {	37	function rebuild() {
38	var pw = $("#admin_password")[0].value;	38	var pw = $("#admin_password")[0].value;
39		39
40	if (pw != g_prevBcryptPw) {	40	if (pw != g_prevBcryptPw) {
41	// sync call to calculate SHA3	41	// sync call to calculate SHA3
42	var admPwdHash = adminGeneratePassword(pw);	42	var admPwdHash = adminGeneratePassword(pw);
43	var pwComment = 'salted, base64 encoded SHA3-512 hash';	43	var pwComment = 'salted, base64 encoded SHA3-512 hash';
44	doRebuild(admPwdHash, pwComment);	44	doRebuild(admPwdHash, pwComment);
45		45
46	// "async" call to calculate bcrypt (via web-worker)	46	// "async" call to calculate bcrypt (via web-worker)
47	if (bCryptWorker != null) {	47	if (bCryptWorker != null) {
48	g_prevBcryptPw = null;	48	g_prevBcryptPw = null;
49	bCryptWorker.terminate();	49	bCryptWorker.terminate();
50	}	50	}
51	bCryptWorker = new Worker('../bcrypt_worker.js');	51	bCryptWorker = new Worker('../bcrypt_worker.js');
52	bCryptWorker.postMessage([pw, bcrypt_rounds]);	52	bCryptWorker.postMessage([pw, bcrypt_rounds]);
53	bCryptWorker.onmessage = function (event) {	53	bCryptWorker.onmessage = function (event) {
54	var admPwdHash = event.data;	54	var admPwdHash = event.data;
55	var pwComment = 'bcrypt encoded hash';	55	var pwComment = 'bcrypt encoded hash';
56	doRebuild(admPwdHash, pwComment);	56	doRebuild(admPwdHash, pwComment);
57	g_prevBcryptPw = pw;	57	g_prevBcryptPw = pw;
58	};	58	};
59	} else {	59	} else {
60	doRebuild(g_last_admPwdHash, g_last_pwComment);	60	doRebuild(g_last_admPwdHash, g_last_pwComment);
61	}	61	}
62	}	62	}
63		63
64	function doRebuild(admPwdHash, pwComment) {	64	function doRebuild(admPwdHash, pwComment) {
65	g_last_admPwdHash = admPwdHash;	65	g_last_admPwdHash = admPwdHash;
66	g_last_pwComment = pwComment;	66	g_last_pwComment = pwComment;
67		67
68	var error = false;	68	var error = false;
69		69
70	if ($("#config")[0] == null) return;	70	if ($("#config")[0] == null) return;
71		71
72	// Check 1: Has the password the correct length?	72	// Check 1: Has the password the correct length?
73	if ($("#admin_password")[0].value.length < min_password_length)	73	if ($("#admin_password")[0].value.length < min_password_length)
74	{	74	{
75	$("#password_warn")[0].innerHTML = '<font color="red">'+_L('Password must be at least %1 characters long',min_password_length)+'</font>';	75	$("#password_warn")[0].innerHTML = '<font color="red">'+_L('Password must be at least %1 characters long',min_password_length)+'</font>';
76	$("#config")[0].innerHTML = '<b>&lt?php</b><br><br><i>// ERROR: Password must be at least '+min_password_length+' characters long</i>'; // do not translate	76	$("#config")[0].innerHTML = '<b>&lt?php</b><br><br><i>// ERROR: Password must be at least '+min_password_length+' characters long</i>'; // do not translate
77	error = true;	77	error = true;
78	} else {	78	} else {
79	$("#password_warn")[0].innerHTML = '';	79	$("#password_warn")[0].innerHTML = '';
80	}	80	}
81		81
82	// Check 2: Do the passwords match?	82	// Check 2: Do the passwords match?
