feature(install): installation changes

Registration is off by default.
Registration/walled garden moved to basic settings.
On first visit to site, the admin user is welcomed to the basic settings page.
Basic settings invites user to advanced settings.
Adds API for safely redirecting to input-given URLs.

Fixes Elgg#5871

actions/admin/site/update_advanced.php

@@ -50,14 +50,6 @@
 	elgg_remove_config('debug');
 }
 
-// allow new user registration?
-$allow_registration = ('on' === get_input('allow_registration', false));
-elgg_save_config('allow_registration', $allow_registration);
-
-// setup walled garden
-$walled_garden = ('on' === get_input('walled_garden', false));
-elgg_save_config('walled_garden', $walled_garden);
-
 $regenerate_site_secret = get_input('regenerate_site_secret', false);
 if ($regenerate_site_secret) {
 	// if you cancel this even you should present a message to the user

actions/admin/site/update_basic.php

@@ -23,6 +23,14 @@
 $site->email = get_input('siteemail');
 $site->save();
 
+// allow new user registration?
+$allow_registration = ('on' === get_input('allow_registration', false));
+elgg_save_config('allow_registration', $allow_registration);
+
+// setup walled garden
+$walled_garden = ('on' === get_input('walled_garden', false));
+elgg_save_config('walled_garden', $walled_garden);
+
 elgg_save_config('language', get_input('language'));
 
 $default_limit = (int) get_input('default_limit');
@@ -34,4 +42,6 @@
 elgg_save_config('default_limit', $default_limit);
 
 system_message(elgg_echo('admin:configuration:success'));
-forward(REFERER);
+
+$after_save = elgg_normalize_site_url(get_input('after_save'));
+forward($after_save ? $after_save : REFERER);

docs/admin/upgrading.rst

@@ -79,6 +79,11 @@ New 3.0 installations require MySQL 5.5.3 and use the utf8mb4 character set and
 
 The upgrade **does not make these changes**. We will make available instructions to manually upgrade the database and a small change that needs to be made in the ``settings.php`` file.
 
+Miscellaneous changes
+---------------------
+
+The settings "Allow visitors to register" and "Restrict pages to logged-in users" now appear on the Basic Settings admin page.
+
 From 2.2 to 2.3
 ===============
 

engine/classes/ElggInstaller.php

@@ -524,19 +524,19 @@ protected function admin($submissionVars) {
 		];
 
 		if ($this->isAction) {
-			do {
+			call_user_func(function () use ($submissionVars, $formVars) {
 				if (!$this->validateAdminVars($submissionVars, $formVars)) {
-					break;
+					return;
 				}
 
 				if (!$this->createAdminAccount($submissionVars, $this->autoLogin)) {
-					break;
+					return;
 				}
 
 				system_message(_elgg_services()->translator->translate('install:success:admin'));
 
 				$this->continueToNextStep('admin');
-			} while (false);  // PHP doesn't support breaking out of if statements
+			});
 		}
 
 		// bit of a hack to get the password help to show right number of characters
@@ -558,14 +558,16 @@ protected function admin($submissionVars) {
 	 */
 	protected function complete() {
 
-		$params = [];
-		if ($this->autoLogin) {
-			$params['destination'] = 'admin';
-		} else {
-			$params['destination'] = 'index.php';
-		}
+		// nudge to check out settings
+		$link = elgg_format_element([
+			'#tag_name' => 'a',
+			'#text' => _elgg_services()->translator->translate('install:complete:admin_notice:link_text'),
+			'href' => elgg_normalize_url('admin/settings/basic'),
+		]);
+		$notice = _elgg_services()->translator->translate('install:complete:admin_notice', [$link]);
+		elgg_add_admin_notice('fresh_install', $notice);
 
