| [ Index ] |
|
Code source de b2evolution 2.1.0-beta |
1 <?php 2 /** 3 * This file implements the UI controller for System configuration and analysis. 4 * 5 * This file is part of the evoCore framework - {@link http://evocore.net/} 6 * See also {@link http://sourceforge.net/projects/evocms/}. 7 * 8 * @copyright (c)2003-2007 by Francois PLANQUE - {@link http://fplanque.net/} 9 * Parts of this file are copyright (c)2006 by Daniel HAHLER - {@link http://daniel.hahler.de/}. 10 * 11 * {@internal License choice 12 * - If you have received this file as part of a package, please find the license.txt file in 13 * the same folder or the closest folder above for complete license terms. 14 * - If you have received this file individually (e-g: from http://evocms.cvs.sourceforge.net/) 15 * then you must choose one of the following licenses before using the file: 16 * - GNU General Public License 2 (GPL) - http://www.opensource.org/licenses/gpl-license.php 17 * - Mozilla Public License 1.1 (MPL) - http://www.opensource.org/licenses/mozilla1.1.php 18 * }} 19 * 20 * {@internal Open Source relicensing agreement: 21 * Daniel HAHLER grants Francois PLANQUE the right to license 22 * Daniel HAHLER's contributions to this file and the b2evolution project 23 * under any OSI approved OSS license (http://www.opensource.org/licenses/). 24 * }} 25 * 26 * @package admin 27 * 28 * {@internal Below is a list of authors who have contributed to design/coding of this file: }} 29 * @author fplanque: Francois PLANQUE. 30 * @author blueyed 31 * 32 * @version $Id: system.ctrl.php,v 1.4 2007/10/06 21:31:51 fplanque Exp $ 33 */ 34 if( !defined('EVO_MAIN_INIT') ) die( 'Please, do not access this page directly.' ); 35 36 37 // Check minimum permission: 38 $current_User->check_perm( 'options', 'view', true ); 39 40 $AdminUI->set_path( 'tools', 'system' ); 41 42 // Display <html><head>...</head> section! (Note: should be done early if actions do not redirect) 43 $AdminUI->disp_html_head(); 44 45 // Display title, menu, messages, etc. (Note: messages MUST be displayed AFTER the actions) 46 $AdminUI->disp_body_top(); 47 48 // Begin payload block: 49 $AdminUI->disp_payload_begin(); 50 51 function init_system_check( $name, $value ) 52 { 53 global $syscheck_name, $syscheck_value; 54 $syscheck_name = $name; 55 $syscheck_value = $value; 56 } 57 58 function disp_system_check( $condition, $message = '' ) 59 { 60 global $syscheck_name, $syscheck_value; 61 echo '<div class="system_check">'; 62 echo '<div class="system_check_name">'; 63 echo $syscheck_name; 64 echo '</div>'; 65 echo '<div class="system_check_value_'.$condition.'">'; 66 echo $syscheck_value; 67 echo ' </div>'; 68 if( !empty( $message ) ) 69 { 70 echo '<div class="system_check_message_'.$condition.'">'; 71 echo $message; 72 echo '</div>'; 73 } 74 echo '</div>'; 75 } 76 77 $facilitate_exploits = '<p>'.T_('When enabled, this feature is known to facilitate hacking exploits in any PHP application.')."</p>\n<p>" 78 .T_('b2evolution includes additional measures in order not to be affected by this. 79 However, for maximum security, we still recommend disabling this PHP feature.')."</p>\n"; 80 $change_ini = '<p>'.T_('If possible, change this setting to <code>%s</code> in your php.ini or ask your hosting provider about it.').'</p>'; 81 82 83 echo '<h2>'.T_('About this system').'