From f2a479695eb4e3b18c73fd2f535aace720b0f601 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Doursenaud?= <rdoursenaud@gpcsolutions.fr>
Date: Mon, 22 Feb 2016 18:45:00 +0100
Subject: [PATCH] New: Improved forced install process

Tamper proofed the process by not relying on POST values for forced fields.
Disabled all fields set when $force_install_noedit is set.
Added a full-featured forced install config file template.

On the side:
Improved Dolibarr root and url detection.
Prevent install locking if install was not successful.
Added missing translation on failed administrator creation.
Better escaping of posted values.
---
 htdocs/install/check.php                 |  19 +-
 htdocs/install/fileconf.php              | 342 +++++++++++++----------
 htdocs/install/inc.php                   | 100 ++++++-
 htdocs/install/index.php                 |   7 +-
 htdocs/install/install.forced.sample.php |  73 +++++
 htdocs/install/step1.php                 | 148 ++++++----
 htdocs/install/step2.php                 |  15 +-
 htdocs/install/step4.php                 |  18 +-
 htdocs/install/step5.php                 |  75 +++--
 htdocs/install/upgrade.php               |  10 +-
 htdocs/install/upgrade2.php              |  12 +-
 htdocs/langs/en_US/install.lang          |   3 +-
 12 files changed, 542 insertions(+), 280 deletions(-)
 create mode 100644 htdocs/install/install.forced.sample.php

diff --git a/htdocs/install/check.php b/htdocs/install/check.php
index 66a9f7f77bb..c2326d58486 100644
--- a/htdocs/install/check.php
+++ b/htdocs/install/check.php
@@ -1,11 +1,11 @@
 <?php
-/* Copyright (C) 2004-2005	Rodolphe Quiedeville	<rodolphe@quiedeville.org>
- * Copyright (C) 2004-2015	Laurent Destailleur		<eldy@users.sourceforge.net>
- * Copyright (C) 2005		Marc Barilley / Ocebo	<marc@ocebo.com>
- * Copyright (C) 2005-2012	Regis Houssin			<regis.houssin@capnetworks.com>
- * Copyright (C) 2013-2014	Juanjo Menent			<jmenent@2byte.es>
+/* Copyright (C) 2004-2005  Rodolphe Quiedeville    <rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2015  Laurent Destailleur     <eldy@users.sourceforge.net>
+ * Copyright (C) 2005       Marc Barilley / Ocebo   <marc@ocebo.com>
+ * Copyright (C) 2005-2012  Regis Houssin           <regis.houssin@capnetworks.com>
+ * Copyright (C) 2013-2014  Juanjo Menent           <jmenent@2byte.es>
  * Copyright (C) 2014       Marcos García           <marcosgdf@gmail.com>
- * Copyright (C) 2015       Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
+ * Copyright (C) 2015-2016  Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,6 +28,8 @@
  */
 include_once 'inc.php';
 
+global $langs;
+
 $err = 0;
 $allowinstall = 0;
 $allowupgrade = false;
@@ -42,7 +44,10 @@ $langs->load("install");
 $useforcedwizard=false;
 $forcedfile="./install.forced.php";
 if ($conffile == "/etc/dolibarr/conf.php") $forcedfile="/etc/dolibarr/install.forced.php";
-if (@file_exists($forcedfile)) { $useforcedwizard=true; include_once $forcedfile; }
+if (@file_exists($forcedfile)) {
+	$useforcedwizard = true;
+	include_once $forcedfile;
+}
 
 dolibarr_install_syslog("--- check: Dolibarr install/upgrade process started");
 
diff --git a/htdocs/install/fileconf.php b/htdocs/install/fileconf.php
index d0cf9a4a385..1782be430bc 100644
--- a/htdocs/install/fileconf.php
+++ b/htdocs/install/fileconf.php
@@ -1,10 +1,11 @@
 <?php
-/* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004      Eric Seigne          <eric.seigne@ryxeo.com>
- * Copyright (C) 2004-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
- * Copyright (C) 2004      Sebastien DiCintio   <sdicintio@ressource-toi.org>
- * Copyright (C) 2005-2011 Regis Houssin        <regis.houssin@capnetworks.com>
+/* Copyright (C) 2004       Rodolphe Quiedeville    <rodolphe@quiedeville.org>
+ * Copyright (C) 2004       Eric Seigne             <eric.seigne@ryxeo.com>
+ * Copyright (C) 2004-2012  Laurent Destailleur     <eldy@users.sourceforge.net>
+ * Copyright (C) 2004       Benoit Mortier          <benoit.mortier@opensides.be>
+ * Copyright (C) 2004       Sebastien DiCintio      <sdicintio@ressource-toi.org>
+ * Copyright (C) 2005-2011  Regis Houssin           <regis.houssin@capnetworks.com>
+ * Copyright (C) 2016       Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,6 +29,8 @@
 
 include_once 'inc.php';
 
+global $langs;
+
 $err=0;
 
 $setuplang=GETPOST("selectlang",'',3)?GETPOST("selectlang",'',3):(isset($_GET["lang"])?$_GET["lang"]:'auto');
@@ -58,12 +61,10 @@ $useforcedwizard=false;
 $forcedfile="./install.forced.php";
 if ($conffile == "/etc/dolibarr/conf.php") $forcedfile="/etc/dolibarr/install.forced.php";	// Must be after inc.php
 if (@file_exists($forcedfile)) {
-	$useforcedwizard=true; include_once $forcedfile;
+	$useforcedwizard = true;
+	include_once $forcedfile;
 }
 
-//$force_install_message='This is the message';
-//$force_install_noedit=1;
-
 
 /*
  *	View
@@ -120,37 +121,20 @@ if (! empty($force_install_message))
 	print $langs->trans("WebPagesDirectory");
 	print "</b></td>";
 
-	if(! isset($dolibarr_main_url_root) || dol_strlen($dolibarr_main_url_root) == 0)
-	{
-	    //print "x".$_SERVER["SCRIPT_FILENAME"]." y".$_SERVER["DOCUMENT_ROOT"];
-
-	    // Si le php fonctionne en CGI, alors SCRIPT_FILENAME vaut le path du php et
-	    // ce n'est pas ce qu'on veut. Dans ce cas, on propose $_SERVER["DOCUMENT_ROOT"]
-	    if (preg_match('/^php$/i',$_SERVER["SCRIPT_FILENAME"]) || preg_match('/[\\/]php$/i',$_SERVER["SCRIPT_FILENAME"]) || preg_match('/php\.exe$/i',$_SERVER["SCRIPT_FILENAME"]))
-	    {
-	        $dolibarr_main_document_root=$_SERVER["DOCUMENT_ROOT"];
-
-	        if (! preg_match('/[\\/]dolibarr[\\/]htdocs$/i',$dolibarr_main_document_root))
-	        {
-	            $dolibarr_main_document_root.="/dolibarr/htdocs";
-	        }
-	    }
-	    else
-	    {
-	        $dolibarr_main_document_root = substr($_SERVER["SCRIPT_FILENAME"],0,dol_strlen($_SERVER["SCRIPT_FILENAME"]) - 21);
-	        // Nettoyage du path propose
-	        // Gere les chemins windows avec double "\"
-	        $dolibarr_main_document_root = str_replace('\\\\','/',$dolibarr_main_document_root);
-
-	        // Supprime les slash ou antislash de fins
-	        $dolibarr_main_document_root = preg_replace('/[\\/]+$/','',$dolibarr_main_document_root);
-	    }
+	if (empty($dolibarr_main_url_root)) {
+		$dolibarr_main_document_root = detect_dolibarr_main_document_root();
 	}
 	?>
-		<td class="label" valign="top"><?php
-		if ($force_install_noedit) print '<input type="hidden" value="'.$dolibarr_main_document_root.'" name="main_dir">';
-		print '<input type="text" size="60" value="'.$dolibarr_main_document_root.'"'.(empty($force_install_noedit)?'':' disabled').' name="main_dir'.(empty($force_install_noedit)?'':'_bis').'">';
-		?></td>
+		<td class="label" valign="top">
+			<input type="text"
+			       size="60"
+			       value="<?php print $dolibarr_main_document_root ?>"
+			       name="main_dir"
+				<?php if (!empty($force_install_noedit)) {
+					print 'disabled';
+				} ?>
+			>
+		</td>
 		<td class="comment"><?php
 		print $langs->trans("WithNoSlashAtTheEnd")."<br>";
 		print $langs->trans("Examples").":<br>";
@@ -167,24 +151,21 @@ if (! empty($force_install_message))
 		<td valign="top" class="label"><b> <?php print $langs->trans("DocumentsDirectory"); ?></b>
 		</td>
 		<?php
-		if (empty($dolibarr_main_data_root))
-		{
-		    // Si le repertoire documents non defini, on en propose un par defaut
-		    if (empty($force_install_main_data_root))
-		    {
-		        $dolibarr_main_data_root=preg_replace("/\/htdocs$/","",$dolibarr_main_document_root);
-		        $dolibarr_main_data_root.="/documents";
-		    }
-		    else
-		    {
-		        $dolibarr_main_data_root=$force_install_main_data_root;
-		    }
+		$dolibarr_main_data_root = $force_install_main_data_root;
+		if (empty($dolibarr_main_data_root)) {
+			$dolibarr_main_data_root = detect_dolibarr_main_data_root($dolibarr_main_document_root);
 		}
 		?>
-		<td class="label" valign="top"><?php
-		if ($force_install_noedit) print '<input type="hidden" value="'.$dolibarr_main_data_root.'" name="main_data_dir">';
-		print '<input type="text" size="60" value="'.$dolibarr_main_data_root.'"'.(empty($force_install_noedit)?'':' disabled').' name="main_data_dir'.(empty($force_install_noedit)?'':'_bis').'">';
-		?></td>
+		<td class="label" valign="top">
+			<input type="text"
+			       size="60"
+			       value="<?php print $dolibarr_main_data_root ?>"
+			       name="main_data_dir"
+				<?php if (!empty($force_install_noedit)) {
+					print 'disabled';
+				} ?>
+			>
+		</td>
 		<td class="comment"><?php
 		print $langs->trans("WithNoSlashAtTheEnd")."<br>";
 		print $langs->trans("DirectoryRecommendation")."<br>";
@@ -199,39 +180,23 @@ if (! empty($force_install_message))
 
