From 8a5050289ef695dc4d388eecee692ad9d83e00ce Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Thu, 3 Jul 2014 21:20:11 +0200
Subject: New install logic

Now the install.php is kept in ./app/ and the trigger is
./data/do-install.php
There is no need anymore to have write access in ./p/i/
---
 app/install.php | 1115 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 1115 insertions(+)
 create mode 100644 app/install.php

(limited to 'app/install.php')

diff --git a/app/install.php b/app/install.php
new file mode 100644
index 000000000..9863dd556
--- /dev/null
+++ b/app/install.php
@@ -0,0 +1,1115 @@
+<?php
+if (function_exists('opcache_reset')) {
+	opcache_reset();
+}
+
+define('BCRYPT_COST', 9);
+
+session_name('FreshRSS');
+session_set_cookie_params(0, dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])), null, false, true);
+session_start();
+
+if (isset ($_GET['step'])) {
+	define ('STEP', $_GET['step']);
+} else {
+	define ('STEP', 1);
+}
+
+define('SQL_CREATE_DB', 'CREATE DATABASE IF NOT EXISTS %1$s DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;');
+
+if (isset($_SESSION['bd_type'])) {
+	switch ($_SESSION['bd_type']) {
+		case 'mysql':
+			include(APP_PATH . '/SQL/install.sql.mysql.php');
+			break;
+		case 'sqlite':
+			include(APP_PATH . '/SQL/install.sql.sqlite.php');
+			break;
+	}
+}
+
+//<updates>
+define('SQL_BACKUP006', 'RENAME TABLE `%1$scategory` TO `%1$scategory006`, `%1$sfeed` TO `%1$sfeed006`, `%1$sentry` TO `%1$sentry006`;');
+
+define('SQL_SHOW_COLUMNS_UPDATEv006', 'SHOW columns FROM `%1$sentry006` LIKE "id2";');
+
+define('SQL_UPDATEv006', '
+ALTER TABLE `%1$scategory006` ADD id2 SMALLINT;
+
+SET @i = 0;
+UPDATE `%1$scategory006` SET id2=(@i:=@i+1) ORDER BY id;
+
+ALTER TABLE `%1$sfeed006` ADD id2 SMALLINT, ADD category2 SMALLINT;
+
+SET @i = 0;
+UPDATE `%1$sfeed006` SET id2=(@i:=@i+1) ORDER BY name;
+
+UPDATE `%1$sfeed006` f
+INNER JOIN `%1$scategory006` c ON f.category = c.id
+SET f.category2 = c.id2;
+
+INSERT IGNORE INTO `%2$scategory` (name)
+SELECT name
+FROM `%1$scategory006`
+ORDER BY id2;
+
+INSERT IGNORE INTO `%2$sfeed` (url, category, name, website, description, priority, pathEntries, httpAuth, keep_history)
+SELECT url, category2, name, website, description, priority, pathEntries, httpAuth, IF(keep_history = 1, -1, -2)
+FROM `%1$sfeed006`
+ORDER BY id2;
+
+ALTER TABLE `%1$sentry006` ADD id2 bigint;
+
+UPDATE `%1$sentry006` SET id2 = ((date * 1000000) + (rand() * 100000000));
+
+INSERT IGNORE INTO `%2$sentry` (id, guid, title, author, link, date, is_read, is_favorite, id_feed, tags)
+SELECT e0.id2, e0.guid, e0.title, e0.author, e0.link, e0.date, e0.is_read, e0.is_favorite, f0.id2, e0.tags
+FROM `%1$sentry006` e0
+INNER JOIN `%1$sfeed006` f0 ON e0.id_feed = f0.id;
+');
+
+define('SQL_CONVERT_SELECTv006', '
+SELECT e0.id2, e0.content
+FROM `%1$sentry006` e0
+INNER JOIN `%2$sentry` e1 ON e0.id2 = e1.id
+WHERE e1.content_bin IS NULL');
+
+define('SQL_CONVERT_UPDATEv006', 'UPDATE `%1$sentry` SET '
+	. (isset($_SESSION['bd_type']) && $_SESSION['bd_type'] === 'mysql' ? 'content_bin=COMPRESS(?)' : 'content=?')
+	. ' WHERE id=?;');
+
+define('SQL_DROP_BACKUPv006', 'DROP TABLE IF EXISTS `%1$sentry006`, `%1$sfeed006`, `%1$scategory006`;');
+
+define('SQL_UPDATE_CACHED_VALUES', '
+UPDATE `%1$sfeed` f
+INNER JOIN (
+	SELECT e.id_feed,
+	COUNT(CASE WHEN e.is_read = 0 THEN 1 END) AS nbUnreads,
+	COUNT(e.id) AS nbEntries
+	FROM `%1$sentry` e
+	GROUP BY e.id_feed
+) x ON x.id_feed=f.id
+SET f.cache_nbEntries=x.nbEntries, f.cache_nbUnreads=x.nbUnreads
+');
+
+define('SQL_UPDATE_HISTORYv007b', 'UPDATE `%1$sfeed` SET keep_history = CASE WHEN keep_history = 0 THEN -2 WHEN keep_history = 1 THEN -1 ELSE keep_history END;');
+
+define('SQL_GET_FEEDS', 'SELECT id, url, website FROM `%1$sfeed`;');
+//</updates>
+
+// gestion internationalisation
+$translates = array ();
+$actual = 'en';
+function initTranslate () {
+	global $translates;
+	global $actual;
+
+	$actual = isset($_SESSION['language']) ? $_SESSION['language'] : getBetterLanguage('en');
+
+	$file = APP_PATH . '/i18n/' . $actual . '.php';
+	if (file_exists($file)) {
+		$translates = array_merge($translates, include($file));
+	}
+
+	$file = APP_PATH . '/i18n/install.' . $actual . '.php';
+	if (file_exists($file)) {
+		$translates = array_merge($translates, include($file));
+	}
+}
+
+function getBetterLanguage ($fallback) {
+	$available = availableLanguages ();
+	$accept = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
+	$language = strtolower (substr ($accept, 0, 2));
+
+	if (isset ($available[$language])) {
+		return $language;
+	} else {
+		return $fallback;
+	}
+}
+function availableLanguages () {
+	return array (
+		'en' => 'English',
+		'fr' => 'Français'
+	);
+}
+function _t ($key) {
+	global $translates;
+	$translate = $key;
+	if (isset ($translates[$key])) {
+		$translate = $translates[$key];
+	}
+
+	$args = func_get_args ();
+	unset($args[0]);
+
+	return vsprintf ($translate, $args);
+}
+
+/*** SAUVEGARDES ***/
+function saveLanguage () {
+	if (!empty ($_POST)) {
+		if (!isset ($_POST['language'])) {
+			return false;
+		}
+
+		$_SESSION['language'] = $_POST['language'];
+
+		header ('Location: index.php?step=1');
+	}
+}
+function saveStep2 () {
+	if (!empty ($_POST)) {
+		if (empty ($_POST['title']) ||
+		    empty ($_POST['old_entries']) ||
+		    empty ($_POST['auth_type']) ||
+		    empty ($_POST['default_user'])) {
+			return false;
+		}
+
+		$_SESSION['salt'] = sha1(uniqid(mt_rand(), true).implode('', stat(__FILE__)));
+		$_SESSION['title'] = substr(trim($_POST['title']), 0, 25);
+		$_SESSION['old_entries'] = $_POST['old_entries'];
+		if ((!ctype_digit($_SESSION['old_entries'])) || ($_SESSION['old_entries'] < 1)) {
+			$_SESSION['old_entries'] = 3;
+		}
+		$_SESSION['mail_login'] = filter_var($_POST['mail_login'], FILTER_VALIDATE_EMAIL);
+		$_SESSION['default_user'] = substr(preg_replace('/[^a-zA-Z0-9]/', '', $_POST['default_user']), 0, 16);
+		$_SESSION['auth_type'] = $_POST['auth_type'];
+		if (!empty($_POST['passwordPlain'])) {
+			if (!function_exists('password_hash')) {
+				include_once(LIB_PATH . '/password_compat.php');
+			}
+			$passwordHash = password_hash($_POST['passwordPlain'], PASSWORD_BCRYPT, array('cost' => BCRYPT_COST));
+			$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
+			$_SESSION['passwordHash'] = $passwordHash;
+		}
+
+		$token = '';
+		if ($_SESSION['mail_login']) {
+			$token = sha1($_SESSION['salt'] . $_SESSION['mail_login']);
+		}
+
+		$config_array = array (
+			'language' => $_SESSION['language'],
+			'theme' => $_SESSION['theme'],
+			'old_entries' => $_SESSION['old_entries'],
+			'mail_login' => $_SESSION['mail_login'],
+			'passwordHash' => $_SESSION['passwordHash'],
+			'token' => $token,
+		);
+
+		$configPath = DATA_PATH . '/' . $_SESSION['default_user'] . '_user.php';
+		@unlink($configPath);	//To avoid access-rights problems
+		file_put_contents($configPath, "<?php\n return " . var_export($config_array, true) . ';');
+
+		if ($_SESSION['mail_login'] != '') {
+			$personaFile = DATA_PATH . '/persona/' . $_SESSION['mail_login'] . '.txt';
+			@unlink($personaFile);
+			file_put_contents($personaFile, $_SESSION['default_user']);
+		}
+
+		header ('Location: index.php?step=3');
+	}
+}
+
+function saveStep3 () {
+	if (!empty ($_POST)) {
+
+		$_SESSION['bd_type'] = isset ($_POST['type']) ? $_POST['type'] : '';
+
+		if ($_SESSION['bd_type'] === 'sqlite') {
+			$_SESSION['bd_base'] = $_SESSION['default_user'];
+			$_SESSION['bd_host'] = '';
+			$_SESSION['bd_user'] = '';
+			$_SESSION['bd_password'] = '';
+			$_SESSION['bd_prefix'] = '';
+			$_SESSION['bd_prefix_user'] = '';	//No prefix for SQLite
+		} else {
+			if (empty ($_POST['type']) ||
+			    empty ($_POST['host']) ||
+			    empty ($_POST['user']) ||
+			    empty ($_POST['base'])) {
+				$_SESSION['bd_error'] = 'Missing parameters!';
+			}
+			$_SESSION['bd_base'] = substr($_POST['base'], 0, 64);
+			$_SESSION['bd_host'] = $_POST['host'];
+			$_SESSION['bd_user'] = $_POST['user'];
+			$_SESSION['bd_password'] = $_POST['pass'];
+			$_SESSION['bd_prefix'] = substr($_POST['prefix'], 0, 16);
+			$_SESSION['bd_prefix_user'] = $_SESSION['bd_prefix'] . (empty($_SESSION['default_user']) ? '' : ($_SESSION['default_user'] . '_'));
+		}
+
+		$ini_array = array(
+			'general' => array(
+				'environment' => empty($_SESSION['environment']) ? 'production' : $_SESSION['environment'],
+				'salt' => $_SESSION['salt'],
+				'base_url' => '',
+				'title' => $_SESSION['title'],
+				'default_user' => $_SESSION['default_user'],
+				'auth_type' => $_SESSION['auth_type'],
+				'allow_anonymous' => isset($_SESSION['allow_anonymous']) ? $_SESSION['allow_anonymous'] : false,
+				'allow_anonymous_refresh' => false,
+				'unsafe_autologin_enabled' => false,
+				'api_enabled' => false,
+			),
+			'db' => array(
+				'type' => $_SESSION['bd_type'],
+				'host' => $_SESSION['bd_host'],
+				'user' => $_SESSION['bd_user'],
+				'password' => $_SESSION['bd_password'],
+				'base' => $_SESSION['bd_base'],
+				'prefix' => $_SESSION['bd_prefix'],
+			),
+		);
+
+		@unlink(DATA_PATH . '/config.php');	//To avoid access-rights problems
+		file_put_contents(DATA_PATH . '/config.php', "<?php\n return " . var_export($ini_array, true) . ';');
+
+		if (file_exists(DATA_PATH . '/config.php') && file_exists(DATA_PATH . '/application.ini')) {
+			@unlink(DATA_PATH . '/application.ini');	//v0.6
+		}
+
+		$res = checkBD ();
+
+		if ($res) {
+			$_SESSION['bd_error'] = '';
+			header ('Location: index.php?step=4');
+		} elseif (empty($_SESSION['bd_error'])) {
+			$_SESSION['bd_error'] = 'Unknown error!';
+		}
+	}
+	invalidateHttpCache();
+}
+
+function updateDatabase($perform = false) {
+	$needs = array('bd_type', 'bd_host', 'bd_base', 'bd_user', 'bd_password', 'bd_prefix', 'bd_prefix_user');
+	foreach ($needs as $need) {
+		if (!isset($_SESSION[$need])) {
+			return false;
+		}
+	}
+
+	try {
+		$str = '';
+		switch ($_SESSION['bd_type']) {
+			case 'mysql':
+				$str = 'mysql:host=' . $_SESSION['bd_host'] . ';dbname=' . $_SESSION['bd_base'];
+				$driver_options = array(
+					PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
+				);
+				break;
+			case 'sqlite':
+				return false;	//No update for SQLite needed so far
+			default:
+				return false;
+		}
+
+		$c = new PDO($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
+
+		$stm = $c->prepare(SQL_SHOW_TABLES);
+		$stm->execute();
+		$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
+		if (!in_array($_SESSION['bd_prefix'] . 'entry006', $res)) {
+			return false;
+		}
+
+		$sql = sprintf(SQL_SHOW_COLUMNS_UPDATEv006, $_SESSION['bd_prefix']);
+		$stm = $c->prepare($sql);
+		$stm->execute();
+		$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
+		if (!in_array('id2', $res)) {
+			if (!$perform) {
+				return true;
+			}
+			$sql = sprintf(SQL_UPDATEv006, $_SESSION['bd_prefix'], $_SESSION['bd_prefix_user']);
+			$stm = $c->prepare($sql, array(PDO::ATTR_EMULATE_PREPARES => true));
+			$stm->execute();
+		}
+
+		$sql = sprintf(SQL_CONVERT_SELECTv006, $_SESSION['bd_prefix'], $_SESSION['bd_prefix_user']);
+		if (!$perform) {
+			$sql .= ' LIMIT 1';
+		}
+		$stm = $c->prepare($sql);
+		$stm->execute();
+		if (!$perform) {
+			$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
+			return count($res) > 0;
+		} else {
+			@set_time_limit(300);
+		}
+
+		$c2 = new PDO($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
+		$sql = sprintf(SQL_CONVERT_UPDATEv006, $_SESSION['bd_prefix_user']);
+		$stm2 = $c2->prepare($sql);
+		while ($row = $stm->fetch(PDO::FETCH_ASSOC)) {
+			$id = $row['id2'];
+			$content = unserialize(gzinflate(base64_decode($row['content'])));
+			$stm2->execute(array($content, $id));
+		}
+
+		return true;
+	} catch (PDOException $e) {
+		return false;
+	}
+	return false;
+}
+
+function newPdo() {
+	switch ($_SESSION['bd_type']) {
+		case 'mysql':
+			$str = 'mysql:host=' . $_SESSION['bd_host'] . ';dbname=' . $_SESSION['bd_base'];
+			$driver_options = array(
+				PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
+			);
+			break;
+		case 'sqlite':
+			$str = 'sqlite:' . DATA_PATH . '/' . $_SESSION['bd_base'] . '.sqlite';
+			$driver_options = array(
+				PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+			);
+			break;
+		default:
+			return false;
+	}
+	return new PDO($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
+}
+
+function postUpdate() {
+	$c = newPdo();
+
+	if ($_SESSION['bd_type'] !== 'sqlite') {	//No update for SQLite needed yet
+		$sql = sprintf(SQL_UPDATE_HISTORYv007b, $_SESSION['bd_prefix_user']);
+		$stm = $c->prepare($sql);
+		$stm->execute();
+
+		$sql = sprintf(SQL_UPDATE_CACHED_VALUES, $_SESSION['bd_prefix_user']);
+		$stm = $c->prepare($sql);
+		$stm->execute();
+	}
+
+	//<favicons>
+	$sql = sprintf(SQL_GET_FEEDS, $_SESSION['bd_prefix_user']);
+	$stm = $c->prepare($sql);
+	$stm->execute();
+	$res = $stm->fetchAll(PDO::FETCH_ASSOC);
+	foreach ($res as $feed) {
+		if (empty($feed['url'])) {
+			continue;
+		}
+		$hash = hash('crc32b', $_SESSION['salt'] . $feed['url']);
+		@file_put_contents(DATA_PATH . '/favicons/' . $hash . '.txt',
+			empty($feed['website']) ? $feed['url'] : $feed['website']);
+	}
+	//</favicons>
+}
+
+function deleteInstall () {
+	$res = unlink (DATA_PATH . 'do-install.txt');
+	if ($res) {
+		header ('Location: index.php');
+	}
+
+	$needs = array('bd_type', 'bd_host', 'bd_base', 'bd_user', 'bd_password', 'bd_prefix');
+	foreach ($needs as $need) {
+		if (!isset($_SESSION[$need])) {
+			return false;
+		}
+	}
+
+	try {
+		$c = newPdo();
+		$sql = sprintf(SQL_DROP_BACKUPv006, $_SESSION['bd_prefix']);
+		$stm = $c->prepare($sql);
+		$stm->execute();
+
+		return true;
+	} catch (PDOException $e) {
+		return false;
+	}
+	return false;
+}
+
+function moveOldFiles() {
+	$mvs = array(
+		'/app/configuration/application.ini' => '/data/application.ini',	//v0.6
+		'/public/data/Configuration.array.php' => '/data/Configuration.array.php',	//v0.6
+	);
+	$ok = true;
+	foreach ($mvs as $fFrom => $fTo) {
+		if (file_exists(FRESHRSS_PATH . $fFrom)) {
+			if (copy(FRESHRSS_PATH . $fFrom, FRESHRSS_PATH . $fTo)) {
+				@unlink(FRESHRSS_PATH . $fFrom);
+			} else {
+				$ok = false;
+			}
+		}
+	}
+	return $ok;
+}
+
+function delTree($dir) {	//http://php.net/rmdir#110489
+	if (!is_dir($dir)) {
+		return true;
+	}
+	$files = array_diff(scandir($dir), array('.', '..'));
+	foreach ($files as $file) {
+		$f = $dir . '/' . $file;
+		if (is_dir($f)) {
+			@chmod($f, 0777);
+			delTree($f);
+		}
+		else unlink($f);
+	}
+	return rmdir($dir);
+}
+
+/*** VÉRIFICATIONS ***/
+function checkStep () {
+	$s0 = checkStep0 ();
+	$s1 = checkStep1 ();
+	$s2 = checkStep2 ();
+	$s3 = checkStep3 ();
+	if (STEP > 0 && $s0['all'] != 'ok') {
+		header ('Location: index.php?step=0');
+	} elseif (STEP > 1 && $s1['all'] != 'ok') {
+		header ('Location: index.php?step=1');
+	} elseif (STEP > 2 && $s2['all'] != 'ok') {
+		header ('Location: index.php?step=2');
+	} elseif (STEP > 3 && $s3['all'] != 'ok') {
+		header ('Location: index.php?step=3');
+	}
+	$_SESSION['actualize_feeds'] = true;
+}
+function checkStep0 () {
+	moveOldFiles();
+
+	if (file_exists(DATA_PATH . '/config.php')) {
+		$ini_array = include(DATA_PATH . '/config.php');
+	} elseif (file_exists(DATA_PATH . '/application.ini')) {	//v0.6
+		$ini_array = parse_ini_file(DATA_PATH . '/application.ini', true);
+		$ini_array['general']['title'] = empty($ini_array['general']['title']) ? '' : stripslashes($ini_array['general']['title']);
+	} else {
+		$ini_array = null;
+	}
+
+	if ($ini_array) {
+		$ini_general = isset($ini_array['general']) ? $ini_array['general'] : null;
+		if ($ini_general) {
+			$keys = array('environment', 'salt', 'title', 'default_user', 'allow_anonymous', 'auth_type');
+			foreach ($keys as $key) {
+				if ((empty($_SESSION[$key])) && isset($ini_general[$key])) {
+					$_SESSION[$key] = $ini_general[$key];
+				}
+			}
+		}
+		$ini_db = isset($ini_array['db']) ? $ini_array['db'] : null;
+		if ($ini_db) {
+			$keys = array('type', 'host', 'user', 'password', 'base', 'prefix');
+			foreach ($keys as $key) {
+				if ((!isset($_SESSION['bd_' . $key])) && isset($ini_db[$key])) {
+					$_SESSION['bd_' . $key] = $ini_db[$key];
+				}
+			}
+		}
+	}
+
+	if (isset($_SESSION['default_user']) && file_exists(DATA_PATH . '/' . $_SESSION['default_user'] . '_user.php')) {
+		$userConfig = include(DATA_PATH . '/' . $_SESSION['default_user'] . '_user.php');
+	} elseif (file_exists(DATA_PATH . '/Configuration.array.php')) {
+		$userConfig = include(DATA_PATH . '/Configuration.array.php');	//v0.6
+		if (empty($_SESSION['auth_type'])) {
+			$_SESSION['auth_type'] = empty($userConfig['mail_login']) ? 'none' : 'persona';
+		}
+		if (!isset($_SESSION['allow_anonymous'])) {
+			$_SESSION['allow_anonymous'] = empty($userConfig['anon_access']) ? false : ($userConfig['anon_access'] === 'yes');
+		}
+	} else {
+		$userConfig = array();
+	}
+	if (empty($_SESSION['auth_type'])) {	//v0.7b
+		$_SESSION['auth_type'] = '';
+	}
+
+	$keys = array('language', 'theme', 'old_entries', 'mail_login', 'passwordHash');
+	foreach ($keys as $key) {
+		if ((!isset($_SESSION[$key])) && isset($userConfig[$key])) {
+			$_SESSION[$key] = $userConfig[$key];
+		}
+	}
+
+	$languages = availableLanguages ();
+	$language = isset ($_SESSION['language']) &&
+	            isset ($languages[$_SESSION['language']]);
+
+	if (empty($_SESSION['passwordHash'])) {	//v0.7b
+		$_SESSION['passwordHash'] = '';
+	}
+	if (empty($_SESSION['theme'])) {
+		$_SESSION['theme'] = 'Origine';
+	} else {
+		switch (strtolower($_SESSION['theme'])) {
+			case 'default':	//v0.7b
+				$_SESSION['theme'] = 'Origine';
+				break;
+			case 'flat-design':	//v0.7b
+				$_SESSION['theme'] = 'Flat';
+				break;
+			case 'default_dark':	//v0.7b
+				$_SESSION['theme'] = 'Dark';
+				break;
+		}
+	}
+
+	return array (
+		'language' => $language ? 'ok' : 'ko',
+		'all' => $language ? 'ok' : 'ko'
+	);
+}
+
+function checkStep1 () {
+	$php = version_compare (PHP_VERSION, '5.2.1') >= 0;
+	$minz = file_exists (LIB_PATH . '/Minz');
+	$curl = extension_loaded ('curl');
+	$pdo = extension_loaded ('pdo_mysql');
+	$pcre = extension_loaded ('pcre');
+	$ctype = extension_loaded ('ctype');
+	$dom = class_exists('DOMDocument');
+	$data = DATA_PATH && is_writable (DATA_PATH);
+	$cache = CACHE_PATH && is_writable (CACHE_PATH);
+	$log = LOG_PATH && is_writable (LOG_PATH);
+	$favicons = is_writable (DATA_PATH . '/favicons');