</h2>'; 84 85 $block_item_Widget = & new Widget( 'block_item' ); 86 87 88 $block_item_Widget->title = 'b2evolution'; 89 $block_item_Widget->disp_template_replaced( 'block_start' ); 90 91 /** 92 * b2evo version 93 */ 94 $app_timestamp = mysql2timestamp( $app_date ); 95 init_system_check( 'b2evolution version', $app_version.' released on '.date_i18n( locale_datefmt(), $app_timestamp ) ); 96 $app_age = ($localtimenow - $app_timestamp) / 3600 / 24 / 30; // approx age in months 97 if( $app_age > 12 ) 98 { 99 disp_system_check( 'error', sprintf( T_('This version is old. You should check for newer releases on <a %s>b2evolution.net</a>.'), 100 ' href="http://b2evolution.net/downloads/"' ) ); 101 } 102 elseif( $app_age > 6 ) 103 { 104 disp_system_check( 'warning', sprintf( T_('This version is aging. You may want to check for newer releases on <a %s>b2evolution.net</a>.'), 105 ' href="http://b2evolution.net/downloads/"' ) ); 106 } 107 else 108 { 109 disp_system_check( 'ok' ); 110 } 111 112 113 /* 114 * /install/ folder 115 */ 116 $install_removed = ! is_dir( $basepath.$install_subdir ); 117 init_system_check( 'Install folder', $install_removed ? T_('Deleted') : T_('Not deleted') ); 118 if( ! $install_removed ) 119 { 120 disp_system_check( 'warning', T_('For maximum security, it is recommended that you delete your /blogs/install/ folder once you are done with install or upgrade.') ); 121 122 init_system_check( 'Database reset', $allow_evodb_reset ? T_('Allowed!') : T_('Forbidden') ); 123 if( $allow_evodb_reset ) 124 { 125 disp_system_check( 'error', '<p>'.T_('Currently, anyone who accesses your install folder could entirely reset your b2evolution database.')."</p>\n" 126 .'<p>'.T_('ALL YOUR DATA WOULD BE LOST!')."</p>\n" 127 .'<p>'.T_('As soon as possible, change the setting <code>$allow_evodb_reset = 0;</code> in your /conf/_basic.config.php.').'</p>' ); 128 } 129 else 130 { 131 disp_system_check( 'ok' ); 132 } 133 } 134 else 135 { 136 disp_system_check( 'ok' ); 137 } 138 139 $block_item_Widget->disp_template_raw( 'block_end' ); 140 141 142 /** 143 * Time 144 */ 145 $block_item_Widget->title = T_('Time'); 146 $block_item_Widget->disp_template_replaced( 'block_start' ); 147 148 init_system_check( 'Server time', date_i18n( locale_datetimefmt( ' - ' ), $servertimenow ) ); 149 disp_system_check( 'note' ); 150 151 init_system_check( 'GMT / UTC time', gmdate( locale_datetimefmt( ' - ' ), $servertimenow ) ); 152 disp_system_check( 'note' ); 153 154 init_system_check( 'b2evolution time', date_i18n( locale_datetimefmt( ' - ' ), $localtimenow ) ); 155 disp_system_check( 'note' ); 156 157 $block_item_Widget->disp_template_raw( 'block_end' ); 158 159 160 161 $block_item_Widget->title = T_('MySQL'); 162 $block_item_Widget->disp_template_replaced( 'block_start' ); 163 164 /* 165 * MySQL Version 166 */ 167 $mysql_version = $DB->get_version(); 168 init_system_check( 'MySQL version', $DB->version_long ); 169 if( version_compare( $mysql_version, '4.0' ) < 0 ) 170 { 171 disp_system_check( 'warning', T_('This version is not guaranteed to work.') ); 172 } 173 else 174 { 175 disp_system_check( 'ok' ); 176 } 177 178 179 /* 180 * MySQL "SET NAMES" 181 */ 182 $save_show_errors = $DB->show_errors; 183 $save_halt_on_error = $DB->halt_on_error; 184 // Blatantly ignore any error generated by SET NAMES... 185 $DB->show_errors = false; 186 $DB->halt_on_error = false; 187 $last_error = $DB->last_error; 188 $error = $DB->error; 189 if( $DB->query( 'SET NAMES utf8' ) === false ) 190 { 191 $ok = false; 192 } 193 else 194 { 195 $ok = true; 196 } 197 $DB->show_errors = $save_show_errors; 198 $DB->halt_on_error = $save_halt_on_error; 199 $DB->last_error = $last_error; 200 $DB->error = $error; 201 $DB->halt_on_error = false; 202 init_system_check( 'MySQL UTF-8 support', $ok ? T_('Yes') : T_('No') ); 203 if( ! $ok ) 204 { 205 disp_system_check( 'warning', T_('UTF-8 is not supported by your MySQL server.') ); // fp> TODO: explain why this is bad. Better yet: try to detect if we really need it, base don other conf variables. 