83	if ($("#admin_password")[0].value != $("#admin_password2")[0].value) {	83	if ($("#admin_password")[0].value != $("#admin_password2")[0].value) {
84	$("#password_warn2")[0].innerHTML = '<font color="red">'+_L('The passwords do not match!')+'</font>';	84	$("#password_warn2")[0].innerHTML = '<font color="red">'+_L('The passwords do not match!')+'</font>';
85	error = true;	85	error = true;
86	} else {	86	} else {
87	$("#password_warn2")[0].innerHTML = '';	87	$("#password_warn2")[0].innerHTML = '';
88	}	88	}
89		89
90	// Check 3: Ask the database or captcha plugins for verification of their data	90	// Check 3: Ask the database or captcha plugins for verification of their data
91	for (var i = 0; i < rebuild_callbacks.length; i++) {	91	for (var i = 0; i < rebuild_callbacks.length; i++) {
92	var f = rebuild_callbacks[i];	92	var f = rebuild_callbacks[i];
93	if (!f()) {	93	if (!f()) {
94	error = true;	94	error = true;
95	}	95	}
96	}	96	}
97		97
98	// Continue	98	// Continue
99	if (!error)	99	if (!error)
100	{	100	{
101	var e = $("#db_plugin")[0];	101	var e = $("#db_plugin")[0];
102	var strDatabasePlugin = e.options[e.selectedIndex].value;	102	var strDatabasePlugin = e.options[e.selectedIndex].value;
103	var e = $("#captcha_plugin")[0];	103	var e = $("#captcha_plugin")[0];
104	var strCaptchaPlugin = e.options[e.selectedIndex].value;	104	var strCaptchaPlugin = e.options[e.selectedIndex].value;
105		105
106	$("#config")[0].innerHTML = '<b>&lt?php</b><br><br>' +	106	$("#config")[0].innerHTML = '<b>&lt?php</b><br><br>' +
107	'<i>// To renew this file, please run setup/ in your browser.</i><br>' + // do not translate	107	'<i>// To renew this file, please run setup/ in your browser.</i><br>' + // do not translate
108	'<i>// If you don\'t want to run setup again, you can also change most of the settings directly in this file.</i><br>' + // do not translate	108	'<i>// If you don\'t want to run setup again, you can also change most of the settings directly in this file.</i><br>' + // do not translate
109	'<i>// List of possible values: doc/config_values.md</i><br>' + // do not translate	109	'<i>// List of possible values: doc/config_values.md</i><br>' + // do not translate
110	'<br>' +	110	'<br>' +
111	'use ViaThinkSoft\\OIDplus\\OIDplus;<br>' +	111	'use ViaThinkSoft\\OIDplus\\OIDplus;<br>' +
112	'<br>' +	112	'<br>' +
113	'OIDplus::baseConfig()->setValue(\'CONFIG_VERSION\', 2.1);<br>' +	113	'OIDplus::baseConfig()->setValue(\'CONFIG_VERSION\', 2.1);<br>' +
114	'<br>' +	114	'<br>' +
115	// Passwords are Base64 encoded to avoid that passwords can be read upon first sight,	115	// Passwords are Base64 encoded to avoid that passwords can be read upon first sight,
116	// e.g. if collegues are looking over your shoulder while you accidently open (and quickly close) userdata/baseconfig/config.inc.php	116	// e.g. if collegues are looking over your shoulder while you accidently open (and quickly close) userdata/baseconfig/config.inc.php
117	'OIDplus::baseConfig()->setValue(\'ADMIN_PASSWORD\', ' + jsString(admPwdHash) + '); // '+pwComment+'<br>' +	117	'OIDplus::baseConfig()->setValue(\'ADMIN_PASSWORD\', ' + jsString(admPwdHash) + '); // '+pwComment+'<br>' +
118	'<br>' +	118	'<br>' +
119	'OIDplus::baseConfig()->setValue(\'DATABASE_PLUGIN\', ' + jsString(strDatabasePlugin) + ');<br>';	119	'OIDplus::baseConfig()->setValue(\'DATABASE_PLUGIN\', ' + jsString(strDatabasePlugin) + ');<br>';
120	for (var i = 0; i < rebuild_config_callbacks.length; i++) {	120	for (var i = 0; i < rebuild_config_callbacks.length; i++) {
121	var f = rebuild_config_callbacks[i];	121	var f = rebuild_config_callbacks[i];
122	var cont = f();	122	var cont = f();
123	if (cont) {	123	if (cont) {
