- $dbname = trim($_POST['dbname']);
- $uname = trim($_POST['uname']);
- $passwrd = trim($_POST['pwd']);
- $dbhost = trim($_POST['dbhost']);
- $prefix = trim($_POST['prefix']);
- if (empty($prefix)) $prefix = 'wp_';
-
- // Test the db connection.
- define('DB_NAME', $dbname);
- define('DB_USER', $uname);
- define('DB_PASSWORD', $passwrd);
- define('DB_HOST', $dbhost);
-
- // We'll fail here if the values are no good.
- require_once('../wp-includes/wp-db.php');
- $handle = fopen('../wp-config.php', 'w');
-
- foreach ($configFile as $line_num => $line) {
- switch (substr($line,0,16)) {
- case "define('DB_NAME'":
- fwrite($handle, str_replace("wordpress", $dbname, $line));
- break;
- case "define('DB_USER'":
- fwrite($handle, str_replace("'username'", "'$uname'", $line));
- break;
- case "define('DB_PASSW":
- fwrite($handle, str_replace("'password'", "'$passwrd'", $line));
- break;
- case "define('DB_HOST'":
- fwrite($handle, str_replace("localhost", $dbhost, $line));
- break;
- case '$table_prefix =':
- fwrite($handle, str_replace('wp_', $prefix, $line));
+ foreach ( array( 'dbname', 'uname', 'pwd', 'dbhost', 'prefix' ) as $key )
+ $$key = trim( stripslashes( $_POST[ $key ] ) );
+
+ $tryagain_link = '</p><p class="step"><a href="setup-config.php?step=1" onclick="javascript:history.go(-1);return false;" class="button">' . __( 'Try Again' ) . '</a>';
+
+ if ( empty( $prefix ) )
+ wp_die( __( '<strong>ERROR</strong>: "Table Prefix" must not be empty.' . $tryagain_link ) );
+
+ // Validate $prefix: it can only contain letters, numbers and underscores.
+ if ( preg_match( '|[^a-z0-9_]|i', $prefix ) )
+ wp_die( __( '<strong>ERROR</strong>: "Table Prefix" can only contain numbers, letters, and underscores.' . $tryagain_link ) );
+
+ // Test the db connection.
+ /**#@+
+ * @ignore
+ */
+ define('DB_NAME', $dbname);
+ define('DB_USER', $uname);
+ define('DB_PASSWORD', $pwd);
+ define('DB_HOST', $dbhost);
+ /**#@-*/
+
+ // We'll fail here if the values are no good.
+ require_wp_db();
+ if ( ! empty( $wpdb->error ) )
+ wp_die( $wpdb->error->get_error_message() . $tryagain_link );
+
+ // Fetch or generate keys and salts.
+ $no_api = isset( $_POST['noapi'] );
+ if ( ! $no_api ) {
+ require_once( ABSPATH . WPINC . '/class-http.php' );
+ require_once( ABSPATH . WPINC . '/http.php' );
+ wp_fix_server_vars();
+ /**#@+
+ * @ignore
+ */
+ function get_bloginfo() {
+ return ( ( is_ssl() ? 'https://' : 'http://' ) . $_SERVER['HTTP_HOST'] . str_replace( $_SERVER['PHP_SELF'], '/wp-admin/setup-config.php', '' ) );
+ }
+ /**#@-*/
+ $secret_keys = wp_remote_get( 'https://api.wordpress.org/secret-key/1.1/salt/' );
+ }
+
+ if ( $no_api || is_wp_error( $secret_keys ) ) {
+ $secret_keys = array();
+ require_once( ABSPATH . WPINC . '/pluggable.php' );
+ for ( $i = 0; $i < 8; $i++ ) {
+ $secret_keys[] = wp_generate_password( 64, true, true );
+ }
+ } else {
+ $secret_keys = explode( "\n", wp_remote_retrieve_body( $secret_keys ) );
+ foreach ( $secret_keys as $k => $v ) {
+ $secret_keys[$k] = substr( $v, 28, 64 );
+ }
+ }
+
+ $key = 0;
+ // Not a PHP5-style by-reference foreach, as this file must be parseable by PHP4.
+ foreach ( $config_file as $line_num => $line ) {
+ if ( '$table_prefix =' == substr( $line, 0, 16 ) ) {
+ $config_file[ $line_num ] = '$table_prefix = \'' . addcslashes( $prefix, "\\'" ) . "';\r\n";
+ continue;
+ }
+
+ if ( ! preg_match( '/^define\(\'([A-Z_]+)\',([ ]+)/', $line, $match ) )
+ continue;
+
+ $constant = $match[1];
+ $padding = $match[2];
+
+ switch ( $constant ) {
+ case 'DB_NAME' :
+ case 'DB_USER' :
+ case 'DB_PASSWORD' :
+ case 'DB_HOST' :
+ $config_file[ $line_num ] = "define('" . $constant . "'," . $padding . "'" . addcslashes( constant( $constant ), "\\'" ) . "');\r\n";
+ break;
+ case 'AUTH_KEY' :
+ case 'SECURE_AUTH_KEY' :
+ case 'LOGGED_IN_KEY' :
+ case 'NONCE_KEY' :
+ case 'AUTH_SALT' :
+ case 'SECURE_AUTH_SALT' :
+ case 'LOGGED_IN_SALT' :
+ case 'NONCE_SALT' :
+ $config_file[ $line_num ] = "define('" . $constant . "'," . $padding . "'" . $secret_keys[$key++] . "');\r\n";