206 } 207 else 208 { 209 disp_system_check( 'ok' ); 210 } 211 212 $block_item_Widget->disp_template_raw( 'block_end' ); 213 214 215 216 $block_item_Widget->title = T_('PHP'); 217 $block_item_Widget->disp_template_replaced( 'block_start' ); 218 219 /* 220 * PHP version 221 */ 222 init_system_check( 'PHP version', PHP_VERSION ); 223 if( version_compare( PHP_VERSION, '4.1', '<' ) ) 224 { 225 disp_system_check( 'error', T_('This version is too old. b2evolution will not run correctly. You must ask your host to upgrade PHP before you can run b2evolution.') ); 226 } 227 elseif( version_compare( PHP_VERSION, '4.3', '<' ) ) 228 { 229 disp_system_check( 'warning', T_('This version is old. b2evolution may run but some features may fail. You should ask your host to upgrade PHP before running b2evolution.') ); 230 } 231 else 232 { 233 disp_system_check( 'ok' ); 234 } 235 236 237 /* 238 * register_globals 239 */ 240 init_system_check( 'PHP register_globals', ini_get('register_globals') ? T_('On') : T_('Off') ); 241 if( ini_get('register_globals' ) ) 242 { 243 disp_system_check( 'warning', $facilitate_exploits.' '.sprintf( $change_ini, 'register_globals = Off' ) ); 244 } 245 else 246 { 247 disp_system_check( 'ok' ); 248 } 249 250 251 if( version_compare(PHP_VERSION, '5.2', '>=') ) 252 { 253 /* 254 * allow_url_include (since 5.2, supercedes allow_url_fopen for require()/include() 255 */ 256 init_system_check( 'PHP allow_url_include', ini_get('allow_url_include') ? T_('On') : T_('Off') ); 257 if( ini_get('allow_url_include' ) ) 258 { 259 disp_system_check( 'warning', $facilitate_exploits.' '.sprintf( $change_ini, 'allow_url_include = Off' ) ); 260 } 261 else 262 { 263 disp_system_check( 'ok' ); 264 } 265 } 266 267 268 /* 269 * allow_url_fopen 270 * Note: this allows including of remote files (PHP 4 only) as well as opening remote files with fopen() (all versions of PHP) 271 * Both have potential for exploits. (The first is easier to exploit than the second). 272 * dh> Should we check for curl etc then also and warn the user until there's no method for us anymore to open remote files? 273 * fp> Yes 274 */ 275 init_system_check( 'PHP allow_url_fopen', ini_get('allow_url_fopen') ? T_('On') : T_('Off') ); 276 if( ini_get('allow_url_fopen' ) ) 277 { 278 disp_system_check( 'warning', $facilitate_exploits.' '.sprintf( $change_ini, 'allow_url_fopen = Off' ) ); 279 } 280 else 281 { 282 disp_system_check( 'ok' ); 283 } 284 285 286 /* 287 * Magic quotes: 288 */ 289 if( !strcasecmp( ini_get('magic_quotes_sybase'), 'on' ) ) 290 { 291 $magic_quotes = T_('On').' (magic_quotes_sybase)'; 292 $message = 'magic_quotes_sybase = Off'; 293 } 294 elseif( get_magic_quotes_gpc() ) 295 { 296 $magic_quotes = T_('On').' (magic_quotes_gpc)'; 297 $message = 'magic_quotes_gpc = Off'; 298 } 299 else 300 { 301 $magic_quotes = T_('Off'); 302 $message = ''; 303 } 304 init_system_check( 'PHP Magic Quotes', $magic_quotes ); 305 if( !empty( $message ) ) 306 { 307 disp_system_check( 'warning', T_('PHP is adding extra quotes to all inputs. This leads to unnecessary extra processing.') 