+	$persona = is_writable (DATA_PATH . '/persona');
+
+	return array (
+		'php' => $php ? 'ok' : 'ko',
+		'minz' => $minz ? 'ok' : 'ko',
+		'curl' => $curl ? 'ok' : 'ko',
+		'pdo-mysql' => $pdo ? 'ok' : 'ko',
+		'pcre' => $pcre ? 'ok' : 'ko',
+		'ctype' => $ctype ? 'ok' : 'ko',
+		'dom' => $dom ? 'ok' : 'ko',
+		'data' => $data ? 'ok' : 'ko',
+		'cache' => $cache ? 'ok' : 'ko',
+		'log' => $log ? 'ok' : 'ko',
+		'favicons' => $favicons ? 'ok' : 'ko',
+		'persona' => $persona ? 'ok' : 'ko',
+		'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom && $data && $cache && $log && $favicons && $persona ? 'ok' : 'ko'
+	);
+}
+
+function checkStep2 () {
+	$conf = !empty($_SESSION['salt']) &&
+	        !empty($_SESSION['title']) &&
+	        !empty($_SESSION['old_entries']) &&
+	        isset($_SESSION['mail_login']) &&
+	        !empty($_SESSION['default_user']);
+	$defaultUser = empty($_POST['default_user']) ? null : $_POST['default_user'];
+	if ($defaultUser === null) {
+		$defaultUser = empty($_SESSION['default_user']) ? '' : $_SESSION['default_user'];
+	}
+	$data = is_writable(DATA_PATH . '/' . $defaultUser . '_user.php');
+	if ($data) {
+		@unlink(DATA_PATH . '/Configuration.array.php');	//v0.6
+	}
+
+	return array (
+		'conf' => $conf ? 'ok' : 'ko',
+		'data' => $data ? 'ok' : 'ko',
+		'all' => $conf && $data ? 'ok' : 'ko'
+	);
+}
+function checkStep3 () {
+	$conf = is_writable(DATA_PATH . '/config.php');
+
+	$bd = isset ($_SESSION['bd_type']) &&
+	      isset ($_SESSION['bd_host']) &&
+	      isset ($_SESSION['bd_user']) &&
+	      isset ($_SESSION['bd_password']) &&
+	      isset ($_SESSION['bd_base']) &&
+	      isset ($_SESSION['bd_prefix']) &&
+	      isset ($_SESSION['bd_error']);
+	$conn = empty($_SESSION['bd_error']);
+
+	return array (
+		'bd' => $bd ? 'ok' : 'ko',
+		'conn' => $conn ? 'ok' : 'ko',
+		'conf' => $conf ? 'ok' : 'ko',
+		'all' => $bd && $conn && $conf ? 'ok' : 'ko'
+	);
+}
+
+function checkBD () {
+	$ok = false;
+
+	try {
+		$str = '';
+		$driver_options = null;
+		switch ($_SESSION['bd_type']) {
+			case 'mysql':
+				$driver_options = array(
+					PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
+				);
+
+				try {	// on ouvre une connexion juste pour créer la base si elle n'existe pas
+					$str = 'mysql:host=' . $_SESSION['bd_host'] . ';';
+					$c = new PDO ($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
+					$sql = sprintf (SQL_CREATE_DB, $_SESSION['bd_base']);
+					$res = $c->query ($sql);
+				} catch (PDOException $e) {
+				}
+
+				// on écrase la précédente connexion en sélectionnant la nouvelle BDD
+				$str = 'mysql:host=' . $_SESSION['bd_host'] . ';dbname=' . $_SESSION['bd_base'];
+				break;
+			case 'sqlite':
+				$str = 'sqlite:' . DATA_PATH . '/' . $_SESSION['bd_base'] . '.sqlite';
+				$driver_options = array(
+					PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+				);
+				break;
+			default:
+				return false;
+		}
+
+		$c = new PDO ($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
+
+		if ($_SESSION['bd_type'] !== 'sqlite') {	//No SQL backup for SQLite
+			$stm = $c->prepare(SQL_SHOW_TABLES);
+			$stm->execute();
+			$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
+			if (in_array($_SESSION['bd_prefix'] . 'entry', $res) && !in_array($_SESSION['bd_prefix'] . 'entry006', $res)) {
+				$sql = sprintf(SQL_BACKUP006, $_SESSION['bd_prefix']);	//v0.6
+				$res = $c->query($sql);	//Backup tables
+			}
+		}
+
+		if (defined('SQL_CREATE_TABLES')) {
+			$sql = sprintf(SQL_CREATE_TABLES, $_SESSION['bd_prefix_user'], _t('default_category'));
+			$stm = $c->prepare($sql);
+			$ok = $stm->execute();
+		} else {
+			global $SQL_CREATE_TABLES;
+			if (is_array($SQL_CREATE_TABLES)) {
+				$ok = true;
+				foreach ($SQL_CREATE_TABLES as $instruction) {
+					$sql = sprintf($instruction, $_SESSION['bd_prefix_user'], _t('default_category'));
+					$stm = $c->prepare($sql);
+					$ok &= $stm->execute();
+				}
+			}
+		}
+	} catch (PDOException $e) {
+		$ok = false;
+		$_SESSION['bd_error'] = $e->getMessage();
+	}
+
+	if (!$ok) {
+		@unlink(DATA_PATH . '/config.php');
+	}
+
+	return $ok;
+}
+
+/*** AFFICHAGE ***/
+function printStep0 () {
+	global $actual;
+?>
+	<?php $s0 = checkStep0 (); if ($s0['all'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('language_defined'); ?></p>
+	<?php } ?>
+
+	<form action="index.php?step=0" method="post">
+		<legend><?php echo _t ('choose_language'); ?></legend>
+		<div class="form-group">
+			<label class="group-name" for="language"><?php echo _t ('language'); ?></label>
+			<div class="group-controls">
+				<select name="language" id="language">
+				<?php $languages = availableLanguages (); ?>
+				<?php foreach ($languages as $short => $lib) { ?>
+				<option value="<?php echo $short; ?>"<?php echo $actual == $short ? ' selected="selected"' : ''; ?>><?php echo $lib; ?></option>
+				<?php } ?>
+				</select>
+			</div>
+		</div>
+
+		<div class="form-group form-actions">
+			<div class="group-controls">
+				<button type="submit" class="btn btn-important"><?php echo _t ('save'); ?></button>
+				<button type="reset" class="btn"><?php echo _t ('cancel'); ?></button>
+				<?php if ($s0['all'] == 'ok') { ?>
+				<a class="btn btn-important next-step" href="?step=1"><?php echo _t ('next_step'); ?></a>
+				<?php } ?>
+			</div>
+		</div>
+	</form>
+<?php
+}
+
+function printStep1 () {
+	$res = checkStep1 ();
+?>
+	<noscript><p class="alert alert-warn"><span class="alert-head"><?php echo _t ('attention'); ?></span> <?php echo _t ('javascript_is_better'); ?></p></noscript>
+
+	<?php if ($res['php'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('php_is_ok', PHP_VERSION); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('php_is_nok', PHP_VERSION, '5.2.1'); ?></p>
+	<?php } ?>
+
+	<?php if ($res['minz'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('minz_is_ok'); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('minz_is_nok', LIB_PATH . '/Minz'); ?></p>
+	<?php } ?>
+
+	<?php if ($res['pdo-mysql'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('pdomysql_is_ok'); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('pdomysql_is_nok'); ?></p>
+	<?php } ?>
+
+	<?php if ($res['curl'] == 'ok') { ?>
+	<?php $version = curl_version(); ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('curl_is_ok', $version['version']); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('curl_is_nok'); ?></p>
+	<?php } ?>
+
+	<?php if ($res['pcre'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('pcre_is_ok'); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('pcre_is_nok'); ?></p>
+	<?php } ?>
+
+	<?php if ($res['ctype'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('ctype_is_ok'); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('ctype_is_nok'); ?></p>
+	<?php } ?>
+
+	<?php if ($res['dom'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('dom_is_ok'); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('dom_is_nok'); ?></p>
+	<?php } ?>
+
+	<?php if ($res['data'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('data_is_ok'); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('file_is_nok', DATA_PATH); ?></p>
+	<?php } ?>
+
+	<?php if ($res['cache'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('cache_is_ok'); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('file_is_nok', CACHE_PATH); ?></p>
+	<?php } ?>
+
+	<?php if ($res['log'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('log_is_ok'); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('file_is_nok', LOG_PATH); ?></p>
+	<?php } ?>
+
+	<?php if ($res['favicons'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('favicons_is_ok'); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('file_is_nok', DATA_PATH . '/favicons'); ?></p>
+	<?php } ?>
+
+	<?php if ($res['persona'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('persona_is_ok'); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('file_is_nok', DATA_PATH . '/persona'); ?></p>
+	<?php } ?>
+
+	<?php if ($res['all'] == 'ok') { ?>
+	<a class="btn btn-important next-step" href="?step=2"><?php echo _t ('next_step'); ?></a>
+	<?php } else { ?>
+	<p class="alert alert-error"><?php echo _t ('fix_errors_before'); ?></p>
+	<?php } ?>
+<?php
+}
+
+function printStep2 () {
+?>
+	<?php $s2 = checkStep2 (); if ($s2['all'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('general_conf_is_ok'); ?></p>
+	<?php } ?>
+
+	<form action="index.php?step=2" method="post">
+		<legend><?php echo _t ('general_configuration'); ?></legend>
+
+		<div class="form-group">
+			<label class="group-name" for="title"><?php echo _t ('title'); ?></label>
+			<div class="group-controls">
+				<input type="text" id="title" name="title" value="<?php echo isset ($_SESSION['title']) ? $_SESSION['title'] : _t ('freshrss'); ?>" />
+			</div>
+		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="old_entries"><?php echo _t ('delete_articles_every'); ?></label>
+			<div class="group-controls">
+				<input type="number" id="old_entries" name="old_entries" required="required" min="1" max="1200" value="<?php echo isset ($_SESSION['old_entries']) ? $_SESSION['old_entries'] : '3'; ?>" /> <?php echo _t ('month'); ?>
+			</div>
+		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="default_user"><?php echo _t ('default_user'); ?></label>
+			<div class="group-controls">
+				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" value="<?php echo isset ($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'user1' : httpAuthUser(); ?>" />
+			</div>
+		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="auth_type"><?php echo _t('auth_type'); ?></label>
+			<div class="group-controls">
+				<select id="auth_type" name="auth_type" required="required">
+					<?php if (!in_array($_SESSION['auth_type'], array('form', 'persona', 'http_auth', 'none'))) { ?>
+						<option selected="selected"></option>
+					<?php } ?>
+					<option value="form"<?php echo $_SESSION['auth_type'] === 'form' ? ' selected="selected"' : '', cryptAvailable() ? '' : ' disabled="disabled"'; ?>><?php echo _t('auth_form'); ?></option>
+					<option value="persona"<?php echo $_SESSION['auth_type'] === 'persona' ? ' selected="selected"' : ''; ?>><?php echo _t('auth_persona'); ?></option>
+					<option value="http_auth"<?php echo $_SESSION['auth_type'] === 'http_auth' ? ' selected="selected"' : '', httpAuthUser() == '' ? ' disabled="disabled"' : ''; ?>><?php echo _t('http_auth'); ?> (REMOTE_USER = '<?php echo httpAuthUser(); ?>')</option>
+					<option value="none"<?php echo $_SESSION['auth_type'] === 'none' ? ' selected="selected"' : ''; ?>><?php echo _t('auth_none'); ?></option>
+				</select>
+			</div>
+		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="passwordPlain"><?php echo _t('password_form'); ?></label>
+			<div class="group-controls">
+				<input type="password" id="passwordPlain" name="passwordPlain" pattern=".{7,}" autocomplete="off" />
+				<noscript><b><?php echo _t('javascript_should_be_activated'); ?></b></noscript>
+			</div>
+		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="mail_login"><?php echo _t ('persona_connection_email'); ?></label>
+			<div class="group-controls">
+				<input type="email" id="mail_login" name="mail_login" value="<?php echo isset ($_SESSION['mail_login']) ? $_SESSION['mail_login'] : ''; ?>" placeholder="alice@example.net" />
+				<noscript><b><?php echo _t ('javascript_should_be_activated'); ?></b></noscript>
+			</div>
+		</div>
+
+		<div class="form-group form-actions">
+			<div class="group-controls">
+				<button type="submit" class="btn btn-important"><?php echo _t ('save'); ?></button>
+				<button type="reset" class="btn"><?php echo _t ('cancel'); ?></button>
+				<?php if ($s2['all'] == 'ok') { ?>
+				<a class="btn btn-important next-step" href="?step=3"><?php echo _t ('next_step'); ?></a>
+				<?php } ?>
+			</div>
+		</div>
+	</form>
+<?php
+}
+
+function printStep3 () {
+?>
+	<?php $s3 = checkStep3 (); if ($s3['all'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('bdd_conf_is_ok'); ?></p>
+	<?php } elseif ($s3['conn'] == 'ko') { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('bdd_conf_is_ko'), (empty($_SESSION['bd_error']) ? '' : ' : ' . $_SESSION['bd_error']); ?></p>
+	<?php } ?>
+
+	<form action="index.php?step=3" method="post">
+		<legend><?php echo _t ('bdd_configuration'); ?></legend>
+		<div class="form-group">
+			<label class="group-name" for="type"><?php echo _t ('bdd_type'); ?></label>
+			<div class="group-controls">
+				<select name="type" id="type">
+				<option value="mysql"
+					<?php echo (isset($_SESSION['bd_type']) && $_SESSION['bd_type'] === 'mysql') ? 'selected="selected"' : ''; ?>>
+					MySQL
+				</option>
+				<option value="sqlite"
+					<?php echo (isset($_SESSION['bd_type']) && $_SESSION['bd_type'] === 'sqlite') ? 'selected="selected"' : ''; ?>>
+					SQLite
+				</option>
+				</select>
+			</div>
+		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="host"><?php echo _t ('host'); ?></label>
+			<div class="group-controls">
+				<input type="text" id="host" name="host" pattern="[0-9A-Za-z_.-]{1,64}" value="<?php echo isset ($_SESSION['bd_host']) ? $_SESSION['bd_host'] : 'localhost'; ?>" />
+			</div>
+		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="user"><?php echo _t ('username'); ?></label>
+			<div class="group-controls">
+				<input type="text" id="user" name="user" maxlength="16" pattern="[0-9A-Za-z_.-]{1,16}" value="<?php echo isset ($_SESSION['bd_user']) ? $_SESSION['bd_user'] : ''; ?>" />
+			</div>
+		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="pass"><?php echo _t ('password'); ?></label>
+			<div class="group-controls">
+				<input type="password" id="pass" name="pass" value="<?php echo isset ($_SESSION['bd_password']) ? $_SESSION['bd_password'] : ''; ?>" />
+			</div>
+		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="base"><?php echo _t ('bdd'); ?></label>
+			<div class="group-controls">
+				<input type="text" id="base" name="base" maxlength="64" pattern="[0-9A-Za-z_]{1,64}" value="<?php echo isset ($_SESSION['bd_base']) ? $_SESSION['bd_base'] : ''; ?>" placeholder="freshrss" />
+			</div>
+		</div>
+
+		<div class="form-group">
+			<label class="group-name" for="prefix"><?php echo _t ('prefix'); ?></label>
+			<div class="group-controls">
+				<input type="text" id="prefix" name="prefix" maxlength="16" pattern="[0-9A-Za-z_]{1,16}" value="<?php echo isset ($_SESSION['bd_prefix']) ? $_SESSION['bd_prefix'] : 'freshrss_'; ?>" />
+			</div>
+		</div>
+
+		<div class="form-group form-actions">
+			<div class="group-controls">
+				<button type="submit" class="btn btn-important"><?php echo _t ('save'); ?></button>
+				<button type="reset" class="btn"><?php echo _t ('cancel'); ?></button>
+				<?php if ($s3['all'] == 'ok') { ?>
+				<a class="btn btn-important next-step" href="?step=4"><?php echo _t ('next_step'); ?></a>
+				<?php } ?>
+			</div>
+		</div>
+	</form>
+<?php
+}
+
+function printStep4 () {
+?>
+	<form action="index.php?step=4" method="post">
+		<legend><?php echo _t ('version_update'); ?></legend>
+
+		<?php if (updateDatabase(false)) { ?>
+		<p class="alert alert-warn"><?php echo _t ('update_long'); ?></p>
+
+		<div class="form-group form-actions">
+			<div class="group-controls">
+				<input type="hidden" name="updateDatabase" value="1" />
+				<button type="submit" class="btn btn-important"><?php echo _t ('update_start'); ?></button>
+			</div>
+		</div>
+
+		<?php } else { ?>
+		<p class="alert alert-warn"><?php echo _t ('update_end'); ?></p>
+
+		<div class="form-group form-actions">
+			<div class="group-controls">
+				<a class="btn btn-important next-step" href="?step=5"><?php echo _t ('next_step'); ?></a>
+			</div>
+		</div>
+		<?php } ?>
+	</form>
+<?php
+}
+
+function printStep5 () {
+?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('congratulations'); ?></span> <?php echo _t ('installation_is_ok'); ?></p>
+	<a class="btn btn-important next-step" href="?step=6"><?php echo _t ('finish_installation'); ?></a>
+<?php
+}
+
+function printStep6 () {
+?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('oops'); ?></span> <?php echo _t ('install_not_deleted', DATA_PATH . '/do-install.txt'); ?></p>
+<?php
+}
+
+checkStep ();
+
+initTranslate ();
+
+switch (STEP) {
+case 0:
+default:
+	saveLanguage ();
+	break;
+case 1:
+	break;
+case 2:
+	saveStep2 ();
+	break;
+case 3:
+	saveStep3 ();
+	break;
+case 4:
+	if (!empty($_POST['updateDatabase'])) {
+		updateDatabase(true);
+	}
+	break;
+case 5:
+	postUpdate();
+	break;
+case 6:
+	deleteInstall ();
+	break;
+}
+?>
+<!DOCTYPE html>
+<html lang="fr">
+	<head>
+		<meta charset="utf-8">
+		<meta name="viewport" content="initial-scale=1.0">
+		<title><?php echo _t ('freshrss_installation'); ?></title>
+		<link rel="stylesheet" type="text/css" media="all" href="../themes/Origine/template.css" />
+		<link rel="stylesheet" type="text/css" media="all" href="../themes/Origine/origine.css" />
+	</head>
+	<body>
+
+<div class="header">
+	<div class="item title">
+		<h1><a href="index.php"><?php echo _t ('freshrss'); ?></a></h1>
+		<h2><?php echo _t ('installation_step', STEP); ?></h2>
+	</div>
+</div>
+
+<div id="global">
+	<ul class="nav nav-list aside">
+		<li class="nav-header"><?php echo _t ('steps'); ?></li>
+		<li class="item<?php echo STEP == 0 ? ' active' : ''; ?>"><a href="?step=0"><?php echo _t ('language'); ?></a></li>
+		<li class="item<?php echo STEP == 1 ? ' active' : ''; ?>"><a href="?step=1"><?php echo _t ('checks'); ?></a></li>
+		<li class="item<?php echo STEP == 2 ? ' active' : ''; ?>"><a href="?step=2"><?php echo _t ('general_configuration'); ?></a></li>
+		<li class="item<?php echo STEP == 3 ? ' active' : ''; ?>"><a href="?step=3"><?php echo _t ('bdd_configuration'); ?></a></li>
+		<li class="item<?php echo STEP == 4 ? ' active' : ''; ?>"><a href="?step=4"><?php echo _t ('version_update'); ?></a></li>
+		<li class="item<?php echo STEP == 5 ? ' active' : ''; ?>"><a href="?step=5"><?php echo _t ('this_is_the_end'); ?></a></li>
+	</ul>
+
+	<div class="post">
+		<?php
+		switch (STEP) {
+		case 0:
+		default:
+			printStep0 ();
+			break;
+		case 1:
+			printStep1 ();
+			break;
+		case 2:
+			printStep2 ();
+			break;
+		case 3:
+			printStep3 ();
+			break;
+		case 4:
+			printStep4 ();
+			break;
+		case 5:
+			printStep5 ();
+			break;
+		case 6:
+			printStep6 ();
+			break;
+		}
+		?>
+	</div>
+</div>
+	</body>
+</html>
-- 
cgit v1.2.3