-		$this->render('complete', $params);
+		$this->render('complete');
 	}
 
 	/**
@@ -1477,7 +1479,7 @@ protected function saveSiteSettings($submissionVars) {
 		_elgg_services()->configTable->set('view', 'default');
 		_elgg_services()->configTable->set('language', 'en');
 		_elgg_services()->configTable->set('default_access', $submissionVars['siteaccess']);
-		_elgg_services()->configTable->set('allow_registration', true);
+		_elgg_services()->configTable->set('allow_registration', false);
 		_elgg_services()->configTable->set('walled_garden', false);
 		_elgg_services()->configTable->set('allow_user_default_access', '');
 		_elgg_services()->configTable->set('default_limit', 10);

engine/lib/elgglib.php

@@ -79,8 +79,7 @@ function elgg_load_library($name) {
 /**
  * Forward to $location.
  *
- * Sends a 'Location: $location' header and exists.  If headers have
- * already been sent, throws an exception.
+ * Sends a 'Location: $location' header and exits.  If headers have already been sent, throws an exception.
  *
  * @param string $location URL to forward to browser to. This can be a path
  *                         relative to the network's URL.
@@ -89,7 +88,7 @@ function elgg_load_library($name) {
  *                         'system'.
  *
  * @return void
- * @throws SecurityException
+ * @throws SecurityException|InvalidParameterException
  */
 function forward($location = "", $reason = 'system') {
 	if (headers_sent($file, $line)) {

engine/lib/output.php

@@ -256,9 +256,8 @@ function elgg_format_element($tag_name, array $attributes = [], $text = '', arra
 }
 
 /**
- * Converts shorthand urls to absolute urls.
- *
- * No change is made if the URL: is absolute, protocol-relative, starts with a protocol/fragment/query.
+ * Converts shorthand URLs to absolute URLs, unless the given URL is absolute, protocol-relative,
+ * or starts with a protocol/fragment/query
  *
  * @example
  * elgg_normalize_url('');                   // 'http://my.site.com/'
@@ -268,7 +267,7 @@ function elgg_format_element($tag_name, array $attributes = [], $text = '', arra
  *
  * @param string $url The URL to normalize
  *
- * @return string The absolute url
+ * @return string The absolute URL
  */
 function elgg_normalize_url($url) {
 	$url = str_replace(' ', '%20', $url);
@@ -307,6 +306,28 @@ function elgg_normalize_url($url) {
 	return elgg_get_site_url() . ltrim($url, '/');
 }
 
+/**
+ * From untrusted input, get a site URL safe for forwarding.
+ *
+ * @param string $unsafe_url URL from untrusted input
+ *
+ * @return bool|string Normalized URL or false if given URL was not a path.
+ *
+ * @since 3.0.0
+ */
+function elgg_normalize_site_url($unsafe_url) {
+	if (!is_string($unsafe_url)) {
+		return false;
+	}
+
+	$unsafe_url = elgg_normalize_url($unsafe_url);
+	if (0 === strpos($unsafe_url, elgg_get_site_url())) {
+		return $unsafe_url;
+	}
+
+	return false;
+}
+
 /**
  * When given a title, returns a version suitable for inclusion in a URL
  *

install/languages/en.php

@@ -109,6 +109,8 @@
 
 	'install:complete:instructions' => 'Your Elgg site is now ready to be used. Click the button below to be taken to your site.',
 	'install:complete:gotosite' => 'Go to site',
+	'install:complete:admin_notice' => 'Welcome to your Elgg site! For more options, see the %s.',
+	'install:complete:admin_notice:link_text' => 'settings pages',
 
 	'InstallationException:UnknownStep' => '%s is an unknown installation step.',
 	'InstallationException:MissingLibrary' => 'Could not load %s',

languages/en.php

@@ -120,6 +120,8 @@
 	'save:fail' => 'There was a failure saving your data',
 	'save:success' => 'Your data was saved',
 
+	'forward:error' => 'Sorry. An error occurred while redirecting to you to another site.',
+
 	'error:default:title' => 'Oops...',
 	'error:default:content' => 'Oops... something went wrong.',
 	'error:400:title' => 'Bad request',
@@ -920,6 +922,7 @@
  */
 
 	'save' => "Save",
+	'save_go' => "Save, and go to %s",
 	'reset' => 'Reset',
 	'publish' => "Publish",
 	'cancel' => "Cancel",
@@ -1209,9 +1212,9 @@
 	'installation:debug:info' => 'Log everything',
 
 	// Walled Garden support
-	'installation:registration:description' => 'User registration is enabled by default. Turn this off if you do not want people to register on their own.',
-	'installation:registration:label' => 'Allow new users to register',
-	'installation:walled_garden:description' => 'Enable this to prevent non-members from viewing the site except for web pages marked as public (such as login and registration).',
+	'installation:registration:description' => 'If enabled, visitors can create their own user accounts.',
+	'installation:registration:label' => 'Allow visitors to register',
+	'installation:walled_garden:description' => 'If enabled, logged-out visitors can see only pages marked public (such as login and registration).',
 	'installation:walled_garden:label' => 'Restrict pages to logged-in users',
 