308 .' '.sprintf( $change_ini, $message ) ); 309 } 310 else 311 { 312 disp_system_check( 'ok' ); 313 } 314 315 316 /* 317 * Sizes 318 */ 319 $upload_max_filesize = ini_get('upload_max_filesize'); 320 if( strpos( $upload_max_filesize, 'M' ) ) 321 { 322 $upload_max_filesize = intval($upload_max_filesize) * 1024; 323 } 324 init_system_check( 'PHP upload_max_filesize', ini_get('upload_max_filesize') ); 325 disp_system_check( 'ok' ); 326 327 328 $post_max_size = ini_get('post_max_size'); 329 if( strpos( $post_max_size, 'M' ) ) 330 { 331 $post_max_size = intval($post_max_size) * 1024; 332 } 333 init_system_check( 'PHP post_max_size', ini_get('post_max_size') ); 334 if( $post_max_size > $upload_max_filesize ) 335 { 336 disp_system_check( 'ok' ); 337 } 338 else 339 { 340 disp_system_check( 'error', T_('post_max_size should be larger than upload_max_filesize') ); 341 } 342 343 344 $memory_limit = ini_get('memory_limit'); 345 if( empty($memory_limit) ) 346 { 347 init_system_check( 'PHP memory_limit', T_('n.a.') ); 348 disp_system_check( 'note' ); 349 } 350 else 351 { 352 if( strpos( $memory_limit, 'M' ) ) 353 { 354 $memory_limit = intval($memory_limit) * 1024; 355 } 356 init_system_check( 'PHP memory_limit', ini_get('memory_limit') ); 357 if( $memory_limit < 8096 ) 358 { 359 disp_system_check( 'error', T_('The memory_limit is very low. Some features of b2evolution will fail to work;') ); 360 } 361 elseif( $memory_limit < 12288 ) 362 { 363 disp_system_check( 'warining', T_('The memory_limit is low. Some features of b2evolution may fail to work;') ); 364 } 365 else 366 { 367 disp_system_check( 'ok' ); 368 } 369 } 370 371 /* 372 * XML extension 373 */ 374 init_system_check( 'PHP XML extension', extension_loaded('xml') ? T_('Loaded') : T_('Not loaded') ); 375 if( ! extension_loaded('xml' ) ) 376 { 377 disp_system_check( 'warning', T_('The XML extension is not loaded.') ); // fp> This message only repeats the exact same info that is already displayed. Not helpful. 378 // fp>TODO: explain what we need it for. Is it a problem or not. 379 // furthermore I think xmlrpc does dynamic loading (or has it been removed?), in which case this should be tested too. 380 // dh> You mean the deprecated dl() loading? (fp>yes) We might just try this then here also before any warning. 381 } 382 else 383 { 384 disp_system_check( 'ok' ); 385 } 386 387 $block_item_Widget->disp_template_raw( 'block_end' ); 388 389 390 391 /* 392 * GD Library 393 * windows: extension=php_gd2.dll 394 * unix: ? 395 * fp> Note: I'm going to use this for thumbnails for now, but I plan to use it for other things like small stats & status graphics. 396 */ 397 $block_item_Widget->title = T_('GD Library (image handling)'); 398 $block_item_Widget->disp_template_replaced( 'block_start' ); 399 400 $gd_info = function_exists( 'gd_info' ) ? gd_info() : array( 'GD Version' => NULL ); 401 $gd_version = $gd_info['GD Version']; 402 init_system_check( 'GD Library version', isset($gd_version) ? $gd_version : T_('Not installed') ); 403 if( ! isset($gd_version) ) 404 { 405 disp_system_check( 'warning', T_('You will not be able to automatically generate thumbnails for images.') ); 406 } 407 else 408 { 409 disp_system_check( 'ok' ); 410 411 init_system_check( 'GD JPG Support', !empty($gd_info['JPG Support']) ? T_('Read/Write') : T_('No') ); 412 if( empty($gd_info['JPG Support']) ) 413 { 414 disp_system_check( 'warning', T_('You will not be able to automatically generate thumbnails for JPG images.') ); 415 } 416 else 417 { 418 disp_system_check( 'ok' ); 419 } 420 421 init_system_check( 'GD PNG Support', !empty($gd_info['JPG Support']) ? T_('Read/Write') : T_('No') ); 422 if( empty($gd_info['PNG Support']) ) 423 { 424 disp_system_check( 'warning', T_('You will not be able to automatically generate thumbnails for PNG images.') ); 425 } 426 else 427 { 428 