 	<!-- Root URL $dolibarr_main_url_root -->
 	<?php
-	if (! empty($main_url)) $dolibarr_main_url_root=$main_url;
-	if (empty($dolibarr_main_url_root))
-	{
-	    // If defined (Ie: Apache with Linux)
-	    if (isset($_SERVER["SCRIPT_URI"])) {
-	        $dolibarr_main_url_root=$_SERVER["SCRIPT_URI"];
-	    }
-	    // If defined (Ie: Apache with Caudium)
-	    elseif (isset($_SERVER["SERVER_URL"]) && isset($_SERVER["DOCUMENT_URI"])) {
-	        $dolibarr_main_url_root=$_SERVER["SERVER_URL"].$_SERVER["DOCUMENT_URI"];
-	    }
-	    // If SCRIPT_URI, SERVER_URL, DOCUMENT_URI not defined (Ie: Apache 2.0.44 for Windows)
-	    else
-	    {
-	        $proto='http';
-	        if (! empty($_SERVER["HTTP_HOST"])) $serverport=$_SERVER["HTTP_HOST"];
-	        else $serverport=$_SERVER["SERVER_NAME"];
-	        $dolibarr_main_url_root=$proto."://".$serverport.$_SERVER["SCRIPT_NAME"];
-	    }
-	    // Clean proposed URL
-	    $dolibarr_main_url_root = preg_replace('/\/fileconf\.php$/','',$dolibarr_main_url_root);	// Remove the /fileconf.php
-	    $dolibarr_main_url_root = preg_replace('/\/$/','',$dolibarr_main_url_root);					// Remove the /
-	    $dolibarr_main_url_root = preg_replace('/\/index\.php$/','',$dolibarr_main_url_root);		// Remove the /index.php
-	    $dolibarr_main_url_root = preg_replace('/\/install$/','',$dolibarr_main_url_root);			// Remove the /install
+	if (empty($dolibarr_main_url_root)) {
+		$dolibarr_main_url_root = detect_dolibarr_main_url_root();
 	}
 	?>
 	<tr>
 		<td valign="top" class="label"><b> <?php echo $langs->trans("URLRoot"); ?></b>
 		</td>
-		<td valign="top" class="label"><?php
-		if ($force_install_noedit) print '<input type="hidden" value="'.$dolibarr_main_url_root.'" name="main_url">';
-		print '<input type="text" size="60" value="'.$dolibarr_main_url_root.'"'.(empty($force_install_noedit)?'':' disabled').' name="main_url'.(empty($force_install_noedit)?'':'_bis').'">';
-		?></td>
+		<td valign="top" class="label">
+			<input type="text"
+			       size="60"
+			       name="main_url"
+			       value="<?php print $dolibarr_main_url_root; ?> "
+				<?php if (!empty($force_install_noedit)) {
+					print 'disabled';
+				} ?>
+			>
+		</td>
 		<td class="comment"><?php print $langs->trans("Examples").":<br>"; ?>
 		<ul>
 			<li>http://localhost/</li>
@@ -245,9 +210,17 @@ if (! empty($force_install_message))
 	    ?>
 	<tr>
 		<td valign="top" class="label"><?php echo $langs->trans("ForceHttps"); ?></td>
-		<td class="label" valign="top"><input type="checkbox"
-			name="main_force_https"
-			<?php if (! empty($force_install_mainforcehttps)) print ' checked'; ?>></td>
+		<td class="label" valign="top">
+			<input type="checkbox"
+			       name="main_force_https"
+				<?php if (!empty($force_install_mainforcehttps)) {
+					print 'checked';
+				} ?>
+				<?php if ($force_install_noedit == 2 && $force_install_mainforcehttps !== null) {
+					print 'disabled';
+				} ?>
+			>
+		</td>
 		<td class="comment"><?php echo $langs->trans("CheckToForceHttps"); ?>
 		</td>
 
@@ -265,13 +238,18 @@ if (! empty($force_install_message))
 	</tr>
 
 	<tr>
-	<td class="label" valign="top"><b> <?php echo $langs->trans("DatabaseName"); ?>
-	</b></td>
-
-	<td class="label" valign="top"><input type="text" id="db_name"
-				name="db_name"
-				value="<?php echo (! empty($dolibarr_main_db_name))?$dolibarr_main_db_name:($force_install_database?$force_install_database:'dolibarr'); ?>"></td>
-	<td class="comment"><?php echo $langs->trans("DatabaseName"); ?></td>
+		<td class="label" valign="top"><b> <?php echo $langs->trans("DatabaseName"); ?>
+		</b></td>
+		<td class="label" valign="top">
+			<input type="text" id="db_name"
+			       name="db_name"
+			       value="<?php echo (!empty($dolibarr_main_db_name)) ? $dolibarr_main_db_name : ($force_install_database ? $force_install_database : 'dolibarr'); ?>"
+				<?php if ($force_install_noedit == 2 && $force_install_database !== null) {
+					print 'disabled';
+				} ?>
+			>
+		</td>
+		<td class="comment"><?php echo $langs->trans("DatabaseName"); ?></td>
 	</tr>
 
 
@@ -286,7 +264,8 @@ if (! empty($force_install_message))
 		<td valign="top" class="label"><b> <?php echo $langs->trans("DriverType"); ?>
 		</b></td>
 
-		<td class="label"><?php
+		<td class="label">
+		<?php
 
 		$defaultype=! empty($dolibarr_main_db_type)?$dolibarr_main_db_type:($force_install_type?$force_install_type:'mysqli');
 
@@ -342,13 +321,17 @@ if (! empty($force_install_message))
 		        }
 		    }
 		}
+		?>
+			<select id="db_type"
+			        name="db_type"
+				<?php if ($force_install_noedit && $force_install_type !== null) {
+					print 'disabled';
+				} ?>
+			>
+				<?php print $option; ?>
+			</select>
 
-		if ($force_install_noedit && $force_install_type) print '<input id="db_type" type="hidden" value="'.$force_install_type.'" name="db_type">';
-		print '<select id="db_type" name="db_type'.(empty($force_install_noedit) || empty($force_install_type)?'':'_bis').'"'.($force_install_noedit && $force_install_type?' disabled':'').'>';
-		print $option;
-		print '</select>';
-
-		?></td>
+		</td>
 		<td class="comment"><?php echo $langs->trans("DatabaseType"); ?></td>
 