124	$("#config")[0].innerHTML = $("#config")[0].innerHTML + cont;	124	$("#config")[0].innerHTML = $("#config")[0].innerHTML + cont;
125	}	125	}
126	}	126	}
127	$("#config")[0].innerHTML = $("#config")[0].innerHTML +	127	$("#config")[0].innerHTML = $("#config")[0].innerHTML +
128	//'<br>' +	128	//'<br>' +
129	'OIDplus::baseConfig()->setValue(\'TABLENAME_PREFIX\', ' + jsString($("#tablename_prefix")[0].value) + ');<br>' +	129	'OIDplus::baseConfig()->setValue(\'TABLENAME_PREFIX\', ' + jsString($("#tablename_prefix")[0].value) + ');<br>' +
130	'<br>' +	130	'<br>' +
131	'OIDplus::baseConfig()->setValue(\'SERVER_SECRET\', ' + jsString(generateRandomString(32)) + ');<br>' +	131	'OIDplus::baseConfig()->setValue(\'SERVER_SECRET\', ' + jsString(generateRandomString(32)) + ');<br>' +
132	'<br>' +	132	'<br>' +
133	'OIDplus::baseConfig()->setValue(\'CAPTCHA_PLUGIN\', ' + jsString(strCaptchaPlugin) + ');<br>';	133	'OIDplus::baseConfig()->setValue(\'CAPTCHA_PLUGIN\', ' + jsString(strCaptchaPlugin) + ');<br>';
134	for (var i = 0; i < captcha_rebuild_config_callbacks.length; i++) {	134	for (var i = 0; i < captcha_rebuild_config_callbacks.length; i++) {
135	var f = captcha_rebuild_config_callbacks[i];	135	var f = captcha_rebuild_config_callbacks[i];
136	var cont = f();	136	var cont = f();
137	if (cont) {	137	if (cont) {
138	$("#config")[0].innerHTML = $("#config")[0].innerHTML + cont;	138	$("#config")[0].innerHTML = $("#config")[0].innerHTML + cont;
139	}	139	}
140	}	140	}
141		141
142	$("#config")[0].innerHTML = $("#config")[0].innerHTML +	142	$("#config")[0].innerHTML = $("#config")[0].innerHTML +
143	'<br>' +	143	'<br>' +
144	'OIDplus::baseConfig()->setValue(\'ENFORCE_SSL\', ' + $("#enforce_ssl")[0].value + ');<br>';	144	'OIDplus::baseConfig()->setValue(\'ENFORCE_SSL\', ' + $("#enforce_ssl")[0].value + ');<br>';
145		145
146	if ($("#canonical_url")[0].value.trim() != '') {	146	if ($("#canonical_url")[0].value.trim() != '') {
147	$("#config")[0].innerHTML = $("#config")[0].innerHTML +	147	$("#config")[0].innerHTML = $("#config")[0].innerHTML +
148	'<br>' +	148	'<br>' +
149	'OIDplus::baseConfig()->setValue(\'CANONICAL_SYSTEM_URL\', ' + jsString($("#canonical_url")[0].value.trim()) + ');<br>';	149	'OIDplus::baseConfig()->setValue(\'CANONICAL_SYSTEM_URL\', ' + jsString($("#canonical_url")[0].value.trim()) + ');<br>';
150	}	150	}
151		151
152	$("#config")[0].innerHTML = $("#config")[0].innerHTML.replaceAll(' ', ' ');	152	$("#config")[0].innerHTML = $("#config")[0].innerHTML.replaceAll(' ', ' ');
153	}	153	}
154		154
155	// In case something is not good, do not allow the user to continue with the other configuration steps:	155	// In case something is not good, do not allow the user to continue with the other configuration steps:
156	if (error) {	156	if (error) {
157	$("#step2")[0].style.display = "None";	157	$("#step2")[0].style.display = "None";
158	$("#step3")[0].style.display = "None";	158	$("#step3")[0].style.display = "None";
159	$("#step4")[0].style.display = "None";	159	$("#step4")[0].style.display = "None";
160	$("#footer_warn")[0].innerHTML = '<font color="red">'+_L('Please correct the errors above (in red) before continuing.')+'</font>';	160	$("#footer_warn")[0].innerHTML = '<font color="red">'+_L('Please correct the errors above (in red) before continuing.')+'</font>';
161	} else {	161	} else {
162	$("#step2")[0].style.display = "Block";	162	$("#step2")[0].style.display = "Block";
163	$("#step3")[0].style.display = "Block";	163	$("#step3")[0].style.display = "Block";
164	$("#step4")[0].style.display = "Block";	164	$("#step4")[0].style.display = "Block";
165	$("#footer_warn")[0].innerHTML = '';	165	$("#footer_warn")[0].innerHTML = '';
166	}	166	}
167	}	167	}
