1<?php
2/**
3 * WordPress Installer
4 *
5 * @package WordPress
6 * @subpackage Administration
7 */
8
9// Confidence check.
10if ( false ) {
11 ?>
12<!DOCTYPE html>
13<html>
14<head>
15 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
16 <title>Error: PHP is not running</title>
17</head>
18<body class="wp-core-ui">
19 <h1>Error: PHP is not running</h1>
20 <p>WordPress requires that your web server is running PHP. Your server does not have PHP installed, or PHP is turned off.</p>
21</body>
22</html>
23 <?php
24}
25
26/**
27 * We are installing WordPress.
28 *
29 * @since 1.5.1
30 * @var bool
31 */
32define( 'WP_INSTALLING', true );
33
34/** Load WordPress Bootstrap */
35require_once dirname( __DIR__ ) . '/wp-load.php';
36
37/** Load WordPress Administration Upgrade API */
38require_once ABSPATH . 'wp-admin/includes/upgrade.php';
39
40/** Load WordPress Translation Install API */
41require_once ABSPATH . 'wp-admin/includes/translation-install.php';
42
43/** Load wpdb */
44require_once ABSPATH . WPINC . '/class-wpdb.php';
45
46nocache_headers();
47
48$step = isset( $_GET['step'] ) ? (int) $_GET['step'] : 0;
49
50/**
51 * Display installation header.
52 *
53 * @since 2.5.0
54 *
55 * @param string $body_classes
56 */
57function display_header( $body_classes = '' ) {
58 header( 'Content-Type: text/html; charset=utf-8' );
59 if ( is_rtl() ) {
60 $body_classes .= 'rtl';
61 }
62 if ( $body_classes ) {
63 $body_classes = ' ' . $body_classes;
64 }
65 ?>
66<!DOCTYPE html>
67<html <?php language_attributes(); ?>>
68<head>
69 <meta name="viewport" content="width=device-width, initial-scale=1.0" />
70 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
71 <meta name="robots" content="noindex,nofollow" />
72 <title><?php _e( 'WordPress › Installation' ); ?></title>
73 <?php wp_admin_css( 'install', true ); ?>
74</head>
75<body class="wp-core-ui<?php echo $body_classes; ?>">
76<p id="logo"><?php _e( 'WordPress' ); ?></p>
77
78 <?php
79} // End display_header().
80
81/**
82 * Displays installer setup form.
83 *
84 * @since 2.8.0
85 *
86 * @global wpdb $wpdb WordPress database abstraction object.
87 *
88 * @param string|null $error
89 */
90function display_setup_form( $error = null ) {
91 global $wpdb;
92
93 $user_table = ( $wpdb->get_var( $wpdb->prepare( 'SHOW TABLES LIKE %s', $wpdb->esc_like( $wpdb->users ) ) ) !== null );
94
95 // Ensure that sites appear in search engines by default.
96 $blog_public = 1;
97 if ( isset( $_POST['weblog_title'] ) ) {
98 $blog_public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : $blog_public;
99 }
100
101 $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
102 $user_name = isset( $_POST['user_name'] ) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
103 $admin_email = isset( $_POST['admin_email'] ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
104
105 if ( ! is_null( $error ) ) {
106 ?>
107<h1><?php _ex( 'Welcome', 'Howdy' ); ?></h1>
108<p class="message"><?php echo $error; ?></p>
109<?php } ?>
110<form id="setup" method="post" action="install.php?step=2" novalidate="novalidate">
111 <table class="form-table" role="presentation">
112 <tr>
113 <th scope="row"><label for="weblog_title"><?php _e( 'Site Title' ); ?></label></th>
114 <td><input name="weblog_title" type="text" id="weblog_title" size="25" value="<?php echo esc_attr( $weblog_title ); ?>" /></td>
115 </tr>
116 <tr>
117 <th scope="row"><label for="user_login"><?php _e( 'Username' ); ?></label></th>
118 <td>
119 <?php
120 if ( $user_table ) {
121 _e( 'User(s) already exists.' );
122 echo '<input name="user_name" type="hidden" value="admin" />';
123 } else {
124 ?>
125 <input name="user_name" type="text" id="user_login" size="25" aria-describedby="user-name-desc" value="<?php echo esc_attr( sanitize_user( $user_name, true ) ); ?>" />
126 <p id="user-name-desc"><?php _e( 'Usernames can have only alphanumeric characters, spaces, underscores, hyphens, periods, and the @ symbol.' ); ?></p>
127 <?php
128 }
129 ?>
130 </td>
131 </tr>
132 <?php if ( ! $user_table ) : ?>
133 <tr class="form-field form-required user-pass1-wrap">
134 <th scope="row">
135 <label for="pass1">
136 <?php _e( 'Password' ); ?>
137 </label>
138 </th>
139 <td>
140 <div class="wp-pwd">