 	</tr>
@@ -356,11 +339,14 @@ if (! empty($force_install_message))
 	<tr class="hidesqlite">
 		<td valign="top" class="label"><b> <?php echo $langs->trans("Server"); ?>
 		</b></td>
-		<td valign="top" class="label"><input type="text"
-			name="db_host<?php print ($force_install_noedit==2 && $force_install_dbserver)?'_bis':''; ?>"
-			<?php if ($force_install_noedit==2 && $force_install_dbserver) print ' disabled'; ?>
-			value="<?php print (! empty($dolibarr_main_db_host))?$dolibarr_main_db_host:(empty($force_install_dbserver)?'localhost':$force_install_dbserver); ?>">
-			<?php if ($force_install_noedit==2 && $force_install_dbserver) print '<input type="hidden" name="db_host" value="'.((! empty($dolibarr_main_db_host))?$dolibarr_main_db_host:$force_install_dbserver).'">'; ?>
+		<td valign="top" class="label">
+			<input type="text"
+			       name="db_host"
+			       value="<?php print (!empty($force_install_dbserver) ? $force_install_dbserver : (!empty($dolibarr_main_db_host) ? $dolibarr_main_db_host : 'localhost')); ?>"
+				<?php if ($force_install_noedit == 2 && $force_install_dbserver !== null) {
+					print ' disabled';
+				} ?>
+			>
 		</td>
 		<td class="comment"><?php echo $langs->trans("ServerAddressDescription"); ?>
 		</td>
@@ -369,11 +355,15 @@ if (! empty($force_install_message))
 
 	<tr class="hidesqlite">
 		<td valign="top" class="label"><?php echo $langs->trans("Port"); ?></td>
-		<td valign="top" class="label"><input type="text" id="db_port"
-			name="db_port<?php print ($force_install_noedit==2 && $force_install_port)?'_bis':''; ?>"
-			<?php if ($force_install_noedit==2 && $force_install_port) print ' disabled'; ?>
-			value="<?php print (! empty($dolibarr_main_db_port))?$dolibarr_main_db_port:$force_install_port; ?>">
-			<?php if ($force_install_noedit==2 && $force_install_port) print '<input type="hidden" name="db_port" value="'.((! empty($dolibarr_main_db_port))?$dolibarr_main_db_port:$force_install_port).'">'; ?>
+		<td valign="top" class="label">
+			<input type="text"
+			       name="db_port"
+			       id="db_port"
+			       value="<?php print (!empty($force_install_port)) ? $force_install_port : $dolibarr_main_db_port; ?>"
+				<?php if ($force_install_noedit == 2 && $force_install_port !== null) {
+					print ' disabled';
+				} ?>
+			>
 		</td>
 		<td class="comment"><?php echo $langs->trans("ServerPortDescription"); ?>
 		</td>
@@ -383,20 +373,33 @@ if (! empty($force_install_message))
 	<tr class="hidesqlite">
 		<td class="label" valign="top"><?php echo $langs->trans("DatabasePrefix"); ?>
 		</td>
-
-		<td class="label" valign="top"><input type="text" id="db_prefix"
-			name="db_prefix"
-			value="<?php echo (! empty($dolibarr_main_db_prefix))?$dolibarr_main_db_prefix:($force_install_prefix?$force_install_prefix:'llx_'); ?>"></td>
+		<td class="label" valign="top">
+			<input type="text" id="db_prefix"
+			       name="db_prefix"
+			       value="<?php echo(!empty($force_install_prefix) ? $force_install_prefix : (!empty($dolibarr_main_db_prefix) ? $dolibarr_main_db_prefix : 'llx_')); ?>"
+				<?php if ($force_install_noedit == 2 && $force_install_prefix !== null) {
+					print ' disabled';
+				} ?>
+			>
+		</td>
 		<td class="comment"><?php echo $langs->trans("DatabasePrefix"); ?></td>
 	</tr>
 
 	<tr class="hidesqlite">
 		<td class="label" valign="top"><?php echo $langs->trans("CreateDatabase"); ?>
 		</td>
-
-		<td class="label" valign="top"><input type="checkbox"
-			id="db_create_database" name="db_create_database"
-			<?php if ($force_install_createdatabase) print ' checked'; ?>></td>
+		<td class="label" valign="top">
+			<input type="checkbox"
+			       id="db_create_database"
+			       name="db_create_database"
+				<?php if ($force_install_createdatabase) {
+					print ' checked';
+				} ?>
+				<?php if ($force_install_noedit == 2 && $force_install_createdatabase !== null) {
+					print ' disabled';
+				} ?>
+			>
+		</td>
 		<td class="comment"><?php echo $langs->trans("CheckToCreateDatabase"); ?>
 		</td>
 	</tr>
@@ -404,33 +407,54 @@ if (! empty($force_install_message))
 	<tr class="hidesqlite">
 		<td class="label" valign="top"><b><?php echo $langs->trans("Login"); ?></b>
 		</td>
-		<td class="label" valign="top"><input type="text" id="db_user"
-			name="db_user"
-			value="<?php print (! empty($dolibarr_main_db_user))?$dolibarr_main_db_user:$force_install_databaselogin; ?>"></td>
+		<td class="label" valign="top">
+			<input type="text" id="db_user"
+			       name="db_user"
+			       value="<?php print (!empty($force_install_databaselogin)) ? $force_install_databaselogin : $dolibarr_main_db_user; ?>"
+				<?php if ($force_install_noedit == 2 && $force_install_databaselogin !== null) {
+					print ' disabled';
+				} ?>
+			>
+		</td>
 		<td class="comment"><?php echo $langs->trans("AdminLogin"); ?></td>
 	</tr>
 
 	<tr class="hidesqlite">
 		<td class="label" valign="top"><b><?php echo $langs->trans("Password"); ?></b>
 		</td>
-		<td class="label" valign="top"><input type="password" id="db_pass" autocomplete="off"
-			name="db_pass"
-			value="<?php
-			//$autofill=((! empty($dolibarr_main_db_pass))?$dolibarr_main_db_pass:$force_install_databasepass);
-			$autofill=((! empty($_SESSION['dol_save_pass']))?$_SESSION['dol_save_pass']:$force_install_databasepass);
-			if (! empty($dolibarr_main_prod)) $autofill='';
-			print dol_escape_htmltag($autofill);
-			?>"></td>
+		<td class="label" valign="top">
+			<input type="password" id="db_pass" autocomplete="off"
+			       name="db_pass"
+			       value="<?php
+			       // We don't want to set password. It will be extracted from the forced install file at step1.
+			       $autofill = ((!empty($_SESSION['dol_save_pass'])) ? $_SESSION['dol_save_pass'] : '');
+			       if (!empty($dolibarr_main_prod)) {
+				       $autofill = '';
+			       }
+			       print dol_escape_htmltag($autofill);
+			       ?>"
+				<?php if ($force_install_noedit == 2 && $force_install_databasepass !== null) {
+					print 'disabled';
+				} ?>
+			>
+		</td>
 		<td class="comment"><?php echo $langs->trans("AdminPassword"); ?></td>
 	</tr>
 
 	<tr class="hidesqlite">
 		<td class="label" valign="top"><?php echo $langs->trans("CreateUser"); ?>
 		</td>
-
-		<td class="label" valign="top"><input type="checkbox"
-			id="db_create_user" name="db_create_user"
-			<?php if (! empty($force_install_createuser)) print ' checked'; ?>></td>
+		<td class="label" valign="top">
+			<input type="checkbox"
+			       id="db_create_user" name="db_create_user"
+				<?php if (!empty($force_install_createuser)) {
+					print 'checked';
+				} ?>
+				<?php if ($force_install_noedit == 2 && $force_install_createuser !== null) {
+					print 'disabled';
+				} ?>
+			>
+		</td>
 		<td class="comment"><?php echo $langs->trans("CheckToCreateUser"); ?>
 		</td>
 	</tr>
@@ -438,8 +462,8 @@ if (! empty($force_install_message))
 