From 2501bb337e75c41f97570f25775e20131faf2f2a Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Thu, 3 Jul 2014 22:11:25 +0200
Subject: Preparation #2 for SQLite

https://github.com/marienfressinaud/FreshRSS/issues/100
---
 app/Models/EntryDAOSQLite.php  | 42 ++++++++++++++++++++++++++++++++++++++++++
 app/Models/EntryDAO_SQLite.php | 42 ------------------------------------------
 app/Models/Factory.php         |  2 +-
 app/SQL/install.sql.sqlite.php |  2 +-
 app/install.php                | 16 ++++++++++++----
 5 files changed, 56 insertions(+), 48 deletions(-)
 create mode 100644 app/Models/EntryDAOSQLite.php
 delete mode 100644 app/Models/EntryDAO_SQLite.php

(limited to 'app/install.php')

diff --git a/app/Models/EntryDAOSQLite.php b/app/Models/EntryDAOSQLite.php
new file mode 100644
index 000000000..45d3a3ea9
--- /dev/null
+++ b/app/Models/EntryDAOSQLite.php
@@ -0,0 +1,42 @@
+<?php
+
+class FreshRSS_EntryDAOSQLite extends FreshRSS_EntryDAO {
+
+	public function markRead($ids, $is_read = true) {
+		if (is_array($ids)) {	//Many IDs at once
+			if (true) {	//Not supported yet in SQLite, so always call IDs one by one
+				$affected = 0;
+				foreach ($ids as $id) {
+					$affected += $this->markRead($id, $is_read);
+				}
+				return $affected;
+			}
+		} else {
+			$this->bd->beginTransaction();
+			$sql = 'UPDATE `' . $this->prefix . 'entry` e SET e.is_read = ? WHERE e.id=? AND e.is_read<>?';
+			$values = array($is_read ? 1 : 0, $ids, $is_read ? 1 : 0);
+			$stm = $this->bd->prepare($sql);
+			if (!($stm && $stm->execute ($values))) {
+				$info = $stm == null ? array(2 => 'syntax error') : $stm->errorInfo();
+				Minz_Log::record('SQL error markRead: ' . $info[2], Minz_Log::ERROR);
+				$this->bd->rollBack ();
+				return false;
+			}
+			$affected = $stm->rowCount();
+			if ($affected > 0) {
+				$sql = 'UPDATE `' . $this->prefix . 'feed` f SET f.cache_nbUnreads=f.cache_nbUnreads' . ($is_read ? '-' : '+') . '1 '
+				 . 'WHERE f.id=(SELECT e.id_feed FROM `' . $this->prefix . 'entry` e WHERE e.id=?)';
+				$values = array($ids);
+				$stm = $this->bd->prepare($sql);
+				if (!($stm && $stm->execute ($values))) {
+					$info = $stm == null ? array(2 => 'syntax error') : $stm->errorInfo();
+					Minz_Log::record('SQL error markRead: ' . $info[2], Minz_Log::ERROR);
+					$this->bd->rollBack ();
+					return false;
+				}
+			}
+			$this->bd->commit();
+			return $affected;
+		}
+	}
+}
diff --git a/app/Models/EntryDAO_SQLite.php b/app/Models/EntryDAO_SQLite.php
deleted file mode 100644
index f148f3c63..000000000
--- a/app/Models/EntryDAO_SQLite.php
+++ /dev/null
@@ -1,42 +0,0 @@
-<?php
-
-class FreshRSS_EntryDAO_SQLite extends FreshRSS_EntryDAO {
-
-	public function markRead($ids, $is_read = true) {
-		if (is_array($ids)) {	//Many IDs at once
-			if (true) {	//Not supported yet in SQLite, so always call IDs one by one
-				$affected = 0;
-				foreach ($ids as $id) {
-					$affected += $this->markRead($id, $is_read);
-				}
-				return $affected;
-			}
-		} else {
-			$this->bd->beginTransaction();
-			$sql = 'UPDATE `' . $this->prefix . 'entry` e SET e.is_read = ? WHERE e.id=? AND e.is_read<>?';
-			$values = array($is_read ? 1 : 0, $ids, $is_read ? 1 : 0);
-			$stm = $this->bd->prepare($sql);
-			if (!($stm && $stm->execute ($values))) {
-				$info = $stm == null ? array(2 => 'syntax error') : $stm->errorInfo();
-				Minz_Log::record('SQL error markRead: ' . $info[2], Minz_Log::ERROR);
-				$this->bd->rollBack ();
-				return false;
-			}
-			$affected = $stm->rowCount();
-			if ($affected > 0) {
-				$sql = 'UPDATE `' . $this->prefix . 'feed` f SET f.cache_nbUnreads=f.cache_nbUnreads' . ($is_read ? '-' : '+') . '1 '
-				 . 'WHERE f.id=(SELECT e.id_feed FROM `' . $this->prefix . 'entry` e WHERE e.id=?)';
-				$values = array($ids);
-				$stm = $this->bd->prepare($sql);
-				if (!($stm && $stm->execute ($values))) {
-					$info = $stm == null ? array(2 => 'syntax error') : $stm->errorInfo();
-					Minz_Log::record('SQL error markRead: ' . $info[2], Minz_Log::ERROR);
-					$this->bd->rollBack ();
-					return false;
-				}
-			}
-			$this->bd->commit();
-			return $affected;
-		}
-	}
-}
diff --git a/app/Models/Factory.php b/app/Models/Factory.php
index bea89c114..3ef68c41d 100644
--- a/app/Models/Factory.php
+++ b/app/Models/Factory.php
@@ -5,7 +5,7 @@ class FreshRSS_Factory {
 	public static function createEntryDao() {
 		$db = Minz_Configuration::dataBase();
 		if ($db['type'] === 'sqlite') {
-			return new FreshRSS_EntryDAO_SQLite();
+			return new FreshRSS_EntryDAOSQLite();
 		} else {
 			return new FreshRSS_EntryDAO();
 		}
diff --git a/app/SQL/install.sql.sqlite.php b/app/SQL/install.sql.sqlite.php
index 5bd294fde..8cdec981f 100644
--- a/app/SQL/install.sql.sqlite.php
+++ b/app/SQL/install.sql.sqlite.php
@@ -49,7 +49,7 @@ $SQL_CREATE_TABLES = array(
 'CREATE INDEX IF NOT EXISTS entry_is_favorite_index ON `%1$sentry`(`is_favorite`);',
 'CREATE INDEX IF NOT EXISTS entry_is_read_index ON `%1$sentry`(`is_read`);',
 
-'INSERT OR IGNORE INTO `%1$scategory` (id, name) VALUES(1, "%1$s");',
+'INSERT OR IGNORE INTO `%1$scategory` (id, name) VALUES(1, "%2$s");',
 );
 
 define('SQL_DROP_TABLES', 'DROP TABLES %1$sentry, %1$sfeed, %1$scategory');
diff --git a/app/install.php b/app/install.php
index 9863dd556..357a8e340 100644
--- a/app/install.php
+++ b/app/install.php
@@ -366,7 +366,7 @@ function newPdo() {
 			);
 			break;
 		case 'sqlite':
-			$str = 'sqlite:' . DATA_PATH . '/' . $_SESSION['bd_base'] . '.sqlite';
+			$str = 'sqlite:' . DATA_PATH . '/' . $_SESSION['default_user'] . '.sqlite';
 			$driver_options = array(
 				PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
 			);
@@ -407,7 +407,7 @@ function postUpdate() {
 }
 
 function deleteInstall () {
-	$res = unlink (DATA_PATH . 'do-install.txt');
+	$res = unlink (DATA_PATH . '/do-install.txt');
 	if ($res) {
 		header ('Location: index.php');
 	}
@@ -665,7 +665,7 @@ function checkBD () {
 				$str = 'mysql:host=' . $_SESSION['bd_host'] . ';dbname=' . $_SESSION['bd_base'];
 				break;
 			case 'sqlite':
-				$str = 'sqlite:' . DATA_PATH . '/' . $_SESSION['bd_base'] . '.sqlite';
+				$str = 'sqlite:' . DATA_PATH . '/' . $_SESSION['default_user'] . '.sqlite';
 				$driver_options = array(
 					PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
 				);
@@ -921,7 +921,7 @@ function printStep3 () {
 		<div class="form-group">
 			<label class="group-name" for="type"><?php echo _t ('bdd_type'); ?></label>
 			<div class="group-controls">
-				<select name="type" id="type">
+				<select name="type" id="type" onchange="mySqlShowHide()">
 				<option value="mysql"
 					<?php echo (isset($_SESSION['bd_type']) && $_SESSION['bd_type'] === 'mysql') ? 'selected="selected"' : ''; ?>>
 					MySQL
@@ -934,6 +934,7 @@ function printStep3 () {
 			</div>
 		</div>
 
