<?

php
/**
* WordPress Installer
*
* @package WordPress
* @subpackage Administration
*/

// Sanity check.
if ( false ) {
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<title>Error: PHP is not running</title>
</head>
<body class="wp-core-ui">
<p id="logo"><a href="https://wordpress.org/">WordPress</a></p>
<h1>Error: PHP is not running</h1>
<p>WordPress requires that your web server is running PHP. Your
server does not have PHP installed, or PHP is turned off.</p>
</body>
</html>
<?php
}

/**
* We are installing WordPress.
*
* @since 1.5.1
* @var bool
*/
define( 'WP_INSTALLING', true );

/** Load WordPress Bootstrap */

require_once( dirname( dirname( __FILE__ ) ) . '/wp-load.php' );

/** Load WordPress Administration Upgrade API */

require_once( ABSPATH . 'wp-admin/includes/upgrade.php' );

/** Load WordPress Translation Install API */

require_once( ABSPATH . 'wp-admin/includes/translation-install.php' );

/** Load wpdb */

require_once( ABSPATH . WPINC . '/wp-db.php' );

nocache_headers();

$step = isset( $_GET['step'] ) ? (int) $_GET['step'] : 0;

/**

* Display install header.

*
* @since 2.5.0
*
* @param string $body_classes
*/
function display_header( $body_classes = '' ) {
header( 'Content-Type: text/html; charset=utf-8' );
if ( is_rtl() ) {
$body_classes .= 'rtl';
}
if ( $body_classes ) {
$body_classes = ' ' . $body_classes;
}
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" <?php
language_attributes(); ?>>
<head>
<meta name="viewport" content="width=device-width" />
<meta http-equiv="Content-Type" content="text/html; charset=utf8" />
<meta name="robots" content="noindex,nofollow" />
<title><?php _e( 'WordPress &rsaquo; Installation' ); ?></title>
<?php
wp_admin_css( 'install', true );
wp_admin_css( 'dashicons', true );

?>
</head>
<body class="wp-core-ui<?php echo $body_classes ?>">
<p id="logo"><a href="<?php echo esc_url( __( 'https://wordpress.org/' ) ); ?
>" tabindex="-1"><?php _e( 'WordPress' ); ?></a></p>

<?php
} // end display_header()

/**
* Display installer setup form.
*
* @since 2.8.0
*
* @param string|null $error
*/
function display_setup_form( $error = null ) {
global $wpdb;

$sql = $wpdb->prepare( "SHOW TABLES LIKE %s", $wpdb>esc_like( $wpdb->users ) );

$user_table = ( $wpdb->get_var( $sql ) != null );

// Ensure that Blogs appear in search engines by default.

$blog_public = 1;
if ( isset( $_POST['weblog_title'] ) ) {
$blog_public = isset( $_POST['blog_public'] );

$weblog_title = isset( $_POST['weblog_title'] ) ?

trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
$user_name = isset($_POST['user_name']) ?
trim( wp_unslash( $_POST['user_name'] ) ) : '';
$admin_email = isset( $_POST['admin_email'] ) ?
trim( wp_unslash( $_POST['admin_email'] ) ) : '';

if ( ! is_null( $error ) ) {
?>
<h1><?php _ex( 'Welcome', 'Howdy' ); ?></h1>
<p class="message"><?php echo $error; ?></p>
<?php } ?>
<form id="setup" method="post" action="install.php?step=2"
novalidate="novalidate">
<table class="form-table">
<tr>
<th scope="row"><label for="weblog_title"><?php
_e( 'Site Title' ); ?></label></th>
<td><input name="weblog_title" type="text"
id="weblog_title" size="25" value="<?php echo esc_attr( $weblog_title ); ?>"
/></td>
</tr>
<tr>
<th scope="row"><label for="user_login"><?php
_e('Username'); ?></label></th>
<td>
<?php

if ( $user_table ) {
_e('User(s) already exists.');
echo '<input name="user_name" type="hidden"
value="admin" />';
} else {
?><input name="user_name" type="text"
id="user_login" size="25" value="<?php echo
esc_attr( sanitize_user( $user_name, true ) ); ?>" />
<p><?php _e( 'Usernames can have only
alphanumeric characters, spaces, underscores, hyphens, periods, and the @
symbol.' ); ?></p>
<?php
} ?>
</td>
</tr>
<?php if ( ! $user_table ) : ?>
<tr class="form-field form-required user-pass1-wrap">
<th scope="row">
<label for="pass1">
<?php _e( 'Password' ); ?>
</label>
</th>
<td>
<div class="">
<?php $initial_password =
isset( $_POST['admin_password'] ) ? stripslashes( $_POST['admin_password'] )
: wp_generate_password( 18 ); ?>
<input type="password"
name="admin_password" id="pass1" class="regular-text"
autocomplete="off" data-reveal="1" data-pw="<?php echo

