diff --git a/htdocs/.htaccess b/htdocs/.htaccess
index 95c618d..235baf5 100644
--- a/htdocs/.htaccess
+++ b/htdocs/.htaccess
@@ -1,6 +1,6 @@
RewriteEngine on
#RewriteBase /
-RewriteCond $1 !^(index\.php|static|favicon\.ico|robots\.txt|sitemap.xml|google(.+)\.html)
+RewriteCond $1 !^(index\.php|static|favicon\.ico|robots\.txt|sitemap.xml|upgrade|google(.+)\.html)
RewriteRule ^(.*)$ index.php?/$1 [QSA,L]
SetOutputFilter DEFLATE
diff --git a/htdocs/upgrade/.htaccess b/htdocs/upgrade/.htaccess
new file mode 100644
index 0000000..82637c3
--- /dev/null
+++ b/htdocs/upgrade/.htaccess
@@ -0,0 +1,4 @@
+
+Order Allow,Deny
+Deny from all
+
\ No newline at end of file
diff --git a/htdocs/upgrade/index.php b/htdocs/upgrade/index.php
new file mode 100644
index 0000000..ca4b114
--- /dev/null
+++ b/htdocs/upgrade/index.php
@@ -0,0 +1,146 @@
+";
+ $message.= "Warning: All custom code will be erased!
";
+ $message.= "Do you want to upgrade? Yes | No";
+}
+else
+{
+ $title = "Upgrade Locked";
+ $message = "Your upgrade directory is locked, unlock it by deleting \"lock\" file.";
+}
+
+if (isset($_GET['status']))
+{
+ $uStatus = preg_replace("/[^a-zA-Z0-9.\/]+/", "", $_GET['status']);
+ $uSubject = ((isset($_GET['subject'])) ? preg_replace("/[^a-zA-Z0-9.\/]+/", "", $_GET['status']) : "application/config/stikked.php");
+ switch ($uStatus)
+ {
+ case "locked":
+ $title = "Upgrade Locked";
+ $message = "Your upgrade directory is locked, unlock it by deleting \"lock\" file.";
+ break;
+ case "missingTarget":
+ case "missingUgs":
+ $title = "Upgrade Failed";
+ $message = "Your" . (($uStatus == "missingTarget") ? " configuration file {$targetMain}" : " upgrade schema file {$upgradeSchema}") . " is missing. Check it and try again.";
+ break;
+ case "lockFailed":
+ $title = "Security risk: Lock failed";
+ $message = "Locking \"upgrade\" directory failed, please, remove it manualy, otherwise, unlocked, it represents security risk.
";
+ $message.= "However, update was successful.";
+ break;
+ case "success":
+ $title = "Upgrade succeed";
+ $message = "You're ready to go. ";
+ $message = "<< Click here to go to your upgraded Stikked site.";
+ break;
+ case "AuthFailed":
+ $title = "Access denied";
+ $message = "You cannot access {$URL} file directly.";
+ break;
+ case "AuthFailed-config":
+ $title = "Access denied";
+ $message = "You cannot access upconf.php file directly.";
+ break;
+ case "failed":
+ $title = "Upgrade failed";
+ $message = "Upgrade has failed.
Your configuration {$targetMain} file must be writtable (chmod 777).";
+ break;
+ default:
+ break;
+ }
+}
+?>
+
+
+
+
+ Upgrade <?PHP echo $status; ?>
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/htdocs/upgrade/upconf.php b/htdocs/upgrade/upconf.php
new file mode 100644
index 0000000..d6304f3
--- /dev/null
+++ b/htdocs/upgrade/upconf.php
@@ -0,0 +1,27 @@
+
+ * @param mixed $d
+ * @return string result
+ */
+
+function parseOption($d)
+{
+
+ if (is_bool($d))
+ {
+ return ($d) ? 'true' : 'false';
+ }
+ else
+ if (is_numeric($d))
+ {
+ return $d;
+ }
+ else
+ if (is_string($d))
+ {
+ return "'{$d}'";
+ }
+ else
+ if (is_array($d))
+ {
+ return var_export($d, true);
+ }
+ else
+ {
+ return "''";
+ }
+}
+$FIND = array(
+ "{INS->SITE_NAME}",
+ "{INS->DB_HOSTNAME}",
+ "{INS->DB_DATABASE}",
+ "{INS->DB_USERNAME}",
+ "{INS->DB_PASSWORD}",
+ "{INS->DB_PREFIX}",
+ "{INS->THEME}",
+ "{INS->COMBINE_ASSETS}",
+ "{INS->CRON_KEY}",
+ "{INS->URL_SHORTENING_NEW#1}",
+ "{INS->YOURLS_URL}",
+ "{INS->YOURLS_SIGNATURE}",
+ "{INS->GWGD_URL}",
+ "{INS->SHORTURL_SELECTED}",
+ "{INS->URL_SHORTENING_NEW#2}",
+ "{INS->BACKUP_USER}",
+ "{INS->BACKUP_PASS}",
+ "{INS->PER_PAGE}",
+ "{INS->APIKEY}",
+ "{INS->PRIVATE_ONLY}",
+ "{INS->ENABLE_CAPTCHA}",
+ "{INS->PUBLICKEY}",
+ "{INS->PRIVATEKEY}",
+ "{INS->DISABLEAPI}",
+ "{INS->DISABLEKEEPFOREVER}",
+ "{INS->BLOCKEDWORDS}",
+ "{INS->DISABLE_SHORTURL}",
+ "{INS->DISALLOW_SEARCH_ENGINES}",