141 <?php $initial_password = isset( $_POST['admin_password'] ) ? stripslashes( $_POST['admin_password'] ) : wp_generate_password( 18 ); ?>
142 <div class="password-input-wrapper">
143 <input type="password" name="admin_password" id="pass1" class="regular-text" autocomplete="new-password" spellcheck="false" data-reveal="1" data-pw="<?php echo esc_attr( $initial_password ); ?>" aria-describedby="pass-strength-result admin-password-desc" />
144 <div id="pass-strength-result" aria-live="polite"></div>
145 </div>
146 <button type="button" class="button wp-hide-pw hide-if-no-js" data-start-masked="<?php echo (int) isset( $_POST['admin_password'] ); ?>" data-toggle="0" aria-label="<?php esc_attr_e( 'Hide password' ); ?>">
147 <span class="dashicons dashicons-hidden"></span>
148 <span class="text"><?php _e( 'Hide' ); ?></span>
149 </button>
150 </div>
151 <p id="admin-password-desc"><span class="description important hide-if-no-js">
152 <strong><?php _e( 'Important:' ); ?></strong>
153 <?php /* translators: The non-breaking space prevents 1Password from thinking the text "log in" should trigger a password save prompt. */ ?>
154 <?php _e( 'You will need this password to log in. Please store it in a secure location.' ); ?></span></p>
155 </td>
156 </tr>
157 <tr class="form-field form-required user-pass2-wrap hide-if-js">
158 <th scope="row">
159 <label for="pass2"><?php _e( 'Repeat Password' ); ?>
160 <span class="description"><?php _e( '(required)' ); ?></span>
161 </label>
162 </th>
163 <td>
164 <input type="password" name="admin_password2" id="pass2" autocomplete="new-password" spellcheck="false" />
165 </td>
166 </tr>
167 <tr class="pw-weak">
168 <th scope="row"><?php _e( 'Confirm Password' ); ?></th>
169 <td>
170 <label>
171 <input type="checkbox" name="pw_weak" class="pw-checkbox" />
172 <?php _e( 'Confirm use of weak password' ); ?>
173 </label>
174 </td>
175 </tr>
176 <?php endif; ?>
177 <tr>
178 <th scope="row"><label for="admin_email"><?php _e( 'Your Email' ); ?></label></th>
179 <td><input name="admin_email" type="email" id="admin_email" size="25" aria-describedby="admin-email-desc" value="<?php echo esc_attr( $admin_email ); ?>" />
180 <p id="admin-email-desc"><?php _e( 'Double-check your email address before continuing.' ); ?></p></td>
181 </tr>
182 <?php $blog_privacy_selector_title = has_action( 'blog_privacy_selector' ) ? __( 'Site visibility' ) : __( 'Search engine visibility' ); ?>
183 <tr>
184 <th scope="row"><?php echo $blog_privacy_selector_title; ?></th>
185 <td>
186 <fieldset>
187 <legend class="screen-reader-text"><span><?php echo $blog_privacy_selector_title; ?></span></legend>
188 <?php
189 if ( has_action( 'blog_privacy_selector' ) ) {
190 ?>
191 <input id="blog-public" type="radio" name="blog_public" value="1" <?php checked( 1, $blog_public ); ?> />
192 <label for="blog-public"><?php _e( 'Allow search engines to index this site' ); ?></label><br />
193 <input id="blog-norobots" type="radio" name="blog_public" aria-describedby="public-desc" value="0" <?php checked( 0, $blog_public ); ?> />
194 <label for="blog-norobots"><?php _e( 'Discourage search engines from indexing this site' ); ?></label>
195 <p id="public-desc" class="description"><?php _e( 'Note: Discouraging search engines does not block access to your site — it is up to search engines to honor your request.' ); ?></p>
196 <?php
197 /** This action is documented in wp-admin/options-reading.php */
198 do_action( 'blog_privacy_selector' );
199 } else {
200 ?>
201 <label for="blog_public"><input name="blog_public" type="checkbox" id="blog_public" aria-describedby="privacy-desc" value="0" <?php checked( 0, $blog_public ); ?> />
202 <?php _e( 'Discourage search engines from indexing this site' ); ?></label>
203 <p id="privacy-desc" class="description"><?php _e( 'It is up to search engines to honor this request.' ); ?></p>
204 <?php } ?>
205 </fieldset>
206 </td>
207 </tr>
208 </table>
209 <p class="step"><?php submit_button( __( 'Install WordPress' ), 'large', 'Submit', false, array( 'id' => 'submit' ) ); ?></p>
210 <input type="hidden" name="language" value="<?php echo isset( $_REQUEST['language'] ) ? esc_attr( $_REQUEST['language'] ) : ''; ?>" />
211</form>
212 <?php
213} // End display_setup_form().
