WordPress 4.7
[autoinstalls/wordpress.git] / wp-admin / install.php
1 <?php
2 /**
3  * WordPress Installer
4  *
5  * @package WordPress
6  * @subpackage Administration
7  */
8
9 // Sanity check.
10 if ( false ) {
11 ?>
12 <!DOCTYPE html>
13 <html xmlns="http://www.w3.org/1999/xhtml">
14 <head>
15         <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
16         <title>Error: PHP is not running</title>
17 </head>
18 <body class="wp-core-ui">
19         <p id="logo"><a href="https://wordpress.org/">WordPress</a></p>
20         <h1>Error: PHP is not running</h1>
21         <p>WordPress requires that your web server is running PHP. Your server does not have PHP installed, or PHP is turned off.</p>
22 </body>
23 </html>
24 <?php
25 }
26
27 /**
28  * We are installing WordPress.
29  *
30  * @since 1.5.1
31  * @var bool
32  */
33 define( 'WP_INSTALLING', true );
34
35 /** Load WordPress Bootstrap */
36 require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );
37
38 /** Load WordPress Administration Upgrade API */
39 require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );
40
41 /** Load WordPress Translation Install API */
42 require_once( ABSPATH . 'wp-admin/includes/translation-install.php' );
43
44 /** Load wpdb */
45 require_once( ABSPATH . WPINC . '/wp-db.php' );
46
47 nocache_headers();
48
49 $step = isset( $_GET['step'] ) ? (int) $_GET['step'] : 0;
50
51 /**
52  * Display install header.
53  *
54  * @since 2.5.0
55  *
56  * @param string $body_classes
57  */
58 function display_header( $body_classes = '' ) {
59         header( 'Content-Type: text/html; charset=utf-8' );
60         if ( is_rtl() ) {
61                 $body_classes .= 'rtl';
62         }
63         if ( $body_classes ) {
64                 $body_classes = ' ' . $body_classes;
65         }
66 ?>
67 <!DOCTYPE html>
68 <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
69 <head>
70         <meta name="viewport" content="width=device-width" />
71         <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
72         <meta name="robots" content="noindex,nofollow" />
73         <title><?php _e( 'WordPress &rsaquo; Installation' ); ?></title>
74         <?php
75                 wp_admin_css( 'install', true );
76                 wp_admin_css( 'dashicons', true );
77         ?>
78 </head>
79 <body class="wp-core-ui<?php echo $body_classes ?>">
80 <p id="logo"><a href="<?php echo esc_url( __( 'https://wordpress.org/' ) ); ?>" tabindex="-1"><?php _e( 'WordPress' ); ?></a></p>
81
82 <?php
83 } // end display_header()
84
85 /**
86  * Display installer setup form.
87  *
88  * @since 2.8.0
89  *
90  * @param string|null $error
91  */
92 function display_setup_form( $error = null ) {
93         global $wpdb;
94
95         $sql = $wpdb->prepare( "SHOW TABLES LIKE %s", $wpdb->esc_like( $wpdb->users ) );
96         $user_table = ( $wpdb->get_var( $sql ) != null );
97
98         // Ensure that Blogs appear in search engines by default.