+		<div id="mysql">
 		<div class="form-group">
 			<label class="group-name" for="host"><?php echo _t ('host'); ?></label>
 			<div class="group-controls">
@@ -968,6 +969,13 @@ function printStep3 () {
 				<input type="text" id="prefix" name="prefix" maxlength="16" pattern="[0-9A-Za-z_]{1,16}" value="<?php echo isset ($_SESSION['bd_prefix']) ? $_SESSION['bd_prefix'] : 'freshrss_'; ?>" />
 			</div>
 		</div>
+		</div>
+		<script>
+			function mySqlShowHide() {
+				document.getElementById('mysql').style.display = document.getElementById('type').value === 'mysql' ? 'block' : 'none';
+			}
+			mySqlShowHide();
+		</script>
 
 		<div class="form-group form-actions">
 			<div class="group-controls">
-- 
cgit v1.2.3


From 52763ed97d0fd3ca96d11cbec361f5f4cf79fec4 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Thu, 10 Jul 2014 18:46:38 +0200
Subject: Fix a bug during installation

- If MySQL database was configured and user choosed SQLite, an error was
  raised at the first submit.
- Cast STEP into integer
---
 app/install.php | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'app/install.php')

diff --git a/app/install.php b/app/install.php
index 357a8e340..3767e3d91 100644
--- a/app/install.php
+++ b/app/install.php
@@ -10,13 +10,17 @@ session_set_cookie_params(0, dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirn
 session_start();
 
 if (isset ($_GET['step'])) {
-	define ('STEP', $_GET['step']);
+	define ('STEP', (int)$_GET['step']);
 } else {
 	define ('STEP', 1);
 }
 
 define('SQL_CREATE_DB', 'CREATE DATABASE IF NOT EXISTS %1$s DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;');
 
+if (STEP === 3 && isset($_POST['type'])) {
+	$_SESSION['bd_type'] = $_POST['type'];
+}
+
 if (isset($_SESSION['bd_type'])) {
 	switch ($_SESSION['bd_type']) {
 		case 'mysql':
@@ -216,9 +220,6 @@ function saveStep2 () {
 
 function saveStep3 () {
 	if (!empty ($_POST)) {
-
-		$_SESSION['bd_type'] = isset ($_POST['type']) ? $_POST['type'] : '';
-
 		if ($_SESSION['bd_type'] === 'sqlite') {
 			$_SESSION['bd_base'] = $_SESSION['default_user'];
 			$_SESSION['bd_host'] = '';
-- 
cgit v1.2.3


From d3f730287d28ecdbb8bff6445bca5944794503fd Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Fri, 1 Aug 2014 21:36:35 +0200
Subject: Install script was not keeping all config settings

https://github.com/marienfressinaud/FreshRSS/issues/537
---
 app/install.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'app/install.php')

diff --git a/app/install.php b/app/install.php
index 3767e3d91..66d663114 100644
--- a/app/install.php
+++ b/app/install.php
@@ -249,11 +249,11 @@ function saveStep3 () {
 				'base_url' => '',
 				'title' => $_SESSION['title'],
 				'default_user' => $_SESSION['default_user'],
-				'auth_type' => $_SESSION['auth_type'],
 				'allow_anonymous' => isset($_SESSION['allow_anonymous']) ? $_SESSION['allow_anonymous'] : false,
-				'allow_anonymous_refresh' => false,
-				'unsafe_autologin_enabled' => false,
-				'api_enabled' => false,
+				'allow_anonymous_refresh' => isset($_SESSION['allow_anonymous_refresh']) ? $_SESSION['allow_anonymous_refresh'] : false,
+				'auth_type' => $_SESSION['auth_type'],
+				'api_enabled' => isset($_SESSION['api_enabled']) ? $_SESSION['api_enabled'] : false,
+				'unsafe_autologin_enabled' => isset($_SESSION['unsafe_autologin_enabled']) ? $_SESSION['unsafe_autologin_enabled'] : false,
 			),
 			'db' => array(
 				'type' => $_SESSION['bd_type'],
@@ -499,7 +499,7 @@ function checkStep0 () {
 	if ($ini_array) {
 		$ini_general = isset($ini_array['general']) ? $ini_array['general'] : null;
 		if ($ini_general) {
-			$keys = array('environment', 'salt', 'title', 'default_user', 'allow_anonymous', 'auth_type');
+			$keys = array('environment', 'salt', 'title', 'default_user', 'allow_anonymous', 'allow_anonymous_refresh', 'auth_type', 'api_enabled', 'unsafe_autologin_enabled');
 			foreach ($keys as $key) {
 				if ((empty($_SESSION[$key])) && isset($ini_general[$key])) {
 					$_SESSION[$key] = $ini_general[$key];
-- 
cgit v1.2.3


From e05e9a87021862b334bccedb3d2383e9fa568a9b Mon Sep 17 00:00:00 2001
From: Alexis Degrugillier <github@ainw.org>
Date: Sun, 3 Aug 2014 08:47:18 -0400
Subject: Refactor install file to check available databases

Now it checks for any pdo driver supported instead of only mysql
---
 app/i18n/install.en.php |  4 ++--
 app/i18n/install.fr.php |  4 ++--
 app/install.php         | 18 +++++++++++++-----
 3 files changed, 17 insertions(+), 9 deletions(-)

(limited to 'app/install.php')

diff --git a/app/i18n/install.en.php b/app/i18n/install.en.php
index 553a79921..50208fcef 100644
--- a/app/i18n/install.en.php
+++ b/app/i18n/install.en.php
@@ -28,8 +28,8 @@ return array (
 	'minz_is_nok'			=> 'You lack the Minz framework. You should execute <em>build.sh</em> script or <a href="https://github.com/marienfressinaud/MINZ">download it on Github</a> and install in <em>%s</em> directory the content of its <em>/lib</em> directory.',
 	'curl_is_ok'			=> 'You have version %s of cURL',
 	'curl_is_nok'			=> 'You lack cURL (php5-curl package)',
-	'pdomysql_is_ok'		=> 'You have PDO and its driver for MySQL',
-	'pdomysql_is_nok'		=> 'You lack PDO or its driver for MySQL (php5-mysql package)',
+	'pdo_is_ok'			=> 'You have PDO and at least one of the supported drivers (pdo_mysql, pdo_sqlite)',
+	'pdo_is_nok'			=> 'You lack PDO or one of the supported drivers (pdo_mysql, pdo_sqlite)',
 	'dom_is_ok'			=> 'You have the required library to browse the DOM',
 	'dom_is_nok'			=> 'You lack a required library to browse the DOM (php-xml package)',
 	'pcre_is_ok'			=> 'You have the required library for regular expressions (PCRE)',
diff --git a/app/i18n/install.fr.php b/app/i18n/install.fr.php
index 470d83e1a..9c039f904 100644
--- a/app/i18n/install.fr.php
+++ b/app/i18n/install.fr.php
@@ -28,8 +28,8 @@ return array (
 	'minz_is_nok'			=> 'Vous ne disposez pas de la librairie Minz. Vous devriez exécuter le script <em>build.sh</em> ou bien <a href="https://github.com/marienfressinaud/MINZ">la télécharger sur Github</a> et installer dans le répertoire <em>%s</em> le contenu de son répertoire <em>/lib</em>.',
 	'curl_is_ok'			=> 'Vous disposez de cURL dans sa version %s',
 	'curl_is_nok'			=> 'Vous ne disposez pas de cURL (paquet php5-curl)',
-	'pdomysql_is_ok'		=> 'Vous disposez de PDO et de son driver pour MySQL (paquet php5-mysql)',
-	'pdomysql_is_nok'		=> 'Vous ne disposez pas de PDO ou de son driver pour MySQL',
+	'pdo_is_ok'			=> 'Vous disposez de PDO et d’au moins un des drivers supportés (pdo_mysql, pdo_sqlite)',
+	'pdo_is_nok'			=> 'Vous ne disposez pas de PDO ou d’un des drivers supportés (pdo_mysql, pdo_sqlite)',
 	'dom_is_ok'			=> 'Vous disposez du nécessaire pour parcourir le DOM',
 	'dom_is_nok'			=> 'Il manque une librairie pour parcourir le DOM (paquet php-xml)',
 	'pcre_is_ok'			=> 'Vous disposez du nécessaire pour les expressions régulières (PCRE)',
diff --git a/app/install.php b/app/install.php
index 66d663114..eaa1100c1 100644
--- a/app/install.php
+++ b/app/install.php
@@ -574,7 +574,9 @@ function checkStep1 () {
 	$php = version_compare (PHP_VERSION, '5.2.1') >= 0;
 	$minz = file_exists (LIB_PATH . '/Minz');
 	$curl = extension_loaded ('curl');
-	$pdo = extension_loaded ('pdo_mysql');
+	$pdo_mysql = extension_loaded ('pdo_mysql');
+	$pdo_sqlite = extension_loaded ('pdo_sqlite');
+	$pdo = $pdo_mysql || $pdo_sqlite;
 	$pcre = extension_loaded ('pcre');
 	$ctype = extension_loaded ('ctype');
 	$dom = class_exists('DOMDocument');
@@ -588,7 +590,9 @@ function checkStep1 () {
 		'php' => $php ? 'ok' : 'ko',
 		'minz' => $minz ? 'ok' : 'ko',
 		'curl' => $curl ? 'ok' : 'ko',
-		'pdo-mysql' => $pdo ? 'ok' : 'ko',
+		'pdo-mysql' => $pdo_mysql ? 'ok' : 'ko',
+		'pdo-sqlite' => $pdo_sqlite ? 'ok' : 'ko',
+		'pdo' => $pdo ? 'ok' : 'ko',
 		'pcre' => $pcre ? 'ok' : 'ko',
 		'ctype' => $ctype ? 'ok' : 'ko',
 		'dom' => $dom ? 'ok' : 'ko',
@@ -766,10 +770,10 @@ function printStep1 () {
 	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('minz_is_nok', LIB_PATH . '/Minz'); ?></p>
 	<?php } ?>
 
-	<?php if ($res['pdo-mysql'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('pdomysql_is_ok'); ?></p>
+	<?php if ($res['pdo'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('pdo_is_ok'); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('pdomysql_is_nok'); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('pdo_is_nok'); ?></p>
 	<?php } ?>
 
 	<?php if ($res['curl'] == 'ok') { ?>
@@ -923,14 +927,18 @@ function printStep3 () {
 			<label class="group-name" for="type"><?php echo _t ('bdd_type'); ?></label>
 			<div class="group-controls">
 				<select name="type" id="type" onchange="mySqlShowHide()">
+				<?php if (extension_loaded('pdo_mysql')) {?>
 				<option value="mysql"
 					<?php echo (isset($_SESSION['bd_type']) && $_SESSION['bd_type'] === 'mysql') ? 'selected="selected"' : ''; ?>>
 					MySQL
 				</option>
+				<?php }?>
+				<?php if (extension_loaded('pdo_sqlite')) {?>
 				<option value="sqlite"
 					<?php echo (isset($_SESSION['bd_type']) && $_SESSION['bd_type'] === 'sqlite') ? 'selected="selected"' : ''; ?>>
 					SQLite
 				</option>
+				<?php }?>
 				</select>
 			</div>
 		</div>
-- 
cgit v1.2.3


From b6e89d4e06814541802c428c4df0e28633f551cd Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Sat, 9 Aug 2014 14:23:15 +0200
Subject: Refactor install.php

- Remove all references to update functions
- Improve step2 by checking if password exists (form) or mail (persona)
- Add a param($key, $default=falsse) function to get $_POST vars
- Fix coding style (mainly spaces)
---
 app/install.php | 897 +++++++++++++++++++-------------------------------------
 1 file changed, 300 insertions(+), 597 deletions(-)

(limited to 'app/install.php')

diff --git a/app/install.php b/app/install.php
index eaa1100c1..f563d58d3 100644
--- a/app/install.php
+++ b/app/install.php
@@ -9,10 +9,10 @@ session_name('FreshRSS');
 session_set_cookie_params(0, dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])), null, false, true);
 session_start();
 
-if (isset ($_GET['step'])) {
-	define ('STEP', (int)$_GET['step']);
+if (isset($_GET['step'])) {
+	define('STEP',(int)$_GET['step']);
 } else {
-	define ('STEP', 1);
+	define('STEP', 0);
 }
 
 define('SQL_CREATE_DB', 'CREATE DATABASE IF NOT EXISTS %1$s DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;');
@@ -23,88 +23,28 @@ if (STEP === 3 && isset($_POST['type'])) {
 
 if (isset($_SESSION['bd_type'])) {
 	switch ($_SESSION['bd_type']) {
-		case 'mysql':
-			include(APP_PATH . '/SQL/install.sql.mysql.php');
-			break;
-		case 'sqlite':
-			include(APP_PATH . '/SQL/install.sql.sqlite.php');
-			break;
+	case 'mysql':
+		include(APP_PATH . '/SQL/install.sql.mysql.php');
+		break;
+	case 'sqlite':
+		include(APP_PATH . '/SQL/install.sql.sqlite.php');
+		break;
 	}
 }
 
-//<updates>
-define('SQL_BACKUP006', 'RENAME TABLE `%1$scategory` TO `%1$scategory006`, `%1$sfeed` TO `%1$sfeed006`, `%1$sentry` TO `%1$sentry006`;');
-
-define('SQL_SHOW_COLUMNS_UPDATEv006', 'SHOW columns FROM `%1$sentry006` LIKE "id2";');
-
-define('SQL_UPDATEv006', '
-ALTER TABLE `%1$scategory006` ADD id2 SMALLINT;
-
-SET @i = 0;
-UPDATE `%1$scategory006` SET id2=(@i:=@i+1) ORDER BY id;
-
-ALTER TABLE `%1$sfeed006` ADD id2 SMALLINT, ADD category2 SMALLINT;
-
-SET @i = 0;
-UPDATE `%1$sfeed006` SET id2=(@i:=@i+1) ORDER BY name;
-
-UPDATE `%1$sfeed006` f
-INNER JOIN `%1$scategory006` c ON f.category = c.id
-SET f.category2 = c.id2;
-
-INSERT IGNORE INTO `%2$scategory` (name)
-SELECT name
-FROM `%1$scategory006`
-ORDER BY id2;
-
-INSERT IGNORE INTO `%2$sfeed` (url, category, name, website, description, priority, pathEntries, httpAuth, keep_history)
-SELECT url, category2, name, website, description, priority, pathEntries, httpAuth, IF(keep_history = 1, -1, -2)
-FROM `%1$sfeed006`
-ORDER BY id2;
-
-ALTER TABLE `%1$sentry006` ADD id2 bigint;
-
-UPDATE `%1$sentry006` SET id2 = ((date * 1000000) + (rand() * 100000000));
-
-INSERT IGNORE INTO `%2$sentry` (id, guid, title, author, link, date, is_read, is_favorite, id_feed, tags)
-SELECT e0.id2, e0.guid, e0.title, e0.author, e0.link, e0.date, e0.is_read, e0.is_favorite, f0.id2, e0.tags
-FROM `%1$sentry006` e0
-INNER JOIN `%1$sfeed006` f0 ON e0.id_feed = f0.id;
-');
-
-define('SQL_CONVERT_SELECTv006', '
-SELECT e0.id2, e0.content
-FROM `%1$sentry006` e0
-INNER JOIN `%2$sentry` e1 ON e0.id2 = e1.id
-WHERE e1.content_bin IS NULL');
-
-define('SQL_CONVERT_UPDATEv006', 'UPDATE `%1$sentry` SET '
-	. (isset($_SESSION['bd_type']) && $_SESSION['bd_type'] === 'mysql' ? 'content_bin=COMPRESS(?)' : 'content=?')
-	. ' WHERE id=?;');
-
-define('SQL_DROP_BACKUPv006', 'DROP TABLE IF EXISTS `%1$sentry006`, `%1$sfeed006`, `%1$scategory006`;');
-
-define('SQL_UPDATE_CACHED_VALUES', '
-UPDATE `%1$sfeed` f
-INNER JOIN (
-	SELECT e.id_feed,
-	COUNT(CASE WHEN e.is_read = 0 THEN 1 END) AS nbUnreads,
-	COUNT(e.id) AS nbEntries
-	FROM `%1$sentry` e
-	GROUP BY e.id_feed
-) x ON x.id_feed=f.id
-SET f.cache_nbEntries=x.nbEntries, f.cache_nbUnreads=x.nbUnreads
-');
-
-define('SQL_UPDATE_HISTORYv007b', 'UPDATE `%1$sfeed` SET keep_history = CASE WHEN keep_history = 0 THEN -2 WHEN keep_history = 1 THEN -1 ELSE keep_history END;');
+function param($key, $default = false) {
+	if (isset($_POST[$key])) {
+		return $_POST[$key];
+	} else {
+		return $default;
+	}
+}
 
-define('SQL_GET_FEEDS', 'SELECT id, url, website FROM `%1$sfeed`;');
-//</updates>
 
 // gestion internationalisation
-$translates = array ();
+$translates = array();
 $actual = 'en';
-function initTranslate () {
+function initTranslate() {
 	global $translates;
 	global $actual;
 
@@ -121,81 +61,93 @@ function initTranslate () {
 	}
 }
 
-function getBetterLanguage ($fallback) {
-	$available = availableLanguages ();
+function getBetterLanguage($fallback) {
+	$available = availableLanguages();
 	$accept = $_SERVER['HTTP_ACCEPT_LANGUAGE'];
-	$language = strtolower (substr ($accept, 0, 2));
+	$language = strtolower(substr($accept, 0, 2));
 