214
215// Let's check to make sure WP isn't already installed.
216if ( is_blog_installed() ) {
217 display_header();
218 die(
219 '<h1>' . __( 'Already Installed' ) . '</h1>' .
220 '<p>' . __( 'You appear to have already installed WordPress. To reinstall please clear your old database tables first.' ) . '</p>' .
221 '<p class="step"><a href="' . esc_url( wp_login_url() ) . '">' . __( 'Log In' ) . '</a></p>' .
222 '</body></html>'
223 );
224}
225
226/**
227 * @global string $wp_version The WordPress version string.
228 * @global string $required_php_version The minimum required PHP version string.
229 * @global string[] $required_php_extensions The names of required PHP extensions.
230 * @global string $required_mysql_version The minimum required MySQL version string.
231 * @global wpdb $wpdb WordPress database abstraction object.
232 */
233global $wp_version, $required_php_version, $required_php_extensions, $required_mysql_version, $wpdb;
234
235$php_version = PHP_VERSION;
236$mysql_version = $wpdb->db_version();
237$php_compat = version_compare( $php_version, $required_php_version, '>=' );
238$mysql_compat = version_compare( $mysql_version, $required_mysql_version, '>=' ) || file_exists( WP_CONTENT_DIR . '/db.php' );
239
240$version_url = sprintf(
241 /* translators: %s: WordPress version. */
242 esc_url( __( 'https://wordpress.org/documentation/wordpress-version/version-%s/' ) ),
243 sanitize_title( $wp_version )
244);
245
246$php_update_message = '</p><p>' . sprintf(
247 /* translators: %s: URL to Update PHP page. */
248 __( '<a href="%s">Learn more about updating PHP</a>.' ),
249 esc_url( wp_get_update_php_url() )
250);
251
252$annotation = wp_get_update_php_annotation();
253
254if ( $annotation ) {
255 $php_update_message .= '</p><p><em>' . $annotation . '</em>';
256}
257
258if ( ! $mysql_compat && ! $php_compat ) {
259 $compat = sprintf(
260 /* translators: 1: URL to WordPress release notes, 2: WordPress version number, 3: Minimum required PHP version number, 4: Minimum required MySQL version number, 5: Current PHP version number, 6: Current MySQL version number. */
261 __( 'You cannot install because <a href="%1$s">WordPress %2$s</a> requires PHP version %3$s or higher and MySQL version %4$s or higher. You are running PHP version %5$s and MySQL version %6$s.' ),
262 $version_url,
263 $wp_version,
264 $required_php_version,
265 $required_mysql_version,
266 $php_version,
267 $mysql_version
268 ) . $php_update_message;
269} elseif ( ! $php_compat ) {
270 $compat = sprintf(
271 /* translators: 1: URL to WordPress release notes, 2: WordPress version number, 3: Minimum required PHP version number, 4: Current PHP version number. */
272 __( 'You cannot install because <a href="%1$s">WordPress %2$s</a> requires PHP version %3$s or higher. You are running version %4$s.' ),
273 $version_url,
274 $wp_version,
275 $required_php_version,
276 $php_version
277 ) . $php_update_message;
278} elseif ( ! $mysql_compat ) {
279 $compat = sprintf(
280 /* translators: 1: URL to WordPress release notes, 2: WordPress version number, 3: Minimum required MySQL version number, 4: Current MySQL version number. */