 	'installation:view' => "Enter the view which will be used as the default for your site or leave this blank for the default view (if in doubt, leave as default):",

views/default/admin/settings/basic.php

@@ -6,4 +6,7 @@
  * @subpackage Core
  */
 
+// added in "complete" step of the installer
+elgg_delete_admin_notice('fresh_install');
+
 echo elgg_view_form('admin/site/update_basic', ['class' => 'elgg-form-settings']);

views/default/forms/admin/site/advanced/caching.php

@@ -44,7 +44,7 @@
 $symlink_source = elgg_get_root_path() . 'cache/';
 $symlink_target = elgg_get_cache_path() . 'views_simplecache/';
 $symlink_paths_help = elgg_echo('installation:cache_symlink:paths', [$symlink_source, $symlink_target]);
-$symlink_warning .= elgg_format_element('span', ['class' => 'elgg-text-help'], $symlink_paths_help);
+$symlink_warning .= elgg_format_element('p', ['class' => 'elgg-text-help'], $symlink_paths_help);
 
 // minify
 $minify_description = elgg_echo('installation:minify:description');

views/default/forms/admin/site/update_advanced.php

@@ -5,7 +5,6 @@
 
 echo elgg_view('forms/admin/site/advanced/caching', $vars);
 echo elgg_view('forms/admin/site/advanced/content_access', $vars);
-echo elgg_view('forms/admin/site/advanced/site_access', $vars);
 echo elgg_view('forms/admin/site/advanced/security', $vars);
 echo elgg_view('forms/admin/site/advanced/debugging', $vars);
 

views/default/forms/admin/site/update_basic.php

@@ -14,6 +14,32 @@
 	'value' => elgg_get_config('sitedescription'),
 ]);
 
+echo elgg_view_field([
+	'#type' => 'select',
+	'name' => 'language',
+	'#label' => elgg_echo('installation:language'),
+	'value' => elgg_get_config('language'),
+	'options_values' => get_installed_translations(),
+]);
+
+echo elgg_view_field([
+	'#type' => 'checkbox',
+	'label' => elgg_echo('installation:registration:label'),
+	'#help' => elgg_echo('installation:registration:description'),
+	'name' => 'allow_registration',
+	'checked' => (bool) elgg_get_config('allow_registration'),
+	'switch' => true,
+]);
+
+echo elgg_view_field([
+	'#type' => 'checkbox',
+	'label' => elgg_echo('installation:walled_garden:label'),
+	'#help' => elgg_echo('installation:walled_garden:description'),
+	'name' => 'walled_garden',
+	'checked' => (bool) elgg_get_config('walled_garden'),
+	'switch' => true,
+]);
+
 echo elgg_view_field([
 	'#type' => 'email',
 	'name' => 'siteemail',
@@ -31,13 +57,15 @@
 	'step' => 1,
 ]);
 
-echo elgg_view_field([
-	'#type' => 'select',
-	'name' => 'language',
-	'#label' => elgg_echo('installation:language'),
-	'value' => elgg_get_config('language'),
-	'options_values' => get_installed_translations(),
+$save = elgg_view('input/submit', [
+	'value' => elgg_echo('save'),
+]);
+
+$save_go = elgg_view('input/submit', [
+	'text' => elgg_echo('save_go', [elgg_echo('admin:settings:advanced')]),
+	'name' => 'after_save',
+	'value' => 'admin/settings/advanced',
 ]);
 
-$footer = elgg_view('input/submit', ['value' => elgg_echo('save')]);
+$footer = "$save $save_go";
 elgg_set_form_footer($footer);

views/installation/install/pages/complete.php

@@ -8,9 +8,9 @@
 ?>
 
 <div class="elgg-install-nav">
-<?php
-	$url = elgg_get_site_url() . $vars['destination'];
-	$text = elgg_echo('install:complete:gotosite');
-	echo "<a href=\"$url\">$text</a>";
-?>
+<?= elgg_format_element([
+	'#tag_name' => 'a',
+	'#text' => elgg_echo('install:complete:gotosite'),
+	'href' => elgg_get_site_url(),
+]) ?>
 </div>