-	if (isset ($available[$language])) {
+	if (isset($available[$language])) {
 		return $language;
 	} else {
 		return $fallback;
 	}
 }
-function availableLanguages () {
-	return array (
+
+function availableLanguages() {
+	return array(
 		'en' => 'English',
 		'fr' => 'Français'
 	);
 }
-function _t ($key) {
+
+function _t($key) {
 	global $translates;
 	$translate = $key;
-	if (isset ($translates[$key])) {
+	if (isset($translates[$key])) {
 		$translate = $translates[$key];
 	}
 
-	$args = func_get_args ();
+	$args = func_get_args();
 	unset($args[0]);
 
-	return vsprintf ($translate, $args);
+	return vsprintf($translate, $args);
 }
 
+
 /*** SAUVEGARDES ***/
-function saveLanguage () {
-	if (!empty ($_POST)) {
-		if (!isset ($_POST['language'])) {
+function saveLanguage() {
+	if (!empty($_POST)) {
+		if (!isset($_POST['language'])) {
 			return false;
 		}
 
 		$_SESSION['language'] = $_POST['language'];
 
-		header ('Location: index.php?step=1');
+		header('Location: index.php?step=1');
 	}
 }
-function saveStep2 () {
-	if (!empty ($_POST)) {
-		if (empty ($_POST['title']) ||
-		    empty ($_POST['old_entries']) ||
-		    empty ($_POST['auth_type']) ||
-		    empty ($_POST['default_user'])) {
-			return false;
-		}
 
-		$_SESSION['salt'] = sha1(uniqid(mt_rand(), true).implode('', stat(__FILE__)));
-		$_SESSION['title'] = substr(trim($_POST['title']), 0, 25);
-		$_SESSION['old_entries'] = $_POST['old_entries'];
-		if ((!ctype_digit($_SESSION['old_entries'])) || ($_SESSION['old_entries'] < 1)) {
-			$_SESSION['old_entries'] = 3;
-		}
-		$_SESSION['mail_login'] = filter_var($_POST['mail_login'], FILTER_VALIDATE_EMAIL);
-		$_SESSION['default_user'] = substr(preg_replace('/[^a-zA-Z0-9]/', '', $_POST['default_user']), 0, 16);
-		$_SESSION['auth_type'] = $_POST['auth_type'];
-		if (!empty($_POST['passwordPlain'])) {
+function saveStep2() {
+	if (!empty($_POST)) {
+		$_SESSION['title'] = substr(trim(param('title', _t('freshrss'))), 0, 25);
+		$_SESSION['old_entries'] = param('old_entries', 3);
+		$_SESSION['auth_type'] = param('auth_type', 'form');
+		$_SESSION['default_user'] = substr(preg_replace('/[^a-zA-Z0-9]/', '', param('default_user', '')), 0, 16);
+		$_SESSION['mail_login'] = filter_var(param('mail_login', ''), FILTER_VALIDATE_EMAIL);
+
+		$password_plain = param('passwordPlain', false);
+		if ($password_plain !== false) {
 			if (!function_exists('password_hash')) {
 				include_once(LIB_PATH . '/password_compat.php');
 			}
-			$passwordHash = password_hash($_POST['passwordPlain'], PASSWORD_BCRYPT, array('cost' => BCRYPT_COST));
+			$passwordHash = password_hash($password_plain, PASSWORD_BCRYPT, array('cost' => BCRYPT_COST));
 			$passwordHash = preg_replace('/^\$2[xy]\$/', '\$2a\$', $passwordHash);	//Compatibility with bcrypt.js
 			$_SESSION['passwordHash'] = $passwordHash;
 		}
 
+		if (empty($_SESSION['title']) ||
+		    empty($_SESSION['old_entries']) ||
+		    empty($_SESSION['auth_type']) ||
+		    empty($_SESSION['default_user'])) {
+			return false;
+		}
+
+		if (($_SESSION['auth_type'] === 'form' && empty($_SESSION['passwordHash'])) ||
+				($_SESSION['auth_type'] === 'persona' && empty($_SESSION['mail_login']))) {
+			return false;
+		}
+
+		$_SESSION['salt'] = sha1(uniqid(mt_rand(), true).implode('', stat(__FILE__)));
+		if ((!ctype_digit($_SESSION['old_entries'])) ||($_SESSION['old_entries'] < 1)) {
+			$_SESSION['old_entries'] = 3;
+		}
+
 		$token = '';
 		if ($_SESSION['mail_login']) {
 			$token = sha1($_SESSION['salt'] . $_SESSION['mail_login']);
 		}
 
-		$config_array = array (
+		$config_array = array(
 			'language' => $_SESSION['language'],
 			'theme' => $_SESSION['theme'],
 			'old_entries' => $_SESSION['old_entries'],
@@ -214,12 +166,12 @@ function saveStep2 () {
 			file_put_contents($personaFile, $_SESSION['default_user']);
 		}
 
-		header ('Location: index.php?step=3');
+		header('Location: index.php?step=3');
 	}
 }
 
-function saveStep3 () {
-	if (!empty ($_POST)) {
+function saveStep3() {
+	if (!empty($_POST)) {
 		if ($_SESSION['bd_type'] === 'sqlite') {
 			$_SESSION['bd_base'] = $_SESSION['default_user'];
 			$_SESSION['bd_host'] = '';
@@ -228,10 +180,10 @@ function saveStep3 () {
 			$_SESSION['bd_prefix'] = '';
 			$_SESSION['bd_prefix_user'] = '';	//No prefix for SQLite
 		} else {
-			if (empty ($_POST['type']) ||
-			    empty ($_POST['host']) ||
-			    empty ($_POST['user']) ||
-			    empty ($_POST['base'])) {
+			if (empty($_POST['type']) ||
+			    empty($_POST['host']) ||
+			    empty($_POST['user']) ||
+			    empty($_POST['base'])) {
 				$_SESSION['bd_error'] = 'Missing parameters!';
 			}
 			$_SESSION['bd_base'] = substr($_POST['base'], 0, 64);
@@ -239,7 +191,7 @@ function saveStep3 () {
 			$_SESSION['bd_user'] = $_POST['user'];
 			$_SESSION['bd_password'] = $_POST['pass'];
 			$_SESSION['bd_prefix'] = substr($_POST['prefix'], 0, 16);
-			$_SESSION['bd_prefix_user'] = $_SESSION['bd_prefix'] . (empty($_SESSION['default_user']) ? '' : ($_SESSION['default_user'] . '_'));
+			$_SESSION['bd_prefix_user'] = $_SESSION['bd_prefix'] .(empty($_SESSION['default_user']) ? '' :($_SESSION['default_user'] . '_'));
 		}
 
 		$ini_array = array(
@@ -268,15 +220,11 @@ function saveStep3 () {
 		@unlink(DATA_PATH . '/config.php');	//To avoid access-rights problems
 		file_put_contents(DATA_PATH . '/config.php', "<?php\n return " . var_export($ini_array, true) . ';');
 
-		if (file_exists(DATA_PATH . '/config.php') && file_exists(DATA_PATH . '/application.ini')) {
-			@unlink(DATA_PATH . '/application.ini');	//v0.6
-		}
-
-		$res = checkBD ();
+		$res = checkBD();
 
 		if ($res) {
 			$_SESSION['bd_error'] = '';
-			header ('Location: index.php?step=4');
+			header('Location: index.php?step=4');
 		} elseif (empty($_SESSION['bd_error'])) {
 			$_SESSION['bd_error'] = 'Unknown error!';
 		}
@@ -284,309 +232,83 @@ function saveStep3 () {
 	invalidateHttpCache();
 }
 
-function updateDatabase($perform = false) {
-	$needs = array('bd_type', 'bd_host', 'bd_base', 'bd_user', 'bd_password', 'bd_prefix', 'bd_prefix_user');
-	foreach ($needs as $need) {
-		if (!isset($_SESSION[$need])) {
-			return false;
-		}
-	}
-
-	try {
-		$str = '';
-		switch ($_SESSION['bd_type']) {
-			case 'mysql':
-				$str = 'mysql:host=' . $_SESSION['bd_host'] . ';dbname=' . $_SESSION['bd_base'];
-				$driver_options = array(
-					PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
-				);
-				break;
-			case 'sqlite':
-				return false;	//No update for SQLite needed so far
-			default:
-				return false;
-		}
-
-		$c = new PDO($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
-
-		$stm = $c->prepare(SQL_SHOW_TABLES);
-		$stm->execute();
-		$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
-		if (!in_array($_SESSION['bd_prefix'] . 'entry006', $res)) {
-			return false;
-		}
-
-		$sql = sprintf(SQL_SHOW_COLUMNS_UPDATEv006, $_SESSION['bd_prefix']);
-		$stm = $c->prepare($sql);
-		$stm->execute();
-		$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
-		if (!in_array('id2', $res)) {
-			if (!$perform) {
-				return true;
-			}
-			$sql = sprintf(SQL_UPDATEv006, $_SESSION['bd_prefix'], $_SESSION['bd_prefix_user']);
-			$stm = $c->prepare($sql, array(PDO::ATTR_EMULATE_PREPARES => true));
-			$stm->execute();
-		}
-
-		$sql = sprintf(SQL_CONVERT_SELECTv006, $_SESSION['bd_prefix'], $_SESSION['bd_prefix_user']);
-		if (!$perform) {
-			$sql .= ' LIMIT 1';
-		}
-		$stm = $c->prepare($sql);
-		$stm->execute();
-		if (!$perform) {
-			$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
-			return count($res) > 0;
-		} else {
-			@set_time_limit(300);
-		}
-
-		$c2 = new PDO($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
-		$sql = sprintf(SQL_CONVERT_UPDATEv006, $_SESSION['bd_prefix_user']);
-		$stm2 = $c2->prepare($sql);
-		while ($row = $stm->fetch(PDO::FETCH_ASSOC)) {
-			$id = $row['id2'];
-			$content = unserialize(gzinflate(base64_decode($row['content'])));
-			$stm2->execute(array($content, $id));
-		}
-
-		return true;
-	} catch (PDOException $e) {
-		return false;
-	}
-	return false;
-}
-
 function newPdo() {
 	switch ($_SESSION['bd_type']) {
-		case 'mysql':
-			$str = 'mysql:host=' . $_SESSION['bd_host'] . ';dbname=' . $_SESSION['bd_base'];
-			$driver_options = array(
-				PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
-			);
-			break;
-		case 'sqlite':
-			$str = 'sqlite:' . DATA_PATH . '/' . $_SESSION['default_user'] . '.sqlite';
-			$driver_options = array(
-				PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
-			);
-			break;
-		default:
-			return false;
+	case 'mysql':
+		$str = 'mysql:host=' . $_SESSION['bd_host'] . ';dbname=' . $_SESSION['bd_base'];
+		$driver_options = array(
+			PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8',
+		);
+		break;
+	case 'sqlite':
+		$str = 'sqlite:' . DATA_PATH . '/' . $_SESSION['default_user'] . '.sqlite';
+		$driver_options = array(
+			PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+		);
+		break;
+	default:
+		return false;
 	}
 	return new PDO($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
 }
 
-function postUpdate() {
-	$c = newPdo();
-
-	if ($_SESSION['bd_type'] !== 'sqlite') {	//No update for SQLite needed yet
-		$sql = sprintf(SQL_UPDATE_HISTORYv007b, $_SESSION['bd_prefix_user']);
-		$stm = $c->prepare($sql);
-		$stm->execute();
-
-		$sql = sprintf(SQL_UPDATE_CACHED_VALUES, $_SESSION['bd_prefix_user']);
-		$stm = $c->prepare($sql);
-		$stm->execute();
-	}
-
-	//<favicons>
-	$sql = sprintf(SQL_GET_FEEDS, $_SESSION['bd_prefix_user']);
-	$stm = $c->prepare($sql);
-	$stm->execute();
-	$res = $stm->fetchAll(PDO::FETCH_ASSOC);
-	foreach ($res as $feed) {
-		if (empty($feed['url'])) {
-			continue;
-		}
-		$hash = hash('crc32b', $_SESSION['salt'] . $feed['url']);
-		@file_put_contents(DATA_PATH . '/favicons/' . $hash . '.txt',
-			empty($feed['website']) ? $feed['url'] : $feed['website']);
-	}
-	//</favicons>
-}
-
-function deleteInstall () {
-	$res = unlink (DATA_PATH . '/do-install.txt');
-	if ($res) {
-		header ('Location: index.php');
-	}
-
-	$needs = array('bd_type', 'bd_host', 'bd_base', 'bd_user', 'bd_password', 'bd_prefix');
-	foreach ($needs as $need) {
-		if (!isset($_SESSION[$need])) {
-			return false;
-		}
-	}
-
-	try {
-		$c = newPdo();
-		$sql = sprintf(SQL_DROP_BACKUPv006, $_SESSION['bd_prefix']);
-		$stm = $c->prepare($sql);
-		$stm->execute();
+function deleteInstall() {
+	$res = unlink(DATA_PATH . '/do-install.txt');
 
-		return true;
-	} catch (PDOException $e) {
+	if (!$res) {
 		return false;
 	}
-	return false;
-}
 
-function moveOldFiles() {
-	$mvs = array(
-		'/app/configuration/application.ini' => '/data/application.ini',	//v0.6
-		'/public/data/Configuration.array.php' => '/data/Configuration.array.php',	//v0.6
-	);
-	$ok = true;
-	foreach ($mvs as $fFrom => $fTo) {
-		if (file_exists(FRESHRSS_PATH . $fFrom)) {
-			if (copy(FRESHRSS_PATH . $fFrom, FRESHRSS_PATH . $fTo)) {
-				@unlink(FRESHRSS_PATH . $fFrom);
-			} else {
-				$ok = false;
-			}
-		}
-	}
-	return $ok;
+	header('Location: index.php');
 }
 
-function delTree($dir) {	//http://php.net/rmdir#110489
-	if (!is_dir($dir)) {
-		return true;
-	}
-	$files = array_diff(scandir($dir), array('.', '..'));
-	foreach ($files as $file) {
-		$f = $dir . '/' . $file;
-		if (is_dir($f)) {
-			@chmod($f, 0777);
-			delTree($f);
-		}
-		else unlink($f);
-	}
-	return rmdir($dir);
-}
 
 /*** VÉRIFICATIONS ***/
-function checkStep () {
-	$s0 = checkStep0 ();
-	$s1 = checkStep1 ();
-	$s2 = checkStep2 ();
-	$s3 = checkStep3 ();
+function checkStep() {
+	$s0 = checkStep0();
+	$s1 = checkStep1();
+	$s2 = checkStep2();
+	$s3 = checkStep3();
 	if (STEP > 0 && $s0['all'] != 'ok') {
-		header ('Location: index.php?step=0');
+		header('Location: index.php?step=0');
 	} elseif (STEP > 1 && $s1['all'] != 'ok') {
-		header ('Location: index.php?step=1');
+		header('Location: index.php?step=1');
 	} elseif (STEP > 2 && $s2['all'] != 'ok') {
-		header ('Location: index.php?step=2');
+		header('Location: index.php?step=2');
 	} elseif (STEP > 3 && $s3['all'] != 'ok') {
-		header ('Location: index.php?step=3');
+		header('Location: index.php?step=3');
 	}
 	$_SESSION['actualize_feeds'] = true;
 }
-function checkStep0 () {
-	moveOldFiles();
-
-	if (file_exists(DATA_PATH . '/config.php')) {
-		$ini_array = include(DATA_PATH . '/config.php');
-	} elseif (file_exists(DATA_PATH . '/application.ini')) {	//v0.6
-		$ini_array = parse_ini_file(DATA_PATH . '/application.ini', true);
-		$ini_array['general']['title'] = empty($ini_array['general']['title']) ? '' : stripslashes($ini_array['general']['title']);
-	} else {
-		$ini_array = null;
-	}
-
-	if ($ini_array) {
-		$ini_general = isset($ini_array['general']) ? $ini_array['general'] : null;
-		if ($ini_general) {
-			$keys = array('environment', 'salt', 'title', 'default_user', 'allow_anonymous', 'allow_anonymous_refresh', 'auth_type', 'api_enabled', 'unsafe_autologin_enabled');
-			foreach ($keys as $key) {
-				if ((empty($_SESSION[$key])) && isset($ini_general[$key])) {
-					$_SESSION[$key] = $ini_general[$key];
-				}
-			}
-		}
-		$ini_db = isset($ini_array['db']) ? $ini_array['db'] : null;
-		if ($ini_db) {
-			$keys = array('type', 'host', 'user', 'password', 'base', 'prefix');
-			foreach ($keys as $key) {
-				if ((!isset($_SESSION['bd_' . $key])) && isset($ini_db[$key])) {
-					$_SESSION['bd_' . $key] = $ini_db[$key];
-				}
-			}
-		}
-	}
-
-	if (isset($_SESSION['default_user']) && file_exists(DATA_PATH . '/' . $_SESSION['default_user'] . '_user.php')) {
-		$userConfig = include(DATA_PATH . '/' . $_SESSION['default_user'] . '_user.php');
-	} elseif (file_exists(DATA_PATH . '/Configuration.array.php')) {
-		$userConfig = include(DATA_PATH . '/Configuration.array.php');	//v0.6
-		if (empty($_SESSION['auth_type'])) {
-			$_SESSION['auth_type'] = empty($userConfig['mail_login']) ? 'none' : 'persona';
-		}
-		if (!isset($_SESSION['allow_anonymous'])) {
-			$_SESSION['allow_anonymous'] = empty($userConfig['anon_access']) ? false : ($userConfig['anon_access'] === 'yes');
-		}
-	} else {
-		$userConfig = array();
-	}
-	if (empty($_SESSION['auth_type'])) {	//v0.7b
-		$_SESSION['auth_type'] = '';
-	}
-
-	$keys = array('language', 'theme', 'old_entries', 'mail_login', 'passwordHash');
-	foreach ($keys as $key) {
-		if ((!isset($_SESSION[$key])) && isset($userConfig[$key])) {
-			$_SESSION[$key] = $userConfig[$key];
-		}
-	}
-
-	$languages = availableLanguages ();
-	$language = isset ($_SESSION['language']) &&
-	            isset ($languages[$_SESSION['language']]);
 