+ "{INS->SPAMADMIN_USER}",
+ "{INS->SPAMADMIN_PASS}",
+ "{INS->DEFAULT_EXPIRATION}",
+ "{INS->DEFAULT_LANGUAGE}",
+ "{INS->UNKNOWN_POSTER}",
+ "{INS->UNKNOWN_TITLE}",
+ "{INS->REQUIRE_AUTH}",
+ "{INS->DISPLAYURL_OVERRIDE}",
+ "{INS->NOUNS}",
+ "{INS->ADJECTIVES}"
+);
+
+// To protect already upgraded configs, those values are also checked, if existing.
+$UPDATE = array(
+ parseOption($config['site_name']) ,
+ parseOption($config['db_hostname']) ,
+ parseOption($config['db_database']) ,
+ parseOption($config['db_username']) ,
+ parseOption($config['db_password']) ,
+ parseOption($config['db_prefix']) ,
+ parseOption($config['theme']) ,
+ parseOption($config['combine_assets']) ,
+ parseOption($config['cron_key']) ,
+ "\$config['url_shortening_use'] = " . (isset($config['url_shortening_use']) ? parseOption($config['url_shortening_use']) : "'off'") . ';' . PHP_EOL . "\$config['random_url_engines'] = " . ((isset($config['random_url_engines'])) ? parseOption($config['random_url_engines']) : "'googl,bitly'") . "; // Used only in random mode, read comment above for more info" . PHP_EOL,
+ parseOption($config['yourls_url']) ,
+ parseOption($config['yourls_signature']) ,
+ parseOption($config['gwgd_url']) ,
+ parseOption($config['shorturl_selected']) ,
+ "// goo.gl API key" . PHP_EOL . "\$config['googl_url_api'] = " . (isset($config['googl_url_api']) ? parseOption($config['googl_url_api']) : "''") . ';' . PHP_EOL . "// Bit.ly API key" . PHP_EOL . "\$config['bitly_url_api'] = " . (isset($config['bitly_url_api']) ? parseOption($config['bitly_url_api']) : "''") . ";" . PHP_EOL,
+ parseOption($config['backup_user']) ,
+ parseOption($config['backup_pass']) ,
+ parseOption($config['per_page']) ,
+ parseOption($config['apikey']) ,
+ parseOption($config['private_only']) ,
+ parseOption($config['enable_captcha']) ,
+ parseOption($config['recaptcha_publickey']) ,
+ parseOption($config['recaptcha_privatekey']) ,
+ parseOption($config['disable_api']) ,
+ parseOption($config['disable_keep_forever']) ,
+ parseOption($config['blocked_words']) ,
+ parseOption($config['disable_shorturl']) ,
+ parseOption($config['disallow_search_engines']) ,
+ parseOption($config['spamadmin_user']) ,
+ parseOption($config['spamadmin_pass']) ,
+ parseOption($config['default_expiration']) ,
+ parseOption($config['default_language']) ,
+ parseOption($config['unknown_poster']) ,
+ parseOption($config['unknown_title']) ,
+ parseOption($config['require_auth']) ,
+ parseOption($config['displayurl_override']) ,
+ parseOption($config['nouns']) ,
+ parseOption($config['adjectives'])
+);
+$tryTo = @chmod($targetMain, 0777); // Just try, if possible to evade permission errors
+
+$tryTo = @chmod("../upgrade", 0777); // Just try, if possible to evade permission errors
+
+
+if (file_put_contents($targetMain, str_replace($FIND, $UPDATE, $upgradeSchema)))
+{
+
+ // If succesfull, lock upgrade
+ $loadLock["LOCK"] = true;
+
+ if (!file_put_contents("lock", serialize(array(
+ "LOCK" => true
+ ))))
+ {
+ header("location: index.php?status=lockFailed");
+ exit;
+ }
+ header("location: index.php?status=success");
+ exit;
+}
+else
+{
+ header("location: index.php?status=failed");
+ exit;
+}
+header("location: index.php?status=failed");
+exit;
diff --git a/htdocs/upgrade/upgrade_schema.ugs b/htdocs/upgrade/upgrade_schema.ugs
new file mode 100644
index 0000000..8fe31af
--- /dev/null
+++ b/htdocs/upgrade/upgrade_schema.ugs
@@ -0,0 +1,245 @@
+SITE_NAME};
+
+/**
+ * Database connection
+ *
+ * Credentials for your database
+ * The database structure will be created automatically
+ *
+*/
+$config['db_hostname'] = {INS->DB_HOSTNAME};
+$config['db_database'] = {INS->DB_DATABASE};
+$config['db_username'] = {INS->DB_USERNAME};
+$config['db_password'] = {INS->DB_PASSWORD};
+
+/**
+ * Table prefix
+ * Generate table prefix for stikked db, commonly used if the webhoster only has one db.