99         $blog_public = 1;
100         if ( isset( $_POST['weblog_title'] ) ) {
101                 $blog_public = isset( $_POST['blog_public'] );
102         }
103
104         $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
105         $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
106         $admin_email  = isset( $_POST['admin_email']  ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
107
108         if ( ! is_null( $error ) ) {
109 ?>
110 <h1><?php _ex( 'Welcome', 'Howdy' ); ?></h1>
111 <p class="message"><?php echo $error; ?></p>
112 <?php } ?>
113 <form id="setup" method="post" action="install.php?step=2" novalidate="novalidate">
114         <table class="form-table">
115                 <tr>
116                         <th scope="row"><label for="weblog_title"><?php _e( 'Site Title' ); ?></label></th>
117                         <td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo esc_attr( $weblog_title ); ?>" /></td>
118                 </tr>
119                 <tr>
120                         <th scope="row"><label for="user_login"><?php _e('Username'); ?></label></th>
121                         <td>
122                         <?php
123                         if ( $user_table ) {
124                                 _e('User(s) already exists.');
125                                 echo '<input name="user_name" type="hidden" value="admin" />';
126                         } else {
127                                 ?><input name="user_name" type="text" id="user_login" size="25" value="<?php echo esc_attr( sanitize_user( $user_name, true ) ); ?>" />
128                                 <p><?php _e( 'Usernames can have only alphanumeric characters, spaces, underscores, hyphens, periods, and the @ symbol.' ); ?></p>
129                         <?php
130                         } ?>
131                         </td>
132                 </tr>
133                 <?php if ( ! $user_table ) : ?>
134                 <tr class="form-field form-required user-pass1-wrap">
135                         <th scope="row">
136                                 <label for="pass1">
137                                         <?php _e( 'Password' ); ?>
138                                 </label>
139                         </th>
140                         <td>
141                                 <div class="">
142                                         <?php $initial_password = isset( $_POST['admin_password'] ) ? stripslashes( $_POST['admin_password'] ) : wp_generate_password( 18 ); ?>
143                                         <input type="password" name="admin_password" id="pass1" class="regular-text" autocomplete="off" data-reveal="1" data-pw="<?php echo esc_attr( $initial_password ); ?>" aria-describedby="pass-strength-result" />
144                                         <button type="button" class="button wp-hide-pw hide-if-no-js" data-start-masked="<?php echo (int) isset( $_POST['admin_password'] ); ?>" data-toggle="0" aria-label="<?php esc_attr_e( 'Hide password' ); ?>">
145                                                 <span class="dashicons dashicons-hidden"></span>
146                                                 <span class="text"><?php _e( 'Hide' ); ?></span>
147                                         </button>
148                                         <div id="pass-strength-result" aria-live="polite"></div>
149                                 </div>
150                                 <p><span class="description important hide-if-no-js">
151                                 <strong><?php _e( 'Important:' ); ?></strong>
152                                 <?php /* translators: The non-breaking space prevents 1Password from thinking the text "log in" should trigger a password save prompt. */ ?>
153                                 <?php _e( 'You will need this password to log&nbsp;in. Please store it in a secure location.' ); ?></span></p>
154                         </td>
155                 </tr>
156                 <tr class="form-field form-required user-pass2-wrap hide-if-js">
157                         <th scope="row">
158                                 <label for="pass2"><?php _e( 'Repeat Password' ); ?>
159                                         <span class="description"><?php _e( '(required)' ); ?></span>
160                                 </label>
161                         </th>
162                         <td>
163                                 <input name="admin_password2" type="password" id="pass2" autocomplete="off" />
164                         </td>
165                 </tr>
166                 <tr class="pw-weak">
167                         <th scope="row"><?php _e( 'Confirm Password' ); ?></th>
168                         <td>
169                                 <label>
170                                         <input type="checkbox" name="pw_weak" class="pw-checkbox" />
171                                         <?php _e( 'Confirm use of weak password' ); ?>
172                                 </label>
173                         </td>
174                 </tr>
175                 <?php endif; ?>
176                 <tr>
177                         <th scope="row"><label for="admin_email"><?php _e( 'Your Email' ); ?></label></th>
178                         <td><input name="admin_email" type="email" id="admin_email" size="25" value="<?php echo esc_attr( $admin_email ); ?>" />
179                         <p><?php _e( 'Double-check your email address before continuing.' ); ?></p></td>
180                 </tr>
181                 <tr>