-	if (empty($_SESSION['passwordHash'])) {	//v0.7b
-		$_SESSION['passwordHash'] = '';
-	}
-	if (empty($_SESSION['theme'])) {
-		$_SESSION['theme'] = 'Origine';
-	} else {
-		switch (strtolower($_SESSION['theme'])) {
-			case 'default':	//v0.7b
-				$_SESSION['theme'] = 'Origine';
-				break;
-			case 'flat-design':	//v0.7b
-				$_SESSION['theme'] = 'Flat';
-				break;
-			case 'default_dark':	//v0.7b
-				$_SESSION['theme'] = 'Dark';
-				break;
-		}
-	}
+function checkStep0() {
+	$languages = availableLanguages();
+	$language = isset($_SESSION['language']) &&
+	            isset($languages[$_SESSION['language']]);
 
-	return array (
+	return array(
 		'language' => $language ? 'ok' : 'ko',
 		'all' => $language ? 'ok' : 'ko'
 	);
 }
 
-function checkStep1 () {
-	$php = version_compare (PHP_VERSION, '5.2.1') >= 0;
-	$minz = file_exists (LIB_PATH . '/Minz');
-	$curl = extension_loaded ('curl');
-	$pdo_mysql = extension_loaded ('pdo_mysql');
-	$pdo_sqlite = extension_loaded ('pdo_sqlite');
+function checkStep1() {
+	$php = version_compare(PHP_VERSION, '5.2.1') >= 0;
+	$minz = file_exists(LIB_PATH . '/Minz');
+	$curl = extension_loaded('curl');
+	$pdo_mysql = extension_loaded('pdo_mysql');
+	$pdo_sqlite = extension_loaded('pdo_sqlite');
 	$pdo = $pdo_mysql || $pdo_sqlite;
-	$pcre = extension_loaded ('pcre');
-	$ctype = extension_loaded ('ctype');
+	$pcre = extension_loaded('pcre');
+	$ctype = extension_loaded('ctype');
 	$dom = class_exists('DOMDocument');
-	$data = DATA_PATH && is_writable (DATA_PATH);
-	$cache = CACHE_PATH && is_writable (CACHE_PATH);
-	$log = LOG_PATH && is_writable (LOG_PATH);
-	$favicons = is_writable (DATA_PATH . '/favicons');
-	$persona = is_writable (DATA_PATH . '/persona');
+	$data = DATA_PATH && is_writable(DATA_PATH);
+	$cache = CACHE_PATH && is_writable(CACHE_PATH);
+	$log = LOG_PATH && is_writable(LOG_PATH);
+	$favicons = is_writable(DATA_PATH . '/favicons');
+	$persona = is_writable(DATA_PATH . '/persona');
 
-	return array (
+	return array(
 		'php' => $php ? 'ok' : 'ko',
 		'minz' => $minz ? 'ok' : 'ko',
 		'curl' => $curl ? 'ok' : 'ko',
@@ -601,44 +323,49 @@ function checkStep1 () {
 		'log' => $log ? 'ok' : 'ko',
 		'favicons' => $favicons ? 'ok' : 'ko',
 		'persona' => $persona ? 'ok' : 'ko',
-		'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom && $data && $cache && $log && $favicons && $persona ? 'ok' : 'ko'
+		'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom &&
+		         $data && $cache && $log && $favicons && $persona ? 'ok' : 'ko'
 	);
 }
 
-function checkStep2 () {
-	$conf = !empty($_SESSION['salt']) &&
-	        !empty($_SESSION['title']) &&
+function checkStep2() {
+	$conf = !empty($_SESSION['title']) &&
 	        !empty($_SESSION['old_entries']) &&
 	        isset($_SESSION['mail_login']) &&
 	        !empty($_SESSION['default_user']);
+
+	$form = $_SESSION['auth_type'] != 'form' || !empty($_SESSION['passwordHash']);
+
+	$persona = $_SESSION['auth_type'] != 'persona' || !empty($_SESSION['mail_login']);
+
 	$defaultUser = empty($_POST['default_user']) ? null : $_POST['default_user'];
 	if ($defaultUser === null) {
 		$defaultUser = empty($_SESSION['default_user']) ? '' : $_SESSION['default_user'];
 	}
 	$data = is_writable(DATA_PATH . '/' . $defaultUser . '_user.php');
-	if ($data) {
-		@unlink(DATA_PATH . '/Configuration.array.php');	//v0.6
-	}
 
-	return array (
+	return array(
 		'conf' => $conf ? 'ok' : 'ko',
+		'form' => $form ? 'ok' : 'ko',
+		'persona' => $persona ? 'ok' : 'ko',
 		'data' => $data ? 'ok' : 'ko',
-		'all' => $conf && $data ? 'ok' : 'ko'
+		'all' => $conf && $form && $persona && $data ? 'ok' : 'ko'
 	);
 }
-function checkStep3 () {
+
+function checkStep3() {
 	$conf = is_writable(DATA_PATH . '/config.php');
 
-	$bd = isset ($_SESSION['bd_type']) &&
-	      isset ($_SESSION['bd_host']) &&
-	      isset ($_SESSION['bd_user']) &&
-	      isset ($_SESSION['bd_password']) &&
-	      isset ($_SESSION['bd_base']) &&
-	      isset ($_SESSION['bd_prefix']) &&
-	      isset ($_SESSION['bd_error']);
+	$bd = isset($_SESSION['bd_type']) &&
+	      isset($_SESSION['bd_host']) &&
+	      isset($_SESSION['bd_user']) &&
+	      isset($_SESSION['bd_password']) &&
+	      isset($_SESSION['bd_base']) &&
+	      isset($_SESSION['bd_prefix']) &&
+	      isset($_SESSION['bd_error']);
 	$conn = empty($_SESSION['bd_error']);
 
-	return array (
+	return array(
 		'bd' => $bd ? 'ok' : 'ko',
 		'conn' => $conn ? 'ok' : 'ko',
 		'conf' => $conf ? 'ok' : 'ko',
@@ -646,51 +373,41 @@ function checkStep3 () {
 	);
 }
 
-function checkBD () {
+function checkBD() {
 	$ok = false;
 
 	try {
 		$str = '';
 		$driver_options = null;
 		switch ($_SESSION['bd_type']) {
-			case 'mysql':
-				$driver_options = array(
-					PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
-				);
-
-				try {	// on ouvre une connexion juste pour créer la base si elle n'existe pas
-					$str = 'mysql:host=' . $_SESSION['bd_host'] . ';';
-					$c = new PDO ($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
-					$sql = sprintf (SQL_CREATE_DB, $_SESSION['bd_base']);
-					$res = $c->query ($sql);
-				} catch (PDOException $e) {
-				}
-
-				// on écrase la précédente connexion en sélectionnant la nouvelle BDD
-				$str = 'mysql:host=' . $_SESSION['bd_host'] . ';dbname=' . $_SESSION['bd_base'];
-				break;
-			case 'sqlite':
-				$str = 'sqlite:' . DATA_PATH . '/' . $_SESSION['default_user'] . '.sqlite';
-				$driver_options = array(
-					PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
-				);
-				break;
-			default:
-				return false;
-		}
-
-		$c = new PDO ($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
+		case 'mysql':
+			$driver_options = array(
+				PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'
+			);
 
-		if ($_SESSION['bd_type'] !== 'sqlite') {	//No SQL backup for SQLite
-			$stm = $c->prepare(SQL_SHOW_TABLES);
-			$stm->execute();
-			$res = $stm->fetchAll(PDO::FETCH_COLUMN, 0);
-			if (in_array($_SESSION['bd_prefix'] . 'entry', $res) && !in_array($_SESSION['bd_prefix'] . 'entry006', $res)) {
-				$sql = sprintf(SQL_BACKUP006, $_SESSION['bd_prefix']);	//v0.6
-				$res = $c->query($sql);	//Backup tables
+			try {	// on ouvre une connexion juste pour créer la base si elle n'existe pas
+				$str = 'mysql:host=' . $_SESSION['bd_host'] . ';';
+				$c = new PDO($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
+				$sql = sprintf(SQL_CREATE_DB, $_SESSION['bd_base']);
+				$res = $c->query($sql);
+			} catch (PDOException $e) {
 			}
+
+			// on écrase la précédente connexion en sélectionnant la nouvelle BDD
+			$str = 'mysql:host=' . $_SESSION['bd_host'] . ';dbname=' . $_SESSION['bd_base'];
+			break;
+		case 'sqlite':
+			$str = 'sqlite:' . DATA_PATH . '/' . $_SESSION['default_user'] . '.sqlite';
+			$driver_options = array(
+				PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+			);
+			break;
+		default:
+			return false;
 		}
 
+		$c = new PDO($str, $_SESSION['bd_user'], $_SESSION['bd_password'], $driver_options);
+
 		if (defined('SQL_CREATE_TABLES')) {
 			$sql = sprintf(SQL_CREATE_TABLES, $_SESSION['bd_prefix_user'], _t('default_category'));
 			$stm = $c->prepare($sql);
@@ -719,20 +436,20 @@ function checkBD () {
 }
 
 /*** AFFICHAGE ***/
-function printStep0 () {
+function printStep0() {
 	global $actual;
 ?>
-	<?php $s0 = checkStep0 (); if ($s0['all'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('language_defined'); ?></p>
+	<?php $s0 = checkStep0(); if ($s0['all'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('language_defined'); ?></p>
 	<?php } ?>
 
 	<form action="index.php?step=0" method="post">
-		<legend><?php echo _t ('choose_language'); ?></legend>
+		<legend><?php echo _t('choose_language'); ?></legend>
 		<div class="form-group">
-			<label class="group-name" for="language"><?php echo _t ('language'); ?></label>
+			<label class="group-name" for="language"><?php echo _t('language'); ?></label>
 			<div class="group-controls">
 				<select name="language" id="language">
-				<?php $languages = availableLanguages (); ?>
+				<?php $languages = availableLanguages(); ?>
 				<?php foreach ($languages as $short => $lib) { ?>
 				<option value="<?php echo $short; ?>"<?php echo $actual == $short ? ' selected="selected"' : ''; ?>><?php echo $lib; ?></option>
 				<?php } ?>
@@ -742,10 +459,10 @@ function printStep0 () {
 
 		<div class="form-group form-actions">
 			<div class="group-controls">
-				<button type="submit" class="btn btn-important"><?php echo _t ('save'); ?></button>
-				<button type="reset" class="btn"><?php echo _t ('cancel'); ?></button>
+				<button type="submit" class="btn btn-important"><?php echo _t('save'); ?></button>
+				<button type="reset" class="btn"><?php echo _t('cancel'); ?></button>
 				<?php if ($s0['all'] == 'ok') { ?>
-				<a class="btn btn-important next-step" href="?step=1"><?php echo _t ('next_step'); ?></a>
+				<a class="btn btn-important next-step" href="?step=1"><?php echo _t('next_step'); ?></a>
 				<?php } ?>
 			</div>
 		</div>
@@ -753,132 +470,136 @@ function printStep0 () {
 <?php
 }
 
-function printStep1 () {
-	$res = checkStep1 ();
+function printStep1() {
+	$res = checkStep1();
 ?>
-	<noscript><p class="alert alert-warn"><span class="alert-head"><?php echo _t ('attention'); ?></span> <?php echo _t ('javascript_is_better'); ?></p></noscript>
+	<noscript><p class="alert alert-warn"><span class="alert-head"><?php echo _t('attention'); ?></span> <?php echo _t('javascript_is_better'); ?></p></noscript>
 
 	<?php if ($res['php'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('php_is_ok', PHP_VERSION); ?></p>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('php_is_ok', PHP_VERSION); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('php_is_nok', PHP_VERSION, '5.2.1'); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('php_is_nok', PHP_VERSION, '5.2.1'); ?></p>
 	<?php } ?>
 
 	<?php if ($res['minz'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('minz_is_ok'); ?></p>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('minz_is_ok'); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('minz_is_nok', LIB_PATH . '/Minz'); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('minz_is_nok', LIB_PATH . '/Minz'); ?></p>
 	<?php } ?>
 
 	<?php if ($res['pdo'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('pdo_is_ok'); ?></p>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('pdo_is_ok'); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('pdo_is_nok'); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('pdo_is_nok'); ?></p>
 	<?php } ?>
 
 	<?php if ($res['curl'] == 'ok') { ?>
 	<?php $version = curl_version(); ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('curl_is_ok', $version['version']); ?></p>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('curl_is_ok', $version['version']); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('curl_is_nok'); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('curl_is_nok'); ?></p>
 	<?php } ?>
 
 	<?php if ($res['pcre'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('pcre_is_ok'); ?></p>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('pcre_is_ok'); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('pcre_is_nok'); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('pcre_is_nok'); ?></p>
 	<?php } ?>
 
 	<?php if ($res['ctype'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('ctype_is_ok'); ?></p>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('ctype_is_ok'); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('ctype_is_nok'); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('ctype_is_nok'); ?></p>
 	<?php } ?>
 
 	<?php if ($res['dom'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('dom_is_ok'); ?></p>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('dom_is_ok'); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('dom_is_nok'); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('dom_is_nok'); ?></p>
 	<?php } ?>
 
 	<?php if ($res['data'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('data_is_ok'); ?></p>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('data_is_ok'); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('file_is_nok', DATA_PATH); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('file_is_nok', DATA_PATH); ?></p>
 	<?php } ?>
 
 	<?php if ($res['cache'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('cache_is_ok'); ?></p>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('cache_is_ok'); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('file_is_nok', CACHE_PATH); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('file_is_nok', CACHE_PATH); ?></p>
 	<?php } ?>
 
 	<?php if ($res['log'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('log_is_ok'); ?></p>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('log_is_ok'); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('file_is_nok', LOG_PATH); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('file_is_nok', LOG_PATH); ?></p>
 	<?php } ?>
 
 	<?php if ($res['favicons'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('favicons_is_ok'); ?></p>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('favicons_is_ok'); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('file_is_nok', DATA_PATH . '/favicons'); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('file_is_nok', DATA_PATH . '/favicons'); ?></p>
 	<?php } ?>
 
 	<?php if ($res['persona'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('persona_is_ok'); ?></p>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('persona_is_ok'); ?></p>
 	<?php } else { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('file_is_nok', DATA_PATH . '/persona'); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('file_is_nok', DATA_PATH . '/persona'); ?></p>
 	<?php } ?>
 
 	<?php if ($res['all'] == 'ok') { ?>
-	<a class="btn btn-important next-step" href="?step=2"><?php echo _t ('next_step'); ?></a>
+	<a class="btn btn-important next-step" href="?step=2"><?php echo _t('next_step'); ?></a>
 	<?php } else { ?>
-	<p class="alert alert-error"><?php echo _t ('fix_errors_before'); ?></p>
+	<p class="alert alert-error"><?php echo _t('fix_errors_before'); ?></p>
 	<?php } ?>
 <?php
 }
 
-function printStep2 () {
+function printStep2() {
 ?>
-	<?php $s2 = checkStep2 (); if ($s2['all'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('general_conf_is_ok'); ?></p>
+	<?php $s2 = checkStep2(); if ($s2['all'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('general_conf_is_ok'); ?></p>
+	<?php } elseif (!empty($_POST)) { ?>
+	<p class="alert alert-error"><?php echo _t('fix_errors_before'); ?></p>
 	<?php } ?>
 
 	<form action="index.php?step=2" method="post">
-		<legend><?php echo _t ('general_configuration'); ?></legend>
+		<legend><?php echo _t('general_configuration'); ?></legend>
 
 		<div class="form-group">
-			<label class="group-name" for="title"><?php echo _t ('title'); ?></label>
+			<label class="group-name" for="title"><?php echo _t('title'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="title" name="title" value="<?php echo isset ($_SESSION['title']) ? $_SESSION['title'] : _t ('freshrss'); ?>" />
+				<input type="text" id="title" name="title" value="<?php echo isset($_SESSION['title']) ? $_SESSION['title'] : _t('freshrss'); ?>" />
 			</div>
 		</div>
 
 		<div class="form-group">
-			<label class="group-name" for="old_entries"><?php echo _t ('delete_articles_every'); ?></label>
+			<label class="group-name" for="old_entries"><?php echo _t('delete_articles_every'); ?></label>
 			<div class="group-controls">
-				<input type="number" id="old_entries" name="old_entries" required="required" min="1" max="1200" value="<?php echo isset ($_SESSION['old_entries']) ? $_SESSION['old_entries'] : '3'; ?>" /> <?php echo _t ('month'); ?>
+				<input type="number" id="old_entries" name="old_entries" required="required" min="1" max="1200" value="<?php echo isset($_SESSION['old_entries']) ? $_SESSION['old_entries'] : '3'; ?>" /> <?php echo _t('month'); ?>
 			</div>
 		</div>
 
 		<div class="form-group">
-			<label class="group-name" for="default_user"><?php echo _t ('default_user'); ?></label>
+			<label class="group-name" for="default_user"><?php echo _t('default_user'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" value="<?php echo isset ($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'user1' : httpAuthUser(); ?>" />
+				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'user1' : httpAuthUser(); ?>" />
 			</div>
 		</div>
 