 	<!-- Super access -->
 	<?php
-	$force_install_databaserootlogin=preg_replace('/__SUPERUSERLOGIN__/','root',$force_install_databaserootlogin);
-	$force_install_databaserootpass=preg_replace('/__SUPERUSERPASSWORD__/','',$force_install_databaserootpass);
+	$force_install_databaserootlogin = parse_database_login($force_install_databaserootlogin);
+	$force_install_databaserootpass = parse_database_pass($force_install_databaserootpass);
 	?>
 	<tr class="hidesqlite hideroot">
 		<td colspan="3" class="label" align="center"><br>
@@ -449,9 +473,17 @@ if (! empty($force_install_message))
 
 	<tr class="hidesqlite hideroot">
 		<td class="label" valign="top"><b><?php echo $langs->trans("Login"); ?></b></td>
-		<td class="label" valign="top"><input type="text" id="db_user_root"
-			name="db_user_root" class="needroot"
-			value="<?php print (! empty($db_user_root))?$db_user_root:$force_install_databaserootlogin; ?>"></td>
+		<td class="label" valign="top">
+			<input type="text"
+			       id="db_user_root"
+			       name="db_user_root"
+			       class="needroot"
+			       value="<?php print (!empty($force_install_databaserootlogin)) ? $force_install_databaserootlogin : $db_user_root; ?>"
+				<?php if ($force_install_noedit == 2 && $force_install_databaserootlogin !== null) {
+					print 'disabled';
+				} ?>
+			>
+		</td>
 		<td class="comment"><?php echo $langs->trans("DatabaseRootLoginDescription"); ?>
 		<!--
 		<?php echo '<br>'.$langs->trans("Examples").':<br>' ?>
@@ -466,14 +498,30 @@ if (! empty($force_install_message))
 	<tr class="hidesqlite hideroot">
 		<td class="label" valign="top"><b><?php echo $langs->trans("Password"); ?></b>
 		</td>
-		<td class="label" valign="top"><input type="password" autocomplete="off"
-			id="db_pass_root" name="db_pass_root" class="needroot"
-			value="<?php
-			$autofill=((! empty($db_pass_root))?$db_pass_root:$force_install_databaserootpass);
-			if (! empty($dolibarr_main_prod)) $autofill='';	// Do not autofill password if instance is a production instance
-			if (! empty($_SERVER["SERVER_NAME"]) && ! in_array($_SERVER["SERVER_NAME"], array('127.0.0.1', 'localhost'))) $autofill='';	// Do not autofill password for remote access
-			print dol_escape_htmltag($autofill);
-			?>"></td>
+		<td class="label" valign="top">
+			<input type="password"
+			       autocomplete="off"
+			       id="db_pass_root"
+			       name="db_pass_root"
+			       class="needroot"
+			       value="<?php
+			       // We don't want to set password. It will be extracted from the forced install file at step1.
+			       $autofill = ((!empty($force_install_database_rootpass)) ? '' : $db_pass_root);
+			       if (!empty($dolibarr_main_prod)) {
+				       $autofill = '';
+			       }    // Do not autofill password if instance is a production instance
+			       if (!empty($_SERVER["SERVER_NAME"]) && !in_array($_SERVER["SERVER_NAME"],
+					       array('127.0.0.1', 'localhost'))
+			       ) {
+				       $autofill = '';
+			       }    // Do not autofill password for remote access
+			       print dol_escape_htmltag($autofill);
+			       ?>"
+				<?php if ($force_install_noedit == 2 && $force_install_databaserootpass !== null) {
+					print ' disabled';
+				} ?>
+			>
+		</td>
 		<td class="comment"><?php echo $langs->trans("KeepEmptyIfNoPassword"); ?>
 		</td>
 	</tr>
@@ -529,7 +577,7 @@ jQuery(document).ready(function() {
 	jQuery("#db_create_user").click(function() {
 		init_needroot();
 	});
-	<?php if ($force_install_noedit && empty($force_install_databasepass)) { ?>
+	<?php if ($force_install_noedit == 2 && empty($force_install_databasepass)) { ?>
 	jQuery("#db_pass").focus();
 	<?php } ?>
 });
diff --git a/htdocs/install/inc.php b/htdocs/install/inc.php
index a0d873d4f5c..8f4716d320b 100644
--- a/htdocs/install/inc.php
+++ b/htdocs/install/inc.php
@@ -1,9 +1,10 @@
 <?php
-/* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
- * Copyright (C) 2004      Sebastien DiCintio   <sdicintio@ressource-toi.org>
- * Copyright (C) 2007-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2012      Marcos García        <marcosgdf@gmail.com>
+/* Copyright (C) 2004       Rodolphe Quiedeville    <rodolphe@quiedeville.org>
+ * Copyright (C) 2004       Benoit Mortier          <benoit.mortier@opensides.be>
+ * Copyright (C) 2004       Sebastien DiCintio      <sdicintio@ressource-toi.org>
+ * Copyright (C) 2007-2012  Laurent Destailleur     <eldy@users.sourceforge.net>
+ * Copyright (C) 2012       Marcos García           <marcosgdf@gmail.com>
+ * Copyright (C) 2016       Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -489,3 +490,92 @@ function dolibarr_install_syslog($message, $level=LOG_DEBUG)
     dol_syslog($message,$level);
 }
 
+/**
+ * Automatically detect Dolibarr's main document root
+ *
+ * @return string
+ */
+function detect_dolibarr_main_document_root()
+{
+	// If PHP is in CGI mode, SCRIPT_FILENAME is PHP's path.
+	// Since that's not what we want, we suggest $_SERVER["DOCUMENT_ROOT"]
+	if (preg_match('/php$/i', $_SERVER["SCRIPT_FILENAME"]) || preg_match('/[\\/]php$/i',
+			$_SERVER["SCRIPT_FILENAME"]) || preg_match('/php\.exe$/i', $_SERVER["SCRIPT_FILENAME"])
+	) {
+		$dolibarr_main_document_root = $_SERVER["DOCUMENT_ROOT"];
+
+		if (!preg_match('/[\\/]dolibarr[\\/]htdocs$/i', $dolibarr_main_document_root)) {
+			$dolibarr_main_document_root .= "/dolibarr/htdocs";
+		}
+	} else {
+		// We assume /install to be under /htdocs, so we get the parent directory of the current directory
+		$dolibarr_main_document_root = dirname(dirname($_SERVER["SCRIPT_FILENAME"]));
+	}
+
+	return $dolibarr_main_document_root;
+}
+
+/**
+ * Automatically detect Dolibarr's main data root
+ *
+ * @param string $dolibarr_main_document_root Current main document root
+ * @return string
+ */
+function detect_dolibarr_main_data_root($dolibarr_main_document_root)
+{
+	$dolibarr_main_data_root = preg_replace("/\/htdocs$/", "", $dolibarr_main_document_root);
+	$dolibarr_main_data_root .= "/documents";
+	return $dolibarr_main_data_root;
+}
+
+/**
+ * Automatically detect Dolibarr's main URL root
+ *
+ * @return string
+ */
+function detect_dolibarr_main_url_root()
+{
+	// If defined (Ie: Apache with Linux)
+	if (isset($_SERVER["SCRIPT_URI"])) {
+		$dolibarr_main_url_root = $_SERVER["SCRIPT_URI"];
+	} // If defined (Ie: Apache with Caudium)
+	elseif (isset($_SERVER["SERVER_URL"]) && isset($_SERVER["DOCUMENT_URI"])) {
+		$dolibarr_main_url_root = $_SERVER["SERVER_URL"] . $_SERVER["DOCUMENT_URI"];
+	} // If SCRIPT_URI, SERVER_URL, DOCUMENT_URI not defined (Ie: Apache 2.0.44 for Windows)
+	else {
+		$proto = 'http';
+		if (!empty($_SERVER["HTTP_HOST"])) {
+			$serverport = $_SERVER["HTTP_HOST"];
+		} else {
+			$serverport = $_SERVER["SERVER_NAME"];
+		}
+		$dolibarr_main_url_root = $proto . "://" . $serverport . $_SERVER["SCRIPT_NAME"];
+	}
+	// Clean proposed URL
+	// We assume /install to be under /htdocs, so we get the parent path of the current URL
+	$dolibarr_main_url_root = dirname(dirname($dolibarr_main_url_root));
+
+	return $dolibarr_main_url_root;
+}
+
+/**
+ * Replaces automatic database login by actual value
+ *
+ * @param string $force_install_databaserootlogin Login
+ * @return string
+ */
+function parse_database_login($force_install_databaserootlogin)
+{
+	return preg_replace('/__SUPERUSERLOGIN__/', 'root', $force_install_databaserootlogin);
+}
+
+/**
+ * Replaces automatic database password by actual value
+ *
+ * @param string $force_install_databaserootpass Password
+ * @return string
+ */
+function parse_database_pass($force_install_databaserootpass)
+{
+	return preg_replace('/__SUPERUSERPASSWORD__/', '', $force_install_databaserootpass);
+}
diff --git a/htdocs/install/index.php b/htdocs/install/index.php
index 9b0ac71931b..82dcd87b030 100644
--- a/htdocs/install/index.php
+++ b/htdocs/install/index.php
@@ -1,6 +1,7 @@
 <?php
-/* Copyright (C) 2004-2005 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
+/* Copyright (C) 2004-2005  Rodolphe Quiedeville    <rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2010  Laurent Destailleur     <eldy@users.sourceforge.net>
+ * Copyright (C) 2016       Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -26,6 +27,8 @@ include_once 'inc.php';
 include_once '../core/class/html.form.class.php';
 include_once '../core/class/html.formadmin.class.php';
 