168		168
169	function checkAccess(dir) {	169	function checkAccess(dir) {
170	if (!dir.toLowerCase().startsWith('https:') && !dir.toLowerCase().startsWith('http:')) {	170	if (!dir.toLowerCase().startsWith('https:') && !dir.toLowerCase().startsWith('http:')) {
171	var url = '../' + dir;	171	var url = '../' + dir;
172	var visibleUrl = RemoveLastDirectoryPartOf(window.location.href) + '/' + dir; // xhr.responseURL not available in IE	172	var visibleUrl = RemoveLastDirectoryPartOf(window.location.href) + '/' + dir; // xhr.responseURL not available in IE
173	} else {	173	} else {
174	var url = dir;	174	var url = dir;
175	var visibleUrl = dir; // xhr.responseURL not available in IE	175	var visibleUrl = dir; // xhr.responseURL not available in IE
176	}	176	}
177		177
178	var xhr = new XMLHttpRequest();	178	var xhr = new XMLHttpRequest();
179	xhr.onreadystatechange = function() {	179	xhr.onreadystatechange = function() {
180	if (xhr.readyState === 4) {	180	if (xhr.readyState === 4) {
181	if (xhr.status === 200) {	181	if (xhr.status === 200) {
182	$("#systemCheckCaption")[0].style.display = 'block';	182	$("#systemCheckCaption")[0].style.display = 'block';
183	// TODO: At my Ubuntu VM, after fixing an issue with Apache2, the messages still appeared. I had to click the links and press F5 for each one	183	// TODO: At my Ubuntu VM, after fixing an issue with Apache2, the messages still appeared. I had to click the links and press F5 for each one
184	// THERE MUST BE NO CACHE!!!	184	// THERE MUST BE NO CACHE!!!
185	$("#dirAccessWarning")[0].innerHTML = $("#dirAccessWarning")[0].innerHTML + _L('Attention: The following directory is world-readable: %1 ! You need to configure your web server to restrict access to this directory! (For Apache see <i>.htaccess</i>, for Microsoft IIS see <i>web.config</i>, for Nginx see <i>nginx.conf</i>).','<a target="_blank" href="'+url+'">'+visibleUrl+'</a>') + '<br>';	185	$("#dirAccessWarning")[0].innerHTML = $("#dirAccessWarning")[0].innerHTML + _L('Attention: The following directory is world-readable: %1 ! You need to configure your web server to restrict access to this directory! (For Apache see <i>.htaccess</i>, for Microsoft IIS see <i>web.config</i>, for Nginx see <i>nginx.conf</i>).','<a target="_blank" href="'+url+'">'+visibleUrl+'</a>') + '<br>';
186	}	186	}
187	}	187	}
188	};	188	};
189		189
190	xhr.open('GET', url);	190	xhr.open('GET', url);
191	xhr.send();	191	xhr.send();
192	}	192	}
193		193
194	function dbplugin_changed() {	194	function dbplugin_changed() {
195	var e = $("#db_plugin")[0];	195	var e = $("#db_plugin")[0];
196	var strDatabasePlugin = e.options[e.selectedIndex].value;	196	var strDatabasePlugin = e.options[e.selectedIndex].value;
197		197
198	for (var i = 0; i < plugin_combobox_change_callbacks.length; i++) {	198	for (var i = 0; i < plugin_combobox_change_callbacks.length; i++) {
199	var f = plugin_combobox_change_callbacks[i];	199	var f = plugin_combobox_change_callbacks[i];
200	f(strDatabasePlugin);	200	f(strDatabasePlugin);
201	}	201	}
202		202
203	rebuild();	203	rebuild();
204	}	204	}
205		205
206	function captchaplugin_changed() {	206	function captchaplugin_changed() {
207	var e = $("#captcha_plugin")[0];	207	var e = $("#captcha_plugin")[0];
208	var strCaptchaPlugin = e.options[e.selectedIndex].value;	208	var strCaptchaPlugin = e.options[e.selectedIndex].value;
209		209
210	for (var i = 0; i < captcha_plugin_combobox_change_callbacks.length; i++) {	210	for (var i = 0; i < captcha_plugin_combobox_change_callbacks.length; i++) {
211	var f = captcha_plugin_combobox_change_callbacks[i];	211	var f = captcha_plugin_combobox_change_callbacks[i];
212	f(strCaptchaPlugin);	212	f(strCaptchaPlugin);