esc_attr( $initial_password ); ?>" aria-describedby="pass-strength-result" />

<button type="button" class="button wphide-pw hide-if-no-js" data-start-masked="<?php echo (int)
isset( $_POST['admin_password'] ); ?>" data-toggle="0" aria-label="<?php
esc_attr_e( 'Hide password' ); ?>">
<span class="dashicons dashiconshidden"></span>
<span class="text"><?php
_e( 'Hide' ); ?></span>
</button>
<div id="pass-strength-result" arialive="polite"></div>
</div>
<p><span class="description important hide-if-nojs">
<strong><?php _e( 'Important:' ); ?></strong>
<?php /* translators: The non-breaking space
prevents 1Password from thinking the text "log in" should trigger a password
save prompt. */ ?>
<?php _e( 'You will need this password to
log&nbsp;in. Please store it in a secure location.' ); ?></span></p>
</td>
</tr>
<tr class="form-field form-required user-pass2-wrap hide-if-js">
<th scope="row">
<label for="pass2"><?php _e( 'Repeat Password' );
?>
<span class="description"><?php
_e( '(required)' ); ?></span>
</label>
</th>

<td>
<input name="admin_password2"
type="password" id="pass2" autocomplete="off" />
</td>
</tr>
<tr class="pw-weak">
<th scope="row"><?php _e( 'Confirm Password' ); ?
></th>
<td>
<label>
<input type="checkbox" name="pw_weak"
class="pw-checkbox" />
<?php _e( 'Confirm use of weak
password' ); ?>
</label>
</td>
</tr>
<?php endif; ?>
<tr>
<th scope="row"><label for="admin_email"><?php
_e( 'Your Email' ); ?></label></th>
<td><input name="admin_email" type="email"
id="admin_email" size="25" value="<?php echo esc_attr( $admin_email ); ?
>" />
<p><?php _e( 'Double-check your email address before
continuing.' ); ?></p></td>
</tr>
<tr>
<th scope="row"><?php
has_action( 'blog_privacy_selector' ) ? _e( 'Site Visibility' ) : _e( 'Search Engine

Visibility' ); ?></th>
<td>
<fieldset>
<legend class="screen-readertext"><span><?php has_action( 'blog_privacy_selector' ) ? _e( 'Site Visibility'
) : _e( 'Search Engine Visibility' ); ?> </span></legend>
<?php
if ( has_action( 'blog_privacy_selector' ) ) { ?
>
<input id="blog-public" type="radio"
name="blog_public" value="1" <?php checked( 1, $blog_public ); ?> />
<label for="blog-public"><?php
_e( 'Allow search engines to index this site' );?></label><br/>
<input id="blog-norobots"
type="radio" name="blog_public" value="0" <?php checked( 0,
$blog_public ); ?> />
<label for="blog-norobots"><?php _e(
'Discourage search engines from indexing this site' ); ?></label>
<p class="description"><?php
_e( 'Note: Neither of these options blocks access to your site &mdash; it is up
to search engines to honor your request.' ); ?></p>
<?php
/** This action is documented in wpadmin/options-reading.php */
do_action( 'blog_privacy_selector' );
} else { ?>
<label for="blog_public"><input
name="blog_public" type="checkbox" id="blog_public" value="0" <?php
checked( 0, $blog_public ); ?> />
<?php _e( 'Discourage search engines
from indexing this site' ); ?></label>
<p class="description"><?php _e( 'It

is up to search engines to honor this request.' ); ?></p>

<?php } ?>
</fieldset>
</td>
</tr>
</table>
<p class="step"><?php submit_button( __( 'Install WordPress' ),
'large', 'Submit', false, array( 'id' => 'submit' ) ); ?></p>
<input type="hidden" name="language" value="<?php echo
isset( $_REQUEST['language'] ) ? esc_attr( $_REQUEST['language'] ) : ''; ?
>" />
</form>
<?php
} // end display_setup_form()

// Let's check to make sure WP isn't already installed.