disp_system_check( 'ok' ); 429 } 430 431 if( !empty($gd_info['GIF Create Support']) ) 432 { 433 $gif_support = T_('Read/Write'); 434 } 435 elseif( !empty($gd_info['GIF Read Support']) ) 436 { 437 $gif_support = T_('Read'); 438 } 439 else 440 { 441 $gif_support = T_('No'); 442 } 443 init_system_check( 'GD GIF Support', $gif_support ); 444 if( $gif_support == T_('No') ) 445 { 446 disp_system_check( 'warning', T_('You will not be able to automatically generate thumbnails for GIF images.') ); 447 } 448 elseif( $gif_support == T_('Read') ) 449 { 450 disp_system_check( 'warning', T_('Thumbnails for GIF images will be generated as PNG or JPG.') ); 451 } 452 else 453 { 454 disp_system_check( 'ok' ); 455 } 456 457 // pre_dump( $gd_info ); 458 } 459 $block_item_Widget->disp_template_raw( 'block_end' ); 460 461 462 463 // TODO: dh> memory_limit! 464 // TODO: dh> output_buffering (recommend off) 465 // TODO: dh> session.auto_start (recommend off) 466 // TODO: dh> How to change ini settings in .htaccess (for mod_php), link to manual 467 // fp> all good ideas :) 468 // fp> MySQL version 469 // TODO: dh> link to phpinfo()? It's included in the /install/ folder, but that is supposed to be deleted 470 // fp> we can just include it a second time as an 'action' here. 471 // TODO: dh> submit the report into a central database 472 // fp>yope, with a Globally unique identifier in order to avoid duplicates. 473 474 // pre_dump( ini_get_all() ); 475 476 477 // End payload block: 478 $AdminUI->disp_payload_end(); 479 480 // Display body bottom, debug info and close </html>: 481 $AdminUI->disp_global_footer(); 482 483 /* 484 * $Log: system.ctrl.php,v $ 485 * Revision 1.4 2007/10/06 21:31:51 fplanque 486 * minor 487 * 488 * Revision 1.3 2007/10/01 19:02:23 fplanque 489 * MySQL version check 490 * 491 * Revision 1.2 2007/09/04 15:29:16 fplanque 492 * interface cleanup 493 * 494 * Revision 1.1 2007/06/25 11:01:42 fplanque 495 * MODULES (refactored MVC) 496 * 497 * Revision 1.17 2007/05/20 01:02:32 fplanque 498 * magic quotes fix 499 * 500 * Revision 1.16 2007/04/26 00:11:15 fplanque 501 * (c) 2007 502 * 503 * Revision 1.15 2007/03/04 20:14:16 fplanque 504 * GMT date now in system checks 505 * 506 * Revision 1.14 2007/02/22 19:08:31 fplanque 507 * file/memory size checks (not fully tested) 508 * 509 * Revision 1.13 2006/12/21 21:50:32 fplanque 510 * removed rant 511 * 512 * Revision 1.11 2006/12/13 03:08:28 fplanque 513 * thumbnail implementation design demo 514 * 515 * Revision 1.10 2006/12/13 00:57:18 fplanque 516 * GD... just for fun ;) 517 * 518 * Revision 1.9 2006/12/07 23:21:00 fplanque 519 * dashboard blog switching 520 * 521 * Revision 1.8 2006/12/07 23:16:08 blueyed 522 * doc: we want no remote file opening anymore?! 523 * 524 * Revision 1.7 2006/12/06 23:38:45 fplanque 525 * doc 526 * 527 * Revision 1.6 2006/12/06 22:51:41 blueyed 528 * doc 529 * 530 * Revision 1.5 2006/12/05 15:15:56 fplanque 531 * more tests 532 * 533 * Revision 1.4 2006/12/05 12:26:39 blueyed 534 * Test for "SET NAMES utf8" 535 * 536 * Revision 1.3 2006/12/05 12:11:14 blueyed 537 * Some more checks and todos 538 * 539 * Revision 1.2 2006/12/05 11:30:26 fplanque 540 * presentation 541 * 542 * Revision 1.1 2006/12/05 10:20:18 fplanque 543 * A few basic systems checks 544 * 545 * Revision 1.15 2006/12/05 04:27:49 fplanque 546 * moved scheduler to Tools (temporary until UI redesign) 547 * 548 * Revision 1.14 2006/11/26 01:42:08 fplanque 549 * doc 550 */ 551 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Thu Nov 29 23:58:50 2007 | par Balluche grâce à PHPXref 0.7 |
|
|