182                         <th scope="row"><?php has_action( 'blog_privacy_selector' ) ? _e( 'Site Visibility' ) : _e( 'Search Engine Visibility' ); ?></th>
183                         <td>
184                                 <fieldset>
185                                         <legend class="screen-reader-text"><span><?php has_action( 'blog_privacy_selector' ) ? _e( 'Site Visibility' ) : _e( 'Search Engine Visibility' ); ?> </span></legend>
186                                         <?php
187                                         if ( has_action( 'blog_privacy_selector' ) ) { ?>
188                                                 <input id="blog-public" type="radio" name="blog_public" value="1" <?php checked( 1, $blog_public ); ?> />
189                                                 <label for="blog-public"><?php _e( 'Allow search engines to index this site' );?></label><br/>
190                                                 <input id="blog-norobots" type="radio" name="blog_public" value="0" <?php checked( 0, $blog_public ); ?> />
191                                                 <label for="blog-norobots"><?php _e( 'Discourage search engines from indexing this site' ); ?></label>
192                                                 <p class="description"><?php _e( 'Note: Neither of these options blocks access to your site &mdash; it is up to search engines to honor your request.' ); ?></p>
193                                                 <?php
194                                                 /** This action is documented in wp-admin/options-reading.php */
195                                                 do_action( 'blog_privacy_selector' );
196                                          } else { ?>
197                                                 <label for="blog_public"><input name="blog_public" type="checkbox" id="blog_public" value="0" <?php checked( 0, $blog_public ); ?> />
198                                                 <?php _e( 'Discourage search engines from indexing this site' ); ?></label>
199                                                 <p class="description"><?php _e( 'It is up to search engines to honor this request.' ); ?></p>
200                                         <?php } ?>
201                                 </fieldset>
202                         </td>
203                 </tr>
204         </table>
205         <p class="step"><?php submit_button( __( 'Install WordPress' ), 'large', 'Submit', false, array( 'id' => 'submit' ) ); ?></p>
206         <input type="hidden" name="language" value="<?php echo isset( $_REQUEST['language'] ) ? esc_attr( $_REQUEST['language'] ) : ''; ?>" />
207 </form>
208 <?php
209 } // end display_setup_form()
210
211 // Let's check to make sure WP isn't already installed.
212 if ( is_blog_installed() ) {
213         display_header();
214         die(
215                 '<h1>' . __( 'Already Installed' ) . '</h1>' .
216                 '<p>' . __( 'You appear to have already installed WordPress. To reinstall please clear your old database tables first.' ) . '</p>' .
217                 '<p class="step"><a href="' . esc_url( wp_login_url() ) . '" class="button button-large">' . __( 'Log In' ) . '</a></p>' .
218                 '</body></html>'
219         );
220 }
221
222 /**
223  * @global string $wp_version
224  * @global string $required_php_version
225  * @global string $required_mysql_version
226  * @global wpdb   $wpdb
227  */
228 global $wp_version, $required_php_version, $required_mysql_version;
229
230 $php_version    = phpversion();
231 $mysql_version  = $wpdb->db_version();
232 $php_compat     = version_compare( $php_version, $required_php_version, '>=' );
233 $mysql_compat   = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );
234
235 if ( !$mysql_compat && !$php_compat ) {
236         /* translators: 1: WordPress version number, 2: Minimum required PHP version number, 3: Minimum required MySQL version number, 4: Current PHP version number, 5: Current MySQL version number */
237         $compat = sprintf( __( 'You cannot install because <a href="https://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> requires PHP version %2$s or higher and MySQL version %3$s or higher. You are running PHP version %4$s and MySQL version %5$s.' ), $wp_version, $required_php_version, $required_mysql_version, $php_version, $mysql_version );
238 } elseif ( !$php_compat ) {
239         /* translators: 1: WordPress version number, 2: Minimum required PHP version number, 3: Current PHP version number */
240         $compat = sprintf( __( 'You cannot install because <a href="https://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> requires PHP version %2$s or higher. You are running version %3$s.' ), $wp_version, $required_php_version, $php_version );
241 } elseif ( !$mysql_compat ) {
242         /* translators: 1: WordPress version number, 2: Minimum required MySQL version number, 3: Current MySQL version number */
243         $compat = sprintf( __( 'You cannot install because <a href="https://codex.wordpress.org/Version_%1$s">WordPress %1$s</a> requires MySQL version %2$s or higher. You are running version %3$s.' ), $wp_version, $required_mysql_version, $mysql_version );
244 }
245
246 if ( !$mysql_compat || !$php_compat ) {
247         display_header();
248         die( '<h1>' . __( 'Insufficient Requirements' ) . '</h1><p>' . $compat . '</p></body></html>' );
249 }
250
251 if ( ! is_string( $wpdb->base_prefix ) || '' === $wpdb->base_prefix ) {
252         display_header();
253         die(
254                 '<h1>' . __( 'Configuration Error' ) . '</h1>' .