 		<div class="form-group">
 			<label class="group-name" for="auth_type"><?php echo _t('auth_type'); ?></label>
 			<div class="group-controls">
-				<select id="auth_type" name="auth_type" required="required">
-					<?php if (!in_array($_SESSION['auth_type'], array('form', 'persona', 'http_auth', 'none'))) { ?>
-						<option selected="selected"></option>
-					<?php } ?>
-					<option value="form"<?php echo $_SESSION['auth_type'] === 'form' ? ' selected="selected"' : '', cryptAvailable() ? '' : ' disabled="disabled"'; ?>><?php echo _t('auth_form'); ?></option>
+				<select id="auth_type" name="auth_type" required="required" onchange="auth_type_change()">
+					<?php
+						function no_auth() {
+							return !in_array($_SESSION['auth_type'], array('form', 'persona', 'http_auth', 'none'));
+						}
+					?>
+					<option value="form"<?php echo $_SESSION['auth_type'] === 'form' || no_auth() ? ' selected="selected"' : '', cryptAvailable() ? '' : ' disabled="disabled"'; ?>><?php echo _t('auth_form'); ?></option>
 					<option value="persona"<?php echo $_SESSION['auth_type'] === 'persona' ? ' selected="selected"' : ''; ?>><?php echo _t('auth_persona'); ?></option>
-					<option value="http_auth"<?php echo $_SESSION['auth_type'] === 'http_auth' ? ' selected="selected"' : '', httpAuthUser() == '' ? ' disabled="disabled"' : ''; ?>><?php echo _t('http_auth'); ?> (REMOTE_USER = '<?php echo httpAuthUser(); ?>')</option>
+					<option value="http_auth"<?php echo $_SESSION['auth_type'] === 'http_auth' ? ' selected="selected"' : '', httpAuthUser() == '' ? ' disabled="disabled"' : ''; ?>><?php echo _t('http_auth'); ?>(REMOTE_USER = '<?php echo httpAuthUser(); ?>')</option>
 					<option value="none"<?php echo $_SESSION['auth_type'] === 'none' ? ' selected="selected"' : ''; ?>><?php echo _t('auth_none'); ?></option>
 				</select>
 			</div>
@@ -887,25 +608,45 @@ function printStep2 () {
 		<div class="form-group">
 			<label class="group-name" for="passwordPlain"><?php echo _t('password_form'); ?></label>
 			<div class="group-controls">
-				<input type="password" id="passwordPlain" name="passwordPlain" pattern=".{7,}" autocomplete="off" />
+				<input type="password" id="passwordPlain" name="passwordPlain" pattern=".{7,}" autocomplete="off" <?php echo $_SESSION['auth_type'] === 'form' ? ' required="required"' : ''; ?> />
 				<noscript><b><?php echo _t('javascript_should_be_activated'); ?></b></noscript>
 			</div>
 		</div>
 
 		<div class="form-group">
-			<label class="group-name" for="mail_login"><?php echo _t ('persona_connection_email'); ?></label>
+			<label class="group-name" for="mail_login"><?php echo _t('persona_connection_email'); ?></label>
 			<div class="group-controls">
-				<input type="email" id="mail_login" name="mail_login" value="<?php echo isset ($_SESSION['mail_login']) ? $_SESSION['mail_login'] : ''; ?>" placeholder="alice@example.net" />
-				<noscript><b><?php echo _t ('javascript_should_be_activated'); ?></b></noscript>
+				<input type="email" id="mail_login" name="mail_login" value="<?php echo isset($_SESSION['mail_login']) ? $_SESSION['mail_login'] : ''; ?>" placeholder="alice@example.net" <?php echo $_SESSION['auth_type'] === 'persona' ? ' required="required"' : ''; ?> />
+				<noscript><b><?php echo _t('javascript_should_be_activated'); ?></b></noscript>
 			</div>
 		</div>
 
+		<script>
+			function auth_type_change() {
+				var auth_value = document.getElementById('auth_type').value,
+				    password_input = document.getElementById('passwordPlain'),
+				    mail_input = document.getElementById('mail_login');
+
+				if (auth_value === 'form') {
+					password_input.required = true;
+					mail_input.required = false;
+				} else if (auth_value === 'persona') {
+					password_input.required = false;
+					mail_input.required = true;
+				} else {
+					password_input.required = false;
+					mail_input.required = false;
+				}
+			}
+			auth_type_change();
+		</script>
+
 		<div class="form-group form-actions">
 			<div class="group-controls">
-				<button type="submit" class="btn btn-important"><?php echo _t ('save'); ?></button>
-				<button type="reset" class="btn"><?php echo _t ('cancel'); ?></button>
+				<button type="submit" class="btn btn-important"><?php echo _t('save'); ?></button>
+				<button type="reset" class="btn"><?php echo _t('cancel'); ?></button>
 				<?php if ($s2['all'] == 'ok') { ?>
-				<a class="btn btn-important next-step" href="?step=3"><?php echo _t ('next_step'); ?></a>
+				<a class="btn btn-important next-step" href="?step=3"><?php echo _t('next_step'); ?></a>
 				<?php } ?>
 			</div>
 		</div>
@@ -913,29 +654,29 @@ function printStep2 () {
 <?php
 }
 
-function printStep3 () {
+function printStep3() {
 ?>
-	<?php $s3 = checkStep3 (); if ($s3['all'] == 'ok') { ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('ok'); ?></span> <?php echo _t ('bdd_conf_is_ok'); ?></p>
+	<?php $s3 = checkStep3(); if ($s3['all'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('bdd_conf_is_ok'); ?></p>
 	<?php } elseif ($s3['conn'] == 'ko') { ?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('damn'); ?></span> <?php echo _t ('bdd_conf_is_ko'), (empty($_SESSION['bd_error']) ? '' : ' : ' . $_SESSION['bd_error']); ?></p>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('bdd_conf_is_ko'),(empty($_SESSION['bd_error']) ? '' : ' : ' . $_SESSION['bd_error']); ?></p>
 	<?php } ?>
 
 	<form action="index.php?step=3" method="post">
-		<legend><?php echo _t ('bdd_configuration'); ?></legend>
+		<legend><?php echo _t('bdd_configuration'); ?></legend>
 		<div class="form-group">
-			<label class="group-name" for="type"><?php echo _t ('bdd_type'); ?></label>
+			<label class="group-name" for="type"><?php echo _t('bdd_type'); ?></label>
 			<div class="group-controls">
 				<select name="type" id="type" onchange="mySqlShowHide()">
 				<?php if (extension_loaded('pdo_mysql')) {?>
 				<option value="mysql"
-					<?php echo (isset($_SESSION['bd_type']) && $_SESSION['bd_type'] === 'mysql') ? 'selected="selected"' : ''; ?>>
+					<?php echo(isset($_SESSION['bd_type']) && $_SESSION['bd_type'] === 'mysql') ? 'selected="selected"' : ''; ?>>
 					MySQL
 				</option>
 				<?php }?>
 				<?php if (extension_loaded('pdo_sqlite')) {?>
 				<option value="sqlite"
-					<?php echo (isset($_SESSION['bd_type']) && $_SESSION['bd_type'] === 'sqlite') ? 'selected="selected"' : ''; ?>>
+					<?php echo(isset($_SESSION['bd_type']) && $_SESSION['bd_type'] === 'sqlite') ? 'selected="selected"' : ''; ?>>
 					SQLite
 				</option>
 				<?php }?>
@@ -945,37 +686,37 @@ function printStep3 () {
 
 		<div id="mysql">
 		<div class="form-group">
-			<label class="group-name" for="host"><?php echo _t ('host'); ?></label>
+			<label class="group-name" for="host"><?php echo _t('host'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="host" name="host" pattern="[0-9A-Za-z_.-]{1,64}" value="<?php echo isset ($_SESSION['bd_host']) ? $_SESSION['bd_host'] : 'localhost'; ?>" />
+				<input type="text" id="host" name="host" pattern="[0-9A-Za-z_.-]{1,64}" value="<?php echo isset($_SESSION['bd_host']) ? $_SESSION['bd_host'] : 'localhost'; ?>" />
 			</div>
 		</div>
 
 		<div class="form-group">
-			<label class="group-name" for="user"><?php echo _t ('username'); ?></label>
+			<label class="group-name" for="user"><?php echo _t('username'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="user" name="user" maxlength="16" pattern="[0-9A-Za-z_.-]{1,16}" value="<?php echo isset ($_SESSION['bd_user']) ? $_SESSION['bd_user'] : ''; ?>" />
+				<input type="text" id="user" name="user" maxlength="16" pattern="[0-9A-Za-z_.-]{1,16}" value="<?php echo isset($_SESSION['bd_user']) ? $_SESSION['bd_user'] : ''; ?>" />
 			</div>
 		</div>
 
 		<div class="form-group">
-			<label class="group-name" for="pass"><?php echo _t ('password'); ?></label>
+			<label class="group-name" for="pass"><?php echo _t('password'); ?></label>
 			<div class="group-controls">
-				<input type="password" id="pass" name="pass" value="<?php echo isset ($_SESSION['bd_password']) ? $_SESSION['bd_password'] : ''; ?>" />
+				<input type="password" id="pass" name="pass" value="<?php echo isset($_SESSION['bd_password']) ? $_SESSION['bd_password'] : ''; ?>" />
 			</div>
 		</div>
 
 		<div class="form-group">
-			<label class="group-name" for="base"><?php echo _t ('bdd'); ?></label>
+			<label class="group-name" for="base"><?php echo _t('bdd'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="base" name="base" maxlength="64" pattern="[0-9A-Za-z_]{1,64}" value="<?php echo isset ($_SESSION['bd_base']) ? $_SESSION['bd_base'] : ''; ?>" placeholder="freshrss" />
+				<input type="text" id="base" name="base" maxlength="64" pattern="[0-9A-Za-z_]{1,64}" value="<?php echo isset($_SESSION['bd_base']) ? $_SESSION['bd_base'] : ''; ?>" placeholder="freshrss" />
 			</div>
 		</div>
 
 		<div class="form-group">
-			<label class="group-name" for="prefix"><?php echo _t ('prefix'); ?></label>
+			<label class="group-name" for="prefix"><?php echo _t('prefix'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="prefix" name="prefix" maxlength="16" pattern="[0-9A-Za-z_]{1,16}" value="<?php echo isset ($_SESSION['bd_prefix']) ? $_SESSION['bd_prefix'] : 'freshrss_'; ?>" />
+				<input type="text" id="prefix" name="prefix" maxlength="16" pattern="[0-9A-Za-z_]{1,16}" value="<?php echo isset($_SESSION['bd_prefix']) ? $_SESSION['bd_prefix'] : 'freshrss_'; ?>" />
 			</div>
 		</div>
 		</div>
@@ -988,10 +729,10 @@ function printStep3 () {
 
 		<div class="form-group form-actions">
 			<div class="group-controls">
-				<button type="submit" class="btn btn-important"><?php echo _t ('save'); ?></button>
-				<button type="reset" class="btn"><?php echo _t ('cancel'); ?></button>
+				<button type="submit" class="btn btn-important"><?php echo _t('save'); ?></button>
+				<button type="reset" class="btn"><?php echo _t('cancel'); ?></button>
 				<?php if ($s3['all'] == 'ok') { ?>
-				<a class="btn btn-important next-step" href="?step=4"><?php echo _t ('next_step'); ?></a>
+				<a class="btn btn-important next-step" href="?step=4"><?php echo _t('next_step'); ?></a>
 				<?php } ?>
 			</div>
 		</div>
@@ -999,74 +740,40 @@ function printStep3 () {
 <?php
 }
 
-function printStep4 () {
+function printStep4() {
 ?>
-	<form action="index.php?step=4" method="post">
-		<legend><?php echo _t ('version_update'); ?></legend>
-
-		<?php if (updateDatabase(false)) { ?>
-		<p class="alert alert-warn"><?php echo _t ('update_long'); ?></p>
-
-		<div class="form-group form-actions">
-			<div class="group-controls">
-				<input type="hidden" name="updateDatabase" value="1" />
-				<button type="submit" class="btn btn-important"><?php echo _t ('update_start'); ?></button>
-			</div>
-		</div>
-
-		<?php } else { ?>
-		<p class="alert alert-warn"><?php echo _t ('update_end'); ?></p>
-
-		<div class="form-group form-actions">
-			<div class="group-controls">
-				<a class="btn btn-important next-step" href="?step=5"><?php echo _t ('next_step'); ?></a>
-			</div>
-		</div>
-		<?php } ?>
-	</form>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('congratulations'); ?></span> <?php echo _t('installation_is_ok'); ?></p>
+	<a class="btn btn-important next-step" href="?step=5"><?php echo _t('finish_installation'); ?></a>
 <?php
 }
 
-function printStep5 () {
+function printStep5() {
 ?>
-	<p class="alert alert-success"><span class="alert-head"><?php echo _t ('congratulations'); ?></span> <?php echo _t ('installation_is_ok'); ?></p>
-	<a class="btn btn-important next-step" href="?step=6"><?php echo _t ('finish_installation'); ?></a>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('oops'); ?></span> <?php echo _t('install_not_deleted', DATA_PATH . '/do-install.txt'); ?></p>
 <?php
 }
 
-function printStep6 () {
-?>
-	<p class="alert alert-error"><span class="alert-head"><?php echo _t ('oops'); ?></span> <?php echo _t ('install_not_deleted', DATA_PATH . '/do-install.txt'); ?></p>
-<?php
-}
-
-checkStep ();
+checkStep();
 
-initTranslate ();
+initTranslate();
 
 switch (STEP) {
 case 0:
 default:
-	saveLanguage ();
+	saveLanguage();
 	break;
 case 1:
 	break;
 case 2:
-	saveStep2 ();
+	saveStep2();
 	break;
 case 3:
-	saveStep3 ();
+	saveStep3();
 	break;
 case 4:
-	if (!empty($_POST['updateDatabase'])) {
-		updateDatabase(true);
-	}
 	break;
 case 5:
-	postUpdate();
-	break;
-case 6:
-	deleteInstall ();
+	deleteInstall();
 	break;
 }
 ?>
@@ -1075,7 +782,7 @@ case 6:
 	<head>
 		<meta charset="utf-8">
 		<meta name="viewport" content="initial-scale=1.0">
-		<title><?php echo _t ('freshrss_installation'); ?></title>
+		<title><?php echo _t('freshrss_installation'); ?></title>
 		<link rel="stylesheet" type="text/css" media="all" href="../themes/Origine/template.css" />
 		<link rel="stylesheet" type="text/css" media="all" href="../themes/Origine/origine.css" />
 	</head>
@@ -1083,20 +790,19 @@ case 6:
 
 <div class="header">
 	<div class="item title">
-		<h1><a href="index.php"><?php echo _t ('freshrss'); ?></a></h1>
-		<h2><?php echo _t ('installation_step', STEP); ?></h2>
+		<h1><a href="index.php"><?php echo _t('freshrss'); ?></a></h1>
+		<h2><?php echo _t('installation_step', STEP); ?></h2>
 	</div>
 </div>
 
 <div id="global">
 	<ul class="nav nav-list aside">
-		<li class="nav-header"><?php echo _t ('steps'); ?></li>
-		<li class="item<?php echo STEP == 0 ? ' active' : ''; ?>"><a href="?step=0"><?php echo _t ('language'); ?></a></li>
-		<li class="item<?php echo STEP == 1 ? ' active' : ''; ?>"><a href="?step=1"><?php echo _t ('checks'); ?></a></li>
-		<li class="item<?php echo STEP == 2 ? ' active' : ''; ?>"><a href="?step=2"><?php echo _t ('general_configuration'); ?></a></li>
-		<li class="item<?php echo STEP == 3 ? ' active' : ''; ?>"><a href="?step=3"><?php echo _t ('bdd_configuration'); ?></a></li>
-		<li class="item<?php echo STEP == 4 ? ' active' : ''; ?>"><a href="?step=4"><?php echo _t ('version_update'); ?></a></li>
-		<li class="item<?php echo STEP == 5 ? ' active' : ''; ?>"><a href="?step=5"><?php echo _t ('this_is_the_end'); ?></a></li>
+		<li class="nav-header"><?php echo _t('steps'); ?></li>
+		<li class="item<?php echo STEP == 0 ? ' active' : ''; ?>"><a href="?step=0"><?php echo _t('language'); ?></a></li>
+		<li class="item<?php echo STEP == 1 ? ' active' : ''; ?>"><a href="?step=1"><?php echo _t('checks'); ?></a></li>
+		<li class="item<?php echo STEP == 2 ? ' active' : ''; ?>"><a href="?step=2"><?php echo _t('general_configuration'); ?></a></li>
+		<li class="item<?php echo STEP == 3 ? ' active' : ''; ?>"><a href="?step=3"><?php echo _t('bdd_configuration'); ?></a></li>
+		<li class="item<?php echo STEP == 4 ? ' active' : ''; ?>"><a href="?step=5"><?php echo _t('this_is_the_end'); ?></a></li>
 	</ul>
 
 	<div class="post">
@@ -1104,25 +810,22 @@ case 6:
 		switch (STEP) {
 		case 0:
 		default:
-			printStep0 ();
+			printStep0();
 			break;
 		case 1:
-			printStep1 ();
+			printStep1();
 			break;
 		case 2:
-			printStep2 ();
+			printStep2();
 			break;
 		case 3:
-			printStep3 ();
+			printStep3();
 			break;
 		case 4:
-			printStep4 ();
+			printStep4();
 			break;
 		case 5:
-			printStep5 ();
-			break;
-		case 6:
-			printStep6 ();
+			printStep5();
 			break;
 		}
 		?>
-- 
cgit v1.2.3


From a05fc42827c14083d912fdc22d06e6c012c0ac04 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Tue, 16 Sep 2014 11:12:36 +0200
Subject: Fix theme path for installation