+global $langs;
+
 $err = 0;
 
 // If the config file exists and is filled, we're not on first install so we skip the language selection page
diff --git a/htdocs/install/install.forced.sample.php b/htdocs/install/install.forced.sample.php
new file mode 100644
index 00000000000..2d66084e076
--- /dev/null
+++ b/htdocs/install/install.forced.sample.php
@@ -0,0 +1,73 @@
+<?php
+/* Copyright (C) 2016       Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+/** @var bool Hide PHP informations */
+$force_install_nophpinfo = true;
+
+/** @var int 1 = Lock and hide environment variables, 2 = Lock all set variables */
+$force_install_noedit = 2;
+
+/** @var string Information message */
+$force_install_message = 'Welcome to your Dolibarr install';
+
+/** @var string Data root absolute path (documents folder) */
+$force_install_main_data_root = null;
+
+/** @var bool Force HTTPS */
+$force_install_mainforcehttps = true;
+
+/** @var string Database name */
+$force_install_database = 'dolibarr';
+
+/** @var string Database driver (mysql|mysqli|pgsql|mssql|sqlite|sqlite3) */
+$force_install_type = 'mysqli';
+
+/** @var string Database server host */
+$force_install_dbserver = 'localhost';
+
+/** @var int Database server port */
+$force_install_port = 3306;
+
+/** @var string Database tables prefix */
+$force_install_prefix = 'llx_';
+
+/** @var bool Force database creation */
+$force_install_createdatabase = true;
+
+/** @var string Database username */
+$force_install_databaselogin = 'root';
+
+/** @var string Database password */
+$force_install_databasepass = '';
+
+/** @var bool Force database user creation */
+$force_install_createuser = false;
+
+/** @var string Database root username */
+$force_install_databaserootlogin = 'root';
+
+/** @var string Database root password */
+$force_install_databaserootpass = '';
+
+/** @var string Dolibarr super-administrator username */
+$force_install_dolibarrlogin = 'admin';
+
+/** @var bool Force install locking */
+$force_install_lockinstall = true;
+
+/** @var string Enable module(s) (Comma separated class names list) */
+$force_install_module = 'modSociete,modFournisseur,modFacture';
diff --git a/htdocs/install/step1.php b/htdocs/install/step1.php
index a07dbc48168..d78c9dc02b9 100644
--- a/htdocs/install/step1.php
+++ b/htdocs/install/step1.php
@@ -1,10 +1,10 @@
 <?php
-/* Copyright (C) 2004-2007 Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2012 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
- * Copyright (C) 2004      Sebastien Di Cintio  <sdicintio@ressource-toi.org>
- * Copyright (C) 2005-2011 Regis Houssin        <regis.houssin@capnetworks.com>
- * Copyright (C) 2015      Raphaël Doursenaud   <rdoursenaud@gpcsolutions.fr>
+/* Copyright (C) 2004-2007  Rodolphe Quiedeville    <rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2012  Laurent Destailleur     <eldy@users.sourceforge.net>
+ * Copyright (C) 2004       Benoit Mortier          <benoit.mortier@opensides.be>
+ * Copyright (C) 2004       Sebastien Di Cintio     <sdicintio@ressource-toi.org>
+ * Copyright (C) 2005-2011  Regis Houssin           <regis.houssin@capnetworks.com>
+ * Copyright (C) 2015-2016  Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -30,6 +30,8 @@ define('DONOTLOADCONF',1);	// To avoid loading conf by file inc.php
 
 include 'inc.php';
 
+global $langs;
+
 $action=GETPOST('action','alpha');
 $setuplang=(GETPOST('selectlang','',3)?GETPOST('selectlang','',3):'auto');
 $langs->setDefaultLang($setuplang);
@@ -38,12 +40,15 @@ $langs->load("admin");
 $langs->load("install");
 $langs->load("errors");
 
-// Recuparation des information de connexion
+// Dolibarr pages directory
+$main_dir = GETPOST('main_dir');
+// Directory for generated documents (invoices, orders, ecm, etc...)
+$main_data_dir = GETPOST('main_data_dir') ? GETPOST('main_data_dir') : $main_dir . '/documents';
+// Dolibarr root URL
+$main_url = GETPOST('main_url');
+// Database login informations
 $userroot=GETPOST('db_user_root');
 $passroot=GETPOST('db_pass_root');
-// Repertoire des pages dolibarr
-$main_dir=GETPOST('main_dir');
-$main_url=GETPOST('main_url');
 // Database server
 $db_type=GETPOST('db_type','alpha');
 $db_host=GETPOST('db_host','alpha');
@@ -52,8 +57,16 @@ $db_user=GETPOST('db_user','alpha');
 $db_pass=GETPOST('db_pass');
 $db_port=GETPOST('db_port','int');
 $db_prefix=GETPOST('db_prefix','alpha');
+$db_create_database = GETPOST('db_create_database');
+$db_create_user = GETPOST('db_create_user');
+// Force https
+$main_force_https = ((GETPOST("main_force_https") && (GETPOST("main_force_https") == "on" || GETPOST("main_force_https") == 1)) ? '1' : '0');
+// Use alternative directory
+$main_use_alt_dir = ((GETPOST("main_use_alt_dir") && (GETPOST("main_use_alt_dir") == "on" || GETPOST("main_use_alt_dir") == 1)) ? '' : '//');
+// Alternative root directory name
+$main_alt_dir_name = ((GETPOST("main_alt_dir_name") && GETPOST("main_alt_dir_name") != '') ? GETPOST("main_alt_dir_name") : 'custom');
 
-session_start();	// To be able to keep info into session (used for not loosing pass during navigation. pass must not transit throug parmaeters)
+session_start(); // To be able to keep info into session (used for not loosing pass during navigation. pass must not transit throug parameters)
 
 // Save a flag to tell to restore input value if we do back
 $_SESSION['dol_save_pass']=$db_pass;
@@ -63,7 +76,58 @@ $_SESSION['dol_save_pass']=$db_pass;
 $useforcedwizard=false;
 $forcedfile="./install.forced.php";
 if ($conffile == "/etc/dolibarr/conf.php") $forcedfile="/etc/dolibarr/install.forced.php";
-if (@file_exists($forcedfile)) { $useforcedwizard=true; include_once $forcedfile; }
+if (@file_exists($forcedfile)) {
+	$useforcedwizard = true;
+	include_once $forcedfile;
+	// If forced install is enabled, let's replace post values. These are empty because form fields are disabled.
+	if ($force_install_noedit) {
+		$main_dir = detect_dolibarr_main_document_root();
+		if (!empty($force_install_main_data_root)) {
+			$main_data_dir = $force_install_main_data_root;
+		} else {
+			$main_data_dir = detect_dolibarr_main_data_root($main_dir);
+		}
+		$main_url = detect_dolibarr_main_url_root();
+		if (!empty($force_install_databaserootlogin)) {
+			$userroot = parse_database_login($force_install_databaserootlogin);
+		}
+		if (!empty($force_install_databaserootpass)) {
+			$passroot = parse_database_pass($force_install_databaserootpass);
+		}
+	}
+	if ($force_install_noedit == 2) {
+		if (!empty($force_install_type)) {
+			$db_type = $force_install_type;
+		}
+		if (!empty($force_install_dbserver)) {
+			$db_host = $force_install_dbserver;
+		}
+		if (!empty($force_install_database)) {
+			$db_name = $force_install_database;
+		}
+		if (!empty($force_install_databaselogin)) {
+			$db_user = $force_install_databaselogin;
+		}
+		if (!empty($force_install_databasepass)) {
+			$db_pass = $force_install_databasepass;
+		}
+		if (!empty($force_install_port)) {
+			$db_port = $force_install_port;
+		}
+		if (!empty($force_install_prefix)) {
+			$db_prefix = $force_install_prefix;
+		}
+		if (!empty($force_install_createdatabase)) {
+			$db_create_database = $force_install_createdatabase;
+		}
+		if (!empty($force_install_createuser)) {
+			$db_create_user = $force_install_createuser;
+		}
+		if (!empty($force_install_mainforcehttps)) {
+			$main_force_https = $force_install_mainforcehttps;
+		}
+	}
+}
 
 dolibarr_install_syslog("--- step1: entering step1.php page");
 