213	}	213	}
214		214
215	rebuild();	215	rebuild();
216	}	216	}
217		217
218	function performAccessCheck() {	218	function performAccessCheck() {
219	$("#dirAccessWarning")[0].innerHTML = "";	219	$("#dirAccessWarning")[0].innerHTML = "";
220	checkAccess("userdata/index.html");	220	checkAccess("userdata/index.html");
221	checkAccess("res/ATTENTION.TXT");	221	checkAccess("res/ATTENTION.TXT");
222	checkAccess("dev/index.html");	222	checkAccess("dev/index.html");
223	checkAccess("includes/index.html");	223	checkAccess("includes/index.html");
224	checkAccess("setup/includes/index.html");	224	checkAccess("setup/includes/index.html");
225	//checkAccess("plugins/viathinksoft/publicPages/100_whois/whois/cli/index.html");	225	//checkAccess("plugins/viathinksoft/publicPages/100_whois/whois/cli/index.html");
226		226
227	if (window.location.href.toLowerCase().startsWith('https://')) {	227	if (window.location.href.toLowerCase().startsWith('https://')) {
228	$("#enforce_ssl").val('OIDplus::ENFORCE_SSL_YES'); // enforce SSL (because we are already SSL)	228	$("#enforce_ssl").val('OIDplus::ENFORCE_SSL_YES'); // enforce SSL (because we are already SSL)
229	} else {	229	} else {
230	// Do a SSL detection now.	230	// Do a SSL detection now.
231	// This is important because on XAMPP the SSL cert is invalid (self signed) and the user might	231	// This is important because on XAMPP the SSL cert is invalid (self signed) and the user might
232	// be very confused if the PHP detection (OIDplus::ENFORCE_SSL_AUTO) notices the open 443 port and redirects the user to a	232	// be very confused if the PHP detection (OIDplus::ENFORCE_SSL_AUTO) notices the open 443 port and redirects the user to a
233	// big warning page of the browser!	233	// big warning page of the browser!
234	var xhr = new XMLHttpRequest();	234	var xhr = new XMLHttpRequest();
235	xhr.onreadystatechange = function() {	235	xhr.onreadystatechange = function() {
236	if (xhr.readyState === 4) {	236	if (xhr.readyState === 4) {
237	if (xhr.status === 200) {	237	if (xhr.status === 200) {
238	$("#enforce_ssl").val('OIDplus::ENFORCE_SSL_YES'); // enforce SSL (we checked that it loads correctly)	238	$("#enforce_ssl").val('OIDplus::ENFORCE_SSL_YES'); // enforce SSL (we checked that it loads correctly)
239	} else {	239	} else {
240	console.log("JS SSL detection result: "+xhr.status);	240	console.log("JS SSL detection result: "+xhr.status);
241	$("#enforce_ssl").val('OIDplus::ENFORCE_SSL_NO'); // disable SSL (because it failed, e.g. because of invalid cert or closed port)	241	$("#enforce_ssl").val('OIDplus::ENFORCE_SSL_NO'); // disable SSL (because it failed, e.g. because of invalid cert or closed port)
242	setCookie('SSL_CHECK', 0, 0/Until browser closes/, oidplus_webpath); // we must revert the SSL_CHECK=1 the PHP script did set (see explanation in OIDplus.class.php:isSslAvailable)	242	setCookie('SSL_CHECK', 0, 0/Until browser closes/, oidplus_webpath_relative); // we must revert the SSL_CHECK=1 the PHP script did set (see explanation in OIDplus.class.php:isSslAvailable)
243	}	243	}
244	}	244	}
245	};	245	};
246	var https_url = window.location.href.replace(/^http:/i, "https:");	246	var https_url = window.location.href.replace(/^http:/i, "https:");
247	xhr.open('GET', https_url);	247	xhr.open('GET', https_url);
248	xhr.send();	248	xhr.send();
249	}	249	}
250	}	250	}
251		251
252	function setupOnLoad() {	252	function setupOnLoad() {
253	rebuild();	253	rebuild();
254	dbplugin_changed();	254	dbplugin_changed();
255	captchaplugin_changed();	255	captchaplugin_changed();
256	performAccessCheck();	256	performAccessCheck();
257	}	257	}
258		258
259	$(document).ready(setupOnLoad);	259	$(document).ready(setupOnLoad);
260		260