255                 '<p>' . sprintf(
256                         /* translators: %s: wp-config.php */
257                         __( 'Your %s file has an empty database table prefix, which is not supported.' ),
258                         '<code>wp-config.php</code>'
259                 ) . '</p></body></html>'
260         );
261 }
262
263 // Set error message if DO_NOT_UPGRADE_GLOBAL_TABLES isn't set as it will break install.
264 if ( defined( 'DO_NOT_UPGRADE_GLOBAL_TABLES' ) ) {
265         display_header();
266         die(
267                 '<h1>' . __( 'Configuration Error' ) . '</h1>' .
268                 '<p>' . sprintf(
269                         /* translators: %s: DO_NOT_UPGRADE_GLOBAL_TABLES */
270                         __( 'The constant %s cannot be defined when installing WordPress.' ),
271                         '<code>DO_NOT_UPGRADE_GLOBAL_TABLES</code>'
272                 ) . '</p></body></html>'
273         );
274 }
275
276 /**
277  * @global string    $wp_local_package
278  * @global WP_Locale $wp_locale
279  */
280 $language = '';
281 if ( ! empty( $_REQUEST['language'] ) ) {
282         $language = preg_replace( '/[^a-zA-Z_]/', '', $_REQUEST['language'] );
283 } elseif ( isset( $GLOBALS['wp_local_package'] ) ) {
284         $language = $GLOBALS['wp_local_package'];
285 }
286
287 $scripts_to_print = array( 'jquery' );
288
289 switch($step) {
290         case 0: // Step 0
291                 if ( wp_can_install_language_pack() && empty( $language ) && ( $languages = wp_get_available_translations() ) ) {
292                         $scripts_to_print[] = 'language-chooser';
293                         display_header( 'language-chooser' );
294                         echo '<form id="setup" method="post" action="?step=1">';
295                         wp_install_language_form( $languages );
296                         echo '</form>';
297                         break;
298                 }
299
300                 // Deliberately fall through if we can't reach the translations API.
301
302         case 1: // Step 1, direct link or from language chooser.
303                 if ( ! empty( $language ) ) {
304                         $loaded_language = wp_download_language_pack( $language );
305                         if ( $loaded_language ) {
306                                 load_default_textdomain( $loaded_language );
307                                 $GLOBALS['wp_locale'] = new WP_Locale();
308                         }
309                 }
310
311                 $scripts_to_print[] = 'user-profile';
312
313                 display_header();
314 ?>
315 <h1><?php _ex( 'Welcome', 'Howdy' ); ?></h1>
316 <p><?php _e( 'Welcome to the famous five-minute WordPress installation process! Just fill in the information below and you&#8217;ll be on your way to using the most extendable and powerful personal publishing platform in the world.' ); ?></p>
317
318 <h2><?php _e( 'Information needed' ); ?></h2>
319 <p><?php _e( 'Please provide the following information. Don&#8217;t worry, you can always change these settings later.' ); ?></p>
320
321 <?php
322                 display_setup_form();
323                 break;
324         case 2:
325                 if ( ! empty( $language ) && load_default_textdomain( $language ) ) {
326                         $loaded_language = $language;
327                         $GLOBALS['wp_locale'] = new WP_Locale();
328                 } else {
329                         $loaded_language = 'en_US';
330                 }
331
332                 if ( ! empty( $wpdb->error ) )
333                         wp_die( $wpdb->error->get_error_message() );
334
335                 $scripts_to_print[] = 'user-profile';
336
337                 // Fill in the data we gathered
338                 $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
339                 $user_name = isset($_POST['user_name']) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
340                 $admin_password = isset($_POST['admin_password']) ? wp_unslash( $_POST['admin_password'] ) : '';
341                 $admin_password_check = isset($_POST['admin_password2']) ? wp_unslash( $_POST['admin_password2'] ) : '';
342                 $admin_email  = isset( $_POST['admin_email'] ) ?trim( wp_unslash( $_POST['admin_email'] ) ) : '';
343                 $public       = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 1;
344
345                 // Check email address.