@@ -134,28 +198,20 @@ if (! empty($main_url) && substr($main_url, dol_strlen($main_url) -1) == "/")
     $main_url = substr($main_url, 0, dol_strlen($main_url)-1);
 }
 
-// Directory for generated documents (invoices, orders, ecm, etc...)
-$main_data_dir=isset($_POST["main_data_dir"])?$_POST["main_data_dir"]:'';
-if (! $main_data_dir) { $main_data_dir="$main_dir/documents"; }
-
-
-// Test database connexion
-if (! $error)
-{
+// Test database connection
+if (! $error) {
     $result=@include_once $main_dir."/core/db/".$db_type.'.class.php';
     if ($result)
     {
         // If we ask database or user creation we need to connect as root, so we need root login
-        if (! empty($_POST["db_create_database"]) && ! $userroot)
-        {
+        if (!empty($db_create_database) && !$userroot) {
             print '<div class="error">'.$langs->trans("YouAskDatabaseCreationSoDolibarrNeedToConnect",$db_name).'</div>';
             print '<br>';
             print $langs->trans("BecauseConnectionFailedParametersMayBeWrong").'<br><br>';
             print $langs->trans("ErrorGoBackAndCorrectParameters");
             $error++;
         }
-        if (! empty($_POST["db_create_user"]) && ! $userroot)
-        {
+        if (!empty($db_create_user) && !$userroot) {
             print '<div class="error">'.$langs->trans("YouAskLoginCreationSoDolibarrNeedToConnect",$db_user).'</div>';
             print '<br>';
             print $langs->trans("BecauseConnectionFailedParametersMayBeWrong").'<br><br>';
@@ -164,11 +220,9 @@ if (! $error)
         }
 
         // If we need root access
-        if (! $error && (! empty($_POST["db_create_database"]) || ! empty($_POST["db_create_user"])))
-        {
+        if (!$error && (!empty($db_create_database) || !empty($db_create_user))) {
             $databasefortest=$db_name;
-            if (! empty($_POST["db_create_database"]))
-            {
+            if (!empty($db_create_database)) {
                 if ($db_type == 'mysql' || $db_type == 'mysqli')
                 {
                     $databasefortest='mysql';
@@ -189,16 +243,13 @@ if (! $error)
             dol_syslog("databasefortest=" . $databasefortest . " connected=" . $db->connected . " database_selected=" . $db->database_selected, LOG_DEBUG);
             //print "databasefortest=".$databasefortest." connected=".$db->connected." database_selected=".$db->database_selected;
 
-            if (empty($_POST["db_create_database"]) && $db->connected && ! $db->database_selected)
-            {
+            if (empty($db_create_database) && $db->connected && !$db->database_selected) {
                 print '<div class="error">'.$langs->trans("ErrorConnectedButDatabaseNotFound",$db_name).'</div>';
                 print '<br>';
                 if (! $db->connected) print $langs->trans("IfDatabaseNotExistsGoBackAndUncheckCreate").'<br><br>';
                 print $langs->trans("ErrorGoBackAndCorrectParameters");
                 $error++;
-            }
-            elseif ($db->error && ! (! empty($_POST["db_create_database"]) && $db->connected))
-            {
+            } elseif ($db->error && (empty($db_create_database) && $db->connected)) {
             	// Note: you may experience error here with message "No such file or directory" when mysql was installed for the first time but not yet launched.
                 if ($db->error == "No such file or directory") print '<div class="error">'.$langs->trans("ErrorToConnectToMysqlCheckInstance").'</div>';
                 else print '<div class="error">'.$db->error.'</div>';
@@ -210,8 +261,7 @@ if (! $error)
             }
         }
         // If we need simple access
-        if (! $error && (empty($_POST["db_create_database"]) && empty($_POST["db_create_user"])))
-        {
+        if (!$error && (empty($db_create_database) && empty($db_create_user))) {
             $db=getDoliDBInstance($db_type, $db_host, $db_user, $db_pass, $db_name, $db_port);
 
             if ($db->error)
@@ -246,8 +296,7 @@ else
 
 if (! $error && $db->connected)
 {
-    if (! empty($_POST["db_create_database"]))
-    {
+    if (! empty($db_create_database)) {
         $result=$db->select_db($db_name);
         if ($result)
         {
@@ -262,8 +311,7 @@ if (! $error && $db->connected)
 // Define $defaultCharacterSet and $defaultDBSortingCollation
 if (! $error && $db->connected)
 {
-    if (! empty($_POST["db_create_database"]))	// If we create database, we force default value
-    {
+    if (!empty($db_create_database)) { // If we create database, we force default value
     	$defaultCharacterSet=$db->forcecharset;
     	$defaultDBSortingCollation=$db->forcecollate;
     }
@@ -430,15 +478,6 @@ if (! $error && $db->connected && $action == "set")
     // Table prefix
     $main_db_prefix = (! empty($db_prefix) ? $db_prefix : 'llx_');
 
-    // Force https
-    $main_force_https = ((GETPOST("main_force_https") && (GETPOST("main_force_https") == "on" || GETPOST("main_force_https") == '1')) ? '1' : '0');
-
-    // Use alternative directory
-    $main_use_alt_dir = ((GETPOST("main_use_alt_dir") && (GETPOST("main_use_alt_dir") == "off" || GETPOST("main_use_alt_dir") == '0')) ? '//' : '');
-
-    // Alternative root directory name
-    $main_alt_dir_name = ((GETPOST("main_alt_dir_name") && GETPOST("main_alt_dir_name") != '') ? GETPOST("main_alt_dir_name") : 'custom');
-
     // Write conf file on disk
     if (! $error)
     {
@@ -469,14 +508,8 @@ if (! $error && $db->connected && $action == "set")
         print '</td>';
         print '<td><img src="../theme/eldy/img/tick.png" alt="Ok"></td></tr>';
 
-
-        $userroot=isset($_POST["db_user_root"])?$_POST["db_user_root"]:"";
-        $passroot=isset($_POST["db_pass_root"])?$_POST["db_pass_root"]:"";
-
-
         // Si creation utilisateur admin demandee, on le cree
-        if (isset($_POST["db_create_user"]) && $_POST["db_create_user"] == "on")
-        {
+        if (isset($db_create_user) && $db_create_user == "on") {
             dolibarr_install_syslog("step1: create database user: " . $dolibarr_main_db_user);
 
             //print $conf->db->host." , ".$conf->db->name." , ".$conf->db->user." , ".$conf->db->port;
@@ -569,8 +602,7 @@ if (! $error && $db->connected && $action == "set")
 