---
 app/install.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/install.php')

diff --git a/app/install.php b/app/install.php
index f563d58d3..55b8a0065 100644
--- a/app/install.php
+++ b/app/install.php
@@ -783,7 +783,7 @@ case 5:
 		<meta charset="utf-8">
 		<meta name="viewport" content="initial-scale=1.0">
 		<title><?php echo _t('freshrss_installation'); ?></title>
-		<link rel="stylesheet" type="text/css" media="all" href="../themes/Origine/template.css" />
+		<link rel="stylesheet" type="text/css" media="all" href="../themes/base-theme/template.css" />
 		<link rel="stylesheet" type="text/css" media="all" href="../themes/Origine/origine.css" />
 	</head>
 	<body>
-- 
cgit v1.2.3


From 2aba7e037d9cbdbe1ed7b39a11658b3ffce8ab6e Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Tue, 16 Sep 2014 12:05:58 +0200
Subject: Add a "toggle password" button during installation

---
 app/install.php | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

(limited to 'app/install.php')

diff --git a/app/install.php b/app/install.php
index 55b8a0065..8986e9965 100644
--- a/app/install.php
+++ b/app/install.php
@@ -608,7 +608,10 @@ function printStep2() {
 		<div class="form-group">
 			<label class="group-name" for="passwordPlain"><?php echo _t('password_form'); ?></label>
 			<div class="group-controls">
-				<input type="password" id="passwordPlain" name="passwordPlain" pattern=".{7,}" autocomplete="off" <?php echo $_SESSION['auth_type'] === 'form' ? ' required="required"' : ''; ?> />
+				<div class="stick">
+					<input type="password" id="passwordPlain" name="passwordPlain" pattern=".{7,}" autocomplete="off" <?php echo $_SESSION['auth_type'] === 'form' ? ' required="required"' : ''; ?> />
+					<a class="btn toggle-password" data-toggle="passwordPlain"><?php echo FreshRSS_Themes::icon('key'); ?></a>
+				</div>
 				<noscript><b><?php echo _t('javascript_should_be_activated'); ?></b></noscript>
 			</div>
 		</div>
@@ -622,6 +625,25 @@ function printStep2() {
 		</div>
 
 		<script>
+			function toggle_password() {
+				var button = this;
+				var passwordField = document.getElementById(button.getAttribute('data-toggle'));
+
+				passwordField.setAttribute('type', 'text');
+				button.className += ' active';
+
+				setTimeout(function() {
+					passwordField.setAttribute('type', 'password');
+					button.className = button.className.replace(/(?:^|\s)active(?!\S)/g , '');
+				}, 2000);
+
+				return false;
+			}
+			toggles = document.getElementsByClassName('toggle-password');
+			for (var i = 0 ; i < toggles.length ; i++) {
+				toggles[i].addEventListener('click', toggle_password);
+			}
+
 			function auth_type_change() {
 				var auth_value = document.getElementById('auth_type').value,
 				    password_input = document.getElementById('passwordPlain'),
-- 
cgit v1.2.3


From 75bf305b2f084958d43689b3781d03a29cc21f60 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Wed, 17 Sep 2014 14:07:52 +0200
Subject: Test HTTP REFERER in install.php

Test is actually basic, we need to use
Minz_Request::isRefererFromSameDomain() method to improve checking
---
 app/i18n/install.en.php |  2 ++
 app/i18n/install.fr.php |  2 ++
 app/install.php         | 11 ++++++++++-
 3 files changed, 14 insertions(+), 1 deletion(-)

(limited to 'app/install.php')

diff --git a/app/i18n/install.en.php b/app/i18n/install.en.php
index 50208fcef..487b5073a 100644
--- a/app/i18n/install.en.php
+++ b/app/i18n/install.en.php
@@ -42,6 +42,8 @@ return array (
 	'data_is_ok'			=> 'Permissions on data directory are good',
 	'persona_is_ok'			=> 'Permissions on Mozilla Persona directory are good',
 	'file_is_nok'			=> 'Check permissions on <em>%s</em> directory. HTTP server must have rights to write into',
+	'http_referer_is_ok'		=> 'Your HTTP REFERER is known and corresponds to your server.',
+	'http_referer_is_nok'		=> 'Please check you are not altering your HTTP REFERER.',
 	'fix_errors_before'		=> 'Fix errors before skip to the next step.',
 
 	'general_conf_is_ok'		=> 'General configuration has been saved.',
diff --git a/app/i18n/install.fr.php b/app/i18n/install.fr.php
index 9c039f904..785c02459 100644
--- a/app/i18n/install.fr.php
+++ b/app/i18n/install.fr.php
@@ -42,6 +42,8 @@ return array (
 	'data_is_ok'			=> 'Les droits sur le répertoire de data sont bons',
 	'persona_is_ok'			=> 'Les droits sur le répertoire de Mozilla Persona sont bons',
 	'file_is_nok'			=> 'Veuillez vérifier les droits sur le répertoire <em>%s</em>. Le serveur HTTP doit être capable d’écrire dedans',
+	'http_referer_is_ok'		=> 'Le HTTP REFERER est connu et semble correspondre à votre serveur.',
+	'http_referer_is_nok'		=> 'Veuillez vérifier que vous ne modifiez pas votre HTTP REFERER.',
 	'fix_errors_before'		=> 'Veuillez corriger les erreurs avant de passer à l’étape suivante.',
 
 	'general_conf_is_ok'		=> 'La configuration générale a été enregistrée.',
diff --git a/app/install.php b/app/install.php
index 8986e9965..f31764545 100644
--- a/app/install.php
+++ b/app/install.php
@@ -307,6 +307,7 @@ function checkStep1() {
 	$log = LOG_PATH && is_writable(LOG_PATH);
 	$favicons = is_writable(DATA_PATH . '/favicons');
 	$persona = is_writable(DATA_PATH . '/persona');
+	$http_referer = !empty($_SERVER['HTTP_REFERER']);
 
 	return array(
 		'php' => $php ? 'ok' : 'ko',
@@ -323,8 +324,10 @@ function checkStep1() {
 		'log' => $log ? 'ok' : 'ko',
 		'favicons' => $favicons ? 'ok' : 'ko',
 		'persona' => $persona ? 'ok' : 'ko',
+		'http_referer' => $http_referer ? 'ok' : 'ko',
 		'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom &&
-		         $data && $cache && $log && $favicons && $persona ? 'ok' : 'ko'
+		         $data && $cache && $log && $favicons && $persona && $http_referer ?
+		         'ok' : 'ko'
 	);
 }
 
@@ -548,6 +551,12 @@ function printStep1() {
 	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('file_is_nok', DATA_PATH . '/persona'); ?></p>
 	<?php } ?>
 
+	<?php if ($res['http_referer'] == 'ok') { ?>
+	<p class="alert alert-success"><span class="alert-head"><?php echo _t('ok'); ?></span> <?php echo _t('http_referer_is_ok'); ?></p>
+	<?php } else { ?>
+	<p class="alert alert-error"><span class="alert-head"><?php echo _t('damn'); ?></span> <?php echo _t('http_referer_is_nok'); ?></p>
+	<?php } ?>
+
 	<?php if ($res['all'] == 'ok') { ?>
 	<a class="btn btn-important next-step" href="?step=2"><?php echo _t('next_step'); ?></a>
 	<?php } else { ?>
-- 
cgit v1.2.3


From fc7d2a0bf271e43a9e6001dccef61ec0762eb840 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Wed, 17 Sep 2014 14:21:56 +0200
Subject: Move http referer test into lib_rss

Rename method (coding style)
Change in app/FreshRSS.php
Improve test of app/install.php
---
 app/FreshRSS.php     |  2 +-
 app/install.php      |  2 +-
 lib/Minz/Request.php | 14 --------------
 lib/lib_rss.php      | 14 ++++++++++++++
 4 files changed, 16 insertions(+), 16 deletions(-)

(limited to 'app/install.php')

diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index 6cca27f78..347b8392f 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -6,7 +6,7 @@ class FreshRSS extends Minz_FrontController {
 		}
 		$loginOk = $this->accessControl(Minz_Session::param('currentUser', ''));
 		$this->loadParamsView();
-		if (Minz_Request::isPost() && !Minz_Request::isRefererFromSameDomain()) {
+		if (Minz_Request::isPost() && !is_referer_from_same_domain()) {
 			$loginOk = false;	//Basic protection against XSRF attacks
 			Minz_Error::error(
 				403,
diff --git a/app/install.php b/app/install.php
index f31764545..362ffec48 100644
--- a/app/install.php
+++ b/app/install.php
@@ -307,7 +307,7 @@ function checkStep1() {
 	$log = LOG_PATH && is_writable(LOG_PATH);
 	$favicons = is_writable(DATA_PATH . '/favicons');
 	$persona = is_writable(DATA_PATH . '/persona');
-	$http_referer = !empty($_SERVER['HTTP_REFERER']);
+	$http_referer = is_referer_from_same_domain();
 
 	return array(
 		'php' => $php ? 'ok' : 'ko',
diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php
index ec4e25a6b..52f53012f 100644
--- a/lib/Minz/Request.php
+++ b/lib/Minz/Request.php
@@ -84,20 +84,6 @@ class Minz_Request {
 		return $_SERVER['HTTP_HOST'];
 	}
 
-	public static function isRefererFromSameDomain() {
-		if (empty($_SERVER['HTTP_REFERER'])) {
-			return false;
-		}
-		$host = parse_url(((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://') .
-			(empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']));
-		$referer = parse_url($_SERVER['HTTP_REFERER']);
-		if (empty($host['scheme']) || empty($referer['scheme']) || $host['scheme'] !== $referer['scheme'] ||
-		    empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) {
-			return false;
-		}
-		return (isset($host['port']) ? $host['port'] : 0) === (isset($referer['port']) ? $referer['port'] : 0);
-	}
-
 	/**
 	 * Détermine la base de l'url
 	 * @return la base de l'url
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 823f53716..31c9cdbc1 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -230,3 +230,17 @@ function cryptAvailable() {
 	}
 	return false;
 }
+
+function is_referer_from_same_domain() {
+	if (empty($_SERVER['HTTP_REFERER'])) {
+		return false;
+	}
+	$host = parse_url(((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://') .
+		(empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']));
+	$referer = parse_url($_SERVER['HTTP_REFERER']);
+	if (empty($host['scheme']) || empty($referer['scheme']) || $host['scheme'] !== $referer['scheme'] ||
+	    empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) {
+		return false;
+	}
+	return (isset($host['port']) ? $host['port'] : 0) === (isset($referer['port']) ? $referer['port'] : 0);
+}
-- 
cgit v1.2.3


From 5c752f71e9bd07d2e8f9ffd4b246cf4216c7a85f Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Thu, 18 Sep 2014 09:15:24 +0200
Subject: Fix a serie of undefined index (app/install.php)

---
 app/install.php | 41 +++++++++++++++++++++++++++--------------
 1 file changed, 27 insertions(+), 14 deletions(-)

(limited to 'app/install.php')

diff --git a/app/install.php b/app/install.php
index 362ffec48..4449cd063 100644
--- a/app/install.php
+++ b/app/install.php
@@ -149,7 +149,7 @@ function saveStep2() {
 
 		$config_array = array(
 			'language' => $_SESSION['language'],
-			'theme' => $_SESSION['theme'],
+			'theme' => 'Origine',
 			'old_entries' => $_SESSION['old_entries'],
 			'mail_login' => $_SESSION['mail_login'],
 			'passwordHash' => $_SESSION['passwordHash'],
@@ -337,9 +337,15 @@ function checkStep2() {
 	        isset($_SESSION['mail_login']) &&
 	        !empty($_SESSION['default_user']);
 
-	$form = $_SESSION['auth_type'] != 'form' || !empty($_SESSION['passwordHash']);
+	$form = (
+		isset($_SESSION['auth_type']) &&
+		($_SESSION['auth_type'] != 'form' || !empty($_SESSION['passwordHash']))
+	);
 
-	$persona = $_SESSION['auth_type'] != 'persona' || !empty($_SESSION['mail_login']);
+	$persona = (
+		isset($_SESSION['auth_type']) &&
+		($_SESSION['auth_type'] != 'persona' || !empty($_SESSION['mail_login']))
+	);
 
 	$defaultUser = empty($_POST['default_user']) ? null : $_POST['default_user'];
 	if ($defaultUser === null) {
@@ -600,16 +606,17 @@ function printStep2() {
 		<div class="form-group">
 			<label class="group-name" for="auth_type"><?php echo _t('auth_type'); ?></label>
 			<div class="group-controls">
-				<select id="auth_type" name="auth_type" required="required" onchange="auth_type_change()">
+				<select id="auth_type" name="auth_type" required="required" onchange="auth_type_change(true)">
 					<?php
-						function no_auth() {
-							return !in_array($_SESSION['auth_type'], array('form', 'persona', 'http_auth', 'none'));
+						function no_auth($auth_type) {
+							return !in_array($auth_type, array('form', 'persona', 'http_auth', 'none'));
 						}
+						$auth_type = isset($_SESSION['auth_type']) ? $_SESSION['auth_type'] : '';
 					?>
-					<option value="form"<?php echo $_SESSION['auth_type'] === 'form' || no_auth() ? ' selected="selected"' : '', cryptAvailable() ? '' : ' disabled="disabled"'; ?>><?php echo _t('auth_form'); ?></option>
-					<option value="persona"<?php echo $_SESSION['auth_type'] === 'persona' ? ' selected="selected"' : ''; ?>><?php echo _t('auth_persona'); ?></option>
-					<option value="http_auth"<?php echo $_SESSION['auth_type'] === 'http_auth' ? ' selected="selected"' : '', httpAuthUser() == '' ? ' disabled="disabled"' : ''; ?>><?php echo _t('http_auth'); ?>(REMOTE_USER = '<?php echo httpAuthUser(); ?>')</option>
-					<option value="none"<?php echo $_SESSION['auth_type'] === 'none' ? ' selected="selected"' : ''; ?>><?php echo _t('auth_none'); ?></option>
+					<option value="form"<?php echo $auth_type === 'form' || no_auth($auth_type) ? ' selected="selected"' : '', cryptAvailable() ? '' : ' disabled="disabled"'; ?>><?php echo _t('auth_form'); ?></option>
+					<option value="persona"<?php echo $auth_type === 'persona' ? ' selected="selected"' : ''; ?>><?php echo _t('auth_persona'); ?></option>
+					<option value="http_auth"<?php echo $auth_type === 'http_auth' ? ' selected="selected"' : '', httpAuthUser() == '' ? ' disabled="disabled"' : ''; ?>><?php echo _t('http_auth'); ?>(REMOTE_USER = '<?php echo httpAuthUser(); ?>')</option>
+					<option value="none"<?php echo $auth_type === 'none' ? ' selected="selected"' : ''; ?>><?php echo _t('auth_none'); ?></option>
 				</select>
 			</div>
 		</div>
@@ -618,7 +625,7 @@ function printStep2() {
 			<label class="group-name" for="passwordPlain"><?php echo _t('password_form'); ?></label>
 			<div class="group-controls">
 				<div class="stick">
-					<input type="password" id="passwordPlain" name="passwordPlain" pattern=".{7,}" autocomplete="off" <?php echo $_SESSION['auth_type'] === 'form' ? ' required="required"' : ''; ?> />
+					<input type="password" id="passwordPlain" name="passwordPlain" pattern=".{7,}" autocomplete="off" <?php echo $auth_type === 'form' ? ' required="required"' : ''; ?> />
 					<a class="btn toggle-password" data-toggle="passwordPlain"><?php echo FreshRSS_Themes::icon('key'); ?></a>
 				</div>
 				<noscript><b><?php echo _t('javascript_should_be_activated'); ?></b></noscript>
@@ -628,7 +635,7 @@ function printStep2() {
 		<div class="form-group">
 			<label class="group-name" for="mail_login"><?php echo _t('persona_connection_email'); ?></label>
 			<div class="group-controls">
-				<input type="email" id="mail_login" name="mail_login" value="<?php echo isset($_SESSION['mail_login']) ? $_SESSION['mail_login'] : ''; ?>" placeholder="alice@example.net" <?php echo $_SESSION['auth_type'] === 'persona' ? ' required="required"' : ''; ?> />
+				<input type="email" id="mail_login" name="mail_login" value="<?php echo isset($_SESSION['mail_login']) ? $_SESSION['mail_login'] : ''; ?>" placeholder="alice@example.net" <?php echo $auth_type === 'persona' ? ' required="required"' : ''; ?> />
 				<noscript><b><?php echo _t('javascript_should_be_activated'); ?></b></noscript>
 			</div>
 		</div>
@@ -653,7 +660,7 @@ function printStep2() {
 				toggles[i].addEventListener('click', toggle_password);
 			}
 
-			function auth_type_change() {
+			function auth_type_change(focus) {
 				var auth_value = document.getElementById('auth_type').value,
 				    password_input = document.getElementById('passwordPlain'),
 				    mail_input = document.getElementById('mail_login');
@@ -661,15 +668,21 @@ function printStep2() {
 				if (auth_value === 'form') {
 					password_input.required = true;
 					mail_input.required = false;
+					if (focus) {
+						password_input.focus();
+					}
 				} else if (auth_value === 'persona') {
 					password_input.required = false;
 					mail_input.required = true;
+					if (focus) {
+						mail_input.focus();
+					}
 				} else {
 					password_input.required = false;
 					mail_input.required = false;
 				}
 			}
-			auth_type_change();
+			auth_type_change(false);
 		</script>
 
 		<div class="form-group form-actions">
-- 
cgit v1.2.3