+ * Use underscore as suffix to easily see the tables.
+ * example: $config['db_prefix'] = 'stikked_';
+ * use $config['db_prefix'] = ''; if you don't want to use table prefix.
+*/
+$config['db_prefix'] = {INS->DB_PREFIX};
+
+/**
+ * Theme
+ *
+ * Which theme to use
+ * Folder name in htdocs/themes/
+ * Currently: default, bootstrap, gabdark, gabdark3, geocities, snowkat, stikkedizr, cleanwhite
+ *
+*/
+$config['theme'] = {INS->THEME};
+
+/**
+ * Language
+ *
+ * New Language settings in application/config/language.php
+ *
+*/
+
+/**
+ * Combine JS & CSS files (recommended)
+ *
+ * htdocs/static/asset/ folder must be writeable
+ *
+*/
+$config['combine_assets'] = {INS->COMBINE_ASSETS};
+
+/**
+ * Key for Cron
+ *
+ * The password required to run the cron job */
+// Example cron: */5 * * * * curl --silent http://yoursite.com/cron/[key]
+//
+//
+$config['cron_key'] = {INS->CRON_KEY};
+
+/**
+ * url shortener config
+ *
+ * url_shortening_use:
+ * - Enables specific url shortening engine or disables them all
+ * - Valid values:
+ * @string yourls
+ * @string gwgd
+ * @string googl
+ * @string bitly
+ * @string random - Randomly chose any of upper API-s !WARNING! May be slow! For maximum performanse, it's recommended to either set all API keys or use random_url_engines to list working engines.
+ * @string none - same as off
+ *
+ * random_url_engines:
+ * - This variable sets list of APIs to be considered for usage if url_shortening_use is set to 'random'
+ * To consider all API-s, either leave it empty (as empty array or string) or type all apis available (yourls,gwgd,googl,bitly)
+ * be aware that considering all the APIs is not recommended because program will test them all, and that affects speed.
+ * This will greatly improve performance of 'random' mode if listed are only valid, filled APIs.
+ * Accepted inputs:
+ * @array array('use this', 'and this', 'and this of course')
+ * @string 'use this,and this,and this of course'
+ * - If input is @string it must be comma delimited, otherwise will be ignored.
+ * - Script will accept minimum of 2 APIs, ignored otherwise
+ * - Only alphanumeric characters and "." are allowed. Everything else is filtered out.
+ *
+ * -------------------------------------------------------------------------------------------------------------
+ * yourls_url: Your own instance of yourls URL-shortener (Download: http://yourls.org/)
+ * Example: http://example.com/yourls/
+ *
+ * yourls_signature: Your signature, used to authenticate API requests.
+ * You can find your signature under http://your-yourls-installation.com/admin/tools.php
+ *
+ * gwgd_url: Your own instance of the gw.gd URL-shortener (Download: https://github.com/neofutur/gwgd)
+ * Default: http://gw.gd/
+ *
+ * googl_url_api: URL shortening service provided by Google Inc. (API: http://code.google.com/apis/console/)
+ * Usage: Your API key
+ *
+ * bitly_url_api: Famous URL shortening service (API: http://dev.bitly.com/get_started.html)
+ * Usage: Your API key
+ *
+**/
+{INS->URL_SHORTENING_NEW#1}
+
+// Yourls
+$config['yourls_url'] = {INS->YOURLS_URL};
+$config['yourls_signature'] = {INS->YOURLS_SIGNATURE};
+
+// gwgd_url
+$config['gwgd_url'] = {INS->GWGD_URL};
+$config['shorturl_selected'] = {INS->SHORTURL_SELECTED};
+
+{INS->URL_SHORTENING_NEW#2}
+
+
+/**
+ * Credentials for the backup URL
+ *
+ * Basic auth user & pass for the backup URL, accessible via http://yoursite.com/backup
+ *
+**/
+$config['backup_user'] = {INS->BACKUP_USER};
+$config['backup_pass'] = {INS->BACKUP_PASS};
+
+/**
+ * Pastes Per Page
+ *
+ * Number of pastes per page, on the recent pastes listings.