281 __( 'You cannot install because <a href="%1$s">WordPress %2$s</a> requires MySQL version %3$s or higher. You are running version %4$s.' ),
282 $version_url,
283 $wp_version,
284 $required_mysql_version,
285 $mysql_version
286 );
287}
288
289if ( ! $mysql_compat || ! $php_compat ) {
290 display_header();
291 die( '<h1>' . __( 'Requirements Not Met' ) . '</h1><p>' . $compat . '</p></body></html>' );
292}
293
294if ( isset( $required_php_extensions ) && is_array( $required_php_extensions ) ) {
295 $missing_extensions = array();
296
297 foreach ( $required_php_extensions as $extension ) {
298 if ( extension_loaded( $extension ) ) {
299 continue;
300 }
301
302 $missing_extensions[] = sprintf(
303 /* translators: 1: URL to WordPress release notes, 2: WordPress version number, 3: The PHP extension name needed. */
304 __( 'You cannot install because <a href="%1$s">WordPress %2$s</a> requires the %3$s PHP extension.' ),
305 $version_url,
306 $wp_version,
307 $extension
308 );
309 }
310
311 if ( count( $missing_extensions ) > 0 ) {
312 display_header();
313 die( '<h1>' . __( 'Requirements Not Met' ) . '</h1><p>' . implode( '</p><p>', $missing_extensions ) . '</p></body></html>' );
314 }
315}
316
317if ( ! is_string( $wpdb->base_prefix ) || '' === $wpdb->base_prefix ) {
318 display_header();
319 die(
320 '<h1>' . __( 'Configuration Error' ) . '</h1>' .
321 '<p>' . sprintf(
322 /* translators: %s: wp-config.php */
323 __( 'Your %s file has an empty database table prefix, which is not supported.' ),
324 '<code>wp-config.php</code>'
325 ) . '</p></body></html>'
326 );
327}
328
329// Set error message if DO_NOT_UPGRADE_GLOBAL_TABLES isn't set as it will break install.
330if ( defined( 'DO_NOT_UPGRADE_GLOBAL_TABLES' ) ) {
331 display_header();
332 die(
333 '<h1>' . __( 'Configuration Error' ) . '</h1>' .
334 '<p>' . sprintf(
335 /* translators: %s: DO_NOT_UPGRADE_GLOBAL_TABLES */
336 __( 'The constant %s cannot be defined when installing WordPress.' ),
337 '<code>DO_NOT_UPGRADE_GLOBAL_TABLES</code>'
338 ) . '</p></body></html>'
339 );
340}
341
342/**
343 * @global string $wp_local_package Locale code of the package.
344 * @global WP_Locale $wp_locale WordPress date and time locale object.
345 */
346$language = '';
347if ( ! empty( $_REQUEST['language'] ) ) {
348 $language = sanitize_locale_name( $_REQUEST['language'] );
349} elseif ( isset( $GLOBALS['wp_local_package'] ) ) {
350 $language = $GLOBALS['wp_local_package'];
351}
352
353$scripts_to_print = array( 'jquery' );
354
355switch ( $step ) {
356 case 0: // Step 0.
357 if ( wp_can_install_language_pack() && empty( $language ) ) {
358 $languages = wp_get_available_translations();
359 if ( $languages ) {
360 $scripts_to_print[] = 'language-chooser';
361 display_header( 'language-chooser' );
362 echo '<form id="setup" method="post" action="?step=1">';
363 wp_install_language_form( $languages );
364 echo '</form>';
365 break;
366 }
367 }
368
369 // Deliberately fall through if we can't reach the translations API.
370
371 case 1: // Step 1, direct link or from language chooser.