346                 $error = false;
347                 if ( empty( $user_name ) ) {
348                         // TODO: poka-yoke
349                         display_header();
350                         display_setup_form( __( 'Please provide a valid username.' ) );
351                         $error = true;
352                 } elseif ( $user_name != sanitize_user( $user_name, true ) ) {
353                         display_header();
354                         display_setup_form( __( 'The username you provided has invalid characters.' ) );
355                         $error = true;
356                 } elseif ( $admin_password != $admin_password_check ) {
357                         // TODO: poka-yoke
358                         display_header();
359                         display_setup_form( __( 'Your passwords do not match. Please try again.' ) );
360                         $error = true;
361                 } elseif ( empty( $admin_email ) ) {
362                         // TODO: poka-yoke
363                         display_header();
364                         display_setup_form( __( 'You must provide an email address.' ) );
365                         $error = true;
366                 } elseif ( ! is_email( $admin_email ) ) {
367                         // TODO: poka-yoke
368                         display_header();
369                         display_setup_form( __( 'Sorry, that isn&#8217;t a valid email address. Email addresses look like <code>username@example.com</code>.' ) );
370                         $error = true;
371                 }
372
373                 if ( $error === false ) {
374                         $wpdb->show_errors();
375                         $result = wp_install( $weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ), $loaded_language );
376
377                         // Log the user in and send them to wp-admin:
378                         if ( ! headers_sent() ) {
379                                 wp_set_auth_cookie( $result['user_id'], true, is_ssl() );
380                                 wp_redirect( admin_url() );
381                                 exit;
382                         }
383
384                         // If headers have already been sent, fall back to a "Success!" message:
385                         display_header();
386 ?>
387
388 <h1><?php _e( 'Success!' ); ?></h1>
389
390 <p><?php _e( 'WordPress has been installed. Thank you, and enjoy!' ); ?></p>
391
392 <table class="form-table install-success">
393         <tr>
394                 <th><?php _e( 'Username' ); ?></th>
395                 <td><?php echo esc_html( sanitize_user( $user_name, true ) ); ?></td>
396         </tr>
397         <tr>
398                 <th><?php _e( 'Password' ); ?></th>
399                 <td><?php
400                 if ( ! empty( $result['password'] ) && empty( $admin_password_check ) ): ?>
401                         <code><?php echo esc_html( $result['password'] ) ?></code><br />
402                 <?php endif ?>
403                         <p><?php echo $result['password_message'] ?></p>
404                 </td>
405         </tr>
406 </table>
407
408 <p class="step"><a href="<?php echo esc_url( wp_login_url() ); ?>" class="button button-large"><?php _e( 'Log In' ); ?></a></p>
409
410 <?php
411                 }
412                 break;
413 }
414
415 if ( ! wp_is_mobile() ) {
416         ?>
417 <script type="text/javascript">var t = document.getElementById('weblog_title'); if (t){ t.focus(); }</script>
418         <?php
419 }
420
421 wp_print_scripts( $scripts_to_print );
422 ?>
423 <script type="text/javascript">
424 jQuery( function( $ ) {
425         $( '.hide-if-no-js' ).removeClass( 'hide-if-no-js' );
426 } );
427 </script>
428 </body>
429 </html>