if ( is_blog_installed() ) {
display_header();
die(
'<h1>' . __( 'Already Installed' ) . '</h1>' .
'<p>' . __( 'You appear to have already installed WordPress. To
reinstall please clear your old database tables first.' ) . '</p>' .
'<p class="step"><a href="' . esc_url( wp_login_url() ) . '"
class="button button-large">' . __( 'Log In' ) . '</a></p>' .
'</body></html>'
);
}

/**
* @global string $wp_version
* @global string $required_php_version
* @global string $required_mysql_version
* @global wpdb $wpdb
*/
global $wp_version, $required_php_version, $required_mysql_version;

$php_version

= phpversion();

$mysql_version = $wpdb->db_version();
$php_compat
'>=' );

= version_compare( $php_version, $required_php_version,

$mysql_compat = version_compare( $mysql_version,

$required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );

if ( !$mysql_compat && !$php_compat ) {

/* translators: 1: WordPress version number, 2: Minimum required PHP
version number, 3: Minimum required MySQL version number, 4: Current PHP
version number, 5: Current MySQL version number */
$compat = sprintf( __( 'You cannot install because <a
href="https://codex.wordpress.org/Version_%1$s">WordPress %1$s</a>
requires PHP version %2$s or higher and MySQL version %3$s or higher. You
are running PHP version %4$s and MySQL version %5$s.' ), $wp_version,
$required_php_version, $required_mysql_version, $php_version,
$mysql_version );
} elseif ( !$php_compat ) {
/* translators: 1: WordPress version number, 2: Minimum required PHP
version number, 3: Current PHP version number */
$compat = sprintf( __( 'You cannot install because <a
href="https://codex.wordpress.org/Version_%1$s">WordPress %1$s</a>
requires PHP version %2$s or higher. You are running version %3$s.' ),

$wp_version, $required_php_version, $php_version );

} elseif ( !$mysql_compat ) {
/* translators: 1: WordPress version number, 2: Minimum required
MySQL version number, 3: Current MySQL version number */
$compat = sprintf( __( 'You cannot install because <a
href="https://codex.wordpress.org/Version_%1$s">WordPress %1$s</a>
requires MySQL version %2$s or higher. You are running version %3$s.' ),
$wp_version, $required_mysql_version, $mysql_version );
}

if ( !$mysql_compat || !$php_compat ) {
display_header();
die( '<h1>' . __( 'Insufficient Requirements' ) . '</h1><p>' . $compat .
'</p></body></html>' );
}

if ( ! is_string( $wpdb->base_prefix ) || '' === $wpdb->base_prefix ) {

display_header();
die(
'<h1>' . __( 'Configuration Error' ) . '</h1>' .
'<p>' . sprintf(
/* translators: %s: wp-config.php */
__( 'Your %s file has an empty database table prefix,
which is not supported.' ),
'<code>wp-config.php</code>'
) . '</p></body></html>'
);
}

// Set error message if DO_NOT_UPGRADE_GLOBAL_TABLES isn't set as it will

break install.
if ( defined( 'DO_NOT_UPGRADE_GLOBAL_TABLES' ) ) {
display_header();
die(
'<h1>' . __( 'Configuration Error' ) . '</h1>' .
'<p>' . sprintf(
/* translators: %s: DO_NOT_UPGRADE_GLOBAL_TABLES */
__( 'The constant %s cannot be defined when installing
WordPress.' ),
'<code>DO_NOT_UPGRADE_GLOBAL_TABLES</code>'
) . '</p></body></html>'
);
}

/**
* @global string

$wp_local_package

* @global WP_Locale $wp_locale

*/
$language = '';
if ( ! empty( $_REQUEST['language'] ) ) {
$language = preg_replace( '/[^a-zA-Z_]/', '', $_REQUEST['language'] );
} elseif ( isset( $GLOBALS['wp_local_package'] ) ) {
$language = $GLOBALS['wp_local_package'];
}

$scripts_to_print = array( 'jquery' );

switch($step) {
case 0: // Step 0
if ( wp_can_install_language_pack() && empty( $language ) && (
$languages = wp_get_available_translations() ) ) {
$scripts_to_print[] = 'language-chooser';
display_header( 'language-chooser' );
echo '<form id="setup" method="post" action="?
step=1">';
wp_install_language_form( $languages );
echo '</form>';
break;
}

// Deliberately fall through if we can't reach the translations API.

case 1: // Step 1, direct link or from language chooser.

if ( ! empty( $language ) ) {
$loaded_language =
wp_download_language_pack( $language );
if ( $loaded_language ) {
load_default_textdomain( $loaded_language );
$GLOBALS['wp_locale'] = new WP_Locale();
}
}