372 if ( ! empty( $language ) ) {
373 $loaded_language = wp_download_language_pack( $language );
374 if ( $loaded_language ) {
375 load_default_textdomain( $loaded_language );
376 $GLOBALS['wp_locale'] = new WP_Locale();
377 }
378 }
379
380 $scripts_to_print[] = 'user-profile';
381
382 display_header();
383 ?>
384<h1><?php _ex( 'Welcome', 'Howdy' ); ?></h1>
385<p><?php _e( 'Welcome to the famous five-minute WordPress installation process! Just fill in the information below and you’ll be on your way to using the most extendable and powerful personal publishing platform in the world.' ); ?></p>
386
387<h2><?php _e( 'Information needed' ); ?></h2>
388<p><?php _e( 'Please provide the following information. Do not worry, you can always change these settings later.' ); ?></p>
389
390 <?php
391 display_setup_form();
392 break;
393 case 2:
394 if ( ! empty( $language ) && load_default_textdomain( $language ) ) {
395 $loaded_language = $language;
396 $GLOBALS['wp_locale'] = new WP_Locale();
397 } else {
398 $loaded_language = 'en_US';
399 }
400
401 if ( ! empty( $wpdb->error ) ) {
402 wp_die( $wpdb->error->get_error_message() );
403 }
404
405 $scripts_to_print[] = 'user-profile';
406
407 display_header();
408 // Fill in the data we gathered.
409 $weblog_title = isset( $_POST['weblog_title'] ) ? trim( wp_unslash( $_POST['weblog_title'] ) ) : '';
410 $user_name = isset( $_POST['user_name'] ) ? trim( wp_unslash( $_POST['user_name'] ) ) : '';
411 $admin_password = isset( $_POST['admin_password'] ) ? wp_unslash( $_POST['admin_password'] ) : '';
412 $admin_password_check = isset( $_POST['admin_password2'] ) ? wp_unslash( $_POST['admin_password2'] ) : '';
413 $admin_email = isset( $_POST['admin_email'] ) ? trim( wp_unslash( $_POST['admin_email'] ) ) : '';
414 $public = isset( $_POST['blog_public'] ) ? (int) $_POST['blog_public'] : 1;
415
416 // Check email address.
417 $error = false;
418 if ( empty( $user_name ) ) {
419 // TODO: Poka-yoke.
420 display_setup_form( __( 'Please provide a valid username.' ) );
421 $error = true;
422 } elseif ( sanitize_user( $user_name, true ) !== $user_name ) {
423 display_setup_form( __( 'The username you provided has invalid characters.' ) );
424 $error = true;
425 } elseif ( $admin_password !== $admin_password_check ) {
426 // TODO: Poka-yoke.
427 display_setup_form( __( 'Your passwords do not match. Please try again.' ) );
428 $error = true;
429 } elseif ( empty( $admin_email ) ) {
430 // TODO: Poka-yoke.
431 display_setup_form( __( 'You must provide an email address.' ) );
432 $error = true;
433 } elseif ( ! is_email( $admin_email ) ) {
434 // TODO: Poka-yoke.
435 display_setup_form( __( 'Sorry, that is not a valid email address. Email addresses look like <code>username@example.com</code>.' ) );
436 $error = true;
437 }
438
439 if ( false === $error ) {
440 $wpdb->show_errors();
441 $result = wp_install( $weblog_title, $user_name, $admin_email, $public, '', wp_slash( $admin_password ), $loaded_language );
442 ?>
443
444<h1><?php _e( 'Success!' ); ?></h1>
445
446<p><?php _e( 'WordPress has been installed. Thank you, and enjoy!' ); ?></p>
447
448<table class="form-table install-success">
449 <tr>
450 <th><?php _e( 'Username' ); ?></th>
451 <td><?php echo esc_html( sanitize_user( $user_name, true ) ); ?></td>
452 </tr>
453 <tr>
454 <th><?php _e( 'Password' ); ?></th>
455 <td>
456 <?php if ( ! empty( $result['password'] ) && empty( $admin_password_check ) ) : ?>
457 <code><?php echo esc_html( $result['password'] ); ?></code><br />
458 <?php endif; ?>
459 <p><?php echo $result['password_message']; ?></p>
460 </td>
461 </tr>
462</table>
463
464<p class="step"><a href="<?php echo esc_url( wp_login_url() ); ?>"><?php _e( 'Log In' ); ?></a></p>
465
466 <?php
467 }
468 break;
469}
470
471if ( ! wp_is_mobile() ) {
472 ?>
473<script type="text/javascript">var t = document.getElementById('weblog_title'); if (t){ t.focus(); }</script>
474 <?php
475}
476
477wp_print_scripts( $scripts_to_print );
478?>
479<script type="text/javascript">
480jQuery( function( $ ) {
481 $( '.hide-if-no-js' ).removeClass( 'hide-if-no-js' );
482} );
483</script>
484</body>
485</html>
486