 
         // If database creation is asked, we create it
-        if (! $error && (isset($_POST["db_create_database"]) && $_POST["db_create_database"] == "on"))
-        {
+        if (!$error && (isset($db_create_database) && $db_create_database == "on")) {
             dolibarr_install_syslog("step1: create database: " . $dolibarr_main_db_name . " " . $dolibarr_main_db_character_set . " " . $dolibarr_main_db_collation . " " . $dolibarr_main_db_user);
         	$newdb=getDoliDBInstance($conf->db->type,$conf->db->host,$userroot,$passroot,'',$conf->db->port);
             //print 'eee'.$conf->db->type." ".$conf->db->host." ".$userroot." ".$passroot." ".$conf->db->port." ".$newdb->connected." ".$newdb->forcecharset;exit;
@@ -873,7 +905,7 @@ function write_conf_file($conffile)
 
         fputs($fp, '$dolibarr_main_restrict_os_commands=\'mysqldump, mysql, pg_dump, pgrestore\';');
 		fputs($fp,"\n");
-		
+
         fputs($fp, '$dolibarr_nocsrfcheck=\'0\';');
         fputs($fp,"\n");
 
diff --git a/htdocs/install/step2.php b/htdocs/install/step2.php
index bb7e37c7e47..aa492e58649 100644
--- a/htdocs/install/step2.php
+++ b/htdocs/install/step2.php
@@ -1,8 +1,8 @@
 <?php
-/* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2010 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2015      Cedric GROSS         <c.gross@kreiz-it.fr>
- * Copyright (C) 2015      Raphaël Doursenaud   <rdoursenaud@gpcsolutions.fr>
+/* Copyright (C) 2004       Rodolphe Quiedeville    <rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2010  Laurent Destailleur     <eldy@users.sourceforge.net>
+ * Copyright (C) 2015       Cedric GROSS            <c.gross@kreiz-it.fr>
+ * Copyright (C) 2015-2016  Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -28,6 +28,8 @@ include 'inc.php';
 require_once $dolibarr_main_document_root.'/core/class/conf.class.php';
 require_once $dolibarr_main_document_root.'/core/lib/admin.lib.php';
 
+global $langs;
+
 $step = 2;
 $ok = 0;
 
@@ -61,7 +63,10 @@ if ($dolibarr_main_db_type == "sqlite3")  $choix=5;
 $useforcedwizard=false;
 $forcedfile="./install.forced.php";
 if ($conffile == "/etc/dolibarr/conf.php") $forcedfile="/etc/dolibarr/install.forced.php";
-if (@file_exists($forcedfile)) { $useforcedwizard=true; include_once $forcedfile; }
+if (@file_exists($forcedfile)) {
+	$useforcedwizard = true;
+	include_once $forcedfile;
+}
 
 dolibarr_install_syslog("--- step2: entering step2.php page");
 
diff --git a/htdocs/install/step4.php b/htdocs/install/step4.php
index 5952080f475..0f9ce2e4590 100644
--- a/htdocs/install/step4.php
+++ b/htdocs/install/step4.php
@@ -1,9 +1,9 @@
 <?php
-/* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004      Benoit Mortier       <benoit.mortier@opensides.be>
- * Copyright (C) 2004      Sebastien DiCintio   <sdicintio@ressource-toi.org>
- * Copyright (C) 2004-2008 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2015      Raphaël Doursenaud   <rdoursenaud@gpcsolutions.fr>
+/* Copyright (C) 2004       Rodolphe Quiedeville    <rodolphe@quiedeville.org>
+ * Copyright (C) 2004       Benoit Mortier          <benoit.mortier@opensides.be>
+ * Copyright (C) 2004       Sebastien DiCintio      <sdicintio@ressource-toi.org>
+ * Copyright (C) 2004-2008  Laurent Destailleur     <eldy@users.sourceforge.net>
+ * Copyright (C) 2015-2016  Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -30,6 +30,7 @@ include_once 'inc.php';
 require_once $dolibarr_main_document_root.'/core/class/conf.class.php';
 require_once $dolibarr_main_document_root.'/core/lib/admin.lib.php';
 
+global $langs;
 
 $setuplang=(GETPOST('selectlang','',3)?GETPOST('selectlang','',3):'auto');
 $langs->setDefaultLang($setuplang);
@@ -41,7 +42,10 @@ $langs->load("install");
 $useforcedwizard=false;
 $forcedfile="./install.forced.php";
 if ($conffile == "/etc/dolibarr/conf.php") $forcedfile="/etc/dolibarr/install.forced.php";
-if (@file_exists($forcedfile)) { $useforcedwizard=true; include_once $forcedfile; }
+if (@file_exists($forcedfile)) {
+	$useforcedwizard = true;
+	include_once $forcedfile;
+}
 
 dolibarr_install_syslog("--- step4: entering step4.php page");
 
@@ -75,7 +79,7 @@ $db=getDoliDBInstance($conf->db->type,$conf->db->host,$conf->db->user,$conf->db-
 if ($db->ok)
 {
     print '<tr><td>'.$langs->trans("DolibarrAdminLogin").' :</td><td>';
-    print '<input name="login" type="text" value="'.(! empty($_GET["login"])?$_GET["login"]:(isset($force_install_dolibarrlogin)?$force_install_dolibarrlogin:'')).'"></td></tr>';
+	print '<input name="login" type="text" value="' . (!empty($_GET["login"]) ? $_GET["login"] : (isset($force_install_dolibarrlogin) ? $force_install_dolibarrlogin : '')) . '"' . ($force_install_noedit == 2 && $force_install_dolibarrlogin !== null ? ' disabled' : '') . '></td></tr>';
     print '<tr><td>'.$langs->trans("Password").' :</td><td>';
     print '<input type="password" name="pass"></td></tr>';
     print '<tr><td>'.$langs->trans("PasswordAgain").' :</td><td>';
diff --git a/htdocs/install/step5.php b/htdocs/install/step5.php
index 9182c7cd9c2..4b45dfae3e3 100644
--- a/htdocs/install/step5.php
+++ b/htdocs/install/step5.php
@@ -4,7 +4,7 @@
  * Copyright (C) 2004       Benoit Mortier          <benoit.mortier@opensides.be>
  * Copyright (C) 2004       Sebastien DiCintio      <sdicintio@ressource-toi.org>
  * Copyright (C) 2005-2012  Regis Houssin           <regis.houssin@capnetworks.com>
- * Copyright (C) 2015       Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
+ * Copyright (C) 2015-2016  Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -31,6 +31,7 @@ if (file_exists($conffile)) include_once $conffile;
 require_once $dolibarr_main_document_root . '/core/lib/admin.lib.php';
 require_once $dolibarr_main_document_root . '/core/lib/security.lib.php'; // for dol_hash
 
+global $langs;
 
 $setuplang=GETPOST("selectlang",'',3)?GETPOST("selectlang",'',3):'auto';
 $langs->setDefaultLang($setuplang);
@@ -50,24 +51,25 @@ if (! empty($action) && preg_match('/upgrade/i', $action))	// If it's an old upg
 $langs->load("admin");
 $langs->load("install");
 
+$login = GETPOST('login', 'alpha');
+$pass = GETPOST('pass', 'alpha');
+$pass_verif = GETPOST('pass_verif', 'alpha');
+
 $success=0;
 
-// Init "forced values" to nothing. "forced values" are used after using an install wizard (using a file install.forced.php).
-if (! isset($force_install_type))              $force_install_type='';
-if (! isset($force_install_dbserver))          $force_install_dbserver='';
-if (! isset($force_install_port))              $force_install_port='';
-if (! isset($force_install_database))          $force_install_database='';
-if (! isset($force_install_createdatabase))    $force_install_createdatabase='';
-if (! isset($force_install_databaselogin))     $force_install_databaselogin='';
-if (! isset($force_install_databasepass))      $force_install_databasepass='';
-if (! isset($force_install_databaserootlogin)) $force_install_databaserootlogin='';
-if (! isset($force_install_databaserootpass))  $force_install_databaserootpass='';
-if (! isset($force_install_lockinstall))       $force_install_lockinstall='';
-// Now we load forced value from install.forced.php file.
 $useforcedwizard=false;
 $forcedfile="./install.forced.php";
 if ($conffile == "/etc/dolibarr/conf.php") $forcedfile="/etc/dolibarr/install.forced.php";
-if (@file_exists($forcedfile)) { $useforcedwizard=true; include_once $forcedfile; }
+if (@file_exists($forcedfile)) {
+	$useforcedwizard = true;
+	include_once $forcedfile;
+	// If forced install is enabled, let's replace post values. These are empty because form fields are disabled.
+	if ($force_install_noedit == 2) {
+		if (!empty($force_install_dolibarrlogin)) {
+			$login = $force_install_dolibarrlogin;
+		}
+	}
+}
 
 dolibarr_install_syslog("--- step5: entering step5.php page");
 
@@ -77,25 +79,21 @@ dolibarr_install_syslog("--- step5: entering step5.php page");
  */
 