$scripts_to_print[] = 'user-profile';

display_header();
?>
<h1><?php _ex( 'Welcome', 'Howdy' ); ?></h1>
<p><?php _e( 'Welcome to the famous five-minute WordPress installation
process! Just fill in the information below and you&#8217;ll be on your way to
using the most extendable and powerful personal publishing platform in the
world.' ); ?></p>

<h2><?php _e( 'Information needed' ); ?></h2>

<p><?php _e( 'Please provide the following information. Don&#8217;t worry,
you can always change these settings later.' ); ?></p>

<?php
display_setup_form();
break;
case 2:
if ( ! empty( $language ) &&
load_default_textdomain( $language ) ) {
$loaded_language = $language;
$GLOBALS['wp_locale'] = new WP_Locale();
} else {
$loaded_language = 'en_US';
}

if ( ! empty( $wpdb->error ) )
wp_die( $wpdb->error->get_error_message() );

$scripts_to_print[] = 'user-profile';

// Fill in the data we gathered

$weblog_title = isset( $_POST['weblog_title'] ) ?
trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
$user_name = isset($_POST['user_name']) ?
trim( wp_unslash( $_POST['user_name'] ) ) : '';
$admin_password = isset($_POST['admin_password']) ?
wp_unslash( $_POST['admin_password'] ) : '';
$admin_password_check = isset($_POST['admin_password2']) ?
wp_unslash( $_POST['admin_password2'] ) : '';
$admin_email = isset( $_POST['admin_email'] ) ?
trim( wp_unslash( $_POST['admin_email'] ) ) : '';
$public
= isset( $_POST['blog_public'] ) ? (int)
$_POST['blog_public'] : 1;

// Check email address.

$error = false;
if ( empty( $user_name ) ) {
// TODO: poka-yoke
display_header();
display_setup_form( __( 'Please provide a valid username.'
) );
$error = true;
} elseif ( $user_name != sanitize_user( $user_name, true ) ) {
display_header();
display_setup_form( __( 'The username you provided has
invalid characters.' ) );
$error = true;

} elseif ( $admin_password != $admin_password_check ) {

// TODO: poka-yoke
display_header();
display_setup_form( __( 'Your passwords do not match.
Please try again.' ) );
$error = true;
} elseif ( empty( $admin_email ) ) {
// TODO: poka-yoke
display_header();
display_setup_form( __( 'You must provide an email
address.' ) );
$error = true;
} elseif ( ! is_email( $admin_email ) ) {
// TODO: poka-yoke
display_header();
display_setup_form( __( 'Sorry, that isn&#8217;t a valid
email address. Email addresses look like
<code>[email protected]</code>.' ) );
$error = true;
}

if ( $error === false ) {

$wpdb->show_errors();
$result = wp_install( $weblog_title, $user_name,
$admin_email, $public, '', wp_slash( $admin_password ), $loaded_language );

// Log the user in and send them to wp-admin:

if ( ! headers_sent() ) {

wp_set_auth_cookie( $result['user_id'], true,

is_ssl() );
wp_redirect( admin_url() );
exit;
}

// If headers have already been sent, fall back to a

"Success!" message:
display_header();
?>

<h1><?php _e( 'Success!' ); ?></h1>

<p><?php _e( 'WordPress has been installed. Thank you, and enjoy!' ); ?
></p>

<table class="form-table install-success">

<tr>
<th><?php _e( 'Username' ); ?></th>
<td><?php echo esc_html( sanitize_user( $user_name,
true ) ); ?></td>
</tr>
<tr>
<th><?php _e( 'Password' ); ?></th>
<td><?php
if ( ! empty( $result['password'] ) &&
empty( $admin_password_check ) ): ?>
<code><?php echo esc_html( $result['password'] ) ?
></code><br />

<?php endif ?>

<p><?php echo $result['password_message'] ?></p>
</td>
</tr>
</table>

<p class="step"><a href="<?php echo esc_url( wp_login_url() ); ?>"

class="button button-large"><?php _e( 'Log In' ); ?></a></p>

<?php
}
break;
}

if ( ! wp_is_mobile() ) {
?>
<script type="text/javascript">var t =
document.getElementById('weblog_title'); if (t){ t.focus(); }</script>
<?php
}

wp_print_scripts( $scripts_to_print );
?>
<script type="text/javascript">
jQuery( function( $ ) {
$( '.hide-if-no-js' ).removeClass( 'hide-if-no-js' );
} );

</script>
</body>
</html>