+ *
+**/
+$config['per_page'] = {INS->PER_PAGE};
+
+/**
+ * API key
+ *
+ * Require a key to interact with the API.
+ * Append to all API requests: ?apikey=[yourkey]
+ *
+**/
+$config['apikey'] = {INS->APIKEY};
+
+/**
+ * Anti spam
+ *
+ * private_only: No recent pastes will be displayed.
+ * enable_captcha: Users must enter a captcha to post.
+ * recaptcha_publickey & recaptcha_privatekey: If filled, reCaptcha will be used (get a key from https://www.google.com/recaptcha/admin/create)
+ * disable_api: Don't allow pasting via API (because we can't use a captcha there...)
+ * disable_keep_forever: Don't allow pasting without expiration
+ * blocked_words: Comma separated list, e.g. '.es.tl, mycraft.com, yourbadword'
+ * disable_shorturl: "Create Shorturl" option will be disabled
+ * disallow_search_engines: displays a robots.txt that forbids indexing
+ *
+**/
+$config['private_only'] = {INS->PRIVATE_ONLY};
+$config['enable_captcha'] = {INS->ENABLE_CAPTCHA};
+$config['recaptcha_publickey'] = {INS->PUBLICKEY};
+$config['recaptcha_privatekey'] = {INS->PRIVATEKEY};
+$config['disable_api'] = {INS->DISABLEAPI};
+$config['disable_keep_forever'] = {INS->DISABLEKEEPFOREVER};
+$config['blocked_words'] = {INS->BLOCKEDWORDS};
+$config['disable_shorturl'] = {INS->DISABLE_SHORTURL};
+$config['disallow_search_engines'] = {INS->DISALLOW_SEARCH_ENGINES};
+
+//spamadmin: accessible via /spamadmin (only active when user + pass is set)
+$config['spamadmin_user'] = {INS->SPAMADMIN_USER};
+$config['spamadmin_pass'] = {INS->SPAMADMIN_PASS};
+
+/**
+ * Default paste expiration time (minutes)
+ *
+ * Possible values:
+ * burn (burn on reading)
+ * 5 (5 minutes)
+ * 60 (1 hour)
+ * 1440 (1 day)
+ * 10080 (1 week)
+ * 40320 (1 month)
+ * 483840 (1 year)
+ * 0 (keep forever)
+**/
+$config['default_expiration'] = {INS->DEFAULT_EXPIRATION};
+
+/**
+ * Default language
+ *
+ * Preselected language. See application/config/geshi_languages.php for valid values (array keys)
+ *
+**/
+$config['default_language'] = {INS->DEFAULT_LANGUAGE};
+
+/**
+ * Name for anonymous poster
+ *
+ * What name is to be set for anonymous posters
+ * DO NOT SET BLANK
+ * Set to random for a random paste to be generated
+ * NOTE: if changed only pastes from then on will be updated.
+ *
+**/
+$config['unknown_poster'] = {INS->UNKNOWN_POSTER};
+
+/**
+ * Name for untitled pastes
+ *
+ * What name is to be set for untitled pastes.
+ * DO NOT SET BLANK
+ * NOTE: if changed only pastes from then on will be updated.
+**/
+$config['unknown_title'] = {INS->UNKNOWN_TITLE};
+
+/**
+ * To require LDAP authentication or not.
+ *
+ * Weather to require LDAP authenticaiton or not.
+ * Set to either 'true' to require authentication or 'false' not to.
+ * NOTE: if changed, set LDAP settings in auth_ldap.php
+**/
+$config['require_auth'] = {INS->REQUIRE_AUTH};
+
+/**
+ * Override the displayed URL
+ *
+ * Display this URL in a paste's detail view instead of the main URL - e.g. if you use mod_rewrite
+ * Variable $id: the paste_id
+ * Example: 'http://example.com/$id'
+ *
+**/
+$config['displayurl_override'] = {INS->DISPLAYURL_OVERRIDE};
+
+/**
+ *
+ *
+ * Words used for when unknown_poster is set to random
+ *
+ *
+**/
+$config['nouns'] = {INS->NOUNS};
+
+$config['adjectives'] = {INS->ADJECTIVES};