 // If install, check pass and pass_verif used to create admin account
-if ($action == "set")
-{
-    if ($_POST["pass"] <> $_POST["pass_verif"])
-    {
-        header("Location: step4.php?error=1&selectlang=$setuplang".(isset($_POST["login"])?'&login='.$_POST["login"]:''));
-        exit;
-    }
+if ($action == "set") {
+	if ($pass <> $pass_verif) {
+		header("Location: step4.php?error=1&selectlang=$setuplang" . (isset($login) ? '&login=' . $login : ''));
+		exit;
+	}
 
-    if (dol_strlen(trim($_POST["pass"])) == 0)
-    {
-        header("Location: step4.php?error=2&selectlang=$setuplang".(isset($_POST["login"])?'&login='.$_POST["login"]:''));
-        exit;
-    }
+	if (dol_strlen(trim($pass)) == 0) {
+		header("Location: step4.php?error=2&selectlang=$setuplang" . (isset($login) ? '&login=' . $login : ''));
+		exit;
+	}
 
-    if (dol_strlen(trim($_POST["login"])) == 0)
-    {
-        header("Location: step4.php?error=3&selectlang=$setuplang".(isset($_POST["login"])?'&login='.$_POST["login"]:''));
-        exit;
-    }
+	if (dol_strlen(trim($login)) == 0) {
+		header("Location: step4.php?error=3&selectlang=$setuplang" . (isset($login) ? '&login=' . $login : ''));
+		exit;
+	}
 }
 
 
@@ -187,8 +185,8 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i',$action))
             $newuser = new User($db);
             $newuser->lastname='SuperAdmin';
             $newuser->firstname='';
-            $newuser->login=$_POST["login"];
-            $newuser->pass=$_POST["pass"];
+            $newuser->login = $login;
+            $newuser->pass = $pass;
             $newuser->admin=1;
             $newuser->entity=0;
 
@@ -196,7 +194,7 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i',$action))
             $result=$newuser->create($createuser,1);
             if ($result > 0)
             {
-                print $langs->trans("AdminLoginCreatedSuccessfuly",$_POST["login"])."<br>";
+                print $langs->trans("AdminLoginCreatedSuccessfuly", $login) . "<br>";
                 $success = 1;
             }
             else
@@ -204,7 +202,7 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i',$action))
                 if ($newuser->error == 'ErrorLoginAlreadyExists')
                 {
                     dolibarr_install_syslog('step5: AdminLoginAlreadyExists', LOG_WARNING);
-                    print '<br><div class="warning">'.$langs->trans("AdminLoginAlreadyExists",$_POST["login"])."</div><br>";
+                    print '<br><div class="warning">' . $langs->trans("AdminLoginAlreadyExists", $login) . "</div><br>";
                     $success = 1;
                 }
                 else
@@ -320,8 +318,7 @@ if ($action == "set" || empty($action) || preg_match('/upgrade/i',$action))
 // Create lock file
 
 // If first install
-if ($action == "set")
-{
+if ($action == "set" && $success) {
     if (empty($conf->global->MAIN_VERSION_LAST_UPGRADE) || ($conf->global->MAIN_VERSION_LAST_UPGRADE == DOL_VERSION))
     {
         // Install is finished
@@ -352,7 +349,7 @@ if ($action == "set")
 
         print $langs->trans("YouNeedToPersonalizeSetup")."<br><br>";
 
-        print '<div class="center"><a href="../admin/index.php?mainmenu=home&leftmenu=setup'.(isset($_POST["login"])?'&username='.urlencode($_POST["login"]):'').'">';
+        print '<div class="center"><a href="../admin/index.php?mainmenu=home&leftmenu=setup' . (isset($login) ? '&username=' . urlencode($login) : '') . '">';
         print $langs->trans("GoToSetupArea");
         print '</a></div>';
     }
@@ -400,7 +397,7 @@ elseif (empty($action) || preg_match('/upgrade/i',$action))
 
         print "<br>";
 
-        print '<div class="center"><a href="../index.php?mainmenu=home'.(isset($_POST["login"])?'&username='.urlencode($_POST["login"]):'').'">';
+        print '<div class="center"><a href="../index.php?mainmenu=home' . (isset($login) ? '&username=' . urlencode($login) : '') . '">';
         print $langs->trans("GoToDolibarr");
         print '</a></div>';
     }
diff --git a/htdocs/install/upgrade.php b/htdocs/install/upgrade.php
index 2a07c55d051..b7e041e54fa 100644
--- a/htdocs/install/upgrade.php
+++ b/htdocs/install/upgrade.php
@@ -1,8 +1,8 @@
 <?php
-/* Copyright (C) 2004      Rodolphe Quiedeville <rodolphe@quiedeville.org>
- * Copyright (C) 2004-2016 Laurent Destailleur  <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2010 Regis Houssin        <regis.houssin@capnetworks.com>
- * Copyright (C) 2015      Raphaël Doursenaud   <rdoursenaud@gpcsolutions.fr>
+/* Copyright (C) 2004       Rodolphe Quiedeville    <rodolphe@quiedeville.org>
+ * Copyright (C) 2004-2016  Laurent Destailleur     <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2010  Regis Houssin           <regis.houssin@capnetworks.com>
+ * Copyright (C) 2015-2016  Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -41,6 +41,8 @@ if (! file_exists($conffile))
 require_once $conffile; if (! isset($dolibarr_main_db_type)) $dolibarr_main_db_type='mysql';	// For backward compatibility
 require_once $dolibarr_main_document_root.'/core/lib/admin.lib.php';
 
+global $langs;
+
 $grant_query='';
 $step = 2;
 $ok = 0;
diff --git a/htdocs/install/upgrade2.php b/htdocs/install/upgrade2.php
index d3eb23e99b6..a1d816b4e0b 100644
--- a/htdocs/install/upgrade2.php
+++ b/htdocs/install/upgrade2.php
@@ -1,9 +1,9 @@
 <?php
-/* Copyright (C) 2005      Marc Barilley / Ocebo <marc@ocebo.com>
- * Copyright (C) 2005-2012 Laurent Destailleur   <eldy@users.sourceforge.net>
- * Copyright (C) 2005-2011 Regis Houssin         <regis.houssin@capnetworks.com>
- * Copyright (C) 2010      Juanjo Menent         <jmenent@2byte.es>
- * Copyright (C) 2015      Raphaël Doursenaud    <rdoursenaud@gpcsolutions.fr>
+/* Copyright (C) 2005       Marc Barilley / Ocebo   <marc@ocebo.com>
+ * Copyright (C) 2005-2012  Laurent Destailleur     <eldy@users.sourceforge.net>
+ * Copyright (C) 2005-2011  Regis Houssin           <regis.houssin@capnetworks.com>
+ * Copyright (C) 2010       Juanjo Menent           <jmenent@2byte.es>
+ * Copyright (C) 2015-2016  Raphaël Doursenaud      <rdoursenaud@gpcsolutions.fr>
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -47,6 +47,8 @@ require_once $dolibarr_main_document_root . '/core/lib/price.lib.php';
 require_once $dolibarr_main_document_root . '/core/class/menubase.class.php';
 require_once $dolibarr_main_document_root . '/core/lib/files.lib.php';
 
+global $langs;
+
 $grant_query='';
 $step = 2;
 $error = 0;
diff --git a/htdocs/langs/en_US/install.lang b/htdocs/langs/en_US/install.lang
index f9d1d1338c6..6717792dfbc 100644
--- a/htdocs/langs/en_US/install.lang
+++ b/htdocs/langs/en_US/install.lang
@@ -85,7 +85,8 @@ WithNoSlashAtTheEnd=Without the slash "/" at the end
 DirectoryRecommendation=It is recommanded to use a directory outside of your directory of your web pages.
 LoginAlreadyExists=Already exists
 DolibarrAdminLogin=Dolibarr admin login
-AdminLoginAlreadyExists=Dolibarr administrator account '<b>%s</b>' already exists. Go back, if you want to create another one. 
+AdminLoginAlreadyExists=Dolibarr administrator account '<b>%s</b>' already exists. Go back, if you want to create another one.
+FailedToCreateAdminLogin=Failed to create Dolibarr administrator account.
 WarningRemoveInstallDir=Warning, for security reasons, once the install or upgrade is complete, to avoid using install tools again, you should add a file called <b>install.lock</b> into Dolibarr document directory, in order to avoid malicious use of it.
 FunctionNotAvailableInThisPHP=Not available on this PHP
 ChoosedMigrateScript=Choose migration script